From ba443c3154f489913e4efcef71fea7c7881c4afd Mon Sep 17 00:00:00 2001 From: EJ Etherington Date: Fri, 22 Mar 2019 16:31:54 -0700 Subject: [PATCH 1/6] adding helm chart MVP --- charts/fairwinds/Chart.yaml | 4 ++ charts/fairwinds/templates/_helpers.tpl | 16 ++++++ .../templates/fairwinds-dash.svc.yaml | 21 +++++++ .../templates/fairwinds.clusterrole.yaml | 22 ++++++++ .../fairwinds.clusterrolebinding.yaml | 21 +++++++ .../fairwinds.deployment-dashboard.yaml | 53 ++++++++++++++++++ .../fairwinds.deployment-webook.yaml | 55 +++++++++++++++++++ .../fairwinds/templates/fairwinds.secret.yaml | 13 +++++ .../templates/fairwinds.serviceaccount.yaml | 12 ++++ .../templates/frairwinds.configmap.yaml | 15 +++++ charts/fairwinds/values.yaml | 53 ++++++++++++++++++ 11 files changed, 285 insertions(+) create mode 100755 charts/fairwinds/Chart.yaml create mode 100644 charts/fairwinds/templates/_helpers.tpl create mode 100644 charts/fairwinds/templates/fairwinds-dash.svc.yaml create mode 100644 charts/fairwinds/templates/fairwinds.clusterrole.yaml create mode 100644 charts/fairwinds/templates/fairwinds.clusterrolebinding.yaml create mode 100644 charts/fairwinds/templates/fairwinds.deployment-dashboard.yaml create mode 100644 charts/fairwinds/templates/fairwinds.deployment-webook.yaml create mode 100644 charts/fairwinds/templates/fairwinds.secret.yaml create mode 100644 charts/fairwinds/templates/fairwinds.serviceaccount.yaml create mode 100644 charts/fairwinds/templates/frairwinds.configmap.yaml create mode 100644 charts/fairwinds/values.yaml diff --git a/charts/fairwinds/Chart.yaml b/charts/fairwinds/Chart.yaml new file mode 100755 index 000000000..a171c991c --- /dev/null +++ b/charts/fairwinds/Chart.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +description: Helm chart generated by https://github.com/appscode/chartify +name: fairwinds +version: 0.1.0 diff --git a/charts/fairwinds/templates/_helpers.tpl b/charts/fairwinds/templates/_helpers.tpl new file mode 100644 index 000000000..234480de7 --- /dev/null +++ b/charts/fairwinds/templates/_helpers.tpl @@ -0,0 +1,16 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 24 -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 24 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "fullname" -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- printf "%s-%s" .Release.Name $name | trunc 24 -}} +{{- end -}} diff --git a/charts/fairwinds/templates/fairwinds-dash.svc.yaml b/charts/fairwinds/templates/fairwinds-dash.svc.yaml new file mode 100644 index 000000000..9378159ca --- /dev/null +++ b/charts/fairwinds/templates/fairwinds-dash.svc.yaml @@ -0,0 +1,21 @@ +{{- if .Values.dashboard.service -}} +--- +apiVersion: v1 +kind: Service +metadata: + labels: + chart: '{{.Chart.Name}}-{{.Chart.Version}}' + heritage: '{{.Release.Service}}' + release: '{{.Release.Name}}' + name: '{{ template "fullname" . }}-dashboard' + namespace: '{{.Release.Namespace}}' +spec: + ports: + - name: dashboard + port: 80 + protocol: TCP + targetPort: 8080 + selector: + app: '{{.Release.Name}}' + type: '{{.Values.dashboard.service.type}}' +{{- end -}} diff --git a/charts/fairwinds/templates/fairwinds.clusterrole.yaml b/charts/fairwinds/templates/fairwinds.clusterrole.yaml new file mode 100644 index 000000000..c63cfe556 --- /dev/null +++ b/charts/fairwinds/templates/fairwinds.clusterrole.yaml @@ -0,0 +1,22 @@ +{{- if .Values.rbac.enable -}} +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRole +metadata: + labels: + app: '{{.Release.Name}}' + chart: '{{.Chart.Name}}-{{.Chart.Version}}' + heritage: '{{.Release.Service}}' + release: '{{.Release.Name}}' + name: '{{ template "fullname" . }}' + namespace: '{{.Release.Namespace}}' +rules: + - apiGroups: + - '' + - 'apps' + - 'admissionregistration.k8s.io' + resources: + - '*' + verbs: + - '*' +{{- end -}} diff --git a/charts/fairwinds/templates/fairwinds.clusterrolebinding.yaml b/charts/fairwinds/templates/fairwinds.clusterrolebinding.yaml new file mode 100644 index 000000000..48bbff025 --- /dev/null +++ b/charts/fairwinds/templates/fairwinds.clusterrolebinding.yaml @@ -0,0 +1,21 @@ +{{- if .Values.rbac.enable -}} +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + labels: + app: '{{.Release.Name}}' + chart: '{{.Chart.Name}}-{{.Chart.Version}}' + heritage: '{{.Release.Service}}' + release: '{{.Release.Name}}' + name: '{{ template "fullname" . }}' + namespace: '{{.Release.Namespace}}' +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: '{{ template "fullname" . }}' +subjects: + - kind: ServiceAccount + name: '{{ template "fullname" . }}' + namespace: '{{.Release.Namespace}}' +{{- end -}} diff --git a/charts/fairwinds/templates/fairwinds.deployment-dashboard.yaml b/charts/fairwinds/templates/fairwinds.deployment-dashboard.yaml new file mode 100644 index 000000000..2ba7f3779 --- /dev/null +++ b/charts/fairwinds/templates/fairwinds.deployment-dashboard.yaml @@ -0,0 +1,53 @@ +{{- if .Values.dashboard.enable -}} +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + labels: + app: '{{.Release.Name}}' + chart: '{{.Chart.Name}}-{{.Chart.Version}}' + heritage: '{{.Release.Service}}' + release: '{{.Release.Name}}' + name: '{{ template "fullname" . }}-dashboard' + namespace: '{{.Release.Namespace}}' +spec: + replicas: {{.Values.dashboard.replicas}} + selector: + matchLabels: + app: '{{.Release.Name}}' + template: + metadata: + labels: + app: '{{.Release.Name}}' + spec: + volumes: + - configMap: + name: '{{ template "fullname" . }}' + name: '{{ template "fullname" . }}' + - name: certs + secret: + secretName: '{{ template "fullname" . }}' + containers: + - command: + - fairwinds + - --dashboard + image: '{{.Values.dashboard.image}}:{{.Values.dashboard.imageTag}}' + imagePullPolicy: '{{.Values.dashboard.imagePullPolicy}}' + name: dashboard + ports: + - containerPort: 8080 + resources: + limits: + cpu: 100m + memory: 128Mi + requests: + cpu: 100m + memory: 128Mi + volumeMounts: + - mountPath: /opt/app/config.yml + name: '{{ template "fullname" . }}' + readOnly: true + subPath: config.yml + imagePullSecrets: + - name: '{{.Values.imagePullSecrets}}' + serviceAccountName: '{{ template "fullname" . }}' +{{- end -}} diff --git a/charts/fairwinds/templates/fairwinds.deployment-webook.yaml b/charts/fairwinds/templates/fairwinds.deployment-webook.yaml new file mode 100644 index 000000000..79f92758d --- /dev/null +++ b/charts/fairwinds/templates/fairwinds.deployment-webook.yaml @@ -0,0 +1,55 @@ +{{- if .Values.webhook.enable -}} +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + labels: + app: '{{.Release.Name}}' + chart: '{{.Chart.Name}}-{{.Chart.Version}}' + heritage: '{{.Release.Service}}' + release: '{{.Release.Name}}' + name: '{{ template "fullname" . }}-webhook' + namespace: '{{.Release.Namespace}}' +spec: + replicas: {{.Values.webhookreplicas}} + selector: + matchLabels: + app: '{{.Release.Name}}' + template: + metadata: + labels: + app: '{{.Release.Name}}' + spec: + volumes: + - configMap: + name: '{{ template "fullname" . }}' + name: '{{ template "fullname" . }}' + - name: certs + secret: + secretName: '{{ template "fullname" . }}' + containers: + - command: + - fairwinds + - --webhook + image: '{{.Values.webhook.image}}:{{.Values.webhook.imageTag}}' + imagePullPolicy: '{{.Values.webhook.imagePullPolicy}}' + name: webhook + ports: + - containerPort: 9876 + resources: + limits: + cpu: 100m + memory: 128Mi + requests: + cpu: 100m + memory: 128Mi + volumeMounts: + - mountPath: /tmp/cert/ + name: certs + - mountPath: /opt/app/config.yml + name: '{{ template "fullname" . }}' + readOnly: true + subPath: config.yml + imagePullSecrets: + - name: '{{.Values.imagePullSecrets}}' + serviceAccountName: '{{ template "fullname" . }}' +{{- end -}} diff --git a/charts/fairwinds/templates/fairwinds.secret.yaml b/charts/fairwinds/templates/fairwinds.secret.yaml new file mode 100644 index 000000000..ca554e2b1 --- /dev/null +++ b/charts/fairwinds/templates/fairwinds.secret.yaml @@ -0,0 +1,13 @@ +--- +apiVersion: v1 +kind: Secret +metadata: + labels: + app: '{{ template "fullname" . }}' + chart: '{{.Chart.Name}}-{{.Chart.Version}}' + heritage: '{{.Release.Service}}' + release: '{{.Release.Name}}' + name: '{{ template "fullname" . }}' + namespace: '{{.Release.Namespace}}' +type: opaque +data: diff --git a/charts/fairwinds/templates/fairwinds.serviceaccount.yaml b/charts/fairwinds/templates/fairwinds.serviceaccount.yaml new file mode 100644 index 000000000..8bba8dc8a --- /dev/null +++ b/charts/fairwinds/templates/fairwinds.serviceaccount.yaml @@ -0,0 +1,12 @@ +{{- if .Values.rbac.enable -}} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + chart: '{{.Chart.Name}}-{{.Chart.Version}}' + heritage: '{{.Release.Service}}' + release: '{{.Release.Name}}' + name: '{{ template "fullname" . }}' + namespace: '{{.Release.Namespace}}' +{{- end -}} diff --git a/charts/fairwinds/templates/frairwinds.configmap.yaml b/charts/fairwinds/templates/frairwinds.configmap.yaml new file mode 100644 index 000000000..74fe87f1b --- /dev/null +++ b/charts/fairwinds/templates/frairwinds.configmap.yaml @@ -0,0 +1,15 @@ +{{- if .Values.config -}} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + labels: + app: '{{ template "fullname" . }}' + chart: '{{.Chart.Name}}-{{.Chart.Version}}' + heritage: '{{.Release.Service}}' + release: '{{.Release.Name}}' + name: '{{ template "fullname" . }}' + namespace: '{{.Release.Namespace}}' +data: + config.yml: {{- toYaml .Values.config | indent 2 -}} +{{ end }} diff --git a/charts/fairwinds/values.yaml b/charts/fairwinds/values.yaml new file mode 100644 index 000000000..2acda3f99 --- /dev/null +++ b/charts/fairwinds/values.yaml @@ -0,0 +1,53 @@ +--- +config: | + resources: + requests: + cpu: + min: 0.1 + max: 1 + memory: + min: 10m + max: 2000M + limits: + cpu: + min: 0.1 + max: 1 + memory: + min: 10m + max: 2000M + healthChecks: + readiness: + require: true + liveness: + require: true + images: + tagRequired: true + whitelistRepos: + - gcr.io + hostNetwork: + hostAlias: + require: true + hostIPC: + require: true + hostNetwork: + require: true + hostPID: + require: true + hostPort: + require: true +dashboard: + enable: true + service: + type: ClusterIP + image: quay.io/reactiveops/fairwinds + imagePullPolicy: IfNotPresent + imageTag: dev-f16f12d0af38fd547918d394ce717037223b7f94 +webhook: + enable: false + image: quay.io/reactiveops/fairwinds + imagePullPolicy: IfNotPresent + imageTag: dev-f16f12d0af38fd547918d394ce717037223b7f94 +imagePullSecrets: fairwinds +replicas: 1 +rbac: + enable: true From 6456c9c28c4a2a8a817fcfafb362be63fc1040ea Mon Sep 17 00:00:00 2001 From: EJ Etherington Date: Fri, 22 Mar 2019 16:46:02 -0700 Subject: [PATCH 2/6] adding notes, making requests defaults more basic --- .../templates/fairwinds.deployment-dashboard.yaml | 2 ++ .../templates/fairwinds.deployment-webook.yaml | 2 ++ .../fairwinds/templates/frairwinds.configmap.yaml | 15 --------------- charts/fairwinds/values.yaml | 6 ++---- 4 files changed, 6 insertions(+), 19 deletions(-) delete mode 100644 charts/fairwinds/templates/frairwinds.configmap.yaml diff --git a/charts/fairwinds/templates/fairwinds.deployment-dashboard.yaml b/charts/fairwinds/templates/fairwinds.deployment-dashboard.yaml index 2ba7f3779..a40e5dead 100644 --- a/charts/fairwinds/templates/fairwinds.deployment-dashboard.yaml +++ b/charts/fairwinds/templates/fairwinds.deployment-dashboard.yaml @@ -2,6 +2,8 @@ apiVersion: extensions/v1beta1 kind: Deployment metadata: + annotations: + checksum/config: '{{ include (print $.Template.BasePath "/fairwinds.configmap.yaml") . | sha256sum }}' labels: app: '{{.Release.Name}}' chart: '{{.Chart.Name}}-{{.Chart.Version}}' diff --git a/charts/fairwinds/templates/fairwinds.deployment-webook.yaml b/charts/fairwinds/templates/fairwinds.deployment-webook.yaml index 79f92758d..f124b7b53 100644 --- a/charts/fairwinds/templates/fairwinds.deployment-webook.yaml +++ b/charts/fairwinds/templates/fairwinds.deployment-webook.yaml @@ -2,6 +2,8 @@ apiVersion: extensions/v1beta1 kind: Deployment metadata: + annotations: + checksum/config: '{{ include (print $.Template.BasePath "/fairwinds.configmap.yaml") . | sha256sum }}' labels: app: '{{.Release.Name}}' chart: '{{.Chart.Name}}-{{.Chart.Version}}' diff --git a/charts/fairwinds/templates/frairwinds.configmap.yaml b/charts/fairwinds/templates/frairwinds.configmap.yaml deleted file mode 100644 index 74fe87f1b..000000000 --- a/charts/fairwinds/templates/frairwinds.configmap.yaml +++ /dev/null @@ -1,15 +0,0 @@ -{{- if .Values.config -}} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - labels: - app: '{{ template "fullname" . }}' - chart: '{{.Chart.Name}}-{{.Chart.Version}}' - heritage: '{{.Release.Service}}' - release: '{{.Release.Name}}' - name: '{{ template "fullname" . }}' - namespace: '{{.Release.Namespace}}' -data: - config.yml: {{- toYaml .Values.config | indent 2 -}} -{{ end }} diff --git a/charts/fairwinds/values.yaml b/charts/fairwinds/values.yaml index 2acda3f99..4f36e3075 100644 --- a/charts/fairwinds/values.yaml +++ b/charts/fairwinds/values.yaml @@ -3,11 +3,9 @@ config: | resources: requests: cpu: - min: 0.1 - max: 1 + require: true memory: - min: 10m - max: 2000M + require: true limits: cpu: min: 0.1 From 52fa0b3eb1da62e64dd494a56c4e7bd9a1df939a Mon Sep 17 00:00:00 2001 From: EJ Etherington Date: Fri, 22 Mar 2019 16:50:12 -0700 Subject: [PATCH 3/6] adding helm chart to readme --- README.md | 13 +++++++++++++ charts/fairwinds/templates/NOTES.txt | 12 ++++++++++++ .../fairwinds/templates/fairwinds.configmap.yaml | 15 +++++++++++++++ 3 files changed, 40 insertions(+) create mode 100644 charts/fairwinds/templates/NOTES.txt create mode 100644 charts/fairwinds/templates/fairwinds.configmap.yaml diff --git a/README.md b/README.md index b6dd7f284..ac9e977cc 100644 --- a/README.md +++ b/README.md @@ -20,6 +20,7 @@ Then apply the config: kubectl apply -f deploy/all.yaml ``` + ## Options * `dashboard` Runs the webserver for Fairwinds dashboard. @@ -29,3 +30,15 @@ kubectl apply -f deploy/all.yaml * `disable-webhook-config-installer`: disable the installer in the webhook server, so it won't install webhook configuration resources during bootstrapping * `kubeconfig`: Paths to a kubeconfig. Only required if out-of-cluster. * `master`: The address of the Kubernetes API server. Overrides any value in kubeconfig. Only required if out-of-cluster. + +## Helm Deploy Option + +* Create ImagePullSecret: +`kubectl -n fairwinds create secret docker-registry fairwinds --docker-server= --docker-username= --docker-password= --docker-email=` + +* Create release with Helm: +``` +helm upgrade --install fairwinds charts/fairwinds/ --namespace fairwinds --recreate-pods +kubectl port-forward --namespace fairwinds svc/fairwinds-fairwinds-dashboard 8080:80 & +open http://localhost:8080 +``` diff --git a/charts/fairwinds/templates/NOTES.txt b/charts/fairwinds/templates/NOTES.txt new file mode 100644 index 000000000..9c12a4a8f --- /dev/null +++ b/charts/fairwinds/templates/NOTES.txt @@ -0,0 +1,12 @@ +** Please be patient while the chart is being deployed ** + +Enjoy Fairwinds and smooth sailing! + +{{- if contains "ClusterIP" .Values.dashboard.service.type }} + +## To view the dashboard execute these commands: + +kubectl port-forward --namespace {{ .Release.Namespace }} svc/{{ template "fullname" . }}-dashboard 8080:80 & +open http://localhost:8080 + +{{- end }} diff --git a/charts/fairwinds/templates/fairwinds.configmap.yaml b/charts/fairwinds/templates/fairwinds.configmap.yaml new file mode 100644 index 000000000..74fe87f1b --- /dev/null +++ b/charts/fairwinds/templates/fairwinds.configmap.yaml @@ -0,0 +1,15 @@ +{{- if .Values.config -}} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + labels: + app: '{{ template "fullname" . }}' + chart: '{{.Chart.Name}}-{{.Chart.Version}}' + heritage: '{{.Release.Service}}' + release: '{{.Release.Name}}' + name: '{{ template "fullname" . }}' + namespace: '{{.Release.Namespace}}' +data: + config.yml: {{- toYaml .Values.config | indent 2 -}} +{{ end }} From 5a71316788927467997b2413a9c15cbfa78132a5 Mon Sep 17 00:00:00 2001 From: EJ Etherington Date: Mon, 25 Mar 2019 14:40:33 -0700 Subject: [PATCH 4/6] renaming rbac.enable -> rbac.create, removing ---, removing image pull secret support --- README.md | 3 --- charts/fairwinds/templates/fairwinds-dash.svc.yaml | 1 - charts/fairwinds/templates/fairwinds.clusterrole.yaml | 3 +-- charts/fairwinds/templates/fairwinds.clusterrolebinding.yaml | 3 +-- charts/fairwinds/templates/fairwinds.configmap.yaml | 3 --- .../fairwinds/templates/fairwinds.deployment-dashboard.yaml | 4 +--- charts/fairwinds/templates/fairwinds.deployment-webook.yaml | 4 +--- charts/fairwinds/templates/fairwinds.secret.yaml | 1 - charts/fairwinds/templates/fairwinds.serviceaccount.yaml | 3 --- charts/fairwinds/values.yaml | 3 +-- 10 files changed, 5 insertions(+), 23 deletions(-) diff --git a/README.md b/README.md index ac9e977cc..563995304 100644 --- a/README.md +++ b/README.md @@ -33,9 +33,6 @@ kubectl apply -f deploy/all.yaml ## Helm Deploy Option -* Create ImagePullSecret: -`kubectl -n fairwinds create secret docker-registry fairwinds --docker-server= --docker-username= --docker-password= --docker-email=` - * Create release with Helm: ``` helm upgrade --install fairwinds charts/fairwinds/ --namespace fairwinds --recreate-pods diff --git a/charts/fairwinds/templates/fairwinds-dash.svc.yaml b/charts/fairwinds/templates/fairwinds-dash.svc.yaml index 9378159ca..9c89609a4 100644 --- a/charts/fairwinds/templates/fairwinds-dash.svc.yaml +++ b/charts/fairwinds/templates/fairwinds-dash.svc.yaml @@ -1,5 +1,4 @@ {{- if .Values.dashboard.service -}} ---- apiVersion: v1 kind: Service metadata: diff --git a/charts/fairwinds/templates/fairwinds.clusterrole.yaml b/charts/fairwinds/templates/fairwinds.clusterrole.yaml index c63cfe556..4ba8f93ad 100644 --- a/charts/fairwinds/templates/fairwinds.clusterrole.yaml +++ b/charts/fairwinds/templates/fairwinds.clusterrole.yaml @@ -1,5 +1,4 @@ -{{- if .Values.rbac.enable -}} ---- +{{- if .Values.rbac.create -}} apiVersion: rbac.authorization.k8s.io/v1beta1 kind: ClusterRole metadata: diff --git a/charts/fairwinds/templates/fairwinds.clusterrolebinding.yaml b/charts/fairwinds/templates/fairwinds.clusterrolebinding.yaml index 48bbff025..72511cffe 100644 --- a/charts/fairwinds/templates/fairwinds.clusterrolebinding.yaml +++ b/charts/fairwinds/templates/fairwinds.clusterrolebinding.yaml @@ -1,5 +1,4 @@ -{{- if .Values.rbac.enable -}} ---- +{{- if .Values.rbac.create -}} apiVersion: rbac.authorization.k8s.io/v1beta1 kind: ClusterRoleBinding metadata: diff --git a/charts/fairwinds/templates/fairwinds.configmap.yaml b/charts/fairwinds/templates/fairwinds.configmap.yaml index 74fe87f1b..e404fb62e 100644 --- a/charts/fairwinds/templates/fairwinds.configmap.yaml +++ b/charts/fairwinds/templates/fairwinds.configmap.yaml @@ -1,5 +1,3 @@ -{{- if .Values.config -}} ---- apiVersion: v1 kind: ConfigMap metadata: @@ -12,4 +10,3 @@ metadata: namespace: '{{.Release.Namespace}}' data: config.yml: {{- toYaml .Values.config | indent 2 -}} -{{ end }} diff --git a/charts/fairwinds/templates/fairwinds.deployment-dashboard.yaml b/charts/fairwinds/templates/fairwinds.deployment-dashboard.yaml index a40e5dead..ef3c33d10 100644 --- a/charts/fairwinds/templates/fairwinds.deployment-dashboard.yaml +++ b/charts/fairwinds/templates/fairwinds.deployment-dashboard.yaml @@ -3,7 +3,7 @@ apiVersion: extensions/v1beta1 kind: Deployment metadata: annotations: - checksum/config: '{{ include (print $.Template.BasePath "/fairwinds.configmap.yaml") . | sha256sum }}' + checksum/config: '{{ include (print $.Template.BasePath "/fairwinds.configmap.yaml") . | sha256sum }}' labels: app: '{{.Release.Name}}' chart: '{{.Chart.Name}}-{{.Chart.Version}}' @@ -49,7 +49,5 @@ spec: name: '{{ template "fullname" . }}' readOnly: true subPath: config.yml - imagePullSecrets: - - name: '{{.Values.imagePullSecrets}}' serviceAccountName: '{{ template "fullname" . }}' {{- end -}} diff --git a/charts/fairwinds/templates/fairwinds.deployment-webook.yaml b/charts/fairwinds/templates/fairwinds.deployment-webook.yaml index f124b7b53..3a2926be1 100644 --- a/charts/fairwinds/templates/fairwinds.deployment-webook.yaml +++ b/charts/fairwinds/templates/fairwinds.deployment-webook.yaml @@ -3,7 +3,7 @@ apiVersion: extensions/v1beta1 kind: Deployment metadata: annotations: - checksum/config: '{{ include (print $.Template.BasePath "/fairwinds.configmap.yaml") . | sha256sum }}' + checksum/config: '{{ include (print $.Template.BasePath "/fairwinds.configmap.yaml") . | sha256sum }}' labels: app: '{{.Release.Name}}' chart: '{{.Chart.Name}}-{{.Chart.Version}}' @@ -51,7 +51,5 @@ spec: name: '{{ template "fullname" . }}' readOnly: true subPath: config.yml - imagePullSecrets: - - name: '{{.Values.imagePullSecrets}}' serviceAccountName: '{{ template "fullname" . }}' {{- end -}} diff --git a/charts/fairwinds/templates/fairwinds.secret.yaml b/charts/fairwinds/templates/fairwinds.secret.yaml index ca554e2b1..60ac6bb1d 100644 --- a/charts/fairwinds/templates/fairwinds.secret.yaml +++ b/charts/fairwinds/templates/fairwinds.secret.yaml @@ -1,4 +1,3 @@ ---- apiVersion: v1 kind: Secret metadata: diff --git a/charts/fairwinds/templates/fairwinds.serviceaccount.yaml b/charts/fairwinds/templates/fairwinds.serviceaccount.yaml index 8bba8dc8a..5ce9c8542 100644 --- a/charts/fairwinds/templates/fairwinds.serviceaccount.yaml +++ b/charts/fairwinds/templates/fairwinds.serviceaccount.yaml @@ -1,5 +1,3 @@ -{{- if .Values.rbac.enable -}} ---- apiVersion: v1 kind: ServiceAccount metadata: @@ -9,4 +7,3 @@ metadata: release: '{{.Release.Name}}' name: '{{ template "fullname" . }}' namespace: '{{.Release.Namespace}}' -{{- end -}} diff --git a/charts/fairwinds/values.yaml b/charts/fairwinds/values.yaml index 4f36e3075..08b4348f9 100644 --- a/charts/fairwinds/values.yaml +++ b/charts/fairwinds/values.yaml @@ -45,7 +45,6 @@ webhook: image: quay.io/reactiveops/fairwinds imagePullPolicy: IfNotPresent imageTag: dev-f16f12d0af38fd547918d394ce717037223b7f94 -imagePullSecrets: fairwinds replicas: 1 rbac: - enable: true + create: true From 613c120c6867965a14eeba27d63eccc8c11d483a Mon Sep 17 00:00:00 2001 From: EJ Etherington Date: Tue, 26 Mar 2019 09:43:59 -0700 Subject: [PATCH 5/6] trying some liveness and readiness probes. Removing ranges on default configmap --- .../templates/fairwinds.deployment-dashboard.yaml | 13 +++++++++++++ .../templates/fairwinds.deployment-webook.yaml | 13 +++++++++++++ charts/fairwinds/values.yaml | 6 ++---- 3 files changed, 28 insertions(+), 4 deletions(-) diff --git a/charts/fairwinds/templates/fairwinds.deployment-dashboard.yaml b/charts/fairwinds/templates/fairwinds.deployment-dashboard.yaml index ef3c33d10..a1e81b68e 100644 --- a/charts/fairwinds/templates/fairwinds.deployment-dashboard.yaml +++ b/charts/fairwinds/templates/fairwinds.deployment-dashboard.yaml @@ -37,6 +37,19 @@ spec: name: dashboard ports: - containerPort: 8080 + livenessProbe: + exec: + command: + - sh + - -c + - ps -ef | grep fairwinds + initialDelaySeconds: 5 + periodSeconds: 5 + readinessProbe: + tcpSocket: + port: 8080 + initialDelaySeconds: 15 + periodSeconds: 20 resources: limits: cpu: 100m diff --git a/charts/fairwinds/templates/fairwinds.deployment-webook.yaml b/charts/fairwinds/templates/fairwinds.deployment-webook.yaml index 3a2926be1..bc8ad4f76 100644 --- a/charts/fairwinds/templates/fairwinds.deployment-webook.yaml +++ b/charts/fairwinds/templates/fairwinds.deployment-webook.yaml @@ -37,6 +37,19 @@ spec: name: webhook ports: - containerPort: 9876 + livenessProbe: + exec: + command: + - sh + - -c + - ps -ef | grep fairwinds + initialDelaySeconds: 5 + periodSeconds: 5 + readinessProbe: + tcpSocket: + port: 8080 + initialDelaySeconds: 15 + periodSeconds: 20 resources: limits: cpu: 100m diff --git a/charts/fairwinds/values.yaml b/charts/fairwinds/values.yaml index 08b4348f9..f90fa8598 100644 --- a/charts/fairwinds/values.yaml +++ b/charts/fairwinds/values.yaml @@ -8,11 +8,9 @@ config: | require: true limits: cpu: - min: 0.1 - max: 1 + require: true memory: - min: 10m - max: 2000M + require: true healthChecks: readiness: require: true From 43ce19cbe43f42b965f3e458a09e248250d87280 Mon Sep 17 00:00:00 2001 From: EJ Etherington Date: Mon, 1 Apr 2019 10:47:50 -0700 Subject: [PATCH 6/6] making requested changes --- charts/fairwinds/Chart.yaml | 2 +- .../templates/fairwinds-dash.svc.yaml | 1 - .../templates/fairwinds.clusterrole.yaml | 1 - .../fairwinds.clusterrolebinding.yaml | 1 - .../templates/fairwinds.configmap.yaml | 1 - .../fairwinds.deployment-dashboard.yaml | 16 ++- .../fairwinds.deployment-webook.yaml | 5 +- .../fairwinds/templates/fairwinds.secret.yaml | 1 - .../templates/fairwinds.serviceaccount.yaml | 1 - charts/fairwinds/values.yaml | 118 ++++++++++++------ 10 files changed, 93 insertions(+), 54 deletions(-) diff --git a/charts/fairwinds/Chart.yaml b/charts/fairwinds/Chart.yaml index a171c991c..601908aea 100755 --- a/charts/fairwinds/Chart.yaml +++ b/charts/fairwinds/Chart.yaml @@ -1,4 +1,4 @@ apiVersion: v1 -description: Helm chart generated by https://github.com/appscode/chartify +description: Validation of best practices in your Kubernetes clusters name: fairwinds version: 0.1.0 diff --git a/charts/fairwinds/templates/fairwinds-dash.svc.yaml b/charts/fairwinds/templates/fairwinds-dash.svc.yaml index 9c89609a4..cf209fc90 100644 --- a/charts/fairwinds/templates/fairwinds-dash.svc.yaml +++ b/charts/fairwinds/templates/fairwinds-dash.svc.yaml @@ -7,7 +7,6 @@ metadata: heritage: '{{.Release.Service}}' release: '{{.Release.Name}}' name: '{{ template "fullname" . }}-dashboard' - namespace: '{{.Release.Namespace}}' spec: ports: - name: dashboard diff --git a/charts/fairwinds/templates/fairwinds.clusterrole.yaml b/charts/fairwinds/templates/fairwinds.clusterrole.yaml index 4ba8f93ad..0177b444c 100644 --- a/charts/fairwinds/templates/fairwinds.clusterrole.yaml +++ b/charts/fairwinds/templates/fairwinds.clusterrole.yaml @@ -8,7 +8,6 @@ metadata: heritage: '{{.Release.Service}}' release: '{{.Release.Name}}' name: '{{ template "fullname" . }}' - namespace: '{{.Release.Namespace}}' rules: - apiGroups: - '' diff --git a/charts/fairwinds/templates/fairwinds.clusterrolebinding.yaml b/charts/fairwinds/templates/fairwinds.clusterrolebinding.yaml index 72511cffe..efd8ad84d 100644 --- a/charts/fairwinds/templates/fairwinds.clusterrolebinding.yaml +++ b/charts/fairwinds/templates/fairwinds.clusterrolebinding.yaml @@ -8,7 +8,6 @@ metadata: heritage: '{{.Release.Service}}' release: '{{.Release.Name}}' name: '{{ template "fullname" . }}' - namespace: '{{.Release.Namespace}}' roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole diff --git a/charts/fairwinds/templates/fairwinds.configmap.yaml b/charts/fairwinds/templates/fairwinds.configmap.yaml index e404fb62e..d4adbdaf5 100644 --- a/charts/fairwinds/templates/fairwinds.configmap.yaml +++ b/charts/fairwinds/templates/fairwinds.configmap.yaml @@ -7,6 +7,5 @@ metadata: heritage: '{{.Release.Service}}' release: '{{.Release.Name}}' name: '{{ template "fullname" . }}' - namespace: '{{.Release.Namespace}}' data: config.yml: {{- toYaml .Values.config | indent 2 -}} diff --git a/charts/fairwinds/templates/fairwinds.deployment-dashboard.yaml b/charts/fairwinds/templates/fairwinds.deployment-dashboard.yaml index a1e81b68e..bc6222bcc 100644 --- a/charts/fairwinds/templates/fairwinds.deployment-dashboard.yaml +++ b/charts/fairwinds/templates/fairwinds.deployment-dashboard.yaml @@ -10,7 +10,6 @@ metadata: heritage: '{{.Release.Service}}' release: '{{.Release.Name}}' name: '{{ template "fullname" . }}-dashboard' - namespace: '{{.Release.Namespace}}' spec: replicas: {{.Values.dashboard.replicas}} selector: @@ -32,21 +31,20 @@ spec: - command: - fairwinds - --dashboard - image: '{{.Values.dashboard.image}}:{{.Values.dashboard.imageTag}}' - imagePullPolicy: '{{.Values.dashboard.imagePullPolicy}}' + image: '{{.Values.webhook.image.repository}}:{{.Values.webhook.image.tag}}' + imagePullPolicy: '{{.Values.webhook.image.pullPolicy}}' name: dashboard ports: - containerPort: 8080 livenessProbe: - exec: - command: - - sh - - -c - - ps -ef | grep fairwinds + httpGet: + path: / + port: 8080 initialDelaySeconds: 5 periodSeconds: 5 readinessProbe: - tcpSocket: + httpGet: + path: / port: 8080 initialDelaySeconds: 15 periodSeconds: 20 diff --git a/charts/fairwinds/templates/fairwinds.deployment-webook.yaml b/charts/fairwinds/templates/fairwinds.deployment-webook.yaml index bc8ad4f76..32537440a 100644 --- a/charts/fairwinds/templates/fairwinds.deployment-webook.yaml +++ b/charts/fairwinds/templates/fairwinds.deployment-webook.yaml @@ -10,7 +10,6 @@ metadata: heritage: '{{.Release.Service}}' release: '{{.Release.Name}}' name: '{{ template "fullname" . }}-webhook' - namespace: '{{.Release.Namespace}}' spec: replicas: {{.Values.webhookreplicas}} selector: @@ -32,8 +31,8 @@ spec: - command: - fairwinds - --webhook - image: '{{.Values.webhook.image}}:{{.Values.webhook.imageTag}}' - imagePullPolicy: '{{.Values.webhook.imagePullPolicy}}' + image: '{{.Values.webhook.image.repository}}:{{.Values.webhook.image.tag}}' + imagePullPolicy: '{{.Values.webhook.image.pullPolicy}}' name: webhook ports: - containerPort: 9876 diff --git a/charts/fairwinds/templates/fairwinds.secret.yaml b/charts/fairwinds/templates/fairwinds.secret.yaml index 60ac6bb1d..bf89a33bc 100644 --- a/charts/fairwinds/templates/fairwinds.secret.yaml +++ b/charts/fairwinds/templates/fairwinds.secret.yaml @@ -7,6 +7,5 @@ metadata: heritage: '{{.Release.Service}}' release: '{{.Release.Name}}' name: '{{ template "fullname" . }}' - namespace: '{{.Release.Namespace}}' type: opaque data: diff --git a/charts/fairwinds/templates/fairwinds.serviceaccount.yaml b/charts/fairwinds/templates/fairwinds.serviceaccount.yaml index 5ce9c8542..e18624d20 100644 --- a/charts/fairwinds/templates/fairwinds.serviceaccount.yaml +++ b/charts/fairwinds/templates/fairwinds.serviceaccount.yaml @@ -6,4 +6,3 @@ metadata: heritage: '{{.Release.Service}}' release: '{{.Release.Name}}' name: '{{ template "fullname" . }}' - namespace: '{{.Release.Namespace}}' diff --git a/charts/fairwinds/values.yaml b/charts/fairwinds/values.yaml index f90fa8598..79767ce3f 100644 --- a/charts/fairwinds/values.yaml +++ b/charts/fairwinds/values.yaml @@ -1,48 +1,96 @@ --- config: | resources: - requests: - cpu: - require: true - memory: - require: true - limits: - cpu: - require: true - memory: - require: true - healthChecks: - readiness: - require: true - liveness: - require: true + cpuRequestsMissing: warning + cpuRequestRanges: + warning: + below: 50m + above: 1000m + error: + below: 500m + above: 2000m + cpuLimitsMissing: warning + cpuLimitRanges: + warning: + below: 50m + above: 1000m + error: + below: 500m + above: 2000m + memoryRequestsMissing: warning + memoryRequestRanges: + warning: + below: 50M + above: 2G + error: + below: 100M + above: 4G + memoryLimitsMissing: warning + memoryLimitRanges: + warning: + below: 50M + above: 2G + error: + below: 100M + above: 4G images: - tagRequired: true - whitelistRepos: - - gcr.io - hostNetwork: - hostAlias: - require: true - hostIPC: - require: true - hostNetwork: - require: true - hostPID: - require: true - hostPort: - require: true + tagNotSpecified: error + pullPolicyNotAlways: warning + whitelist: + error: + - gcr.io/* + blacklist: + warning: + - docker.io/* + healthChecks: + readinessProbeMissing: warning + livenessProbeMissing: warning + networking: + hostAliasSet: error + hostIPCSet: error + hostNetworkSet: error + hostPIDSet: error + hostPortSet: error + security: + runAsPriviliged: warning + notReadOnlyRootFileSystem: warning + runAsNonRoot: warning + capabilities: + blacklist: + error: + - CHOWN + - SYS_CHROOT + - AUDIT_WRITE + whitelist: + warning: + - CHOWN + - DAC_OVERRIDE + - FSETID + - FOWNER + - MKNOD + - NET_RAW + - SETGID + - SETUID + - SETFCAP + - SETPCAP + - NET_BIND_SERVICE + - SYS_CHROOT + - KILL + - AUDIT_WRITE dashboard: enable: true service: type: ClusterIP - image: quay.io/reactiveops/fairwinds - imagePullPolicy: IfNotPresent - imageTag: dev-f16f12d0af38fd547918d394ce717037223b7f94 + image: + repository: quay.io/reactiveops/fairwinds + tag: dev-80b331447bdaebe1cd0191a165e8d4c1cdaa2e60 + pullPolicy: IfNotPresent webhook: enable: false - image: quay.io/reactiveops/fairwinds - imagePullPolicy: IfNotPresent - imageTag: dev-f16f12d0af38fd547918d394ce717037223b7f94 + image: + repository: quay.io/reactiveops/fairwinds + tag: dev-80b331447bdaebe1cd0191a165e8d4c1cdaa2e60 + pullPolicy: IfNotPresent replicas: 1 rbac: create: true