diff --git a/gthulhu/templates/NOTES.txt b/gthulhu/templates/NOTES.txt index fbfbfe1..751ebae 100644 --- a/gthulhu/templates/NOTES.txt +++ b/gthulhu/templates/NOTES.txt @@ -1,37 +1,37 @@ 1. Gthulhu has been deployed to your Kubernetes cluster! -{{- if .Values.scheduler.enabled }} +{{- if .Values.pod.enabled }} ** Gthulhu Scheduler ** The BPF scheduler is running as a DaemonSet on all nodes. You can check the scheduler status with: - kubectl get daemonset {{ include "gthulhu.fullname" . }}-scheduler -n {{ .Release.Namespace }} - kubectl logs -l app.kubernetes.io/component=scheduler -n {{ .Release.Namespace }} + kubectl get daemonset {{ include "gthulhu.fullname" . }} -n {{ .Release.Namespace }} + kubectl logs -l app.kubernetes.io/name={{ include "gthulhu.name" . }} -c gthulhu-scheduler -n {{ .Release.Namespace }} {{- end }} -{{- if .Values.api.enabled }} +{{- if .Values.pod.api.enabled }} ** BSS Metrics API Server ** -{{- if .Values.api.ingress.enabled }} -{{- range $host := .Values.api.ingress.hosts }} +{{- if .Values.ingress.enabled }} +{{- range $host := .Values.ingress.hosts }} {{- range .paths }} - http{{ if $.Values.api.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }} + http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }} {{- end }} {{- end }} -{{- else if contains "NodePort" .Values.api.service.type }} +{{- else if and .Values.service.enabled (contains "NodePort" .Values.service.type) }} export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "gthulhu.fullname" . }}-api) export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") echo http://$NODE_IP:$NODE_PORT -{{- else if contains "LoadBalancer" .Values.api.service.type }} +{{- else if and .Values.service.enabled (contains "LoadBalancer" .Values.service.type) }} NOTE: It may take a few minutes for the LoadBalancer IP to be available. You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "gthulhu.fullname" . }}-api' export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "gthulhu.fullname" . }}-api --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") - echo http://$SERVICE_IP:\{\{ .Values.api.service.port }} -{{- else if contains "ClusterIP" .Values.api.service.type }} - export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/component=api,app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") - export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}") + echo http://$SERVICE_IP:{{ .Values.service.port }} +{{- else if and .Values.service.enabled (contains "ClusterIP" .Values.service.type) }} + export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "gthulhu.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") + export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[1].ports[0].containerPort}") echo "Visit http://127.0.0.1:8080 to use your application" kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT {{- end }} diff --git a/gthulhu/templates/configmap.yaml b/gthulhu/templates/configmap.yaml index a9927cb..4ef5fa9 100644 --- a/gthulhu/templates/configmap.yaml +++ b/gthulhu/templates/configmap.yaml @@ -1,4 +1,4 @@ -{{- if .Values.scheduler.enabled }} +{{- if .Values.pod.enabled }} apiVersion: v1 kind: ConfigMap metadata: @@ -29,12 +29,12 @@ data: scheduler: # Default time slice in nanoseconds (default: 5000000 = 5ms) slice_ns_default: 5000000 - + # Minimum time slice in nanoseconds (default: 500000 = 0.5ms) slice_ns_min: 500000 api: enabled: true - url: http://gthulhu-api:80 + url: http://localhost:8080 interval: 5 public_key_path: /etc/gthulhu/jwt_public_key.pem debug: true @@ -42,7 +42,7 @@ data: builtin_idle: false {{- end }} --- -{{- if .Values.api.enabled }} +{{- if .Values.pod.api.enabled }} apiVersion: v1 kind: ConfigMap metadata: @@ -107,7 +107,7 @@ data: config.json: | { "server": { - "port": ":{{ .Values.api.port }}", + "port": ":{{ .Values.pod.api.port }}", "read_timeout": 15, "write_timeout": 15, "idle_timeout": 60 diff --git a/gthulhu/templates/deployment.yaml b/gthulhu/templates/deployment.yaml index 0a60f9d..2db29fe 100644 --- a/gthulhu/templates/deployment.yaml +++ b/gthulhu/templates/deployment.yaml @@ -1,16 +1,14 @@ -{{- if .Values.scheduler.enabled }} +{{- if .Values.pod.enabled }} apiVersion: apps/v1 kind: DaemonSet metadata: - name: {{ include "gthulhu.fullname" . }}-scheduler + name: {{ include "gthulhu.fullname" . }} labels: {{- include "gthulhu.labels" . | nindent 4 }} - app.kubernetes.io/component: scheduler spec: selector: matchLabels: {{- include "gthulhu.selectorLabels" . | nindent 6 }} - app.kubernetes.io/component: scheduler template: metadata: {{- with .Values.podAnnotations }} @@ -19,25 +17,30 @@ spec: {{- end }} labels: {{- include "gthulhu.selectorLabels" . | nindent 8 }} - app.kubernetes.io/component: scheduler spec: {{- with .Values.global.imagePullSecrets }} imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} serviceAccountName: {{ include "gthulhu.serviceAccountName" . }} - hostPID: {{ .Values.scheduler.hostPID }} - securityContext: - {{- toYaml .Values.scheduler.securityContext | nindent 8 }} + hostPID: {{ .Values.pod.hostPID }} containers: + # Scheduler container - name: gthulhu-scheduler - image: "{{ .Values.scheduler.image.repository }}:{{ .Values.scheduler.image.tag | default .Chart.AppVersion }}" - imagePullPolicy: {{ .Values.scheduler.image.pullPolicy }} + image: "{{ .Values.pod.scheduler.image.repository }}:{{ .Values.pod.scheduler.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.pod.scheduler.image.pullPolicy }} securityContext: - {{- toYaml .Values.scheduler.securityContext | nindent 12 }} + privileged: {{ .Values.pod.securityContext.privileged }} + runAsUser: {{ .Values.pod.securityContext.runAsUser }} + {{- with .Values.pod.schedulerSecurityContext.capabilities }} + capabilities: + {{- toYaml . | nindent 14 }} + {{- end }} command: - - /gthulhu/main - args: ["-config", "/etc/gthulhu/config.yaml"] + - /gthulhu/main + args: + - "-config" + - "/etc/gthulhu/config.yaml" volumeMounts: - name: sys-kernel-debug mountPath: /sys/kernel/debug @@ -49,114 +52,77 @@ spec: mountPath: /etc/gthulhu readOnly: true resources: - {{- toYaml .Values.scheduler.resources | nindent 12 }} - volumes: - - name: sys-kernel-debug - hostPath: - path: /sys/kernel/debug - - name: proc - hostPath: - path: /proc - - name: config-volume - configMap: - name: {{ include "gthulhu.fullname" . }}-scheduler-config - {{- with .Values.scheduler.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.scheduler.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} ---- -{{- end }} -{{- if .Values.api.enabled }} -apiVersion: apps/v1 -kind: DaemonSet -metadata: - name: {{ include "gthulhu.fullname" . }}-api - labels: - {{- include "gthulhu.labels" . | nindent 4 }} - app.kubernetes.io/component: api -spec: - selector: - matchLabels: - {{- include "gthulhu.selectorLabels" . | nindent 6 }} - app.kubernetes.io/component: api - template: - metadata: - {{- with .Values.podAnnotations }} - annotations: - {{- toYaml . | nindent 8 }} - {{- end }} - labels: - {{- include "gthulhu.selectorLabels" . | nindent 8 }} - app.kubernetes.io/component: api - spec: - {{- with .Values.global.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - serviceAccountName: {{ include "gthulhu.serviceAccountName" . }} - hostPID: {{ .Values.api.hostPID }} - securityContext: - {{- toYaml .Values.api.securityContext | nindent 8 }} - containers: + {{- toYaml .Values.pod.scheduler.resources | nindent 12 }} + {{- if .Values.pod.api.enabled }} + # API server sidecar container - name: gthulhu-api - image: "{{ .Values.api.image.repository }}:{{ .Values.api.image.tag | default .Chart.AppVersion }}" - imagePullPolicy: {{ .Values.api.image.pullPolicy }} + image: "{{ .Values.pod.api.image.repository }}:{{ .Values.pod.api.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.pod.api.image.pullPolicy }} securityContext: - {{- toYaml .Values.api.securityContext | nindent 12 }} + privileged: {{ .Values.pod.securityContext.privileged }} + runAsUser: {{ .Values.pod.securityContext.runAsUser }} + {{- with .Values.pod.apiSecurityContext.capabilities }} + capabilities: + {{- toYaml . | nindent 14 }} + {{- end }} command: - - /app/main - args: ["-config", "/etc/gthulhu/config.json", "--in-cluster=true"] + - /app/main + args: + - "-config" + - "/etc/gthulhu/config.json" + - "--in-cluster=true" ports: - name: http - containerPort: {{ .Values.api.port }} + containerPort: {{ .Values.pod.api.port }} protocol: TCP - {{- if .Values.api.healthCheck.enabled }} + {{- if .Values.pod.api.healthCheck.enabled }} livenessProbe: httpGet: - path: {{ .Values.api.healthCheck.path }} + path: {{ .Values.pod.api.healthCheck.path }} port: http - initialDelaySeconds: {{ .Values.api.healthCheck.initialDelaySeconds }} - periodSeconds: {{ .Values.api.healthCheck.periodSeconds }} - timeoutSeconds: {{ .Values.api.healthCheck.timeoutSeconds }} - failureThreshold: {{ .Values.api.healthCheck.failureThreshold }} + initialDelaySeconds: {{ .Values.pod.api.healthCheck.initialDelaySeconds }} + periodSeconds: {{ .Values.pod.api.healthCheck.periodSeconds }} + timeoutSeconds: {{ .Values.pod.api.healthCheck.timeoutSeconds }} + failureThreshold: {{ .Values.pod.api.healthCheck.failureThreshold }} readinessProbe: httpGet: - path: {{ .Values.api.healthCheck.path }} + path: {{ .Values.pod.api.healthCheck.path }} port: http - initialDelaySeconds: {{ .Values.api.healthCheck.initialDelaySeconds }} - periodSeconds: {{ .Values.api.healthCheck.periodSeconds }} - timeoutSeconds: {{ .Values.api.healthCheck.timeoutSeconds }} - failureThreshold: {{ .Values.api.healthCheck.failureThreshold }} + initialDelaySeconds: {{ .Values.pod.api.healthCheck.initialDelaySeconds }} + periodSeconds: {{ .Values.pod.api.healthCheck.periodSeconds }} + timeoutSeconds: {{ .Values.pod.api.healthCheck.timeoutSeconds }} + failureThreshold: {{ .Values.pod.api.healthCheck.failureThreshold }} {{- end }} volumeMounts: - name: proc mountPath: /host/proc readOnly: true - - name: config-volume + - name: api-config-volume mountPath: /etc/gthulhu readOnly: true resources: - {{- toYaml .Values.api.resources | nindent 12 }} + {{- toYaml .Values.pod.api.resources | nindent 12 }} + {{- end }} volumes: + - name: sys-kernel-debug + hostPath: + path: /sys/kernel/debug - name: proc hostPath: path: /proc - name: config-volume + configMap: + name: {{ include "gthulhu.fullname" . }}-scheduler-config + {{- if .Values.pod.api.enabled }} + - name: api-config-volume configMap: name: {{ include "gthulhu.fullname" . }}-api-config - {{- with .Values.api.nodeSelector }} + {{- end }} + {{- with .Values.pod.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} {{- end }} - {{- with .Values.api.tolerations }} + {{- with .Values.pod.tolerations }} tolerations: {{- toYaml . | nindent 8 }} {{- end }} diff --git a/gthulhu/templates/hpa.yaml b/gthulhu/templates/hpa.yaml index d728d05..d60ff2f 100644 --- a/gthulhu/templates/hpa.yaml +++ b/gthulhu/templates/hpa.yaml @@ -1,25 +1,24 @@ -{{- if and .Values.api.enabled .Values.api.autoscaling.enabled }} +{{- if .Values.autoscaling.enabled }} apiVersion: autoscaling/v2 kind: HorizontalPodAutoscaler metadata: - name: {{ include "gthulhu.fullname" . }}-api + name: {{ include "gthulhu.fullname" . }} labels: {{- include "gthulhu.labels" . | nindent 4 }} - app.kubernetes.io/component: api spec: scaleTargetRef: apiVersion: apps/v1 - kind: Deployment - name: {{ include "gthulhu.fullname" . }}-api - minReplicas: {{ .Values.api.autoscaling.minReplicas }} - maxReplicas: {{ .Values.api.autoscaling.maxReplicas }} + kind: DaemonSet + name: {{ include "gthulhu.fullname" . }} + minReplicas: {{ .Values.autoscaling.minReplicas }} + maxReplicas: {{ .Values.autoscaling.maxReplicas }} metrics: - {{- if .Values.api.autoscaling.targetCPUUtilizationPercentage }} + {{- if .Values.autoscaling.targetCPUUtilizationPercentage }} - type: Resource resource: name: cpu target: type: Utilization - averageUtilization: {{ .Values.api.autoscaling.targetCPUUtilizationPercentage }} + averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} {{- end }} {{- end }} diff --git a/gthulhu/templates/ingress.yaml b/gthulhu/templates/ingress.yaml index 57acef0..6b48719 100644 --- a/gthulhu/templates/ingress.yaml +++ b/gthulhu/templates/ingress.yaml @@ -1,9 +1,9 @@ -{{- if and .Values.api.enabled .Values.api.ingress.enabled -}} +{{- if .Values.ingress.enabled -}} {{- $fullName := include "gthulhu.fullname" . -}} -{{- $svcPort := .Values.api.service.port -}} -{{- if and .Values.api.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }} - {{- if not (hasKey .Values.api.ingress.annotations "kubernetes.io/ingress.class") }} - {{- $_ := set .Values.api.ingress.annotations "kubernetes.io/ingress.class" .Values.api.ingress.className}} +{{- $svcPort := .Values.service.port -}} +{{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }} + {{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }} + {{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.className}} {{- end }} {{- end }} {{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}} @@ -19,17 +19,17 @@ metadata: labels: {{- include "gthulhu.labels" . | nindent 4 }} app.kubernetes.io/component: api - {{- with .Values.api.ingress.annotations }} + {{- with .Values.ingress.annotations }} annotations: {{- toYaml . | nindent 4 }} {{- end }} spec: - {{- if and .Values.api.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }} - ingressClassName: {{ .Values.api.ingress.className }} + {{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }} + ingressClassName: {{ .Values.ingress.className }} {{- end }} - {{- if .Values.api.ingress.tls }} + {{- if .Values.ingress.tls }} tls: - {{- range .Values.api.ingress.tls }} + {{- range .Values.ingress.tls }} - hosts: {{- range .hosts }} - {{ . | quote }} @@ -38,7 +38,7 @@ spec: {{- end }} {{- end }} rules: - {{- range .Values.api.ingress.hosts }} + {{- range .Values.ingress.hosts }} - host: {{ .host | quote }} http: paths: diff --git a/gthulhu/templates/rbac.yaml b/gthulhu/templates/rbac.yaml index 32e421a..5605f91 100644 --- a/gthulhu/templates/rbac.yaml +++ b/gthulhu/templates/rbac.yaml @@ -1,47 +1,10 @@ -{{- if .Values.scheduler.enabled }} +{{- if .Values.pod.enabled }} apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - name: {{ include "gthulhu.fullname" . }}-scheduler + name: {{ include "gthulhu.fullname" . }} labels: {{- include "gthulhu.labels" . | nindent 4 }} - app.kubernetes.io/component: scheduler -rules: - - apiGroups: [""] - resources: ["nodes"] - verbs: ["get", "list", "watch"] - - apiGroups: [""] - resources: ["pods"] - verbs: ["get", "list", "watch"] - - apiGroups: ["metrics.k8s.io"] - resources: ["nodes", "pods"] - verbs: ["get", "list"] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ include "gthulhu.fullname" . }}-scheduler - labels: - {{- include "gthulhu.labels" . | nindent 4 }} - app.kubernetes.io/component: scheduler -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ include "gthulhu.fullname" . }}-scheduler -subjects: - - kind: ServiceAccount - name: {{ include "gthulhu.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} -{{- end }} -{{- if .Values.api.enabled }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ include "gthulhu.fullname" . }}-api - labels: - {{- include "gthulhu.labels" . | nindent 4 }} - app.kubernetes.io/component: api rules: - apiGroups: [""] resources: ["nodes"] @@ -49,27 +12,28 @@ rules: - apiGroups: [""] resources: ["pods"] verbs: ["get", "list", "watch"] + {{- if .Values.pod.api.enabled }} - apiGroups: [""] resources: ["namespaces"] verbs: ["get", "list", "watch"] - - apiGroups: ["metrics.k8s.io"] - resources: ["nodes", "pods"] - verbs: ["get", "list"] - apiGroups: ["apps"] resources: ["deployments", "daemonsets", "replicasets"] verbs: ["get", "list", "watch"] + {{- end }} + - apiGroups: ["metrics.k8s.io"] + resources: ["nodes", "pods"] + verbs: ["get", "list"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - name: {{ include "gthulhu.fullname" . }}-api + name: {{ include "gthulhu.fullname" . }} labels: {{- include "gthulhu.labels" . | nindent 4 }} - app.kubernetes.io/component: api roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole - name: {{ include "gthulhu.fullname" . }}-api + name: {{ include "gthulhu.fullname" . }} subjects: - kind: ServiceAccount name: {{ include "gthulhu.serviceAccountName" . }} diff --git a/gthulhu/templates/service.yaml b/gthulhu/templates/service.yaml index a18c61d..3ade9cb 100644 --- a/gthulhu/templates/service.yaml +++ b/gthulhu/templates/service.yaml @@ -1,4 +1,4 @@ -{{- if .Values.api.enabled }} +{{- if .Values.service.enabled }} apiVersion: v1 kind: Service metadata: @@ -7,13 +7,12 @@ metadata: {{- include "gthulhu.labels" . | nindent 4 }} app.kubernetes.io/component: api spec: - type: {{ .Values.api.service.type }} + type: {{ .Values.service.type }} ports: - - port: {{ .Values.api.service.port }} - targetPort: {{ .Values.api.service.targetPort }} + - port: {{ .Values.service.port }} + targetPort: {{ .Values.service.targetPort }} protocol: TCP name: http selector: {{- include "gthulhu.selectorLabels" . | nindent 4 }} - app.kubernetes.io/component: api {{- end }} diff --git a/gthulhu/templates/servicemonitor.yaml b/gthulhu/templates/servicemonitor.yaml index a7c99fa..22cedcd 100644 --- a/gthulhu/templates/servicemonitor.yaml +++ b/gthulhu/templates/servicemonitor.yaml @@ -1,4 +1,4 @@ -{{- if and .Values.api.enabled .Values.monitoring.enabled .Values.monitoring.serviceMonitor.enabled }} +{{- if and .Values.service.enabled .Values.monitoring.enabled .Values.monitoring.serviceMonitor.enabled }} apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: @@ -13,7 +13,6 @@ spec: selector: matchLabels: {{- include "gthulhu.selectorLabels" . | nindent 6 }} - app.kubernetes.io/component: api endpoints: - port: http path: {{ .Values.monitoring.path }} diff --git a/gthulhu/templates/tests/test-connection.yaml b/gthulhu/templates/tests/test-connection.yaml index 6b689fc..d4f89ae 100644 --- a/gthulhu/templates/tests/test-connection.yaml +++ b/gthulhu/templates/tests/test-connection.yaml @@ -1,4 +1,4 @@ -{{- if .Values.api.enabled }} +{{- if .Values.service.enabled }} apiVersion: v1 kind: Pod metadata: @@ -12,6 +12,6 @@ spec: - name: wget image: busybox command: ['wget'] - args: ['{{ include "gthulhu.fullname" . }}-api:{{ .Values.api.service.port }}/health'] + args: ['{{ include "gthulhu.fullname" . }}-api:{{ .Values.service.port }}/health'] restartPolicy: Never {{- end }} diff --git a/gthulhu/values.yaml b/gthulhu/values.yaml index a460700..b2a1026 100644 --- a/gthulhu/values.yaml +++ b/gthulhu/values.yaml @@ -2,129 +2,114 @@ # This is a YAML-formatted file. # Declare variables to be passed into your templates. -# Gthulhu Scheduler Configuration -scheduler: +# Gthulhu Pod Configuration (Sidecar Pattern) +# The pod contains both the scheduler and API server as sidecars +pod: enabled: true - replicaCount: 1 - - image: - repository: 127.0.0.1:32000/gthulhu - pullPolicy: Always - tag: "latest" - - # Scheduler requires privileged access for BPF operations + + # Scheduler container configuration + scheduler: + image: + repository: 127.0.0.1:32000/gthulhu + pullPolicy: Always + tag: "latest" + + # Resources for the scheduler + resources: + limits: + # cpu: 500m + memory: 512Mi + requests: + # cpu: 100m + memory: 128Mi + + # API server container configuration (sidecar) + api: + enabled: true + image: + repository: 127.0.0.1:32000/gthulhu-api + pullPolicy: Always + tag: "latest" + + # API server port configuration + port: 8080 + + # Health check configuration + healthCheck: + enabled: true + path: /health + initialDelaySeconds: 10 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 3 + + # Resources for the API server + resources: + limits: + cpu: 200m + memory: 256Mi + requests: + cpu: 50m + memory: 64Mi + + # Pod-level security context securityContext: privileged: true runAsUser: 0 + + # Scheduler container security context + schedulerSecurityContext: capabilities: add: - SYS_ADMIN - SYS_RESOURCE - SYS_PTRACE - - # Host PID namespace is required for scheduler operations - hostPID: true - - # Node selector to ensure deployment on nodes with required kernel version - nodeSelector: - kubernetes.io/os: linux - - # Resources for the scheduler - resources: - limits: - # cpu: 500m - memory: 512Mi - requests: - # cpu: 100m - memory: 128Mi - - # Tolerations to allow scheduling on any node - tolerations: - - operator: Exists -# Metrics API Server Configuration -api: - enabled: true - replicaCount: 1 - - image: - repository: 127.0.0.1:32000/gthulhu-api - pullPolicy: Always - tag: "latest" - - # API server port configuration - port: 8080 - targetPort: 8080 - - # Host PID namespace is required for API operations - hostPID: true - - # API server needs access to host proc and K8s API - securityContext: - privileged: true - runAsUser: 0 + # API server container security context + apiSecurityContext: capabilities: add: - SYS_PTRACE - SYS_ADMIN drop: - NET_RAW - - # Node selector for API (inherit global if not specified) + + # Host PID namespace is required for both scheduler and API operations + hostPID: true + + # Node selector to ensure deployment on nodes with required kernel version nodeSelector: kubernetes.io/os: linux - + # Tolerations to allow scheduling on any node tolerations: - operator: Exists - - # Service configuration - service: - type: ClusterIP - port: 80 - targetPort: 8080 - - # Ingress configuration - ingress: - enabled: false - className: "" - annotations: {} - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - hosts: - - host: gthulhu-api.local - paths: - - path: / - pathType: ImplementationSpecific - tls: [] - # - secretName: gthulhu-api-tls - # hosts: - # - gthulhu-api.local - - # Health check configuration - healthCheck: - enabled: true - path: /health - initialDelaySeconds: 30 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 3 - - # Resources for the API server - resources: - limits: - cpu: 200m - memory: 256Mi - requests: - cpu: 50m - memory: 64Mi - - # Horizontal Pod Autoscaler - autoscaling: - enabled: false - minReplicas: 1 - maxReplicas: 5 - targetCPUUtilizationPercentage: 80 + +# Service configuration (optional, for external access to API) +service: + # Set to false for sidecar-only deployment (localhost communication) + # Set to true if you need external access to the API + enabled: false + type: ClusterIP + port: 80 + targetPort: 8080 + +# Ingress configuration +ingress: + enabled: false + className: "" + annotations: {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + hosts: + - host: gthulhu-api.local + paths: + - path: / + pathType: ImplementationSpecific + tls: [] + # - secretName: gthulhu-api-tls + # hosts: + # - gthulhu-api.local # Global configuration global: @@ -171,4 +156,11 @@ monitoring: enabled: false labels: {} interval: 30s - path: /metrics + path: /metrics + +# Horizontal Pod Autoscaler (not recommended for schedulers) +autoscaling: + enabled: false + minReplicas: 1 + maxReplicas: 5 + targetCPUUtilizationPercentage: 80