jonny/charts
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Add new goldilocks

Browse Source
This commit is contained in:
Jonny Ervine 2023-10-18 21:21:40 +08:00
parent 4a7eec4e00
commit 6f71886714
150 changed files with 8337 additions and 115 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
goldilocks-4.9/.helmignore Normal file
View File

@ -0,0 +1,22 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/

9
goldilocks-4.9/Chart.lock Normal file
View File

@ -0,0 +1,9 @@
dependencies:
- name: vpa
repository: https://charts.fairwinds.com/stable
version: 2.2.0
- name: metrics-server
repository: https://charts.bitnami.com/bitnami
version: 6.4.1
digest: sha256:65dfffdd82f5d6603ee038a3fa3a501efddd36ea79338c8b403e13916f53da51
generated: "2023-07-20T15:27:42.2213269Z"

25
goldilocks-4.9/Chart.yaml Normal file
View File

@ -0,0 +1,25 @@
apiVersion: v2
appVersion: v4.9.0
dependencies:
- condition: vpa.enabled
name: vpa
repository: https://charts.fairwinds.com/stable
version: 2.2.0
- condition: metrics-server.enabled
name: metrics-server
repository: https://charts.bitnami.com/bitnami
version: 6.4.1
description: |
A Helm chart for running Fairwinds Goldilocks. See https://github.com/FairwindsOps/goldilocks
icon: https://raw.githubusercontent.com/FairwindsOps/charts/master/stable/goldilocks/icon.png
keywords:
- goldilocks
- resources
- kubernetes
kubeVersion: '>= 1.22.0-0'
maintainers:
- name: sudermanjr
name: goldilocks
sources:
- https://github.com/FairwindsOps/goldilocks
version: 7.1.1

127
goldilocks-4.9/README.md Normal file
View File

@ -0,0 +1,127 @@
<div align="center">
<a href="https://github.com/FairwindsOps/goldilocks"><img src="logo.svg" height="150" alt="Goldilocks" style="padding-bottom: 20px" /></a>
<br>
</div>
## Intro
This is a Helm chart for the Fairwinds [Goldilocks project](https://github.com/FairwindsOps/goldilocks). It provides an easy way to install the controller and the dashboard for viewing resource recommendations in your Kubernetes cluster. Please see the [Goldilocks README](https://github.com/FairwindsOps/goldilocks) for more information.
## Installation
```bash
helm repo add fairwinds-stable https://charts.fairwinds.com/stable
helm install goldilocks fairwinds-stable/goldilocks --namespace goldilocks
```
## Requirements
This has a hard requirement on VPA being installed. Please see the [Goldilocks README](https://github.com/FairwindsOps/goldilocks)
## vpa subchart
Fairwinds has published a chart for installing VPA [in our stable repo](https://github.com/FairwindsOps/charts/tree/master/stable/vpa). It can be enabled as a sub-chart by setting `vpa.enabled==true`. We recommend just installing the chart and managing it separately.
## Major Version Upgrade Notes
## Upgrading from v6.x.x to v7.x.x
In this change, the VPA helm chart was upgraded to the latest version, including a major bump. We recommend you to check [the VPA Helm chart changelog](https://github.com/FairwindsOps/charts/tree/master/stable/vpa#breaking-upgrading-from--v17x-to-200) to ensure a smooth upgrade.
## *BREAKING* Upgrading from v4.x.x to v5.x.x
The new chart version includes [Ingress](https://kubernetes.io/docs/concepts/services-networking/ingress/) configuration for the `networking.k8s.io/v1` Kubernetes API.
Because of the new API version, you need to specify `dashboard.ingress.hosts[X].paths[Y].type` when installing this chart with enabled Ingress on a Kubernetes cluster version 1.19+.
## Upgrading from v3.x.x to v4.x.x
There are no breaking changes, but the goldilocks controller and dashboard have had some major tweaks so they can work with more workload controllers. To allow v4.0.0+ to work with more than Deployments, the main change here is in RBAC permissions so that the goldilocks service accounts can access all resources in the `apps/v1`.
## *BREAKING* Upgrading from v2.x.x to v3.x.x
In this change, the `installVPA` value and corresponding hooks have been removed in favor of the sub-chart. The recommended path forward is to remove the hook-installed resources and manage the VPA installation with the [Fairwinds VPA Chart](https://github.com/FairwindsOps/charts/tree/master/stable/vpa)
We have kept the `uninstallVPA` flag in place, which will remove a vpa installation that was previously managed by this chart. This flag will be deprecated in a later release.
## *BREAKING* Upgrading to chart v2.x.x from v1.x.x
If using `installVPA=true` when updating from v1.x.x to v2.x.x of this chart, there are some considerations. v2.x.x of the chart started only installing the recommender and the necessary CRDs and RBAC from the VPA installation. This is due to the volatile and risky nature of running a beta mutatingadmissionwebhook in your cluster. If you have previously used the `installVPA=true` flag to install the VPA, we recommend that you completely uninstall and re-install the VPA as part of the upgrade. We have provided a new hook to do this that will run before the install hook.
If upgrading from v1.x.x to v2.x.x we recommend upgrading like so:
```
helm upgrade goldilocks fairwinds-stable/goldilocks --set reinstallVPA=true
```
This will completely remove the VPA and then re-install it using the new method.
## Values
| Key | Type | Default | Description |
|-----|------|---------|-------------|
| uninstallVPA | bool | `false` | Enabling this flag will remove a vpa installation that was previously managed with this chart. It is considered deprecated and will be removed in a later release. |
| vpa.enabled | bool | `false` | If true, the vpa will be installed as a sub-chart |
| vpa.updater.enabled | bool | `false` | |
| metrics-server.enabled | bool | `false` | If true, the metrics-server will be installed as a sub-chart |
| metrics-server.apiService.create | bool | `true` | |
| image.repository | string | `"us-docker.pkg.dev/fairwinds-ops/oss/goldilocks"` | Repository for the goldilocks image |
| image.tag | string | `"v4.9.0"` | The goldilocks image tag to use |
| image.pullPolicy | string | `"Always"` | imagePullPolicy - Highly recommended to leave this as `Always` |
| imagePullSecrets | list | `[]` | A list of image pull secret names to use |
| nameOverride | string | `""` | |
| fullnameOverride | string | `""` | |
| controller.enabled | bool | `true` | Whether or not to install the controller deployment |
| controller.revisionHistoryLimit | int | `10` | Number of old replicasets to retain, default is 10, 0 will garbage-collect old replicasets |
| controller.rbac.create | bool | `true` | If set to true, rbac resources will be created for the controller |
| controller.rbac.enableArgoproj | bool | `true` | If set to true, the clusterrole will give access to argoproj.io resources |
| controller.rbac.extraRules | list | `[]` | Extra rbac rules for the controller clusterrole |
| controller.rbac.extraClusterRoleBindings | list | `[]` | A list of ClusterRoles for which ClusterRoleBindings will be created for the ServiceAccount, if enabled |
| controller.serviceAccount.create | bool | `true` | If true, a service account will be created for the controller. If set to false, you must set `controller.serviceAccount.name` |
| controller.serviceAccount.name | string | `nil` | The name of an existing service account to use for the controller. Combined with `controller.serviceAccount.create` |
| controller.flags | object | `{}` | A map of additional flags to pass to the controller |
| controller.logVerbosity | string | `"2"` | Controller log verbosity. Can be set from 1-10 with 10 being extremely verbose |
| controller.nodeSelector | object | `{}` | Node selector for the controller pod |
| controller.tolerations | list | `[]` | Tolerations for the controller pod |
| controller.affinity | object | `{}` | Affinity for the controller pods |
| controller.topologySpreadConstraints | list | `[]` | Topology spread constraints for the controller pods |
| controller.resources | object | `{"limits":{"cpu":"25m","memory":"256Mi"},"requests":{"cpu":"25m","memory":"256Mi"}}` | The resources block for the controller pods |
| controller.podSecurityContext | object | `{}` | Defines the podSecurityContext for the controller pod |
| controller.securityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"readOnlyRootFilesystem":true,"runAsNonRoot":true,"runAsUser":10324}` | The container securityContext for the controller container |
| controller.deployment.extraVolumeMounts | list | `[]` | Extra volume mounts for the controller container |
| controller.deployment.extraVolumes | list | `[]` | Extra volumes for the controller pod |
| controller.deployment.annotations | object | `{}` | Extra annotations for the controller deployment |
| controller.deployment.additionalLabels | object | `{}` | Extra labels for the controller deployment |
| controller.deployment.podAnnotations | object | `{}` | Extra annotations for the controller pod |
| dashboard.basePath | string | `nil` | Path on which the dashboard is served. Defaults to `/` |
| dashboard.enabled | bool | `true` | If true, the dashboard component will be installed |
| dashboard.revisionHistoryLimit | int | `10` | Number of old replicasets to retain, default is 10, 0 will garbage-collect old replicasets |
| dashboard.replicaCount | int | `2` | Number of dashboard pods to run |
| dashboard.service.type | string | `"ClusterIP"` | The type of the dashboard service |
| dashboard.service.port | int | `80` | The port to run the dashboard service on |
| dashboard.service.annotations | object | `{}` | Extra annotations for the dashboard service |
| dashboard.flags | object | `{}` | A map of additional flags to pass to the dashboard |
| dashboard.logVerbosity | string | `"2"` | Dashboard log verbosity. Can be set from 1-10 with 10 being extremely verbose |
| dashboard.excludeContainers | string | `"linkerd-proxy,istio-proxy"` | Container names to exclude from displaying in the Goldilocks dashboard |
| dashboard.rbac.create | bool | `true` | If set to true, rbac resources will be created for the dashboard |
| dashboard.rbac.enableArgoproj | bool | `true` | If set to true, the clusterrole will give access to argoproj.io resources |
| dashboard.serviceAccount.create | bool | `true` | If true, a service account will be created for the dashboard. If set to false, you must set `dashboard.serviceAccount.name` |
| dashboard.serviceAccount.name | string | `nil` | The name of an existing service account to use for the controller. Combined with `dashboard.serviceAccount.create` |
| dashboard.deployment.annotations | object | `{}` | Extra annotations for the dashboard deployment |
| dashboard.deployment.additionalLabels | object | `{}` | Extra labels for the dashboard deployment |
| dashboard.deployment.extraVolumeMounts | list | `[]` | Extra volume mounts for the dashboard container |
| dashboard.deployment.extraVolumes | list | `[]` | Extra volumes for the dashboard pod |
| dashboard.deployment.podAnnotations | object | `{}` | Extra annotations for the dashboard pod |
| dashboard.ingress.enabled | bool | `false` | Enables an ingress object for the dashboard. |
| dashboard.ingress.ingressClassName | string | `nil` | From Kubernetes 1.18+ this field is supported in case your ingress controller supports it. When set, you do not need to add the ingress class as annotation. |
| dashboard.ingress.annotations | object | `{}` | |
| dashboard.ingress.hosts[0].host | string | `"chart-example.local"` | |
| dashboard.ingress.hosts[0].paths[0].path | string | `"/"` | |
| dashboard.ingress.hosts[0].paths[0].type | string | `"ImplementationSpecific"` | |
| dashboard.ingress.tls | list | `[]` | |
| dashboard.resources | object | `{"limits":{"cpu":"25m","memory":"256Mi"},"requests":{"cpu":"25m","memory":"256Mi"}}` | A resources block for the dashboard. |
| dashboard.podSecurityContext | object | `{}` | Defines the podSecurityContext for the dashboard pod |
| dashboard.securityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"readOnlyRootFilesystem":true,"runAsNonRoot":true,"runAsUser":10324}` | The container securityContext for the dashboard container |
| dashboard.nodeSelector | object | `{}` | |
| dashboard.tolerations | list | `[]` | |
| dashboard.affinity | object | `{}` | |
| dashboard.topologySpreadConstraints | list | `[]` | Topology spread constraints for the dashboard pods |

58
goldilocks-4.9/README.md.gotmpl Normal file
View File

@ -0,0 +1,58 @@
<div align="center">
<a href="https://github.com/FairwindsOps/goldilocks"><img src="logo.svg" height="150" alt="Goldilocks" style="padding-bottom: 20px" /></a>
<br>
</div>
## Intro
This is a Helm chart for the Fairwinds [Goldilocks project](https://github.com/FairwindsOps/goldilocks). It provides an easy way to install the controller and the dashboard for viewing resource recommendations in your Kubernetes cluster. Please see the [Goldilocks README](https://github.com/FairwindsOps/goldilocks) for more information.
## Installation
```bash
helm repo add fairwinds-stable https://charts.fairwinds.com/stable
helm install goldilocks fairwinds-stable/goldilocks --namespace goldilocks
```
## Requirements
This has a hard requirement on VPA being installed. Please see the [Goldilocks README](https://github.com/FairwindsOps/goldilocks)
## vpa subchart
Fairwinds has published a chart for installing VPA [in our stable repo](https://github.com/FairwindsOps/charts/tree/master/stable/vpa). It can be enabled as a sub-chart by setting `vpa.enabled==true`. We recommend just installing the chart and managing it separately.
## Major Version Upgrade Notes
## Upgrading from v6.x.x to v7.x.x
In this change, the VPA helm chart was upgraded to the latest version, including a major bump. We recommend you to check [the VPA Helm chart changelog](https://github.com/FairwindsOps/charts/tree/master/stable/vpa#breaking-upgrading-from--v17x-to-200) to ensure a smooth upgrade.
## *BREAKING* Upgrading from v4.x.x to v5.x.x
The new chart version includes [Ingress](https://kubernetes.io/docs/concepts/services-networking/ingress/) configuration for the `networking.k8s.io/v1` Kubernetes API.
Because of the new API version, you need to specify `dashboard.ingress.hosts[X].paths[Y].type` when installing this chart with enabled Ingress on a Kubernetes cluster version 1.19+.
## Upgrading from v3.x.x to v4.x.x
There are no breaking changes, but the goldilocks controller and dashboard have had some major tweaks so they can work with more workload controllers. To allow v4.0.0+ to work with more than Deployments, the main change here is in RBAC permissions so that the goldilocks service accounts can access all resources in the `apps/v1`.
## *BREAKING* Upgrading from v2.x.x to v3.x.x
In this change, the `installVPA` value and corresponding hooks have been removed in favor of the sub-chart. The recommended path forward is to remove the hook-installed resources and manage the VPA installation with the [Fairwinds VPA Chart](https://github.com/FairwindsOps/charts/tree/master/stable/vpa)
We have kept the `uninstallVPA` flag in place, which will remove a vpa installation that was previously managed by this chart. This flag will be deprecated in a later release.
## *BREAKING* Upgrading to chart v2.x.x from v1.x.x
If using `installVPA=true` when updating from v1.x.x to v2.x.x of this chart, there are some considerations. v2.x.x of the chart started only installing the recommender and the necessary CRDs and RBAC from the VPA installation. This is due to the volatile and risky nature of running a beta mutatingadmissionwebhook in your cluster. If you have previously used the `installVPA=true` flag to install the VPA, we recommend that you completely uninstall and re-install the VPA as part of the upgrade. We have provided a new hook to do this that will run before the install hook.
If upgrading from v1.x.x to v2.x.x we recommend upgrading like so:
```
helm upgrade goldilocks fairwinds-stable/goldilocks --set reinstallVPA=true
```
This will completely remove the VPA and then re-install it using the new method.
{{ template "chart.valuesSection" . }}

21
goldilocks-4.9/charts/metrics-server/.helmignore Normal file
View File

@ -0,0 +1,21 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*~
# Various IDEs
.project
.idea/
*.tmproj

6
goldilocks-4.9/charts/metrics-server/Chart.lock Normal file
View File

@ -0,0 +1,6 @@
dependencies:
- name: common
repository: oci://registry-1.docker.io/bitnamicharts
version: 2.4.0
digest: sha256:8c1a5dc923412d11d4d841420494b499cb707305c8b9f87f45ea1a8bf3172cb3
generated: "2023-05-21T18:44:32.432002275Z"

27
goldilocks-4.9/charts/metrics-server/Chart.yaml Normal file
View File

@ -0,0 +1,27 @@
annotations:
category: Analytics
licenses: Apache-2.0
apiVersion: v2
appVersion: 0.6.3
dependencies:
- name: common
repository: oci://registry-1.docker.io/bitnamicharts
tags:
- bitnami-common
version: 2.x.x
description: Metrics Server aggregates resource usage data, such as container CPU
and memory usage, in a Kubernetes cluster and makes it available via the Metrics
API.
home: https://bitnami.com
icon: https://bitnami.com/assets/stacks/metrics-server/img/metrics-server-stack-220x234.png
keywords:
- metrics-server
- cluster
- metrics
maintainers:
- name: VMware, Inc.
url: https://github.com/bitnami/charts
name: metrics-server
sources:
- https://github.com/bitnami/charts/tree/main/bitnami/metrics-server
version: 6.4.1

266
goldilocks-4.9/charts/metrics-server/README.md Normal file
View File

@ -0,0 +1,266 @@
<!--- app-name: Metrics Server -->
# Metrics Server packaged by Bitnami
Metrics Server aggregates resource usage data, such as container CPU and memory usage, in a Kubernetes cluster and makes it available via the Metrics API.
[Overview of Metrics Server](https://github.com/kubernetes-incubator/metrics-server)
Trademarks: This software listing is packaged by Bitnami. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement.
## TL;DR
```console
helm install my-release oci://registry-1.docker.io/bitnamicharts/metrics-server
```
## Introduction
This chart bootstraps a [Metrics Server](https://github.com/bitnami/containers/tree/main/bitnami/metrics-server) deployment on a [Kubernetes](https://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
Bitnami charts can be used with [Kubeapps](https://kubeapps.dev/) for deployment and management of Helm Charts in clusters.
## Prerequisites
- Kubernetes 1.19+
- Helm 3.2.0+
## Installing the Chart
To install the chart with the release name `my-release`:
```console
helm install my-release oci://registry-1.docker.io/bitnamicharts/metrics-server
```
These commands deploy Metrics Server on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation.
> **Tip**: List all releases using `helm list`
## Uninstalling the Chart
To uninstall/delete the `my-release` deployment:
```console
helm delete my-release
```
The command removes all the Kubernetes components associated with the chart and deletes the release.
## Parameters
### Global parameters
| Name | Description | Value |
| ------------------------- | ----------------------------------------------- | ----- |
| `global.imageRegistry` | Global Docker image registry | `""` |
| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` |
### Common parameters
| Name | Description | Value |
| ------------------------ | -------------------------------------------------------------------------------------------- | -------------- |
| `kubeVersion` | Force target Kubernetes version (using Helm capabilities if not set) | `""` |
| `nameOverride` | String to partially override common.names.fullname template (will maintain the release name) | `""` |
| `fullnameOverride` | String to fully override common.names.fullname template | `""` |
| `namespaceOverride` | String to fully override common.names.namespace | `""` |
| `commonLabels` | Add labels to all the deployed resources | `{}` |
| `commonAnnotations` | Add annotations to all the deployed resources | `{}` |
| `extraDeploy` | Array of extra objects to deploy with the release | `[]` |
| `diagnosticMode.enabled` | Enable diagnostic mode (all probes will be disabled and the command will be overridden) | `false` |
| `diagnosticMode.command` | Command to override all containers in the the deployment(s)/statefulset(s) | `["sleep"]` |
| `diagnosticMode.args` | Args to override all containers in the the deployment(s)/statefulset(s) | `["infinity"]` |
### Metrics Server parameters
| Name | Description | Value |
| ------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ------------------------ |
| `image.registry` | Metrics Server image registry | `docker.io` |
| `image.repository` | Metrics Server image repository | `bitnami/metrics-server` |
| `image.tag` | Metrics Server image tag (immutable tags are recommended) | `0.6.3-debian-11-r21` |
| `image.digest` | Metrics Server image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `image.pullPolicy` | Metrics Server image pull policy | `IfNotPresent` |
| `image.pullSecrets` | Metrics Server image pull secrets | `[]` |
| `hostAliases` | Add deployment host aliases | `[]` |
| `replicas` | Number of metrics-server nodes to deploy | `1` |
| `updateStrategy.type` | Set up update strategy for metrics-server installation. | `RollingUpdate` |
| `rbac.create` | Enable RBAC authentication | `true` |
| `serviceAccount.create` | Specifies whether a ServiceAccount should be created | `true` |
| `serviceAccount.name` | The name of the ServiceAccount to create | `""` |
| `serviceAccount.automountServiceAccountToken` | Automount API credentials for a service account | `true` |
| `serviceAccount.annotations` | Annotations for service account. Evaluated as a template. Only used if `create` is `true`. | `{}` |
| `apiService.create` | Specifies whether the v1beta1.metrics.k8s.io API service should be created. You can check if it is needed with `kubectl get --raw "/apis/metrics.k8s.io/v1beta1/nodes"`. | `false` |
| `apiService.insecureSkipTLSVerify` | Specifies whether to skip self-verifying self-signed TLS certificates. Set to "false" if you are providing your own certificates. | `true` |
| `apiService.caBundle` | A base64-encoded string of concatenated certificates for the CA chain for the APIService. | `""` |
| `containerPorts.https` | Port where metrics-server will be running | `8443` |
| `hostNetwork` | Enable hostNetwork mode | `false` |
| `dnsPolicy` | Default dnsPolicy setting | `ClusterFirst` |
| `command` | Override default container command (useful when using custom images) | `[]` |
| `args` | Override default container args (useful when using custom images) | `[]` |
| `lifecycleHooks` | for the metrics-server container(s) to automate configuration before or after startup | `{}` |
| `extraEnvVars` | Array with extra environment variables to add to metrics-server nodes | `[]` |
| `extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for metrics-server nodes | `""` |
| `extraEnvVarsSecret` | Name of existing Secret containing extra env vars for metrics-server nodes | `""` |
| `extraArgs` | Extra arguments to pass to metrics-server on start up | `[]` |
| `sidecars` | Add additional sidecar containers to the metrics-server pod(s) | `[]` |
| `initContainers` | Add additional init containers to the metrics-server pod(s) | `[]` |
| `podLabels` | Pod labels | `{}` |
| `podAnnotations` | Pod annotations | `{}` |
| `priorityClassName` | Priority class for pod scheduling | `""` |
| `schedulerName` | Name of the k8s scheduler (other than default) | `""` |
| `terminationGracePeriodSeconds` | In seconds, time the given to the metrics-server pod needs to terminate gracefully | `""` |
| `podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` |
| `podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` |
| `pdb.create` | Create a PodDisruptionBudget | `false` |
| `pdb.minAvailable` | Minimum available instances | `""` |
| `pdb.maxUnavailable` | Maximum unavailable instances | `""` |
| `nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` |
| `nodeAffinityPreset.key` | Node label key to match. Ignored if `affinity` is set. | `""` |
| `nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set. | `[]` |
| `affinity` | Affinity for pod assignment | `{}` |
| `topologySpreadConstraints` | Topology spread constraints for pod | `[]` |
| `nodeSelector` | Node labels for pod assignment | `{}` |
| `tolerations` | Tolerations for pod assignment | `[]` |
| `service.type` | Kubernetes Service type | `ClusterIP` |
| `service.ports.https` | Kubernetes Service port | `443` |
| `service.nodePorts.https` | Kubernetes Service port | `""` |
| `service.clusterIP` | metrics-server service Cluster IP | `""` |
| `service.loadBalancerIP` | LoadBalancer IP if Service type is `LoadBalancer` | `""` |
| `service.loadBalancerSourceRanges` | metrics-server service Load Balancer sources | `[]` |
| `service.externalTrafficPolicy` | metrics-server service external traffic policy | `Cluster` |
| `service.extraPorts` | Extra ports to expose (normally used with the `sidecar` value) | `[]` |
| `service.annotations` | Annotations for the Service | `{}` |
| `service.labels` | Labels for the Service | `{}` |
| `service.sessionAffinity` | Session Affinity for Kubernetes service, can be "None" or "ClientIP" | `None` |
| `service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` |
| `resources.limits` | The resources limits for the container | `{}` |
| `resources.requests` | The requested resources for the container | `{}` |
| `startupProbe.enabled` | Enable startupProbe | `false` |
| `startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `0` |
| `startupProbe.periodSeconds` | Period seconds for startupProbe | `10` |
| `startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` |
| `startupProbe.failureThreshold` | Failure threshold for startupProbe | `3` |
| `startupProbe.successThreshold` | Success threshold for startupProbe | `1` |
| `livenessProbe.enabled` | Enable livenessProbe | `true` |
| `livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `0` |
| `livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` |
| `livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `1` |
| `livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `3` |
| `livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` |
| `readinessProbe.enabled` | Enable readinessProbe | `true` |
| `readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `0` |
| `readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` |
| `readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` |
| `readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` |
| `readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` |
| `customStartupProbe` | Custom liveness probe for the Web component | `{}` |
| `customLivenessProbe` | Custom Liveness probes for metrics-server | `{}` |
| `customReadinessProbe` | Custom Readiness probes metrics-server | `{}` |
| `containerSecurityContext.enabled` | Enable Container security context | `true` |
| `containerSecurityContext.readOnlyRootFilesystem` | ReadOnlyRootFilesystem for the container | `false` |
| `containerSecurityContext.runAsNonRoot` | Run containers as non-root users | `true` |
| `containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` |
| `podSecurityContext.enabled` | Pod security context | `false` |
| `podSecurityContext.fsGroup` | Set %%MAIN_CONTAINER_NAME%% pod's Security Context fsGroup | `1001` |
| `extraVolumes` | Extra volumes | `[]` |
| `extraVolumeMounts` | Mount extra volume(s) | `[]` |
Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example,
```console
helm install my-release \
--set rbac.create=true oci://registry-1.docker.io/bitnamicharts/metrics-server
```
The above command enables RBAC authentication.
Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example,
```console
helm install my-release -f values.yaml oci://registry-1.docker.io/bitnamicharts/metrics-server
```
> **Tip**: You can use the default [values.yaml](values.yaml)
## Configuration and installation details
### [Rolling vs Immutable tags](https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/)
It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image.
Bitnami will release a new chart updating its containers if a new version of the main container, significant changes, or critical vulnerabilities exist.
### Enable RBAC security
In order to enable Role-Based Access Control (RBAC) for Metrics Server, use the following parameter: `rbac.create=true`.
### Configure certificates
If you are providing your own certificates for the API Service, set `insecureSkipTLSVerify` to `"false"`, and provide a `caBundle` consisting of the base64-encoded certificate chain.
### Set Pod affinity
This chart allows you to set custom Pod affinity using the `affinity` parameter. Find more information about Pod affinity in the [Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity).
As an alternative, you can use one of the preset configurations for pod affinity, pod anti-affinity, and node affinity available at the [bitnami/common](https://github.com/bitnami/charts/tree/main/bitnami/common#affinities) chart. To do so, set the `podAffinityPreset`, `podAntiAffinityPreset`, or `nodeAffinityPreset` parameters.
## Troubleshooting
Find more information about how to deal with common errors related to Bitnami's Helm charts in [this troubleshooting guide](https://docs.bitnami.com/general/how-to/troubleshoot-helm-chart-issues).
## Upgrading
### To 6.0.0
This major release renames several values in this chart and adds missing features, in order to be aligned with the rest of the assets in the Bitnami charts repository.
Affected values:
- `service.port` was deprecated. We recommend using `service.ports.http` instead.
- `service.nodePort` was deprecated. We recommend using `service.nodePorts.https` instead.
- `extraArgs` is now interpreted as an array.
### To 5.2.0
This version introduces `bitnami/common`, a [library chart](https://helm.sh/docs/topics/library_charts/#helm) as a dependency. More documentation about this new utility could be found [here](https://github.com/bitnami/charts/tree/main/bitnami/common#bitnami-common-library-chart). Please, make sure that you have updated the chart dependencies before executing any upgrade.
### To 5.0.0
[On November 13, 2020, Helm v2 support formally ended](https://github.com/helm/charts#status-of-the-project). This major version is the result of the required changes applied to the Helm Chart to be able to incorporate the different features added in Helm v3 and to be consistent with the Helm project itself regarding the Helm v2 EOL.
[Learn more about this change and related upgrade considerations](https://docs.bitnami.com/kubernetes/infrastructure/metrics-server/administration/upgrade-helm3/).
### To 4.0.0
Backwards compatibility is not guaranteed unless you modify the labels used on the chart's deployments.
Use the workaround below to upgrade from versions previous to 4.0.0. The following example assumes that the release name is metrics-server:
```console
kubectl delete deployment metrics-server --cascade=false
helm upgrade metrics-server oci://registry-1.docker.io/bitnamicharts/metrics-server
```
### To 2.0.0
Backwards compatibility is not guaranteed unless you modify the labels used on the chart's deployments.
Use the workaround below to upgrade from versions previous to 2.0.0. The following example assumes that the release name is metrics-server:
```console
kubectl patch deployment metrics-server --type=json -p='[{"op": "remove", "path": "/spec/selector/matchLabels/chart"}]'
```
## License
Copyright &copy; 2023 Bitnami
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
<http://www.apache.org/licenses/LICENSE-2.0>
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

22
goldilocks-4.9/charts/metrics-server/charts/common/.helmignore Normal file
View File

@ -0,0 +1,22 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/

23
goldilocks-4.9/charts/metrics-server/charts/common/Chart.yaml Normal file
View File

@ -0,0 +1,23 @@
annotations:
category: Infrastructure
licenses: Apache-2.0
apiVersion: v2
appVersion: 2.4.0
description: A Library Helm Chart for grouping common logic between bitnami charts.
This chart is not deployable by itself.
home: https://bitnami.com
icon: https://bitnami.com/downloads/logos/bitnami-mark.png
keywords:
- common
- helper
- template
- function
- bitnami
maintainers:
- name: VMware, Inc.
url: https://github.com/bitnami/charts
name: common
sources:
- https://github.com/bitnami/charts
type: library
version: 2.4.0

235
goldilocks-4.9/charts/metrics-server/charts/common/README.md Normal file
View File

@ -0,0 +1,235 @@
# Bitnami Common Library Chart
A [Helm Library Chart](https://helm.sh/docs/topics/library_charts/#helm) for grouping common logic between Bitnami charts.
Looking to use our applications in production? Try [VMware Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog.
## TL;DR
```yaml
dependencies:
- name: common
version: 1.x.x
repository: oci://registry-1.docker.io/bitnamicharts
```
```console
helm dependency update
```
```yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ include "common.names.fullname" . }}
data:
myvalue: "Hello World"
```
## Introduction
This chart provides a common template helpers which can be used to develop new charts using [Helm](https://helm.sh) package manager.
Bitnami charts can be used with [Kubeapps](https://kubeapps.dev/) for deployment and management of Helm Charts in clusters.
## Prerequisites
- Kubernetes 1.19+
- Helm 3.2.0+
## Parameters
## Special input schemas
### ImageRoot
```yaml
registry:
type: string
description: Docker registry where the image is located
example: docker.io
repository:
type: string
description: Repository and image name
example: bitnami/nginx
tag:
type: string
description: image tag
example: 1.16.1-debian-10-r63
pullPolicy:
type: string
description: Specify a imagePullPolicy. Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
pullSecrets:
type: array
items:
type: string
description: Optionally specify an array of imagePullSecrets (evaluated as templates).
debug:
type: boolean
description: Set to true if you would like to see extra information on logs
example: false
## An instance would be:
# registry: docker.io
# repository: bitnami/nginx
# tag: 1.16.1-debian-10-r63
# pullPolicy: IfNotPresent
# debug: false
```
### Persistence
```yaml
enabled:
type: boolean
description: Whether enable persistence.
example: true
storageClass:
type: string
description: Ghost data Persistent Volume Storage Class, If set to "-", storageClassName: "" which disables dynamic provisioning.
example: "-"
accessMode:
type: string
description: Access mode for the Persistent Volume Storage.
example: ReadWriteOnce
size:
type: string
description: Size the Persistent Volume Storage.
example: 8Gi
path:
type: string
description: Path to be persisted.
example: /bitnami
## An instance would be:
# enabled: true
# storageClass: "-"
# accessMode: ReadWriteOnce
# size: 8Gi
# path: /bitnami
```
### ExistingSecret
```yaml
name:
type: string
description: Name of the existing secret.
example: mySecret
keyMapping:
description: Mapping between the expected key name and the name of the key in the existing secret.
type: object
## An instance would be:
# name: mySecret
# keyMapping:
# password: myPasswordKey
```
#### Example of use
When we store sensitive data for a deployment in a secret, some times we want to give to users the possibility of using theirs existing secrets.
```yaml
# templates/secret.yaml
---
apiVersion: v1
kind: Secret
metadata:
name: {{ include "common.names.fullname" . }}
labels:
app: {{ include "common.names.fullname" . }}
type: Opaque
data:
password: {{ .Values.password | b64enc | quote }}
# templates/dpl.yaml
---
...
env:
- name: PASSWORD
valueFrom:
secretKeyRef:
name: {{ include "common.secrets.name" (dict "existingSecret" .Values.existingSecret "context" $) }}
key: {{ include "common.secrets.key" (dict "existingSecret" .Values.existingSecret "key" "password") }}
...
# values.yaml
---
name: mySecret
keyMapping:
password: myPasswordKey
```
### ValidateValue
#### NOTES.txt
```console
{{- $validateValueConf00 := (dict "valueKey" "path.to.value00" "secret" "secretName" "field" "password-00") -}}
{{- $validateValueConf01 := (dict "valueKey" "path.to.value01" "secret" "secretName" "field" "password-01") -}}
{{ include "common.validations.values.multiple.empty" (dict "required" (list $validateValueConf00 $validateValueConf01) "context" $) }}
```
If we force those values to be empty we will see some alerts
```console
helm install test mychart --set path.to.value00="",path.to.value01=""
'path.to.value00' must not be empty, please add '--set path.to.value00=$PASSWORD_00' to the command. To get the current value:
export PASSWORD_00=$(kubectl get secret --namespace default secretName -o jsonpath="{.data.password-00}" | base64 -d)
'path.to.value01' must not be empty, please add '--set path.to.value01=$PASSWORD_01' to the command. To get the current value:
export PASSWORD_01=$(kubectl get secret --namespace default secretName -o jsonpath="{.data.password-01}" | base64 -d)
```
## Upgrading
### To 1.0.0
[On November 13, 2020, Helm v2 support was formally finished](https://github.com/helm/charts#status-of-the-project), this major version is the result of the required changes applied to the Helm Chart to be able to incorporate the different features added in Helm v3 and to be consistent with the Helm project itself regarding the Helm v2 EOL.
#### What changes were introduced in this major version?
- Previous versions of this Helm Chart use `apiVersion: v1` (installable by both Helm 2 and 3), this Helm Chart was updated to `apiVersion: v2` (installable by Helm 3 only). [Here](https://helm.sh/docs/topics/charts/#the-apiversion-field) you can find more information about the `apiVersion` field.
- Use `type: library`. [Here](https://v3.helm.sh/docs/faq/#library-chart-support) you can find more information.
- The different fields present in the *Chart.yaml* file has been ordered alphabetically in a homogeneous way for all the Bitnami Helm Charts
#### Considerations when upgrading to this version
- If you want to upgrade to this version from a previous one installed with Helm v3, you shouldn't face any issues
- If you want to upgrade to this version using Helm v2, this scenario is not supported as this version doesn't support Helm v2 anymore
- If you installed the previous version with Helm v2 and wants to upgrade to this version with Helm v3, please refer to the [official Helm documentation](https://helm.sh/docs/topics/v2_v3_migration/#migration-use-cases) about migrating from Helm v2 to v3
#### Useful links
- <https://docs.bitnami.com/tutorials/resolve-helm2-helm3-post-migration-issues/>
- <https://helm.sh/docs/topics/v2_v3_migration/>
- <https://helm.sh/blog/migrate-from-helm-v2-to-helm-v3/>
## License
Copyright &copy; 2023 Bitnami
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
<http://www.apache.org/licenses/LICENSE-2.0>
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

106
goldilocks-4.9/charts/metrics-server/charts/common/templates/_affinities.tpl Normal file
View File

@ -0,0 +1,106 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Return a soft nodeAffinity definition
{{ include "common.affinities.nodes.soft" (dict "key" "FOO" "values" (list "BAR" "BAZ")) -}}
*/}}
{{- define "common.affinities.nodes.soft" -}}
preferredDuringSchedulingIgnoredDuringExecution:
- preference:
matchExpressions:
- key: {{ .key }}
operator: In
values:
{{- range .values }}
- {{ . | quote }}
{{- end }}
weight: 1
{{- end -}}
{{/*
Return a hard nodeAffinity definition
{{ include "common.affinities.nodes.hard" (dict "key" "FOO" "values" (list "BAR" "BAZ")) -}}
*/}}
{{- define "common.affinities.nodes.hard" -}}
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: {{ .key }}
operator: In
values:
{{- range .values }}
- {{ . | quote }}
{{- end }}
{{- end -}}
{{/*
Return a nodeAffinity definition
{{ include "common.affinities.nodes" (dict "type" "soft" "key" "FOO" "values" (list "BAR" "BAZ")) -}}
*/}}
{{- define "common.affinities.nodes" -}}
{{- if eq .type "soft" }}
{{- include "common.affinities.nodes.soft" . -}}
{{- else if eq .type "hard" }}
{{- include "common.affinities.nodes.hard" . -}}
{{- end -}}
{{- end -}}
{{/*
Return a topologyKey definition
{{ include "common.affinities.topologyKey" (dict "topologyKey" "BAR") -}}
*/}}
{{- define "common.affinities.topologyKey" -}}
{{ .topologyKey | default "kubernetes.io/hostname" -}}
{{- end -}}
{{/*
Return a soft podAffinity/podAntiAffinity definition
{{ include "common.affinities.pods.soft" (dict "component" "FOO" "extraMatchLabels" .Values.extraMatchLabels "topologyKey" "BAR" "context" $) -}}
*/}}
{{- define "common.affinities.pods.soft" -}}
{{- $component := default "" .component -}}
{{- $extraMatchLabels := default (dict) .extraMatchLabels -}}
preferredDuringSchedulingIgnoredDuringExecution:
- podAffinityTerm:
labelSelector:
matchLabels: {{- (include "common.labels.matchLabels" .context) | nindent 10 }}
{{- if not (empty $component) }}
{{ printf "app.kubernetes.io/component: %s" $component }}
{{- end }}
{{- range $key, $value := $extraMatchLabels }}
{{ $key }}: {{ $value | quote }}
{{- end }}
topologyKey: {{ include "common.affinities.topologyKey" (dict "topologyKey" .topologyKey) }}
weight: 1
{{- end -}}
{{/*
Return a hard podAffinity/podAntiAffinity definition
{{ include "common.affinities.pods.hard" (dict "component" "FOO" "extraMatchLabels" .Values.extraMatchLabels "topologyKey" "BAR" "context" $) -}}
*/}}
{{- define "common.affinities.pods.hard" -}}
{{- $component := default "" .component -}}
{{- $extraMatchLabels := default (dict) .extraMatchLabels -}}
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchLabels: {{- (include "common.labels.matchLabels" .context) | nindent 8 }}
{{- if not (empty $component) }}
{{ printf "app.kubernetes.io/component: %s" $component }}
{{- end }}
{{- range $key, $value := $extraMatchLabels }}
{{ $key }}: {{ $value | quote }}
{{- end }}
topologyKey: {{ include "common.affinities.topologyKey" (dict "topologyKey" .topologyKey) }}
{{- end -}}
{{/*
Return a podAffinity/podAntiAffinity definition
{{ include "common.affinities.pods" (dict "type" "soft" "key" "FOO" "values" (list "BAR" "BAZ")) -}}
*/}}
{{- define "common.affinities.pods" -}}
{{- if eq .type "soft" }}
{{- include "common.affinities.pods.soft" . -}}
{{- else if eq .type "hard" }}
{{- include "common.affinities.pods.hard" . -}}
{{- end -}}
{{- end -}}

180
goldilocks-4.9/charts/metrics-server/charts/common/templates/_capabilities.tpl Normal file
View File

@ -0,0 +1,180 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Return the target Kubernetes version
*/}}
{{- define "common.capabilities.kubeVersion" -}}
{{- if .Values.global }}
{{- if .Values.global.kubeVersion }}
{{- .Values.global.kubeVersion -}}
{{- else }}
{{- default .Capabilities.KubeVersion.Version .Values.kubeVersion -}}
{{- end -}}
{{- else }}
{{- default .Capabilities.KubeVersion.Version .Values.kubeVersion -}}
{{- end -}}
{{- end -}}
{{/*
Return the appropriate apiVersion for poddisruptionbudget.
*/}}
{{- define "common.capabilities.policy.apiVersion" -}}
{{- if semverCompare "<1.21-0" (include "common.capabilities.kubeVersion" .) -}}
{{- print "policy/v1beta1" -}}
{{- else -}}
{{- print "policy/v1" -}}
{{- end -}}
{{- end -}}
{{/*
Return the appropriate apiVersion for networkpolicy.
*/}}
{{- define "common.capabilities.networkPolicy.apiVersion" -}}
{{- if semverCompare "<1.7-0" (include "common.capabilities.kubeVersion" .) -}}
{{- print "extensions/v1beta1" -}}
{{- else -}}
{{- print "networking.k8s.io/v1" -}}
{{- end -}}
{{- end -}}
{{/*
Return the appropriate apiVersion for cronjob.
*/}}
{{- define "common.capabilities.cronjob.apiVersion" -}}
{{- if semverCompare "<1.21-0" (include "common.capabilities.kubeVersion" .) -}}
{{- print "batch/v1beta1" -}}
{{- else -}}
{{- print "batch/v1" -}}
{{- end -}}
{{- end -}}
{{/*
Return the appropriate apiVersion for daemonset.
*/}}
{{- define "common.capabilities.daemonset.apiVersion" -}}
{{- if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}}
{{- print "extensions/v1beta1" -}}
{{- else -}}
{{- print "apps/v1" -}}
{{- end -}}
{{- end -}}
{{/*
Return the appropriate apiVersion for deployment.
*/}}
{{- define "common.capabilities.deployment.apiVersion" -}}
{{- if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}}
{{- print "extensions/v1beta1" -}}
{{- else -}}
{{- print "apps/v1" -}}
{{- end -}}
{{- end -}}
{{/*
Return the appropriate apiVersion for statefulset.
*/}}
{{- define "common.capabilities.statefulset.apiVersion" -}}
{{- if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}}
{{- print "apps/v1beta1" -}}
{{- else -}}
{{- print "apps/v1" -}}
{{- end -}}
{{- end -}}
{{/*
Return the appropriate apiVersion for ingress.
*/}}
{{- define "common.capabilities.ingress.apiVersion" -}}
{{- if .Values.ingress -}}
{{- if .Values.ingress.apiVersion -}}
{{- .Values.ingress.apiVersion -}}
{{- else if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}}
{{- print "extensions/v1beta1" -}}
{{- else if semverCompare "<1.19-0" (include "common.capabilities.kubeVersion" .) -}}
{{- print "networking.k8s.io/v1beta1" -}}
{{- else -}}
{{- print "networking.k8s.io/v1" -}}
{{- end }}
{{- else if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}}
{{- print "extensions/v1beta1" -}}
{{- else if semverCompare "<1.19-0" (include "common.capabilities.kubeVersion" .) -}}
{{- print "networking.k8s.io/v1beta1" -}}
{{- else -}}
{{- print "networking.k8s.io/v1" -}}
{{- end -}}
{{- end -}}
{{/*
Return the appropriate apiVersion for RBAC resources.
*/}}
{{- define "common.capabilities.rbac.apiVersion" -}}
{{- if semverCompare "<1.17-0" (include "common.capabilities.kubeVersion" .) -}}
{{- print "rbac.authorization.k8s.io/v1beta1" -}}
{{- else -}}
{{- print "rbac.authorization.k8s.io/v1" -}}
{{- end -}}
{{- end -}}
{{/*
Return the appropriate apiVersion for CRDs.
*/}}
{{- define "common.capabilities.crd.apiVersion" -}}
{{- if semverCompare "<1.19-0" (include "common.capabilities.kubeVersion" .) -}}
{{- print "apiextensions.k8s.io/v1beta1" -}}
{{- else -}}
{{- print "apiextensions.k8s.io/v1" -}}
{{- end -}}
{{- end -}}
{{/*
Return the appropriate apiVersion for APIService.
*/}}
{{- define "common.capabilities.apiService.apiVersion" -}}
{{- if semverCompare "<1.10-0" (include "common.capabilities.kubeVersion" .) -}}
{{- print "apiregistration.k8s.io/v1beta1" -}}
{{- else -}}
{{- print "apiregistration.k8s.io/v1" -}}
{{- end -}}
{{- end -}}
{{/*
Return the appropriate apiVersion for Horizontal Pod Autoscaler.
*/}}
{{- define "common.capabilities.hpa.apiVersion" -}}
{{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .context) -}}
{{- if .beta2 -}}
{{- print "autoscaling/v2beta2" -}}
{{- else -}}
{{- print "autoscaling/v2beta1" -}}
{{- end -}}
{{- else -}}
{{- print "autoscaling/v2" -}}
{{- end -}}
{{- end -}}
{{/*
Return the appropriate apiVersion for Vertical Pod Autoscaler.
*/}}
{{- define "common.capabilities.vpa.apiVersion" -}}
{{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .context) -}}
{{- if .beta2 -}}
{{- print "autoscaling/v2beta2" -}}
{{- else -}}
{{- print "autoscaling/v2beta1" -}}
{{- end -}}
{{- else -}}
{{- print "autoscaling/v2" -}}
{{- end -}}
{{- end -}}
{{/*
Returns true if the used Helm version is 3.3+.
A way to check the used Helm version was not introduced until version 3.3.0 with .Capabilities.HelmVersion, which contains an additional "{}}" structure.
This check is introduced as a regexMatch instead of {{ if .Capabilities.HelmVersion }} because checking for the key HelmVersion in <3.3 results in a "interface not found" error.
**To be removed when the catalog's minimun Helm version is 3.3**
*/}}
{{- define "common.capabilities.supportsHelmVersion" -}}
{{- if regexMatch "{(v[0-9])*[^}]*}}$" (.Capabilities | toString ) }}
{{- true -}}
{{- end -}}
{{- end -}}

23
goldilocks-4.9/charts/metrics-server/charts/common/templates/_errors.tpl Normal file
View File

@ -0,0 +1,23 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Through error when upgrading using empty passwords values that must not be empty.
Usage:
{{- $validationError00 := include "common.validations.values.single.empty" (dict "valueKey" "path.to.password00" "secret" "secretName" "field" "password-00") -}}
{{- $validationError01 := include "common.validations.values.single.empty" (dict "valueKey" "path.to.password01" "secret" "secretName" "field" "password-01") -}}
{{ include "common.errors.upgrade.passwords.empty" (dict "validationErrors" (list $validationError00 $validationError01) "context" $) }}
Required password params:
- validationErrors - String - Required. List of validation strings to be return, if it is empty it won't throw error.
- context - Context - Required. Parent context.
*/}}
{{- define "common.errors.upgrade.passwords.empty" -}}
{{- $validationErrors := join "" .validationErrors -}}
{{- if and $validationErrors .context.Release.IsUpgrade -}}
{{- $errorString := "\nPASSWORDS ERROR: You must provide your current passwords when upgrading the release." -}}
{{- $errorString = print $errorString "\n Note that even after reinstallation, old credentials may be needed as they may be kept in persistent volume claims." -}}
{{- $errorString = print $errorString "\n Further information can be obtained at https://docs.bitnami.com/general/how-to/troubleshoot-helm-chart-issues/#credential-errors-while-upgrading-chart-releases" -}}
{{- $errorString = print $errorString "\n%s" -}}
{{- printf $errorString $validationErrors | fail -}}
{{- end -}}
{{- end -}}

80
goldilocks-4.9/charts/metrics-server/charts/common/templates/_images.tpl Normal file
View File

@ -0,0 +1,80 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Return the proper image name
{{ include "common.images.image" ( dict "imageRoot" .Values.path.to.the.image "global" .Values.global ) }}
*/}}
{{- define "common.images.image" -}}
{{- $registryName := .imageRoot.registry -}}
{{- $repositoryName := .imageRoot.repository -}}
{{- $separator := ":" -}}
{{- $termination := .imageRoot.tag | toString -}}
{{- if .global }}
{{- if .global.imageRegistry }}
{{- $registryName = .global.imageRegistry -}}
{{- end -}}
{{- end -}}
{{- if .imageRoot.digest }}
{{- $separator = "@" -}}
{{- $termination = .imageRoot.digest | toString -}}
{{- end -}}
{{- if $registryName }}
{{- printf "%s/%s%s%s" $registryName $repositoryName $separator $termination -}}
{{- else -}}
{{- printf "%s%s%s" $repositoryName $separator $termination -}}
{{- end -}}
{{- end -}}
{{/*
Return the proper Docker Image Registry Secret Names (deprecated: use common.images.renderPullSecrets instead)
{{ include "common.images.pullSecrets" ( dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "global" .Values.global) }}
*/}}
{{- define "common.images.pullSecrets" -}}
{{- $pullSecrets := list }}
{{- if .global }}
{{- range .global.imagePullSecrets -}}
{{- $pullSecrets = append $pullSecrets . -}}
{{- end -}}
{{- end -}}
{{- range .images -}}
{{- range .pullSecrets -}}
{{- $pullSecrets = append $pullSecrets . -}}
{{- end -}}
{{- end -}}
{{- if (not (empty $pullSecrets)) }}
imagePullSecrets:
{{- range $pullSecrets | uniq }}
- name: {{ . }}
{{- end }}
{{- end }}
{{- end -}}
{{/*
Return the proper Docker Image Registry Secret Names evaluating values as templates
{{ include "common.images.renderPullSecrets" ( dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "context" $) }}
*/}}
{{- define "common.images.renderPullSecrets" -}}
{{- $pullSecrets := list }}
{{- $context := .context }}
{{- if $context.Values.global }}
{{- range $context.Values.global.imagePullSecrets -}}
{{- $pullSecrets = append $pullSecrets (include "common.tplvalues.render" (dict "value" . "context" $context)) -}}
{{- end -}}
{{- end -}}
{{- range .images -}}
{{- range .pullSecrets -}}
{{- $pullSecrets = append $pullSecrets (include "common.tplvalues.render" (dict "value" . "context" $context)) -}}
{{- end -}}
{{- end -}}
{{- if (not (empty $pullSecrets)) }}
imagePullSecrets:
{{- range $pullSecrets | uniq }}
- name: {{ . }}
{{- end }}
{{- end }}
{{- end -}}

68
goldilocks-4.9/charts/metrics-server/charts/common/templates/_ingress.tpl Normal file
View File

@ -0,0 +1,68 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Generate backend entry that is compatible with all Kubernetes API versions.
Usage:
{{ include "common.ingress.backend" (dict "serviceName" "backendName" "servicePort" "backendPort" "context" $) }}
Params:
- serviceName - String. Name of an existing service backend
- servicePort - String/Int. Port name (or number) of the service. It will be translated to different yaml depending if it is a string or an integer.
- context - Dict - Required. The context for the template evaluation.
*/}}
{{- define "common.ingress.backend" -}}
{{- $apiVersion := (include "common.capabilities.ingress.apiVersion" .context) -}}
{{- if or (eq $apiVersion "extensions/v1beta1") (eq $apiVersion "networking.k8s.io/v1beta1") -}}
serviceName: {{ .serviceName }}
servicePort: {{ .servicePort }}
{{- else -}}
service:
name: {{ .serviceName }}
port:
{{- if typeIs "string" .servicePort }}
name: {{ .servicePort }}
{{- else if or (typeIs "int" .servicePort) (typeIs "float64" .servicePort) }}
number: {{ .servicePort | int }}
{{- end }}
{{- end -}}
{{- end -}}
{{/*
Print "true" if the API pathType field is supported
Usage:
{{ include "common.ingress.supportsPathType" . }}
*/}}
{{- define "common.ingress.supportsPathType" -}}
{{- if (semverCompare "<1.18-0" (include "common.capabilities.kubeVersion" .)) -}}
{{- print "false" -}}
{{- else -}}
{{- print "true" -}}
{{- end -}}
{{- end -}}
{{/*
Returns true if the ingressClassname field is supported
Usage:
{{ include "common.ingress.supportsIngressClassname" . }}
*/}}
{{- define "common.ingress.supportsIngressClassname" -}}
{{- if semverCompare "<1.18-0" (include "common.capabilities.kubeVersion" .) -}}
{{- print "false" -}}
{{- else -}}
{{- print "true" -}}
{{- end -}}
{{- end -}}
{{/*
Return true if cert-manager required annotations for TLS signed
certificates are set in the Ingress annotations
Ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations
Usage:
{{ include "common.ingress.certManagerRequest" ( dict "annotations" .Values.path.to.the.ingress.annotations ) }}
*/}}
{{- define "common.ingress.certManagerRequest" -}}
{{ if or (hasKey .annotations "cert-manager.io/cluster-issuer") (hasKey .annotations "cert-manager.io/issuer") (hasKey .annotations "kubernetes.io/tls-acme") }}
{{- true -}}
{{- end -}}
{{- end -}}

18
goldilocks-4.9/charts/metrics-server/charts/common/templates/_labels.tpl Normal file
View File

@ -0,0 +1,18 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Kubernetes standard labels
*/}}
{{- define "common.labels.standard" -}}
app.kubernetes.io/name: {{ include "common.names.name" . }}
helm.sh/chart: {{ include "common.names.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end -}}
{{/*
Labels to use on deploy.spec.selector.matchLabels and svc.spec.selector
*/}}
{{- define "common.labels.matchLabels" -}}
app.kubernetes.io/name: {{ include "common.names.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end -}}

66
goldilocks-4.9/charts/metrics-server/charts/common/templates/_names.tpl Normal file
View File

@ -0,0 +1,66 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Expand the name of the chart.
*/}}
{{- define "common.names.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "common.names.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "common.names.fullname" -}}
{{- if .Values.fullnameOverride -}}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- $name := default .Chart.Name .Values.nameOverride -}}
{{- if contains $name .Release.Name -}}
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Create a default fully qualified dependency name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
Usage:
{{ include "common.names.dependency.fullname" (dict "chartName" "dependency-chart-name" "chartValues" .Values.dependency-chart "context" $) }}
*/}}
{{- define "common.names.dependency.fullname" -}}
{{- if .chartValues.fullnameOverride -}}
{{- .chartValues.fullnameOverride | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- $name := default .chartName .chartValues.nameOverride -}}
{{- if contains $name .context.Release.Name -}}
{{- .context.Release.Name | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-%s" .context.Release.Name $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Allow the release namespace to be overridden for multi-namespace deployments in combined charts.
*/}}
{{- define "common.names.namespace" -}}
{{- default .Release.Namespace .Values.namespaceOverride | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create a fully qualified app name adding the installation's namespace.
*/}}
{{- define "common.names.fullname.namespace" -}}
{{- printf "%s-%s" (include "common.names.fullname" .) (include "common.names.namespace" .) | trunc 63 | trimSuffix "-" -}}
{{- end -}}

165
goldilocks-4.9/charts/metrics-server/charts/common/templates/_secrets.tpl Normal file
View File

@ -0,0 +1,165 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Generate secret name.
Usage:
{{ include "common.secrets.name" (dict "existingSecret" .Values.path.to.the.existingSecret "defaultNameSuffix" "mySuffix" "context" $) }}
Params:
- existingSecret - ExistingSecret/String - Optional. The path to the existing secrets in the values.yaml given by the user
to be used instead of the default one. Allows for it to be of type String (just the secret name) for backwards compatibility.
+info: https://github.com/bitnami/charts/tree/main/bitnami/common#existingsecret
- defaultNameSuffix - String - Optional. It is used only if we have several secrets in the same deployment.
- context - Dict - Required. The context for the template evaluation.
*/}}
{{- define "common.secrets.name" -}}
{{- $name := (include "common.names.fullname" .context) -}}
{{- if .defaultNameSuffix -}}
{{- $name = printf "%s-%s" $name .defaultNameSuffix | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- with .existingSecret -}}
{{- if not (typeIs "string" .) -}}
{{- with .name -}}
{{- $name = . -}}
{{- end -}}
{{- else -}}
{{- $name = . -}}
{{- end -}}
{{- end -}}
{{- printf "%s" $name -}}
{{- end -}}
{{/*
Generate secret key.
Usage:
{{ include "common.secrets.key" (dict "existingSecret" .Values.path.to.the.existingSecret "key" "keyName") }}
Params:
- existingSecret - ExistingSecret/String - Optional. The path to the existing secrets in the values.yaml given by the user
to be used instead of the default one. Allows for it to be of type String (just the secret name) for backwards compatibility.
+info: https://github.com/bitnami/charts/tree/main/bitnami/common#existingsecret
- key - String - Required. Name of the key in the secret.
*/}}
{{- define "common.secrets.key" -}}
{{- $key := .key -}}
{{- if .existingSecret -}}
{{- if not (typeIs "string" .existingSecret) -}}
{{- if .existingSecret.keyMapping -}}
{{- $key = index .existingSecret.keyMapping $.key -}}
{{- end -}}
{{- end }}
{{- end -}}
{{- printf "%s" $key -}}
{{- end -}}
{{/*
Generate secret password or retrieve one if already created.
Usage:
{{ include "common.secrets.passwords.manage" (dict "secret" "secret-name" "key" "keyName" "providedValues" (list "path.to.password1" "path.to.password2") "length" 10 "strong" false "chartName" "chartName" "context" $) }}
Params:
- secret - String - Required - Name of the 'Secret' resource where the password is stored.
- key - String - Required - Name of the key in the secret.
- providedValues - List<String> - Required - The path to the validating value in the values.yaml, e.g: "mysql.password". Will pick first parameter with a defined value.
- length - int - Optional - Length of the generated random password.
- strong - Boolean - Optional - Whether to add symbols to the generated random password.
- chartName - String - Optional - Name of the chart used when said chart is deployed as a subchart.
- context - Context - Required - Parent context.
The order in which this function returns a secret password:
1. Already existing 'Secret' resource
(If a 'Secret' resource is found under the name provided to the 'secret' parameter to this function and that 'Secret' resource contains a key with the name passed as the 'key' parameter to this function then the value of this existing secret password will be returned)
2. Password provided via the values.yaml
(If one of the keys passed to the 'providedValues' parameter to this function is a valid path to a key in the values.yaml and has a value, the value of the first key with a value will be returned)
3. Randomly generated secret password
(A new random secret password with the length specified in the 'length' parameter will be generated and returned)
*/}}
{{- define "common.secrets.passwords.manage" -}}
{{- $password := "" }}
{{- $subchart := "" }}
{{- $chartName := default "" .chartName }}
{{- $passwordLength := default 10 .length }}
{{- $providedPasswordKey := include "common.utils.getKeyFromList" (dict "keys" .providedValues "context" $.context) }}
{{- $providedPasswordValue := include "common.utils.getValueFromKey" (dict "key" $providedPasswordKey "context" $.context) }}
{{- $secretData := (lookup "v1" "Secret" (include "common.names.namespace" .context) .secret).data }}
{{- if $secretData }}
{{- if hasKey $secretData .key }}
{{- $password = index $secretData .key | quote }}
{{- else }}
{{- printf "\nPASSWORDS ERROR: The secret \"%s\" does not contain the key \"%s\"\n" .secret .key | fail -}}
{{- end -}}
{{- else if $providedPasswordValue }}
{{- $password = $providedPasswordValue | toString | b64enc | quote }}
{{- else }}
{{- if .context.Values.enabled }}
{{- $subchart = $chartName }}
{{- end -}}
{{- $requiredPassword := dict "valueKey" $providedPasswordKey "secret" .secret "field" .key "subchart" $subchart "context" $.context -}}
{{- $requiredPasswordError := include "common.validations.values.single.empty" $requiredPassword -}}
{{- $passwordValidationErrors := list $requiredPasswordError -}}
{{- include "common.errors.upgrade.passwords.empty" (dict "validationErrors" $passwordValidationErrors "context" $.context) -}}
{{- if .strong }}
{{- $subStr := list (lower (randAlpha 1)) (randNumeric 1) (upper (randAlpha 1)) | join "_" }}
{{- $password = randAscii $passwordLength }}
{{- $password = regexReplaceAllLiteral "\\W" $password "@" | substr 5 $passwordLength }}
{{- $password = printf "%s%s" $subStr $password | toString | shuffle | b64enc | quote }}
{{- else }}
{{- $password = randAlphaNum $passwordLength | b64enc | quote }}
{{- end }}
{{- end -}}
{{- printf "%s" $password -}}
{{- end -}}
{{/*
Reuses the value from an existing secret, otherwise sets its value to a default value.
Usage:
{{ include "common.secrets.lookup" (dict "secret" "secret-name" "key" "keyName" "defaultValue" .Values.myValue "context" $) }}
Params:
- secret - String - Required - Name of the 'Secret' resource where the password is stored.
- key - String - Required - Name of the key in the secret.
- defaultValue - String - Required - The path to the validating value in the values.yaml, e.g: "mysql.password". Will pick first parameter with a defined value.
- context - Context - Required - Parent context.
*/}}
{{- define "common.secrets.lookup" -}}
{{- $value := "" -}}
{{- $defaultValue := required "\n'common.secrets.lookup': Argument 'defaultValue' missing or empty" .defaultValue -}}
{{- $secretData := (lookup "v1" "Secret" (include "common.names.namespace" .context) .secret).data -}}
{{- if and $secretData (hasKey $secretData .key) -}}
{{- $value = index $secretData .key -}}
{{- else -}}
{{- $value = $defaultValue | toString | b64enc -}}
{{- end -}}
{{- printf "%s" $value -}}
{{- end -}}
{{/*
Returns whether a previous generated secret already exists
Usage:
{{ include "common.secrets.exists" (dict "secret" "secret-name" "context" $) }}
Params:
- secret - String - Required - Name of the 'Secret' resource where the password is stored.
- context - Context - Required - Parent context.
*/}}
{{- define "common.secrets.exists" -}}
{{- $secret := (lookup "v1" "Secret" (include "common.names.namespace" .context) .secret) }}
{{- if $secret }}
{{- true -}}
{{- end -}}
{{- end -}}

23
goldilocks-4.9/charts/metrics-server/charts/common/templates/_storage.tpl Normal file
View File

@ -0,0 +1,23 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Return the proper Storage Class
{{ include "common.storage.class" ( dict "persistence" .Values.path.to.the.persistence "global" $) }}
*/}}
{{- define "common.storage.class" -}}
{{- $storageClass := .persistence.storageClass -}}
{{- if .global -}}
{{- if .global.storageClass -}}
{{- $storageClass = .global.storageClass -}}
{{- end -}}
{{- end -}}
{{- if $storageClass -}}
{{- if (eq "-" $storageClass) -}}
{{- printf "storageClassName: \"\"" -}}
{{- else }}
{{- printf "storageClassName: %s" $storageClass -}}
{{- end -}}
{{- end -}}
{{- end -}}

13
goldilocks-4.9/charts/metrics-server/charts/common/templates/_tplvalues.tpl Normal file
View File

@ -0,0 +1,13 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Renders a value that contains template.
Usage:
{{ include "common.tplvalues.render" ( dict "value" .Values.path.to.the.Value "context" $) }}
*/}}
{{- define "common.tplvalues.render" -}}
{{- if typeIs "string" .value }}
{{- tpl .value .context }}
{{- else }}
{{- tpl (.value | toYaml) .context }}
{{- end }}
{{- end -}}

62
goldilocks-4.9/charts/metrics-server/charts/common/templates/_utils.tpl Normal file
View File

@ -0,0 +1,62 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Print instructions to get a secret value.
Usage:
{{ include "common.utils.secret.getvalue" (dict "secret" "secret-name" "field" "secret-value-field" "context" $) }}
*/}}
{{- define "common.utils.secret.getvalue" -}}
{{- $varname := include "common.utils.fieldToEnvVar" . -}}
export {{ $varname }}=$(kubectl get secret --namespace {{ include "common.names.namespace" .context | quote }} {{ .secret }} -o jsonpath="{.data.{{ .field }}}" | base64 -d)
{{- end -}}
{{/*
Build env var name given a field
Usage:
{{ include "common.utils.fieldToEnvVar" dict "field" "my-password" }}
*/}}
{{- define "common.utils.fieldToEnvVar" -}}
{{- $fieldNameSplit := splitList "-" .field -}}
{{- $upperCaseFieldNameSplit := list -}}
{{- range $fieldNameSplit -}}
{{- $upperCaseFieldNameSplit = append $upperCaseFieldNameSplit ( upper . ) -}}
{{- end -}}
{{ join "_" $upperCaseFieldNameSplit }}
{{- end -}}
{{/*
Gets a value from .Values given
Usage:
{{ include "common.utils.getValueFromKey" (dict "key" "path.to.key" "context" $) }}
*/}}
{{- define "common.utils.getValueFromKey" -}}
{{- $splitKey := splitList "." .key -}}
{{- $value := "" -}}
{{- $latestObj := $.context.Values -}}
{{- range $splitKey -}}
{{- if not $latestObj -}}
{{- printf "please review the entire path of '%s' exists in values" $.key | fail -}}
{{- end -}}
{{- $value = ( index $latestObj . ) -}}
{{- $latestObj = $value -}}
{{- end -}}
{{- printf "%v" (default "" $value) -}}
{{- end -}}
{{/*
Returns first .Values key with a defined value or first of the list if all non-defined
Usage:
{{ include "common.utils.getKeyFromList" (dict "keys" (list "path.to.key1" "path.to.key2") "context" $) }}
*/}}
{{- define "common.utils.getKeyFromList" -}}
{{- $key := first .keys -}}
{{- $reverseKeys := reverse .keys }}
{{- range $reverseKeys }}
{{- $value := include "common.utils.getValueFromKey" (dict "key" . "context" $.context ) }}
{{- if $value -}}
{{- $key = . }}
{{- end -}}
{{- end -}}
{{- printf "%s" $key -}}
{{- end -}}

14
goldilocks-4.9/charts/metrics-server/charts/common/templates/_warnings.tpl Normal file
View File

@ -0,0 +1,14 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Warning about using rolling tag.
Usage:
{{ include "common.warnings.rollingTag" .Values.path.to.the.imageRoot }}
*/}}
{{- define "common.warnings.rollingTag" -}}
{{- if and (contains "bitnami/" .repository) (not (.tag | toString | regexFind "-r\\d+$|sha256:")) }}
WARNING: Rolling tag detected ({{ .repository }}:{{ .tag }}), please note that it is strongly recommended to avoid using rolling tags in a production environment.
+info https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/
{{- end }}
{{- end -}}

72
goldilocks-4.9/charts/metrics-server/charts/common/templates/validations/_cassandra.tpl Normal file
View File

@ -0,0 +1,72 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Validate Cassandra required passwords are not empty.
Usage:
{{ include "common.validations.values.cassandra.passwords" (dict "secret" "secretName" "subchart" false "context" $) }}
Params:
- secret - String - Required. Name of the secret where Cassandra values are stored, e.g: "cassandra-passwords-secret"
- subchart - Boolean - Optional. Whether Cassandra is used as subchart or not. Default: false
*/}}
{{- define "common.validations.values.cassandra.passwords" -}}
{{- $existingSecret := include "common.cassandra.values.existingSecret" . -}}
{{- $enabled := include "common.cassandra.values.enabled" . -}}
{{- $dbUserPrefix := include "common.cassandra.values.key.dbUser" . -}}
{{- $valueKeyPassword := printf "%s.password" $dbUserPrefix -}}
{{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") -}}
{{- $requiredPasswords := list -}}
{{- $requiredPassword := dict "valueKey" $valueKeyPassword "secret" .secret "field" "cassandra-password" -}}
{{- $requiredPasswords = append $requiredPasswords $requiredPassword -}}
{{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}}
{{- end -}}
{{- end -}}
{{/*
Auxiliary function to get the right value for existingSecret.
Usage:
{{ include "common.cassandra.values.existingSecret" (dict "context" $) }}
Params:
- subchart - Boolean - Optional. Whether Cassandra is used as subchart or not. Default: false
*/}}
{{- define "common.cassandra.values.existingSecret" -}}
{{- if .subchart -}}
{{- .context.Values.cassandra.dbUser.existingSecret | quote -}}
{{- else -}}
{{- .context.Values.dbUser.existingSecret | quote -}}
{{- end -}}
{{- end -}}
{{/*
Auxiliary function to get the right value for enabled cassandra.
Usage:
{{ include "common.cassandra.values.enabled" (dict "context" $) }}
*/}}
{{- define "common.cassandra.values.enabled" -}}
{{- if .subchart -}}
{{- printf "%v" .context.Values.cassandra.enabled -}}
{{- else -}}
{{- printf "%v" (not .context.Values.enabled) -}}
{{- end -}}
{{- end -}}
{{/*
Auxiliary function to get the right value for the key dbUser
Usage:
{{ include "common.cassandra.values.key.dbUser" (dict "subchart" "true" "context" $) }}
Params:
- subchart - Boolean - Optional. Whether Cassandra is used as subchart or not. Default: false
*/}}
{{- define "common.cassandra.values.key.dbUser" -}}
{{- if .subchart -}}
cassandra.dbUser
{{- else -}}
dbUser
{{- end -}}
{{- end -}}

103
goldilocks-4.9/charts/metrics-server/charts/common/templates/validations/_mariadb.tpl Normal file
View File

@ -0,0 +1,103 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Validate MariaDB required passwords are not empty.
Usage:
{{ include "common.validations.values.mariadb.passwords" (dict "secret" "secretName" "subchart" false "context" $) }}
Params:
- secret - String - Required. Name of the secret where MariaDB values are stored, e.g: "mysql-passwords-secret"
- subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false
*/}}
{{- define "common.validations.values.mariadb.passwords" -}}
{{- $existingSecret := include "common.mariadb.values.auth.existingSecret" . -}}
{{- $enabled := include "common.mariadb.values.enabled" . -}}
{{- $architecture := include "common.mariadb.values.architecture" . -}}
{{- $authPrefix := include "common.mariadb.values.key.auth" . -}}
{{- $valueKeyRootPassword := printf "%s.rootPassword" $authPrefix -}}
{{- $valueKeyUsername := printf "%s.username" $authPrefix -}}
{{- $valueKeyPassword := printf "%s.password" $authPrefix -}}
{{- $valueKeyReplicationPassword := printf "%s.replicationPassword" $authPrefix -}}
{{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") -}}
{{- $requiredPasswords := list -}}
{{- $requiredRootPassword := dict "valueKey" $valueKeyRootPassword "secret" .secret "field" "mariadb-root-password" -}}
{{- $requiredPasswords = append $requiredPasswords $requiredRootPassword -}}
{{- $valueUsername := include "common.utils.getValueFromKey" (dict "key" $valueKeyUsername "context" .context) }}
{{- if not (empty $valueUsername) -}}
{{- $requiredPassword := dict "valueKey" $valueKeyPassword "secret" .secret "field" "mariadb-password" -}}
{{- $requiredPasswords = append $requiredPasswords $requiredPassword -}}
{{- end -}}
{{- if (eq $architecture "replication") -}}
{{- $requiredReplicationPassword := dict "valueKey" $valueKeyReplicationPassword "secret" .secret "field" "mariadb-replication-password" -}}
{{- $requiredPasswords = append $requiredPasswords $requiredReplicationPassword -}}
{{- end -}}
{{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}}
{{- end -}}
{{- end -}}
{{/*
Auxiliary function to get the right value for existingSecret.
Usage:
{{ include "common.mariadb.values.auth.existingSecret" (dict "context" $) }}
Params:
- subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false
*/}}
{{- define "common.mariadb.values.auth.existingSecret" -}}
{{- if .subchart -}}
{{- .context.Values.mariadb.auth.existingSecret | quote -}}
{{- else -}}
{{- .context.Values.auth.existingSecret | quote -}}
{{- end -}}
{{- end -}}
{{/*
Auxiliary function to get the right value for enabled mariadb.
Usage:
{{ include "common.mariadb.values.enabled" (dict "context" $) }}
*/}}
{{- define "common.mariadb.values.enabled" -}}
{{- if .subchart -}}
{{- printf "%v" .context.Values.mariadb.enabled -}}
{{- else -}}
{{- printf "%v" (not .context.Values.enabled) -}}
{{- end -}}
{{- end -}}
{{/*
Auxiliary function to get the right value for architecture
Usage:
{{ include "common.mariadb.values.architecture" (dict "subchart" "true" "context" $) }}
Params:
- subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false
*/}}
{{- define "common.mariadb.values.architecture" -}}
{{- if .subchart -}}
{{- .context.Values.mariadb.architecture -}}
{{- else -}}
{{- .context.Values.architecture -}}
{{- end -}}
{{- end -}}
{{/*
Auxiliary function to get the right value for the key auth
Usage:
{{ include "common.mariadb.values.key.auth" (dict "subchart" "true" "context" $) }}
Params:
- subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false
*/}}
{{- define "common.mariadb.values.key.auth" -}}
{{- if .subchart -}}
mariadb.auth
{{- else -}}
auth
{{- end -}}
{{- end -}}

108
goldilocks-4.9/charts/metrics-server/charts/common/templates/validations/_mongodb.tpl Normal file
View File

@ -0,0 +1,108 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Validate MongoDB&reg; required passwords are not empty.
Usage:
{{ include "common.validations.values.mongodb.passwords" (dict "secret" "secretName" "subchart" false "context" $) }}
Params:
- secret - String - Required. Name of the secret where MongoDB&reg; values are stored, e.g: "mongodb-passwords-secret"
- subchart - Boolean - Optional. Whether MongoDB&reg; is used as subchart or not. Default: false
*/}}
{{- define "common.validations.values.mongodb.passwords" -}}
{{- $existingSecret := include "common.mongodb.values.auth.existingSecret" . -}}
{{- $enabled := include "common.mongodb.values.enabled" . -}}
{{- $authPrefix := include "common.mongodb.values.key.auth" . -}}
{{- $architecture := include "common.mongodb.values.architecture" . -}}
{{- $valueKeyRootPassword := printf "%s.rootPassword" $authPrefix -}}
{{- $valueKeyUsername := printf "%s.username" $authPrefix -}}
{{- $valueKeyDatabase := printf "%s.database" $authPrefix -}}
{{- $valueKeyPassword := printf "%s.password" $authPrefix -}}
{{- $valueKeyReplicaSetKey := printf "%s.replicaSetKey" $authPrefix -}}
{{- $valueKeyAuthEnabled := printf "%s.enabled" $authPrefix -}}
{{- $authEnabled := include "common.utils.getValueFromKey" (dict "key" $valueKeyAuthEnabled "context" .context) -}}
{{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") (eq $authEnabled "true") -}}
{{- $requiredPasswords := list -}}
{{- $requiredRootPassword := dict "valueKey" $valueKeyRootPassword "secret" .secret "field" "mongodb-root-password" -}}
{{- $requiredPasswords = append $requiredPasswords $requiredRootPassword -}}
{{- $valueUsername := include "common.utils.getValueFromKey" (dict "key" $valueKeyUsername "context" .context) }}
{{- $valueDatabase := include "common.utils.getValueFromKey" (dict "key" $valueKeyDatabase "context" .context) }}
{{- if and $valueUsername $valueDatabase -}}
{{- $requiredPassword := dict "valueKey" $valueKeyPassword "secret" .secret "field" "mongodb-password" -}}
{{- $requiredPasswords = append $requiredPasswords $requiredPassword -}}
{{- end -}}
{{- if (eq $architecture "replicaset") -}}
{{- $requiredReplicaSetKey := dict "valueKey" $valueKeyReplicaSetKey "secret" .secret "field" "mongodb-replica-set-key" -}}
{{- $requiredPasswords = append $requiredPasswords $requiredReplicaSetKey -}}
{{- end -}}
{{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}}
{{- end -}}
{{- end -}}
{{/*
Auxiliary function to get the right value for existingSecret.
Usage:
{{ include "common.mongodb.values.auth.existingSecret" (dict "context" $) }}
Params:
- subchart - Boolean - Optional. Whether MongoDb is used as subchart or not. Default: false
*/}}
{{- define "common.mongodb.values.auth.existingSecret" -}}
{{- if .subchart -}}
{{- .context.Values.mongodb.auth.existingSecret | quote -}}
{{- else -}}
{{- .context.Values.auth.existingSecret | quote -}}
{{- end -}}
{{- end -}}
{{/*
Auxiliary function to get the right value for enabled mongodb.
Usage:
{{ include "common.mongodb.values.enabled" (dict "context" $) }}
*/}}
{{- define "common.mongodb.values.enabled" -}}
{{- if .subchart -}}
{{- printf "%v" .context.Values.mongodb.enabled -}}
{{- else -}}
{{- printf "%v" (not .context.Values.enabled) -}}
{{- end -}}
{{- end -}}
{{/*
Auxiliary function to get the right value for the key auth
Usage:
{{ include "common.mongodb.values.key.auth" (dict "subchart" "true" "context" $) }}
Params:
- subchart - Boolean - Optional. Whether MongoDB&reg; is used as subchart or not. Default: false
*/}}
{{- define "common.mongodb.values.key.auth" -}}
{{- if .subchart -}}
mongodb.auth
{{- else -}}
auth
{{- end -}}
{{- end -}}
{{/*
Auxiliary function to get the right value for architecture
Usage:
{{ include "common.mongodb.values.architecture" (dict "subchart" "true" "context" $) }}
Params:
- subchart - Boolean - Optional. Whether MongoDB&reg; is used as subchart or not. Default: false
*/}}
{{- define "common.mongodb.values.architecture" -}}
{{- if .subchart -}}
{{- .context.Values.mongodb.architecture -}}
{{- else -}}
{{- .context.Values.architecture -}}
{{- end -}}
{{- end -}}

103
goldilocks-4.9/charts/metrics-server/charts/common/templates/validations/_mysql.tpl Normal file
View File

@ -0,0 +1,103 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Validate MySQL required passwords are not empty.
Usage:
{{ include "common.validations.values.mysql.passwords" (dict "secret" "secretName" "subchart" false "context" $) }}
Params:
- secret - String - Required. Name of the secret where MySQL values are stored, e.g: "mysql-passwords-secret"
- subchart - Boolean - Optional. Whether MySQL is used as subchart or not. Default: false
*/}}
{{- define "common.validations.values.mysql.passwords" -}}
{{- $existingSecret := include "common.mysql.values.auth.existingSecret" . -}}
{{- $enabled := include "common.mysql.values.enabled" . -}}
{{- $architecture := include "common.mysql.values.architecture" . -}}
{{- $authPrefix := include "common.mysql.values.key.auth" . -}}
{{- $valueKeyRootPassword := printf "%s.rootPassword" $authPrefix -}}
{{- $valueKeyUsername := printf "%s.username" $authPrefix -}}
{{- $valueKeyPassword := printf "%s.password" $authPrefix -}}
{{- $valueKeyReplicationPassword := printf "%s.replicationPassword" $authPrefix -}}
{{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") -}}
{{- $requiredPasswords := list -}}
{{- $requiredRootPassword := dict "valueKey" $valueKeyRootPassword "secret" .secret "field" "mysql-root-password" -}}
{{- $requiredPasswords = append $requiredPasswords $requiredRootPassword -}}
{{- $valueUsername := include "common.utils.getValueFromKey" (dict "key" $valueKeyUsername "context" .context) }}
{{- if not (empty $valueUsername) -}}
{{- $requiredPassword := dict "valueKey" $valueKeyPassword "secret" .secret "field" "mysql-password" -}}
{{- $requiredPasswords = append $requiredPasswords $requiredPassword -}}
{{- end -}}
{{- if (eq $architecture "replication") -}}
{{- $requiredReplicationPassword := dict "valueKey" $valueKeyReplicationPassword "secret" .secret "field" "mysql-replication-password" -}}
{{- $requiredPasswords = append $requiredPasswords $requiredReplicationPassword -}}
{{- end -}}
{{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}}
{{- end -}}
{{- end -}}
{{/*
Auxiliary function to get the right value for existingSecret.
Usage:
{{ include "common.mysql.values.auth.existingSecret" (dict "context" $) }}
Params:
- subchart - Boolean - Optional. Whether MySQL is used as subchart or not. Default: false
*/}}
{{- define "common.mysql.values.auth.existingSecret" -}}
{{- if .subchart -}}
{{- .context.Values.mysql.auth.existingSecret | quote -}}
{{- else -}}
{{- .context.Values.auth.existingSecret | quote -}}
{{- end -}}
{{- end -}}
{{/*
Auxiliary function to get the right value for enabled mysql.
Usage:
{{ include "common.mysql.values.enabled" (dict "context" $) }}
*/}}
{{- define "common.mysql.values.enabled" -}}
{{- if .subchart -}}
{{- printf "%v" .context.Values.mysql.enabled -}}
{{- else -}}
{{- printf "%v" (not .context.Values.enabled) -}}
{{- end -}}
{{- end -}}
{{/*
Auxiliary function to get the right value for architecture
Usage:
{{ include "common.mysql.values.architecture" (dict "subchart" "true" "context" $) }}
Params:
- subchart - Boolean - Optional. Whether MySQL is used as subchart or not. Default: false
*/}}
{{- define "common.mysql.values.architecture" -}}
{{- if .subchart -}}
{{- .context.Values.mysql.architecture -}}
{{- else -}}
{{- .context.Values.architecture -}}
{{- end -}}
{{- end -}}
{{/*
Auxiliary function to get the right value for the key auth
Usage:
{{ include "common.mysql.values.key.auth" (dict "subchart" "true" "context" $) }}
Params:
- subchart - Boolean - Optional. Whether MySQL is used as subchart or not. Default: false
*/}}
{{- define "common.mysql.values.key.auth" -}}
{{- if .subchart -}}
mysql.auth
{{- else -}}
auth
{{- end -}}
{{- end -}}

129
goldilocks-4.9/charts/metrics-server/charts/common/templates/validations/_postgresql.tpl Normal file
View File

@ -0,0 +1,129 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Validate PostgreSQL required passwords are not empty.
Usage:
{{ include "common.validations.values.postgresql.passwords" (dict "secret" "secretName" "subchart" false "context" $) }}
Params:
- secret - String - Required. Name of the secret where postgresql values are stored, e.g: "postgresql-passwords-secret"
- subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false
*/}}
{{- define "common.validations.values.postgresql.passwords" -}}
{{- $existingSecret := include "common.postgresql.values.existingSecret" . -}}
{{- $enabled := include "common.postgresql.values.enabled" . -}}
{{- $valueKeyPostgresqlPassword := include "common.postgresql.values.key.postgressPassword" . -}}
{{- $valueKeyPostgresqlReplicationEnabled := include "common.postgresql.values.key.replicationPassword" . -}}
{{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") -}}
{{- $requiredPasswords := list -}}
{{- $requiredPostgresqlPassword := dict "valueKey" $valueKeyPostgresqlPassword "secret" .secret "field" "postgresql-password" -}}
{{- $requiredPasswords = append $requiredPasswords $requiredPostgresqlPassword -}}
{{- $enabledReplication := include "common.postgresql.values.enabled.replication" . -}}
{{- if (eq $enabledReplication "true") -}}
{{- $requiredPostgresqlReplicationPassword := dict "valueKey" $valueKeyPostgresqlReplicationEnabled "secret" .secret "field" "postgresql-replication-password" -}}
{{- $requiredPasswords = append $requiredPasswords $requiredPostgresqlReplicationPassword -}}
{{- end -}}
{{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}}
{{- end -}}
{{- end -}}
{{/*
Auxiliary function to decide whether evaluate global values.
Usage:
{{ include "common.postgresql.values.use.global" (dict "key" "key-of-global" "context" $) }}
Params:
- key - String - Required. Field to be evaluated within global, e.g: "existingSecret"
*/}}
{{- define "common.postgresql.values.use.global" -}}
{{- if .context.Values.global -}}
{{- if .context.Values.global.postgresql -}}
{{- index .context.Values.global.postgresql .key | quote -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Auxiliary function to get the right value for existingSecret.
Usage:
{{ include "common.postgresql.values.existingSecret" (dict "context" $) }}
*/}}
{{- define "common.postgresql.values.existingSecret" -}}
{{- $globalValue := include "common.postgresql.values.use.global" (dict "key" "existingSecret" "context" .context) -}}
{{- if .subchart -}}
{{- default (.context.Values.postgresql.existingSecret | quote) $globalValue -}}
{{- else -}}
{{- default (.context.Values.existingSecret | quote) $globalValue -}}
{{- end -}}
{{- end -}}
{{/*
Auxiliary function to get the right value for enabled postgresql.
Usage:
{{ include "common.postgresql.values.enabled" (dict "context" $) }}
*/}}
{{- define "common.postgresql.values.enabled" -}}
{{- if .subchart -}}
{{- printf "%v" .context.Values.postgresql.enabled -}}
{{- else -}}
{{- printf "%v" (not .context.Values.enabled) -}}
{{- end -}}
{{- end -}}
{{/*
Auxiliary function to get the right value for the key postgressPassword.
Usage:
{{ include "common.postgresql.values.key.postgressPassword" (dict "subchart" "true" "context" $) }}
Params:
- subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false
*/}}
{{- define "common.postgresql.values.key.postgressPassword" -}}
{{- $globalValue := include "common.postgresql.values.use.global" (dict "key" "postgresqlUsername" "context" .context) -}}
{{- if not $globalValue -}}
{{- if .subchart -}}
postgresql.postgresqlPassword
{{- else -}}
postgresqlPassword
{{- end -}}
{{- else -}}
global.postgresql.postgresqlPassword
{{- end -}}
{{- end -}}
{{/*
Auxiliary function to get the right value for enabled.replication.
Usage:
{{ include "common.postgresql.values.enabled.replication" (dict "subchart" "true" "context" $) }}
Params:
- subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false
*/}}
{{- define "common.postgresql.values.enabled.replication" -}}
{{- if .subchart -}}
{{- printf "%v" .context.Values.postgresql.replication.enabled -}}
{{- else -}}
{{- printf "%v" .context.Values.replication.enabled -}}
{{- end -}}
{{- end -}}
{{/*
Auxiliary function to get the right value for the key replication.password.
Usage:
{{ include "common.postgresql.values.key.replicationPassword" (dict "subchart" "true" "context" $) }}
Params:
- subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false
*/}}
{{- define "common.postgresql.values.key.replicationPassword" -}}
{{- if .subchart -}}
postgresql.replication.password
{{- else -}}
replication.password
{{- end -}}
{{- end -}}

76
goldilocks-4.9/charts/metrics-server/charts/common/templates/validations/_redis.tpl Normal file
View File

@ -0,0 +1,76 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Validate Redis&reg; required passwords are not empty.
Usage:
{{ include "common.validations.values.redis.passwords" (dict "secret" "secretName" "subchart" false "context" $) }}
Params:
- secret - String - Required. Name of the secret where redis values are stored, e.g: "redis-passwords-secret"
- subchart - Boolean - Optional. Whether redis is used as subchart or not. Default: false
*/}}
{{- define "common.validations.values.redis.passwords" -}}
{{- $enabled := include "common.redis.values.enabled" . -}}
{{- $valueKeyPrefix := include "common.redis.values.keys.prefix" . -}}
{{- $standarizedVersion := include "common.redis.values.standarized.version" . }}
{{- $existingSecret := ternary (printf "%s%s" $valueKeyPrefix "auth.existingSecret") (printf "%s%s" $valueKeyPrefix "existingSecret") (eq $standarizedVersion "true") }}
{{- $existingSecretValue := include "common.utils.getValueFromKey" (dict "key" $existingSecret "context" .context) }}
{{- $valueKeyRedisPassword := ternary (printf "%s%s" $valueKeyPrefix "auth.password") (printf "%s%s" $valueKeyPrefix "password") (eq $standarizedVersion "true") }}
{{- $valueKeyRedisUseAuth := ternary (printf "%s%s" $valueKeyPrefix "auth.enabled") (printf "%s%s" $valueKeyPrefix "usePassword") (eq $standarizedVersion "true") }}
{{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") -}}
{{- $requiredPasswords := list -}}
{{- $useAuth := include "common.utils.getValueFromKey" (dict "key" $valueKeyRedisUseAuth "context" .context) -}}
{{- if eq $useAuth "true" -}}
{{- $requiredRedisPassword := dict "valueKey" $valueKeyRedisPassword "secret" .secret "field" "redis-password" -}}
{{- $requiredPasswords = append $requiredPasswords $requiredRedisPassword -}}
{{- end -}}
{{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}}
{{- end -}}
{{- end -}}
{{/*
Auxiliary function to get the right value for enabled redis.
Usage:
{{ include "common.redis.values.enabled" (dict "context" $) }}
*/}}
{{- define "common.redis.values.enabled" -}}
{{- if .subchart -}}
{{- printf "%v" .context.Values.redis.enabled -}}
{{- else -}}
{{- printf "%v" (not .context.Values.enabled) -}}
{{- end -}}
{{- end -}}
{{/*
Auxiliary function to get the right prefix path for the values
Usage:
{{ include "common.redis.values.key.prefix" (dict "subchart" "true" "context" $) }}
Params:
- subchart - Boolean - Optional. Whether redis is used as subchart or not. Default: false
*/}}
{{- define "common.redis.values.keys.prefix" -}}
{{- if .subchart -}}redis.{{- else -}}{{- end -}}
{{- end -}}
{{/*
Checks whether the redis chart's includes the standarizations (version >= 14)
Usage:
{{ include "common.redis.values.standarized.version" (dict "context" $) }}
*/}}
{{- define "common.redis.values.standarized.version" -}}
{{- $standarizedAuth := printf "%s%s" (include "common.redis.values.keys.prefix" .) "auth" -}}
{{- $standarizedAuthValues := include "common.utils.getValueFromKey" (dict "key" $standarizedAuth "context" .context) }}
{{- if $standarizedAuthValues -}}
{{- true -}}
{{- end -}}
{{- end -}}

46
goldilocks-4.9/charts/metrics-server/charts/common/templates/validations/_validations.tpl Normal file
View File

@ -0,0 +1,46 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Validate values must not be empty.
Usage:
{{- $validateValueConf00 := (dict "valueKey" "path.to.value" "secret" "secretName" "field" "password-00") -}}
{{- $validateValueConf01 := (dict "valueKey" "path.to.value" "secret" "secretName" "field" "password-01") -}}
{{ include "common.validations.values.empty" (dict "required" (list $validateValueConf00 $validateValueConf01) "context" $) }}
Validate value params:
- valueKey - String - Required. The path to the validating value in the values.yaml, e.g: "mysql.password"
- secret - String - Optional. Name of the secret where the validating value is generated/stored, e.g: "mysql-passwords-secret"
- field - String - Optional. Name of the field in the secret data, e.g: "mysql-password"
*/}}
{{- define "common.validations.values.multiple.empty" -}}
{{- range .required -}}
{{- include "common.validations.values.single.empty" (dict "valueKey" .valueKey "secret" .secret "field" .field "context" $.context) -}}
{{- end -}}
{{- end -}}
{{/*
Validate a value must not be empty.
Usage:
{{ include "common.validations.value.empty" (dict "valueKey" "mariadb.password" "secret" "secretName" "field" "my-password" "subchart" "subchart" "context" $) }}
Validate value params:
- valueKey - String - Required. The path to the validating value in the values.yaml, e.g: "mysql.password"
- secret - String - Optional. Name of the secret where the validating value is generated/stored, e.g: "mysql-passwords-secret"
- field - String - Optional. Name of the field in the secret data, e.g: "mysql-password"
- subchart - String - Optional - Name of the subchart that the validated password is part of.
*/}}
{{- define "common.validations.values.single.empty" -}}
{{- $value := include "common.utils.getValueFromKey" (dict "key" .valueKey "context" .context) }}
{{- $subchart := ternary "" (printf "%s." .subchart) (empty .subchart) }}
{{- if not $value -}}
{{- $varname := "my-value" -}}
{{- $getCurrentValue := "" -}}
{{- if and .secret .field -}}
{{- $varname = include "common.utils.fieldToEnvVar" . -}}
{{- $getCurrentValue = printf " To get the current value:\n\n %s\n" (include "common.utils.secret.getvalue" .) -}}
{{- end -}}
{{- printf "\n '%s' must not be empty, please add '--set %s%s=$%s' to the command.%s" .valueKey $subchart .valueKey $varname $getCurrentValue -}}
{{- end -}}
{{- end -}}

5
goldilocks-4.9/charts/metrics-server/charts/common/values.yaml Normal file
View File

@ -0,0 +1,5 @@
## bitnami/common
## It is required by CI/CD tools and processes.
## @skip exampleValue
##
exampleValue: common-chart

55
goldilocks-4.9/charts/metrics-server/templates/NOTES.txt Normal file
View File

@ -0,0 +1,55 @@
CHART NAME: {{ .Chart.Name }}
CHART VERSION: {{ .Chart.Version }}
APP VERSION: {{ .Chart.AppVersion }}
** Please be patient while the chart is being deployed **
The metric server has been deployed.
{{- if or .Values.apiService.create (.Capabilities.APIVersions.Has "metrics.k8s.io/v1beta1") }}
{{- if .Values.diagnosticMode.enabled }}
The chart has been deployed in diagnostic mode. All probes have been disabled and the command has been overwritten with:
command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 4 }}
args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 4 }}
Get the list of pods by executing:
kubectl get pods --namespace {{ template "common.names.namespace" . }} -l app.kubernetes.io/instance={{ .Release.Name }}
Access the pod you want to debug by executing
kubectl exec --namespace {{ template "common.names.namespace" . }} -ti <NAME OF THE POD> -- bash
In order to replicate the container startup scripts execute this command:
metrics-server --secure-port={{ .Values.containerPorts.https }}
{{- else }}
In a few minutes you should be able to list metrics using the following
command:
kubectl get --raw "/apis/metrics.k8s.io/v1beta1/nodes"
{{- end -}}
{{- else }}
###################################################################################
### ERROR: The metrics.k8s.io/v1beta1 API service is not enabled in the cluster ###
###################################################################################
You have disabled the API service creation for this release. As the Kubernetes version in the cluster
does not have metrics.k8s.io/v1beta1, the metrics API will not work with this release unless:
Option A:
You complete your metrics-server release by running:
helm upgrade --namespace {{ include "common.names.namespace" . }} {{ .Release.Name }} oci://registry-1.docker.io/bitnamicharts/metrics-server \
--set apiService.create=true
Option B:
You configure the metrics API service outside of this Helm chart
{{- end -}}
{{- include "metrics-server.validateValues" . }}
{{- include "metrics-server.checkRollingTags" . }}

56
goldilocks-4.9/charts/metrics-server/templates/_helpers.tpl Normal file
View File

@ -0,0 +1,56 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Create the name of the service account to use
*/}}
{{- define "metrics-server.serviceAccountName" -}}
{{- if .Values.serviceAccount.create -}}
{{ default (include "common.names.fullname" .) .Values.serviceAccount.name }}
{{- else -}}
{{ default "default" .Values.serviceAccount.name }}
{{- end -}}
{{- end -}}
{{/*
Return the proper metrics-server image name
*/}}
{{- define "metrics-server.image" -}}
{{ include "common.images.image" (dict "imageRoot" .Values.image "global" .Values.global) }}
{{- end -}}
{{/*
Return the proper Docker Image Registry Secret Names
*/}}
{{- define "metrics-server.imagePullSecrets" -}}
{{- include "common.images.pullSecrets" (dict "images" (list .Values.image ) "global" .Values.global) -}}
{{- end -}}
{{/*
Compile all warnings into a single message, and call fail.
*/}}
{{- define "metrics-server.validateValues" -}}
{{- $messages := list -}}
{{- $messages := append $messages (include "metrics-server.validateValues.extraVolumes" .) -}}
{{- $messages := without $messages "" -}}
{{- $message := join "\n" $messages -}}
{{- if $message -}}
{{- printf "\nVALUES VALIDATION:\n%s" $message | fail -}}
{{- end -}}
{{- end -}}
{{/* Validate values of metrics-server - Incorrect extra volume settings */}}
{{- define "metrics-server.validateValues.extraVolumes" -}}
{{- if and (.Values.extraVolumes) (not .Values.extraVolumeMounts) -}}
metrics-server: missing-extra-volume-mounts
You specified extra volumes but not mount points for them. Please set
the extraVolumeMounts value
{{- end -}}
{{- end -}}
{{/*
Check if there are rolling tags in the images
*/}}
{{- define "metrics-server.checkRollingTags" -}}
{{- include "common.warnings.rollingTag" .Values.image }}
{{- end -}}

21
goldilocks-4.9/charts/metrics-server/templates/auth-delegator-crb.yaml Normal file
View File

@ -0,0 +1,21 @@
{{- if .Values.rbac.create -}}
apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }}
kind: ClusterRoleBinding
metadata:
name: {{ printf "%s-auth-delegator" (include "common.names.fullname.namespace" .) }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: system:auth-delegator
subjects:
- kind: ServiceAccount
name: {{ template "metrics-server.serviceAccountName" . }}
namespace: {{ include "common.names.namespace" . | quote }}
{{- end -}}

56
goldilocks-4.9/charts/metrics-server/templates/cluster-role.yaml Normal file
View File

@ -0,0 +1,56 @@
{{- if .Values.rbac.create -}}
apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }}
kind: ClusterRole
metadata:
name: {{ template "common.names.fullname.namespace" . }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
rules:
- apiGroups:
- ""
resources:
- pods
- nodes
- namespaces
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- nodes/metrics
verbs:
- get
- create
---
apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }}
kind: ClusterRole
metadata:
name: {{ printf "%s-view" (include "common.names.fullname.namespace" .) }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
rbac.authorization.k8s.io/aggregate-to-admin: "true"
rbac.authorization.k8s.io/aggregate-to-edit: "true"
rbac.authorization.k8s.io/aggregate-to-view: "true"
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
rules:
- apiGroups:
- metrics.k8s.io
resources:
- pods
- nodes
verbs:
- get
- list
- watch
{{- end -}}

154
goldilocks-4.9/charts/metrics-server/templates/deployment.yaml Normal file
View File

@ -0,0 +1,154 @@
apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }}
kind: Deployment
metadata:
name: {{ template "common.names.fullname" . }}
namespace: {{ include "common.names.namespace" . | quote }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
spec:
replicas: {{ .Values.replicas }}
selector:
matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }}
{{- if .Values.updateStrategy }}
strategy: {{- include "common.tplvalues.render" (dict "value" .Values.updateStrategy "context" $) | nindent 4 }}
{{- end }}
template:
metadata:
labels: {{- include "common.labels.standard" . | nindent 8 }}
{{- if .Values.podLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.podLabels "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.podAnnotations }}
annotations: {{- include "common.tplvalues.render" (dict "value" .Values.podAnnotations "context" $) | nindent 8 }}
{{- end }}
spec:
{{- include "metrics-server.imagePullSecrets" . | nindent 6 }}
{{- if .Values.priorityClassName }}
priorityClassName: {{ .Values.priorityClassName | quote }}
{{- end }}
serviceAccountName: {{ template "metrics-server.serviceAccountName" . }}
{{- if .Values.affinity }}
affinity: {{- include "common.tplvalues.render" (dict "value" .Values.affinity "context" $) | nindent 8 }}
{{- else }}
affinity:
podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAffinityPreset "context" $) | nindent 10 }}
podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAntiAffinityPreset "context" $) | nindent 10 }}
nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.nodeAffinityPreset.type "key" .Values.nodeAffinityPreset.key "values" .Values.nodeAffinityPreset.values) | nindent 10 }}
{{- end }}
{{- if .Values.topologySpreadConstraints }}
topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.topologySpreadConstraints "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.schedulerName }}
schedulerName: {{ .Values.schedulerName | quote }}
{{- end }}
{{- if .Values.nodeSelector }}
nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.nodeSelector "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.hostAliases }}
hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.hostAliases "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.tolerations }}
tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.tolerations "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.podSecurityContext.enabled }}
securityContext: {{- omit .Values.podSecurityContext "enabled" | toYaml | nindent 8 }}
{{- end }}
{{- if .Values.hostNetwork }}
hostNetwork: true
{{- end }}
dnsPolicy: {{ .Values.dnsPolicy }}
{{- if .Values.terminationGracePeriodSeconds }}
terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }}
{{- end }}
{{- if .Values.initContainers }}
initContainers: {{- include "common.tplvalues.render" (dict "value" .Values.initContainers "context" $) | nindent 8 }}
{{- end }}
containers:
- name: metrics-server
image: {{ template "metrics-server.image" . }}
imagePullPolicy: {{ .Values.image.pullPolicy | quote }}
{{- if .Values.containerSecurityContext.enabled }}
securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }}
{{- end }}
{{- if .Values.diagnosticMode.enabled }}
command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }}
{{- else if .Values.command }}
command: {{- include "common.tplvalues.render" (dict "value" .Values.command "context" $) | nindent 12 }}
{{- else }}
command:
- metrics-server
{{- end }}
{{- if .Values.diagnosticMode.enabled }}
args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }}
{{- else if .Values.args }}
args: {{- include "common.tplvalues.render" (dict "value" .Values.args "context" $) | nindent 12 }}
{{- else }}
args:
- --secure-port={{ .Values.containerPorts.https }}
{{- if .Values.extraArgs }}
{{- include "common.tplvalues.render" (dict "value" .Values.extraArgs "context" $) | nindent 12 }}
{{- end }}
{{- end }}
{{- if .Values.lifecycleHooks }}
lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.lifecycleHooks "context" $) | nindent 12 }}
{{- end }}
env:
{{- if .Values.extraEnvVars }}
{{- include "common.tplvalues.render" (dict "value" .Values.extraEnvVars "context" $) | nindent 12 }}
{{- end }}
envFrom:
{{- if .Values.extraEnvVarsCM }}
- configMapRef:
name: {{ include "common.tplvalues.render" (dict "value" .Values.extraEnvVarsCM "context" $) }}
{{- end }}
{{- if .Values.extraEnvVarsSecret }}
- secretRef:
name: {{ include "common.tplvalues.render" (dict "value" .Values.extraEnvVarsSecret "context" $) }}
{{- end }}
{{- if .Values.resources }}
resources: {{- toYaml .Values.resources | nindent 12 }}
{{- end }}
ports:
- name: https
containerPort: {{ .Values.containerPorts.https }}
{{- if not .Values.diagnosticMode.enabled }}
{{- if .Values.customLivenessProbe }}
livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customLivenessProbe "context" $) | nindent 12 }}
{{- else if .Values.livenessProbe.enabled }}
livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.livenessProbe "enabled") "context" $) | nindent 12 }}
httpGet:
path: /livez
port: https
scheme: HTTPS
{{- end }}
{{- if .Values.customReadinessProbe }}
readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customReadinessProbe "context" $) | nindent 12 }}
{{- else if .Values.readinessProbe.enabled }}
readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.readinessProbe "enabled") "context" $) | nindent 12 }}
httpGet:
path: /readyz
port: https
scheme: HTTPS
{{- end }}
{{- if .Values.customStartupProbe }}
startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customStartupProbe "context" $) | nindent 12 }}
{{- else if .Values.startupProbe.enabled }}
startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.startupProbe "enabled") "context" $) | nindent 12 }}
tcpSocket:
port: https
{{- end }}
{{- end }}
{{- if .Values.extraVolumeMounts }}
volumeMounts: {{- include "common.tplvalues.render" (dict "value" .Values.extraVolumeMounts "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.sidecars }}
{{- include "common.tplvalues.render" ( dict "value" .Values.sidecars "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.extraVolumes }}
volumes: {{- include "common.tplvalues.render" (dict "value" .Values.extraVolumes "context" $) | nindent 8 }}
{{- end }}

4
goldilocks-4.9/charts/metrics-server/templates/extra-list.yaml Normal file
View File

@ -0,0 +1,4 @@
{{- range .Values.extraDeploy }}
---
{{ include "common.tplvalues.render" (dict "value" . "context" $) }}
{{- end }}

25
goldilocks-4.9/charts/metrics-server/templates/metrics-api-service.yaml Normal file
View File

@ -0,0 +1,25 @@
{{- if .Values.apiService.create -}}
apiVersion: {{ include "common.capabilities.apiService.apiVersion" . }}
kind: APIService
metadata:
name: v1beta1.metrics.k8s.io
labels: {{- include "common.labels.standard" . | nindent 4 }}
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
spec:
service:
name: {{ template "common.names.fullname" . }}
namespace: {{ include "common.names.namespace" . | quote }}
group: metrics.k8s.io
version: v1beta1
insecureSkipTLSVerify: {{ .Values.apiService.insecureSkipTLSVerify | default true }}
{{- if .Values.apiService.caBundle }}
caBundle: {{ .Values.apiService.caBundle }}
{{- end }}
groupPriorityMinimum: 100
versionPriority: 100
{{- end -}}

21
goldilocks-4.9/charts/metrics-server/templates/metrics-server-crb.yaml Normal file
View File

@ -0,0 +1,21 @@
{{- if .Values.rbac.create -}}
apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }}
kind: ClusterRoleBinding
metadata:
name: {{ template "common.names.fullname.namespace" . }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: {{ template "common.names.fullname.namespace" . }}
subjects:
- kind: ServiceAccount
name: {{ template "metrics-server.serviceAccountName" . }}
namespace: {{ include "common.names.namespace" . | quote }}
{{- end -}}

23
goldilocks-4.9/charts/metrics-server/templates/pdb.yaml Normal file
View File

@ -0,0 +1,23 @@
{{- if .Values.pdb.create -}}
apiVersion: {{ include "common.capabilities.policy.apiVersion" . }}
kind: PodDisruptionBudget
metadata:
name: {{ include "common.names.fullname" . }}
namespace: {{ include "common.names.namespace" . | quote }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
spec:
{{- if .Values.pdb.minAvailable }}
minAvailable: {{ .Values.pdb.minAvailable }}
{{- end }}
{{- if .Values.pdb.maxUnavailable }}
maxUnavailable: {{ .Values.pdb.maxUnavailable }}
{{- end }}
selector:
matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }}
{{- end -}}

22
goldilocks-4.9/charts/metrics-server/templates/role-binding.yaml Normal file
View File

@ -0,0 +1,22 @@
{{- if .Values.rbac.create -}}
apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }}
kind: RoleBinding
metadata:
name: {{ printf "%s-auth-reader" (include "common.names.fullname.namespace" .) }}
namespace: kube-system
labels: {{- include "common.labels.standard" . | nindent 4 }}
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: extension-apiserver-authentication-reader
subjects:
- kind: ServiceAccount
name: {{ template "metrics-server.serviceAccountName" . }}
namespace: {{ include "common.names.namespace" . | quote }}
{{- end -}}

21
goldilocks-4.9/charts/metrics-server/templates/serviceaccount.yaml Normal file
View File

@ -0,0 +1,21 @@
{{- if .Values.serviceAccount.create -}}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ template "metrics-server.serviceAccountName" . }}
namespace: {{ include "common.names.namespace" . | quote }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
{{- if or .Values.serviceAccount.annotations .Values.commonAnnotations }}
annotations:
{{- if .Values.commonAnnotations }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
{{- if .Values.serviceAccount.annotations }}
{{- include "common.tplvalues.render" (dict "value" .Values.serviceAccount.annotations "context" $) | nindent 4 }}
{{- end }}
{{- end }}
automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }}
{{- end -}}

55
goldilocks-4.9/charts/metrics-server/templates/svc.yaml Normal file
View File

@ -0,0 +1,55 @@
apiVersion: v1
kind: Service
metadata:
name: {{ template "common.names.fullname" . }}
namespace: {{ include "common.names.namespace" . | quote }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
{{- if .Values.service.labels }}
{{- include "common.tplvalues.render" (dict "value" .Values.service.labels "context" $) | nindent 4 }}
{{- end }}
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
{{- if or .Values.service.annotations .Values.commonAnnotations }}
annotations:
{{- if .Values.commonAnnotations }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
{{- if .Values.service.annotations }}
{{- include "common.tplvalues.render" (dict "value" .Values.service.annotations "context" $) | nindent 4 }}
{{- end }}
{{- end }}
spec:
type: {{ .Values.service.type }}
{{- if and .Values.service.clusterIP (eq .Values.service.type "ClusterIP") }}
clusterIP: {{ .Values.service.clusterIP }}
{{- end }}
{{- if .Values.service.sessionAffinity }}
sessionAffinity: {{ .Values.service.sessionAffinity }}
{{- end }}
{{- if .Values.service.sessionAffinityConfig }}
sessionAffinityConfig: {{- include "common.tplvalues.render" (dict "value" .Values.service.sessionAffinityConfig "context" $) | nindent 4 }}
{{- end }}
{{- if or (eq .Values.service.type "LoadBalancer") (eq .Values.service.type "NodePort") }}
externalTrafficPolicy: {{ .Values.service.externalTrafficPolicy | quote }}
{{- end }}
{{- if and (eq .Values.service.type "LoadBalancer") (not (empty .Values.service.loadBalancerSourceRanges)) }}
loadBalancerSourceRanges: {{ .Values.service.loadBalancerSourceRanges }}
{{- end }}
{{- if and (eq .Values.service.type "LoadBalancer") (not (empty .Values.service.loadBalancerIP)) }}
loadBalancerIP: {{ .Values.service.loadBalancerIP }}
{{- end }}
ports:
- name: https
port: {{ .Values.service.ports.https }}
protocol: TCP
targetPort: https
{{- if and (or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer")) (not (empty .Values.service.nodePorts.https)) }}
nodePort: {{ .Values.service.nodePorts.https }}
{{- else if eq .Values.service.type "ClusterIP" }}
nodePort: null
{{- end }}
{{- if .Values.service.extraPorts }}
{{- include "common.tplvalues.render" (dict "value" .Values.service.extraPorts "context" $) | nindent 4 }}
{{- end }}
selector: {{- include "common.labels.matchLabels" . | nindent 4 }}

446
goldilocks-4.9/charts/metrics-server/values.yaml Normal file
View File

@ -0,0 +1,446 @@
## @section Global parameters
## Global Docker image parameters
## Please, note that this will override the image parameters, including dependencies, configured to use the global value
## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass
## @param global.imageRegistry Global Docker image registry
## @param global.imagePullSecrets Global Docker registry secret names as an array
##
global:
imageRegistry: ""
## E.g.
## imagePullSecrets:
## - myRegistryKeySecretName
##
imagePullSecrets: []
## @section Common parameters
## @param kubeVersion Force target Kubernetes version (using Helm capabilities if not set)
##
kubeVersion: ""
## @param nameOverride String to partially override common.names.fullname template (will maintain the release name)
##
nameOverride: ""
## @param fullnameOverride String to fully override common.names.fullname template
##
fullnameOverride: ""
## @param namespaceOverride String to fully override common.names.namespace
##
namespaceOverride: ""
## @param commonLabels Add labels to all the deployed resources
##
commonLabels: {}
## @param commonAnnotations Add annotations to all the deployed resources
##
commonAnnotations: {}
## @param extraDeploy Array of extra objects to deploy with the release
##
extraDeploy: []
## Enable diagnostic mode in the deployment(s)/statefulset(s)
##
diagnosticMode:
## @param diagnosticMode.enabled Enable diagnostic mode (all probes will be disabled and the command will be overridden)
##
enabled: false
## @param diagnosticMode.command Command to override all containers in the the deployment(s)/statefulset(s)
##
command:
- sleep
## @param diagnosticMode.args Args to override all containers in the the deployment(s)/statefulset(s)
##
args:
- infinity
## @section Metrics Server parameters
## Bitnami Metrics Server image version
## ref: https://hub.docker.com/r/bitnami/metrics-server/tags/
## @param image.registry Metrics Server image registry
## @param image.repository Metrics Server image repository
## @param image.tag Metrics Server image tag (immutable tags are recommended)
## @param image.digest Metrics Server image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
## @param image.pullPolicy Metrics Server image pull policy
## @param image.pullSecrets Metrics Server image pull secrets
##
image:
registry: docker.io
repository: bitnami/metrics-server
tag: 0.6.3-debian-11-r21
digest: ""
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
## ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images
##
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets.
## Secrets must be manually created in the namespace.
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
## e.g:
## pullSecrets:
## - myRegistryKeySecretName
##
pullSecrets: []
## @param hostAliases Add deployment host aliases
## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
##
hostAliases: []
## @param replicas Number of metrics-server nodes to deploy
##
replicas: 1
## @param updateStrategy.type Set up update strategy for metrics-server installation.
## Set to Recreate if you use persistent volume that cannot be mounted by more than one pods to make sure the pods is destroyed first.
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy
## Example:
## updateStrategy:
## type: RollingUpdate
## rollingUpdate:
## maxSurge: 25%
## maxUnavailable: 25%
##
updateStrategy:
type: RollingUpdate
## Role Based Access
## ref: https://kubernetes.io/docs/admin/authorization/rbac/
##
rbac:
## @param rbac.create Enable RBAC authentication
##
create: true
## Pods Service Account
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
##
serviceAccount:
## @param serviceAccount.create Specifies whether a ServiceAccount should be created
##
create: true
## @param serviceAccount.name The name of the ServiceAccount to create
## If not set and create is true, a name is generated using the common.names.fullname template
name: ""
## @param serviceAccount.automountServiceAccountToken Automount API credentials for a service account
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#use-the-default-service-account-to-access-the-api-server
##
automountServiceAccountToken: true
## @param serviceAccount.annotations Annotations for service account. Evaluated as a template. Only used if `create` is `true`.
##
annotations: {}
## API service parameters
##
apiService:
## @param apiService.create Specifies whether the v1beta1.metrics.k8s.io API service should be created. You can check if it is needed with `kubectl get --raw "/apis/metrics.k8s.io/v1beta1/nodes"`.
## This is still necessary up to at least k8s version >= 1.21, but depends on vendors and cloud providers.
##
create: false
## @param apiService.insecureSkipTLSVerify Specifies whether to skip self-verifying self-signed TLS certificates. Set to "false" if you are providing your own certificates.
## Note that "false" MUST be in quotation marks (cf. https://github.com/helm/helm/issues/3308), since false without quotation marks will render to true
insecureSkipTLSVerify: true
## @param apiService.caBundle A base64-encoded string of concatenated certificates for the CA chain for the APIService.
caBundle: ""
## @param containerPorts.https Port where metrics-server will be running
##
containerPorts:
https: 8443
## @param hostNetwork Enable hostNetwork mode
## You would require this enabled if you use alternate overlay networking for pods and
## API server unable to communicate with metrics-server. As an example, this is required
## if you use Weave network on EKS
##
hostNetwork: false
## @param dnsPolicy Default dnsPolicy setting
## If you enable hostNetwork then you may need to set your dnsPolicy to something other
## than "ClusterFirst" depending on your requirements.
dnsPolicy: "ClusterFirst"
## @param command Override default container command (useful when using custom images)
##
command: []
## @param args Override default container args (useful when using custom images)
##
args: []
## @param lifecycleHooks for the metrics-server container(s) to automate configuration before or after startup
##
lifecycleHooks: {}
## @param extraEnvVars Array with extra environment variables to add to metrics-server nodes
## e.g:
## extraEnvVars:
## - name: FOO
## value: "bar"
##
extraEnvVars: []
## @param extraEnvVarsCM Name of existing ConfigMap containing extra env vars for metrics-server nodes
##
extraEnvVarsCM: ""
## @param extraEnvVarsSecret Name of existing Secret containing extra env vars for metrics-server nodes
##
extraEnvVarsSecret: ""
## @param extraArgs Extra arguments to pass to metrics-server on start up
## ref: https://github.com/kubernetes-incubator/metrics-server#flags
##
## extraArgs:
## - --kubelet-insecure-tls=true
## - --kubelet-preferred-address-types=InternalIP
##
extraArgs: []
## @param sidecars Add additional sidecar containers to the metrics-server pod(s)
## e.g:
## sidecars:
## - name: your-image-name
## image: your-image
## imagePullPolicy: Always
## ports:
## - name: portname
## containerPort: 1234
##
sidecars: []
## @param initContainers Add additional init containers to the metrics-server pod(s)
## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
## e.g:
## initContainers:
## - name: your-image-name
## image: your-image
## imagePullPolicy: Always
## command: ['sh', '-c', 'echo "hello world"']
##
initContainers: []
## @param podLabels Pod labels
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
##
podLabels: {}
## @param podAnnotations Pod annotations
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
##
podAnnotations: {}
## @param priorityClassName Priority class for pod scheduling
## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass
priorityClassName: ""
## @param schedulerName Name of the k8s scheduler (other than default)
## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
##
schedulerName: ""
## @param terminationGracePeriodSeconds In seconds, time the given to the metrics-server pod needs to terminate gracefully
## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods
##
terminationGracePeriodSeconds: ""
## @param podAffinityPreset Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
##
podAffinityPreset: ""
## @param podAntiAffinityPreset Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
##
podAntiAffinityPreset: soft
## Pod disruption budget
## ref: https://kubernetes.io/docs/concepts/workloads/pods/disruptions/#pod-disruption-budgets
## @param pdb.create Create a PodDisruptionBudget
## @param pdb.minAvailable Minimum available instances
## @param pdb.maxUnavailable Maximum unavailable instances
##
pdb:
create: false
minAvailable: ""
maxUnavailable: ""
## Node affinity preset
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
##
nodeAffinityPreset:
## @param nodeAffinityPreset.type Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
##
type: ""
## @param nodeAffinityPreset.key Node label key to match. Ignored if `affinity` is set.
## E.g.
## key: "kubernetes.io/e2e-az-name"
##
key: ""
## @param nodeAffinityPreset.values Node label values to match. Ignored if `affinity` is set.
## E.g.
## values:
## - e2e-az1
## - e2e-az2
##
values: []
## @param affinity Affinity for pod assignment
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
## Note: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set
##
affinity: {}
## @param topologySpreadConstraints Topology spread constraints for pod
## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints
##
topologySpreadConstraints: []
## @param nodeSelector Node labels for pod assignment
## ref: https://kubernetes.io/docs/user-guide/node-selection/
##
nodeSelector: {}
## @param tolerations Tolerations for pod assignment
## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
##
tolerations: []
## Metrics Server K8s svc properties
##
service:
## @param service.type Kubernetes Service type
##
type: ClusterIP
## @param service.ports.https Kubernetes Service port
##
ports:
https: 443
## @param service.nodePorts.https Kubernetes Service port
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
## e.g:
## nodePort: 30001
##
nodePorts:
https: ""
## @param service.clusterIP metrics-server service Cluster IP
## e.g.:
## clusterIP: None
##
clusterIP: ""
## @param service.loadBalancerIP LoadBalancer IP if Service type is `LoadBalancer`
## Set the LoadBalancer service type to internal only.
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer
##
loadBalancerIP: ""
## @param service.loadBalancerSourceRanges metrics-server service Load Balancer sources
## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
## e.g:
## loadBalancerSourceRanges:
## - 10.10.10.0/24
##
loadBalancerSourceRanges: []
## @param service.externalTrafficPolicy metrics-server service external traffic policy
## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
##
externalTrafficPolicy: Cluster
## @param service.extraPorts Extra ports to expose (normally used with the `sidecar` value)
##
extraPorts: []
## @param service.annotations Annotations for the Service
## set the LoadBalancer service type to internal only.
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer
##
annotations: {}
## @param service.labels Labels for the Service
## have metrics-server show up in `kubectl cluster-info`
## kubernetes.io/cluster-service: "true"
## kubernetes.io/name: "Metrics-server"
##
labels: {}
## @param service.sessionAffinity Session Affinity for Kubernetes service, can be "None" or "ClientIP"
## If "ClientIP", consecutive client requests will be directed to the same Pod
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
##
sessionAffinity: None
## @param service.sessionAffinityConfig Additional settings for the sessionAffinity
## sessionAffinityConfig:
## clientIP:
## timeoutSeconds: 300
##
sessionAffinityConfig: {}
## Metric Server containers' resource requests and limits
## ref: https://kubernetes.io/docs/user-guide/compute-resources/
## We usually recommend not to specify default resources and to leave this as a conscious
## choice for the user. This also increases chances charts run on environments with little
## resources, such as Minikube. If you do want to specify resources, uncomment the following
## lines, adjust them as necessary, and remove the curly braces after 'resources:'.
## @param resources.limits The resources limits for the container
## @param resources.requests The requested resources for the container
##
resources:
## Example:
## limits:
## cpu: 250m
## memory: 256Mi
limits: {}
## Examples:
## requests:
## cpu: 250m
## memory: 256Mi
requests: {}
## Configure extra options for metrics-server containers' liveness, readiness and startup probes
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes)
## @param startupProbe.enabled Enable startupProbe
## @param startupProbe.initialDelaySeconds Initial delay seconds for startupProbe
## @param startupProbe.periodSeconds Period seconds for startupProbe
## @param startupProbe.timeoutSeconds Timeout seconds for startupProbe
## @param startupProbe.failureThreshold Failure threshold for startupProbe
## @param startupProbe.successThreshold Success threshold for startupProbe
startupProbe:
enabled: false
initialDelaySeconds: 0
periodSeconds: 10
timeoutSeconds: 1
failureThreshold: 3
successThreshold: 1
## @param livenessProbe.enabled Enable livenessProbe
## @param livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe
## @param livenessProbe.periodSeconds Period seconds for livenessProbe
## @param livenessProbe.timeoutSeconds Timeout seconds for livenessProbe
## @param livenessProbe.failureThreshold Failure threshold for livenessProbe
## @param livenessProbe.successThreshold Success threshold for livenessProbe
##
livenessProbe:
enabled: true
initialDelaySeconds: 0
periodSeconds: 10
timeoutSeconds: 1
failureThreshold: 3
successThreshold: 1
## @param readinessProbe.enabled Enable readinessProbe
## @param readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe
## @param readinessProbe.periodSeconds Period seconds for readinessProbe
## @param readinessProbe.timeoutSeconds Timeout seconds for readinessProbe
## @param readinessProbe.failureThreshold Failure threshold for readinessProbe
## @param readinessProbe.successThreshold Success threshold for readinessProbe
##
readinessProbe:
enabled: true
initialDelaySeconds: 0
periodSeconds: 10
timeoutSeconds: 1
failureThreshold: 3
successThreshold: 1
## @param customStartupProbe Custom liveness probe for the Web component
##
customStartupProbe: {}
## @param customLivenessProbe Custom Liveness probes for metrics-server
##
customLivenessProbe: {}
## @param customReadinessProbe Custom Readiness probes metrics-server
##
customReadinessProbe: {}
## Container security context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
## @param containerSecurityContext.enabled Enable Container security context
## @param containerSecurityContext.readOnlyRootFilesystem ReadOnlyRootFilesystem for the container
## @param containerSecurityContext.runAsNonRoot Run containers as non-root users
## @param containerSecurityContext.runAsUser Set containers' Security Context runAsUser
##
containerSecurityContext:
enabled: true
readOnlyRootFilesystem: false
runAsNonRoot: true
runAsUser: 1001
## Pod security context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
## @param podSecurityContext.enabled Pod security context
## @param podSecurityContext.fsGroup Set %%MAIN_CONTAINER_NAME%% pod's Security Context fsGroup
##
podSecurityContext:
enabled: false
fsGroup: 1001
## Extra volumes to mount
## @param extraVolumes Extra volumes
## @param extraVolumeMounts Mount extra volume(s)
## Example Use Case: mount an `emptyDir` to allow running with a `readOnlyRootFilesystem: true`
## extraVolumes:
## - name: tmpdir
## emptyDir: {}
##
extraVolumes: []
## extraVolumeMounts:
## - name: tmpdir
## mountPath: /tmp
##
extraVolumeMounts: []

23
goldilocks-4.9/charts/vpa/.helmignore Normal file
View File

@ -0,0 +1,23 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*.orig
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/

6
goldilocks-4.9/charts/vpa/Chart.lock Normal file
View File

@ -0,0 +1,6 @@
dependencies:
- name: metrics-server
repository: https://kubernetes-sigs.github.io/metrics-server/
version: 3.10.0
digest: sha256:0a1ceadffa31a28b452eddff98027bcc4df9894d22f2e74ccbfa1828477db27c
generated: "2023-06-05T09:00:56.207403385+02:00"

19
goldilocks-4.9/charts/vpa/Chart.yaml Normal file
View File

@ -0,0 +1,19 @@
apiVersion: v2
appVersion: 0.13.0
dependencies:
- alias: metrics-server
condition: metrics-server.enabled
name: metrics-server
repository: https://kubernetes-sigs.github.io/metrics-server/
version: 3.10.0
description: A Helm chart for Kubernetes Vertical Pod Autoscaler
home: https://github.com/FairwindsOps/charts/tree/master/stable/vpa
kubeVersion: '>= 1.21.0-0'
maintainers:
- name: sudermanjr
name: vpa
sources:
- https://github.com/FairwindsOps/charts/tree/master/stable/vpa
- https://github.com/kubernetes/autoscaler/tree/master/vertical-pod-autoscaler
type: application
version: 2.2.0

190
goldilocks-4.9/charts/vpa/README.md Normal file
View File

@ -0,0 +1,190 @@
# VPA
A chart to install the [Kubernetes Vertical Pod Autoscaler](https://github.com/kubernetes/autoscaler/tree/master/vertical-pod-autoscaler)
This chart is mostly based on the manifests and various scripts in the `deploy` and `hack` directories of the VPA repository.
## Tests and Debugging
There are a few tests included with this chart that can help debug why your installation of VPA isn't working as expected. You can run `helm test -n <Release Namespace> <Release Name>` to run them.
* `crds-available` - Checks for both the _verticalpodautoscalers_ and _verticalpodautoscalercheckpoints_ CRDs
* `metrics-api-available` - Checks to make sure that the metrics API endpoint is available. If it's not, install [metrics-server](https://github.com/kubernetes-sigs/metrics-server) in your cluster.
* `create-vpa` - A simple check to make sure that VPA objects can be created in your cluster. Does not check for functionality of that VPA.
+ `webhook-configuration` - Checks that both the service and the CA bundle in the MutatingWebhookconfiguration are configured correctly.
## Components
There are three primary components to the Vertical Pod Autoscaler that can be enabled individually here.
* recommender
* updater
* admissionController
The admissionController is the only one that poses a stability consideration because it will create a `MutatingWebhookconfiguration` in your cluster. This _could_ cause the cluster to stop accepting pod creation requests, if it is not configured correctly. Because of this, the `MutatingWebhookconfiguration` has its `failurePolicy` set to `Ignore` by default.
For more details, please see the values below, and the vertical pod autosclaer documentation.
## *BREAKING* Upgrading from <= v1.7.x to 2.0.0
### Certificate generation
The certificate creation process was changed from using OpenSSL to [kube-webhook-certgen](https://github.com/kubernetes/ingress-nginx/tree/main/images/kube-webhook-certgen) to simplify the process.
It still uses the same configuration keys (.Values.admissionController.certGen), which makes it impossible to reuse the values from a previous install.
You can mitigate this change by setting the correct image for the upgrade:
```bash
helm upgrade <release name> fairwinds-stable/vpa --version 2.0.0 --reuse-values \
--set "admissionController.certGen.image.repository=registry.k8s.io/ingress-nginx/kube-webhook-certgen" \
--set "admissionController.certGen.image.tag=v20230312-helm-chart-4.5.2-28-g66a760794"
```
The new process is incompatible with the old secrets layout. To mitigate this, the secret was renamed to (by default) `<release name>-tls-certs` and can now also be customized.
All other changes are implemented in a non breaking fashion.
### MutatingWebhookconfiguration
Previously, the webhook creation was handled by the admission controller itself. This had the downside that Helm is not in control of the resource and therefore required the cleanupOnDelete job.
This version disables the *selfRegistration* by the admission controller and creates the MutatingWebhookconfiguration using Helm.
You can either:
* Migrate the MutatingWebhookconfiguration by:
* adding the label `app.kubernetes.io/managed-by: Helm`
* adding the annotation `meta.helm.sh/release-name: <release name>`
* adding the annotation `meta.helm.sh/release-namespace: <release namespace>`
* delete the configuration and it will be recreated by Helm
* or keep the configuration as it is and Helm will ignore it. Execute the tests, to make sure everything works.
Also, the `cleanupOnDelete` configuration is obsolete.
### Admission controller
The admission controller is enabled by default.
## *BREAKING* Upgrading from v0.x.x to v1.x.x
In the previous version, when the admissionController.cleanupOnDelete flag was set to true, MutatingWebhookconfiguration and the tls secret for the admission controller were removed. There was no chance to pass any image information to start remove process. Now, it could be passed custom image by version 1.0.0.
```yaml
cleanupOnDelete:
enabled: true
image:
repository: quay.io/reactiveops/ci-images
tag: v11-alpine
```
## Installation
```bash
helm repo add fairwinds-stable https://charts.fairwinds.com/stable
helm install vpa fairwinds-stable/vpa --namespace vpa --create-namespace
```
## Utilize Prometheus for History
In order to utilize prometheus for recommender history, you will need to pass some extra flags to the recommender. If you use prometheus operator installed in the `prometheus-operator` namespace, these values will do the trick.
```yaml
recommender:
extraArgs:
prometheus-address: |
http://prometheus-operator-prometheus.prometheus-operator.svc.cluster.local:9090
storage: prometheus
```
## Values
| Key | Type | Default | Description |
|-----|------|---------|-------------|
| imagePullSecrets | list | `[]` | A list of image pull secrets to be used for all pods |
| priorityClassName | string | `""` | To set the priorityclass for all pods |
| nameOverride | string | `""` | A template override for the name |
| fullnameOverride | string | `""` | A template override for the fullname |
| podLabels | object | `{}` | Labels to add to all pods |
| rbac.create | bool | `true` | If true, then rbac resources (clusterroles and clusterrolebindings) will be created for the selected components. Temporary rbac resources will still be created, to ensure a functioning installation process |
| serviceAccount.create | bool | `true` | Specifies whether a service account should be created for each component |
| serviceAccount.annotations | object | `{}` | Annotations to add to the service accounts for each component |
| serviceAccount.name | string | `""` | The base name of the service account to use (appended with the component). If not set and create is true, a name is generated using the fullname template and appended for each component |
| serviceAccount.automountServiceAccountToken | bool | `true` | Automount API credentials for the Service Account |
| recommender.enabled | bool | `true` | If true, the vpa recommender component will be installed. |
| recommender.extraArgs | object | `{"pod-recommendation-min-cpu-millicores":15,"pod-recommendation-min-memory-mb":100,"v":"4"}` | A set of key-value flags to be passed to the recommender |
| recommender.replicaCount | int | `1` | |
| recommender.podDisruptionBudget | object | `{}` | This is the setting for the pod disruption budget |
| recommender.image.repository | string | `"registry.k8s.io/autoscaling/vpa-recommender"` | The location of the recommender image |
| recommender.image.tag | string | `""` | Overrides the image tag whose default is the chart appVersion |
| recommender.image.pullPolicy | string | `"Always"` | The pull policy for the recommender image. Recommend not changing this |
| recommender.podAnnotations | object | `{}` | Annotations to add to the recommender pod |
| recommender.podLabels | object | `{}` | Labels to add to the recommender pod |
| recommender.podSecurityContext | object | `{"runAsNonRoot":true,"runAsUser":65534}` | The security context for the recommender pod |
| recommender.securityContext | object | `{}` | The security context for the containers inside the recommender pod |
| recommender.livenessProbe | object | `{"failureThreshold":6,"httpGet":{"path":"/health-check","port":"metrics","scheme":"HTTP"},"periodSeconds":5,"successThreshold":1,"timeoutSeconds":3}` | The liveness probe definition inside the recommender pod |
| recommender.readinessProbe | object | `{"failureThreshold":120,"httpGet":{"path":"/health-check","port":"metrics","scheme":"HTTP"},"periodSeconds":5,"successThreshold":1,"timeoutSeconds":3}` | The readiness probe definition inside the recommender pod |
| recommender.resources | object | `{"limits":{"cpu":"200m","memory":"1000Mi"},"requests":{"cpu":"50m","memory":"500Mi"}}` | The resources block for the recommender pod |
| recommender.nodeSelector | object | `{}` | |
| recommender.tolerations | list | `[]` | |
| recommender.affinity | object | `{}` | |
| recommender.podMonitor | object | `{"annotations":{},"enabled":false,"labels":{}}` | Enables a prometheus operator podMonitor for the recommender |
| updater.enabled | bool | `true` | If true, the updater component will be deployed |
| updater.extraArgs | object | `{}` | A key-value map of flags to pass to the updater |
| updater.replicaCount | int | `1` | |
| updater.podDisruptionBudget | object | `{}` | This is the setting for the pod disruption budget |
| updater.image.repository | string | `"registry.k8s.io/autoscaling/vpa-updater"` | The location of the updater image |
| updater.image.tag | string | `""` | Overrides the image tag whose default is the chart appVersion |
| updater.image.pullPolicy | string | `"Always"` | The pull policy for the updater image. Recommend not changing this |
| updater.podAnnotations | object | `{}` | Annotations to add to the updater pod |
| updater.podLabels | object | `{}` | Labels to add to the updater pod |
| updater.podSecurityContext | object | `{"runAsNonRoot":true,"runAsUser":65534}` | The security context for the updater pod |
| updater.securityContext | object | `{}` | The security context for the containers inside the updater pod |
| updater.livenessProbe | object | `{"failureThreshold":6,"httpGet":{"path":"/health-check","port":"metrics","scheme":"HTTP"},"periodSeconds":5,"successThreshold":1,"timeoutSeconds":3}` | The liveness probe definition inside the updater pod |
| updater.readinessProbe | object | `{"failureThreshold":120,"httpGet":{"path":"/health-check","port":"metrics","scheme":"HTTP"},"periodSeconds":5,"successThreshold":1,"timeoutSeconds":3}` | The readiness probe definition inside the updater pod |
| updater.resources | object | `{"limits":{"cpu":"200m","memory":"1000Mi"},"requests":{"cpu":"50m","memory":"500Mi"}}` | The resources block for the updater pod |
| updater.nodeSelector | object | `{}` | |
| updater.tolerations | list | `[]` | |
| updater.affinity | object | `{}` | |
| updater.podMonitor | object | `{"annotations":{},"enabled":false,"labels":{}}` | Enables a prometheus operator podMonitor for the updater |
| admissionController.enabled | bool | `true` | If true, will install the admission-controller component of vpa |
| admissionController.extraArgs | object | `{}` | A key-value map of flags to pass to the admissionController |
| admissionController.generateCertificate | bool | `true` | If true and admissionController is enabled, a pre-install hook will run to create the certificate for the webhook |
| admissionController.secretName | string | `"{{ include \"vpa.fullname\" . }}-tls-secret"` | Name for the TLS secret created for the webhook. Default {{ .Release.Name }}-tls-secret |
| admissionController.certGen.image.repository | string | `"registry.k8s.io/ingress-nginx/kube-webhook-certgen"` | An image that contains certgen for creating certificates. Only used if admissionController.generateCertificate is true |
| admissionController.certGen.image.tag | string | `"v20230312-helm-chart-4.5.2-28-g66a760794"` | An image tag for the admissionController.certGen.image.repository image. Only used if admissionController.generateCertificate is true |
| admissionController.certGen.image.pullPolicy | string | `"Always"` | The pull policy for the certgen image. Recommend not changing this |
| admissionController.certGen.env | object | `{}` | Additional environment variables to be added to the certgen container. Format is KEY: Value format |
| admissionController.certGen.resources | object | `{}` | The resources block for the certgen pod |
| admissionController.certGen.securityContext | object | `{}` | The securityContext block for the certgen pod |
| admissionController.certGen.nodeSelector | object | `{}` | |
| admissionController.certGen.tolerations | list | `[]` | |
| admissionController.certGen.affinity | object | `{}` | |
| admissionController.mutatingWebhookConfiguration.annotations | object | `{}` | Additional annotations for the MutatingWebhookConfiguration. Can be used for integration with cert-manager |
| admissionController.mutatingWebhookConfiguration.failurePolicy | string | `"Ignore"` | The failurePolicy for the mutating webhook. Allowed values are: Ignore, Fail |
| admissionController.mutatingWebhookConfiguration.namespaceSelector | object | `{}` | The namespaceSelector controls, which namespaces are affected by the webhook |
| admissionController.mutatingWebhookConfiguration.objectSelector | object | `{}` | The objectSelector can filter object on e.g. labels |
| admissionController.mutatingWebhookConfiguration.timeoutSeconds | int | `30` | |
| admissionController.replicaCount | int | `1` | |
| admissionController.podDisruptionBudget | object | `{}` | This is the setting for the pod disruption budget |
| admissionController.image.repository | string | `"registry.k8s.io/autoscaling/vpa-admission-controller"` | The location of the vpa admission controller image |
| admissionController.image.tag | string | `""` | Overrides the image tag whose default is the chart appVersion |
| admissionController.image.pullPolicy | string | `"Always"` | The pull policy for the admission controller image. Recommend not changing this |
| admissionController.podAnnotations | object | `{}` | Annotations to add to the admission controller pod |
| admissionController.podLabels | object | `{}` | Labels to add to the admission controller pod |
| admissionController.podSecurityContext | object | `{"runAsNonRoot":true,"runAsUser":65534}` | The security context for the admission controller pod |
| admissionController.securityContext | object | `{}` | The security context for the containers inside the admission controller pod |
| admissionController.livenessProbe | object | `{"failureThreshold":6,"httpGet":{"path":"/health-check","port":"metrics","scheme":"HTTP"},"periodSeconds":5,"successThreshold":1,"timeoutSeconds":3}` | The liveness probe definition inside the admission controller pod |
| admissionController.readinessProbe | object | `{"failureThreshold":120,"httpGet":{"path":"/health-check","port":"metrics","scheme":"HTTP"},"periodSeconds":5,"successThreshold":1,"timeoutSeconds":3}` | The readiness probe definition inside the admission controller pod |
| admissionController.resources | object | `{"limits":{"cpu":"200m","memory":"500Mi"},"requests":{"cpu":"50m","memory":"200Mi"}}` | The resources block for the admission controller pod |
| admissionController.tlsSecretKeys | list | `[]` | The keys in the vpa-tls-certs secret to map in to the admission controller |
| admissionController.nodeSelector | object | `{}` | |
| admissionController.tolerations | list | `[]` | |
| admissionController.affinity | object | `{}` | |
| tests.securityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"readOnlyRootFilesystem":true,"runAsNonRoot":true,"runAsUser":10324}` | The security context for the containers run as helm hook tests |
| tests.image.repository | string | `"bitnami/kubectl"` | An image used for testing containing bash, cat and kubectl |
| tests.image.tag | string | `""` | An image tag for the tests image |
| tests.image.pullPolicy | string | `"Always"` | The pull policy for the tests image. |
| metrics-server | object | `{"enabled":false}` | configuration options for the [metrics server Helm chart](https://github.com/kubernetes-sigs/metrics-server/tree/master/charts/metrics-server). See the projects [README.md](https://github.com/kubernetes-sigs/metrics-server/tree/master/charts/metrics-server#configuration) for all available options |
| metrics-server.enabled | bool | `false` | Whether or not the metrics server Helm chart should be installed |

101
goldilocks-4.9/charts/vpa/README.md.gotmpl Normal file
View File

@ -0,0 +1,101 @@
# VPA
A chart to install the [Kubernetes Vertical Pod Autoscaler](https://github.com/kubernetes/autoscaler/tree/master/vertical-pod-autoscaler)
This chart is mostly based on the manifests and various scripts in the `deploy` and `hack` directories of the VPA repository.
## Tests and Debugging
There are a few tests included with this chart that can help debug why your installation of VPA isn't working as expected. You can run `helm test -n <Release Namespace> <Release Name>` to run them.
* `crds-available` - Checks for both the _verticalpodautoscalers_ and _verticalpodautoscalercheckpoints_ CRDs
* `metrics-api-available` - Checks to make sure that the metrics API endpoint is available. If it's not, install [metrics-server](https://github.com/kubernetes-sigs/metrics-server) in your cluster.
* `create-vpa` - A simple check to make sure that VPA objects can be created in your cluster. Does not check for functionality of that VPA.
+ `webhook-configuration` - Checks that both the service and the CA bundle in the MutatingWebhookconfiguration are configured correctly.
## Components
There are three primary components to the Vertical Pod Autoscaler that can be enabled individually here.
* recommender
* updater
* admissionController
The admissionController is the only one that poses a stability consideration because it will create a `MutatingWebhookconfiguration` in your cluster. This _could_ cause the cluster to stop accepting pod creation requests, if it is not configured correctly. Because of this, the `MutatingWebhookconfiguration` has its `failurePolicy` set to `Ignore` by default.
For more details, please see the values below, and the vertical pod autosclaer documentation.
## *BREAKING* Upgrading from <= v1.7.x to 2.0.0
### Certificate generation
The certificate creation process was changed from using OpenSSL to [kube-webhook-certgen](https://github.com/kubernetes/ingress-nginx/tree/main/images/kube-webhook-certgen) to simplify the process.
It still uses the same configuration keys (.Values.admissionController.certGen), which makes it impossible to reuse the values from a previous install.
You can mitigate this change by setting the correct image for the upgrade:
```bash
helm upgrade <release name> fairwinds-stable/vpa --version 2.0.0 --reuse-values \
--set "admissionController.certGen.image.repository=registry.k8s.io/ingress-nginx/kube-webhook-certgen" \
--set "admissionController.certGen.image.tag=v20230312-helm-chart-4.5.2-28-g66a760794"
```
The new process is incompatible with the old secrets layout. To mitigate this, the secret was renamed to (by default) `<release name>-tls-certs` and can now also be customized.
All other changes are implemented in a non breaking fashion.
### MutatingWebhookconfiguration
Previously, the webhook creation was handled by the admission controller itself. This had the downside that Helm is not in control of the resource and therefore required the cleanupOnDelete job.
This version disables the *selfRegistration* by the admission controller and creates the MutatingWebhookconfiguration using Helm.
You can either:
* Migrate the MutatingWebhookconfiguration by:
* adding the label `app.kubernetes.io/managed-by: Helm`
* adding the annotation `meta.helm.sh/release-name: <release name>`
* adding the annotation `meta.helm.sh/release-namespace: <release namespace>`
* delete the configuration and it will be recreated by Helm
* or keep the configuration as it is and Helm will ignore it. Execute the tests, to make sure everything works.
Also, the `cleanupOnDelete` configuration is obsolete.
### Admission controller
The admission controller is enabled by default.
## *BREAKING* Upgrading from v0.x.x to v1.x.x
In the previous version, when the admissionController.cleanupOnDelete flag was set to true, MutatingWebhookconfiguration and the tls secret for the admission controller were removed. There was no chance to pass any image information to start remove process. Now, it could be passed custom image by version 1.0.0.
```yaml
cleanupOnDelete:
enabled: true
image:
repository: quay.io/reactiveops/ci-images
tag: v11-alpine
```
## Installation
```bash
helm repo add fairwinds-stable https://charts.fairwinds.com/stable
helm install vpa fairwinds-stable/vpa --namespace vpa --create-namespace
```
## Utilize Prometheus for History
In order to utilize prometheus for recommender history, you will need to pass some extra flags to the recommender. If you use prometheus operator installed in the `prometheus-operator` namespace, these values will do the trick.
```yaml
recommender:
extraArgs:
prometheus-address: |
http://prometheus-operator-prometheus.prometheus-operator.svc.cluster.local:9090
storage: prometheus
```
{{ template "chart.valuesSection" . }}

23
goldilocks-4.9/charts/vpa/charts/metrics-server/.helmignore Normal file
View File

@ -0,0 +1,23 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*.orig
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/

32
goldilocks-4.9/charts/vpa/charts/metrics-server/Chart.yaml Normal file
View File

@ -0,0 +1,32 @@
annotations:
artifacthub.io/changes: |
- kind: fixed
description: "Fixed auth-reader role binding namespace to always use kube-system."
- kind: fixed
description: "Fixed addon resizer configuration."
- kind: added
description: "Added support for running under PodSecurity restricted."
- kind: fixed
description: "Fixed container port default not having been updated to 10250."
apiVersion: v2
appVersion: 0.6.3
description: Metrics Server is a scalable, efficient source of container resource
metrics for Kubernetes built-in autoscaling pipelines.
home: https://github.com/kubernetes-sigs/metrics-server
icon: https://avatars.githubusercontent.com/u/36015203?s=400&v=4
keywords:
- kubernetes
- metrics-server
- metrics
maintainers:
- name: stevehipwell
url: https://github.com/stevehipwell
- name: krmichel
url: https://github.com/krmichel
- name: endrec
url: https://github.com/endrec
name: metrics-server
sources:
- https://github.com/kubernetes-sigs/metrics-server
type: application
version: 3.10.0

90
goldilocks-4.9/charts/vpa/charts/metrics-server/README.md Normal file
View File

@ -0,0 +1,90 @@
# Kubernetes Metrics Server
[Metrics Server](https://github.com/kubernetes-sigs/metrics-server/) is a scalable, efficient source of container resource metrics for Kubernetes built-in autoscaling pipelines.
<!-- Trigger release -->
## Installing the Chart
Before you can install the chart you will need to add the `metrics-server` repo to [Helm](https://helm.sh/).
```shell
helm repo add metrics-server https://kubernetes-sigs.github.io/metrics-server/
```
After you've installed the repo you can install the chart.
```shell
helm upgrade --install metrics-server metrics-server/metrics-server
```
## Configuration
The following table lists the configurable parameters of the _Metrics Server_ chart and their default values.
| Parameter | Description | Default |
| ------------------------------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------ |
| `image.repository` | Image repository. | `registry.k8s.io/metrics-server/metrics-server` |
| `image.tag` | Image tag, will override the default tag derived from the chart app version. | `""` |
| `image.pullPolicy` | Image pull policy. | `IfNotPresent` |
| `imagePullSecrets` | Image pull secrets. | `[]` |
| `nameOverride` | Override the `name` of the chart. | `nil` |
| `fullnameOverride` | Override the `fullname` of the chart. | `nil` |
| `serviceAccount.create` | If `true`, create a new service account. | `true` |
| `serviceAccount.annotations` | Annotations to add to the service account. | `{}` |
| `serviceAccount.name` | Service account to be used. If not set and `serviceAccount.create` is `true`, a name is generated using the full name template. | `nil` |
| `serviceAccount.secrets` | The list of secrets mountable by this service account. See https://kubernetes.io/docs/reference/labels-annotations-taints/#enforce-mountable-secrets | `[]` |
| `rbac.create` | If `true`, create the RBAC resources. | `true` |
| `rbac.pspEnabled` | If `true`, create a pod security policy resource. | `false` |
| `apiService.create` | If `true`, create the `v1beta1.metrics.k8s.io` API service. You typically want this enabled! If you disable API service creation you have to manage it outside of this chart for e.g horizontal pod autoscaling to work with this release. | `true` |
| `apiService.annotations` | Annotations to add to the API service | `{}` |
| `apiService.insecureSkipTLSVerify` | Specifies whether to skip TLS verification | `true` |
| `apiService.caBundle` | The PEM encoded CA bundle for TLS verification | `""` |
| `commonLabels` | Labels to add to each object of the chart. | `{}` |
| `podLabels` | Labels to add to the pod. | `{}` |
| `podAnnotations` | Annotations to add to the pod. | `{}` |
| `podSecurityContext` | Security context for the pod. | `{}` |
| `securityContext` | Security context for the _metrics-server_ container. | _See values.yaml_ |
| `priorityClassName` | Priority class name to use. | `system-cluster-critical` |
| `containerPort` | port for the _metrics-server_ container. | `10250` |
| `hostNetwork.enabled` | If `true`, start _metric-server_ in hostNetwork mode. You would require this enabled if you use alternate overlay networking for pods and API server unable to communicate with metrics-server. As an example, this is required if you use Weave network on EKS. | `false` |
| `replicas` | Number of replicas to run. | `1` |
| `updateStrategy` | Customise the default update strategy. | `{}` |
| `podDisruptionBudget.enabled` | If `true`, create `PodDisruptionBudget` resource. | `{}` |
| `podDisruptionBudget.minAvailable` | Set the `PodDisruptionBugdet` minimum available pods. | `nil` |
| `podDisruptionBudget.maxUnavailable` | Set the `PodDisruptionBugdet` maximum unavailable pods. | `nil` |
| `defaultArgs` | Default arguments to pass to the _metrics-server_ command. | See _values.yaml_ |
| `args` | Additional arguments to pass to the _metrics-server_ command. | `[]` |
| `livenessProbe` | Liveness probe. | See _values.yaml_ |
| `readinessProbe` | Readiness probe. | See _values.yaml_ |
| `service.type` | Service type. | `ClusterIP` |
| `service.port` | Service port. | `443` |
| `service.annotations` | Annotations to add to the service. | `{}` |
| `service.labels` | Labels to add to the service. | `{}` |
| `addonResizer.enabled` | If `true`, run the addon-resizer as a sidecar to automatically scale resource requests with cluster size. | `false` |
| `addonResizer.image.repository` | addon-resizer image repository | registry.k8s.io/autoscaling/addon-resizer |
| `addonResizer.image.tag` | addon-resizer image tag | 1.8.14 |
| `addonResizer.resources` | Resource requests and limits for the _nanny_ container. | `{limits: {cpu: 40m, memory: 25Mi}, requests: {cpu: 40m, memory: 25Mi}}` |
| `addonResizer.nanny.cpu` | The base CPU requirement. | 20m |
| `addonResizer.nanny.extraCPU` | The amount of CPU to add per node. | 1m |
| `addonResizer.nanny.extraMemory` | The amount of memory to add per node. | 2Mi |
| `addonResizer.nanny.memory` | The base memory requirement. | 15Mi |
| `addonResizer.nanny.minClusterSize` | Specifies the smallest number of nodes resources will be scaled to. | 10 |
| `addonResizer.nanny.pollPeriod` | The time, in milliseconds, to poll the dependent container. | 300000 |
| `addonResizer.nanny.threshold` | A number between 0-100. The dependent's resources are rewritten when they deviate from expected by more than threshold. | 5 |
| `metrics.enabled` | If `true`, allow unauthenticated access to `/metrics`. | `false` |
| `serviceMonitor.enabled` | If `true`, create a _Prometheus_ service monitor. This needs `metrics.enabled` to be `true`. | `false` |
| `serviceMonitor.additionalLabels` | Additional labels to be set on the ServiceMonitor. | `{}` |
| `serviceMonitor.metricRelabelings` | _Prometheus_ metric relabeling. | `[]` |
| `serviceMonitor.relabelings` | _Prometheus_ relabeling. | `[]` |
| `serviceMonitor.interval` | _Prometheus_ scrape frequency. | `1m` |
| `serviceMonitor.scrapeTimeout` | _Prometheus_ scrape timeout. | `10s` |
| `resources` | Resource requests and limits for the _metrics-server_ container. See https://github.com/kubernetes-sigs/metrics-server#scaling | `{}` |
| `extraVolumeMounts` | Additional volume mounts for the _metrics-server_ container. | `[]` |
| `extraVolumes` | Additional volumes for the pod. | `[]` |
| `nodeSelector` | Node labels for pod assignment. | `{}` |
| `tolerations` | Tolerations for pod assignment. | `[]` |
| `affinity` | Affinity for pod assignment. | `{}` |
| `topologySpreadConstraints` | Pod Topology Spread Constraints. | `[]` |
| `deploymentAnnotations` | Annotations to add to the deployment. | `{}` |
| `schedulerName` | scheduler to set to the deployment. | `""` |

2
goldilocks-4.9/charts/vpa/charts/metrics-server/ci/ci-values.yaml Normal file
View File

@ -0,0 +1,2 @@
args:
- --kubelet-insecure-tls

7
goldilocks-4.9/charts/vpa/charts/metrics-server/templates/NOTES.txt Normal file
View File

@ -0,0 +1,7 @@
***********************************************************************
* Metrics Server *
***********************************************************************
Chart version: {{ .Chart.Version }}
App version: {{ .Chart.AppVersion }}
Image tag: {{ include "metrics-server.image" . }}
***********************************************************************

102
goldilocks-4.9/charts/vpa/charts/metrics-server/templates/_helpers.tpl Normal file
View File

@ -0,0 +1,102 @@
{{/*
Expand the name of the chart.
*/}}
{{- define "metrics-server.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "metrics-server.fullname" -}}
{{- if .Values.fullnameOverride }}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- $name := default .Chart.Name .Values.nameOverride }}
{{- if contains $name .Release.Name }}
{{- .Release.Name | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
{{- end }}
{{- end }}
{{- end }}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "metrics-server.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Common labels
*/}}
{{- define "metrics-server.labels" -}}
helm.sh/chart: {{ include "metrics-server.chart" . }}
{{ include "metrics-server.selectorLabels" . }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- if .Values.commonLabels }}
{{ toYaml .Values.commonLabels }}
{{- end }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "metrics-server.selectorLabels" -}}
app.kubernetes.io/name: {{ include "metrics-server.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}
{{/*
Create the name of the service account to use
*/}}
{{- define "metrics-server.serviceAccountName" -}}
{{- if .Values.serviceAccount.create }}
{{- default (include "metrics-server.fullname" .) .Values.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.serviceAccount.name }}
{{- end }}
{{- end }}
{{/*
The image to use
*/}}
{{- define "metrics-server.image" -}}
{{- printf "%s:%s" .Values.image.repository (default (printf "v%s" .Chart.AppVersion) .Values.image.tag) }}
{{- end }}
{{/*
The image to use for the addon resizer
*/}}
{{- define "metrics-server.addonResizer.image" -}}
{{- printf "%s:%s" .Values.addonResizer.image.repository .Values.addonResizer.image.tag }}
{{- end }}
{{/*
ConfigMap name of addon resizer
*/}}
{{- define "metrics-server.addonResizer.configMap" -}}
{{- printf "%s-%s" (include "metrics-server.fullname" .) "nanny-config" }}
{{- end }}
{{/*
Role name of addon resizer
*/}}
{{- define "metrics-server.addonResizer.role" -}}
{{ printf "system:%s-nanny" (include "metrics-server.fullname" .) }}
{{- end }}
{{/* Get PodDisruptionBudget API Version */}}
{{- define "metrics-server.pdb.apiVersion" -}}
{{- if and (.Capabilities.APIVersions.Has "policy/v1") (semverCompare ">= 1.21-0" .Capabilities.KubeVersion.Version) -}}
{{- print "policy/v1" -}}
{{- else -}}
{{- print "policy/v1beta1" -}}
{{- end -}}
{{- end -}}

25
goldilocks-4.9/charts/vpa/charts/metrics-server/templates/apiservice.yaml Normal file
View File

@ -0,0 +1,25 @@
{{- if .Values.apiService.create -}}
apiVersion: apiregistration.k8s.io/v1
kind: APIService
metadata:
name: v1beta1.metrics.k8s.io
labels:
{{- include "metrics-server.labels" . | nindent 4 }}
{{- with .Values.apiService.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
{{- with .Values.apiService.caBundle }}
caBundle: {{ b64enc . }}
{{- end }}
group: metrics.k8s.io
groupPriorityMinimum: 100
insecureSkipTLSVerify: {{ .Values.apiService.insecureSkipTLSVerify }}
service:
name: {{ include "metrics-server.fullname" . }}
namespace: {{ .Release.Namespace }}
port: {{ .Values.service.port }}
version: v1beta1
versionPriority: 100
{{- end -}}

21
goldilocks-4.9/charts/vpa/charts/metrics-server/templates/clusterrole-aggregated-reader.yaml Normal file
View File

@ -0,0 +1,21 @@
{{- if .Values.rbac.create -}}
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: {{ printf "system:%s-aggregated-reader" (include "metrics-server.name" .) }}
labels:
{{- include "metrics-server.labels" . | nindent 4 }}
rbac.authorization.k8s.io/aggregate-to-admin: "true"
rbac.authorization.k8s.io/aggregate-to-edit: "true"
rbac.authorization.k8s.io/aggregate-to-view: "true"
rules:
- apiGroups:
- metrics.k8s.io
resources:
- pods
- nodes
verbs:
- get
- list
- watch
{{- end -}}

13
goldilocks-4.9/charts/vpa/charts/metrics-server/templates/clusterrole-nanny.yaml Normal file
View File

@ -0,0 +1,13 @@
{{- if and .Values.rbac.create .Values.addonResizer.enabled -}}
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: {{ printf "system:%s-nanny" (include "metrics-server.fullname" .) }}
labels:
{{- include "metrics-server.labels" . | nindent 4 }}
rules:
- nonResourceURLs:
- /metrics
verbs:
- get
{{- end -}}

37
goldilocks-4.9/charts/vpa/charts/metrics-server/templates/clusterrole.yaml Normal file
View File

@ -0,0 +1,37 @@
{{- if .Values.rbac.create -}}
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: {{ printf "system:%s" (include "metrics-server.fullname" .) }}
labels:
{{- include "metrics-server.labels" . | nindent 4 }}
rules:
- apiGroups:
- ""
resources:
- nodes/metrics
verbs:
- get
- apiGroups:
- ""
resources:
- pods
- nodes
- namespaces
- configmaps
verbs:
- get
- list
- watch
{{- if .Values.rbac.pspEnabled }}
- apiGroups:
- extensions
- policy
resources:
- podsecuritypolicies
resourceNames:
- {{ printf "privileged-%s" (include "metrics-server.fullname" .) }}
verbs:
- use
{{- end -}}
{{- end -}}

16
goldilocks-4.9/charts/vpa/charts/metrics-server/templates/clusterrolebinding-auth-delegator.yaml Normal file
View File

@ -0,0 +1,16 @@
{{- if .Values.rbac.create -}}
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: {{ printf "%s:system:auth-delegator" (include "metrics-server.fullname" .) }}
labels:
{{- include "metrics-server.labels" . | nindent 4 }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: system:auth-delegator
subjects:
- kind: ServiceAccount
name: {{ include "metrics-server.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
{{- end -}}

18
goldilocks-4.9/charts/vpa/charts/metrics-server/templates/clusterrolebinding-nanny.yaml Normal file
View File

@ -0,0 +1,18 @@
{{- if .Values.rbac.create -}}
{{- if .Values.addonResizer.enabled -}}
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: {{ printf "system:%s-nanny" (include "metrics-server.fullname" .) }}
labels:
{{- include "metrics-server.labels" . | nindent 4 }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: system:{{ template "metrics-server.fullname" . }}-nanny
subjects:
- kind: ServiceAccount
name: {{ include "metrics-server.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
{{- end -}}
{{- end -}}

16
goldilocks-4.9/charts/vpa/charts/metrics-server/templates/clusterrolebinding.yaml Normal file
View File

@ -0,0 +1,16 @@
{{- if .Values.rbac.create -}}
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: {{ printf "system:%s" (include "metrics-server.fullname" .) }}
labels:
{{- include "metrics-server.labels" . | nindent 4 }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: system:{{ template "metrics-server.fullname" . }}
subjects:
- kind: ServiceAccount
name: {{ include "metrics-server.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
{{- end -}}

17
goldilocks-4.9/charts/vpa/charts/metrics-server/templates/configmaps-nanny.yaml Normal file
View File

@ -0,0 +1,17 @@
{{- if .Values.addonResizer.enabled -}}
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ include "metrics-server.addonResizer.configMap" . }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "metrics-server.labels" . | nindent 4 }}
data:
NannyConfiguration: |-
apiVersion: nannyconfig/v1alpha1
kind: NannyConfiguration
baseCPU: {{ .Values.addonResizer.nanny.cpu }}
cpuPerNode: {{ .Values.addonResizer.nanny.extraCpu }}
baseMemory: {{ .Values.addonResizer.nanny.memory }}
memoryPerNode: {{ .Values.addonResizer.nanny.extraMemory }}
{{- end -}}

147
goldilocks-4.9/charts/vpa/charts/metrics-server/templates/deployment.yaml Normal file
View File

@ -0,0 +1,147 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "metrics-server.fullname" . }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "metrics-server.labels" . | nindent 4 }}
{{- with .Values.deploymentAnnotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
replicas: {{ .Values.replicas }}
{{- with .Values.updateStrategy }}
strategy:
{{- toYaml . | nindent 4 }}
{{- end }}
selector:
matchLabels:
{{- include "metrics-server.selectorLabels" . | nindent 6 }}
template:
metadata:
labels:
{{- include "metrics-server.selectorLabels" . | nindent 8 }}
{{- with .Values.podLabels }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.podAnnotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
schedulerName: {{ .Values.schedulerName }}
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
serviceAccountName: {{ include "metrics-server.serviceAccountName" . }}
{{- with .Values.podSecurityContext }}
securityContext:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.priorityClassName }}
priorityClassName: {{ . | quote }}
{{- end }}
{{- if .Values.hostNetwork.enabled }}
hostNetwork: true
{{- end }}
containers:
- name: metrics-server
{{- with .Values.securityContext }}
securityContext:
{{- toYaml . | nindent 12 }}
{{- end }}
image: {{ include "metrics-server.image" . }}
imagePullPolicy: {{ .Values.image.pullPolicy }}
args:
- {{ printf "--secure-port=%d" (int .Values.containerPort) }}
{{- range .Values.defaultArgs }}
- {{ . }}
{{- end }}
{{- if .Values.metrics.enabled }}
- --authorization-always-allow-paths=/metrics
{{- end }}
{{- range .Values.args }}
- {{ . }}
{{- end }}
ports:
- name: https
protocol: TCP
containerPort: {{ .Values.containerPort }}
{{- with .Values.livenessProbe }}
livenessProbe:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- with .Values.readinessProbe }}
readinessProbe:
{{- toYaml . | nindent 12 }}
{{- end }}
volumeMounts:
- name: tmp
mountPath: /tmp
{{- with .Values.extraVolumeMounts }}
{{- toYaml . | nindent 12 }}
{{- end }}
{{- with .Values.resources }}
resources:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- if .Values.addonResizer.enabled }}
- name: metrics-server-nanny
image: {{ include "metrics-server.addonResizer.image" . }}
env:
- name: MY_POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: MY_POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
command:
- /pod_nanny
- --config-dir=/etc/config
- --deployment={{ include "metrics-server.fullname" . }}
- --threshold={{ .Values.addonResizer.nanny.threshold }}
- --deployment={{ include "metrics-server.fullname" . }}
- --container=metrics-server
- --poll-period={{ .Values.addonResizer.nanny.pollPeriod }}
- --estimator=exponential
- --minClusterSize={{ .Values.addonResizer.nanny.minClusterSize }}
- --use-metrics=true
volumeMounts:
- name: nanny-config-volume
mountPath: /etc/config
{{- with .Values.addonResizer.resources }}
resources:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- end }}
volumes:
- name: tmp
emptyDir: {}
{{- if .Values.addonResizer.enabled }}
- name: nanny-config-volume
configMap:
name: {{ include "metrics-server.addonResizer.configMap" . }}
{{- end }}
{{- with .Values.extraVolumes }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.topologySpreadConstraints }}
topologySpreadConstraints:
{{- toYaml . | nindent 8 }}
{{- end }}

19
goldilocks-4.9/charts/vpa/charts/metrics-server/templates/pdb.yaml Normal file
View File

@ -0,0 +1,19 @@
{{- if .Values.podDisruptionBudget.enabled -}}
apiVersion: {{ include "metrics-server.pdb.apiVersion" . }}
kind: PodDisruptionBudget
metadata:
name: {{ include "metrics-server.fullname" . }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "metrics-server.labels" . | nindent 4 }}
spec:
{{- if .Values.podDisruptionBudget.minAvailable }}
minAvailable: {{ .Values.podDisruptionBudget.minAvailable }}
{{- end }}
{{- if .Values.podDisruptionBudget.maxUnavailable }}
maxUnavailable: {{ .Values.podDisruptionBudget.maxUnavailable }}
{{- end }}
selector:
matchLabels:
{{- include "metrics-server.selectorLabels" . | nindent 6 }}
{{- end -}}

28
goldilocks-4.9/charts/vpa/charts/metrics-server/templates/psp.yaml Normal file
View File

@ -0,0 +1,28 @@
{{- if .Values.rbac.pspEnabled }}
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
name: {{ printf "privileged-%s" (include "metrics-server.fullname" .) }}
labels:
{{- include "metrics-server.labels" . | nindent 4 }}
spec:
allowedCapabilities:
- '*'
fsGroup:
rule: RunAsAny
privileged: true
runAsUser:
rule: RunAsAny
seLinux:
rule: RunAsAny
supplementalGroups:
rule: RunAsAny
volumes:
- '*'
hostPID: true
hostIPC: true
hostNetwork: true
hostPorts:
- min: 1
max: 65536
{{- end }}

27
goldilocks-4.9/charts/vpa/charts/metrics-server/templates/role-nanny.yaml Normal file
View File

@ -0,0 +1,27 @@
{{- if .Values.rbac.create -}}
{{- if .Values.addonResizer.enabled -}}
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: {{ include "metrics-server.addonResizer.role" . }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "metrics-server.labels" . | nindent 4 }}
rules:
- apiGroups:
- ""
resources:
- pods
verbs:
- get
- apiGroups:
- apps
resources:
- deployments
resourceNames:
- {{ include "metrics-server.fullname" . }}
verbs:
- get
- patch
{{- end -}}
{{- end -}}

19
goldilocks-4.9/charts/vpa/charts/metrics-server/templates/rolebinding-nanny.yaml Normal file
View File

@ -0,0 +1,19 @@
{{- if .Values.rbac.create -}}
{{- if .Values.addonResizer.enabled -}}
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: {{ printf "%s-nanny" (include "metrics-server.fullname" .) }}
namespace: kube-system
labels:
{{- include "metrics-server.labels" . | nindent 4 }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: {{ include "metrics-server.addonResizer.role" . }}
subjects:
- kind: ServiceAccount
name: {{ include "metrics-server.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
{{- end -}}
{{- end -}}

17
goldilocks-4.9/charts/vpa/charts/metrics-server/templates/rolebinding.yaml Normal file
View File

@ -0,0 +1,17 @@
{{- if .Values.rbac.create -}}
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: {{ printf "%s-auth-reader" (include "metrics-server.fullname" .) }}
namespace: kube-system
labels:
{{- include "metrics-server.labels" . | nindent 4 }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: extension-apiserver-authentication-reader
subjects:
- kind: ServiceAccount
name: {{ include "metrics-server.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
{{- end -}}

23
goldilocks-4.9/charts/vpa/charts/metrics-server/templates/service.yaml Normal file
View File

@ -0,0 +1,23 @@
apiVersion: v1
kind: Service
metadata:
name: {{ include "metrics-server.fullname" . }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "metrics-server.labels" . | nindent 4 }}
{{- with .Values.service.labels -}}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with .Values.service.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
type: {{ .Values.service.type }}
ports:
- name: https
port: {{ .Values.service.port }}
protocol: TCP
targetPort: https
selector:
{{- include "metrics-server.selectorLabels" . | nindent 4 }}

17
goldilocks-4.9/charts/vpa/charts/metrics-server/templates/serviceaccount.yaml Normal file
View File

@ -0,0 +1,17 @@
{{- if .Values.serviceAccount.create -}}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ template "metrics-server.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "metrics-server.labels" . | nindent 4 }}
{{- with .Values.serviceAccount.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with .Values.serviceAccount.secrets }}
secrets:
{{- toYaml . | nindent 2 }}
{{- end }}
{{- end -}}

40
goldilocks-4.9/charts/vpa/charts/metrics-server/templates/servicemonitor.yaml Normal file
View File

@ -0,0 +1,40 @@
{{- if and .Values.serviceMonitor.enabled .Values.metrics.enabled -}}
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: {{ include "metrics-server.fullname" . }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "metrics-server.labels" . | nindent 4 }}
{{- with .Values.serviceMonitor.additionalLabels }}
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
jobLabel: {{ .Release.Name }}
namespaceSelector:
matchNames:
- {{ .Release.Namespace }}
selector:
matchLabels:
{{- include "metrics-server.selectorLabels" . | nindent 6 }}
endpoints:
- port: https
path: /metrics
scheme: https
tlsConfig:
insecureSkipVerify: true
{{- with .Values.serviceMonitor.interval }}
interval: {{ . }}
{{- end }}
{{- with .Values.serviceMonitor.scrapeTimeout }}
scrapeTimeout: {{ . }}
{{- end }}
{{- with .Values.serviceMonitor.metricRelabelings }}
metricRelabelings:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.serviceMonitor.relabelings }}
relabelings:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- end -}}

176
goldilocks-4.9/charts/vpa/charts/metrics-server/values.yaml Normal file
View File

@ -0,0 +1,176 @@
# Default values for metrics-server.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
image:
repository: registry.k8s.io/metrics-server/metrics-server
# Overrides the image tag whose default is v{{ .Chart.AppVersion }}
tag: ""
pullPolicy: IfNotPresent
imagePullSecrets: []
# - name: registrySecretName
nameOverride: ""
fullnameOverride: ""
serviceAccount:
# Specifies whether a service account should be created
create: true
# Annotations to add to the service account
annotations: {}
# The name of the service account to use.
# If not set and create is true, a name is generated using the fullname template
name: ""
# The list of secrets mountable by this service account.
# See https://kubernetes.io/docs/reference/labels-annotations-taints/#enforce-mountable-secrets
secrets: []
rbac:
# Specifies whether RBAC resources should be created
create: true
pspEnabled: false
apiService:
# Specifies if the v1beta1.metrics.k8s.io API service should be created.
#
# You typically want this enabled! If you disable API service creation you have to
# manage it outside of this chart for e.g horizontal pod autoscaling to
# work with this release.
create: true
# Annotations to add to the API service
annotations: {}
# Specifies whether to skip TLS verification
insecureSkipTLSVerify: true
# The PEM encoded CA bundle for TLS verification
caBundle: ""
commonLabels: {}
podLabels: {}
podAnnotations: {}
podSecurityContext: {}
securityContext:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 1000
seccompProfile:
type: RuntimeDefault
capabilities:
drop:
- ALL
priorityClassName: system-cluster-critical
containerPort: 10250
hostNetwork:
# Specifies if metrics-server should be started in hostNetwork mode.
#
# You would require this enabled if you use alternate overlay networking for pods and
# API server unable to communicate with metrics-server. As an example, this is required
# if you use Weave network on EKS
enabled: false
replicas: 1
updateStrategy: {}
# type: RollingUpdate
# rollingUpdate:
# maxSurge: 0
# maxUnavailable: 1
podDisruptionBudget:
# https://kubernetes.io/docs/tasks/run-application/configure-pdb/
enabled: false
minAvailable:
maxUnavailable:
defaultArgs:
- --cert-dir=/tmp
- --kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname
- --kubelet-use-node-status-port
- --metric-resolution=15s
args: []
livenessProbe:
httpGet:
path: /livez
port: https
scheme: HTTPS
initialDelaySeconds: 0
periodSeconds: 10
failureThreshold: 3
readinessProbe:
httpGet:
path: /readyz
port: https
scheme: HTTPS
initialDelaySeconds: 20
periodSeconds: 10
failureThreshold: 3
service:
type: ClusterIP
port: 443
annotations: {}
labels: {}
# Add these labels to have metrics-server show up in `kubectl cluster-info`
# kubernetes.io/cluster-service: "true"
# kubernetes.io/name: "Metrics-server"
addonResizer:
enabled: false
image:
repository: registry.k8s.io/autoscaling/addon-resizer
tag: 1.8.14
resources:
limits:
cpu: 40m
memory: 25Mi
requests:
cpu: 40m
memory: 25Mi
nanny:
cpu: 20m
extraCpu: 1m
extraMemory: 2Mi
memory: 15Mi
minClusterSize: 10
pollPeriod: 300000
threshold: 5
metrics:
enabled: false
serviceMonitor:
enabled: false
additionalLabels: {}
interval: 1m
scrapeTimeout: 10s
metricRelabelings: []
relabelings: []
# See https://github.com/kubernetes-sigs/metrics-server#scaling
resources: {}
extraVolumeMounts: []
extraVolumes: []
nodeSelector: {}
tolerations: []
affinity: {}
topologySpreadConstraints: []
# Annotations to add to the deployment
deploymentAnnotations: {}
schedulerName: ""

30
goldilocks-4.9/charts/vpa/ci/test-values.yaml Normal file
View File

@ -0,0 +1,30 @@
recommender:
enabled: true
podLabels:
app: test
foo: bar
updater:
enabled: true
podLabels:
app: test
foo: bar
admissionController:
enabled: true
extraArgs:
v: "4"
generateCertificate: true
certGen:
env:
ENVIRONMENTVARIABLE: exists
podLabels:
app: test
foo: bar
podLabels:
app: test
foo: bar
metrics-server:
enabled: true
apiService:
insecureSkipTLSVerify: true
args:
- "--kubelet-insecure-tls"

758
goldilocks-4.9/charts/vpa/crds/vpa-v1-crd.yaml Normal file
View File

@ -0,0 +1,758 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
api-approved.kubernetes.io: https://github.com/kubernetes/kubernetes/pull/63797
controller-gen.kubebuilder.io/version: v0.4.0
creationTimestamp: null
name: verticalpodautoscalers.autoscaling.k8s.io
spec:
group: autoscaling.k8s.io
names:
kind: VerticalPodAutoscaler
listKind: VerticalPodAutoscalerList
plural: verticalpodautoscalers
shortNames:
- vpa
singular: verticalpodautoscaler
scope: Namespaced
versions:
- additionalPrinterColumns:
- jsonPath: .spec.updatePolicy.updateMode
name: Mode
type: string
- jsonPath: .status.recommendation.containerRecommendations[0].target.cpu
name: CPU
type: string
- jsonPath: .status.recommendation.containerRecommendations[0].target.memory
name: Mem
type: string
- jsonPath: .status.conditions[?(@.type=='RecommendationProvided')].status
name: Provided
type: string
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
name: v1
schema:
openAPIV3Schema:
description: VerticalPodAutoscaler is the configuration for a vertical pod
autoscaler, which automatically manages pod resources based on historical
and real time resource utilization.
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: 'Specification of the behavior of the autoscaler. More info:
https://git.k8s.io/community/contributors/devel/api-conventions.md#spec-and-status.'
properties:
recommenders:
description: Recommender responsible for generating recommendation
for this object. List should be empty (then the default recommender
will generate the recommendation) or contain exactly one recommender.
items:
description: VerticalPodAutoscalerRecommenderSelector points to
a specific Vertical Pod Autoscaler recommender. In the future
it might pass parameters to the recommender.
properties:
name:
description: Name of the recommender responsible for generating
recommendation for this object.
type: string
required:
- name
type: object
type: array
resourcePolicy:
description: Controls how the autoscaler computes recommended resources.
The resource policy may be used to set constraints on the recommendations
for individual containers. If not specified, the autoscaler computes
recommended resources for all containers in the pod, without additional
constraints.
properties:
containerPolicies:
description: Per-container resource policies.
items:
description: ContainerResourcePolicy controls how autoscaler
computes the recommended resources for a specific container.
properties:
containerName:
description: Name of the container or DefaultContainerResourcePolicy,
in which case the policy is used by the containers that
don't have their own policy specified.
type: string
controlledResources:
description: Specifies the type of recommendations that
will be computed (and possibly applied) by VPA. If not
specified, the default of [ResourceCPU, ResourceMemory]
will be used.
items:
description: ResourceName is the name identifying various
resources in a ResourceList.
type: string
type: array
controlledValues:
description: Specifies which resource values should be controlled.
The default is "RequestsAndLimits".
enum:
- RequestsAndLimits
- RequestsOnly
type: string
maxAllowed:
additionalProperties:
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
description: Specifies the maximum amount of resources that
will be recommended for the container. The default is
no maximum.
type: object
minAllowed:
additionalProperties:
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
description: Specifies the minimal amount of resources that
will be recommended for the container. The default is
no minimum.
type: object
mode:
description: Whether autoscaler is enabled for the container.
The default is "Auto".
enum:
- Auto
- "Off"
type: string
type: object
type: array
type: object
targetRef:
description: TargetRef points to the controller managing the set of
pods for the autoscaler to control - e.g. Deployment, StatefulSet.
VerticalPodAutoscaler can be targeted at controller implementing
scale subresource (the pod set is retrieved from the controller's
ScaleStatus) or some well known controllers (e.g. for DaemonSet
the pod set is read from the controller's spec). If VerticalPodAutoscaler
cannot use specified target it will report ConfigUnsupported condition.
Note that VerticalPodAutoscaler does not require full implementation
of scale subresource - it will not use it to modify the replica
count. The only thing retrieved is a label selector matching pods
grouped by the target resource.
properties:
apiVersion:
description: API version of the referent
type: string
kind:
description: 'Kind of the referent; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds"'
type: string
name:
description: 'Name of the referent; More info: http://kubernetes.io/docs/user-guide/identifiers#names'
type: string
required:
- kind
- name
type: object
updatePolicy:
description: Describes the rules on how changes are applied to the
pods. If not specified, all fields in the `PodUpdatePolicy` are
set to their default values.
properties:
minReplicas:
description: Minimal number of replicas which need to be alive
for Updater to attempt pod eviction (pending other checks like
PDB). Only positive values are allowed. Overrides global '--min-replicas'
flag.
format: int32
type: integer
updateMode:
description: Controls when autoscaler applies changes to the pod
resources. The default is 'Auto'.
enum:
- "Off"
- Initial
- Recreate
- Auto
type: string
type: object
required:
- targetRef
type: object
status:
description: Current information about the autoscaler.
properties:
conditions:
description: Conditions is the set of conditions required for this
autoscaler to scale its target, and indicates whether or not those
conditions are met.
items:
description: VerticalPodAutoscalerCondition describes the state
of a VerticalPodAutoscaler at a certain point.
properties:
lastTransitionTime:
description: lastTransitionTime is the last time the condition
transitioned from one status to another
format: date-time
type: string
message:
description: message is a human-readable explanation containing
details about the transition
type: string
reason:
description: reason is the reason for the condition's last transition.
type: string
status:
description: status is the status of the condition (True, False,
Unknown)
type: string
type:
description: type describes the current condition
type: string
required:
- status
- type
type: object
type: array
recommendation:
description: The most recently computed amount of resources recommended
by the autoscaler for the controlled pods.
properties:
containerRecommendations:
description: Resources recommended by the autoscaler for each
container.
items:
description: RecommendedContainerResources is the recommendation
of resources computed by autoscaler for a specific container.
Respects the container resource policy if present in the spec.
In particular the recommendation is not produced for containers
with `ContainerScalingMode` set to 'Off'.
properties:
containerName:
description: Name of the container.
type: string
lowerBound:
additionalProperties:
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
description: Minimum recommended amount of resources. Observes
ContainerResourcePolicy. This amount is not guaranteed
to be sufficient for the application to operate in a stable
way, however running with less resources is likely to
have significant impact on performance/availability.
type: object
target:
additionalProperties:
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
description: Recommended amount of resources. Observes ContainerResourcePolicy.
type: object
uncappedTarget:
additionalProperties:
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
description: The most recent recommended resources target
computed by the autoscaler for the controlled pods, based
only on actual resource usage, not taking into account
the ContainerResourcePolicy. May differ from the Recommendation
if the actual resource usage causes the target to violate
the ContainerResourcePolicy (lower than MinAllowed or
higher that MaxAllowed). Used only as status indication,
will not affect actual resource assignment.
type: object
upperBound:
additionalProperties:
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
description: Maximum recommended amount of resources. Observes
ContainerResourcePolicy. Any resources allocated beyond
this value are likely wasted. This value may be larger
than the maximum amount of application is actually capable
of consuming.
type: object
required:
- target
type: object
type: array
type: object
type: object
required:
- spec
type: object
served: true
storage: true
subresources: {}
- name: v1beta2
schema:
openAPIV3Schema:
description: VerticalPodAutoscaler is the configuration for a vertical pod
autoscaler, which automatically manages pod resources based on historical
and real time resource utilization.
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: 'Specification of the behavior of the autoscaler. More info:
https://git.k8s.io/community/contributors/devel/api-conventions.md#spec-and-status.'
properties:
resourcePolicy:
description: Controls how the autoscaler computes recommended resources.
The resource policy may be used to set constraints on the recommendations
for individual containers. If not specified, the autoscaler computes
recommended resources for all containers in the pod, without additional
constraints.
properties:
containerPolicies:
description: Per-container resource policies.
items:
description: ContainerResourcePolicy controls how autoscaler
computes the recommended resources for a specific container.
properties:
containerName:
description: Name of the container or DefaultContainerResourcePolicy,
in which case the policy is used by the containers that
don't have their own policy specified.
type: string
maxAllowed:
additionalProperties:
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
description: Specifies the maximum amount of resources that
will be recommended for the container. The default is
no maximum.
type: object
minAllowed:
additionalProperties:
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
description: Specifies the minimal amount of resources that
will be recommended for the container. The default is
no minimum.
type: object
mode:
description: Whether autoscaler is enabled for the container.
The default is "Auto".
enum:
- Auto
- "Off"
type: string
type: object
type: array
type: object
targetRef:
description: TargetRef points to the controller managing the set of
pods for the autoscaler to control - e.g. Deployment, StatefulSet.
VerticalPodAutoscaler can be targeted at controller implementing
scale subresource (the pod set is retrieved from the controller's
ScaleStatus) or some well known controllers (e.g. for DaemonSet
the pod set is read from the controller's spec). If VerticalPodAutoscaler
cannot use specified target it will report ConfigUnsupported condition.
Note that VerticalPodAutoscaler does not require full implementation
of scale subresource - it will not use it to modify the replica
count. The only thing retrieved is a label selector matching pods
grouped by the target resource.
properties:
apiVersion:
description: API version of the referent
type: string
kind:
description: 'Kind of the referent; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds"'
type: string
name:
description: 'Name of the referent; More info: http://kubernetes.io/docs/user-guide/identifiers#names'
type: string
required:
- kind
- name
type: object
updatePolicy:
description: Describes the rules on how changes are applied to the
pods. If not specified, all fields in the `PodUpdatePolicy` are
set to their default values.
properties:
updateMode:
description: Controls when autoscaler applies changes to the pod
resources. The default is 'Auto'.
enum:
- "Off"
- Initial
- Recreate
- Auto
type: string
type: object
required:
- targetRef
type: object
status:
description: Current information about the autoscaler.
properties:
conditions:
description: Conditions is the set of conditions required for this
autoscaler to scale its target, and indicates whether or not those
conditions are met.
items:
description: VerticalPodAutoscalerCondition describes the state
of a VerticalPodAutoscaler at a certain point.
properties:
lastTransitionTime:
description: lastTransitionTime is the last time the condition
transitioned from one status to another
format: date-time
type: string
message:
description: message is a human-readable explanation containing
details about the transition
type: string
reason:
description: reason is the reason for the condition's last transition.
type: string
status:
description: status is the status of the condition (True, False,
Unknown)
type: string
type:
description: type describes the current condition
type: string
required:
- status
- type
type: object
type: array
recommendation:
description: The most recently computed amount of resources recommended
by the autoscaler for the controlled pods.
properties:
containerRecommendations:
description: Resources recommended by the autoscaler for each
container.
items:
description: RecommendedContainerResources is the recommendation
of resources computed by autoscaler for a specific container.
Respects the container resource policy if present in the spec.
In particular the recommendation is not produced for containers
with `ContainerScalingMode` set to 'Off'.
properties:
containerName:
description: Name of the container.
type: string
lowerBound:
additionalProperties:
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
description: Minimum recommended amount of resources. Observes
ContainerResourcePolicy. This amount is not guaranteed
to be sufficient for the application to operate in a stable
way, however running with less resources is likely to
have significant impact on performance/availability.
type: object
target:
additionalProperties:
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
description: Recommended amount of resources. Observes ContainerResourcePolicy.
type: object
uncappedTarget:
additionalProperties:
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
description: The most recent recommended resources target
computed by the autoscaler for the controlled pods, based
only on actual resource usage, not taking into account
the ContainerResourcePolicy. May differ from the Recommendation
if the actual resource usage causes the target to violate
the ContainerResourcePolicy (lower than MinAllowed or
higher that MaxAllowed). Used only as status indication,
will not affect actual resource assignment.
type: object
upperBound:
additionalProperties:
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
description: Maximum recommended amount of resources. Observes
ContainerResourcePolicy. Any resources allocated beyond
this value are likely wasted. This value may be larger
than the maximum amount of application is actually capable
of consuming.
type: object
required:
- target
type: object
type: array
type: object
type: object
required:
- spec
type: object
served: true
storage: false
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
api-approved.kubernetes.io: https://github.com/kubernetes/kubernetes/pull/63797
controller-gen.kubebuilder.io/version: v0.4.0
creationTimestamp: null
name: verticalpodautoscalercheckpoints.autoscaling.k8s.io
spec:
group: autoscaling.k8s.io
names:
kind: VerticalPodAutoscalerCheckpoint
listKind: VerticalPodAutoscalerCheckpointList
plural: verticalpodautoscalercheckpoints
shortNames:
- vpacheckpoint
singular: verticalpodautoscalercheckpoint
scope: Namespaced
versions:
- name: v1
schema:
openAPIV3Schema:
description: VerticalPodAutoscalerCheckpoint is the checkpoint of the internal
state of VPA that is used for recovery after recommender's restart.
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: 'Specification of the checkpoint. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#spec-and-status.'
properties:
containerName:
description: Name of the checkpointed container.
type: string
vpaObjectName:
description: Name of the VPA object that stored VerticalPodAutoscalerCheckpoint
object.
type: string
type: object
status:
description: Data of the checkpoint.
properties:
cpuHistogram:
description: Checkpoint of histogram for consumption of CPU.
properties:
bucketWeights:
description: Map from bucket index to bucket weight.
type: object
x-kubernetes-preserve-unknown-fields: true
referenceTimestamp:
description: Reference timestamp for samples collected within
this histogram.
format: date-time
nullable: true
type: string
totalWeight:
description: Sum of samples to be used as denominator for weights
from BucketWeights.
type: number
type: object
firstSampleStart:
description: Timestamp of the fist sample from the histograms.
format: date-time
nullable: true
type: string
lastSampleStart:
description: Timestamp of the last sample from the histograms.
format: date-time
nullable: true
type: string
lastUpdateTime:
description: The time when the status was last refreshed.
format: date-time
nullable: true
type: string
memoryHistogram:
description: Checkpoint of histogram for consumption of memory.
properties:
bucketWeights:
description: Map from bucket index to bucket weight.
type: object
x-kubernetes-preserve-unknown-fields: true
referenceTimestamp:
description: Reference timestamp for samples collected within
this histogram.
format: date-time
nullable: true
type: string
totalWeight:
description: Sum of samples to be used as denominator for weights
from BucketWeights.
type: number
type: object
totalSamplesCount:
description: Total number of samples in the histograms.
type: integer
version:
description: Version of the format of the stored data.
type: string
type: object
type: object
served: true
storage: true
- name: v1beta2
schema:
openAPIV3Schema:
description: VerticalPodAutoscalerCheckpoint is the checkpoint of the internal
state of VPA that is used for recovery after recommender's restart.
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: 'Specification of the checkpoint. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#spec-and-status.'
properties:
containerName:
description: Name of the checkpointed container.
type: string
vpaObjectName:
description: Name of the VPA object that stored VerticalPodAutoscalerCheckpoint
object.
type: string
type: object
status:
description: Data of the checkpoint.
properties:
cpuHistogram:
description: Checkpoint of histogram for consumption of CPU.
properties:
bucketWeights:
description: Map from bucket index to bucket weight.
type: object
x-kubernetes-preserve-unknown-fields: true
referenceTimestamp:
description: Reference timestamp for samples collected within
this histogram.
format: date-time
nullable: true
type: string
totalWeight:
description: Sum of samples to be used as denominator for weights
from BucketWeights.
type: number
type: object
firstSampleStart:
description: Timestamp of the fist sample from the histograms.
format: date-time
nullable: true
type: string
lastSampleStart:
description: Timestamp of the last sample from the histograms.
format: date-time
nullable: true
type: string
lastUpdateTime:
description: The time when the status was last refreshed.
format: date-time
nullable: true
type: string
memoryHistogram:
description: Checkpoint of histogram for consumption of memory.
properties:
bucketWeights:
description: Map from bucket index to bucket weight.
type: object
x-kubernetes-preserve-unknown-fields: true
referenceTimestamp:
description: Reference timestamp for samples collected within
this histogram.
format: date-time
nullable: true
type: string
totalWeight:
description: Sum of samples to be used as denominator for weights
from BucketWeights.
type: number
type: object
totalSamplesCount:
description: Total number of samples in the histograms.
type: integer
version:
description: Version of the format of the stored data.
type: string
type: object
type: object
served: true
storage: false
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []

20
goldilocks-4.9/charts/vpa/templates/NOTES.txt Normal file
View File

@ -0,0 +1,20 @@
Congratulations on installing the Vertical Pod Autoscaler!
Components Installed:
{{- if .Values.recommender.enabled }}
- recommender
{{- end }}
{{- if .Values.updater.enabled }}
- updater
{{- end }}
{{- if .Values.admissionController.enabled }}
- admission-controller
{{- end }}
To verify functionality, you can try running 'helm -n {{ .Release.Namespace}} test {{ .Release.Name }}'
{{- if not (include "vpa.webhook.upgradable" .) }}
Warning: The mutatingwebhookconfiguration '{{ include "vpa.fullname" . }}-webhook-config' is not managed by this Helm release.
It is highly encouraged in this case, to verify the webhook's configuration by running all Helm tests.
{{- end }}

65
goldilocks-4.9/charts/vpa/templates/_helpers.tpl Normal file
View File

@ -0,0 +1,65 @@
{{/*
Expand the name of the chart.
*/}}
{{- define "vpa.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "vpa.fullname" -}}
{{- if .Values.fullnameOverride }}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- $name := default .Chart.Name .Values.nameOverride }}
{{- if contains $name .Release.Name }}
{{- .Release.Name | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
{{- end }}
{{- end }}
{{- end }}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "vpa.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Common labels
*/}}
{{- define "vpa.labels" -}}
helm.sh/chart: {{ include "vpa.chart" . }}
{{ include "vpa.selectorLabels" . }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- if .Values.podLabels }}
{{ toYaml .Values.podLabels }}
{{- end }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "vpa.selectorLabels" -}}
app.kubernetes.io/name: {{ include "vpa.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}
{{/*
Create the name of the service account to use
*/}}
{{- define "vpa.serviceAccountName" -}}
{{- if .Values.serviceAccount.create }}
{{- default (include "vpa.fullname" .) .Values.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.serviceAccount.name }}
{{- end }}
{{- end }}

103
goldilocks-4.9/charts/vpa/templates/admission-controller-deployment.yaml Normal file
View File

@ -0,0 +1,103 @@
{{- if .Values.admissionController.enabled }}
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "vpa.fullname" . }}-admission-controller
labels:
app.kubernetes.io/component: admission-controller
{{- include "vpa.labels" . | nindent 4 }}
spec:
replicas: {{ .Values.admissionController.replicaCount }}
selector:
matchLabels:
app.kubernetes.io/component: admission-controller
{{- include "vpa.selectorLabels" . | nindent 6 }}
template:
metadata:
{{- with .Values.admissionController.podAnnotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
labels:
{{- with .Values.admissionController.podLabels }}
{{- toYaml . | nindent 8 }}
{{- end }}
app.kubernetes.io/component: admission-controller
{{- include "vpa.selectorLabels" . | nindent 8 }}
spec:
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.priorityClassName }}
priorityClassName: {{ . }}
{{- end }}
serviceAccountName: {{ include "vpa.serviceAccountName" . }}-admission-controller
securityContext:
{{- toYaml .Values.admissionController.podSecurityContext | nindent 8 }}
containers:
- name: {{ .Chart.Name }}
securityContext:
{{- toYaml .Values.admissionController.securityContext | nindent 12 }}
image: {{ printf "%s:%s" .Values.admissionController.image.repository (.Values.admissionController.image.tag | default .Chart.AppVersion) }}
imagePullPolicy: {{ .Values.admissionController.image.pullPolicy }}
args:
- --register-webhook=false
- --webhook-service={{ include "vpa.fullname" . }}-webhook
{{- if .Values.admissionController.generateCertificate }}
- --client-ca-file=/etc/tls-certs/ca
- --tls-cert-file=/etc/tls-certs/cert
- --tls-private-key=/etc/tls-certs/key
{{- end }}
{{- if .Values.admissionController.extraArgs }}
{{- range $key, $value := .Values.admissionController.extraArgs }}
- --{{ $key }}={{ $value }}
{{- end }}
{{- end }}
volumeMounts:
- name: tls-certs
mountPath: "/etc/tls-certs"
readOnly: true
{{- if .Values.admissionController.livenessProbe }}
livenessProbe:
{{- toYaml .Values.admissionController.livenessProbe | nindent 12 }}
{{- end }}
{{- if .Values.admissionController.readinessProbe }}
readinessProbe:
{{- toYaml .Values.admissionController.readinessProbe | nindent 12 }}
{{- end }}
ports:
- name: http
containerPort: 8000
protocol: TCP
- name: metrics
containerPort: 8944
protocol: TCP
env:
- name: NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
resources:
{{- toYaml .Values.admissionController.resources | nindent 12 }}
volumes:
- name: tls-certs
secret:
secretName: {{ include "vpa.webhook.secret" . }}
{{- with .Values.admissionController.tlsSecretKeys }}
items:
{{- toYaml . | nindent 14 }}
{{- end }}
{{- with .Values.admissionController.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.admissionController.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.admissionController.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- end }}

13
goldilocks-4.9/charts/vpa/templates/admission-controller-pdb.yaml Normal file
View File

@ -0,0 +1,13 @@
---
{{- if and .Values.admissionController.podDisruptionBudget (gt (int .Values.admissionController.replicaCount) 1) .Values.admissionController.enabled }}
apiVersion: {{ ternary "policy/v1" "policy/v1beta1" (semverCompare ">=1.21.0-0" .Capabilities.KubeVersion.Version) }}
kind: PodDisruptionBudget
metadata:
name: "{{ template "vpa.fullname" . }}-admission-controller-pdb"
spec:
{{- toYaml .Values.admissionController.podDisruptionBudget | nindent 2 }}
selector:
matchLabels:
app.kubernetes.io/component: admission-controller
app.kubernetes.io/name: {{ template "vpa.fullname" . }}
{{- end }}

67
goldilocks-4.9/charts/vpa/templates/admission-controller-rbac.yaml Normal file
View File

@ -0,0 +1,67 @@
{{- if and .Values.admissionController.enabled .Values.rbac.create }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: vpa-admission-controller
rules:
- apiGroups:
- ""
resources:
- pods
- configmaps
- nodes
- limitranges
verbs:
- get
- list
- watch
- apiGroups:
- "admissionregistration.k8s.io"
resources:
- mutatingwebhookconfigurations
verbs:
- create
- delete
- get
- list
- apiGroups:
- "poc.autoscaling.k8s.io"
resources:
- verticalpodautoscalers
verbs:
- get
- list
- watch
- apiGroups:
- "autoscaling.k8s.io"
resources:
- verticalpodautoscalers
verbs:
- get
- list
- watch
- apiGroups:
- "coordination.k8s.io"
resources:
- leases
verbs:
- create
- update
- get
- list
- watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: vpa-admission-controller
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: vpa-admission-controller
subjects:
- kind: ServiceAccount
name: {{ include "vpa.serviceAccountName" . }}-admission-controller
namespace: {{ .Release.Namespace }}
{{- end }}

14
goldilocks-4.9/charts/vpa/templates/admission-controller-service-account.yaml Normal file
View File

@ -0,0 +1,14 @@
{{- if and .Values.serviceAccount.create .Values.admissionController.enabled }}
apiVersion: v1
kind: ServiceAccount
automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }}
metadata:
name: {{ include "vpa.serviceAccountName" . }}-admission-controller
labels:
{{- include "vpa.labels" . | nindent 4 }}
app.kubernetes.io/component: admission-controller
{{- with .Values.serviceAccount.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}

13
goldilocks-4.9/charts/vpa/templates/admission-controller-service.yaml Normal file
View File

@ -0,0 +1,13 @@
{{- if .Values.admissionController.enabled }}
apiVersion: v1
kind: Service
metadata:
name: {{ include "vpa.fullname" . }}-webhook
spec:
ports:
- port: 443
targetPort: 8000
selector:
app.kubernetes.io/component: admission-controller
{{- include "vpa.selectorLabels" . | nindent 4 }}
{{- end }}

112
goldilocks-4.9/charts/vpa/templates/clusterrolebindings.yaml Normal file
View File

@ -0,0 +1,112 @@
{{- if .Values.rbac.create }}
{{- if .Values.recommender.enabled }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: vpa-metrics-reader
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: vpa-metrics-reader
subjects:
- kind: ServiceAccount
name: {{ include "vpa.serviceAccountName" . }}-recommender
namespace: {{ .Release.Namespace }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: vpa-checkpoint-actor
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: vpa-checkpoint-actor
subjects:
- kind: ServiceAccount
name: {{ include "vpa.serviceAccountName" . }}-recommender
namespace: {{ .Release.Namespace }}
{{- end }}
{{- if .Values.updater.enabled }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: vpa-evictionter-binding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: vpa-evictioner
subjects:
- kind: ServiceAccount
name: {{ include "vpa.serviceAccountName" . }}-updater
namespace: {{ .Release.Namespace }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: vpa-status-reader-binding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: vpa-status-reader
subjects:
- kind: ServiceAccount
name: {{ include "vpa.serviceAccountName" . }}-updater
namespace: {{ .Release.Namespace }}
{{- end }}
{{- if or .Values.recommender.enabled .Values.updater.enabled }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: vpa-actor
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: vpa-actor
subjects:
{{- if .Values.recommender.enabled }}
- kind: ServiceAccount
name: {{ include "vpa.serviceAccountName" . }}-recommender
namespace: {{ .Release.Namespace }}
{{- end }}
{{- if .Values.updater.enabled }}
- kind: ServiceAccount
name: {{ include "vpa.serviceAccountName" . }}-updater
namespace: {{ .Release.Namespace }}
{{- end }}
{{- end }}
{{- if coalesce .Values.recommender.enabled .Values.updater.enabled .Values.admissionController.enabled }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: vpa-target-reader-binding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: vpa-target-reader
subjects:
{{- if .Values.recommender.enabled }}
- kind: ServiceAccount
name: {{ include "vpa.serviceAccountName" . }}-recommender
namespace: {{ .Release.Namespace }}
{{- end }}
{{- if .Values.admissionController.enabled}}
- kind: ServiceAccount
name: {{ include "vpa.serviceAccountName" . }}-admission-controller
namespace: {{ .Release.Namespace }}
{{- end }}
{{- if .Values.updater.enabled }}
- kind: ServiceAccount
name: {{ include "vpa.serviceAccountName" . }}-updater
namespace: {{ .Release.Namespace }}
{{- end }}
{{- end }}
{{- end }}

167
goldilocks-4.9/charts/vpa/templates/clusterroles.yaml Normal file
View File

@ -0,0 +1,167 @@
{{- if .Values.rbac.create }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: vpa-metrics-reader
rules:
- apiGroups:
- "metrics.k8s.io"
resources:
- pods
verbs:
- get
- list
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: vpa-actor
rules:
- apiGroups:
- ""
resources:
- pods
- nodes
- limitranges
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- events
verbs:
- get
- list
- watch
- create
- apiGroups:
- "poc.autoscaling.k8s.io"
resources:
- verticalpodautoscalers
verbs:
- get
- list
- watch
- patch
- apiGroups:
- "autoscaling.k8s.io"
resources:
- verticalpodautoscalers
verbs:
- get
- list
- watch
- patch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: vpa-checkpoint-actor
rules:
- apiGroups:
- "poc.autoscaling.k8s.io"
resources:
- verticalpodautoscalercheckpoints
verbs:
- get
- list
- watch
- create
- patch
- delete
- apiGroups:
- "autoscaling.k8s.io"
resources:
- verticalpodautoscalercheckpoints
verbs:
- get
- list
- watch
- create
- patch
- delete
- apiGroups:
- ""
resources:
- namespaces
verbs:
- get
- list
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: vpa-evictioner
rules:
- apiGroups:
- "apps"
- "extensions"
resources:
- replicasets
verbs:
- get
- apiGroups:
- ""
resources:
- pods/eviction
verbs:
- create
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: vpa-target-reader
rules:
- apiGroups:
- '*'
resources:
- '*/scale'
verbs:
- get
- watch
- apiGroups:
- ""
resources:
- replicationcontrollers
verbs:
- get
- list
- watch
- apiGroups:
- apps
resources:
- daemonsets
- deployments
- replicasets
- statefulsets
verbs:
- get
- list
- watch
- apiGroups:
- batch
resources:
- jobs
- cronjobs
verbs:
- get
- list
- watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: vpa-status-reader
rules:
- apiGroups:
- "coordination.k8s.io"
resources:
- leases
verbs:
- get
- list
- watch
{{- end }}

76
goldilocks-4.9/charts/vpa/templates/recommender-deployment.yaml Normal file
View File

@ -0,0 +1,76 @@
{{- if .Values.recommender.enabled }}
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "vpa.fullname" . }}-recommender
labels:
app.kubernetes.io/component: recommender
{{- include "vpa.labels" . | nindent 4 }}
spec:
replicas: {{ .Values.recommender.replicaCount }}
selector:
matchLabels:
app.kubernetes.io/component: recommender
{{- include "vpa.selectorLabels" . | nindent 6 }}
template:
metadata:
{{- with .Values.recommender.podAnnotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
labels:
{{- with .Values.recommender.podLabels }}
{{- toYaml . | nindent 8 }}
{{- end }}
app.kubernetes.io/component: recommender
{{- include "vpa.selectorLabels" . | nindent 8 }}
spec:
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.priorityClassName }}
priorityClassName: {{ . }}
{{- end }}
serviceAccountName: {{ include "vpa.serviceAccountName" . }}-recommender
securityContext:
{{- toYaml .Values.recommender.podSecurityContext | nindent 8 }}
containers:
- name: {{ .Chart.Name }}
securityContext:
{{- toYaml .Values.recommender.securityContext | nindent 12 }}
image: {{ printf "%s:%s" .Values.recommender.image.repository (.Values.recommender.image.tag | default .Chart.AppVersion) }}
imagePullPolicy: {{ .Values.recommender.image.pullPolicy }}
{{- if .Values.recommender.extraArgs }}
args:
{{- range $key, $value := .Values.recommender.extraArgs }}
- --{{ $key }}={{ $value }}
{{- end }}
{{- end }}
{{- if .Values.recommender.livenessProbe }}
livenessProbe:
{{- toYaml .Values.recommender.livenessProbe | nindent 12 }}
{{- end }}
{{- if .Values.recommender.readinessProbe }}
readinessProbe:
{{- toYaml .Values.recommender.readinessProbe | nindent 12 }}
{{- end }}
ports:
- name: metrics
containerPort: 8942
protocol: TCP
resources:
{{- toYaml .Values.recommender.resources | nindent 12 }}
{{- with .Values.recommender.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.recommender.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.recommender.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- end }}

13
goldilocks-4.9/charts/vpa/templates/recommender-pdb.yaml Normal file
View File

@ -0,0 +1,13 @@
---
{{- if and .Values.recommender.podDisruptionBudget (gt (int .Values.recommender.replicaCount) 1) .Values.recommender.enabled }}
apiVersion: {{ ternary "policy/v1" "policy/v1beta1" (semverCompare ">=1.21.0-0" .Capabilities.KubeVersion.Version) }}
kind: PodDisruptionBudget
metadata:
name: "{{ template "vpa.fullname" . }}-recommender-pdb"
spec:
{{- toYaml .Values.recommender.podDisruptionBudget | nindent 2 }}
selector:
matchLabels:
app.kubernetes.io/component: recommender
app.kubernetes.io/name: {{ template "vpa.fullname" . }}
{{- end }}

28
goldilocks-4.9/charts/vpa/templates/recommender-podmonitor.yaml Normal file
View File

@ -0,0 +1,28 @@
{{- if .Values.recommender.podMonitor }}
{{- if and .Values.recommender.enabled .Values.recommender.podMonitor.enabled }}
apiVersion: monitoring.coreos.com/v1
kind: PodMonitor
metadata:
name: {{ include "vpa.fullname" . }}-recommender
{{- with .Values.recommender.podMonitor.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with .Values.recommender.podMonitor.labels }}
labels:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
namespaceSelector:
matchNames:
- {{ .Release.Namespace }}
podMetricsEndpoints:
- interval: 30s
path: /metrics
port: metrics
selector:
matchLabels:
app.kubernetes.io/component: recommender
{{- include "vpa.selectorLabels" . | nindent 6 }}
{{- end }}
{{- end }}

14
goldilocks-4.9/charts/vpa/templates/recommender-service-account.yaml Normal file
View File

@ -0,0 +1,14 @@
{{- if and .Values.serviceAccount.create .Values.recommender.enabled -}}
apiVersion: v1
kind: ServiceAccount
automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }}
metadata:
name: {{ include "vpa.serviceAccountName" . }}-recommender
labels:
{{- include "vpa.labels" . | nindent 4 }}
app.kubernetes.io/component: recommender
{{- with .Values.serviceAccount.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}

21
goldilocks-4.9/charts/vpa/templates/tests/_test_helpers.tpl Normal file
View File

@ -0,0 +1,21 @@
{{/*
Get kubectl image tag
*/}}
{{- define "vpa.test.tag" -}}
{{- if .Values.tests.image }}
{{- default (printf "%s.%s" .Capabilities.KubeVersion.Major .Capabilities.KubeVersion.Minor) .Values.tests.image.tag }}
{{- else }}
{{- printf "%s.%s" .Capabilities.KubeVersion.Major .Capabilities.KubeVersion.Minor }}
{{- end }}
{{- end }}
{{/*
Get kubectl image name
*/}}
{{- define "vpa.test.image" -}}
{{- if .Values.tests.image }}
{{- printf "%s:%s" (default "bitnami/kubectl" .Values.tests.image.repository) (default (include "vpa.test.tag" . ) .Values.tests.image.tag) }}
{{- else }}
{{- printf "bitnami/kubectl:%s" (include "vpa.test.tag" . ) }}
{{- end }}
{{- end }}

30
goldilocks-4.9/charts/vpa/templates/tests/crds-available.yaml Normal file
View File

@ -0,0 +1,30 @@
---
apiVersion: v1
kind: Pod
metadata:
name: {{ include "vpa.fullname" . }}-test-crds-available
labels:
{{- include "vpa.labels" . | nindent 4 }}
annotations:
"helm.sh/hook": test
"helm.sh/hook-delete-policy": "hook-succeeded,before-hook-creation"
"helm.sh/hook-weight": "10"
spec:
serviceAccountName: {{ include "vpa.fullname" . }}-test
containers:
- name: test
{{- if .Values.tests.securityContext }}
securityContext:
{{- toYaml .Values.tests.securityContext | nindent 8 }}
{{- end }}
image: {{ include "vpa.test.image" . }}
{{- if .Values.tests.image }}
imagePullPolicy: {{ .Values.tests.image.pullPolicy }}
{{- end }}
command: ['kubectl']
args:
- get
- crd
- verticalpodautoscalercheckpoints.autoscaling.k8s.io
- verticalpodautoscalers.autoscaling.k8s.io
restartPolicy: Never

47
goldilocks-4.9/charts/vpa/templates/tests/create-vpa.yaml Normal file
View File

@ -0,0 +1,47 @@
---
apiVersion: v1
kind: Pod
metadata:
name: {{ include "vpa.fullname" . }}-test-create-vpa
labels:
{{- include "vpa.labels" . | nindent 4 }}
annotations:
"helm.sh/hook": test
"helm.sh/hook-delete-policy": "before-hook-creation,hook-succeeded"
"helm.sh/hook-weight": "20"
spec:
serviceAccountName: {{ include "vpa.fullname" . }}-test
containers:
- name: test
{{- if .Values.tests.securityContext }}
securityContext:
{{- toYaml .Values.tests.securityContext | nindent 8 }}
{{- end }}
image: {{ include "vpa.test.image" . }}
{{- if .Values.tests.image }}
imagePullPolicy: {{ .Values.tests.image.pullPolicy }}
{{- end }}
command: ['bash']
args:
- -c
- |
#!/bin/bash
set -ex
cat <<EOF | kubectl -n {{ .Release.Namespace }} apply -f -
apiVersion: autoscaling.k8s.io/v1
kind: VerticalPodAutoscaler
metadata:
name: test-vpa
spec:
targetRef:
apiVersion: "apps/v1"
kind: Deployment
name: my-app
updatePolicy:
updateMode: "Off"
EOF
kubectl -n {{ .Release.Namespace }} describe vpa test-vpa
kubectl -n {{ .Release.Namespace }} delete vpa test-vpa
restartPolicy: Never

29
goldilocks-4.9/charts/vpa/templates/tests/metrics.yaml Normal file
View File

@ -0,0 +1,29 @@
---
apiVersion: v1
kind: Pod
metadata:
name: {{ include "vpa.fullname" . }}-test-metrics-api-available
labels:
{{- include "vpa.labels" . | nindent 4 }}
annotations:
"helm.sh/hook": test
"helm.sh/hook-delete-policy": "before-hook-creation,hook-succeeded"
"helm.sh/hook-weight": "40"
spec:
serviceAccountName: {{ include "vpa.fullname" . }}-test
containers:
- name: test
{{- if .Values.tests.securityContext }}
securityContext:
{{- toYaml .Values.tests.securityContext | nindent 8 }}
{{- end }}
image: {{ include "vpa.test.image" . }}
{{- if .Values.tests.image }}
imagePullPolicy: {{ .Values.tests.image.pullPolicy }}
{{- end }}
command: ['kubectl']
args:
- get
- --raw
- "/apis/metrics.k8s.io/v1beta1/nodes"
restartPolicy: Never

122
goldilocks-4.9/charts/vpa/templates/tests/rbac.yaml Normal file
View File

@ -0,0 +1,122 @@
apiVersion: v1
kind: ServiceAccount
metadata:
annotations:
"helm.sh/hook": "test"
"helm.sh/hook-delete-policy": "hook-succeeded,before-hook-creation,hook-failed"
name: {{ include "vpa.fullname" . }}-test
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: {{ include "vpa.fullname" . }}-test
labels:
{{- include "vpa.labels" . | nindent 4 }}
annotations:
"helm.sh/hook": "test"
"helm.sh/hook-delete-policy": "hook-succeeded,before-hook-creation,hook-failed"
rules:
- apiGroups:
- "metrics.k8s.io"
resources:
- "nodes"
verbs:
- list
- apiGroups:
- "apiextensions.k8s.io"
resources:
- customresourcedefinitions
resourceNames:
- verticalpodautoscalercheckpoints.autoscaling.k8s.io
- verticalpodautoscalers.autoscaling.k8s.io
verbs:
- get
- list
- watch
- apiGroups:
- admissionregistration.k8s.io
resources:
- mutatingwebhookconfigurations
resourceNames:
- {{ include "vpa.fullname" . }}-webhook-config
verbs:
- get
- list
- watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: {{ include "vpa.fullname" . }}-test
labels:
{{- include "vpa.labels" . | nindent 4 }}
annotations:
"helm.sh/hook": "test"
"helm.sh/hook-delete-policy": "hook-succeeded,before-hook-creation,hook-failed"
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: {{ include "vpa.fullname" . }}-test
subjects:
- kind: ServiceAccount
name: {{ include "vpa.fullname" . }}-test
namespace: {{ .Release.Namespace }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: {{ include "vpa.fullname" . }}-test
labels:
{{- include "vpa.labels" . | nindent 4 }}
annotations:
"helm.sh/hook": "test"
"helm.sh/hook-delete-policy": "hook-succeeded,before-hook-creation,hook-failed"
rules:
- apiGroups:
- "autoscaling.k8s.io"
resources:
- verticalpodautoscalers
verbs:
- get
- list
- watch
- create
- delete
- apiGroups:
- "autoscaling.k8s.io"
resources:
- verticalpodautoscalercheckpoints
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- secrets
- services
resourceNames:
- {{ include "vpa.fullname" . }}-webhook
- {{ include "vpa.webhook.secret" . }}
verbs:
- get
- list
- watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: {{ include "vpa.fullname" . }}-test
labels:
{{- include "vpa.labels" . | nindent 4 }}
annotations:
"helm.sh/hook": "test"
"helm.sh/hook-delete-policy": "hook-succeeded,before-hook-creation,hook-failed"
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: {{ include "vpa.fullname" . }}-test
subjects:
- kind: ServiceAccount
name: {{ include "vpa.fullname" . }}-test
namespace: {{ .Release.Namespace }}

75
goldilocks-4.9/charts/vpa/templates/tests/webhook.yaml Normal file
View File

@ -0,0 +1,75 @@
{{- if .Values.admissionController.enabled }}
---
apiVersion: v1
kind: Pod
metadata:
name: {{ include "vpa.fullname" . }}-test-webhook-configuration
labels:
{{- include "vpa.labels" . | nindent 4 }}
annotations:
"helm.sh/hook": test
"helm.sh/hook-delete-policy": "before-hook-creation,hook-succeeded"
"helm.sh/hook-weight": "30"
spec:
serviceAccountName: {{ include "vpa.fullname" . }}-test
containers:
- name: test
{{- if .Values.tests.securityContext }}
securityContext:
{{- toYaml .Values.tests.securityContext | nindent 10 }}
{{- end }}
image: {{ include "vpa.test.image" . }}
{{- if .Values.tests.image }}
imagePullPolicy: {{ .Values.tests.image.pullPolicy }}
{{- end }}
command: ['bash']
args:
- -c
- |
#!/bin/bash
set -ex
# Get service FQDN
SERVICE=$(kubectl \
get service \
-n {{ .Release.Namespace }} \
{{ include "vpa.fullname" . }}-webhook \
-o=jsonpath="{.metadata.name}.{.metadata.namespace}.svc:{.spec.ports[0].port}")
# Get configured FQDN
WEBHOOK_SERVICE=$(kubectl \
get mutatingwebhookconfigurations.admissionregistration.k8s.io \
{{ include "vpa.fullname" . }}-webhook-config \
-o=jsonpath="{.webhooks[0].clientConfig.service.name}.{.webhooks[0].clientConfig.service.namespace}.svc:{.webhooks[0].clientConfig.service.port}")
# Get CA bundle
SECRET_CABUNDLE=$(kubectl \
get secret \
-n {{ .Release.Namespace }} \
{{ include "vpa.webhook.secret" . }} \
-o=jsonpath="{.data.ca}")
# Get configured CA bundle
WEBHOOK_CABUNDLE=$(kubectl \
get mutatingwebhookconfigurations.admissionregistration.k8s.io \
{{ include "vpa.fullname" . }}-webhook-config \
-o=jsonpath="{.webhooks[0].clientConfig.caBundle}")
# All corresponding values must match
if [ $SERVICE = $WEBHOOK_SERVICE ]
then
echo "$WEBHOOK_SERVICE matches $SERVICE"
if [ $WEBHOOK_CABUNDLE = $SECRET_CABUNDLE ]
then
echo "Webhook CA bundle matches"
exit 0;
else
echo "CA bundle in mutating webhook {{ include "vpa.fullname" . }}-webhook-config does not match secret {{ .Release.Namespace }}/{{ include "vpa.webhook.secret" . }}"
fi
else
echo "Service configured in mutating webhook {{ include "vpa.fullname" . }}-webhook-config is '$WEBHOOK_SERVICE' not '$SERVICE'"
fi
exit 1;
restartPolicy: Never
{{- end }}

81
goldilocks-4.9/charts/vpa/templates/updater-deployment.yaml Normal file
View File

@ -0,0 +1,81 @@
{{- if .Values.updater.enabled }}
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "vpa.fullname" . }}-updater
labels:
app.kubernetes.io/component: updater
{{- include "vpa.labels" . | nindent 4 }}
spec:
replicas: {{ .Values.updater.replicaCount }}
selector:
matchLabels:
app.kubernetes.io/component: updater
{{- include "vpa.selectorLabels" . | nindent 6 }}
template:
metadata:
{{- with .Values.updater.podAnnotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
labels:
{{- with .Values.updater.podLabels }}
{{- toYaml . | nindent 8 }}
{{- end }}
app.kubernetes.io/component: updater
{{- include "vpa.selectorLabels" . | nindent 8 }}
spec:
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.priorityClassName }}
priorityClassName: {{ . }}
{{- end }}
serviceAccountName: {{ include "vpa.serviceAccountName" . }}-updater
securityContext:
{{- toYaml .Values.updater.podSecurityContext | nindent 8 }}
containers:
- name: {{ .Chart.Name }}
securityContext:
{{- toYaml .Values.updater.securityContext | nindent 12 }}
image: {{ printf "%s:%s" .Values.updater.image.repository (.Values.updater.image.tag | default .Chart.AppVersion) }}
imagePullPolicy: {{ .Values.updater.image.pullPolicy }}
{{- if .Values.updater.extraArgs }}
args:
{{- range $key, $value := .Values.updater.extraArgs }}
- --{{ $key }}={{ $value }}
{{- end }}
{{- end }}
env:
- name: NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
{{- if .Values.updater.livenessProbe }}
livenessProbe:
{{- toYaml .Values.updater.livenessProbe | nindent 12 }}
{{- end }}
{{- if .Values.updater.readinessProbe }}
readinessProbe:
{{- toYaml .Values.updater.readinessProbe | nindent 12 }}
{{- end }}
ports:
- name: metrics
containerPort: 8943
protocol: TCP
resources:
{{- toYaml .Values.updater.resources | nindent 12 }}
{{- with .Values.updater.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.updater.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.updater.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- end }}

13
goldilocks-4.9/charts/vpa/templates/updater-pdb.yaml Normal file
View File

@ -0,0 +1,13 @@
---
{{- if and .Values.updater.podDisruptionBudget (gt (int .Values.updater.replicaCount) 1) .Values.updater.enabled }}
apiVersion: {{ ternary "policy/v1" "policy/v1beta1" (semverCompare ">=1.21.0-0" .Capabilities.KubeVersion.Version) }}
kind: PodDisruptionBudget
metadata:
name: "{{ template "vpa.fullname" . }}-updater-pdb"
spec:
{{- toYaml .Values.updater.podDisruptionBudget | nindent 2 }}
selector:
matchLabels:
app.kubernetes.io/component: updater
app.kubernetes.io/name: {{ template "vpa.fullname" . }}
{{- end }}

28
goldilocks-4.9/charts/vpa/templates/updater-podmonitor.yaml Normal file
View File

@ -0,0 +1,28 @@
{{- if .Values.updater.podMonitor }}
{{- if and .Values.updater.enabled .Values.updater.podMonitor.enabled }}
apiVersion: monitoring.coreos.com/v1
kind: PodMonitor
metadata:
name: {{ include "vpa.fullname" . }}-updater
{{- with .Values.updater.podMonitor.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with .Values.updater.podMonitor.labels }}
labels:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
namespaceSelector:
matchNames:
- {{ .Release.Namespace }}
podMetricsEndpoints:
- interval: 30s
path: /metrics
port: metrics
selector:
matchLabels:
app.kubernetes.io/component: updater
{{- include "vpa.selectorLabels" . | nindent 6 }}
{{- end }}
{{- end }}

14
goldilocks-4.9/charts/vpa/templates/updater-service-account.yaml Normal file
View File

@ -0,0 +1,14 @@
{{- if and .Values.serviceAccount.create .Values.updater.enabled }}
apiVersion: v1
kind: ServiceAccount
automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }}
metadata:
name: {{ include "vpa.serviceAccountName" . }}-updater
labels:
{{- include "vpa.labels" . | nindent 4 }}
app.kubernetes.io/component: updater
{{- with .Values.serviceAccount.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}

37
goldilocks-4.9/charts/vpa/templates/webhooks/_webhook_helpers.tpl Normal file
View File

@ -0,0 +1,37 @@
{{/*
See, if we can upgrade the mutatingWebhookConfiguration
*/}}
{{- define "vpa.webhook.upgradable" -}}
{{/*lookup config*/}}
{{- $webhook := (lookup "admissionregistration.k8s.io/v1" "MutatingWebhookConfiguration" "" (printf "%s-%s" (include "vpa.fullname" .) "webhook-config")) }}
{{- if $webhook }}
{{- /*is it managed by this helm release?*/ -}}
{{- if and
(hasKey $webhook.metadata "labels")
(hasKey $webhook.metadata "annotations")
(hasKey $webhook.metadata.labels "app.kubernetes.io/managed-by")
(hasKey $webhook.metadata.annotations "meta.helm.sh/release-name")
(hasKey $webhook.metadata.annotations "meta.helm.sh/release-namespace")
(eq (get $webhook.metadata.labels "app.kubernetes.io/managed-by") "Helm")
(eq (get $webhook.metadata.annotations "meta.helm.sh/release-name") .Release.Name)
(eq (get $webhook.metadata.annotations "meta.helm.sh/release-namespace") .Release.Namespace)
}}
{{- "true" | toYaml -}}
{{- else }}
{{- "" -}}
{{- end }}
{{- else }}
{{- "true" | toYaml -}}
{{- end }}
{{- end }}
{{/*
Return the name for the webhook tls secret
*/}}
{{- define "vpa.webhook.secret" -}}
{{- if .Values.admissionController.secretName }}
{{- default (printf "%s-%s" (include "vpa.fullname" .) "tls-certs") (tpl (.Values.admissionController.secretName | toString) .) }}
{{- else }}
{{- printf "%s-%s" (include "vpa.fullname" .) "tls-certs" }}
{{- end }}
{{- end }}

Some files were not shown because too many files have changed in this diff Show More