Skip to content

Commit

Permalink
chart: add config key to disable resource creation
Browse files Browse the repository at this point in the history
Signed-off-by: Viet Nguyen Duc <[email protected]>
  • Loading branch information
VietND96 committed Sep 22, 2024
1 parent a3b4b62 commit 12868dd
Show file tree
Hide file tree
Showing 18 changed files with 103 additions and 37 deletions.
9 changes: 7 additions & 2 deletions Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -913,7 +913,7 @@ chart_test_autoscaling_disabled:
chart_test_autoscaling_deployment_https:
PLATFORMS=$(PLATFORMS) CHART_FULL_DISTRIBUTED_MODE=true CHART_ENABLE_BASIC_AUTH=true \
SECURE_INGRESS_ONLY_DEFAULT=true INGRESS_DISABLE_USE_HTTP2=true SELENIUM_GRID_PROTOCOL=https CHART_ENABLE_INGRESS_HOSTNAME=true SELENIUM_GRID_PORT=443 \
SELENIUM_GRID_AUTOSCALING_MIN_REPLICA=1 MAX_SESSIONS_FIREFOX=3 MAX_SESSIONS_EDGE=2 MAX_SESSIONS_CHROME=1 \
SELENIUM_GRID_AUTOSCALING_MIN_REPLICA=1 MAX_SESSIONS_FIREFOX=3 MAX_SESSIONS_EDGE=2 MAX_SESSIONS_CHROME=1 TEST_NAME_OVERRIDE=true \
VERSION=$(TAG_VERSION) VIDEO_TAG=$(FFMPEG_TAG_VERSION)-$(BUILD_DATE) KEDA_BASED_NAME=$(KEDA_BASED_NAME) KEDA_BASED_TAG=$(KEDA_BASED_TAG) NAMESPACE=$(NAMESPACE) BINDING_VERSION=$(BINDING_VERSION) \
TEMPLATE_OUTPUT_FILENAME="k8s_fullDistributed_basicAuth_secureIngress_defaultCerts_ingressHostName_disableHttp2_autoScaling_scaledObject_subPath.yaml" \
./tests/charts/make/chart_test.sh DeploymentAutoscaling
Expand All @@ -929,7 +929,7 @@ chart_test_autoscaling_deployment:
chart_test_autoscaling_job_https:
PLATFORMS=$(PLATFORMS) TEST_EXISTING_KEDA=true RELEASE_NAME=selenium CHART_ENABLE_BASIC_AUTH=true \
SECURE_CONNECTION_SERVER=true SELENIUM_GRID_PROTOCOL=https SELENIUM_GRID_PORT=443 SUB_PATH=/ \
MAX_SESSIONS_FIREFOX=1 MAX_SESSIONS_EDGE=2 MAX_SESSIONS_CHROME=3 \
MAX_SESSIONS_FIREFOX=1 MAX_SESSIONS_EDGE=2 MAX_SESSIONS_CHROME=3 TEST_NAME_OVERRIDE=true \
VERSION=$(TAG_VERSION) VIDEO_TAG=$(FFMPEG_TAG_VERSION)-$(BUILD_DATE) KEDA_BASED_NAME=$(KEDA_BASED_NAME) KEDA_BASED_TAG=$(KEDA_BASED_TAG) NAMESPACE=$(NAMESPACE) BINDING_VERSION=$(BINDING_VERSION) EXTERNAL_UPLOADER_CONFIG=true \
TEMPLATE_OUTPUT_FILENAME="k8s_prefixSelenium_basicAuth_secureServer_autoScaling_scaledJob_existingKEDA.yaml" \
./tests/charts/make/chart_test.sh JobAutoscaling
Expand All @@ -955,6 +955,11 @@ chart_test_language_bindings:
VERSION=$(TAG_VERSION) VIDEO_TAG=$(FFMPEG_TAG_VERSION)-$(BUILD_DATE) KEDA_BASED_NAME=$(KEDA_BASED_NAME) KEDA_BASED_TAG=$(KEDA_BASED_TAG) NAMESPACE=$(NAMESPACE) BINDING_VERSION=$(BINDING_VERSION) \
./tests/charts/make/chart_test.sh DeploymentAutoscaling

chart_test_delete:
helm del test -n selenium || true
helm del selenium -n selenium || true
helm del keda -n keda || true

.PHONY: \
all \
base \
Expand Down
21 changes: 14 additions & 7 deletions charts/selenium-grid/CONFIGURATION.md
Original file line number Diff line number Diff line change
Expand Up @@ -47,6 +47,7 @@ A Helm chart for creating a Selenium Grid Server in Kubernetes
| global.seleniumGrid.affinity | object | `{}` | Specify affinity for all components, can be overridden individually |
| global.seleniumGrid.topologySpreadConstraints | list | `[]` | Specify topologySpreadConstraints for all components, can be overridden individually |
| global.seleniumGrid.nodeMaxSessions | int | `1` | Specify number of max sessions per node. Can be overridden by individual component (this is also set to scaler trigger parameter `nodeMaxSessions` if `autoscaling` is enabled) |
| tls.create | bool | `true` | Create a Secret resource for TLS certificate and key. If using an external secret set to false and provide its name in `nameOverride` below |
| tls.nameOverride | string | `nil` | Name of external secret containing the TLS certificate and key |
| tls.enabled | bool | `false` | Enable or disable TLS for the server components (and ingress proxy) |
| tls.ingress.enabled | bool | `false` | Enable or disable TLS for the ingress proxy only |
Expand All @@ -67,18 +68,23 @@ A Helm chart for creating a Selenium Grid Server in Kubernetes
| tls.disableHostnameVerification | bool | `true` | Disable verification the hostname included in the server's TLS/SSL certificates matches the hostnames provided |
| registrationSecret.enabled | bool | `false` | Enable feature node registration secret to make sure that the node is one you control and not a rouge node |
| registrationSecret.value | string | `"HappyTesting"` | The secret value to be used for node registration |
| basicAuth.nameOverride | string | `""` | External secret containing the basic auth username and password for reference |
| basicAuth.create | bool | `true` | Create a secret resource for basic auth. If using an external secret, set to false and provide its name in `nameOverride` below |
| basicAuth.nameOverride | string | `nil` | External secret containing the basic auth username and password for reference |
| basicAuth.enabled | bool | `false` | Enable or disable basic auth for the Hub/Router |
| basicAuth.username | string | `"admin"` | Username for basic auth |
| basicAuth.password | string | `"admin"` | Password for basic auth |
| basicAuth.embeddedUrl | bool | `false` | Embed the basic auth "username:password@" in few URLs e.g. SE_NODE_GRID_URL |
| basicAuth.annotations | object | `{}` | Annotations for basic auth secret resource |
| isolateComponents | bool | `false` | Deploy Router, Distributor, EventBus, SessionMap and Nodes separately |
| serviceAccount.create | bool | `true` | Create a service account for all components |
| serviceAccount.create | bool | `true` | Create a service account for all components. If using an external service account, set to false and provide its name in `nameOverride` below |
| serviceAccount.nameOverride | string | `nil` | Override to use an external service account |
| serviceAccount.annotations | object | `{}` | Annotations for the service account |
| rbacRole | object | `{"annotations":{},"nameOverride":null,"rules":[{"apiGroups":["keda.sh"],"resources":["scaledjobs"],"verbs":["get","list","patch","update","delete"]},{"apiGroups":["keda.sh"],"resources":["scaledobjects"],"verbs":["get","list","patch","update","delete"]},{"apiGroups":["autoscaling"],"resources":["horizontalpodautoscalers"],"verbs":["get","list","patch","update","delete"]}]}` | RBAC settings for patching finalizers KEDA scaled resources |
| rbacRoleBinding | object | `{"annotations":{},"nameOverride":null,"roleRef":{"apiGroup":"rbac.authorization.k8s.io","kind":"Role"}}` | RBAC role binding settings for patching finalizers KEDA scaled resources |
| rbacRole | object | `{"annotations":{},"create":true,"nameOverride":null,"rules":[{"apiGroups":["keda.sh"],"resources":["scaledjobs"],"verbs":["get","list","patch","update","delete"]},{"apiGroups":["keda.sh"],"resources":["scaledobjects"],"verbs":["get","list","patch","update","delete"]},{"apiGroups":["autoscaling"],"resources":["horizontalpodautoscalers"],"verbs":["get","list","patch","update","delete"]}]}` | RBAC settings for patching finalizers KEDA scaled resources |
| rbacRole.create | bool | `true` | Enable to create RBAC role to access few KEDA resources. If using an external role, set to false and provide its name in `nameOverride` below |
| rbacRole.nameOverride | string | `nil` | Override resource name or provide an external role name |
| rbacRoleBinding | object | `{"annotations":{},"create":true,"nameOverride":null,"roleRef":{"apiGroup":"rbac.authorization.k8s.io","kind":"Role"},"subjects":[{"kind":"ServiceAccount"}]}` | RBAC role binding settings for patching finalizers KEDA scaled resources |
| rbacRoleBinding.create | bool | `true` | Enable to create RBAC role binding to a service account. If using an external role binding, set to false and provide its name in `nameOverride` below |
| rbacRoleBinding.nameOverride | string | `nil` | Override resource name or provide an external role binding name |
| ingress.enabled | bool | `true` | Enable to create ingress resource |
| ingress.enableWithController | bool | `false` | Enable ingress resource with automatically installing Ingress NGINX Controller |
| ingress.className | string | `""` | Name of ingress class to select which controller will implement ingress resource |
Expand Down Expand Up @@ -154,7 +160,7 @@ A Helm chart for creating a Selenium Grid Server in Kubernetes
| serverConfigMap.nameOverride | string | `nil` | Override the name of the server configMap |
| serverConfigMap.env | object | `{"SE_JAVA_OPTS":"-Djdk.httpclient.keepalive.timeout=300 -Djdk.httpclient.maxstreams=10000 -XX:+UseZGC","SE_SUPERVISORD_LOG_LEVEL":"info"}` | Extra common environment variables for Server (https://www.selenium.dev/documentation/grid/configuration/cli_options/#server) to server configMap |
| serverConfigMap.annotations | object | `{}` | Custom annotations for configmap |
| secrets.create | bool | `true` | Create the default secret for all components |
| secrets.create | bool | `true` | Create the default secret for all components. If using an external secret, set to false and provide its name in `nameOverride` below |
| secrets.nameOverride | string | `nil` | Override to use an external secret |
| secrets.env | object | `{"SE_VNC_PASSWORD":"secret"}` | Extra environment variables set to the secret |
| secrets.annotations | object | `{}` | Custom annotations for secret |
Expand Down Expand Up @@ -304,12 +310,13 @@ A Helm chart for creating a Selenium Grid Server in Kubernetes
| autoscaling.enabled | bool | `false` | Enable autoscaling. Implies installing KEDA |
| autoscaling.enableWithExistingKEDA | bool | `false` | Enable autoscaling without automatically installing KEDA |
| autoscaling.scalingType | string | `"job"` | Which type of KEDA scaling to use: job or deployment |
| autoscaling.authenticationRef | object | `{"name":""}` | Specify an external KEDA TriggerAuthentication resource is used for scaler triggers config. Apply for all browser nodes |
| autoscaling.authenticationRef | object | `{"annotations":{"helm.sh/hook":"post-install,post-upgrade,post-rollback","helm.sh/hook-weight":"-2"},"name":""}` | Specify an external KEDA TriggerAuthentication resource is used for scaler triggers config. Apply for all browser nodes |
| autoscaling.annotations | object | `{"helm.sh/hook":"post-install,post-upgrade,post-rollback","helm.sh/hook-weight":"1"}` | Annotations for KEDA resources: ScaledObject and ScaledJob |
| autoscaling.patchObjectFinalizers.nameOverride | string | `nil` | Override the name of the patch job |
| autoscaling.patchObjectFinalizers.enabled | bool | `true` | Enable patching finalizers for KEDA scaled resources. Workaround for Hook post-upgrade selenium-grid/templates/x-node-hpa.yaml failed: object is being deleted: scaledobjects.keda.sh "x" already exists |
| autoscaling.patchObjectFinalizers.activeDeadlineSeconds | int | `120` | Deadline (in seconds) for patch job to complete |
| autoscaling.patchObjectFinalizers.annotations | object | `{"helm.sh/hook":"post-install,post-upgrade,post-rollback,pre-delete","helm.sh/hook-delete-policy":"hook-succeeded,before-hook-creation","helm.sh/hook-weight":"-1"}` | Annotations for patch job |
| autoscaling.patchObjectFinalizers.serviceAccount | string | `""` | Define an external service account name contains permissions to patch KEDA scaled resources |
| autoscaling.patchObjectFinalizers.imagePullSecret | string | `""` | Custom pull secret for container in patch job |
| autoscaling.patchObjectFinalizers.resources | object | `{"limits":{"cpu":"50m","memory":"50Mi"},"requests":{"cpu":"10m","memory":"10Mi"}}` | Define resources for container in patch job |
| autoscaling.scaledOptions | object | `{"maxReplicaCount":8,"minReplicaCount":0,"pollingInterval":10}` | Options for KEDA scaled resources (keep only common options used for both ScaledJob and ScaledObject) |
Expand Down Expand Up @@ -498,7 +505,7 @@ A Helm chart for creating a Selenium Grid Server in Kubernetes
| videoRecorder.lifecycle | object | `{}` | Define lifecycle events for video recorder |
| videoRecorder.extraVolumeMounts | list | `[]` | Custom video recorder back-end scripts (video.sh, video_ready.py, etc.) further by ConfigMap. NOTE: For the mount point with the name "video", or "video-scripts", it will override the default. For other names, it will be appended. |
| videoRecorder.extraVolumes | list | `[]` | Extra volumes for video recorder pod |
| videoRecorder.s3 | object | `{"args":[],"command":[],"extraEnvironmentVariables":null,"imageName":"bitnami/aws-cli","imagePullPolicy":"IfNotPresent","imageRegistry":"public.ecr.aws","imageTag":"latest","securityContext":{"runAsUser":0}}` | Container spec for the uploader if above it is defined as "uploader.name: s3" |
| videoRecorder.s3 | object | `{"args":[],"command":[],"extraEnvironmentVariables":null,"imageName":"aws-cli","imagePullPolicy":"IfNotPresent","imageRegistry":"bitnami","imageTag":"latest","securityContext":{"runAsUser":0}}` | Container spec for the uploader if above it is defined as "uploader.name: s3" |
| customLabels | object | `{}` | Custom labels for k8s resources |
| keda.image | object | `{"keda":{"registry":"selenium","repository":"keda","tag":"2.15.1-selenium-grid-20240907"},"metricsApiServer":{"registry":"selenium","repository":"keda-metrics-apiserver","tag":"2.15.1-selenium-grid-20240907"},"webhooks":{"registry":"selenium","repository":"keda-admission-webhooks","tag":"2.15.1-selenium-grid-20240907"}}` | Specify image for KEDA components |
| keda.additionalAnnotations | string | `nil` | Annotations for KEDA resources |
Expand Down
5 changes: 4 additions & 1 deletion charts/selenium-grid/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -672,7 +672,7 @@ There are multiple ways to insert your certificate, private key, truststore to t
--from-file=server.pass=/path/to/your/server.pass
# Deploy chart with your external TLS Secret
helm upgrade -i $RELEASENAME -n $NAMESPACE docker-selenium/selenium-grid \
--set tls.enabled=true --set tls.nameOverride=my-external-tls-secret
--set tls.enabled=true --set tls.create=false --set tls.nameOverride=my-external-tls-secret
```

In case your external secret contains key file names are different with default, you can instruct server to use them via following values:
Expand Down Expand Up @@ -717,6 +717,7 @@ helm upgrade -i $RELEASENAME -n $NAMESPACE docker-selenium/selenium-grid \
--set isolateComponents=true \
--set components.router.serviceType=NodePort \
--set tls.enabled=true \
--set tls.create=false \
--set tls.nameOverride=my-external-tls-secret
```

Expand Down Expand Up @@ -770,6 +771,7 @@ helm upgrade -i $RELEASENAME -n $NAMESPACE docker-selenium/selenium-grid \
--set ingress.enabled=true \
--set ingress.hostname="selenium-grid.prod.domain.com" \
--set tls.ingress.enabled=true \
--set tls.create=false \
--set tls.nameOverride=my-external-tls-secret
```

Expand All @@ -795,6 +797,7 @@ For example (replace `$RELEASENAME` and `$NAMESPACE` with your values):
helm upgrade -i $RELEASENAME -n $NAMESPACE docker-selenium/selenium-grid \
--set global.K8S_PUBLIC_IP=$(hostname -i) \
--set tls.ingress.enableWithController=true \
--set tls.create=false \
--set tls.nameOverride=my-external-tls-secret \
--set ingress-nginx.controller.extraArgs.default-ssl-certificate=$NAMESPACE/my-external-tls-secret
```
Expand Down
2 changes: 1 addition & 1 deletion charts/selenium-grid/templates/basic-auth-secret.yaml
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
{{- if (not $.Values.basicAuth.nameOverride) }}
{{- if $.Values.basicAuth.create }}
apiVersion: v1
kind: Secret
metadata:
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -25,10 +25,10 @@ spec:
name: {{ template "seleniumGrid.keda.patchObjectsJob.fullname" $ }}
spec:
activeDeadlineSeconds: {{ $.Values.autoscaling.patchObjectFinalizers.activeDeadlineSeconds }}
serviceAccountName: {{ template "seleniumGrid.serviceAccount.fullname" $ }}
serviceAccount: {{ template "seleniumGrid.serviceAccount.fullname" $ }}
serviceAccountName: {{ default (include "seleniumGrid.serviceAccount.fullname" $) $.Values.autoscaling.patchObjectFinalizers.serviceAccount }}
serviceAccount: {{ default (include "seleniumGrid.serviceAccount.fullname" $) $.Values.autoscaling.patchObjectFinalizers.serviceAccount }}
containers:
- name: {{ template "seleniumGrid.keda.patchObjectsJob.fullname" $ }}
- name: kubectl
image: {{ $.Values.global.seleniumGrid.kubectlImage }}
command: ["/bin/sh", "-c"]
args:
Expand Down
2 changes: 1 addition & 1 deletion charts/selenium-grid/templates/patch-keda/rbac-role.yaml
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
{{- if and (eq (include "seleniumGrid.useKEDA" $) "true") $.Values.autoscaling.patchObjectFinalizers.enabled }}
{{- if and (eq (include "seleniumGrid.useKEDA" $) "true") $.Values.autoscaling.patchObjectFinalizers.enabled (not $.Values.autoscaling.patchObjectFinalizers.serviceAccount) }}
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
Expand Down
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
{{- if and (eq (include "seleniumGrid.useKEDA" $) "true") $.Values.autoscaling.patchObjectFinalizers.enabled }}
{{- if and (eq (include "seleniumGrid.useKEDA" $) "true") $.Values.autoscaling.patchObjectFinalizers.enabled (not $.Values.autoscaling.patchObjectFinalizers.serviceAccount) }}
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
Expand All @@ -9,17 +9,18 @@ metadata:
{{- toYaml . | nindent 4 }}
{{- end }}
labels:
deploymentName: {{ template "seleniumGrid.rbac.roleBinding.fullname" $ }}
app: {{ template "seleniumGrid.rbac.roleBinding.fullname" $ }}
app.kubernetes.io/name: {{ template "seleniumGrid.rbac.roleBinding.fullname" $ }}
{{- include "seleniumGrid.commonLabels" $ | nindent 4 }}
{{- with $.Values.customLabels }}
{{- toYaml . | nindent 4 }}
{{- end }}
subjects:
- kind: ServiceAccount
name: {{ template "seleniumGrid.serviceAccount.fullname" $ }}
name: {{ default (include "seleniumGrid.serviceAccount.fullname" $) $.Values.autoscaling.patchObjectFinalizers.serviceAccount }}
{{ with $.Values.rbacRoleBinding.roleRef }}
{{- $roleRef := merge (dict "name" (include "seleniumGrid.rbac.role.fullname" $)) . -}}
roleRef:
{{ $roleRef | toYaml | nindent 2 }}
{{- $roleRef | toYaml | nindent 2 }}
{{- end }}
{{- end }}
2 changes: 1 addition & 1 deletion charts/selenium-grid/templates/serviceaccount.yaml
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
{{- if .Values.serviceAccount.create }}
{{- if $.Values.serviceAccount.create }}
apiVersion: v1
kind: ServiceAccount
metadata:
Expand Down
2 changes: 1 addition & 1 deletion charts/selenium-grid/templates/tls-cert-secret.yaml
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
{{- if and (not $.Values.tls.nameOverride) (or (eq (include "seleniumGrid.ingress.secureConnection" $) "true") (eq (include "seleniumGrid.server.secureConnection" $) "true")) }}
{{- if and $.Values.tls.create (or (eq (include "seleniumGrid.ingress.secureConnection" $) "true") (eq (include "seleniumGrid.server.secureConnection" $) "true")) }}
apiVersion: v1
kind: Secret
metadata:
Expand Down
2 changes: 1 addition & 1 deletion charts/selenium-grid/templates/trigger-auth.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ metadata:
name: {{ template "seleniumGrid.autoscaling.authenticationRef.fullname" $ }}
namespace: {{ .Release.Namespace }}
annotations:
{{- with $.Values.autoscaling.annotations }}
{{- with $.Values.autoscaling.authenticationRef.annotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
labels:
Expand Down
Loading

0 comments on commit 12868dd

Please sign in to comment.