From 55d41c661e51caa384558801de8df00ac5e8c31a Mon Sep 17 00:00:00 2001 From: Plamen Kokanov Date: Fri, 1 Sep 2023 11:00:30 +0300 Subject: [PATCH] Make admission chart values similar to other gardener extensions --- .../Chart.yaml | 2 +- .../templates/cluster-role-binding.yaml | 4 +- .../application/templates/serviceaccount.yaml | 2 +- .../validatingwebhook-validator.yaml | 4 +- .../charts/application/values.yaml | 15 +---- .../charts/runtime/templates/deployment.yaml | 58 +++++++++---------- .../runtime/templates/secret-kubeconfig.yaml | 4 +- .../charts/runtime/templates/secret-tls.yaml | 4 +- .../charts/runtime/templates/service.yaml | 4 +- .../charts/runtime/templates/vpa.yaml | 10 ++-- .../charts/runtime/values.yaml | 49 +--------------- .../values.yaml | 23 ++------ example/local/admission/values.yaml | 5 +- skaffold.yaml | 4 +- 14 files changed, 56 insertions(+), 132 deletions(-) mode change 100644 => 120000 charts/gardener-extension-shoot-rsyslog-relp-admission/charts/application/values.yaml mode change 100644 => 120000 charts/gardener-extension-shoot-rsyslog-relp-admission/charts/runtime/values.yaml diff --git a/charts/gardener-extension-shoot-rsyslog-relp-admission/Chart.yaml b/charts/gardener-extension-shoot-rsyslog-relp-admission/Chart.yaml index c14c96d6..5c327fb4 100644 --- a/charts/gardener-extension-shoot-rsyslog-relp-admission/Chart.yaml +++ b/charts/gardener-extension-shoot-rsyslog-relp-admission/Chart.yaml @@ -2,4 +2,4 @@ apiVersion: v1 appVersion: "1.0" description: A Helm chart for the Gardener Shoot Rsyslog Relp admission controller name: gardener-extension-shoot-rsyslog-relp -version: 0.1.0 +version: 0.1.0 \ No newline at end of file diff --git a/charts/gardener-extension-shoot-rsyslog-relp-admission/charts/application/templates/cluster-role-binding.yaml b/charts/gardener-extension-shoot-rsyslog-relp-admission/charts/application/templates/cluster-role-binding.yaml index 6e48811c..5cd42a35 100644 --- a/charts/gardener-extension-shoot-rsyslog-relp-admission/charts/application/templates/cluster-role-binding.yaml +++ b/charts/gardener-extension-shoot-rsyslog-relp-admission/charts/application/templates/cluster-role-binding.yaml @@ -13,10 +13,10 @@ roleRef: kind: ClusterRole name: {{ include "name" . }} subjects: -{{- if and .Values.virtualGarden.enabled .Values.virtualGarden.user.name }} +{{- if and .Values.global.virtualGarden.enabled .Values.global.virtualGarden.user.name }} - apiGroup: rbac.authorization.k8s.io kind: User - name: {{ .Values.virtualGarden.user.name }} + name: {{ .Values.global.virtualGarden.user.name }} {{- else }} - kind: ServiceAccount name: {{ include "name" . }} diff --git a/charts/gardener-extension-shoot-rsyslog-relp-admission/charts/application/templates/serviceaccount.yaml b/charts/gardener-extension-shoot-rsyslog-relp-admission/charts/application/templates/serviceaccount.yaml index 356fc194..0688af17 100644 --- a/charts/gardener-extension-shoot-rsyslog-relp-admission/charts/application/templates/serviceaccount.yaml +++ b/charts/gardener-extension-shoot-rsyslog-relp-admission/charts/application/templates/serviceaccount.yaml @@ -2,7 +2,7 @@ # # SPDX-License-Identifier: Apache-2.0 -{{- if and .Values.virtualGarden.enabled ( not .Values.virtualGarden.user.name ) }} +{{- if and .Values.global.virtualGarden.enabled ( not .Values.global.virtualGarden.user.name ) }} apiVersion: v1 kind: ServiceAccount metadata: diff --git a/charts/gardener-extension-shoot-rsyslog-relp-admission/charts/application/templates/validatingwebhook-validator.yaml b/charts/gardener-extension-shoot-rsyslog-relp-admission/charts/application/templates/validatingwebhook-validator.yaml index 24fe2ff3..19c46e03 100644 --- a/charts/gardener-extension-shoot-rsyslog-relp-admission/charts/application/templates/validatingwebhook-validator.yaml +++ b/charts/gardener-extension-shoot-rsyslog-relp-admission/charts/application/templates/validatingwebhook-validator.yaml @@ -27,7 +27,7 @@ webhooks: - v1 - v1beta1 clientConfig: - {{- if .Values.virtualGarden.enabled }} + {{- if .Values.global.virtualGarden.enabled }} url: {{ printf "https://%s.%s/webhooks/validate" (include "name" .) (.Release.Namespace) }} {{- else }} service: @@ -35,4 +35,4 @@ webhooks: name: {{ include "name" . }} path: /webhooks/validate {{- end }} - caBundle: {{ required ".Values.webhookConfig.caBundle is required" .Values.webhookConfig.caBundle | b64enc }} + caBundle: {{ required ".Values.global.webhookConfig.caBundle is required" .Values.global.webhookConfig.caBundle | b64enc }} diff --git a/charts/gardener-extension-shoot-rsyslog-relp-admission/charts/application/values.yaml b/charts/gardener-extension-shoot-rsyslog-relp-admission/charts/application/values.yaml deleted file mode 100644 index 68ef5140..00000000 --- a/charts/gardener-extension-shoot-rsyslog-relp-admission/charts/application/values.yaml +++ /dev/null @@ -1,14 +0,0 @@ -# SPDX-FileCopyrightText: 2023 SAP SE or an SAP affiliate company and Gardener contributors -# -# SPDX-License-Identifier: Apache-2.0 - -virtualGarden: - enabled: false - user: - name: "" - -webhookConfig: - caBundle: | - -----BEGIN CERTIFICATE----- - ... - -----END CERTIFICATE----- diff --git a/charts/gardener-extension-shoot-rsyslog-relp-admission/charts/application/values.yaml b/charts/gardener-extension-shoot-rsyslog-relp-admission/charts/application/values.yaml new file mode 120000 index 00000000..ef36be5f --- /dev/null +++ b/charts/gardener-extension-shoot-rsyslog-relp-admission/charts/application/values.yaml @@ -0,0 +1 @@ +../../values.yaml \ No newline at end of file diff --git a/charts/gardener-extension-shoot-rsyslog-relp-admission/charts/runtime/templates/deployment.yaml b/charts/gardener-extension-shoot-rsyslog-relp-admission/charts/runtime/templates/deployment.yaml index cc1ffc32..79bc1a57 100644 --- a/charts/gardener-extension-shoot-rsyslog-relp-admission/charts/runtime/templates/deployment.yaml +++ b/charts/gardener-extension-shoot-rsyslog-relp-admission/charts/runtime/templates/deployment.yaml @@ -12,7 +12,7 @@ metadata: high-availability-config.resources.gardener.cloud/type: server spec: revisionHistoryLimit: 2 - replicas: {{ .Values.replicaCount }} + replicas: {{ .Values.global.replicaCount }} selector: matchLabels: {{ include "labels" . | indent 6 }} @@ -20,7 +20,7 @@ spec: metadata: annotations: checksum/gardener-extension-shoot-rsyslog-relp-admission-tls: {{ include (print $.Template.BasePath "/secret-tls.yaml") . | sha256sum }} - {{- if .Values.kubeconfig }} + {{- if .Values.global.kubeconfig }} checksum/gardener-extension-shoot-rsyslog-relp-admission-kubeconfig: {{ include (print $.Template.BasePath "/secret-kubeconfig.yaml") . | sha256sum }} {{- end }} labels: @@ -34,63 +34,63 @@ spec: seccompProfile: type: RuntimeDefault serviceAccountName: {{ include "name" . }} - {{- if .Values.kubeconfig }} + {{- if .Values.global.kubeconfig }} automountServiceAccountToken: false {{- end }} containers: - name: {{ include "name" . }} - image: {{ include "image" .Values.image }} - imagePullPolicy: {{ .Values.image.pullPolicy }} + image: {{ include "image" .Values.global.image }} + imagePullPolicy: {{ .Values.global.image.pullPolicy }} args: - - --webhook-config-server-port={{ .Values.webhookConfig.serverPort }} + - --webhook-config-server-port={{ .Values.global.webhookConfig.serverPort }} - --webhook-config-cert-dir=/etc/gardener-extension-shoot-rsyslog-relp-admission/srv - {{- if .Values.kubeconfig }} + {{- if .Values.global.kubeconfig }} - --kubeconfig=/etc/gardener-extension-shoot-rsyslog-relp-admission/kubeconfig/kubeconfig {{- end }} - {{- if .Values.projectedKubeconfig }} - - --kubeconfig={{ required ".Values.projectedKubeconfig.baseMountPath is required" .Values.projectedKubeconfig.baseMountPath }}/kubeconfig + {{- if .Values.global.projectedKubeconfig }} + - --kubeconfig={{ required ".Values.global.projectedKubeconfig.baseMountPath is required" .Values.global.projectedKubeconfig.baseMountPath }}/kubeconfig {{- end }} - {{- if .Values.metricsPort }} - - --metrics-bind-address=:{{ .Values.metricsPort }} + {{- if .Values.global.metricsPort }} + - --metrics-bind-address=:{{ .Values.global.metricsPort }} {{- end }} - - --health-bind-address=:{{ .Values.healthPort }} + - --health-bind-address=:{{ .Values.global.healthPort }} livenessProbe: httpGet: path: /healthz - port: {{ .Values.healthPort }} + port: {{ .Values.global.healthPort }} scheme: HTTP initialDelaySeconds: 10 readinessProbe: httpGet: path: /readyz - port: {{ .Values.healthPort }} + port: {{ .Values.global.healthPort }} scheme: HTTP initialDelaySeconds: 5 ports: - name: webhook-server - containerPort: {{ .Values.webhookConfig.serverPort }} + containerPort: {{ .Values.global.webhookConfig.serverPort }} protocol: TCP -{{- if .Values.resources }} +{{- if .Values.global.resources }} resources: -{{ toYaml .Values.resources | nindent 10 }} +{{ toYaml .Values.global.resources | nindent 10 }} {{- end }} volumeMounts: - name: {{ include "name" . }}-tls mountPath: /etc/gardener-extension-shoot-rsyslog-relp-admission/srv readOnly: true - {{- if .Values.kubeconfig }} + {{- if .Values.global.kubeconfig }} - name: {{ include "name" . }}-kubeconfig mountPath: /etc/gardener-extension-shoot-rsyslog-relp-admission/kubeconfig readOnly: true {{- end }} - {{- if .Values.serviceAccountTokenVolumeProjection.enabled }} + {{- if .Values.global.serviceAccountTokenVolumeProjection.enabled }} - name: service-account-token mountPath: /var/run/secrets/projected/serviceaccount readOnly: true {{- end }} - {{- if .Values.projectedKubeconfig }} + {{- if .Values.global.projectedKubeconfig }} - name: kubeconfig - mountPath: {{ required ".Values.projectedKubeconfig.baseMountPath is required" .Values.projectedKubeconfig.baseMountPath }} + mountPath: {{ required ".Values.global.projectedKubeconfig.baseMountPath is required" .Values.global.projectedKubeconfig.baseMountPath }} readOnly: true {{- end }} volumes: @@ -98,24 +98,24 @@ spec: secret: secretName: {{ include "name" . }}-tls defaultMode: 420 - {{- if .Values.kubeconfig }} + {{- if .Values.global.kubeconfig }} - name: {{ include "name" . }}-kubeconfig secret: secretName: {{ include "name" . }}-kubeconfig defaultMode: 420 {{- end }} - {{- if .Values.serviceAccountTokenVolumeProjection.enabled }} + {{- if .Values.global.serviceAccountTokenVolumeProjection.enabled }} - name: service-account-token projected: sources: - serviceAccountToken: path: token - expirationSeconds: {{ .Values.serviceAccountTokenVolumeProjection.expirationSeconds }} - {{- if .Values.serviceAccountTokenVolumeProjection.audience }} - audience: {{ .Values.serviceAccountTokenVolumeProjection.audience }} + expirationSeconds: {{ .Values.global.serviceAccountTokenVolumeProjection.expirationSeconds }} + {{- if .Values.global.serviceAccountTokenVolumeProjection.audience }} + audience: {{ .Values.global.serviceAccountTokenVolumeProjection.audience }} {{- end }} {{- end }} - {{- if .Values.projectedKubeconfig }} + {{- if .Values.global.projectedKubeconfig }} - name: kubeconfig projected: defaultMode: 420 @@ -124,12 +124,12 @@ spec: items: - key: kubeconfig path: kubeconfig - name: {{ required ".Values.projectedKubeconfig.genericKubeconfigSecretName is required" .Values.projectedKubeconfig.genericKubeconfigSecretName }} + name: {{ required ".Values.global.projectedKubeconfig.genericKubeconfigSecretName is required" .Values.global.projectedKubeconfig.genericKubeconfigSecretName }} optional: false - secret: items: - key: token path: token - name: {{ required ".Values.projectedKubeconfig.tokenSecretName is required" .Values.projectedKubeconfig.tokenSecretName }} + name: {{ required ".Values.global.projectedKubeconfig.tokenSecretName is required" .Values.global.projectedKubeconfig.tokenSecretName }} optional: false {{- end }} diff --git a/charts/gardener-extension-shoot-rsyslog-relp-admission/charts/runtime/templates/secret-kubeconfig.yaml b/charts/gardener-extension-shoot-rsyslog-relp-admission/charts/runtime/templates/secret-kubeconfig.yaml index 3a7f4b83..baaccaab 100644 --- a/charts/gardener-extension-shoot-rsyslog-relp-admission/charts/runtime/templates/secret-kubeconfig.yaml +++ b/charts/gardener-extension-shoot-rsyslog-relp-admission/charts/runtime/templates/secret-kubeconfig.yaml @@ -2,7 +2,7 @@ # # SPDX-License-Identifier: Apache-2.0 -{{- if .Values.kubeconfig }} +{{- if .Values.global.kubeconfig }} apiVersion: v1 kind: Secret metadata: @@ -12,5 +12,5 @@ metadata: {{ include "labels" . | indent 4 }} type: Opaque data: - kubeconfig: {{ .Values.kubeconfig | b64enc }} + kubeconfig: {{ .Values.global.kubeconfig | b64enc }} {{- end }} diff --git a/charts/gardener-extension-shoot-rsyslog-relp-admission/charts/runtime/templates/secret-tls.yaml b/charts/gardener-extension-shoot-rsyslog-relp-admission/charts/runtime/templates/secret-tls.yaml index fcafc217..ce5f893a 100644 --- a/charts/gardener-extension-shoot-rsyslog-relp-admission/charts/runtime/templates/secret-tls.yaml +++ b/charts/gardener-extension-shoot-rsyslog-relp-admission/charts/runtime/templates/secret-tls.yaml @@ -11,5 +11,5 @@ metadata: {{ include "labels" . | indent 4 }} type: Opaque data: - tls.crt: {{ required ".Values.webhookConfig.tls.crt is required" .Values.webhookConfig.tls.crt | b64enc }} - tls.key: {{ required ".Values.webhookConfig.tls.key is required" .Values.webhookConfig.tls.key | b64enc }} + tls.crt: {{ required ".Values.global.webhookConfig.tls.crt is required" .Values.global.webhookConfig.tls.crt | b64enc }} + tls.key: {{ required ".Values.global.webhookConfig.tls.key is required" .Values.global.webhookConfig.tls.key | b64enc }} diff --git a/charts/gardener-extension-shoot-rsyslog-relp-admission/charts/runtime/templates/service.yaml b/charts/gardener-extension-shoot-rsyslog-relp-admission/charts/runtime/templates/service.yaml index f41e0758..9e292278 100644 --- a/charts/gardener-extension-shoot-rsyslog-relp-admission/charts/runtime/templates/service.yaml +++ b/charts/gardener-extension-shoot-rsyslog-relp-admission/charts/runtime/templates/service.yaml @@ -8,7 +8,7 @@ metadata: name: {{ include "name" . }} namespace: {{ .Release.Namespace }} annotations: - networking.resources.gardener.cloud/from-all-webhook-targets-allowed-ports: '[{"protocol":"TCP","port":{{ .Values.webhookConfig.serverPort }}}]' + networking.resources.gardener.cloud/from-all-webhook-targets-allowed-ports: '[{"protocol":"TCP","port":{{ .Values.global.webhookConfig.serverPort }}}]' labels: {{ include "labels" . | indent 4 }} spec: @@ -18,4 +18,4 @@ spec: ports: - port: 443 protocol: TCP - targetPort: {{ .Values.webhookConfig.serverPort }} + targetPort: {{ .Values.global.webhookConfig.serverPort }} diff --git a/charts/gardener-extension-shoot-rsyslog-relp-admission/charts/runtime/templates/vpa.yaml b/charts/gardener-extension-shoot-rsyslog-relp-admission/charts/runtime/templates/vpa.yaml index 087ee8eb..b8e95382 100644 --- a/charts/gardener-extension-shoot-rsyslog-relp-admission/charts/runtime/templates/vpa.yaml +++ b/charts/gardener-extension-shoot-rsyslog-relp-admission/charts/runtime/templates/vpa.yaml @@ -2,25 +2,25 @@ # # SPDX-License-Identifier: Apache-2.0 -{{- if .Values.vpa.enabled}} +{{- if .Values.global.vpa.enabled}} apiVersion: autoscaling.k8s.io/v1 kind: VerticalPodAutoscaler metadata: name: {{ include "name" . }}-vpa namespace: {{ .Release.Namespace }} spec: - {{- if .Values.vpa.resourcePolicy }} + {{- if .Values.global.vpa.resourcePolicy }} resourcePolicy: containerPolicies: - containerName: '*' minAllowed: - cpu: {{ required ".Values.vpa.resourcePolicy.minAllowed.cpu is required" .Values.vpa.resourcePolicy.minAllowed.cpu }} - memory: {{ required ".Values.vpa.resourcePolicy.minAllowed.memory is required" .Values.vpa.resourcePolicy.minAllowed.memory }} + cpu: {{ required ".Values.global.vpa.resourcePolicy.minAllowed.cpu is required" .Values.global.vpa.resourcePolicy.minAllowed.cpu }} + memory: {{ required ".Values.global.vpa.resourcePolicy.minAllowed.memory is required" .Values.global.vpa.resourcePolicy.minAllowed.memory }} {{- end }} targetRef: apiVersion: apps/v1 kind: Deployment name: {{ include "name" . }} updatePolicy: - updateMode: {{ .Values.vpa.updatePolicy.updateMode }} + updateMode: {{ .Values.global.vpa.updatePolicy.updateMode }} {{- end }} diff --git a/charts/gardener-extension-shoot-rsyslog-relp-admission/charts/runtime/values.yaml b/charts/gardener-extension-shoot-rsyslog-relp-admission/charts/runtime/values.yaml deleted file mode 100644 index c5853707..00000000 --- a/charts/gardener-extension-shoot-rsyslog-relp-admission/charts/runtime/values.yaml +++ /dev/null @@ -1,48 +0,0 @@ -# SPDX-FileCopyrightText: 2023 SAP SE or an SAP affiliate company and Gardener contributors -# -# SPDX-License-Identifier: Apache-2.0 - -image: - repository: eu.gcr.io/gardener-project/gardener/extensions/shoot-rsyslog-relp-admission - tag: latest - pullPolicy: IfNotPresent - -replicaCount: 1 - -resources: {} - -metricsPort: 8080 -healthPort: 8081 - -vpa: - enabled: true - resourcePolicy: - minAllowed: - cpu: 50m - memory: 64Mi - updatePolicy: - updateMode: "Auto" - -webhookConfig: - serverPort: 10250 - tls: - crt: | - -----BEGIN CERTIFICATE----- - ... - -----END CERTIFICATE----- - key: | - -----BEGIN RSA PRIVATE KEY----- - ... - -----END RSA PRIVATE KEY----- -# Kubeconfig to the target cluster. In-cluster configuration will be used if not specified. -kubeconfig: - -# projectedKubeconfig: -# baseMountPath: /var/run/secrets/gardener.cloud -# genericKubeconfigSecretName: generic-token-kubeconfig -# tokenSecretName: access-shoot-rsyslog-relp-admission - -serviceAccountTokenVolumeProjection: - enabled: false - expirationSeconds: 43200 - audience: "" diff --git a/charts/gardener-extension-shoot-rsyslog-relp-admission/charts/runtime/values.yaml b/charts/gardener-extension-shoot-rsyslog-relp-admission/charts/runtime/values.yaml new file mode 120000 index 00000000..ef36be5f --- /dev/null +++ b/charts/gardener-extension-shoot-rsyslog-relp-admission/charts/runtime/values.yaml @@ -0,0 +1 @@ +../../values.yaml \ No newline at end of file diff --git a/charts/gardener-extension-shoot-rsyslog-relp-admission/values.yaml b/charts/gardener-extension-shoot-rsyslog-relp-admission/values.yaml index 95f4ad9d..c54f044e 100644 --- a/charts/gardener-extension-shoot-rsyslog-relp-admission/values.yaml +++ b/charts/gardener-extension-shoot-rsyslog-relp-admission/values.yaml @@ -1,37 +1,21 @@ -application: - enabled: true - +global: virtualGarden: enabled: false user: name: "" - - webhookConfig: - caBundle: | - -----BEGIN CERTIFICATE----- - ... - -----END CERTIFICATE----- - -runtime: - enabled: true - image: repository: eu.gcr.io/gardener-project/gardener/extensions/shoot-rsyslog-relp-admission tag: latest pullPolicy: IfNotPresent - replicaCount: 1 - resources: requests: cpu: "50m" memory: "64Mi" limits: memory: "512Mi" - metricsPort: 8080 healthPort: 8081 - vpa: enabled: true resourcePolicy: @@ -40,9 +24,12 @@ runtime: memory: 64Mi updatePolicy: updateMode: "Auto" - webhookConfig: serverPort: 10250 + caBundle: | + -----BEGIN CERTIFICATE----- + ... + -----END CERTIFICATE----- tls: crt: | -----BEGIN CERTIFICATE----- diff --git a/example/local/admission/values.yaml b/example/local/admission/values.yaml index 3326b750..0448083e 100644 --- a/example/local/admission/values.yaml +++ b/example/local/admission/values.yaml @@ -1,4 +1,4 @@ -application: +global: webhookConfig: caBundle: | -----BEGIN CERTIFICATE----- @@ -21,9 +21,6 @@ application: bouKVDcFQMoluZrCWWZZDRktjrd8zvRuF/gsTRBQNwrc4lUQ6Q0LgnKBcTPtKnwN 8RXuztXkOHPc8Tk1qquviRrpKAkuTRScAdBzpiAT -----END CERTIFICATE----- - -runtime: - webhookConfig: tls: crt: | -----BEGIN CERTIFICATE----- diff --git a/skaffold.yaml b/skaffold.yaml index 1eb7f271..c49a7d56 100644 --- a/skaffold.yaml +++ b/skaffold.yaml @@ -67,5 +67,5 @@ deploy: valuesFiles: - "example/local/admission/values.yaml" setValueTemplates: - runtime.image.repository: '{{.IMAGE_REPO_eu_gcr_io_gardener_project_gardener_extensions_shoot_rsyslog_relp_admission}}' - runtime.image.tag: '{{.IMAGE_TAG_eu_gcr_io_gardener_project_gardener_extensions_shoot_rsyslog_relp_admission}}@{{.IMAGE_DIGEST_eu_gcr_io_gardener_project_gardener_extensions_shoot_rsyslog_relp_admission}}' + global.image.repository: '{{.IMAGE_REPO_eu_gcr_io_gardener_project_gardener_extensions_shoot_rsyslog_relp_admission}}' + global.image.tag: '{{.IMAGE_TAG_eu_gcr_io_gardener_project_gardener_extensions_shoot_rsyslog_relp_admission}}@{{.IMAGE_DIGEST_eu_gcr_io_gardener_project_gardener_extensions_shoot_rsyslog_relp_admission}}'