Skip to content

Commit

Permalink
fix networkpolicy and add pdb
Browse files Browse the repository at this point in the history
Signed-off-by: Javier Rodriguez <javier@chainloop.dev>
  • Loading branch information
javirln committed Aug 7, 2024
1 parent 7ecedad commit a5f8ff0
Showing 5 changed files with 80 additions and 6 deletions.
6 changes: 3 additions & 3 deletions bitnami/chainloop/templates/cas/networkpolicy.yaml
Original file line number Diff line number Diff line change
@@ -10,15 +10,15 @@ metadata:
name: {{ printf "%s-cas" (include "common.names.fullname" .) }}
namespace: {{ include "common.names.namespace" . | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
app.kubernetes.io/component: web
app.kubernetes.io/component: cas
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
spec:
{{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.cas.podLabels .Values.commonLabels ) "context" . ) }}
podSelector:
matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }}
app.kubernetes.io/component: web
app.kubernetes.io/component: cas
policyTypes:
- Ingress
- Egress
@@ -52,7 +52,7 @@ spec:
from:
- podSelector:
matchLabels:
{{ printf "%s-web" (include "common.names.fullname" .) }}-client: "true"
{{ printf "%s-cas" (include "common.names.fullname" .) }}: "true"
{{- if .Values.cas.networkPolicy.ingressNSMatchLabels }}
- namespaceSelector:
matchLabels:
26 changes: 26 additions & 0 deletions bitnami/chainloop/templates/cas/pdb.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
{{- /*
Copyright Broadcom, Inc. All Rights Reserved.
SPDX-License-Identifier: APACHE-2.0
*/}}

{{- if .Values.cas.pdb.enabled }}
apiVersion: {{ include "common.capabilities.policy.apiVersion" . }}
kind: PodDisruptionBudget
metadata:
name: {{ include "common.names.fullname" . }}
namespace: {{ include "common.names.namespace" . | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
spec:
{{- if .Values.cas.pdb.minAvailable }}
minAvailable: {{ .Values.cas.pdb.minAvailable }}
{{- end }}
{{- if or .Values.cas.pdb.maxUnavailable ( not .Values.cas.pdb.minAvailable ) }}
maxUnavailable: {{ .Values.cas.pdb.maxUnavailable | default 1 }}
{{- end }}
{{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.cas.podLabels .Values.commonLabels ) "context" . ) }}
selector:
matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }}
{{- end }}
6 changes: 3 additions & 3 deletions bitnami/chainloop/templates/controlplane/networkpolicy.yaml
Original file line number Diff line number Diff line change
@@ -10,15 +10,15 @@ metadata:
name: {{ printf "%s-controlplane" (include "common.names.fullname" .) }}
namespace: {{ include "common.names.namespace" . | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
app.kubernetes.io/component: web
app.kubernetes.io/component: controlplane
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
spec:
{{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.controlplane.podLabels .Values.commonLabels ) "context" . ) }}
podSelector:
matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }}
app.kubernetes.io/component: web
app.kubernetes.io/component: controlplane
policyTypes:
- Ingress
- Egress
@@ -52,7 +52,7 @@ spec:
from:
- podSelector:
matchLabels:
{{ printf "%s-web" (include "common.names.fullname" .) }}-client: "true"
{{ printf "%s-controlplane" (include "common.names.fullname" .) }}: "true"
{{- if .Values.controlplane.networkPolicy.ingressNSMatchLabels }}
- namespaceSelector:
matchLabels:
26 changes: 26 additions & 0 deletions bitnami/chainloop/templates/controlplane/pdb.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
{{- /*
Copyright Broadcom, Inc. All Rights Reserved.
SPDX-License-Identifier: APACHE-2.0
*/}}

{{- if .Values.controlplane.pdb.enabled }}
apiVersion: {{ include "common.capabilities.policy.apiVersion" . }}
kind: PodDisruptionBudget
metadata:
name: {{ include "common.names.fullname" . }}
namespace: {{ include "common.names.namespace" . | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
spec:
{{- if .Values.controlplane.pdb.minAvailable }}
minAvailable: {{ .Values.controlplane.pdb.minAvailable }}
{{- end }}
{{- if or .Values.controlplane.pdb.maxUnavailable ( not .Values.controlplane.pdb.minAvailable ) }}
maxUnavailable: {{ .Values.controlplane.pdb.maxUnavailable | default 1 }}
{{- end }}
{{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.controlplane.podLabels .Values.commonLabels ) "context" . ) }}
selector:
matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }}
{{- end }}
22 changes: 22 additions & 0 deletions bitnami/chainloop/values.yaml
Original file line number Diff line number Diff line change
@@ -937,6 +937,17 @@ controlplane:
targetCPU: ""
targetMemory: ""

## Pod disruption budget configuration
## Ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/
## @param server.pdb.enabled Create Pod Disruption Budget for the server component
## @param server.pdb.minAvailable Sets the min number of pods availables for the Pod Disruption Budget
## @param server.pdb.maxUnavailable Sets the max number of pods unavailable for the Pod Disruption Budget
##
pdb:
enabled: true
minAvailable: ""
maxUnavailable: ""

## @section Artifact Content Addressable (CAS) API
##################################
# Artifacts CAS #
@@ -1607,6 +1618,17 @@ cas:
targetCPU: ""
targetMemory: ""

## Pod disruption budget configuration
## Ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/
## @param server.pdb.enabled Create Pod Disruption Budget for the server component
## @param server.pdb.minAvailable Sets the min number of pods availables for the Pod Disruption Budget
## @param server.pdb.maxUnavailable Sets the max number of pods unavailable for the Pod Disruption Budget
##
pdb:
enabled: true
minAvailable: ""
maxUnavailable: ""


## @section Dependencies
# ##################################

0 comments on commit a5f8ff0

Please sign in to comment.