Adopt charts values to helm-charts repo

Author: SzymonSAP

dist/chart/templates/manager/manager.yaml

@@ -8,6 +8,8 @@ metadata:
     control-plane: controller-manager
 spec:
   replicas:  {{ .Values.controllerManager.replicas }}
+  strategy:
+    type: {{ .Values.controllerManager.strategy.type | quote }}
   selector:
     matchLabels:
       {{- include "chart.selectorLabels" . | nindent 6 }}
@@ -28,35 +30,36 @@ spec:
       containers:
         - name: manager
           args:
-            {{- range .Values.controllerManager.container.args }}
+            {{- range .Values.controllerManager.manager.args }}
             - {{ . }}
             {{- end }}
           command:
             - /manager
-          image: {{ .Values.controllerManager.container.image.repository }}:{{ .Values.controllerManager.container.image.tag }}
-          {{- if .Values.controllerManager.container.env }}
+          image: {{ .Values.controllerManager.manager.image.repository }}:{{ .Values.controllerManager.manager.image.tag }}
+          {{- if .Values.controllerManager.manager.env }}
           env:
-            {{- range $key, $value := .Values.controllerManager.container.env }}
+            {{- range $key, $value := .Values.controllerManager.manager.env }}
             - name: {{ $key }}
               value: {{ $value }}
             {{- end }}
           {{- end }}
           livenessProbe:
-            {{- toYaml .Values.controllerManager.container.livenessProbe | nindent 12 }}
+            {{- toYaml .Values.controllerManager.manager.livenessProbe | nindent 12 }}
           readinessProbe:
-            {{- toYaml .Values.controllerManager.container.readinessProbe | nindent 12 }}
+            {{- toYaml .Values.controllerManager.manager.readinessProbe | nindent 12 }}
           {{- if .Values.webhook.enable }}
           ports:
             - containerPort: 9443
               name: webhook-server
               protocol: TCP
           {{- end }}
           resources:
-            {{- toYaml .Values.controllerManager.container.resources | nindent 12 }}
+            {{- toYaml .Values.controllerManager.manager.resources | nindent 12 }}
           securityContext:
-            {{- toYaml .Values.controllerManager.container.securityContext | nindent 12 }}
-          {{- if and .Values.certmanager.enable (or .Values.webhook.enable .Values.metrics.enable) }}
+            {{- toYaml .Values.controllerManager.manager.securityContext | nindent 12 }}
           volumeMounts:
+            - mountPath: /etc/macdb/
+              name: macdb
             {{- if and .Values.webhook.enable .Values.certmanager.enable }}
             - name: webhook-cert
               mountPath: /tmp/k8s-webhook-server/serving-certs
@@ -67,14 +70,29 @@ spec:
               mountPath: /tmp/k8s-metrics-server/metrics-certs
               readOnly: true
             {{- end }}
-          {{- end }}
+        - name: kube-rbac-proxy
+          args: {{- toYaml .Values.controllerManager.kubeRbacProxy.args | nindent 10 }}
+          env:
+          - name: KUBERNETES_CLUSTER_DOMAIN
+            value: {{ quote .Values.kubernetesClusterDomain }}
+          image: {{ .Values.controllerManager.kubeRbacProxy.image.repository }}:{{ default .Chart.AppVersion .Values.controllerManager.kubeRbacProxy.image.tag }}
+          ports:
+          - containerPort: 8443
+            name: https
+            protocol: TCP
+          resources: {{- toYaml .Values.controllerManager.kubeRbacProxy.resources | nindent
+            12 }}
+          securityContext: {{- toYaml .Values.controllerManager.kubeRbacProxy.containerSecurityContext
+            | nindent 12 }}
       securityContext:
-        {{- toYaml .Values.controllerManager.securityContext | nindent 8 }}
+        {{- toYaml .Values.controllerManager.podSecurityContext | nindent 8 }}
       serviceAccountName: {{ .Values.controllerManager.serviceAccountName }}
       hostNetwork: {{ .Values.controllerManager.hostNetwork }}
       terminationGracePeriodSeconds: {{ .Values.controllerManager.terminationGracePeriodSeconds }}
-      {{- if and .Values.certmanager.enable (or .Values.webhook.enable .Values.metrics.enable) }}
       volumes:
+        - name: macdb
+          secret:
+            secretName: macdb
         {{- if and .Values.webhook.enable .Values.certmanager.enable }}
         - name: webhook-cert
           secret:
@@ -85,4 +103,3 @@ spec:
           secret:
             secretName: metrics-server-cert
         {{- end }}
-      {{- end }}

dist/chart/values.yaml

@@ -1,7 +1,9 @@
 # [MANAGER]: Manager Deployment Configurations
 controllerManager:
   replicas: 1
-  container:
+  strategy:
+    type: Recreate
+  manager:
     image:
       repository: controller
       tag: latest
@@ -11,11 +13,11 @@ controllerManager:
       - "--health-probe-bind-address=:8081"
     resources:
       limits:
-        cpu: 500m
-        memory: 128Mi
+        cpu: 300m
+        memory: 200Mi
       requests:
-        cpu: 10m
-        memory: 64Mi
+        cpu: 300m
+        memory: 50Mi
     livenessProbe:
       initialDelaySeconds: 15
       periodSeconds: 20
@@ -33,12 +35,34 @@ controllerManager:
       capabilities:
         drop:
           - "ALL"
-  securityContext:
+  kubeRbacProxy:
+    args:
+      - --secure-listen-address=0.0.0.0:8443
+      - --upstream=http://127.0.0.1:8080/
+      - --logtostderr=true
+      - --v=0
+    containerSecurityContext:
+      allowPrivilegeEscalation: false
+      capabilities:
+        drop:
+          - ALL
+    image:
+      repository: gcr.io/kubebuilder/kube-rbac-proxy
+      tag: v0.15.0
+    resources:
+      limits:
+        cpu: 500m
+        memory: 128Mi
+      requests:
+        cpu: 5m
+        memory: 64Mi
+  podSecurityContext:
     runAsNonRoot: true
     seccompProfile:
       type: RuntimeDefault
   terminationGracePeriodSeconds: 10
   serviceAccountName: metal-operator-controller-manager
+  hostNetwork: true
 
 # [RBAC]: To enable RBAC (Permissions) configurations
 rbac: