From eb1eb4a5254e03fb17ffab37df78586390fc1104 Mon Sep 17 00:00:00 2001 From: Yun-Tang Chang Date: Tue, 25 Nov 2025 02:10:11 +0800 Subject: [PATCH 1/5] Refactor values.yaml to support sidecar deployment Merge separate scheduler and api configurations into a unified pod structure to enable sidecar pattern deployment. This change groups both containers under a single pod configuration while maintaining granular control over individual container settings. Changes: - Introduce pod.enabled flag for unified deployment control - Restructure scheduler config as pod.scheduler with image and resources - Restructure API config as pod.api as sidecar container configuration --- gthulhu/values.yaml | 198 +++++++++++++++++++++----------------------- 1 file changed, 95 insertions(+), 103 deletions(-) diff --git a/gthulhu/values.yaml b/gthulhu/values.yaml index a460700..b2a1026 100644 --- a/gthulhu/values.yaml +++ b/gthulhu/values.yaml @@ -2,129 +2,114 @@ # This is a YAML-formatted file. # Declare variables to be passed into your templates. -# Gthulhu Scheduler Configuration -scheduler: +# Gthulhu Pod Configuration (Sidecar Pattern) +# The pod contains both the scheduler and API server as sidecars +pod: enabled: true - replicaCount: 1 - - image: - repository: 127.0.0.1:32000/gthulhu - pullPolicy: Always - tag: "latest" - - # Scheduler requires privileged access for BPF operations + + # Scheduler container configuration + scheduler: + image: + repository: 127.0.0.1:32000/gthulhu + pullPolicy: Always + tag: "latest" + + # Resources for the scheduler + resources: + limits: + # cpu: 500m + memory: 512Mi + requests: + # cpu: 100m + memory: 128Mi + + # API server container configuration (sidecar) + api: + enabled: true + image: + repository: 127.0.0.1:32000/gthulhu-api + pullPolicy: Always + tag: "latest" + + # API server port configuration + port: 8080 + + # Health check configuration + healthCheck: + enabled: true + path: /health + initialDelaySeconds: 10 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 3 + + # Resources for the API server + resources: + limits: + cpu: 200m + memory: 256Mi + requests: + cpu: 50m + memory: 64Mi + + # Pod-level security context securityContext: privileged: true runAsUser: 0 + + # Scheduler container security context + schedulerSecurityContext: capabilities: add: - SYS_ADMIN - SYS_RESOURCE - SYS_PTRACE - - # Host PID namespace is required for scheduler operations - hostPID: true - - # Node selector to ensure deployment on nodes with required kernel version - nodeSelector: - kubernetes.io/os: linux - - # Resources for the scheduler - resources: - limits: - # cpu: 500m - memory: 512Mi - requests: - # cpu: 100m - memory: 128Mi - - # Tolerations to allow scheduling on any node - tolerations: - - operator: Exists -# Metrics API Server Configuration -api: - enabled: true - replicaCount: 1 - - image: - repository: 127.0.0.1:32000/gthulhu-api - pullPolicy: Always - tag: "latest" - - # API server port configuration - port: 8080 - targetPort: 8080 - - # Host PID namespace is required for API operations - hostPID: true - - # API server needs access to host proc and K8s API - securityContext: - privileged: true - runAsUser: 0 + # API server container security context + apiSecurityContext: capabilities: add: - SYS_PTRACE - SYS_ADMIN drop: - NET_RAW - - # Node selector for API (inherit global if not specified) + + # Host PID namespace is required for both scheduler and API operations + hostPID: true + + # Node selector to ensure deployment on nodes with required kernel version nodeSelector: kubernetes.io/os: linux - + # Tolerations to allow scheduling on any node tolerations: - operator: Exists - - # Service configuration - service: - type: ClusterIP - port: 80 - targetPort: 8080 - - # Ingress configuration - ingress: - enabled: false - className: "" - annotations: {} - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - hosts: - - host: gthulhu-api.local - paths: - - path: / - pathType: ImplementationSpecific - tls: [] - # - secretName: gthulhu-api-tls - # hosts: - # - gthulhu-api.local - - # Health check configuration - healthCheck: - enabled: true - path: /health - initialDelaySeconds: 30 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 3 - - # Resources for the API server - resources: - limits: - cpu: 200m - memory: 256Mi - requests: - cpu: 50m - memory: 64Mi - - # Horizontal Pod Autoscaler - autoscaling: - enabled: false - minReplicas: 1 - maxReplicas: 5 - targetCPUUtilizationPercentage: 80 + +# Service configuration (optional, for external access to API) +service: + # Set to false for sidecar-only deployment (localhost communication) + # Set to true if you need external access to the API + enabled: false + type: ClusterIP + port: 80 + targetPort: 8080 + +# Ingress configuration +ingress: + enabled: false + className: "" + annotations: {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + hosts: + - host: gthulhu-api.local + paths: + - path: / + pathType: ImplementationSpecific + tls: [] + # - secretName: gthulhu-api-tls + # hosts: + # - gthulhu-api.local # Global configuration global: @@ -171,4 +156,11 @@ monitoring: enabled: false labels: {} interval: 30s - path: /metrics + path: /metrics + +# Horizontal Pod Autoscaler (not recommended for schedulers) +autoscaling: + enabled: false + minReplicas: 1 + maxReplicas: 5 + targetCPUUtilizationPercentage: 80 From 2789a235c2d10987f71aeedaceecdfbe4693e081 Mon Sep 17 00:00:00 2001 From: Yun-Tang Chang Date: Tue, 25 Nov 2025 15:52:42 +0800 Subject: [PATCH 2/5] Consolidate scheduler and API into single DaemonSet Merge previously separate scheduler and API DaemonSets into one, running both as containers in the same pod. This enables localhost communication and guarantees co-location on each node. Changes: - Run scheduler and API as containers in same DaemonSet pod - Share hostPID and system volumes (/proc, /sys/kernel/debug) - Simplify deployment from 2 DaemonSets to 1 --- gthulhu/templates/deployment.yaml | 148 ++++++++++++------------------ 1 file changed, 57 insertions(+), 91 deletions(-) diff --git a/gthulhu/templates/deployment.yaml b/gthulhu/templates/deployment.yaml index 0a60f9d..2db29fe 100644 --- a/gthulhu/templates/deployment.yaml +++ b/gthulhu/templates/deployment.yaml @@ -1,16 +1,14 @@ -{{- if .Values.scheduler.enabled }} +{{- if .Values.pod.enabled }} apiVersion: apps/v1 kind: DaemonSet metadata: - name: {{ include "gthulhu.fullname" . }}-scheduler + name: {{ include "gthulhu.fullname" . }} labels: {{- include "gthulhu.labels" . | nindent 4 }} - app.kubernetes.io/component: scheduler spec: selector: matchLabels: {{- include "gthulhu.selectorLabels" . | nindent 6 }} - app.kubernetes.io/component: scheduler template: metadata: {{- with .Values.podAnnotations }} @@ -19,25 +17,30 @@ spec: {{- end }} labels: {{- include "gthulhu.selectorLabels" . | nindent 8 }} - app.kubernetes.io/component: scheduler spec: {{- with .Values.global.imagePullSecrets }} imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} serviceAccountName: {{ include "gthulhu.serviceAccountName" . }} - hostPID: {{ .Values.scheduler.hostPID }} - securityContext: - {{- toYaml .Values.scheduler.securityContext | nindent 8 }} + hostPID: {{ .Values.pod.hostPID }} containers: + # Scheduler container - name: gthulhu-scheduler - image: "{{ .Values.scheduler.image.repository }}:{{ .Values.scheduler.image.tag | default .Chart.AppVersion }}" - imagePullPolicy: {{ .Values.scheduler.image.pullPolicy }} + image: "{{ .Values.pod.scheduler.image.repository }}:{{ .Values.pod.scheduler.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.pod.scheduler.image.pullPolicy }} securityContext: - {{- toYaml .Values.scheduler.securityContext | nindent 12 }} + privileged: {{ .Values.pod.securityContext.privileged }} + runAsUser: {{ .Values.pod.securityContext.runAsUser }} + {{- with .Values.pod.schedulerSecurityContext.capabilities }} + capabilities: + {{- toYaml . | nindent 14 }} + {{- end }} command: - - /gthulhu/main - args: ["-config", "/etc/gthulhu/config.yaml"] + - /gthulhu/main + args: + - "-config" + - "/etc/gthulhu/config.yaml" volumeMounts: - name: sys-kernel-debug mountPath: /sys/kernel/debug @@ -49,114 +52,77 @@ spec: mountPath: /etc/gthulhu readOnly: true resources: - {{- toYaml .Values.scheduler.resources | nindent 12 }} - volumes: - - name: sys-kernel-debug - hostPath: - path: /sys/kernel/debug - - name: proc - hostPath: - path: /proc - - name: config-volume - configMap: - name: {{ include "gthulhu.fullname" . }}-scheduler-config - {{- with .Values.scheduler.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.scheduler.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} ---- -{{- end }} -{{- if .Values.api.enabled }} -apiVersion: apps/v1 -kind: DaemonSet -metadata: - name: {{ include "gthulhu.fullname" . }}-api - labels: - {{- include "gthulhu.labels" . | nindent 4 }} - app.kubernetes.io/component: api -spec: - selector: - matchLabels: - {{- include "gthulhu.selectorLabels" . | nindent 6 }} - app.kubernetes.io/component: api - template: - metadata: - {{- with .Values.podAnnotations }} - annotations: - {{- toYaml . | nindent 8 }} - {{- end }} - labels: - {{- include "gthulhu.selectorLabels" . | nindent 8 }} - app.kubernetes.io/component: api - spec: - {{- with .Values.global.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - serviceAccountName: {{ include "gthulhu.serviceAccountName" . }} - hostPID: {{ .Values.api.hostPID }} - securityContext: - {{- toYaml .Values.api.securityContext | nindent 8 }} - containers: + {{- toYaml .Values.pod.scheduler.resources | nindent 12 }} + {{- if .Values.pod.api.enabled }} + # API server sidecar container - name: gthulhu-api - image: "{{ .Values.api.image.repository }}:{{ .Values.api.image.tag | default .Chart.AppVersion }}" - imagePullPolicy: {{ .Values.api.image.pullPolicy }} + image: "{{ .Values.pod.api.image.repository }}:{{ .Values.pod.api.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.pod.api.image.pullPolicy }} securityContext: - {{- toYaml .Values.api.securityContext | nindent 12 }} + privileged: {{ .Values.pod.securityContext.privileged }} + runAsUser: {{ .Values.pod.securityContext.runAsUser }} + {{- with .Values.pod.apiSecurityContext.capabilities }} + capabilities: + {{- toYaml . | nindent 14 }} + {{- end }} command: - - /app/main - args: ["-config", "/etc/gthulhu/config.json", "--in-cluster=true"] + - /app/main + args: + - "-config" + - "/etc/gthulhu/config.json" + - "--in-cluster=true" ports: - name: http - containerPort: {{ .Values.api.port }} + containerPort: {{ .Values.pod.api.port }} protocol: TCP - {{- if .Values.api.healthCheck.enabled }} + {{- if .Values.pod.api.healthCheck.enabled }} livenessProbe: httpGet: - path: {{ .Values.api.healthCheck.path }} + path: {{ .Values.pod.api.healthCheck.path }} port: http - initialDelaySeconds: {{ .Values.api.healthCheck.initialDelaySeconds }} - periodSeconds: {{ .Values.api.healthCheck.periodSeconds }} - timeoutSeconds: {{ .Values.api.healthCheck.timeoutSeconds }} - failureThreshold: {{ .Values.api.healthCheck.failureThreshold }} + initialDelaySeconds: {{ .Values.pod.api.healthCheck.initialDelaySeconds }} + periodSeconds: {{ .Values.pod.api.healthCheck.periodSeconds }} + timeoutSeconds: {{ .Values.pod.api.healthCheck.timeoutSeconds }} + failureThreshold: {{ .Values.pod.api.healthCheck.failureThreshold }} readinessProbe: httpGet: - path: {{ .Values.api.healthCheck.path }} + path: {{ .Values.pod.api.healthCheck.path }} port: http - initialDelaySeconds: {{ .Values.api.healthCheck.initialDelaySeconds }} - periodSeconds: {{ .Values.api.healthCheck.periodSeconds }} - timeoutSeconds: {{ .Values.api.healthCheck.timeoutSeconds }} - failureThreshold: {{ .Values.api.healthCheck.failureThreshold }} + initialDelaySeconds: {{ .Values.pod.api.healthCheck.initialDelaySeconds }} + periodSeconds: {{ .Values.pod.api.healthCheck.periodSeconds }} + timeoutSeconds: {{ .Values.pod.api.healthCheck.timeoutSeconds }} + failureThreshold: {{ .Values.pod.api.healthCheck.failureThreshold }} {{- end }} volumeMounts: - name: proc mountPath: /host/proc readOnly: true - - name: config-volume + - name: api-config-volume mountPath: /etc/gthulhu readOnly: true resources: - {{- toYaml .Values.api.resources | nindent 12 }} + {{- toYaml .Values.pod.api.resources | nindent 12 }} + {{- end }} volumes: + - name: sys-kernel-debug + hostPath: + path: /sys/kernel/debug - name: proc hostPath: path: /proc - name: config-volume + configMap: + name: {{ include "gthulhu.fullname" . }}-scheduler-config + {{- if .Values.pod.api.enabled }} + - name: api-config-volume configMap: name: {{ include "gthulhu.fullname" . }}-api-config - {{- with .Values.api.nodeSelector }} + {{- end }} + {{- with .Values.pod.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} {{- end }} - {{- with .Values.api.tolerations }} + {{- with .Values.pod.tolerations }} tolerations: {{- toYaml . | nindent 8 }} {{- end }} From 629a29ad9d8120b99409e81126ca7e44f0c7afec Mon Sep 17 00:00:00 2001 From: Yun-Tang Chang Date: Tue, 25 Nov 2025 17:45:38 +0800 Subject: [PATCH 3/5] Change scheduler API endpoint to localhost Update scheduler configuration to use localhost for API communication instead of ClusterIP service. This change is required for the sidecar pattern where both containers run in the same pod and share the network namespace. Changes: - Update api.url from http://gthulhu-api:80 to http://localhost:8080 - Update template variable references to use pod configuration - Remove dependency on ClusterIP service for communication --- gthulhu/templates/configmap.yaml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/gthulhu/templates/configmap.yaml b/gthulhu/templates/configmap.yaml index a9927cb..4ef5fa9 100644 --- a/gthulhu/templates/configmap.yaml +++ b/gthulhu/templates/configmap.yaml @@ -1,4 +1,4 @@ -{{- if .Values.scheduler.enabled }} +{{- if .Values.pod.enabled }} apiVersion: v1 kind: ConfigMap metadata: @@ -29,12 +29,12 @@ data: scheduler: # Default time slice in nanoseconds (default: 5000000 = 5ms) slice_ns_default: 5000000 - + # Minimum time slice in nanoseconds (default: 500000 = 0.5ms) slice_ns_min: 500000 api: enabled: true - url: http://gthulhu-api:80 + url: http://localhost:8080 interval: 5 public_key_path: /etc/gthulhu/jwt_public_key.pem debug: true @@ -42,7 +42,7 @@ data: builtin_idle: false {{- end }} --- -{{- if .Values.api.enabled }} +{{- if .Values.pod.api.enabled }} apiVersion: v1 kind: ConfigMap metadata: @@ -107,7 +107,7 @@ data: config.json: | { "server": { - "port": ":{{ .Values.api.port }}", + "port": ":{{ .Values.pod.api.port }}", "read_timeout": 15, "write_timeout": 15, "idle_timeout": 60 From 146fad4de5cb86d9181bf44b6d4f5f6870309385 Mon Sep 17 00:00:00 2001 From: Yun-Tang Chang Date: Thu, 27 Nov 2025 02:20:40 +0800 Subject: [PATCH 4/5] Make API service optional for sidecar deployments Service is unnecessary in sidecar mode as containers communicate via localhost within the same pod. Changes: - Update condition to use service.enabled flag - Update variable references to service configuration - Remove component selector to match unified DaemonSet --- gthulhu/templates/service.yaml | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/gthulhu/templates/service.yaml b/gthulhu/templates/service.yaml index a18c61d..3ade9cb 100644 --- a/gthulhu/templates/service.yaml +++ b/gthulhu/templates/service.yaml @@ -1,4 +1,4 @@ -{{- if .Values.api.enabled }} +{{- if .Values.service.enabled }} apiVersion: v1 kind: Service metadata: @@ -7,13 +7,12 @@ metadata: {{- include "gthulhu.labels" . | nindent 4 }} app.kubernetes.io/component: api spec: - type: {{ .Values.api.service.type }} + type: {{ .Values.service.type }} ports: - - port: {{ .Values.api.service.port }} - targetPort: {{ .Values.api.service.targetPort }} + - port: {{ .Values.service.port }} + targetPort: {{ .Values.service.targetPort }} protocol: TCP name: http selector: {{- include "gthulhu.selectorLabels" . | nindent 4 }} - app.kubernetes.io/component: api {{- end }} From 06413dd113b5569f10b2bbeec0436aad5512beec Mon Sep 17 00:00:00 2001 From: Yun-Tang Chang Date: Fri, 28 Nov 2025 02:58:53 +0800 Subject: [PATCH 5/5] refactor(chart): update remaining templates for sidecar pattern Changes: - Merge 2 ClusterRoles/Bindings into 1 in rbac.yaml - Update variable references in NOTES.txt, ingress.yaml, and test files - Add service.enabled conditions for optional Service access --- gthulhu/templates/NOTES.txt | 26 +++++----- gthulhu/templates/hpa.yaml | 17 +++--- gthulhu/templates/ingress.yaml | 22 ++++---- gthulhu/templates/rbac.yaml | 54 ++++---------------- gthulhu/templates/servicemonitor.yaml | 3 +- gthulhu/templates/tests/test-connection.yaml | 4 +- 6 files changed, 44 insertions(+), 82 deletions(-) diff --git a/gthulhu/templates/NOTES.txt b/gthulhu/templates/NOTES.txt index fbfbfe1..751ebae 100644 --- a/gthulhu/templates/NOTES.txt +++ b/gthulhu/templates/NOTES.txt @@ -1,37 +1,37 @@ 1. Gthulhu has been deployed to your Kubernetes cluster! -{{- if .Values.scheduler.enabled }} +{{- if .Values.pod.enabled }} ** Gthulhu Scheduler ** The BPF scheduler is running as a DaemonSet on all nodes. You can check the scheduler status with: - kubectl get daemonset {{ include "gthulhu.fullname" . }}-scheduler -n {{ .Release.Namespace }} - kubectl logs -l app.kubernetes.io/component=scheduler -n {{ .Release.Namespace }} + kubectl get daemonset {{ include "gthulhu.fullname" . }} -n {{ .Release.Namespace }} + kubectl logs -l app.kubernetes.io/name={{ include "gthulhu.name" . }} -c gthulhu-scheduler -n {{ .Release.Namespace }} {{- end }} -{{- if .Values.api.enabled }} +{{- if .Values.pod.api.enabled }} ** BSS Metrics API Server ** -{{- if .Values.api.ingress.enabled }} -{{- range $host := .Values.api.ingress.hosts }} +{{- if .Values.ingress.enabled }} +{{- range $host := .Values.ingress.hosts }} {{- range .paths }} - http{{ if $.Values.api.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }} + http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }} {{- end }} {{- end }} -{{- else if contains "NodePort" .Values.api.service.type }} +{{- else if and .Values.service.enabled (contains "NodePort" .Values.service.type) }} export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "gthulhu.fullname" . }}-api) export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") echo http://$NODE_IP:$NODE_PORT -{{- else if contains "LoadBalancer" .Values.api.service.type }} +{{- else if and .Values.service.enabled (contains "LoadBalancer" .Values.service.type) }} NOTE: It may take a few minutes for the LoadBalancer IP to be available. You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "gthulhu.fullname" . }}-api' export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "gthulhu.fullname" . }}-api --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") - echo http://$SERVICE_IP:\{\{ .Values.api.service.port }} -{{- else if contains "ClusterIP" .Values.api.service.type }} - export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/component=api,app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") - export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}") + echo http://$SERVICE_IP:{{ .Values.service.port }} +{{- else if and .Values.service.enabled (contains "ClusterIP" .Values.service.type) }} + export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "gthulhu.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") + export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[1].ports[0].containerPort}") echo "Visit http://127.0.0.1:8080 to use your application" kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT {{- end }} diff --git a/gthulhu/templates/hpa.yaml b/gthulhu/templates/hpa.yaml index d728d05..d60ff2f 100644 --- a/gthulhu/templates/hpa.yaml +++ b/gthulhu/templates/hpa.yaml @@ -1,25 +1,24 @@ -{{- if and .Values.api.enabled .Values.api.autoscaling.enabled }} +{{- if .Values.autoscaling.enabled }} apiVersion: autoscaling/v2 kind: HorizontalPodAutoscaler metadata: - name: {{ include "gthulhu.fullname" . }}-api + name: {{ include "gthulhu.fullname" . }} labels: {{- include "gthulhu.labels" . | nindent 4 }} - app.kubernetes.io/component: api spec: scaleTargetRef: apiVersion: apps/v1 - kind: Deployment - name: {{ include "gthulhu.fullname" . }}-api - minReplicas: {{ .Values.api.autoscaling.minReplicas }} - maxReplicas: {{ .Values.api.autoscaling.maxReplicas }} + kind: DaemonSet + name: {{ include "gthulhu.fullname" . }} + minReplicas: {{ .Values.autoscaling.minReplicas }} + maxReplicas: {{ .Values.autoscaling.maxReplicas }} metrics: - {{- if .Values.api.autoscaling.targetCPUUtilizationPercentage }} + {{- if .Values.autoscaling.targetCPUUtilizationPercentage }} - type: Resource resource: name: cpu target: type: Utilization - averageUtilization: {{ .Values.api.autoscaling.targetCPUUtilizationPercentage }} + averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} {{- end }} {{- end }} diff --git a/gthulhu/templates/ingress.yaml b/gthulhu/templates/ingress.yaml index 57acef0..6b48719 100644 --- a/gthulhu/templates/ingress.yaml +++ b/gthulhu/templates/ingress.yaml @@ -1,9 +1,9 @@ -{{- if and .Values.api.enabled .Values.api.ingress.enabled -}} +{{- if .Values.ingress.enabled -}} {{- $fullName := include "gthulhu.fullname" . -}} -{{- $svcPort := .Values.api.service.port -}} -{{- if and .Values.api.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }} - {{- if not (hasKey .Values.api.ingress.annotations "kubernetes.io/ingress.class") }} - {{- $_ := set .Values.api.ingress.annotations "kubernetes.io/ingress.class" .Values.api.ingress.className}} +{{- $svcPort := .Values.service.port -}} +{{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }} + {{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }} + {{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.className}} {{- end }} {{- end }} {{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}} @@ -19,17 +19,17 @@ metadata: labels: {{- include "gthulhu.labels" . | nindent 4 }} app.kubernetes.io/component: api - {{- with .Values.api.ingress.annotations }} + {{- with .Values.ingress.annotations }} annotations: {{- toYaml . | nindent 4 }} {{- end }} spec: - {{- if and .Values.api.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }} - ingressClassName: {{ .Values.api.ingress.className }} + {{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }} + ingressClassName: {{ .Values.ingress.className }} {{- end }} - {{- if .Values.api.ingress.tls }} + {{- if .Values.ingress.tls }} tls: - {{- range .Values.api.ingress.tls }} + {{- range .Values.ingress.tls }} - hosts: {{- range .hosts }} - {{ . | quote }} @@ -38,7 +38,7 @@ spec: {{- end }} {{- end }} rules: - {{- range .Values.api.ingress.hosts }} + {{- range .Values.ingress.hosts }} - host: {{ .host | quote }} http: paths: diff --git a/gthulhu/templates/rbac.yaml b/gthulhu/templates/rbac.yaml index 32e421a..5605f91 100644 --- a/gthulhu/templates/rbac.yaml +++ b/gthulhu/templates/rbac.yaml @@ -1,47 +1,10 @@ -{{- if .Values.scheduler.enabled }} +{{- if .Values.pod.enabled }} apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - name: {{ include "gthulhu.fullname" . }}-scheduler + name: {{ include "gthulhu.fullname" . }} labels: {{- include "gthulhu.labels" . | nindent 4 }} - app.kubernetes.io/component: scheduler -rules: - - apiGroups: [""] - resources: ["nodes"] - verbs: ["get", "list", "watch"] - - apiGroups: [""] - resources: ["pods"] - verbs: ["get", "list", "watch"] - - apiGroups: ["metrics.k8s.io"] - resources: ["nodes", "pods"] - verbs: ["get", "list"] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ include "gthulhu.fullname" . }}-scheduler - labels: - {{- include "gthulhu.labels" . | nindent 4 }} - app.kubernetes.io/component: scheduler -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ include "gthulhu.fullname" . }}-scheduler -subjects: - - kind: ServiceAccount - name: {{ include "gthulhu.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} -{{- end }} -{{- if .Values.api.enabled }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ include "gthulhu.fullname" . }}-api - labels: - {{- include "gthulhu.labels" . | nindent 4 }} - app.kubernetes.io/component: api rules: - apiGroups: [""] resources: ["nodes"] @@ -49,27 +12,28 @@ rules: - apiGroups: [""] resources: ["pods"] verbs: ["get", "list", "watch"] + {{- if .Values.pod.api.enabled }} - apiGroups: [""] resources: ["namespaces"] verbs: ["get", "list", "watch"] - - apiGroups: ["metrics.k8s.io"] - resources: ["nodes", "pods"] - verbs: ["get", "list"] - apiGroups: ["apps"] resources: ["deployments", "daemonsets", "replicasets"] verbs: ["get", "list", "watch"] + {{- end }} + - apiGroups: ["metrics.k8s.io"] + resources: ["nodes", "pods"] + verbs: ["get", "list"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - name: {{ include "gthulhu.fullname" . }}-api + name: {{ include "gthulhu.fullname" . }} labels: {{- include "gthulhu.labels" . | nindent 4 }} - app.kubernetes.io/component: api roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole - name: {{ include "gthulhu.fullname" . }}-api + name: {{ include "gthulhu.fullname" . }} subjects: - kind: ServiceAccount name: {{ include "gthulhu.serviceAccountName" . }} diff --git a/gthulhu/templates/servicemonitor.yaml b/gthulhu/templates/servicemonitor.yaml index a7c99fa..22cedcd 100644 --- a/gthulhu/templates/servicemonitor.yaml +++ b/gthulhu/templates/servicemonitor.yaml @@ -1,4 +1,4 @@ -{{- if and .Values.api.enabled .Values.monitoring.enabled .Values.monitoring.serviceMonitor.enabled }} +{{- if and .Values.service.enabled .Values.monitoring.enabled .Values.monitoring.serviceMonitor.enabled }} apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: @@ -13,7 +13,6 @@ spec: selector: matchLabels: {{- include "gthulhu.selectorLabels" . | nindent 6 }} - app.kubernetes.io/component: api endpoints: - port: http path: {{ .Values.monitoring.path }} diff --git a/gthulhu/templates/tests/test-connection.yaml b/gthulhu/templates/tests/test-connection.yaml index 6b689fc..d4f89ae 100644 --- a/gthulhu/templates/tests/test-connection.yaml +++ b/gthulhu/templates/tests/test-connection.yaml @@ -1,4 +1,4 @@ -{{- if .Values.api.enabled }} +{{- if .Values.service.enabled }} apiVersion: v1 kind: Pod metadata: @@ -12,6 +12,6 @@ spec: - name: wget image: busybox command: ['wget'] - args: ['{{ include "gthulhu.fullname" . }}-api:{{ .Values.api.service.port }}/health'] + args: ['{{ include "gthulhu.fullname" . }}-api:{{ .Values.service.port }}/health'] restartPolicy: Never {{- end }}