chore: overhaul chart

This should greatly improve readability of the chart itself
- moved the `Pod` spec for both the `Deployment` and `StatefulSet` into a common template in `_pod.yaml`
- replace a bunch of `if $value; print $value`-type blocks with `with $value; print .`
- replaced `command.set` in `values.yaml` with `command` directly
  - this was broken anyways, as the chart wrongly referenced `command.cmd` for both `Deployment` and `StatefulSet`
- populated contrib/charts/dragonfly/ci/ folder for development/CI purposes

Signed-off-by: Philipp Born <git@pborn.eu>

.github/workflows/ci.yml

@@ -124,5 +124,5 @@ jobs:
             install \
             --config .ct.yaml \
             --debug \
-            --helm-extra-set-args "--set=image.repository=ghcr.io/${{ github.repository }}" \
+            --helm-extra-set-args "--set=image.repository=ghcr.io/${{ github.repository }},probes=null" \
             ${{github.event_name == 'workflow_dispatch' && '--all'}} ;

contrib/charts/dragonfly/README.md

@@ -1,41 +1,68 @@
 # dragonfly
 
-![Version: 0.12.0](https://img.shields.io/badge/Version-0.12.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v0.12.0](https://img.shields.io/badge/AppVersion-v0.12.0-informational?style=flat-square)
+![Version: v0.12.0](https://img.shields.io/badge/Version-v0.12.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v0.12.0](https://img.shields.io/badge/AppVersion-v0.12.0-informational?style=flat-square)
 
 Dragonfly is a modern in-memory datastore, fully compatible with Redis and Memcached APIs.
 
+**Homepage:** <https://dragonflydb.io/>
+
+## Source Code
+
+* <https://github.com/dragonflydb/dragonfly>
+
+## Requirements
+
+Kubernetes: `>=1.23.0-0`
+
 ## Values
 
 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
 | affinity | object | `{}` | Affinity for pod assignment |
-| command.set | list | `[]` | Allow overriding the container's command |
+| command | list | `[]` | Allow overriding the container's command |
 | extraArgs | list | `[]` | Extra arguments to pass to the dragonfly binary |
 | extraVolumeMounts | list | `[]` | Extra volume mounts corresponding to the volumes mounted above |
 | extraVolumes | list | `[]` | Extra volumes to mount into the pods |
 | fullnameOverride | string | `""` | String to fully override dragonfly.fullname |
 | image.pullPolicy | string | `"IfNotPresent"` | Dragonfly image pull policy |
 | image.repository | string | `"docker.dragonflydb.io/dragonflydb/dragonfly"` | Container Image Registry to pull the image from |
-| image.tag | string | `"latest"` | Overrides the image tag whose default is the chart appVersion. |
+| image.tag | string | `""` | Overrides the image tag whose default is the chart appVersion. |
 | imagePullSecrets | list | `[]` | Container Registry Secret names in an array |
 | initContainers | list | `[]` | A list of initContainers to run before each pod starts |
 | nameOverride | string | `""` | String to partially override dragonfly.fullname |
 | nodeSelector | object | `{}` | Node labels for pod assignment |
 | podAnnotations | object | `{}` | Annotations for pods |
 | podSecurityContext | object | `{}` | Set securityContext for pod itself |
+| probes.livenessProbe.exec.command[0] | string | `"/bin/sh"` |  |
+| probes.livenessProbe.exec.command[1] | string | `"/usr/local/bin/healthcheck.sh"` |  |
+| probes.livenessProbe.failureThreshold | int | `3` |  |
+| probes.livenessProbe.initialDelaySeconds | int | `10` |  |
+| probes.livenessProbe.periodSeconds | int | `10` |  |
+| probes.livenessProbe.successThreshold | int | `1` |  |
+| probes.livenessProbe.timeoutSeconds | int | `5` |  |
+| probes.readinessProbe.exec.command[0] | string | `"/bin/sh"` |  |
+| probes.readinessProbe.exec.command[1] | string | `"/usr/local/bin/healthcheck.sh"` |  |
+| probes.readinessProbe.failureThreshold | int | `3` |  |
+| probes.readinessProbe.initialDelaySeconds | int | `10` |  |
+| probes.readinessProbe.periodSeconds | int | `10` |  |
+| probes.readinessProbe.successThreshold | int | `1` |  |
+| probes.readinessProbe.timeoutSeconds | int | `5` |  |
 | prometheusRule.enabled | bool | `false` | Deploy a PrometheusRule |
 | prometheusRule.spec | list | `[]` | PrometheusRule.Spec https://awesome-prometheus-alerts.grep.to/rules |
 | replicaCount | int | `1` | Number of replicas to deploy |
 | resources.limits | object | `{}` | The resource limits for the containers |
 | resources.requests | object | `{}` | The requested resources for the containers |
 | securityContext | object | `{}` | Set securityContext for containers |
+| service.annotations | object | `{}` | Extra annotations for the service |
+| service.lablels | object | `{}` | Extra labels for the service |
 | service.metrics.portName | string | `"metrics"` | name for the metrics port |
 | service.metrics.serviceType | string | `"ClusterIP"` | serviceType for the metrics service |
 | service.port | int | `6379` | Dragonfly service port |
 | service.type | string | `"ClusterIP"` | Service type to provision. Can be NodePort, ClusterIP or LoadBalancer |
 | serviceAccount.annotations | object | `{}` | Annotations to add to the service account |
 | serviceAccount.create | bool | `true` | Specifies whether a service account should be created |
 | serviceAccount.name | string | `""` | The name of the service account to use. If not set and create is true, a name is generated using the fullname template |
+| serviceMonitor.annotations | object | `{}` | additional annotations to apply to the metrics |
 | serviceMonitor.enabled | bool | `false` | If true, a ServiceMonitor CRD is created for a prometheus operator |
 | serviceMonitor.interval | string | `"10s"` | scrape interval |
 | serviceMonitor.labels | object | `{}` | additional labels to apply to the metrics |
@@ -51,4 +78,4 @@ Dragonfly is a modern in-memory datastore, fully compatible with Redis and Memca
 | tolerations | list | `[]` | Tolerations for pod assignment |
 
 ----------------------------------------------
-Autogenerated from chart metadata using [helm-docs v1.10.0](https://github.com/norwoodj/helm-docs/releases/v1.10.0)
+Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0)

contrib/charts/dragonfly/ci/affinity-values.yaml

@@ -0,0 +1,12 @@
+affinity:
+  podAntiAffinity:
+    preferredDuringSchedulingIgnoredDuringExecution:
+    - podAffinityTerm:
+        labelSelector:
+          matchExpressions:
+          - key: app.kubernetes.io/name
+            operator: In
+            values:
+            - dragonfly
+        topologyKey: kubernetes.io/hostname
+      weight: 100

contrib/charts/dragonfly/ci/command_extraargs-values.yaml

@@ -0,0 +1,6 @@
+command:
+  - /usr/local/bin/dragonfly
+  - --logtostderr
+
+extraArgs:
+  - --cache_mode=true

contrib/charts/dragonfly/ci/extravolumes-values.yaml

@@ -0,0 +1,8 @@
+extraVolumes:
+  - name: tmp
+    emptyDir:
+      sizeLimit: 500Mi
+
+extraVolumeMounts:
+  - mountPath: /tmp
+    name: tmp

contrib/charts/dragonfly/ci/initcontainer-values.yaml

@@ -0,0 +1,4 @@
+initContainers:
+  - name: busybox
+    image: busybox:1.28
+    command: ['sh', '-c', 'sleep 1']

contrib/charts/dragonfly/ci/persistent-values.yaml

@@ -0,0 +1,3 @@
+storage:
+  enabled: true
+  requests: 128Mi

contrib/charts/dragonfly/ci/resources-values.yaml

@@ -0,0 +1,7 @@
+resources:
+  requests:
+    cpu: 100m
+    memory: 128Mi
+  limits:
+    cpu: 100m
+    memory: 128Mi

contrib/charts/dragonfly/ci/securitycontext-values.yaml

@@ -0,0 +1,5 @@
+podSecurityContext:
+  allowPrivilegeEscalation: false
+
+securityContext:
+  readOnlyRootFilesystem: true

contrib/charts/dragonfly/ci/tls-values.yaml

@@ -0,0 +1,24 @@
+tls:
+  enabled: true
+  existing_secret: ""
+  cert: |
+    -----BEGIN CERTIFICATE-----
+    MIIB8zCCAZqgAwIBAgIEbb2Z2jAKBggqhkjOPQQDAzBZMQswCQYDVQQGEwJGTzEg
+    MB4GA1UEAwwXZHJhZ29uZmx5LmRyYWdvbmZseS5zdmMxDDAKBgNVBAgMA2ZvbzEM
+    MAoGA1UEBwwDZm9vMQwwCgYDVQQKDANmb28wHhcNMjIxMjI5MTIwMzI3WhcNMzIx
+    MjI2MTIwMzI3WjBZMQswCQYDVQQGEwJGTzEgMB4GA1UEAwwXZHJhZ29uZmx5LmRy
+    YWdvbmZseS5zdmMxDDAKBgNVBAgMA2ZvbzEMMAoGA1UEBwwDZm9vMQwwCgYDVQQK
+    DANmb28wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQWNfTuNjhPEi7h1ciCS0It
+    fKgiBhxLGlF3MtjlFTjCrzkynSSABoMtNljcDE0hm/izbRUogAcDFcvknvChzxaq
+    o1AwTjAdBgNVHQ4EFgQUSN6FbsJZ2EUfX3beCh5cEo6cktQwHwYDVR0jBBgwFoAU
+    SN6FbsJZ2EUfX3beCh5cEo6cktQwDAYDVR0TBAUwAwEB/zAKBggqhkjOPQQDAwNH
+    ADBEAiB6tG5xzyj4iT/e0wpCMRHOvlQKQexByhyNPAhro9ZCRgIgaDcd9vM8rCbb
+    JPRyzm0iN9OWM/A24nmm3itn3I4rcD0=
+    -----END CERTIFICATE-----
+
+  key: |
+    -----BEGIN EC PRIVATE KEY-----
+    MHcCAQEEINh6eMDrBlAiT68T8ovzGn6JZbJevUefYkIIYNWww55yoAoGCCqGSM49
+    AwEHoUQDQgAEFjX07jY4TxIu4dXIgktCLXyoIgYcSxpRdzLY5RU4wq85Mp0kgAaD
+    LTZY3AxNIZv4s20VKIAHAxXL5J7woc8Wqg==
+    -----END EC PRIVATE KEY-----

contrib/charts/dragonfly/ci/tolerations-values.yaml

@@ -0,0 +1,3 @@
+tolerations:
+  - effect: NoSchedule
+    operator: Exists

contrib/charts/dragonfly/templates/_pod.tpl

@@ -0,0 +1,104 @@
+{{- define "dragonfly.volumemounts" -}}
+{{- if or (.Values.storage.enabled) (.Values.extraVolumeMounts) (.Values.tls.enabled) }}
+volumeMounts:
+  {{- if .Values.storage.enabled }}
+  - mountPath: /data
+    name: "{{ .Release.Name }}-data"
+  {{- end }}
+  {{- if and .Values.tls .Values.tls.enabled }}
+  - mountPath: /etc/dragonfly/tls
+    name: tls
+  {{- end }}
+  {{- with .Values.extraVolumeMounts }}
+    {{- toYaml . | nindent 2 }}
+  {{- end }}
+{{- end }}
+{{- end }}
+
+{{- define "dragonfly.pod" -}}
+serviceAccountName: {{ include "dragonfly.serviceAccountName" . }}
+{{- with .Values.imagePullSecrets }}
+imagePullSecrets:
+  {{- toYaml . | nindent 2 }}
+{{- end }}
+{{- with .Values.podSecurityContext }}
+securityContext:
+  {{- toYaml . | nindent 2 }}
+{{- end }}
+{{- with .Values.initContainers }}
+initContainers:
+  {{- toYaml . | nindent 2 }}
+    {{- with $.Values.resources }}
+    resources:
+      {{- toYaml . | nindent 6 }}
+    {{- end }}
+    {{- include "dragonfly.volumemounts" $ | nindent 4 }}
+{{- end }}
+containers:
+  - name: {{ .Chart.Name }}
+    {{- with .Values.securityContext }}
+    securityContext:
+      {{- toYaml . | nindent 6 }}
+    {{- end }}
+    image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
+    imagePullPolicy: {{ .Values.image.pullPolicy }}
+    ports:
+      - name: dragonfly
+        containerPort: 6379
+        protocol: TCP
+    {{- with .Values.probes }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
+    {{- with .Values.command }}
+    command:
+      {{- toYaml . | nindent 6 }}
+    {{- end }}
+    args:
+      - "--alsologtostderr"
+    {{- with .Values.extraArgs }}
+      {{- toYaml . | nindent 6 }}
+    {{- end }}
+    {{- if .Values.tls.enabled }}
+      - "--tls"
+      - "--tls_cert_file=/etc/dragonfly/tls/tls.crt"
+      - "--tls_key_file=/etc/dragonfly/tls/tls.key"
+    {{- end }}
+    {{- with .Values.resources }}
+    resources:
+      {{- toYaml . | nindent 6 }}
+    {{- end }}
+    {{- include "dragonfly.volumemounts" . | nindent 4 }}
+
+{{- with .Values.nodeSelector }}
+nodeSelector:
+  {{- toYaml . | nindent 2 }}
+{{- end }}
+
+{{- with .Values.affinity }}
+affinity:
+  {{- toYaml . | nindent 2 }}
+{{- end }}
+
+{{- with .Values.tolerations }}
+tolerations:
+  {{- toYaml . | nindent 2 }}
+{{- end }}
+
+{{- if or (.Values.tls.enabled) (.Values.extraVolumes) }}
+volumes:
+{{- if and .Values.tls .Values.tls.enabled }}
+  {{- if .Values.tls.existing_secret }}
+  - name: tls
+    secret:
+      secretName: {{ .Values.tls.existing_secret }}
+  {{- else }}
+  - name: tls
+    secret:
+      secretName: {{ include "dragonfly.fullname" . }}-tls
+  {{- end }}
+{{- end }}
+{{- with .Values.extraVolumes }}
+  {{- toYaml . | nindent 2 }}
+{{- end }}
+{{- end }}
+{{- end }}

contrib/charts/dragonfly/templates/deployment.yaml

@@ -13,98 +13,14 @@ spec:
   template:
     metadata:
       annotations:
-{{- if .Values.tls.enabled }}
-{{- if not .Values.tls.existing_secret }}
+        {{- if and (.Values.tls.enabled) (not .Values.tls.existing_secret) }}
         checksum/tls-secret: {{ include (print $.Template.BasePath "/tls-secret.yaml") . | sha256sum }}
-{{- end }}
-{{- end }}
-      {{- with .Values.podAnnotations }}
+        {{- end }}
+        {{- with .Values.podAnnotations }}
         {{- toYaml . | nindent 8 }}
-      {{- end }}
+        {{- end }}
       labels:
         {{- include "dragonfly.selectorLabels" . | nindent 8 }}
     spec:
-      {{- with .Values.imagePullSecrets }}
-      imagePullSecrets:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      serviceAccountName: {{ include "dragonfly.serviceAccountName" . }}
-      securityContext:
-        {{- toYaml .Values.podSecurityContext | nindent 8 }}
-{{- if .Values.initContainers }}
-      initContainers: {{- toYaml .Values.initContainers | nindent 6 }}
-  {{- if .Values.resources }}
-        resources:
-    {{- toYaml .Values.resources | nindent 10 }}
-  {{- end }}
-  {{- if .Values.extraVolumeMounts }}
-        volumeMounts:
-    {{- toYaml .Values.extraVolumeMounts | nindent 10 }}
-  {{- end }}
-{{- end }}
-      containers:
-        - name: {{ .Chart.Name }}
-          securityContext:
-            {{- toYaml .Values.securityContext | nindent 12 }}
-          image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
-          imagePullPolicy: {{ .Values.image.pullPolicy }}
-          ports:
-            - name: dragonfly
-              containerPort: 6379
-              protocol: TCP
-        {{- with .Values.probes }}
-          {{- toYaml . | nindent 10 }}
-        {{- end }}
-          {{- if .Values.command.cmd }}
-          command:
-            {{ toYaml .Values.command.cmd | nindent 12 }}
-          {{- end }}
-          args:
-            - "--alsologtostderr"
-          {{- if .Values.extraArgs }}
-            {{- toYaml .Values.extraArgs | nindent 12 }}
-          {{- end }}
-{{- if .Values.tls.enabled }}
-            - "--tls"
-            - "--tls_cert_file=/etc/dragonfly/tls/tls.crt"
-            - "--tls_key_file=/etc/dragonfly/tls/tls.key"
-{{- end }}
-          resources:
-            {{- toYaml .Values.resources | nindent 12 }}
-          volumeMounts:
-            {{- if .Values.tls.enabled }}
-            - mountPath: /etc/dragonfly/tls
-              name: tls
-            {{- end }}
-{{- if .Values.extraVolumeMounts }}
-            {{- toYaml .Values.extraVolumeMounts | nindent 12 }}
-{{- end }}
-      {{- with .Values.nodeSelector }}
-      nodeSelector:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.affinity }}
-      affinity:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.tolerations }}
-      tolerations:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      volumes:
-{{- if .Values.tls.enabled }}
-  {{- if .Values.tls.existing_secret }}
-        - name: tls
-          secret:
-            secretName: {{ .Values.tls.existing_secret }}
-        {{- else }}
-        - name: tls
-          secret:
-            secretName: {{ include "dragonfly.fullname" . }}-tls
-  {{- end }}
-{{- end }}
-{{- if .Values.extraVolumes }}
-        {{- toYaml .Values.extraVolumes | nindent 8 }}
-{{- end }}
-
+      {{- include "dragonfly.pod" . | nindent 6 }}
 {{- end }}

contrib/charts/dragonfly/templates/prometheusrule.yaml

@@ -5,16 +5,10 @@ metadata:
   name: {{ template "dragonfly.fullname" . }}-metrics
   namespace: {{ .Release.Namespace }}
   labels:
-    chart: {{ template "dragonfly.chart" . }}
-    app: {{ template "dragonfly.name" . }}
-    release: "{{ .Release.Name }}"
-    heritage: "{{ .Release.Service }}"
-    {{- if .Values.serviceMonitor.labels }}
-    {{- toYaml .Values.serviceMonitor.labels | nindent 4 }}
-    {{- end }}
+    {{- include "dragonfly.labels" . | nindent 4 }}
 spec:
   groups:
   - name: {{ template "dragonfly.name" . }}
     rules:
-{{- toYaml .Values.prometheusRule.spec | nindent 4 }}
+    {{- toYaml .Values.prometheusRule.spec | nindent 4 }}
 {{- end }}