Merge pull request #10 from gardener/adapt-admission-chart

Make the admission chart values similar to other gardener extensions

charts/gardener-extension-shoot-rsyslog-relp-admission/Chart.yaml

@@ -2,4 +2,4 @@ apiVersion: v1
 appVersion: "1.0"
 description: A Helm chart for the Gardener Shoot Rsyslog Relp admission controller
 name: gardener-extension-shoot-rsyslog-relp
-version: 0.1.0
+version: 0.1.0

charts/gardener-extension-shoot-rsyslog-relp-admission/charts/application/templates/cluster-role-binding.yaml

@@ -13,10 +13,10 @@ roleRef:
   kind: ClusterRole
   name: {{ include "name" . }}
 subjects:
-{{- if and .Values.virtualGarden.enabled .Values.virtualGarden.user.name }}
+{{- if and .Values.global.virtualGarden.enabled .Values.global.virtualGarden.user.name }}
 - apiGroup: rbac.authorization.k8s.io
   kind: User
-  name: {{ .Values.virtualGarden.user.name  }}
+  name: {{ .Values.global.virtualGarden.user.name  }}
 {{- else }}
 - kind: ServiceAccount
   name: {{ include "name" . }}

charts/gardener-extension-shoot-rsyslog-relp-admission/charts/application/templates/serviceaccount.yaml

@@ -2,7 +2,7 @@
 #
 # SPDX-License-Identifier: Apache-2.0
 
-{{- if and .Values.virtualGarden.enabled ( not .Values.virtualGarden.user.name ) }}
+{{- if and .Values.global.virtualGarden.enabled ( not .Values.global.virtualGarden.user.name ) }}
 apiVersion: v1
 kind: ServiceAccount
 metadata:

charts/gardener-extension-shoot-rsyslog-relp-admission/charts/application/templates/validatingwebhook-validator.yaml

@@ -27,12 +27,12 @@ webhooks:
   - v1
   - v1beta1
   clientConfig:
-    {{- if .Values.virtualGarden.enabled }}
+    {{- if .Values.global.virtualGarden.enabled }}
     url: {{ printf "https://%s.%s/webhooks/validate" (include "name" .) (.Release.Namespace) }}
     {{- else }}
     service:
       namespace: {{ .Release.Namespace }}
       name: {{ include "name" . }}
       path: /webhooks/validate
     {{- end }}
-    caBundle: {{ required ".Values.webhookConfig.caBundle is required" .Values.webhookConfig.caBundle | b64enc }}
+    caBundle: {{ required ".Values.global.webhookConfig.caBundle is required" .Values.global.webhookConfig.caBundle | b64enc }}

charts/gardener-extension-shoot-rsyslog-relp-admission/charts/application/values.yaml

@@ -0,0 +1 @@
+../../values.yaml

charts/gardener-extension-shoot-rsyslog-relp-admission/charts/runtime/templates/deployment.yaml

@@ -12,15 +12,15 @@ metadata:
     high-availability-config.resources.gardener.cloud/type: server
 spec:
   revisionHistoryLimit: 2
-  replicas: {{ .Values.replicaCount }}
+  replicas: {{ .Values.global.replicaCount }}
   selector:
     matchLabels:
 {{ include "labels" . | indent 6 }}
   template:
     metadata:
       annotations:
         checksum/gardener-extension-shoot-rsyslog-relp-admission-tls: {{ include (print $.Template.BasePath "/secret-tls.yaml") . | sha256sum }}
-        {{- if .Values.kubeconfig }}
+        {{- if .Values.global.kubeconfig }}
         checksum/gardener-extension-shoot-rsyslog-relp-admission-kubeconfig: {{ include (print $.Template.BasePath "/secret-kubeconfig.yaml") . | sha256sum }}
         {{- end }}
       labels:
@@ -34,88 +34,88 @@ spec:
         seccompProfile:
           type: RuntimeDefault
       serviceAccountName: {{ include "name" . }}
-      {{- if .Values.kubeconfig }}
+      {{- if .Values.global.kubeconfig }}
       automountServiceAccountToken: false
       {{- end }}
       containers:
       - name: {{ include "name" . }}
-        image: {{ include "image" .Values.image }}
-        imagePullPolicy: {{ .Values.image.pullPolicy }}
+        image: {{ include "image" .Values.global.image }}
+        imagePullPolicy: {{ .Values.global.image.pullPolicy }}
         args:
-        - --webhook-config-server-port={{ .Values.webhookConfig.serverPort }}
+        - --webhook-config-server-port={{ .Values.global.webhookConfig.serverPort }}
         - --webhook-config-cert-dir=/etc/gardener-extension-shoot-rsyslog-relp-admission/srv
-        {{- if .Values.kubeconfig }}
+        {{- if .Values.global.kubeconfig }}
         - --kubeconfig=/etc/gardener-extension-shoot-rsyslog-relp-admission/kubeconfig/kubeconfig
         {{- end }}
-        {{- if .Values.projectedKubeconfig }}
-        - --kubeconfig={{ required ".Values.projectedKubeconfig.baseMountPath is required" .Values.projectedKubeconfig.baseMountPath }}/kubeconfig
+        {{- if .Values.global.projectedKubeconfig }}
+        - --kubeconfig={{ required ".Values.global.projectedKubeconfig.baseMountPath is required" .Values.global.projectedKubeconfig.baseMountPath }}/kubeconfig
         {{- end }}
-        {{- if .Values.metricsPort }}
-        - --metrics-bind-address=:{{ .Values.metricsPort }}
+        {{- if .Values.global.metricsPort }}
+        - --metrics-bind-address=:{{ .Values.global.metricsPort }}
         {{- end }}
-        - --health-bind-address=:{{ .Values.healthPort }}
+        - --health-bind-address=:{{ .Values.global.healthPort }}
         livenessProbe:
           httpGet:
             path: /healthz
-            port: {{ .Values.healthPort }}
+            port: {{ .Values.global.healthPort }}
             scheme: HTTP
           initialDelaySeconds: 10
         readinessProbe:
           httpGet:
             path: /readyz
-            port: {{ .Values.healthPort }}
+            port: {{ .Values.global.healthPort }}
             scheme: HTTP
           initialDelaySeconds: 5
         ports:
         - name: webhook-server
-          containerPort: {{ .Values.webhookConfig.serverPort }}
+          containerPort: {{ .Values.global.webhookConfig.serverPort }}
           protocol: TCP
-{{- if .Values.resources }}
+{{- if .Values.global.resources }}
         resources:
-{{ toYaml .Values.resources | nindent 10 }}
+{{ toYaml .Values.global.resources | nindent 10 }}
 {{- end }}
         volumeMounts:
         - name: {{ include "name" . }}-tls
           mountPath: /etc/gardener-extension-shoot-rsyslog-relp-admission/srv
           readOnly: true
-        {{- if .Values.kubeconfig }}
+        {{- if .Values.global.kubeconfig }}
         - name: {{ include "name" . }}-kubeconfig
           mountPath: /etc/gardener-extension-shoot-rsyslog-relp-admission/kubeconfig
           readOnly: true
         {{- end }}
-        {{- if .Values.serviceAccountTokenVolumeProjection.enabled }}
+        {{- if .Values.global.serviceAccountTokenVolumeProjection.enabled }}
         - name: service-account-token
           mountPath: /var/run/secrets/projected/serviceaccount
           readOnly: true
         {{- end }}
-        {{- if .Values.projectedKubeconfig }}
+        {{- if .Values.global.projectedKubeconfig }}
         - name: kubeconfig
-          mountPath: {{ required ".Values.projectedKubeconfig.baseMountPath is required" .Values.projectedKubeconfig.baseMountPath }}
+          mountPath: {{ required ".Values.global.projectedKubeconfig.baseMountPath is required" .Values.global.projectedKubeconfig.baseMountPath }}
           readOnly: true
         {{- end }}
       volumes:
       - name: {{ include "name" . }}-tls
         secret:
           secretName: {{ include "name" . }}-tls
           defaultMode: 420
-      {{- if .Values.kubeconfig }}
+      {{- if .Values.global.kubeconfig }}
       - name: {{ include "name" . }}-kubeconfig
         secret:
           secretName: {{ include "name" . }}-kubeconfig
           defaultMode: 420
       {{- end }}
-      {{- if .Values.serviceAccountTokenVolumeProjection.enabled }}
+      {{- if .Values.global.serviceAccountTokenVolumeProjection.enabled }}
       - name: service-account-token
         projected:
           sources:
           - serviceAccountToken:
               path: token
-              expirationSeconds: {{ .Values.serviceAccountTokenVolumeProjection.expirationSeconds }}
-              {{- if .Values.serviceAccountTokenVolumeProjection.audience }}
-              audience: {{ .Values.serviceAccountTokenVolumeProjection.audience }}
+              expirationSeconds: {{ .Values.global.serviceAccountTokenVolumeProjection.expirationSeconds }}
+              {{- if .Values.global.serviceAccountTokenVolumeProjection.audience }}
+              audience: {{ .Values.global.serviceAccountTokenVolumeProjection.audience }}
               {{- end }}
       {{- end }}
-      {{- if .Values.projectedKubeconfig }}
+      {{- if .Values.global.projectedKubeconfig }}
       - name: kubeconfig
         projected:
           defaultMode: 420
@@ -124,12 +124,12 @@ spec:
               items:
               - key: kubeconfig
                 path: kubeconfig
-              name: {{ required ".Values.projectedKubeconfig.genericKubeconfigSecretName is required" .Values.projectedKubeconfig.genericKubeconfigSecretName }}
+              name: {{ required ".Values.global.projectedKubeconfig.genericKubeconfigSecretName is required" .Values.global.projectedKubeconfig.genericKubeconfigSecretName }}
               optional: false
           - secret:
               items:
               - key: token
                 path: token
-              name: {{ required ".Values.projectedKubeconfig.tokenSecretName is required" .Values.projectedKubeconfig.tokenSecretName }}
+              name: {{ required ".Values.global.projectedKubeconfig.tokenSecretName is required" .Values.global.projectedKubeconfig.tokenSecretName }}
               optional: false
       {{- end }}

charts/gardener-extension-shoot-rsyslog-relp-admission/charts/runtime/templates/secret-kubeconfig.yaml

@@ -2,7 +2,7 @@
 #
 # SPDX-License-Identifier: Apache-2.0
 
-{{- if .Values.kubeconfig }}
+{{- if .Values.global.kubeconfig }}
 apiVersion: v1
 kind: Secret
 metadata:
@@ -12,5 +12,5 @@ metadata:
 {{ include "labels" . | indent 4 }}
 type: Opaque
 data:
-  kubeconfig: {{ .Values.kubeconfig | b64enc }}
+  kubeconfig: {{ .Values.global.kubeconfig | b64enc }}
 {{- end }}

charts/gardener-extension-shoot-rsyslog-relp-admission/charts/runtime/templates/secret-tls.yaml

@@ -11,5 +11,5 @@ metadata:
 {{ include "labels" . | indent 4 }}
 type: Opaque
 data:
-  tls.crt: {{ required ".Values.webhookConfig.tls.crt is required" .Values.webhookConfig.tls.crt | b64enc }}
-  tls.key: {{ required ".Values.webhookConfig.tls.key is required" .Values.webhookConfig.tls.key | b64enc }}
+  tls.crt: {{ required ".Values.global.webhookConfig.tls.crt is required" .Values.global.webhookConfig.tls.crt | b64enc }}
+  tls.key: {{ required ".Values.global.webhookConfig.tls.key is required" .Values.global.webhookConfig.tls.key | b64enc }}

charts/gardener-extension-shoot-rsyslog-relp-admission/charts/runtime/templates/service.yaml

@@ -8,7 +8,7 @@ metadata:
   name: {{ include "name" . }}
   namespace: {{ .Release.Namespace }}
   annotations:
-    networking.resources.gardener.cloud/from-all-webhook-targets-allowed-ports: '[{"protocol":"TCP","port":{{ .Values.webhookConfig.serverPort }}}]'
+    networking.resources.gardener.cloud/from-all-webhook-targets-allowed-ports: '[{"protocol":"TCP","port":{{ .Values.global.webhookConfig.serverPort }}}]'
   labels:
 {{ include "labels" . | indent 4 }}
 spec:
@@ -18,4 +18,4 @@ spec:
   ports:
   - port: 443
     protocol: TCP
-    targetPort: {{ .Values.webhookConfig.serverPort }}
+    targetPort: {{ .Values.global.webhookConfig.serverPort }}

charts/gardener-extension-shoot-rsyslog-relp-admission/charts/runtime/templates/vpa.yaml

@@ -2,25 +2,25 @@
 #
 # SPDX-License-Identifier: Apache-2.0
 
-{{- if .Values.vpa.enabled}}
+{{- if .Values.global.vpa.enabled}}
 apiVersion: autoscaling.k8s.io/v1
 kind: VerticalPodAutoscaler
 metadata:
   name: {{ include "name" . }}-vpa
   namespace: {{ .Release.Namespace }}
 spec:
-  {{- if .Values.vpa.resourcePolicy }}
+  {{- if .Values.global.vpa.resourcePolicy }}
   resourcePolicy:
     containerPolicies:
     - containerName: '*'
       minAllowed:
-        cpu: {{ required ".Values.vpa.resourcePolicy.minAllowed.cpu is required" .Values.vpa.resourcePolicy.minAllowed.cpu }}
-        memory: {{ required ".Values.vpa.resourcePolicy.minAllowed.memory is required" .Values.vpa.resourcePolicy.minAllowed.memory }}
+        cpu: {{ required ".Values.global.vpa.resourcePolicy.minAllowed.cpu is required" .Values.global.vpa.resourcePolicy.minAllowed.cpu }}
+        memory: {{ required ".Values.global.vpa.resourcePolicy.minAllowed.memory is required" .Values.global.vpa.resourcePolicy.minAllowed.memory }}
   {{- end }}
   targetRef:
     apiVersion: apps/v1
     kind: Deployment
     name: {{ include "name" . }}
   updatePolicy:
-    updateMode: {{ .Values.vpa.updatePolicy.updateMode }}
+    updateMode: {{ .Values.global.vpa.updatePolicy.updateMode }}
 {{- end }}

charts/gardener-extension-shoot-rsyslog-relp-admission/charts/runtime/values.yaml

@@ -0,0 +1 @@
+../../values.yaml

charts/gardener-extension-shoot-rsyslog-relp-admission/values.yaml

@@ -1,37 +1,21 @@
-application:
-  enabled: true
-
+global:
   virtualGarden:
     enabled: false
     user:
       name: ""
-
-  webhookConfig:
-    caBundle: |
-      -----BEGIN CERTIFICATE-----
-      ...
-      -----END CERTIFICATE-----
-
-runtime:
-  enabled: true
-
   image:
     repository: eu.gcr.io/gardener-project/gardener/extensions/shoot-rsyslog-relp-admission
     tag: latest
     pullPolicy: IfNotPresent
-
   replicaCount: 1
-
   resources:
     requests:
       cpu: "50m"
       memory: "64Mi"
     limits:
       memory: "512Mi"
-
   metricsPort: 8080
   healthPort: 8081
-
   vpa:
     enabled: true
     resourcePolicy:
@@ -40,9 +24,12 @@ runtime:
         memory: 64Mi
     updatePolicy:
       updateMode: "Auto"
-
   webhookConfig:
     serverPort: 10250
+    caBundle: |
+      -----BEGIN CERTIFICATE-----
+      ...
+      -----END CERTIFICATE-----
     tls:
       crt: |
         -----BEGIN CERTIFICATE-----

example/local/admission/values.yaml

@@ -1,4 +1,4 @@
-application:
+global:
   webhookConfig:
     caBundle: |
       -----BEGIN CERTIFICATE-----
@@ -21,9 +21,6 @@ application:
       bouKVDcFQMoluZrCWWZZDRktjrd8zvRuF/gsTRBQNwrc4lUQ6Q0LgnKBcTPtKnwN
       8RXuztXkOHPc8Tk1qquviRrpKAkuTRScAdBzpiAT
       -----END CERTIFICATE-----
-
-runtime:
-  webhookConfig:
     tls:
       crt: |
         -----BEGIN CERTIFICATE-----