Skip to content

Commit

Permalink
Enable webhooks by default in chart (#421)
Browse files Browse the repository at this point in the history
Signed-off-by: Tamal Saha <[email protected]>
  • Loading branch information
tamalsaha authored Sep 30, 2018
1 parent e3af800 commit bd1fc60
Show file tree
Hide file tree
Showing 196 changed files with 5,238 additions and 1,453 deletions.
56 changes: 28 additions & 28 deletions chart/searchlight/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -42,34 +42,34 @@ The command removes all the Kubernetes components associated with the chart and

The following table lists the configurable parameters of the Searchlight chart and their default values.

| Parameter | Description | Default |
| ----------------------------------- | ----------------------------------------------------------------- | ------------------ |
| `replicaCount` | Number of searchlight Operator replicas to create (only 1 is supported) | `1` |
| `operator.registry` | Docker registry used to pull Operator image | `appscode` |
| `operator.repository` | Operator container image | `searchlight` |
| `operator.tag` | Operator image tag | `7.0.0` |
| `icinga.registry` | Docker registry used to pull Icinga image | `appscode` |
| `icinga.repository` | Icinga container image | `icinga` |
| `icinga.tag` | icinga container image tag | `7.0.0-k8s` |
| `ido.registry` | Docker registry used to pull PostgreSQL image | `appscode` |
| `ido.repository` | PostgreSQL container image | `postgress` |
| `ido.tag` | ido container image tag | `9.5-alpine` |
| `imagePullSecrets` | Specify image pull secrets | `nil` (does not add image pull secrets to deployed pods) |
| `imagePullPolicy` | Image pull policy | `IfNotPresent` |
| `criticalAddon` | If true, installs Searchlight operator as critical addon | `false` |
| `affinity` | Affinity rules for pod assignment | `{}` |
| `nodeSelector` | Node labels for pod assignment | `{}` |
| `nodeSelector` | Node labels for pod assignment | `{}` |
| `tolerations` | Tolerations used pod assignment | `{}` |
| `rbac.create` | If `true`, create and use RBAC resources | `true` |
| `serviceAccount.create` | If `true`, create a new service account | `true` |
| `serviceAccount.name` | Service account to be used. If not set and `serviceAccount.create` is `true`, a name is generated using the fullname template | `` |
| `apiserver.groupPriorityMinimum` | The minimum priority the group should have. | 10000 |
| `apiserver.versionPriority` | The ordering of this API inside of the group. | 15 |
| `apiserver.enableValidatingWebhook` | Enable validating webhooks for Searchlight CRDs | false |
| `apiserver.ca` | CA certificate used by main Kubernetes api server | `` |
| `apiserver.enableStatusSubresource` | If true, uses status sub resource for Searchlight crds | `false` |
| `enableAnalytics` | Send usage events to Google Analytics | `true` |
| Parameter | Description | Default |
| ------------------------------------ | ----------------------------------------------------------------- | ------------------ |
| `replicaCount` | Number of searchlight Operator replicas to create (only 1 is supported) | `1` |
| `operator.registry` | Docker registry used to pull Operator image | `appscode` |
| `operator.repository` | Operator container image | `searchlight` |
| `operator.tag` | Operator image tag | `7.0.0` |
| `icinga.registry` | Docker registry used to pull Icinga image | `appscode` |
| `icinga.repository` | Icinga container image | `icinga` |
| `icinga.tag` | icinga container image tag | `7.0.0-k8s` |
| `ido.registry` | Docker registry used to pull PostgreSQL image | `appscode` |
| `ido.repository` | PostgreSQL container image | `postgress` |
| `ido.tag` | ido container image tag | `9.5-alpine` |
| `imagePullSecrets` | Specify image pull secrets | `nil` (does not add image pull secrets to deployed pods) |
| `imagePullPolicy` | Image pull policy | `IfNotPresent` |
| `criticalAddon` | If true, installs Searchlight operator as critical addon | `false` |
| `affinity` | Affinity rules for pod assignment | `{}` |
| `nodeSelector` | Node labels for pod assignment | `{}` |
| `nodeSelector` | Node labels for pod assignment | `{}` |
| `tolerations` | Tolerations used pod assignment | `{}` |
| `rbac.create` | If `true`, create and use RBAC resources | `true` |
| `serviceAccount.create` | If `true`, create a new service account | `true` |
| `serviceAccount.name` | Service account to be used. If not set and `serviceAccount.create` is `true`, a name is generated using the fullname template | `` |
| `apiserver.groupPriorityMinimum` | The minimum priority the group should have. | 10000 |
| `apiserver.versionPriority` | The ordering of this API inside of the group. | 15 |
| `apiserver.enableValidatingWebhook` | Enable validating webhooks for Searchlight CRDs | false |
| `apiserver.ca` | CA certificate used by main Kubernetes api server | `` |
| `apiserver.disableStatusSubresource` | If true, uses status sub resource for Searchlight crds | `false` |
| `enableAnalytics` | Send usage events to Google Analytics | `true` |

Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example:

Expand Down
28 changes: 16 additions & 12 deletions chart/searchlight/templates/cluster-role.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -13,40 +13,44 @@ rules:
- apiextensions.k8s.io
resources:
- customresourcedefinitions
verbs:
- "*"
verbs: ["*"]
- apiGroups:
- admissionregistration.k8s.io
resources:
- mutatingwebhookconfigurations
- validatingwebhookconfigurations
verbs:
- delete
verbs: ["delete", "list", "watch", "patch"]
- apiGroups:
- monitoring.appscode.com
resources: ["*"]
resources:
- "*"
verbs: ["*"]
- apiGroups: ["storage.k8s.io"]
resources: ["*"]
- apiGroups:
- storage.k8s.io
resources:
- "*"
verbs: ["get"]
- apiGroups: [""]
- apiGroups:
- ""
resources:
- secrets
- componentstatuses
- persistentvolumes
- persistentvolumeclaims
verbs: ["get", "list"]
- apiGroups: [""]
- apiGroups:
- ""
resources:
- pods
- nodes
- namespaces
verbs: ["get", "list", "patch", "watch"]
- apiGroups: [""]
- apiGroups:
- ""
resources:
- pods/exec
verbs: ["create"]
- apiGroups: [""]
- apiGroups:
- ""
resources:
- events
verbs: ["create", "list"]
Expand Down
7 changes: 6 additions & 1 deletion chart/searchlight/templates/deployment.yaml
Original file line number Diff line number Diff line change
@@ -1,3 +1,6 @@
# GKE returns Major:"1", Minor:"10+"
{{- $major := default "0" .Capabilities.KubeVersion.Major | trimSuffix "+" | int64 }}
{{- $minor := default "0" .Capabilities.KubeVersion.Minor | trimSuffix "+" | int64 }}
apiVersion: apps/v1
kind: Deployment
metadata:
Expand Down Expand Up @@ -46,7 +49,9 @@ spec:
- --audit-log-path=-
- --tls-cert-file=/var/serving-cert/tls.crt
- --tls-private-key-file=/var/serving-cert/tls.key
- --enable-status-subresource={{ .Values.apiserver.enableStatusSubresource }}
{{- if and (not .Values.apiserver.disableStatusSubresource) (ge $major 1) (ge $minor 11) }}
- --enable-status-subresource=true
{{- end }}
- --enable-analytics={{ .Values.enableAnalytics }}
ports:
- containerPort: 8443
Expand Down
42 changes: 6 additions & 36 deletions chart/searchlight/templates/user-roles.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -16,22 +16,12 @@ rules:
- nodealerts
- podalerts
- incidents
verbs:
- create
- delete
- deletecollection
- get
- list
- patch
- update
- watch
verbs: ["*"]
- apiGroups:
- incidents.monitoring.appscode.com
resources:
- acknowledgements
verbs:
- create
- delete
verbs: ["create", "delete"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
Expand All @@ -49,34 +39,17 @@ rules:
- clusteralerts
- nodealerts
- podalerts
verbs:
- create
- delete
- deletecollection
- get
- list
- patch
- update
- watch
verbs: ["*"]
- apiGroups:
- monitoring.appscode.com
resources:
- incidents
verbs:
- delete
- deletecollection
- get
- list
- patch
- update
- watch
verbs: ["delete", "deletecollection", "get", "list", "patch", "update", "watch"]
- apiGroups:
- incidents.monitoring.appscode.com
resources:
- acknowledgements
verbs:
- create
- delete
verbs: ["create", "delete"]
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
Expand All @@ -95,8 +68,5 @@ rules:
- nodealerts
- podalerts
- incidents
verbs:
- get
- list
- watch
verbs: ["get", "list", "watch"]
{{ end }}
11 changes: 6 additions & 5 deletions chart/searchlight/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -116,12 +116,13 @@ apiserver:
# https://github.com/kubernetes/kube-aggregator/blob/release-1.9/pkg/apis/apiregistration/v1beta1/types.go#L66-L70
# for more information on proper values of this field
versionPriority: 15
# enableValidatingWebhook is used to configure apiserver as ValidationWebhook for Voyager CRDs
enableValidatingWebhook: false
# enableValidatingWebhook is used to configure apiserver as ValidationWebhook for Searchlight CRDs
enableValidatingWebhook: true
# CA certificate used by main Kubernetes api server
ca:
# If true, uses status sub resource for Voyager crds.
enableStatusSubresource: false
ca: not-ca-cert
# If true, disables status sub resource for crds.
# Otherwise, enables status sub resource for Kubernetes version >= 1.11 and disables for other versions.
disableStatusSubresource: false

# Send usage events to Google Analytics
enableAnalytics: true
36 changes: 20 additions & 16 deletions glide.lock

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Loading

0 comments on commit bd1fc60

Please sign in to comment.