Helm chart refactoring (#963)

Co-authored-by: mazay <[email protected]>
mazay · Nov 2, 2024 · fec0a83 · fec0a83
1 parent 0f1cae6
commit fec0a83
Show file tree

Hide file tree

Showing 14 changed files with 109 additions and 68 deletions.
diff --git a/charts/s3sync-service/.helmignore b/charts/s3sync-service/.helmignore
@@ -22,3 +22,5 @@ docs-template.md
 .idea/
 *.tmproj
 .vscode/
+# CI values
+ci/*
diff --git a/charts/s3sync-service/ci/no-rbac.yaml b/charts/s3sync-service/ci/no-rbac.yaml
@@ -0,0 +1 @@
+createRbac: false
diff --git a/charts/s3sync-service/ci/secret-custom.yaml b/charts/s3sync-service/ci/secret-custom.yaml
@@ -0,0 +1,4 @@
+secret:
+  name: s3sync-credentials
+  AWS_ACCESS_KEY_ID: AKIAI44QH8DHBEXAMPLE
+  AWS_SECRET_ACCESS_KEY: je7MtGbClwBF/2Zp9Utk/h3yCo8nvbEXAMPLEKEY
diff --git a/charts/s3sync-service/ci/secret.yaml b/charts/s3sync-service/ci/secret.yaml
@@ -0,0 +1,3 @@
+secret:
+  AWS_ACCESS_KEY_ID: AKIAI44QH8DHBEXAMPLE
+  AWS_SECRET_ACCESS_KEY: je7MtGbClwBF/2Zp9Utk/h3yCo8nvbEXAMPLEKEY
diff --git a/charts/s3sync-service/templates/_helpers.tpl b/charts/s3sync-service/templates/_helpers.tpl
@@ -0,0 +1,29 @@
+{{- define "s3sync.fullname"}}
+{{- .Values.fullnameOverride | default .Release.Name -}}
+{{- end -}}
+
+{{- define "s3sync.configmapName" -}}
+{{- .Values.configmap.name | default (include "s3sync.fullname" .) -}}
+{{- end -}}
+
+{{- define "s3sync.serviceAccountName" -}}
+{{- .Values.serviceAccountName | default (include "s3sync.fullname" .) -}}
+{{- end -}}
+
+{{- define "s3sync.labels" -}}
+app: {{ include "s3sync.fullname" . | quote }}
+{{- if .Values.labels -}}
+{{ toYaml .Values.labels }}
+{{- end -}}
+{{- end -}}
+
+{{- define "s3sync.podAnnotations" -}}
+{{- if .Values.podAnnotations -}}
+{{ toYaml .Values.podAnnotations }}
+{{- end -}}
+{{- if .Values.prometheusExporter.enable -}}
+prometheus.io/path: {{ .Values.prometheusExporter.path | quote }}
+prometheus.io/port: {{ .Values.prometheusExporter.port | quote }}
+prometheus.io/scrape: "true"
+{{- end -}}
+{{- end -}}
diff --git a/charts/s3sync-service/templates/configmap.yaml b/charts/s3sync-service/templates/configmap.yaml
@@ -1,10 +1,10 @@
+---
 apiVersion: v1
 kind: ConfigMap
 metadata:
+  name: {{ include "s3sync.fullname" . }}
   labels:
-    app: {{ .Release.Name }}
-  name: {{ .Release.Name }}
-  namespace: {{ .Release.Namespace }}
+    {{- include "s3sync.labels" . | nindent 4 }}
 data:
   config.yml: |-
   {{- if .Values.config.access_key }}

diff --git a/charts/s3sync-service/templates/deployment.yaml b/charts/s3sync-service/templates/deployment.yaml
@@ -1,34 +1,25 @@
+---
 apiVersion: apps/v1
 kind: Deployment
 metadata:
-  name: {{ .Release.Name }}
-  namespace: {{ .Release.Namespace }}
+  name: {{ include "s3sync.fullname" . }}
+  labels:
+    {{- include "s3sync.labels" . | nindent 4 }}
 spec:
   replicas: 1
   selector:
     matchLabels:
-      app: s3sync-service
+      {{- include "s3sync.labels" . | nindent 6 }}
   template:
     metadata:
       labels:
-        app: s3sync-service
+        {{- include "s3sync.labels" . | nindent 8 }}
     {{- if or .Values.podAnnotations .Values.prometheusExporter.enable }}
       annotations:
-        {{- if .Values.prometheusExporter.enable }}
-        prometheus.io/path: {{ .Values.prometheusExporter.path | quote }}
-        prometheus.io/port: {{ .Values.prometheusExporter.port | quote }}
-        prometheus.io/scrape: "true"
-        {{- end }}
-      {{- range $key, $value := .Values.podAnnotations }}
-        {{ $key }}: {{ $value | quote }}
-      {{- end }}
+        {{- include "s3sync.podAnnotations" . | nindent 8 }}
     {{- end }}
     spec:
-    {{- if .Values.createRbac }}
-      serviceAccountName: {{ .Release.Name }}
-    {{- else if .Values.serviceAccountName }}
-      serviceAccountName: {{ .Values.serviceAccountName }}
-    {{- end }}
+      serviceAccountName: {{ include "s3sync.serviceAccountName" . }}
     {{- if .Values.imagePullSecrets }}
       imagePullSecrets: {{ toYaml .Values.imagePullSecrets | nindent 8 }}
     {{- end }}
@@ -46,13 +37,13 @@ spec:
       affinity: {{ toYaml .Values.affinity | nindent 8 }}
     {{- end }}
       containers:
-      - name: {{ .Release.Name }}
+      - name: "s3sync"
         image: {{ .Values.image.repository }}:{{- if .Values.image.tag }}{{ .Values.image.tag }}{{- else }}{{ .Chart.AppVersion }}{{- end }}
         imagePullPolicy: {{ .Values.image.pullPolicy }}
         command:
         - "./s3sync-service"
       {{- if .Values.configmap.watch }}
-        - "-configmap={{ .Release.Namespace }}/{{ .Release.Name }}"
+        - "-configmap={{ .Release.Namespace }}/{{ include "s3sync.configmapName" . }}"
       {{- else }}
         - "-config=/opt/s3sync-service/config.yml"
       {{- end }}
@@ -68,8 +59,8 @@ spec:
       {{- if or (and .Values.secret.AWS_ACCESS_KEY_ID .Values.secret.AWS_SECRET_ACCESS_KEY) .Values.secret.name }}
         envFrom:
         - secretRef:
-          {{- if and .Values.secret.AWS_ACCESS_KEY_ID .Values.secret.AWS_SECRET_ACCESS_KEY }}
-            name: {{ .Release.Name }}
+          {{- if and (and .Values.secret.AWS_ACCESS_KEY_ID .Values.secret.AWS_SECRET_ACCESS_KEY) (eq .Values.secret.name "") }}
+            name: {{ include "s3sync.fullname" . }}
           {{- else }}
             name: {{ .Values.secret.name }}
           {{- end }}
@@ -116,6 +107,6 @@ spec:
       - name: config-volume
         configMap:
           defaultMode: 420
-          name: {{ if .Values.configmap.name }}{{ .Values.configmap.name }}{{ else }}{{ .Release.Namespace }}/{{ .Release.Name }}{{ end }}
+          name: {{ include "s3sync.configmapName" . }}
     {{- end }}
     {{- end }}
diff --git a/charts/s3sync-service/templates/rbac.yaml b/charts/s3sync-service/templates/rbac.yaml
@@ -0,0 +1,42 @@
+{{- if .Values.createRbac }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ include "s3sync.fullname" . }}
+  labels:
+    {{- include "s3sync.labels" . | nindent 4 }}
+rules:
+  - apiGroups:
+      - ""
+    resources:
+      - configmaps
+    resourceNames:
+      - "{{ include "s3sync.fullname" . }}"
+    verbs:
+      - get
+      - list
+      - watch
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ include "s3sync.fullname" . }}
+  labels:
+    {{- include "s3sync.labels" . | nindent 4 }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ include "s3sync.fullname" . }}
+subjects:
+  - kind: ServiceAccount
+    name: {{ include "s3sync.fullname" . }}
+    namespace: {{ .Release.Namespace }}
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ include "s3sync.fullname" . }}
+  labels:
+    {{- include "s3sync.labels" . | nindent 4 }}
+{{- end }}
diff --git a/charts/s3sync-service/templates/role.yaml b/charts/s3sync-service/templates/role.yaml
diff --git a/charts/s3sync-service/templates/rolebinding.yaml b/charts/s3sync-service/templates/rolebinding.yaml
diff --git a/charts/s3sync-service/templates/secret.yaml b/charts/s3sync-service/templates/secret.yaml
@@ -1,9 +1,11 @@
-{{- if and .Values.secret.AWS_ACCESS_KEY_ID .Values.secret.AWS_SECRET_ACCESS_KEY }}
+{{- if and (and .Values.secret.AWS_ACCESS_KEY_ID .Values.secret.AWS_SECRET_ACCESS_KEY) (eq .Values.secret.name "") }}
+---
 apiVersion: v1
 kind: Secret
 metadata:
-  name: {{ .Release.Name }}
-  namespace: {{ .Release.Namespace }}
+  name: {{ include "s3sync.fullname" . }}
+  labels:
+    {{- include "s3sync.labels" . | nindent 4 }}
 type: Opaque
 data:
   AWS_ACCESS_KEY_ID: {{ b64enc .Values.secret.AWS_ACCESS_KEY_ID }}

diff --git a/charts/s3sync-service/templates/serviceaccount.yaml b/charts/s3sync-service/templates/serviceaccount.yaml
diff --git a/charts/s3sync-service/values.yaml b/charts/s3sync-service/values.yaml
@@ -18,6 +18,9 @@ serviceAccountName: ""
 # -- might be useful when using private registry
 imagePullSecrets: []
 
+# -- extra labels
+labels: {}
+
 # -- extra pod annotations
 podAnnotations: {}
 
@@ -68,6 +71,8 @@ prometheusExporter:
   path: /metrics
 
 configmap:
+  # -- configmap.name overrides the default configmap name
+  name: ""
   # -- enable the [configmap watch](k8s-integration.md) feature
   watch: true
 

diff --git a/docs/helm-charts.md b/docs/helm-charts.md
@@ -46,6 +46,7 @@ Kubernetes: `>=1.13.10-0`
 | config.upload_queue_buffer | int | `0` | the upload queue buffer, check the [documentation](configuration.md#global-configuration-options) for details |
 | config.upload_workers | int | `10` | number of the upload workers |
 | config.watch_interval | string | `"1s"` | [global](configuration.md#global-configuration-options) watch interval settings |
+| configmap.name | string | `""` | configmap.name overrides the default configmap name |
 | configmap.watch | bool | `true` | enable the [configmap watch](k8s-integration.md) feature |
 | createRbac | bool | `true` | set to false if you not planning on using configmap watch functionality or want to create RBAC objects manually |
 | httpServer.enable | bool | `true` | enable the s3sync-service [http service](http-server.md) |
@@ -54,6 +55,7 @@ Kubernetes: `>=1.13.10-0`
 | image.repository | string | `"ghcr.io/mazay/s3sync-service"` | docker repository, uses `quay.io` mirror by default |
 | image.tag | string | `""` | overrides the image tag whose default is the chart appVersion |
 | imagePullSecrets | list | `[]` | might be useful when using private registry |
+| labels | object | `{}` | extra labels |
 | nodeSelector | object | `{}` | [nodeSelector](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector) for the pod |
 | podAnnotations | object | `{}` | extra pod annotations |
 | podSecurityContext | object | `{"runAsNonRoot":true,"runAsUser":8888}` | the [pod security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) |