add karpenter 0.1.4

incubator/karpenter/release-0.1.4/Chart.yaml

@@ -0,0 +1,12 @@
+apiVersion: v2
+name: karpenter
+description: A Helm chart for TKE Karpenter provider.
+type: application
+version: 0.1.4
+appVersion: 0.1.4
+keywords:
+  - cluster
+  - node
+  - scheduler
+  - autoscaling
+  - lifecycle

incubator/karpenter/release-0.1.4/README.md

@@ -0,0 +1,7 @@
+# TKE Karpenter provider
+
+A Helm chart for TKE Karpenter provider
+
+## Documentation
+
+For full Karpenter documentation please checkout [https://karpenter.sh](https://karpenter.sh/v1.0/)

incubator/karpenter/release-0.1.4/templates/_helpers.tpl

@@ -0,0 +1,169 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "karpenter.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "karpenter.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "karpenter.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "karpenter.labels" -}}
+helm.sh/chart: {{ include "karpenter.chart" . }}
+{{ include "karpenter.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- with .Values.additionalLabels }}
+{{ toYaml . }}
+{{- end }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "karpenter.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "karpenter.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "karpenter.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create }}
+{{- default (include "karpenter.fullname" .) .Values.serviceAccount.name }}
+{{- else }}
+{{- default "default" .Values.serviceAccount.name }}
+{{- end }}
+{{- end }}
+
+{{/*
+Karpenter image to use
+*/}}
+{{- define "karpenter.controller.image" -}}
+{{- $regionMap := dict "ap-hongkong" "hk" "na-toronto" "ca" "ap-beijing-fsi" "bjjr" "ap-taipei" "tpe" "ap-tokyo" "jp" "ap-bangkok" "th" "na-ashburn" "use" "ap-seoul" "kr" "ap-mumbai" "in" "ap-shanghai-fsi" "shjr" "eu-frankfurt" "de" "ap-singapore" "sg" "na-siliconvalley" "usw" "ap-shenzhen-fsi" "szjr" "ap-jakarta" "jkt" "sa-saopaulo" "sao" "ap-shanghai-adc" "shadc" "ap-guangzhou-wxzf" "gzwxzf" "ap-shanghai-wxzf" "shwxzf" "ap-shenzhen-jxcft" "szjxcft" }}
+{{- if .Values.controller.image.digest }}
+{{- printf "%s%s:%s@%s" (get $regionMap (printf "%s" .Values.settings.region )) .Values.controller.image.repository  (default (printf "v%s" .Chart.AppVersion) .Values.controller.image.tag) .Values.controller.image.digest }}
+{{- else }}
+{{- printf "%s%s:%s" (get $regionMap (printf "%s" .Values.settings.region )) .Values.controller.image.repository  (default (printf "v%s" .Chart.AppVersion) .Values.controller.image.tag) }}
+{{- end }}
+{{- end }}
+
+
+{{/* Get PodDisruptionBudget API Version */}}
+{{- define "karpenter.pdb.apiVersion" -}}
+{{- if and (.Capabilities.APIVersions.Has "policy/v1") (semverCompare ">= 1.21-0" .Capabilities.KubeVersion.Version) -}}
+{{- print "policy/v1" -}}
+{{- else -}}
+{{- print "policy/v1beta1" -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Patch the label selector on an object
+This template will add a labelSelector using matchLabels to the object referenced at _target if there is no labelSelector specified.
+The matchLabels are created with the selectorLabels template.
+This works because Helm treats dictionaries as mutable objects and allows passing them by reference.
+*/}}
+{{- define "karpenter.patchLabelSelector" -}}
+{{- if not (hasKey ._target "labelSelector") }}
+{{- $selectorLabels := (include "karpenter.selectorLabels" .) | fromYaml }}
+{{- $_ := set ._target "labelSelector" (dict "matchLabels" $selectorLabels) }}
+{{- end }}
+{{- end }}
+
+{{/*
+Patch pod affinity
+This template uses the patchLabelSelector template to add a labelSelector to pod affinity objects if there is no labelSelector specified.
+This works because Helm treats dictionaries as mutable objects and allows passing them by reference.
+*/}}
+{{- define "karpenter.patchPodAffinity" -}}
+{{- if (hasKey ._podAffinity "requiredDuringSchedulingIgnoredDuringExecution") }}
+{{- range $term := ._podAffinity.requiredDuringSchedulingIgnoredDuringExecution }}
+{{- include "karpenter.patchLabelSelector" (merge (dict "_target" $term) $) }}
+{{- end }}
+{{- end }}
+{{- if (hasKey ._podAffinity "preferredDuringSchedulingIgnoredDuringExecution") }}
+{{- range $weightedTerm := ._podAffinity.preferredDuringSchedulingIgnoredDuringExecution }}
+{{- include "karpenter.patchLabelSelector" (merge (dict "_target" $weightedTerm.podAffinityTerm) $) }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Patch affinity
+This template uses patchPodAffinity template to add a labelSelector to podAffinity & podAntiAffinity if one isn't specified.
+This works because Helm treats dictionaries as mutable objects and allows passing them by reference.
+*/}}
+{{- define "karpenter.patchAffinity" -}}
+{{- if (hasKey .Values.affinity "podAffinity") }}
+{{- include "karpenter.patchPodAffinity" (merge (dict "_podAffinity" .Values.affinity.podAffinity) .) }}
+{{- end }}
+{{- if (hasKey .Values.affinity "podAntiAffinity") }}
+{{- include "karpenter.patchPodAffinity" (merge (dict "_podAffinity" .Values.affinity.podAntiAffinity) .) }}
+{{- end }}
+{{- end }}
+
+{{/*
+Patch topology spread constraints
+This template uses the patchLabelSelector template to add a labelSelector to topologySpreadConstraints if one isn't specified.
+This works because Helm treats dictionaries as mutable objects and allows passing them by reference.
+*/}}
+{{- define "karpenter.patchTopologySpreadConstraints" -}}
+{{- range $constraint := .Values.topologySpreadConstraints }}
+{{- include "karpenter.patchLabelSelector" (merge (dict "_target" $constraint) $) }}
+{{- end }}
+{{- end }}
+
+{{/*
+Flatten the stdout logging outputs from args provided
+*/}}
+{{- define "karpenter.outputPathsList" -}}
+{{ $paths := list -}}
+{{- range .Values.logOutputPaths -}}
+    {{- if not (has (printf "%s" . | quote) $paths) -}}
+        {{- $paths = printf "%s" . | quote  | append $paths -}}
+    {{- end -}}
+{{- end -}}
+{{ $paths | join ", " }}
+{{- end -}}
+
+{{/*
+Flatten the stderr logging outputs from args provided
+*/}}
+{{- define "karpenter.errorOutputPathsList" -}}
+{{ $paths := list -}}
+{{- range .Values.logErrorOutputPaths -}}
+    {{- if not (has (printf "%s" . | quote) $paths) -}}
+        {{- $paths = printf "%s" . | quote  | append $paths -}}
+    {{- end -}}
+{{- end -}}
+{{ $paths | join ", " }}
+{{- end -}}

incubator/karpenter/release-0.1.4/templates/aggregate-clusterrole.yaml

@@ -0,0 +1,18 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ include "karpenter.fullname" . }}-admin
+  labels:
+    rbac.authorization.k8s.io/aggregate-to-admin: "true"
+    {{- include "karpenter.labels" . | nindent 4 }}
+  {{- with .Values.additionalAnnotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+rules:
+  - apiGroups: ["karpenter.sh"]
+    resources: ["nodepools", "nodepools/status", "nodeclaims", "nodeclaims/status"]
+    verbs: ["get", "list", "watch", "create", "delete", "patch"]
+  - apiGroups: ["karpenter.k8s.tke"]
+    resources: ["tkemachinenodeclasses"]
+    verbs: ["get", "list", "watch", "create", "delete", "patch"]

incubator/karpenter/release-0.1.4/templates/clusterrole-core.yaml

@@ -0,0 +1,74 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ include "karpenter.fullname" . }}-core
+  labels:
+    {{- include "karpenter.labels" . | nindent 4 }}
+  {{- with .Values.additionalAnnotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ include "karpenter.fullname" . }}-core
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "karpenter.serviceAccountName" . }}
+    namespace: {{ .Release.Namespace }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ include "karpenter.fullname" . }}-core
+  labels:
+    {{- include "karpenter.labels" . | nindent 4 }}
+  {{- with .Values.additionalAnnotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+rules:
+  # Read
+  - apiGroups: ["karpenter.sh"]
+    resources: ["nodepools", "nodepools/status", "nodeclaims", "nodeclaims/status"]
+    verbs: ["get", "list", "watch"]
+  - apiGroups: [""]
+    resources: ["pods", "nodes", "persistentvolumes", "persistentvolumeclaims", "replicationcontrollers", "namespaces"]
+    verbs: ["get", "list", "watch"]
+  - apiGroups: ["storage.k8s.io"]
+    resources: ["storageclasses", "csinodes", "volumeattachments"]
+    verbs: ["get", "watch", "list"]
+  - apiGroups: ["apps"]
+    resources: ["daemonsets", "deployments", "replicasets", "statefulsets"]
+    verbs: ["list", "watch"]
+  - apiGroups: ["apiextensions.k8s.io"]
+    resources: ["customresourcedefinitions"]
+    verbs: ["get"]
+  - apiGroups: ["policy"]
+    resources: ["poddisruptionbudgets"]
+    verbs: ["get", "list", "watch"]
+  # Write
+  - apiGroups: ["karpenter.sh"]
+    resources: ["nodeclaims", "nodeclaims/status"]
+    verbs: ["create", "delete", "update", "patch"]
+  - apiGroups: ["karpenter.sh"]
+    resources: ["nodepools", "nodepools/status"]
+    verbs: ["update", "patch"]
+  - apiGroups: [""]
+    resources: ["events"]
+    verbs: ["create", "patch"]
+  - apiGroups: [""]
+    resources: ["nodes"]
+    verbs: ["patch", "delete", "update"]
+  - apiGroups: [""]
+    resources: ["pods/eviction"]
+    verbs: ["create"]
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs: ["delete"]
+  - apiGroups: ["apiextensions.k8s.io"]
+    resources: ["customresourcedefinitions"]
+    verbs: ["patch"]
+  {{- with .Values.additionalClusterRoleRules -}}
+  {{ toYaml . | nindent 2 }}
+  {{- end -}}

incubator/karpenter/release-0.1.4/templates/clusterrole.yaml

@@ -0,0 +1,44 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ include "karpenter.fullname" . }}
+  labels:
+    {{- include "karpenter.labels" . | nindent 4 }}
+  {{- with .Values.additionalAnnotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ include "karpenter.fullname" . }}
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "karpenter.serviceAccountName" . }}
+    namespace: {{ .Release.Namespace }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ include "karpenter.fullname" . }}
+  labels:
+    {{- include "karpenter.labels" . | nindent 4 }}
+  {{- with .Values.additionalAnnotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+rules:
+  # Read
+  - apiGroups: ["karpenter.k8s.tke"]
+    resources: ["tkemachinenodeclasses"]
+    verbs: ["get", "list", "watch"]
+  - apiGroups: ["node.tke.cloud.tencent.com"]
+    resources: ["machines"]
+    verbs: ["get", "list", "watch"]
+  # Write
+  - apiGroups: ["karpenter.k8s.tke"]
+    resources: ["tkemachinenodeclasses", "tkemachinenodeclasses/status"]
+    verbs: ["patch", "update"]
+  - apiGroups: ["node.tke.cloud.tencent.com"]
+    resources: ["machines"]
+    verbs: ["create", "update", "patch", "delete"]