Skip to content

Commit

Permalink
Extend chart with some more configuration options (#4216)
Browse files Browse the repository at this point in the history 
Allow configuring containers security context, service account name and token auto mount from chart.

Signed-off-by: Lukas Hankeln <[email protected]>
  • Loading branch information
@lukashankeln
lukashankeln authored Jan 7, 2025
1 parent b4f88df commit c034fa4
Show file tree
Hide file tree
Showing 8 changed files with 95 additions and 1 deletion.
2 changes: 1 addition & 1 deletion charts/artifact-hub/Chart.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@ apiVersion: v2
name: artifact-hub
description: Artifact Hub is a web-based application that enables finding, installing, and publishing Cloud Native packages.
type: application
version: 1.21.0-1
version: 1.21.0-2
appVersion: 1.20.0
kubeVersion: ">= 1.19.0-0"
home: https://artifacthub.io
Expand Down
4 changes: 4 additions & 0 deletions charts/artifact-hub/templates/_helpers.tpl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -101,6 +101,10 @@ imagePullPolicy: {{ .Values.pullPolicy }}
resources:
{{- toYaml . | nindent 2 }}
{{- end }}
{{- with .Values.hub.deploy.initContainers.checkDbIsReady.securityContext }}
securityContext:
{{- toYaml . | nindent 2 }}
{{- end }}
env:
- name: PGHOST
value: {{ default (printf "%s-postgresql.%s" .Release.Name .Release.Namespace) .Values.db.host }}
Expand Down
6 changes: 6 additions & 0 deletions charts/artifact-hub/templates/db_migrator_job.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@ metadata:
{{- end }}
spec:
ttlSecondsAfterFinished: {{ .Values.dbMigrator.job.ttlSecondsAfterFinished }}
automountServiceAccountToken: {{ .Values.dbMigrator.job.automountServiceAccountToken }}
template:
metadata:
labels:
Expand All @@ -25,6 +26,7 @@ spec:
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
serviceAccountName: {{ .Values.dbMigrator.job.serviceAccountName }}
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
Expand All @@ -44,6 +46,10 @@ spec:
- name: db-migrator
image: {{ .Values.dbMigrator.job.image.repository }}:{{ .Values.imageTag | default (printf "v%s" .Chart.AppVersion) }}
imagePullPolicy: {{ .Values.pullPolicy }}
{{- with .Values.dbMigrator.job.containerSecurityContext }}
securityContext:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- with .Values.dbMigrator.job.resources }}
resources:
{{- toYaml . | nindent 12 }}
Expand Down
8 changes: 8 additions & 0 deletions charts/artifact-hub/templates/hub_deployment.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -56,12 +56,20 @@ spec:
resources:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- with .Values.hub.deploy.initContainers.checkDbMigrator.securityContext }}
securityContext:
{{- toYaml . | nindent 12 }}
{{- end }}
command: ['kubectl', 'wait', '--namespace={{ .Release.Namespace }}', '--for=condition=complete', 'job/{{ include "chart.resourceNamePrefix" . }}db-migrator-install', '--timeout=60s']
{{- end }}
containers:
- name: hub
image: {{ .Values.hub.deploy.image.repository }}:{{ .Values.imageTag | default (printf "v%s" .Chart.AppVersion) }}
imagePullPolicy: {{ .Values.pullPolicy }}
{{- with .Values.hub.deploy.containerSecurityContext }}
securityContext:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- if .Values.hub.server.cacheDir }}
env:
- name: XDG_CACHE_HOME
Expand Down
5 changes: 5 additions & 0 deletions charts/artifact-hub/templates/scanner_cronjob.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,7 @@ spec:
{{- toYaml . | nindent 12 }}
{{- end }}
spec:
serviceAccountName: {{ .Values.scanner.cronjob.serviceAccountName }}
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 12 }}
Expand All @@ -46,6 +47,10 @@ spec:
- name: scanner
image: {{ .Values.scanner.cronjob.image.repository }}:{{ .Values.imageTag | default (printf "v%s" .Chart.AppVersion) }}
imagePullPolicy: {{ .Values.pullPolicy }}
{{- with .Values.scanner.cronjob.containerSecurityContext }}
securityContext:
{{- toYaml . | nindent 16 }}
{{- end }}
{{- with .Values.scanner.cronjob.resources }}
resources:
{{- toYaml . | nindent 16 }}
Expand Down
5 changes: 5 additions & 0 deletions charts/artifact-hub/templates/tracker_cronjob.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,7 @@ spec:
{{- toYaml . | nindent 12 }}
{{- end }}
spec:
serviceAccountName: {{ .Values.tracker.cronjob.serviceAccountName }}
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 12 }}
Expand All @@ -45,6 +46,10 @@ spec:
- name: tracker
image: {{ .Values.tracker.cronjob.image.repository }}:{{ .Values.imageTag | default (printf "v%s" .Chart.AppVersion) }}
imagePullPolicy: {{ .Values.pullPolicy }}
{{- with .Values.tracker.cronjob.containerSecurityContext }}
securityContext:
{{- toYaml . | nindent 16 }}
{{- end }}
{{- with .Values.tracker.cronjob.resources }}
resources:
{{- toYaml . | nindent 16 }}
Expand Down
56 changes: 56 additions & 0 deletions charts/artifact-hub/values.schema.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -112,6 +112,12 @@
"default": {},
"$ref": "https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.19.0/_definitions.json#/definitions/io.k8s.api.core.v1.SecurityContext"
},
"containerSecurityContext": {
"title": "DB migrator container security context",
"type": "object",
"default": {},
"$ref": "https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.19.0/_definitions.json#/definitions/io.k8s.api.core.v1.SecurityContext"
},
"ttlSecondsAfterFinished": {
"title": "Lifetime after finished execution",
"description": "Limits the lifetime of the job after it has finished execution",
Expand All @@ -120,6 +126,16 @@
"null",
"integer"
]
},
"automountServiceAccountToken": {
"title": "Automount service account token",
"type": "boolean",
"default": true
},
"serviceAccountName": {
"title": "Service account name",
"type": "string",
"default": "default"
}
},
"required": [
Expand Down Expand Up @@ -332,6 +348,12 @@
"type": "object",
"default": {},
"$ref": "https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.19.0/_definitions.json#/definitions/io.k8s.api.core.v1.ResourceRequirements"
},
"securityContext": {
"title": "Check DB migrator pod security context",
"type": "object",
"default": {},
"$ref": "https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.19.0/_definitions.json#/definitions/io.k8s.api.core.v1.SecurityContext"
}
}
},
Expand All @@ -347,6 +369,12 @@
"type": "object",
"default": {},
"$ref": "https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.19.0/_definitions.json#/definitions/io.k8s.api.core.v1.ResourceRequirements"
},
"securityContext": {
"title": "Check DB readiness pod security context",
"type": "object",
"default": {},
"$ref": "https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.19.0/_definitions.json#/definitions/io.k8s.api.core.v1.SecurityContext"
}
}
}
Expand Down Expand Up @@ -392,6 +420,12 @@
"type": "object",
"default": {},
"$ref": "https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.19.0/_definitions.json#/definitions/io.k8s.api.core.v1.SecurityContext"
},
"containerSecurityContext": {
"title": "Hub container security context",
"type": "object",
"default": {},
"$ref": "https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.19.0/_definitions.json#/definitions/io.k8s.api.core.v1.SecurityContext"
}
},
"required": [
Expand Down Expand Up @@ -1042,6 +1076,17 @@
"type": "object",
"default": {},
"$ref": "https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.19.0/_definitions.json#/definitions/io.k8s.api.core.v1.SecurityContext"
},
"containerSecurityContext": {
"title": "Scanner container security context",
"type": "object",
"default": {},
"$ref": "https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.19.0/_definitions.json#/definitions/io.k8s.api.core.v1.SecurityContext"
},
"serviceAccountName": {
"title": "Service account name",
"type": "string",
"default": "default"
}
},
"required": [
Expand Down Expand Up @@ -1155,6 +1200,17 @@
"type": "object",
"default": {},
"$ref": "https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.19.0/_definitions.json#/definitions/io.k8s.api.core.v1.SecurityContext"
},
"containerSecurityContext": {
"title": "Scanner container security context",
"type": "object",
"default": {},
"$ref": "https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.19.0/_definitions.json#/definitions/io.k8s.api.core.v1.SecurityContext"
},
"serviceAccountName": {
"title": "Service account name",
"type": "string",
"default": "default"
}
},
"required": [
Expand Down
10 changes: 10 additions & 0 deletions charts/artifact-hub/values.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -92,7 +92,10 @@ dbMigrator:
extraPodLabels: {}
# Limits the lifetime of the job after it has finished execution
ttlSecondsAfterFinished: null
automountServiceAccountToken: true
serviceAccountName: default
securityContext: {}
containerSecurityContext: {}
resources: {}
# If you do want to specify resources, uncomment the following
# lines and adjust them as necessary.
Expand Down Expand Up @@ -141,6 +144,7 @@ hub:
# Hub image repository (without the tag)
repository: artifacthub/hub
securityContext: {}
containerSecurityContext: {}
resources: {}
# If you do want to specify resources, uncomment the following
# lines and adjust them as necessary.
Expand All @@ -164,6 +168,7 @@ hub:
# requests:
# cpu: 100m
# memory: 128Mi
securityContext: {}
checkDbIsReady:
resources: {}
# If you do want to specify resources, uncomment the following
Expand All @@ -174,6 +179,7 @@ hub:
# requests:
# cpu: 100m
# memory: 128Mi
securityContext: {}
# Optionally specify extra list of additional labels for the hub deployment
extraDeploymentLabels: {}
# Optionally specify extra list of additional labels for hub pods
Expand Down Expand Up @@ -313,6 +319,8 @@ scanner:
# Scanner image repository (without the tag)
repository: artifacthub/scanner
securityContext: {}
containerSecurityContext: {}
serviceAccountName: default
resources: {}
# If you do want to specify resources, uncomment the following
# lines and adjust them as necessary.
Expand Down Expand Up @@ -349,6 +357,8 @@ tracker:
# Tracker image repository (without the tag)
repository: artifacthub/tracker
securityContext: {}
containerSecurityContext: {}
serviceAccountName: default
resources: {}
# If you do want to specify resources, uncomment the following
# lines and adjust them as necessary.
Expand Down

0 comments on commit c034fa4

Please sign in to comment.