From c867d6f0da40721da32c5304e60b08616d1bed2b Mon Sep 17 00:00:00 2001
From: Nicolas Giard <github@ngpixel.com>
Date: Fri, 26 Jan 2024 16:54:03 -0500
Subject: [PATCH] ci: helm values + deployment files for all 5 services (wip)
---
helm/templates/_helpers.tpl | 127 +++-
.../beat.yaml} | 1 +
helm/templates/deployments/celery.yaml | 67 +++
helm/templates/deployments/datatracker.yaml | 67 +++
helm/templates/deployments/memcached.yaml | 67 +++
helm/templates/deployments/rabbitmq.yaml | 67 +++
helm/templates/ingress.yaml | 20 +-
helm/templates/rbac/beat-serviceaccount.yaml | 12 +
.../templates/rbac/celery-serviceaccount.yaml | 12 +
.../rbac/datatracker-serviceaccount.yaml | 12 +
.../rbac/memcached-serviceaccount.yaml | 12 +
.../rbac/rabbitmq-serviceaccount.yaml | 12 +
helm/templates/service.yaml | 6 +-
helm/templates/serviceaccount.yaml | 12 -
helm/values.yaml | 563 +++++++++++++++---
15 files changed, 931 insertions(+), 126 deletions(-)
rename helm/templates/{deployment.yaml => deployments/beat.yaml} (95%)
create mode 100644 helm/templates/deployments/celery.yaml
create mode 100644 helm/templates/deployments/datatracker.yaml
create mode 100644 helm/templates/deployments/memcached.yaml
create mode 100644 helm/templates/deployments/rabbitmq.yaml
create mode 100644 helm/templates/rbac/beat-serviceaccount.yaml
create mode 100644 helm/templates/rbac/celery-serviceaccount.yaml
create mode 100644 helm/templates/rbac/datatracker-serviceaccount.yaml
create mode 100644 helm/templates/rbac/memcached-serviceaccount.yaml
create mode 100644 helm/templates/rbac/rabbitmq-serviceaccount.yaml
delete mode 100644 helm/templates/serviceaccount.yaml
diff --git a/helm/templates/_helpers.tpl b/helm/templates/_helpers.tpl
index 071e9b824..0f6d45585 100644
--- a/helm/templates/_helpers.tpl
+++ b/helm/templates/_helpers.tpl
@@ -23,6 +23,91 @@ If release name contains chart name it will be used as a full name.
{{- end }}
{{- end }}
+{{/*
+Create a fully qualified datatracker name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+*/}}
+{{- define "datatracker.datatracker.fullname" -}}
+{{- if .Values.datatracker.fullnameOverride -}}
+{{- .Values.datatracker.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- printf "%s-%s" .Release.Name .Values.datatracker.name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s-%s" .Release.Name $name .Values.datatracker.name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create a fully qualified celery name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+*/}}
+{{- define "datatracker.celery.fullname" -}}
+{{- if .Values.celery.fullnameOverride -}}
+{{- .Values.celery.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- printf "%s-%s" .Release.Name .Values.celery.name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s-%s" .Release.Name $name .Values.celery.name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create a fully qualified celery name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+*/}}
+{{- define "datatracker.beat.fullname" -}}
+{{- if .Values.beat.fullnameOverride -}}
+{{- .Values.beat.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- printf "%s-%s" .Release.Name .Values.beat.name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s-%s" .Release.Name $name .Values.beat.name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create a fully qualified rabbitmq name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+*/}}
+{{- define "datatracker.rabbitmq.fullname" -}}
+{{- if .Values.rabbitmq.fullnameOverride -}}
+{{- .Values.rabbitmq.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- printf "%s-%s" .Release.Name .Values.rabbitmq.name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s-%s" .Release.Name $name .Values.rabbitmq.name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create a fully qualified memcached name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+*/}}
+{{- define "datatracker.memcached.fullname" -}}
+{{- if .Values.memcached.fullnameOverride -}}
+{{- .Values.memcached.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- printf "%s-%s" .Release.Name .Values.memcached.name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s-%s" .Release.Name $name .Values.memcached.name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
{{/*
Create chart name and version as used by the chart label.
*/}}
@@ -53,10 +138,42 @@ app.kubernetes.io/instance: {{ .Release.Name }}
{{/*
Create the name of the service account to use
*/}}
-{{- define "datatracker.serviceAccountName" -}}
-{{- if .Values.serviceAccount.create }}
-{{- default (include "datatracker.fullname" .) .Values.serviceAccount.name }}
-{{- else }}
-{{- default "default" .Values.serviceAccount.name }}
+{{- define "datatracker.serviceAccountName.datatracker" -}}
+{{- if .Values.serviceAccounts.datatracker.create -}}
+ {{ default (include "datatracker.datatracker.fullname" .) .Values.serviceAccounts.datatracker.name }}
+{{- else -}}
+ {{ default "default" .Values.serviceAccounts.datatracker.name }}
+{{- end -}}
{{- end }}
+
+{{- define "datatracker.serviceAccountName.celery" -}}
+{{- if .Values.serviceAccounts.celery.create -}}
+ {{ default (include "datatracker.celery.fullname" .) .Values.serviceAccounts.celery.name }}
+{{- else -}}
+ {{ default "default" .Values.serviceAccounts.celery.name }}
+{{- end -}}
+{{- end }}
+
+{{- define "datatracker.serviceAccountName.beat" -}}
+{{- if .Values.serviceAccounts.beat.create -}}
+ {{ default (include "datatracker.beat.fullname" .) .Values.serviceAccounts.beat.name }}
+{{- else -}}
+ {{ default "default" .Values.serviceAccounts.beat.name }}
+{{- end -}}
+{{- end }}
+
+{{- define "datatracker.serviceAccountName.rabbitmq" -}}
+{{- if .Values.serviceAccounts.rabbitmq.create -}}
+ {{ default (include "datatracker.rabbitmq.fullname" .) .Values.serviceAccounts.rabbitmq.name }}
+{{- else -}}
+ {{ default "default" .Values.serviceAccounts.rabbitmq.name }}
+{{- end -}}
+{{- end }}
+
+{{- define "datatracker.serviceAccountName.memcached" -}}
+{{- if .Values.serviceAccounts.memcached.create -}}
+ {{ default (include "datatracker.memcached.fullname" .) .Values.serviceAccounts.memcached.name }}
+{{- else -}}
+ {{ default "default" .Values.serviceAccounts.memcached.name }}
+{{- end -}}
{{- end }}
\ No newline at end of file
diff --git a/helm/templates/deployment.yaml b/helm/templates/deployments/beat.yaml
similarity index 95%
rename from helm/templates/deployment.yaml
rename to helm/templates/deployments/beat.yaml
index b47c41a97..41f76b7f4 100644
--- a/helm/templates/deployment.yaml
+++ b/helm/templates/deployments/beat.yaml
@@ -29,6 +29,7 @@ spec:
image: "{{ .Values.image.repository }}:{{ default "latest" .Values.image.tag }}"
imagePullPolicy: {{ default "IfNotPresent" .Values.image.imagePullPolicy }}
env:
+ CONTAINER_ROLE: beat
{{- if .Values.env }}
{{- toYaml .Values.env | nindent 12 }}
{{- end }}
diff --git a/helm/templates/deployments/celery.yaml b/helm/templates/deployments/celery.yaml
new file mode 100644
index 000000000..f34678307
--- /dev/null
+++ b/helm/templates/deployments/celery.yaml
@@ -0,0 +1,67 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: {{ include "datatracker.fullname" . }}
+ labels:
+ {{- include "datatracker.labels" . | nindent 4 }}
+spec:
+ replicas: {{ .Values.replicaCount }}
+ revisionHistoryLimit: {{ .Values.revisionHistoryLimit }}
+ selector:
+ matchLabels:
+ {{- include "datatracker.selectorLabels" . | nindent 6 }}
+ template:
+ metadata:
+ labels:
+ {{- include "datatracker.selectorLabels" . | nindent 8 }}
+ spec:
+ {{- with .Values.imagePullSecrets }}
+ imagePullSecrets:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ serviceAccountName: {{ include "datatracker.serviceAccountName" . }}
+ securityContext:
+ {{- toYaml .Values.podSecurityContext | nindent 8 }}
+ containers:
+ - name: {{ .Chart.Name }}
+ securityContext:
+ {{- toYaml .Values.securityContext | nindent 12 }}
+ image: "{{ .Values.image.repository }}:{{ default "latest" .Values.image.tag }}"
+ imagePullPolicy: {{ default "IfNotPresent" .Values.image.imagePullPolicy }}
+ env:
+ CONTAINER_ROLE: celery
+ {{- if .Values.env }}
+ {{- toYaml .Values.env | nindent 12 }}
+ {{- end }}
+ {{- with .Values.volumeMounts }}
+ volumeMounts:
+ {{- toYaml . | nindent 12 }}
+ {{- end }}
+ ports:
+ - name: http
+ containerPort: 8000
+ protocol: TCP
+ livenessProbe:
+ {{- toYaml .Values.livenessProbe | nindent 12 }}
+ readinessProbe:
+ {{- toYaml .Values.readinessProbe | nindent 12 }}
+ startupProbe:
+ {{- toYaml .Values.startupProbe | nindent 12 }}
+ resources:
+ {{- toYaml .Values.resources | nindent 12 }}
+ {{- with .Values.nodeSelector }}
+ nodeSelector:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ {{- with .Values.affinity }}
+ affinity:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ {{- with .Values.tolerations }}
+ tolerations:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ {{- with .Values.volumes }}
+ volumes:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
diff --git a/helm/templates/deployments/datatracker.yaml b/helm/templates/deployments/datatracker.yaml
new file mode 100644
index 000000000..1f403787e
--- /dev/null
+++ b/helm/templates/deployments/datatracker.yaml
@@ -0,0 +1,67 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: {{ include "datatracker.fullname" . }}
+ labels:
+ {{- include "datatracker.labels" . | nindent 4 }}
+spec:
+ replicas: {{ .Values.replicaCount }}
+ revisionHistoryLimit: {{ .Values.revisionHistoryLimit }}
+ selector:
+ matchLabels:
+ {{- include "datatracker.selectorLabels" . | nindent 6 }}
+ template:
+ metadata:
+ labels:
+ {{- include "datatracker.selectorLabels" . | nindent 8 }}
+ spec:
+ {{- with .Values.imagePullSecrets }}
+ imagePullSecrets:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ serviceAccountName: {{ include "datatracker.serviceAccountName" . }}
+ securityContext:
+ {{- toYaml .Values.podSecurityContext | nindent 8 }}
+ containers:
+ - name: {{ .Chart.Name }}
+ securityContext:
+ {{- toYaml .Values.securityContext | nindent 12 }}
+ image: "{{ .Values.image.repository }}:{{ default "latest" .Values.image.tag }}"
+ imagePullPolicy: {{ default "IfNotPresent" .Values.image.imagePullPolicy }}
+ env:
+ CONTAINER_ROLE: datatracker
+ {{- if .Values.env }}
+ {{- toYaml .Values.env | nindent 12 }}
+ {{- end }}
+ {{- with .Values.volumeMounts }}
+ volumeMounts:
+ {{- toYaml . | nindent 12 }}
+ {{- end }}
+ ports:
+ - name: http
+ containerPort: 8000
+ protocol: TCP
+ livenessProbe:
+ {{- toYaml .Values.livenessProbe | nindent 12 }}
+ readinessProbe:
+ {{- toYaml .Values.readinessProbe | nindent 12 }}
+ startupProbe:
+ {{- toYaml .Values.startupProbe | nindent 12 }}
+ resources:
+ {{- toYaml .Values.resources | nindent 12 }}
+ {{- with .Values.nodeSelector }}
+ nodeSelector:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ {{- with .Values.affinity }}
+ affinity:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ {{- with .Values.tolerations }}
+ tolerations:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ {{- with .Values.volumes }}
+ volumes:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
diff --git a/helm/templates/deployments/memcached.yaml b/helm/templates/deployments/memcached.yaml
new file mode 100644
index 000000000..41f76b7f4
--- /dev/null
+++ b/helm/templates/deployments/memcached.yaml
@@ -0,0 +1,67 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: {{ include "datatracker.fullname" . }}
+ labels:
+ {{- include "datatracker.labels" . | nindent 4 }}
+spec:
+ replicas: {{ .Values.replicaCount }}
+ revisionHistoryLimit: {{ .Values.revisionHistoryLimit }}
+ selector:
+ matchLabels:
+ {{- include "datatracker.selectorLabels" . | nindent 6 }}
+ template:
+ metadata:
+ labels:
+ {{- include "datatracker.selectorLabels" . | nindent 8 }}
+ spec:
+ {{- with .Values.imagePullSecrets }}
+ imagePullSecrets:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ serviceAccountName: {{ include "datatracker.serviceAccountName" . }}
+ securityContext:
+ {{- toYaml .Values.podSecurityContext | nindent 8 }}
+ containers:
+ - name: {{ .Chart.Name }}
+ securityContext:
+ {{- toYaml .Values.securityContext | nindent 12 }}
+ image: "{{ .Values.image.repository }}:{{ default "latest" .Values.image.tag }}"
+ imagePullPolicy: {{ default "IfNotPresent" .Values.image.imagePullPolicy }}
+ env:
+ CONTAINER_ROLE: beat
+ {{- if .Values.env }}
+ {{- toYaml .Values.env | nindent 12 }}
+ {{- end }}
+ {{- with .Values.volumeMounts }}
+ volumeMounts:
+ {{- toYaml . | nindent 12 }}
+ {{- end }}
+ ports:
+ - name: http
+ containerPort: 8000
+ protocol: TCP
+ livenessProbe:
+ {{- toYaml .Values.livenessProbe | nindent 12 }}
+ readinessProbe:
+ {{- toYaml .Values.readinessProbe | nindent 12 }}
+ startupProbe:
+ {{- toYaml .Values.startupProbe | nindent 12 }}
+ resources:
+ {{- toYaml .Values.resources | nindent 12 }}
+ {{- with .Values.nodeSelector }}
+ nodeSelector:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ {{- with .Values.affinity }}
+ affinity:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ {{- with .Values.tolerations }}
+ tolerations:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ {{- with .Values.volumes }}
+ volumes:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
diff --git a/helm/templates/deployments/rabbitmq.yaml b/helm/templates/deployments/rabbitmq.yaml
new file mode 100644
index 000000000..41f76b7f4
--- /dev/null
+++ b/helm/templates/deployments/rabbitmq.yaml
@@ -0,0 +1,67 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: {{ include "datatracker.fullname" . }}
+ labels:
+ {{- include "datatracker.labels" . | nindent 4 }}
+spec:
+ replicas: {{ .Values.replicaCount }}
+ revisionHistoryLimit: {{ .Values.revisionHistoryLimit }}
+ selector:
+ matchLabels:
+ {{- include "datatracker.selectorLabels" . | nindent 6 }}
+ template:
+ metadata:
+ labels:
+ {{- include "datatracker.selectorLabels" . | nindent 8 }}
+ spec:
+ {{- with .Values.imagePullSecrets }}
+ imagePullSecrets:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ serviceAccountName: {{ include "datatracker.serviceAccountName" . }}
+ securityContext:
+ {{- toYaml .Values.podSecurityContext | nindent 8 }}
+ containers:
+ - name: {{ .Chart.Name }}
+ securityContext:
+ {{- toYaml .Values.securityContext | nindent 12 }}
+ image: "{{ .Values.image.repository }}:{{ default "latest" .Values.image.tag }}"
+ imagePullPolicy: {{ default "IfNotPresent" .Values.image.imagePullPolicy }}
+ env:
+ CONTAINER_ROLE: beat
+ {{- if .Values.env }}
+ {{- toYaml .Values.env | nindent 12 }}
+ {{- end }}
+ {{- with .Values.volumeMounts }}
+ volumeMounts:
+ {{- toYaml . | nindent 12 }}
+ {{- end }}
+ ports:
+ - name: http
+ containerPort: 8000
+ protocol: TCP
+ livenessProbe:
+ {{- toYaml .Values.livenessProbe | nindent 12 }}
+ readinessProbe:
+ {{- toYaml .Values.readinessProbe | nindent 12 }}
+ startupProbe:
+ {{- toYaml .Values.startupProbe | nindent 12 }}
+ resources:
+ {{- toYaml .Values.resources | nindent 12 }}
+ {{- with .Values.nodeSelector }}
+ nodeSelector:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ {{- with .Values.affinity }}
+ affinity:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ {{- with .Values.tolerations }}
+ tolerations:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ {{- with .Values.volumes }}
+ volumes:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
diff --git a/helm/templates/ingress.yaml b/helm/templates/ingress.yaml
index 8d9258cd8..68034601a 100644
--- a/helm/templates/ingress.yaml
+++ b/helm/templates/ingress.yaml
@@ -1,9 +1,9 @@
-{{- if .Values.ingress.enabled -}}
+{{- if .Values.datatracker.ingress.enabled -}}
{{- $fullName := include "datatracker.fullname" . -}}
{{- $svcPort := .Values.service.port -}}
-{{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }}
- {{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }}
- {{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.className}}
+{{- if and .Values.datatracker.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }}
+ {{- if not (hasKey .Values.datatracker.ingress.annotations "kubernetes.io/ingress.class") }}
+ {{- $_ := set .Values.datatracker.ingress.annotations "kubernetes.io/ingress.class" .Values.datatracker.ingress.className}}
{{- end }}
{{- end }}
{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}}
@@ -18,17 +18,17 @@ metadata:
name: {{ $fullName }}
labels:
{{- include "datatracker.labels" . | nindent 4 }}
- {{- with .Values.ingress.annotations }}
+ {{- with .Values.datatracker.ingress.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
- {{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }}
- ingressClassName: {{ .Values.ingress.className }}
+ {{- if and .Values.datatracker.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }}
+ ingressClassName: {{ .Values.datatracker.ingress.className }}
{{- end }}
- {{- if .Values.ingress.tls }}
+ {{- if .Values.datatracker.ingress.tls }}
tls:
- {{- range .Values.ingress.tls }}
+ {{- range .Values.datatracker.ingress.tls }}
- hosts:
{{- range .hosts }}
- {{ . | quote }}
@@ -37,7 +37,7 @@ spec:
{{- end }}
{{- end }}
rules:
- {{- range .Values.ingress.hosts }}
+ {{- range .Values.datatracker.ingress.hosts }}
- host: {{ .host | quote }}
http:
paths:
diff --git a/helm/templates/rbac/beat-serviceaccount.yaml b/helm/templates/rbac/beat-serviceaccount.yaml
new file mode 100644
index 000000000..f9fa5830c
--- /dev/null
+++ b/helm/templates/rbac/beat-serviceaccount.yaml
@@ -0,0 +1,12 @@
+{{- if .Values.serviceAccounts.beat.create -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: {{ include "datatracker.serviceAccountName.beat" . }}
+ labels:
+ {{- include "datatracker.beat.labels" . | nindent 4 }}
+ {{- with .Values.serviceAccounts.beat.annotations }}
+ annotations:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+{{- end -}}
\ No newline at end of file
diff --git a/helm/templates/rbac/celery-serviceaccount.yaml b/helm/templates/rbac/celery-serviceaccount.yaml
new file mode 100644
index 000000000..267d1dce3
--- /dev/null
+++ b/helm/templates/rbac/celery-serviceaccount.yaml
@@ -0,0 +1,12 @@
+{{- if .Values.serviceAccounts.celery.create -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: {{ include "datatracker.serviceAccountName.celery" . }}
+ labels:
+ {{- include "datatracker.celery.labels" . | nindent 4 }}
+ {{- with .Values.serviceAccounts.celery.annotations }}
+ annotations:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+{{- end -}}
\ No newline at end of file
diff --git a/helm/templates/rbac/datatracker-serviceaccount.yaml b/helm/templates/rbac/datatracker-serviceaccount.yaml
new file mode 100644
index 000000000..8f37799ba
--- /dev/null
+++ b/helm/templates/rbac/datatracker-serviceaccount.yaml
@@ -0,0 +1,12 @@
+{{- if .Values.serviceAccounts.datatracker.create -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: {{ include "datatracker.serviceAccountName.datatracker" . }}
+ labels:
+ {{- include "datatracker.datatracker.labels" . | nindent 4 }}
+ {{- with .Values.serviceAccounts.datatracker.annotations }}
+ annotations:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+{{- end -}}
\ No newline at end of file
diff --git a/helm/templates/rbac/memcached-serviceaccount.yaml b/helm/templates/rbac/memcached-serviceaccount.yaml
new file mode 100644
index 000000000..ba150a406
--- /dev/null
+++ b/helm/templates/rbac/memcached-serviceaccount.yaml
@@ -0,0 +1,12 @@
+{{- if .Values.serviceAccounts.memcached.create -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: {{ include "datatracker.serviceAccountName.memcached" . }}
+ labels:
+ {{- include "datatracker.memcached.labels" . | nindent 4 }}
+ {{- with .Values.serviceAccounts.memcached.annotations }}
+ annotations:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+{{- end -}}
\ No newline at end of file
diff --git a/helm/templates/rbac/rabbitmq-serviceaccount.yaml b/helm/templates/rbac/rabbitmq-serviceaccount.yaml
new file mode 100644
index 000000000..c9ce12748
--- /dev/null
+++ b/helm/templates/rbac/rabbitmq-serviceaccount.yaml
@@ -0,0 +1,12 @@
+{{- if .Values.serviceAccounts.rabbitmq.create -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: {{ include "datatracker.serviceAccountName.rabbitmq" . }}
+ labels:
+ {{- include "datatracker.rabbitmq.labels" . | nindent 4 }}
+ {{- with .Values.serviceAccounts.rabbitmq.annotations }}
+ annotations:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+{{- end -}}
\ No newline at end of file
diff --git a/helm/templates/service.yaml b/helm/templates/service.yaml
index f1bdca0ad..e7b310f98 100644
--- a/helm/templates/service.yaml
+++ b/helm/templates/service.yaml
@@ -3,16 +3,16 @@ kind: Service
metadata:
name: {{include "datatracker.fullname" .}}
labels: {{- include "datatracker.labels" . | nindent 4 }}
- {{- with .Values.service.annotations }}
+ {{- with .Values.datatracker.service.annotations }}
annotations:
{{- range $key, $value := . }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
spec:
- type: {{.Values.service.type}}
+ type: {{.Values.datatracker.service.type}}
ports:
- - port: {{ default "80" .Values.service.port}}
+ - port: {{ default "80" .Values.datatracker.service.port}}
targetPort: http
protocol: TCP
name: http
diff --git a/helm/templates/serviceaccount.yaml b/helm/templates/serviceaccount.yaml
deleted file mode 100644
index 475fcd51f..000000000
--- a/helm/templates/serviceaccount.yaml
+++ /dev/null
@@ -1,12 +0,0 @@
-{{- if .Values.serviceAccount.create -}}
-apiVersion: v1
-kind: ServiceAccount
-metadata:
- name: {{ include "datatracker.serviceAccountName" . }}
- labels:
- {{- include "datatracker.labels" . | nindent 4 }}
- {{- with .Values.serviceAccount.annotations }}
- annotations:
- {{- toYaml . | nindent 4 }}
- {{- end }}
-{{- end -}}
\ No newline at end of file
diff --git a/helm/values.yaml b/helm/values.yaml
index 92efbce9d..31f5e25cf 100644
--- a/helm/values.yaml
+++ b/helm/values.yaml
@@ -2,117 +2,488 @@
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
-replicaCount: 1
+## Define serviceAccount names for components. Defaults to component's fully qualified name.
+##
+serviceAccounts:
+ datatracker:
+ create: true
+ name:
+ annotations: {}
+ celery:
+ create: true
+ name:
+ annotations: {}
+ beat:
+ create: true
+ name:
+ annotations: {}
+ rabbitmq:
+ create: true
+ name:
+ annotations: {}
+ memcached:
+ create: true
+ name:
+ annotations: {}
-image:
- repository: "ghcr.io/ietf-tools/datatracker"
- pullPolicy: IfNotPresent
- # Overrides the image tag whose default is the chart appVersion.
- # tag: "v1.1.0"
+# -------------------------------------------------------------
+# DATATRACKER
+# -------------------------------------------------------------
-imagePullSecrets: []
-nameOverride: ""
-fullnameOverride: ""
+datatracker:
+ image:
+ repository: "ghcr.io/ietf-tools/datatracker"
+ pullPolicy: IfNotPresent
+ # Overrides the image tag whose default is the chart appVersion.
+ # tag: "v1.1.0"
-serviceAccount:
- # Specifies whether a service account should be created
- create: true
- # Automatically mount a ServiceAccount's API credentials?
- automount: true
- # Annotations to add to the service account
- annotations: {}
- # The name of the service account to use.
- # If not set and create is true, a name is generated using the fullname template
- name: ""
+ imagePullSecrets: []
+ nameOverride: ""
+ fullnameOverride: ""
-livenessProbe:
- httpGet:
- path: /healthz
- port: http
+ ingress:
+ enabled: false
+ className: ""
+ annotations: {}
+ # kubernetes.io/ingress.class: nginx
+ # kubernetes.io/tls-acme: "true"
+ hosts:
+ - host: datatracker.local
+ paths:
+ - path: /
+ pathType: ImplementationSpecific
+ tls: []
+ # - secretName: chart-example-tls
+ # hosts:
+ # - chart-example.local
-readinessProbe:
- httpGet:
- path: /healthz
- port: http
+ livenessProbe:
+ httpGet:
+ path: /health
+ port: http
-startupProbe:
- initialDelaySeconds: 15
- periodSeconds: 5
- timeoutSeconds: 5
- successThreshold: 1
- failureThreshold: 60
- httpGet:
- path: /healthz
- port: http
+ podAnnotations: {}
+ podLabels: {}
-podAnnotations: {}
-podLabels: {}
+ podSecurityContext: {}
+ # fsGroup: 2000
-podSecurityContext: {}
- # fsGroup: 2000
+ readinessProbe:
+ httpGet:
+ path: /health
+ port: http
-securityContext: {}
- # capabilities:
- # drop:
- # - ALL
- # readOnlyRootFilesystem: true
- # runAsNonRoot: true
- # runAsUser: 1000
+ replicaCount: 1
-service:
- type: ClusterIP
- port: 80
+ resources: {}
+ # We usually recommend not to specify default resources and to leave this as a conscious
+ # choice for the user. This also increases chances charts run on environments with little
+ # resources, such as Minikube. If you do want to specify resources, uncomment the following
+ # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+ # limits:
+ # cpu: 100m
+ # memory: 128Mi
+ # requests:
+ # cpu: 100m
+ # memory: 128Mi
-ingress:
- enabled: false
- className: ""
- annotations: {}
- # kubernetes.io/ingress.class: nginx
- # kubernetes.io/tls-acme: "true"
- hosts:
- - host: datatracker.local
- paths:
- - path: /
- pathType: ImplementationSpecific
- tls: []
- # - secretName: chart-example-tls
- # hosts:
- # - chart-example.local
+ securityContext: {}
+ # capabilities:
+ # drop:
+ # - ALL
+ # readOnlyRootFilesystem: true
+ # runAsNonRoot: true
+ # runAsUser: 1000
-resources: {}
- # We usually recommend not to specify default resources and to leave this as a conscious
- # choice for the user. This also increases chances charts run on environments with little
- # resources, such as Minikube. If you do want to specify resources, uncomment the following
- # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
- # limits:
- # cpu: 100m
- # memory: 128Mi
- # requests:
- # cpu: 100m
- # memory: 128Mi
+ service:
+ type: ClusterIP
+ port: 80
+
+ serviceAccount:
+ # Specifies whether a service account should be created
+ create: true
+ # Automatically mount a ServiceAccount's API credentials?
+ automount: true
+ # Annotations to add to the service account
+ annotations: {}
+ # The name of the service account to use.
+ # If not set and create is true, a name is generated using the fullname template
+ name: ""
+
+ startupProbe:
+ initialDelaySeconds: 15
+ periodSeconds: 5
+ timeoutSeconds: 5
+ successThreshold: 1
+ failureThreshold: 60
+ httpGet:
+ path: /health
+ port: http
+
+ # Additional volumes on the output Deployment definition.
+ volumes: []
+ # - name: foo
+ # secret:
+ # secretName: mysecret
+ # optional: false
+
+ # Additional volumeMounts on the output Deployment definition.
+ volumeMounts: []
+ # - name: foo
+ # mountPath: "/etc/foo"
+ # readOnly: true
+
+ tolerations: []
+
+ nodeSelector: {}
+
+ affinity: {}
+
+# -------------------------------------------------------------
+# CELERY
+# -------------------------------------------------------------
+
+celery:
+ image:
+ repository: "ghcr.io/ietf-tools/datatracker"
+ pullPolicy: IfNotPresent
+ # Overrides the image tag whose default is the chart appVersion.
+ # tag: "v1.1.0"
+
+ imagePullSecrets: []
+ nameOverride: ""
+ fullnameOverride: ""
+
+ livenessProbe:
+ exec:
+ command: celery inspect ping
+ periodSeconds: 30
+ timeoutSeconds: 5
+
+ podAnnotations: {}
+ podLabels: {}
+
+ podSecurityContext: {}
+ # fsGroup: 2000
+
+ replicaCount: 1
+
+ resources: {}
+ # We usually recommend not to specify default resources and to leave this as a conscious
+ # choice for the user. This also increases chances charts run on environments with little
+ # resources, such as Minikube. If you do want to specify resources, uncomment the following
+ # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+ # limits:
+ # cpu: 100m
+ # memory: 128Mi
+ # requests:
+ # cpu: 100m
+ # memory: 128Mi
+
+ securityContext: {}
+ # capabilities:
+ # drop:
+ # - ALL
+ # readOnlyRootFilesystem: true
+ # runAsNonRoot: true
+ # runAsUser: 1000
+
+ service:
+ type: ClusterIP
+ port: 80
+
+ serviceAccount:
+ # Specifies whether a service account should be created
+ create: true
+ # Automatically mount a ServiceAccount's API credentials?
+ automount: true
+ # Annotations to add to the service account
+ annotations: {}
+ # The name of the service account to use.
+ # If not set and create is true, a name is generated using the fullname template
+ name: ""
+
+ startupProbe:
+ initialDelaySeconds: 15
+ periodSeconds: 5
+ timeoutSeconds: 5
+ successThreshold: 1
+ failureThreshold: 60
+ exec:
+ command: celery inspect ping
+
+ # Additional volumes on the output Deployment definition.
+ volumes: []
+ # - name: foo
+ # secret:
+ # secretName: mysecret
+ # optional: false
+
+ # Additional volumeMounts on the output Deployment definition.
+ volumeMounts: []
+ # - name: foo
+ # mountPath: "/etc/foo"
+ # readOnly: true
+
+ tolerations: []
+
+ nodeSelector: {}
+
+ affinity: {}
+
+# -------------------------------------------------------------
+# BEAT
+# -------------------------------------------------------------
+
+beat:
+ image:
+ repository: "ghcr.io/ietf-tools/datatracker"
+ pullPolicy: IfNotPresent
+ # Overrides the image tag whose default is the chart appVersion.
+ # tag: "v1.1.0"
+
+ imagePullSecrets: []
+ nameOverride: ""
+ fullnameOverride: ""
+
+ livenessProbe:
+ exec:
+ command: celery inspect ping
+ periodSeconds: 30
+ timeoutSeconds: 5
+
+ podAnnotations: {}
+ podLabels: {}
+
+ podSecurityContext: {}
+ # fsGroup: 2000
+
+ replicaCount: 1
+
+ resources: {}
+ # We usually recommend not to specify default resources and to leave this as a conscious
+ # choice for the user. This also increases chances charts run on environments with little
+ # resources, such as Minikube. If you do want to specify resources, uncomment the following
+ # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+ # limits:
+ # cpu: 100m
+ # memory: 128Mi
+ # requests:
+ # cpu: 100m
+ # memory: 128Mi
+
+ securityContext: {}
+ # capabilities:
+ # drop:
+ # - ALL
+ # readOnlyRootFilesystem: true
+ # runAsNonRoot: true
+ # runAsUser: 1000
+
+ service:
+ type: ClusterIP
+ port: 80
+
+ serviceAccount:
+ # Specifies whether a service account should be created
+ create: true
+ # Automatically mount a ServiceAccount's API credentials?
+ automount: true
+ # Annotations to add to the service account
+ annotations: {}
+ # The name of the service account to use.
+ # If not set and create is true, a name is generated using the fullname template
+ name: ""
+
+ startupProbe:
+ initialDelaySeconds: 15
+ periodSeconds: 5
+ timeoutSeconds: 5
+ successThreshold: 1
+ failureThreshold: 60
+ exec:
+ command: celery inspect ping
+
+ # Additional volumes on the output Deployment definition.
+ volumes: []
+ # - name: foo
+ # secret:
+ # secretName: mysecret
+ # optional: false
+
+ # Additional volumeMounts on the output Deployment definition.
+ volumeMounts: []
+ # - name: foo
+ # mountPath: "/etc/foo"
+ # readOnly: true
+
+ tolerations: []
+
+ nodeSelector: {}
+
+ affinity: {}
+
+# -------------------------------------------------------------
+# RABBITMQ
+# -------------------------------------------------------------
+
+rabbitmq:
+ image:
+ repository: "ghcr.io/ietf-tools/datatracker-mq"
+ pullPolicy: IfNotPresent
+ tag: "latest"
+
+ imagePullSecrets: []
+ nameOverride: ""
+ fullnameOverride: ""
+
+ livenessProbe:
+ exec:
+ command: rabbitmq-diagnostics -q ping
+ periodSeconds: 30
+ timeoutSeconds: 5
+
+ podAnnotations: {}
+ podLabels: {}
+
+ podSecurityContext: {}
+ # fsGroup: 2000
+
+ replicaCount: 1
+
+ resources: {}
+ # We usually recommend not to specify default resources and to leave this as a conscious
+ # choice for the user. This also increases chances charts run on environments with little
+ # resources, such as Minikube. If you do want to specify resources, uncomment the following
+ # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+ # limits:
+ # cpu: 100m
+ # memory: 128Mi
+ # requests:
+ # cpu: 100m
+ # memory: 128Mi
+
+ securityContext: {}
+ # capabilities:
+ # drop:
+ # - ALL
+ # readOnlyRootFilesystem: true
+ # runAsNonRoot: true
+ # runAsUser: 1000
+
+ service:
+ type: ClusterIP
+ port: 80
+
+ serviceAccount:
+ # Specifies whether a service account should be created
+ create: true
+ # Automatically mount a ServiceAccount's API credentials?
+ automount: true
+ # Annotations to add to the service account
+ annotations: {}
+ # The name of the service account to use.
+ # If not set and create is true, a name is generated using the fullname template
+ name: ""
+
+ startupProbe:
+ initialDelaySeconds: 15
+ periodSeconds: 5
+ timeoutSeconds: 5
+ successThreshold: 1
+ failureThreshold: 60
+ exec:
+ command: rabbitmq-diagnostics -q ping
+
+ # Additional volumes on the output Deployment definition.
+ volumes: []
+ # - name: foo
+ # secret:
+ # secretName: mysecret
+ # optional: false
+
+ # Additional volumeMounts on the output Deployment definition.
+ volumeMounts: []
+ # - name: foo
+ # mountPath: "/etc/foo"
+ # readOnly: true
+
+ tolerations: []
+
+ nodeSelector: {}
+
+ affinity: {}
+
+# -------------------------------------------------------------
+# MEMCACHED
+# -------------------------------------------------------------
+
+memcached:
+ image:
+ repository: "memcached"
+ pullPolicy: IfNotPresent
+ tag: "latest"
+
+ imagePullSecrets: []
+ nameOverride: ""
+ fullnameOverride: ""
+
+ podAnnotations: {}
+ podLabels: {}
+
+ podSecurityContext: {}
+ # fsGroup: 2000
+
+ replicaCount: 1
+
+ resources: {}
+ # We usually recommend not to specify default resources and to leave this as a conscious
+ # choice for the user. This also increases chances charts run on environments with little
+ # resources, such as Minikube. If you do want to specify resources, uncomment the following
+ # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+ # limits:
+ # cpu: 100m
+ # memory: 128Mi
+ # requests:
+ # cpu: 100m
+ # memory: 128Mi
+
+ securityContext: {}
+ # capabilities:
+ # drop:
+ # - ALL
+ # readOnlyRootFilesystem: true
+ # runAsNonRoot: true
+ # runAsUser: 1000
+
+ service:
+ type: ClusterIP
+ port: 80
+
+ serviceAccount:
+ # Specifies whether a service account should be created
+ create: true
+ # Automatically mount a ServiceAccount's API credentials?
+ automount: true
+ # Annotations to add to the service account
+ annotations: {}
+ # The name of the service account to use.
+ # If not set and create is true, a name is generated using the fullname template
+ name: ""
+
+ tolerations: []
+
+ nodeSelector: {}
+
+ affinity: {}
+
+# -------------------------------------------------------------
+# COMMON
+# -------------------------------------------------------------
autoscaling:
enabled: false
minReplicas: 1
maxReplicas: 100
targetCPUUtilizationPercentage: 80
- # targetMemoryUtilizationPercentage: 80
-
-# Additional volumes on the output Deployment definition.
-volumes: []
-# - name: foo
-# secret:
-# secretName: mysecret
-# optional: false
-
-# Additional volumeMounts on the output Deployment definition.
-volumeMounts: []
-# - name: foo
-# mountPath: "/etc/foo"
-# readOnly: true
-
-nodeSelector: {}
-
-tolerations: []
-
-affinity: {}
\ No newline at end of file
+ # targetMemoryUtilizationPercentage: 80
\ No newline at end of file