diff --git a/charts/tfy-agent/.helmignore b/charts/tfy-agent/.helmignore new file mode 100644 index 000000000..0e8a0eb36 --- /dev/null +++ b/charts/tfy-agent/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/charts/tfy-agent/Chart.yaml b/charts/tfy-agent/Chart.yaml index 4d9e95943..133124a63 100644 --- a/charts/tfy-agent/Chart.yaml +++ b/charts/tfy-agent/Chart.yaml @@ -1,6 +1,24 @@ apiVersion: v2 name: tfy-agent +description: Truefoundry workload agent for k8s clusters + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) version: 0.1.1 -description: "Truefoundry agent for kubernetes clusters" -maintainers: - - name: truefoundry + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "1.16.0" diff --git a/charts/tfy-agent/templates/NOTES.txt b/charts/tfy-agent/templates/NOTES.txt new file mode 100644 index 000000000..0f88a601b --- /dev/null +++ b/charts/tfy-agent/templates/NOTES.txt @@ -0,0 +1,28 @@ + ______________________________________ +( Hello, kubernetes. I will connect to ) +( your control plane. Thanks for ) +( installing !!! ) + -------------------------------------- + o , , + o /( )` + o \ \___ / | + /- _ `-/ ' + (/\/ \ \ /\ + / / | ` \ + O O ) / | + `-^--'`< ' + (_.) _ ) / + `.___/` / + `-----' / +<----. __ / __ \ +<----|====O)))==) \) /==== +<----' `--' `.__,' \ + | | + \ / + ______( (_ / \______ + ,' ,-----' | \ + `--{__________) \/ +export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "tfy-agent.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") +export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}") +echo "Visit http://127.0.0.1:8080 to use your application" +kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT diff --git a/charts/tfy-agent/templates/_helpers.tpl b/charts/tfy-agent/templates/_helpers.tpl index b8904d8e0..6eba4d0b6 100644 --- a/charts/tfy-agent/templates/_helpers.tpl +++ b/charts/tfy-agent/templates/_helpers.tpl @@ -1,16 +1,16 @@ {{/* Expand the name of the chart. */}} -{{- define "app.name" -}} +{{- define "tfy-agent.name" -}} {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} {{- end }} {{/* - Create a default fully qualified app name. - We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). - If release name contains chart name it will be used as a full name. - */}} -{{- define "app.fullname" -}} +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "tfy-agent.fullname" -}} {{- if .Values.fullnameOverride }} {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} {{- else }} @@ -24,106 +24,75 @@ Expand the name of the chart. {{- end }} {{/* -Define full name for tfy-agent-proxy +Create a default fully qualified tfy-agent-proxy name */}} -{{- define "app.tfyAgentProxy.fullname" -}} -{{- include "app.fullname" . | trunc 57 | trimSuffix "-" }}-proxy +{{- define "tfy-agent-proxy.fullname" -}} +{{- include "tfy-agent.fullname" . | trunc 57 | trimSuffix "-" }}-proxy {{- end }} {{/* - Create chart name and version as used by the chart label. - */}} -{{- define "app.chart" -}} +Create chart name and version as used by the chart label. +*/}} +{{- define "tfy-agent.chart" -}} {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} {{- end }} {{/* - Common labels - */}} -{{- define "app.labels" -}} -helm.sh/chart: {{ include "app.chart" . }} -{{ include "app.selectorLabels" . }} -{{- if .Values.imageTag }} -app.kubernetes.io/version: {{ .Values.imageTag | quote }} +Common labels +*/}} +{{- define "tfy-agent.labels" -}} +helm.sh/chart: {{ include "tfy-agent.chart" . }} +{{ include "tfy-agent.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} {{- end }} app.kubernetes.io/managed-by: {{ .Release.Service }} {{- end }} {{/* - Selector labels - */}} -{{- define "app.selectorLabels" -}} -app.kubernetes.io/name: {{ include "app.name" . }} +Selector labels for tfyAgent +*/}} +{{- define "tfy-agent.selectorLabels" -}} +app.kubernetes.io/name: {{ include "tfy-agent.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} {{- end }} {{/* - Create the name of the service account to use - */}} -{{- define "app.serviceAccountName" -}} -{{- if .Values.serviceAccount.create }} -{{- default (include "app.fullname" .) .Values.serviceAccount.name }} -{{- else }} -{{- default "default" .Values.serviceAccount.name }} -{{- end }} +Common labels +*/}} +{{- define "tfy-agent-proxy.labels" -}} +helm.sh/chart: {{ include "tfy-agent.chart" . }} +{{ include "tfy-agent-proxy.selectorLabels" . }} +app.kubernetes.io/version: {{ .Values.tfyAgentProxy.imageTag | quote }} +app.kubernetes.io/managed-by: {{ .Release.Service }} {{- end }} {{/* - Parse env from template - */}} -{{- define "app.parseEnv" -}} -{{ tpl (.Values.env | toYaml) . }} +Selector labels for tfyAgentProxy +*/}} +{{- define "tfy-agent-proxy.selectorLabels" -}} +app.kubernetes.io/name: {{ include "tfy-agent-proxy.fullname" . }} +app.kubernetes.io/instance: {{ .Release.Name }} {{- end }} - {{/* - Create the env file - */}} -{{- define "app.env" }} -{{- range $key, $val := (include "app.parseEnv" .) | fromYaml }} -{{- if and $val (contains "${k8s-secret" ($val | toString)) }} -- name: {{ $key }} - valueFrom: - secretKeyRef: - name: {{ $.Values.envSecretName }} - key: {{ $val | trimPrefix "${k8s-secret/" | trimSuffix "}" }} +Create the name of the service account to use +*/}} +{{- define "tfy-agent.serviceAccountName" -}} +{{- if .Values.tfyAgent.serviceAccount.create }} +{{- default (include "tfy-agent.fullname" .) .Values.tfyAgent.serviceAccount.name }} {{- else }} -- name: {{ $key }} - value: {{ $val | quote }} -{{- end }} +{{- default "default" .Values.tfyAgent.serviceAccount.name }} {{- end }} {{- end }} {{/* - Parse env from template - */}} -{{- define "app.tfyAgentProxy.parseEnv" -}} -{{ tpl (.Values.tfyAgentProxy.env | toYaml) . }} -{{- end }} - -{{/* - Create the env file - */}} -{{- define "app.tfyAgentProxy.env" }} -{{- range $key, $val := (include "app.tfyAgentProxy.parseEnv" .) | fromYaml }} -{{- if and $val (contains "${k8s-secret" ($val | toString)) }} -- name: {{ $key }} - valueFrom: - secretKeyRef: - name: {{ $.Values.envSecretName }} - key: {{ $val | trimPrefix "${k8s-secret/" | trimSuffix "}" }} +Create the name of the secret which will contain cluster token +*/}} +{{- define "tfy-agent.secretName" -}} +{{- if .Values.config.clusterTokenSecret }} +{{- .Values.config.clusterTokenSecret }} {{- else }} -- name: {{ $key }} - value: {{ $val | quote }} +{{- include "tfy-agent.fullname" . | trunc 57 | trimSuffix "-" }}-token {{- end }} {{- end }} -{{- end }} - -# {{- define "app.imagePullSecrets" }} -# {{- if (tpl .Values.imagePullCredentials .) }} -# - name: {{ include "app.fullname" . }}-image-pull-secret -# {{- end }} -# {{- if (tpl .Values.imagePullSecretName .) }} -# - name: {{ tpl .Values.imagePullSecretName . }} -# {{- end }} -# {{- end }} diff --git a/charts/tfy-agent/templates/clusterrolebinding.yaml b/charts/tfy-agent/templates/clusterrolebinding.yaml index ba81d187f..4a974eac7 100644 --- a/charts/tfy-agent/templates/clusterrolebinding.yaml +++ b/charts/tfy-agent/templates/clusterrolebinding.yaml @@ -1,11 +1,11 @@ -{{- if .Values.rbac.enabled -}} +{{- if .Values.global.rbac.enabled -}} kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: - name: {{ include "app.fullname" . }}-admin-rbac + name: {{ include "tfy-agent.fullname" . }}-admin-rbac subjects: - kind: ServiceAccount - name: {{ include "app.serviceAccountName" . }} + name: {{ include "tfy-agent.serviceAccountName" . }} namespace: {{ .Release.Namespace }} roleRef: kind: ClusterRole diff --git a/charts/tfy-agent/templates/deployment-tfy-agent-proxy.yaml b/charts/tfy-agent/templates/deployment-tfy-agent-proxy.yaml deleted file mode 100644 index 229c9b719..000000000 --- a/charts/tfy-agent/templates/deployment-tfy-agent-proxy.yaml +++ /dev/null @@ -1,34 +0,0 @@ -{{- if .Values.tfyAgentProxy.enabled }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "app.tfyAgentProxy.fullname" . }} - labels: - app.kubernetes.io/version: {{ .Values.tfyAgentProxy.imageTag | quote }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - helm.sh/chart: {{ include "app.chart" . }} - app.kubernetes.io/name: tfy-agent-proxy -spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/name: {{ include "app.tfyAgentProxy.fullname" . }} - template: - metadata: - labels: - app.kubernetes.io/name: {{ include "app.tfyAgentProxy.fullname" . }} - spec: - serviceAccountName: {{ include "app.serviceAccountName" . }} - containers: - - name: tfy-agent-proxy - env: - - name: CLUSTER_TOKEN - value: {{ .Values.env.CLUSTER_TOKEN | quote }} - - name: CONTROL_PLANE_URL - value: {{ .Values.env.CONTROL_PLANE_URL | quote }} - {{- include "app.tfyAgentProxy.env" . | trim | nindent 12 }} - image: "{{ .Values.tfyAgentProxy.imageRepository }}:{{ .Values.tfyAgentProxy.imageTag }}" - imagePullPolicy: IfNotPresent - resources: - {{- toYaml .Values.tfyAgentProxy.resources | nindent 12 }} -{{- end }} diff --git a/charts/tfy-agent/templates/deployment.yaml b/charts/tfy-agent/templates/deployment.yaml deleted file mode 100644 index 4ee9cd45d..000000000 --- a/charts/tfy-agent/templates/deployment.yaml +++ /dev/null @@ -1,63 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "app.fullname" . }} - labels: - {{- include "app.labels" . | nindent 4 }} -spec: - replicas: 1 - selector: - matchLabels: - {{- include "app.selectorLabels" . | nindent 6 }} - template: - metadata: - {{- with .Values.podAnnotations }} - annotations: - {{- toYaml . | nindent 8 }} - {{- end }} - labels: - {{- include "app.selectorLabels" . | nindent 8 }} - spec: - {{- with .Values.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - serviceAccountName: {{ include "app.serviceAccountName" . }} - securityContext: - {{- toYaml .Values.podSecurityContext | nindent 8 }} - containers: - - name: {{ .Chart.Name }} - securityContext: - {{- toYaml .Values.securityContext | nindent 12 }} - env: - {{- include "app.env" . | trim | nindent 12 }} - image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} - ports: - - name: http - containerPort: {{ .Values.service.port }} - protocol: TCP - resources: - {{- toYaml .Values.resources | nindent 12 }} - {{- if .Values.healthcheck.enabled }} - livenessProbe: - httpGet: - path: {{ .Values.healthcheck.liveness.path }} - port: {{ .Values.healthcheck.liveness.port }} - readinessProbe: - httpGet: - path: {{ .Values.healthcheck.readiness.path }} - port: {{ .Values.healthcheck.liveness.port }} - {{- end }} - {{- with .Values.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} \ No newline at end of file diff --git a/charts/tfy-agent/templates/ingress.yaml b/charts/tfy-agent/templates/ingress.yaml deleted file mode 100644 index 1fe0c59d1..000000000 --- a/charts/tfy-agent/templates/ingress.yaml +++ /dev/null @@ -1,39 +0,0 @@ -{{- if .Values.ingress.enabled -}} -{{- $serviceName := include "app.fullname" . -}} -{{- $servicePort := .Values.service.port -}} -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: -{{- if .Values.ingress.annotations }} - annotations: - {{- range $key, $value := .Values.ingress.annotations }} - {{ $key }}: {{ $value | quote }} - {{- end }} -{{- end }} - name: {{ include "app.fullname" . }} - labels: - {{- include "app.labels" . | nindent 4 }} - {{- if .Values.ingress.labels }} - {{- toYaml .Values.ingress.labels | nindent 4 }} - {{- end }} -spec: - ingressClassName: {{ .Values.ingress.ingressClassName }} - rules: - {{- range $host := .Values.ingress.hosts }} - - host: {{ $host }} - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: {{ $serviceName }} - port: - number: {{ $servicePort }} - - {{- end -}} - {{- if .Values.ingress.tls }} - tls: - {{- toYaml .Values.ingress.tls | nindent 4 }} - {{- end -}} -{{- end -}} diff --git a/charts/tfy-agent/templates/secret.yaml b/charts/tfy-agent/templates/secret.yaml new file mode 100644 index 000000000..87a61b041 --- /dev/null +++ b/charts/tfy-agent/templates/secret.yaml @@ -0,0 +1,10 @@ +{{- if not .Values.config.clusterTokenSecret -}} +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "tfy-agent.secretName" . }} + labels: + {{- include "tfy-agent.labels" . | nindent 4 }} +stringData: + token: {{ .Values.config.clusterToken }} +{{- end }} \ No newline at end of file diff --git a/charts/tfy-agent/templates/service.yaml b/charts/tfy-agent/templates/service.yaml index a45d8822d..89e54ce28 100644 --- a/charts/tfy-agent/templates/service.yaml +++ b/charts/tfy-agent/templates/service.yaml @@ -1,15 +1,23 @@ +{{- if .Values.tfyAgent.enabled -}} apiVersion: v1 kind: Service metadata: - name: {{ include "app.fullname" . }} + name: {{ include "tfy-agent.fullname" . }} labels: - {{- include "app.labels" . | nindent 4 }} + {{- include "tfy-agent.labels" . | nindent 4 }} spec: - type: {{ .Values.service.type }} + type: {{ .Values.tfyAgent.service.type }} ports: - - port: {{ .Values.service.port }} - targetPort: {{ .Values.service.port }} + - port: {{ .Values.tfyAgent.service.port }} + {{- if eq .Values.tfyAgent.service.type "NodePort" }} + nodePort: {{ .Values.tfyAgent.service.nodePort }} + {{- end }} + targetPort: http protocol: TCP name: http selector: - {{- include "app.selectorLabels" . | nindent 4 }} \ No newline at end of file + {{- include "tfy-agent.selectorLabels" . | nindent 4 }} + {{- if .Values.tfyAgent.service.sessionAffinity }} + sessionAffinity: {{ .Values.tfyAgent.service.sessionAffinity }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/charts/tfy-agent/templates/serviceaccount.yaml b/charts/tfy-agent/templates/serviceaccount.yaml index 2519605b9..04bf0cb28 100644 --- a/charts/tfy-agent/templates/serviceaccount.yaml +++ b/charts/tfy-agent/templates/serviceaccount.yaml @@ -1,12 +1,12 @@ -{{- if .Values.serviceAccount.create -}} +{{- if .Values.tfyAgent.serviceAccount.create -}} apiVersion: v1 kind: ServiceAccount metadata: - name: {{ include "app.serviceAccountName" . }} + name: {{ include "tfy-agent.serviceAccountName" . }} labels: - {{- include "app.labels" . | nindent 4 }} -{{- with .Values.serviceAccount.annotations }} + {{- include "tfy-agent.labels" . | nindent 4 }} + {{- with .Values.tfyAgent.serviceAccount.annotations }} annotations: -{{ tpl (toYaml . | indent 4) $ }} -{{- end }} + {{- toYaml . | nindent 4 }} + {{- end }} {{- end }} diff --git a/charts/tfy-agent/templates/tfy-agent-proxy.yaml b/charts/tfy-agent/templates/tfy-agent-proxy.yaml new file mode 100644 index 000000000..3efb4ef98 --- /dev/null +++ b/charts/tfy-agent/templates/tfy-agent-proxy.yaml @@ -0,0 +1,59 @@ +{{- if .Values.tfyAgentProxy.enabled }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "tfy-agent-proxy.fullname" . }} + labels: + {{- include "tfy-agent-proxy.labels" . | nindent 4 }} +spec: + replicas: 1 + selector: + matchLabels: + {{- include "tfy-agent-proxy.selectorLabels" . | nindent 6 }} + template: + metadata: + {{- with .Values.tfyAgentProxy.annotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "tfy-agent-proxy.selectorLabels" . | nindent 8 }} + spec: + {{- with .Values.tfyAgentProxy.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "tfy-agent.serviceAccountName" . }} + containers: + - name: {{ .Chart.Name }}-proxy + securityContext: + {{- toYaml .Values.tfyAgentProxy.securityContext | nindent 12 }} + env: + - name: CONTROL_PLANE_URL + value: {{ .Values.config.controlPlaneURL | quote }} + - name: CLUSTER_TOKEN + valueFrom: + secretKeyRef: + key: token + name: {{ include "tfy-agent.secretName" .}} + {{- range $val := .Values.tfyAgentProxy.extraEnvVars }} + - name: {{ $val.name }} + value: {{ $val.value }} + {{- end }} + image: "{{ .Values.tfyAgentProxy.image.repository }}:{{ .Values.tfyAgentProxy.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.tfyAgentProxy.image.pullPolicy }} + resources: + {{- toYaml .Values.tfyAgentProxy.resources | nindent 12 }} + {{- with .Values.tfyAgentProxy.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tfyAgentProxy.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tfyAgentProxy.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} +{{- end }} diff --git a/charts/tfy-agent/templates/tfy-agent.yaml b/charts/tfy-agent/templates/tfy-agent.yaml new file mode 100644 index 000000000..0a0bcde3c --- /dev/null +++ b/charts/tfy-agent/templates/tfy-agent.yaml @@ -0,0 +1,85 @@ +{{- if .Values.tfyAgent.enabled -}} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "tfy-agent.fullname" . }} + labels: + {{- include "tfy-agent.labels" . | nindent 4 }} +spec: + replicas: 1 + selector: + matchLabels: + {{- include "tfy-agent.selectorLabels" . | nindent 6 }} + template: + metadata: + {{- with .Values.tfyAgent.annotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "tfy-agent.selectorLabels" . | nindent 8 }} + spec: + {{- with .Values.tfyAgent.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "tfy-agent.serviceAccountName" . }} + containers: + - name: {{ .Chart.Name }} + securityContext: + {{- toYaml .Values.tfyAgent.securityContext | nindent 12 }} + env: + - name: CONTROL_PLANE_URL + value: {{ .Values.config.controlPlaneURL | quote }} + - name: TENANT_NAME + value: {{ .Values.config.tenantName | quote }} + - name: CONTROL_PLANE_NATS_PORT + value: {{ .Values.config.natsPort | quote }} + - name: OPENCOST_ENDPOINT + value: {{ .Values.config.opencost.endpoint | quote }} + - name: OPENCOST_POLL_INTERVAL + value: {{ .Values.config.opencost.pollInterval | quote }} + - name: PROMETHEUS_POLL_INTERVAL + value: {{ .Values.config.prometheus.pollInterval | quote }} + - name: PROMETHEUS_ENDPOINT + value: {{ .Values.config.prometheus.endpoint | quote }} + - name: ALERT_URL + value: {{ .Values.config.alertURL | quote }} + - name: NODE_ENV + value: {{ .Values.config.nodeEnv | quote }} + - name: WORKLOAD_NAMESPACE + value: {{ .Release.Namespace | quote }} + - name: CLUSTER_TOKEN + valueFrom: + secretKeyRef: + key: token + name: {{ include "tfy-agent.secretName" .}} + {{- range $val := .Values.tfyAgent.extraEnvVars }} + - name: {{ $val.name }} + value: {{ $val.value }} + {{- end }} + image: "{{ .Values.tfyAgent.image.repository }}:{{ .Values.tfyAgent.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.tfyAgent.image.pullPolicy }} + ports: + - name: http + containerPort: {{ .Values.tfyAgent.service.port }} + protocol: TCP + livenessProbe: + {{- toYaml .Values.tfyAgent.livenessProbe | nindent 12 }} + readinessProbe: + {{- toYaml .Values.tfyAgent.readinessProbe | nindent 12 }} + resources: + {{- toYaml .Values.tfyAgent.resources | nindent 12 }} + {{- with .Values.tfyAgent.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tfyAgent.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tfyAgent.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/charts/tfy-agent/templates/virtualservice.yaml b/charts/tfy-agent/templates/virtualservice.yaml deleted file mode 100644 index b220274cb..000000000 --- a/charts/tfy-agent/templates/virtualservice.yaml +++ /dev/null @@ -1,32 +0,0 @@ -{{- if .Values.istio.virtualservice.enabled -}} -{{- $serviceName := include "app.fullname" . -}} -{{- $servicePort := .Values.service.port -}} -apiVersion: networking.istio.io/v1beta1 -kind: VirtualService -metadata: - name: {{ include "app.fullname" . }} - labels: - {{- include "app.labels" . | nindent 4 }} - {{- if .Values.istio.virtualservice.annotations }} - annotations: - {{- range $key, $value := .Values.istio.virtualservice.annotations }} - {{ $key }}: {{ $value | quote }} - {{- end }} - {{- end }} - namespace: {{ .Release.Namespace }} -spec: - gateways: - {{- range .Values.istio.virtualservice.gateways}} - - {{ . }} - {{- end }} - hosts: - {{- range .Values.istio.virtualservice.hosts}} - - {{ . }} - {{- end }} - http: - - route: - - destination: - host: {{ include "app.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local - port: - number: {{ .Values.service.port }} -{{- end }} \ No newline at end of file diff --git a/charts/tfy-agent/values.yaml b/charts/tfy-agent/values.yaml index fb8a3764e..a662269ee 100644 --- a/charts/tfy-agent/values.yaml +++ b/charts/tfy-agent/values.yaml @@ -1,36 +1,169 @@ -# Default values for sample. +# Default values for tfy-agent. # This is a YAML-formatted file. # Declare variables to be passed into your templates. -global: {} +# global settings +global: + rbac: + enabled: true -image: - repository: truefoundrycloud/tfy-agent - pullPolicy: IfNotPresent - # Overrides the image tag whose default is the chart appVersion. - tag: "a9af8a51d8b0373f4d0c469119ed88a488c5709f" +# configuration for tfy-agent and tfy-agent-proxy +config: + # token to connect to the contorl plane + clusterToken: "" + + # name of the secret containing the cluster token + # the key must be token + # if this is set it will override config.clusterToken + clusterTokenSecret: "" + + # url of the control plane + # format: https://<> + controlPlaneURL: "" + + # name of the tenant where your control plane is hosted + tenantName: "" + + # nats port + natsPort: '443' + + # configurations for opencost + opencost: + # time in milliseconds for opencost scraping + pollInterval: '180000' + # endpoint to connect to opencost + endpoint: http://opencost.opencost.svc.cluster.local:9090 + + # configurations for prometheus + prometheus: + # time in milliseconds for prometheus scraping config + pollInterval: '60000' + # endpoint to connect to prometheus + endpoint: http://prometheus-operated.prometheus.svc.cluster.local:9090 + + alertURL: "https://auth.truefoundry.com" + + nodeEnv: production imagePullSecrets: [] nameOverride: "" fullnameOverride: "" -serviceAccount: - # Specifies whether a service account should be created - create: true - # Annotations to add to the service account +# configuration related to tfy-agent +tfyAgent: + + ## Deploy tfyAgent + # + enabled: true + + ## Number of replicas of tfyAgent + ## value kept for future use, ketp 1 + # replicaCount: 1 + + ## Annotations for Alertmanager + ## annotations: {} - # The name of the service account to use. - # If not set and create is true, a name is generated using the fullname template - name: "tfy-agent" + ## Service account for Alertmanager to use. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ + ## + serviceAccount: + # Specifies whether a service account should be created + create: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + # enabled automounting of service account token inside the pod + automountServiceAccountToken: true + + ## Adding extra envrionment variable for tfyAgent + # + extraEnvVars: [] + ## + # Example: + # extraEnvVars: + # - name: KEY1 + # value: VALUE1 + + ## Configuration for tfyAgent service + ## + service: + annotations: {} + labels: {} + clusterIP: "" + + ## Port for tfyAgent Service to listen on + ## + port: 3000 + ## Port to expose on each node + ## Only used if service.type is 'NodePort' + ## + nodePort: "" + ## List of IP addresses at which the tfyAgent server service is available + ## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips + ## -envSecretName: tfy-agent-env-secret -podAnnotations: {} + ## If you want to make sure that connections from a particular client are passed to the same Pod each time + ## Accepts 'ClientIP' or '' + ## + sessionAffinity: "" -podSecurityContext: {} - # fsGroup: 2000 + ## Service type + ## + type: ClusterIP + + ## Image of tfyAgent + ## + image: + repository: truefoundrycloud/tfy-agent + pullPolicy: IfNotPresent + # Overrides the image tag whose default is the chart appVersion. + tag: "a9af8a51d8b0373f4d0c469119ed88a488c5709f" + + ## Define resources requests and limits for single Pods. + ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ + ## + ## customized resource limits are very general in nature and must be kept the same + ## decreasing the resource might make the service UNAVAILABLE + resources: + limits: + cpu: 500m + memory: 512Mi + ephemeral-storage: 256Mi + requests: + cpu: 300m + memory: 256Mi + ephemeral-storage: 128Mi -securityContext: {} + livenessProbe: + failureThreshold: 5 + httpGet: + path: / + port: 3000 + scheme: HTTP + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + initialDelaySeconds: 15 + + readinessProbe: + failureThreshold: 5 + httpGet: + path: / + port: 3000 + scheme: HTTP + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + initialDelaySeconds: 15 + + ## SecurityContext holds pod-level security attributes and common container settings. + ## This defaults to non root user with uid 1000 and gid 2000. *v1.PodSecurityContext false + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ + ## + securityContext: {} # capabilities: # drop: # - ALL @@ -38,86 +171,117 @@ securityContext: {} # runAsNonRoot: true # runAsUser: 1000 -service: - type: ClusterIP - port: 3000 - annotations: {} + ## If specified, the pod's tolerations. + ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ + ## + tolerations: [] + # - key: "key" + # operator: "Equal" + # value: "value" + # effect: "NoSchedule" + + ## Define which Nodes the Pods are scheduled on. + ## ref: https://kubernetes.io/docs/user-guide/node-selection/ + ## + nodeSelector: {} + ## Assign custom affinity rules to the tfyAgent instance + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ + ## + affinity: {} + # nodeAffinity: + # requiredDuringSchedulingIgnoredDuringExecution: + # nodeSelectorTerms: + # - matchExpressions: + # - key: kubernetes.io/e2e-az-name + # operator: In + # values: + # - e2e-az1 + # - e2e-az2 -ingress: - enabled: false - annotations: {} - labels: {} - ingressClassName: istio - tls: [] - hosts: [] - -resources: - limits: - cpu: 200m - memory: 512Mi - ephemeral-storage: 256Mi - requests: - cpu: 100m - memory: 300Mi - ephemeral-storage: 128Mi - - -healthcheck: +# configuration for tfy-agent-proxy +tfyAgentProxy: + + ## Deploy tfyAgentProxy + # enabled: true - readiness: - port: 3000 - path: / - liveness: - port: 3000 - path: / -nodeSelector: {} -tolerations: {} -affinity: {} + ## Number of replicas of tfyAgentProxy + ## value kept for future use, ketp 1 + # replicaCount: 1 -istio: - virtualservice: - enabled: false - annotations: {} - gateways: [] - hosts: [] + ## Annotations for tfyAgentProxy + ## + annotations: {} -rbac: - enabled: true + ## Image of tfyAgentProxy + ## + image: + repository: truefoundrycloud/tfy-agent-proxy + pullPolicy: IfNotPresent + # Overrides the image tag whose default is the chart appVersion. + tag: "00f2e71680781ab9e1e64270525b97d01e0ba236" -name: tfy-agent - -env: - NODE_ENV: production - PROMETHEUS_POLL_INTERVAL: '60000' - PROMETHEUS_ENDPOINT: http://prometheus-operated.prometheus.svc.cluster.local:9090 - OPENCOST_POLL_INTERVAL: '180000' - OPENCOST_ENDPOINT: http://opencost.opencost.svc.cluster.local:9090 - CONTROL_PLANE_URL: '{{ .Values.global.controlPlaneURL }}' - CLUSTER_TOKEN: ${k8s-secret/CLUSTER_TOKEN} - TENANT_NAME: '{{ .Values.global.tenantName }}' - WORKLOAD_NAMESPACE: '{{ .Release.Namespace }}' - CONTROL_PLANE_NATS_PORT: '443' - ALERT_URL: https://auth.truefoundry.com + ## Adding extra envrionment variable for tfyAgentProxy + # + extraEnvVars: [] + ## + # Example: + # extraEnvVars: + # - name: KEY1 + # value: VALUE1 -tfyAgentProxy: - # specifies if agent proxy should be enabled or not - enabled: true - imageTag: "00f2e71680781ab9e1e64270525b97d01e0ba236" - imageRepository: truefoundrycloud/tfy-agent-proxy - type: ClusterIP - - # resource section for tfy agent proxy + ## Define resources requests and limits for single Pods. + ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ + ## + ## customized resource limits are very general in nature and must be kept the same + ## decreasing the resource might make the service UNAVAILABLE resources: limits: - cpu: '1' + cpu: 500m + memory: 512Mi ephemeral-storage: 500M - memory: 500M requests: cpu: 50m + memory: 128Mi ephemeral-storage: 200M - memory: 100M - # any additional env vars for tfy-agent-proxy - # can skip CLUSTER_TOKEN and CONTROL_PLANE_URL as they are read from .Value.env - env: + + ## SecurityContext holds pod-level security attributes and common container settings. + ## This defaults to non root user with uid 1000 and gid 2000. *v1.PodSecurityContext false + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ + ## + securityContext: {} + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsNonRoot: true + # runAsUser: 1000 + + ## If specified, the pod's tolerations. + ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ + ## + tolerations: [] + # - key: "key" + # operator: "Equal" + # value: "value" + # effect: "NoSchedule" + + ## Define which Nodes the Pods are scheduled on. + ## ref: https://kubernetes.io/docs/user-guide/node-selection/ + ## + nodeSelector: {} + + ## Assign custom affinity rules to the tfyAgent instance + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ + ## + affinity: {} + # nodeAffinity: + # requiredDuringSchedulingIgnoredDuringExecution: + # nodeSelectorTerms: + # - matchExpressions: + # - key: kubernetes.io/e2e-az-name + # operator: In + # values: + # - e2e-az1 + # - e2e-az2 \ No newline at end of file