From c5a79c98e2d378d377833fd9d39545b66ab7cd9a Mon Sep 17 00:00:00 2001 From: Padula Date: Thu, 19 Aug 2021 10:04:28 +0200 Subject: [PATCH 1/3] Upgrade helm chart --- chart/Chart.yaml | 2 +- chart/templates/deployment.yaml | 24 ++++++++++++++---------- chart/templates/ingress.yaml | 4 ++++ chart/templates/secret.yaml | 21 +++++++++++++++++++++ chart/templates/serviceaccount.yaml | 11 +++++++++++ chart/values.yaml | 21 +++++++++++++++++++-- 6 files changed, 70 insertions(+), 13 deletions(-) create mode 100644 chart/templates/secret.yaml create mode 100644 chart/templates/serviceaccount.yaml diff --git a/chart/Chart.yaml b/chart/Chart.yaml index c7853c01..49dc4175 100644 --- a/chart/Chart.yaml +++ b/chart/Chart.yaml @@ -2,4 +2,4 @@ apiVersion: v1 appVersion: "3.x" description: A Helm chart for Kafdrop name: kafdrop -version: 0.1.0 +version: 0.2.0 diff --git a/chart/templates/deployment.yaml b/chart/templates/deployment.yaml index 0826639e..6da34755 100644 --- a/chart/templates/deployment.yaml +++ b/chart/templates/deployment.yaml @@ -19,23 +19,30 @@ spec: app.kubernetes.io/name: {{ include "chart.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} annotations: + checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }} {{- if .Values.podAnnotations }} {{ toYaml .Values.podAnnotations | indent 8 }} -{{- end }} +{{- end }} spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "chart.serviceAccountName" . }} + securityContext: + {{- toYaml .Values.podSecurityContext | nindent 8 }} containers: - name: {{ .Chart.Name }} + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" imagePullPolicy: {{ .Values.image.pullPolicy }} + envFrom: + - secretRef: + name: {{ include "chart.fullname" . }} env: - name: KAFKA_BROKERCONNECT value: "{{ .Values.kafka.brokerConnect }}" - - name: KAFKA_PROPERTIES - value: "{{ .Values.kafka.properties }}" - - name: KAFKA_TRUSTSTORE - value: "{{ .Values.kafka.truststore }}" - - name: KAFKA_KEYSTORE - value: "{{ .Values.kafka.keystore }}" - name: JVM_OPTS value: "{{ .Values.jvm.opts }}" - name: JMX_PORT @@ -58,7 +65,6 @@ spec: {{- else }} value: "{{ .Values.cmdArgs }}" {{- end }} - ports: - name: http containerPort: 9000 @@ -101,5 +107,3 @@ spec: path: {{ .Values.mountProtoDesc.hostPath }} type: Directory {{- end }} - - diff --git a/chart/templates/ingress.yaml b/chart/templates/ingress.yaml index c9695f82..afd6d66d 100644 --- a/chart/templates/ingress.yaml +++ b/chart/templates/ingress.yaml @@ -1,7 +1,11 @@ {{- if .Values.ingress.enabled -}} {{- $fullName := include "chart.fullname" . -}} {{- $ingressPath := .Values.ingress.path -}} +{{- if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1beta1 +{{- else -}} apiVersion: extensions/v1beta1 +{{- end }} kind: Ingress metadata: name: {{ $fullName }} diff --git a/chart/templates/secret.yaml b/chart/templates/secret.yaml new file mode 100644 index 00000000..a03075d0 --- /dev/null +++ b/chart/templates/secret.yaml @@ -0,0 +1,21 @@ +{{- if or .Values.kafka.truststore .Values.kafka.keystore .Values.kafka.properties }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "chart.fullname" . }} + labels: + app.kubernetes.io/name: {{ include "chart.name" . }} + helm.sh/chart: {{ include "chart.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} +data: +{{- if .Values.kafka.truststore }} + KAFKA_TRUSTSTORE: {{ .Values.kafka.truststore | b64enc }} +{{- end }} +{{- if .Values.kafka.keystore }} + KAFKA_KEYSTORE: {{ .Values.kafka.keystore | b64enc }} +{{- end }} +{{- if .Values.kafka.properties }} + KAFKA_PROPERTIES: {{ .Values.kafka.properties | b64enc }} +{{- end }} +{{- end }} diff --git a/chart/templates/serviceaccount.yaml b/chart/templates/serviceaccount.yaml new file mode 100644 index 00000000..0477f27b --- /dev/null +++ b/chart/templates/serviceaccount.yaml @@ -0,0 +1,11 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "chart.serviceAccountName" . }} + labels: + app.kubernetes.io/name: {{ include "chart.name" . }} + helm.sh/chart: {{ include "chart.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} diff --git a/chart/values.yaml b/chart/values.yaml index ce23b933..64c501a4 100644 --- a/chart/values.yaml +++ b/chart/values.yaml @@ -60,6 +60,23 @@ affinity: {} podAnnotations: {} -mountProtoDesc: +mountProtoDesc: enabled: false - hostPath: \ No newline at end of file + hostPath: + +serviceAccount: + create: true + name: + +podSecurityContext: {} + # fsGroup: 2000 + +securityContext: {} + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsNonRoot: true + # runAsUser: 1000 + +imagePullSecrets: [] From 8b3a0130370c376c9105ec13092dd79f8b387cf1 Mon Sep 17 00:00:00 2001 From: Padula Date: Thu, 19 Aug 2021 10:07:45 +0200 Subject: [PATCH 2/3] Update helpers --- chart/templates/_helpers.tpl | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/chart/templates/_helpers.tpl b/chart/templates/_helpers.tpl index 48901c50..a0a5363b 100644 --- a/chart/templates/_helpers.tpl +++ b/chart/templates/_helpers.tpl @@ -30,3 +30,14 @@ Create chart name and version as used by the chart label. {{- define "chart.chart" -}} {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} {{- end -}} + +{{/* +Create the name of the service account to use +*/}} +{{- define "chart.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "chart.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} From 3d25ea82beeeb4a53e8778afef93861a7a7663e9 Mon Sep 17 00:00:00 2001 From: Padula Date: Thu, 19 Aug 2021 12:11:09 +0200 Subject: [PATCH 3/3] Add env from secret only if secret is created --- chart/templates/deployment.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/chart/templates/deployment.yaml b/chart/templates/deployment.yaml index 6da34755..c4d4ebd6 100644 --- a/chart/templates/deployment.yaml +++ b/chart/templates/deployment.yaml @@ -37,9 +37,11 @@ spec: {{- toYaml .Values.securityContext | nindent 12 }} image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" imagePullPolicy: {{ .Values.image.pullPolicy }} +{{- if or .Values.kafka.truststore .Values.kafka.keystore .Values.kafka.properties }} envFrom: - secretRef: name: {{ include "chart.fullname" . }} +{{- end }} env: - name: KAFKA_BROKERCONNECT value: "{{ .Values.kafka.brokerConnect }}"