mirror of https://github.com/openkruise/charts.git
Merge cf96f2c0b2 into d0cfc2e2d7
This commit is contained in:
marinoborges
GitHub
commit
26f613df37
|
|
@ -1,7 +1,7 @@
|
|||
apiVersion: v1
|
||||
name: kruise
|
||||
description: Helm chart for kruise components
|
||||
version: 1.8.1
|
||||
version: 1.8.2
|
||||
appVersion: 1.8.0
|
||||
kubeVersion: ">= 1.18.0-0"
|
||||
icon: https://openkruise.io/img/openkruise-logo-bg.jpg
|
||||
|
|
|
|||
|
|
@ -0,0 +1,149 @@
|
|||
{{- if not (contains "KruiseDaemon=false" .Values.featureGates) }}
|
||||
{{- if .Values.installation.daemonSet.createNamespace }}
|
||||
apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
name: {{ .Values.installation.daemonSet.namespace }}
|
||||
{{- end }}
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
name: kruise-daemon
|
||||
{{- if .Values.serviceAccount.annotations }}
|
||||
annotations:
|
||||
{{ toYaml .Values.serviceAccount.annotations | indent 4 }}
|
||||
{{- end }}
|
||||
namespace: {{ .Values.installation.namespace }}
|
||||
{{ ( include "serviceAccountDaemon" . ) }}
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: DaemonSet
|
||||
metadata:
|
||||
name: kruise-daemon
|
||||
namespace: {{ .Values.installation.namespace }}
|
||||
labels:
|
||||
control-plane: daemon
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
control-plane: daemon
|
||||
minReadySeconds: 3
|
||||
updateStrategy:
|
||||
type: RollingUpdate
|
||||
rollingUpdate:
|
||||
maxUnavailable: 10%
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
control-plane: daemon
|
||||
spec:
|
||||
{{- with .Values.imagePullSecrets }}
|
||||
imagePullSecrets:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.daemon.affinity }}
|
||||
affinity:
|
||||
{{ toYaml .Values.daemon.affinity | indent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.daemon.nodeSelector }}
|
||||
nodeSelector:
|
||||
{{ toYaml .Values.daemon.nodeSelector | indent 8 }}
|
||||
{{- end }}
|
||||
containers:
|
||||
- command:
|
||||
- /kruise-daemon
|
||||
args:
|
||||
- --logtostderr=true
|
||||
- --v=4
|
||||
- --addr=:{{ .Values.daemon.port }}
|
||||
- --feature-gates={{ .Values.featureGates }}
|
||||
- --socket-file={{ .Values.daemon.socketFile }}
|
||||
{{- if not .Values.daemon.enablePprof }}
|
||||
- --enable-pprof=false
|
||||
{{- else }}
|
||||
- --enable-pprof=true
|
||||
- --pprof-addr={{ .Values.daemon.pprofAddr }}
|
||||
{{- end }}
|
||||
{{- if .Values.daemon.credentialProvider.enable }}
|
||||
- --plugin-config-file=/credential-provider-config/CredentialProviderPlugin.yaml
|
||||
- --plugin-bin-dir=/credential-provider-plugin
|
||||
{{- end }}
|
||||
image: {{ .Values.manager.image.repository }}:{{ .Values.manager.image.tag }}
|
||||
imagePullPolicy: Always
|
||||
securityContext:
|
||||
capabilities:
|
||||
drop:
|
||||
- all
|
||||
add: [ 'NET_BIND_SERVICE' ]
|
||||
allowPrivilegeEscalation: false
|
||||
name: daemon
|
||||
env:
|
||||
{{- if .Values.enableKubeCacheMutationDetector }}
|
||||
- name: KUBE_CACHE_MUTATION_DETECTOR
|
||||
value: "true"
|
||||
{{- end }}
|
||||
- name: NODE_NAME
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
apiVersion: v1
|
||||
fieldPath: spec.nodeName
|
||||
{{- if .Values.daemon.extraEnvs }}
|
||||
{{- toYaml .Values.daemon.extraEnvs | nindent 8 }}
|
||||
{{- end }}
|
||||
livenessProbe:
|
||||
failureThreshold: 3
|
||||
httpGet:
|
||||
path: /healthz
|
||||
port: {{ .Values.daemon.port }}
|
||||
scheme: HTTP
|
||||
initialDelaySeconds: 60
|
||||
periodSeconds: 10
|
||||
successThreshold: 1
|
||||
timeoutSeconds: 1
|
||||
resources:
|
||||
{{- toYaml .Values.daemon.resources | nindent 12 }}
|
||||
volumeMounts:
|
||||
- mountPath: /hostvarrun
|
||||
name: runtime-socket
|
||||
readOnly: true
|
||||
{{- if .Values.daemon.credentialProvider.enable }}
|
||||
- name: credential-provider-plugin-config
|
||||
mountPath: /credential-provider-config
|
||||
readOnly: true
|
||||
- name: credential-provider-plugin
|
||||
mountPath: /credential-provider-plugin
|
||||
readOnly: true
|
||||
{{- if ne .Values.daemon.credentialProvider.awsCredentialsDir "" }}
|
||||
- name: aws-credentials-dir
|
||||
mountPath: /root/.aws
|
||||
readOnly: true
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
tolerations:
|
||||
- operator: Exists
|
||||
hostNetwork: true
|
||||
dnsPolicy: ClusterFirstWithHostNet
|
||||
terminationGracePeriodSeconds: 10
|
||||
serviceAccountName: kruise-daemon
|
||||
volumes:
|
||||
- hostPath:
|
||||
path: {{ .Values.daemon.socketLocation }}
|
||||
type: ""
|
||||
name: runtime-socket
|
||||
{{- if .Values.daemon.credentialProvider.enable }}
|
||||
- name: credential-provider-plugin-config
|
||||
configMap:
|
||||
name: {{ .Values.daemon.credentialProvider.configmap }}
|
||||
- hostPath:
|
||||
path: {{ .Values.daemon.credentialProvider.hostPath }}
|
||||
type: ""
|
||||
name: credential-provider-plugin
|
||||
{{- if ne .Values.daemon.credentialProvider.awsCredentialsDir "" }}
|
||||
- hostPath:
|
||||
path: {{ .Values.daemon.credentialProvider.awsCredentialsDir }}
|
||||
type: ""
|
||||
name: aws-credentials-dir
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
|
@ -8,11 +8,6 @@ metadata:
|
|||
{{- end }}
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
name: kruise-daemon-config
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: kruise-webhook-service
|
||||
|
|
@ -160,146 +155,3 @@ metadata:
|
|||
{{- end }}
|
||||
namespace: {{ .Values.installation.namespace }}
|
||||
{{ ( include "serviceAccountManager" . ) }}
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
name: kruise-daemon
|
||||
{{- if .Values.serviceAccount.annotations }}
|
||||
annotations:
|
||||
{{ toYaml .Values.serviceAccount.annotations | indent 4 }}
|
||||
{{- end }}
|
||||
namespace: {{ .Values.installation.namespace }}
|
||||
{{ ( include "serviceAccountDaemon" . ) }}
|
||||
---
|
||||
{{ if contains "KruiseDaemon=false" .Values.featureGates }}{{ else }}
|
||||
apiVersion: apps/v1
|
||||
kind: DaemonSet
|
||||
metadata:
|
||||
name: kruise-daemon
|
||||
namespace: {{ .Values.installation.namespace }}
|
||||
labels:
|
||||
control-plane: daemon
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
control-plane: daemon
|
||||
minReadySeconds: 3
|
||||
updateStrategy:
|
||||
type: RollingUpdate
|
||||
rollingUpdate:
|
||||
maxUnavailable: 10%
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
control-plane: daemon
|
||||
spec:
|
||||
{{- with .Values.imagePullSecrets }}
|
||||
imagePullSecrets:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.daemon.affinity }}
|
||||
affinity:
|
||||
{{ toYaml .Values.daemon.affinity | indent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.daemon.nodeSelector }}
|
||||
nodeSelector:
|
||||
{{ toYaml .Values.daemon.nodeSelector | indent 8 }}
|
||||
{{- end }}
|
||||
containers:
|
||||
- command:
|
||||
- /kruise-daemon
|
||||
args:
|
||||
- --logtostderr=true
|
||||
- --v=4
|
||||
- --addr=:{{ .Values.daemon.port }}
|
||||
- --feature-gates={{ .Values.featureGates }}
|
||||
- --socket-file={{ .Values.daemon.socketFile }}
|
||||
{{- if not .Values.daemon.enablePprof }}
|
||||
- --enable-pprof=false
|
||||
{{- else }}
|
||||
- --enable-pprof=true
|
||||
- --pprof-addr={{ .Values.daemon.pprofAddr }}
|
||||
{{- end }}
|
||||
{{- if .Values.daemon.credentialProvider.enable }}
|
||||
- --plugin-config-file=/credential-provider-config/CredentialProviderPlugin.yaml
|
||||
- --plugin-bin-dir=/credential-provider-plugin
|
||||
{{- end }}
|
||||
image: {{ .Values.manager.image.repository }}:{{ .Values.manager.image.tag }}
|
||||
imagePullPolicy: Always
|
||||
securityContext:
|
||||
capabilities:
|
||||
drop:
|
||||
- all
|
||||
add: [ 'NET_BIND_SERVICE' ]
|
||||
allowPrivilegeEscalation: false
|
||||
name: daemon
|
||||
env:
|
||||
{{- if .Values.enableKubeCacheMutationDetector }}
|
||||
- name: KUBE_CACHE_MUTATION_DETECTOR
|
||||
value: "true"
|
||||
{{- end }}
|
||||
- name: NODE_NAME
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
apiVersion: v1
|
||||
fieldPath: spec.nodeName
|
||||
{{- if .Values.daemon.extraEnvs }}
|
||||
{{- toYaml .Values.daemon.extraEnvs | nindent 8 }}
|
||||
{{- end }}
|
||||
livenessProbe:
|
||||
failureThreshold: 3
|
||||
httpGet:
|
||||
path: /healthz
|
||||
port: {{ .Values.daemon.port }}
|
||||
scheme: HTTP
|
||||
initialDelaySeconds: 60
|
||||
periodSeconds: 10
|
||||
successThreshold: 1
|
||||
timeoutSeconds: 1
|
||||
resources:
|
||||
{{- toYaml .Values.daemon.resources | nindent 12 }}
|
||||
volumeMounts:
|
||||
- mountPath: /hostvarrun
|
||||
name: runtime-socket
|
||||
readOnly: true
|
||||
{{- if .Values.daemon.credentialProvider.enable }}
|
||||
- name: credential-provider-plugin-config
|
||||
mountPath: /credential-provider-config
|
||||
readOnly: true
|
||||
- name: credential-provider-plugin
|
||||
mountPath: /credential-provider-plugin
|
||||
readOnly: true
|
||||
{{- if ne .Values.daemon.credentialProvider.awsCredentialsDir "" }}
|
||||
- name: aws-credentials-dir
|
||||
mountPath: /root/.aws
|
||||
readOnly: true
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
tolerations:
|
||||
- operator: Exists
|
||||
hostNetwork: true
|
||||
dnsPolicy: ClusterFirstWithHostNet
|
||||
terminationGracePeriodSeconds: 10
|
||||
serviceAccountName: kruise-daemon
|
||||
volumes:
|
||||
- hostPath:
|
||||
path: {{ .Values.daemon.socketLocation }}
|
||||
type: ""
|
||||
name: runtime-socket
|
||||
{{- if .Values.daemon.credentialProvider.enable }}
|
||||
- name: credential-provider-plugin-config
|
||||
configMap:
|
||||
name: {{ .Values.daemon.credentialProvider.configmap }}
|
||||
- hostPath:
|
||||
path: {{ .Values.daemon.credentialProvider.hostPath }}
|
||||
type: ""
|
||||
name: credential-provider-plugin
|
||||
{{- if ne .Values.daemon.credentialProvider.awsCredentialsDir "" }}
|
||||
- hostPath:
|
||||
path: {{ .Values.daemon.credentialProvider.awsCredentialsDir }}
|
||||
type: ""
|
||||
name: aws-credentials-dir
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
|
|
|||
|
|
@ -927,7 +927,7 @@ kind: Role
|
|||
metadata:
|
||||
creationTimestamp: null
|
||||
name: kruise-daemon-secret-role
|
||||
namespace: kruise-daemon-config
|
||||
namespace: {{ .Values.installation.daemonSet.namespace }}
|
||||
rules:
|
||||
- apiGroups:
|
||||
- ""
|
||||
|
|
@ -942,7 +942,7 @@ apiVersion: rbac.authorization.k8s.io/v1
|
|||
kind: RoleBinding
|
||||
metadata:
|
||||
name: kruise-daemon-secret-rolebinding
|
||||
namespace: kruise-daemon-config
|
||||
namespace: {{ .Values.installation.daemonSet.namespace }}
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: Role
|
||||
|
|
|
|||
|
|
@ -7,6 +7,9 @@ crds:
|
|||
installation:
|
||||
namespace: kruise-system
|
||||
createNamespace: true
|
||||
daemonSet:
|
||||
namespace: kruise-daemon-config
|
||||
createNamespace: true
|
||||
roleListGroups:
|
||||
- '*'
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue