chore: update common chart

janhq · Dec 26, 2024 · e9d0ed0 · e9d0ed0
1 parent 7723b0e
commit e9d0ed0
Show file tree

Hide file tree

Showing 14 changed files with 294 additions and 280 deletions.
diff --git a/charts/common/Chart.yaml b/charts/common/Chart.yaml
@@ -15,7 +15,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.1.3
+version: 0.1.4
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to

diff --git a/charts/common/templates/_helpers.tpl b/charts/common/templates/_helpers.tpl
@@ -61,12 +61,22 @@ Create the name of the service account to use
 {{- end }}
 
 {{/*
-Create the name of the external secret to use
+define inject annotation
 */}}
-{{- define "common.externalSecretName" -}}
-{{- if $.Values.externalSecret.create }}
-{{- default (include "common.fullname" .) $.Values.externalSecret.name }}
-{{- else }}
-{{- default "default" $.Values.externalSecret.name }}
+{{- define "common.injectAnnotation" -}}
+{{- if eq $.Values.instrumentation.type "java" }}
+instrumentation.opentelemetry.io/inject-java: "true"
+{{- end }}
+{{- if eq $.Values.instrumentation.type  "dotnet" }}
+instrumentation.opentelemetry.io/inject-dotnet: "true"
+{{- end }}
+{{- if eq $.Values.instrumentation.type "go" }}
+instrumentation.opentelemetry.io/inject-go: "true"
+{{- end }}
+{{- if eq $.Values.instrumentation.type "nodejs" }}
+instrumentation.opentelemetry.io/inject-nodejs: "true"
+{{- end }}
+{{- if eq $.Values.instrumentation.type "python" }}
+instrumentation.opentelemetry.io/inject-python: "true"
 {{- end }}
 {{- end }}
diff --git a/charts/common/templates/deployment.yaml b/charts/common/templates/deployment.yaml
@@ -3,16 +3,14 @@
 {{- $labels := include "common.labels" . -}}
 {{- $selectorLabels := include "common.selectorLabels" . -}}
 {{- $serviceAccountName := include "common.serviceAccountName" . -}}
-{{- $externalSecretName := include "common.externalSecretName" . -}}
-
+{{- $injectAnnotation := include "common.injectAnnotation" . -}}
 {{- $imagePullSecrets := .Values.imagePullSecrets -}}
-{{- $externalSecret := .Values.externalSecret -}}
 {{- $imageTag := .Values.imageTag -}}
 {{- $chartName := .Chart.Name -}}
 {{- $chartAppVersion := .Chart.AppVersion -}}
 
 {{- range $key, $value := .Values.workloads }}
-
+---
 apiVersion: argoproj.io/v1alpha1
 kind: Rollout
 metadata:
@@ -34,29 +32,42 @@ spec:
       app.kubernetes.io/component: {{ $value.name }}
       {{- $selectorLabels | nindent 6 }}
   strategy:
-    {{- if hasKey $value.strategy "canary" }}
     canary:
       canaryService: {{ $fullname }}-service-preview-{{ $value.name }}
       steps:
       {{- toYaml $value.strategy.canary.steps | nindent 6 }}
-    {{- end}}
-    {{- if hasKey $value.strategy "recreate" }}
-    {{- with $value.strategy.recreate}}
-    recreate:
-      {{- toYaml . | nindent 6 }}
-    {{- end}}
-    {{- end}}
   template:
     metadata:
-      {{- with $value.podAnnotations }}
       annotations:
+        app.kubernetes.io/name: {{ $name }}-{{ $value.name }}
+      {{- with $value.podAnnotations }}
         {{- toYaml . | nindent 8 }}
       {{- end }}
+      {{- if $value.instrumentation.enabled }}
+        {{- if eq $value.instrumentation.type "java" }}
+        instrumentation.opentelemetry.io/inject-java: "true"
+        {{- end }}
+        {{- if eq $value.instrumentation.type  "dotnet" }}
+        instrumentation.opentelemetry.io/inject-dotnet: "true"
+        {{- end }}
+        {{- if eq $value.instrumentation.type "go" }}
+        instrumentation.opentelemetry.io/inject-go: "true"
+        {{- end }}
+        {{- if eq $value.instrumentation.type "nodejs" }}
+        instrumentation.opentelemetry.io/inject-nodejs: "true"
+        {{- end }}
+        {{- if eq $value.instrumentation.type "python" }}
+        instrumentation.opentelemetry.io/inject-python: "true"
+        {{- end }}
+      {{- end }}
       labels:
         app.kubernetes.io/name: {{ $name }}-{{ $value.name }}
         app.kubernetes.io/component: {{ $value.name }}
         {{- $selectorLabels | nindent 8 }}
     spec:
+      {{- if $value.priorityClassName }}
+      priorityClassName: {{ $value.priorityClassName }}
+      {{- end }}
       topologySpreadConstraints:
       - maxSkew: 1
         topologyKey: kubernetes.io/hostname
@@ -104,23 +115,29 @@ spec:
         {{- if $value.volumes }}
         {{- toYaml $value.volumes | nindent 8 }}
         {{- end }}
-        {{- if and ($externalSecret.extraVolumeMountsFromSecret) ($externalSecret.create) }}
-        - name: {{ $externalSecretName }}
+        {{- if and ($value.externalSecret.extraVolumeMountsFromSecret) ($value.externalSecret.create) }}
+        - name: {{ $value.externalSecret.name }}
           secret:
-            secretName: {{ $externalSecretName }}
+            secretName: {{ $value.externalSecret.name }}
         {{- end }}
       terminationGracePeriodSeconds: 120
       containers:
         - name: {{ $chartName }}
           {{- if $value.command }}
           command:
           {{- toYaml $value.command | nindent 10 }}
+          {{- end }}
+          {{- if $value.args }}
           args:
           {{- toYaml $value.args | nindent 10 }}
           {{- end }}
           securityContext:
             {{- toYaml $value.securityContext | nindent 12 }}
+          {{- if $value.image.imageTag }}
+          image: "{{ $value.image.repository }}:{{ $value.image.imageTag }}"
+          {{- else }}
           image: "{{ $value.image.repository }}:{{ $imageTag | default $chartAppVersion }}"
+          {{- end }}
           imagePullPolicy: {{ $value.image.pullPolicy }}
           {{- if $value.livenessProbe }}
           livenessProbe:
@@ -130,17 +147,22 @@ spec:
           readinessProbe:
             {{- toYaml $value.readinessProbe | nindent 12 }}
           {{- end }}
+          {{- if eq (kindOf $value.ports) "map" }}
           ports:
             - name: http
               containerPort: {{ $value.ports.containerPort }}
               protocol: TCP
+          {{- else}}
+          ports:
+            {{- toYaml $value.ports | nindent 12 }}
+          {{- end}}
           volumeMounts:
             {{- if $value.volumeMounts }}
             {{- toYaml $value.volumeMounts | nindent 12 }}
             {{- end }}
-            {{- if $externalSecret.create }}
-            {{- range $externalSecret.extraVolumeMountsFromSecret }}
-            - name: {{ $externalSecretName }}
+            {{- if $value.externalSecret.create }}
+            {{- range $value.externalSecret.extraVolumeMountsFromSecret }}
+            - name: {{ $value.externalSecret.name }}
               {{- range $key1, $value1 := . }}
                 {{- if ne $key1 "name"}}
                   {{- $key1 | nindent 14 }}: {{ $value1 }}
@@ -150,14 +172,22 @@ spec:
             {{- end }}
           resources:
             {{- toYaml $value.resources | nindent 12 }}
-          env:
+
           {{- if $value.env }}
+          env:
             {{- toYaml $value.env | nindent 12 }}
           {{- end }}
+
+          {{- if or $value.configMapName $value.externalSecret.create }}
           envFrom:
-          {{- if $externalSecret.create }}
+            {{- if $value.configMapName }}
+            - configMapRef:
+                name: {{ $value.configMapName }}
+            {{- end }}
+            {{- if $value.externalSecret.create }}
             - secretRef:
-                name: {{ $externalSecret.name }}
+                name: {{ $value.externalSecret.name }}
+            {{- end }}
           {{- end }}
       {{- with $value.nodeSelector }}
       nodeSelector:
@@ -167,5 +197,4 @@ spec:
       tolerations:
         {{- toYaml . | nindent 8 }}
       {{- end }}
----
 {{- end}}
diff --git a/charts/common/templates/external-secret.yaml b/charts/common/templates/external-secret.yaml
@@ -1,103 +1,76 @@
-{{- if .Values.externalSecret.create -}}
+{{- $labels := include "common.labels" . -}}
 
-{{- if eq .Values.externalSecret.backendType "azureKeyVaults" }}
-apiVersion: secrets-store.csi.x-k8s.io/v1
-kind: SecretProviderClass
-metadata:
-  name: {{ include "common.externalSecretName" . }}
-  labels:
-    {{- include "common.labels" . | nindent 4 }}
-  {{- with .Values.externalSecret.annotations }}
-  annotations:
-    {{- toYaml . | nindent 4 }}
-  {{- end }}
-spec:
-  provider: azure
-  parameters:
-    usePodIdentity: "false"
-    useVMManagedIdentity: "true"          # Set to true for using managed identity
-    userAssignedIdentityID: {{ .Values.externalSecret.userAssignedIdentityID }}
-    keyvaultName: {{ .Values.externalSecret.keyvaultName }}      # Set to the name of your key vault
-    cloudName: ""                         # [OPTIONAL for Azure] if not provided, the Azure environment defaults to AzurePublicCloud
-    objects: |
-      array:
-{{- range $key, $value := .Values.externalSecret.data }}
-        - |
-          objectName: {{ $value.objectName }}
-          objectType: secret              # object types: secret, key, or cert
-          objectVersion: ""               # [OPTIONAL] object versions, default to latest if empty
-{{- end}}
-    tenantId: {{ .Values.externalSecret.tenantId }}                # The tenant ID of the key vault
-  secretObjects:                              # [OPTIONAL] SecretObjects defines the desired state of synced Kubernetes secret objects
-  - data:
-{{- range $key, $value := .Values.externalSecret.data }}
-    - key: {{ $value.key }}                         # data field to populate
-      objectName: {{ $value.objectName }}                      # name of the mounted content to sync; this could be the object name or the object alias
-{{- end}}
-    secretName: {{ .Values.externalSecret.name }}                     # name of the Kubernetes secret object
-    type: Opaque 
-
-{{- end }}
+{{- range $key, $value := .Values.workloads }}
 
-{{- if eq .Values.externalSecret.backendType "secretsManager" }}
+{{- if $value.externalSecret.create -}}
+
+{{- if eq $value.externalSecret.backendType "secretsManager" }}
 apiVersion: "kubernetes-client.io/v1"
 kind: ExternalSecret
 metadata:
-  name: {{ include "common.externalSecretName" . }}
+  name: {{ $value.externalSecret.name }}
   labels:
-    {{- include "common.labels" . | nindent 4 }}
-  {{- with .Values.externalSecret.annotations }}
+    {{- $labels | nindent 4 }}
+  {{- with $value.externalSecret.annotations }}
   annotations:
     {{- toYaml . | nindent 4 }}
   {{- end }}
 spec:
-  backendType: {{ .Values.externalSecret.backendType }}
-  {{- if .Values.externalSecret.roleArn }}
-  roleArn: {{ .Values.externalSecret.roleArn }}
+  backendType: {{ $value.externalSecret.backendType }}
+  {{- if $value.externalSecret.roleArn }}
+  roleArn: {{ $value.externalSecret.roleArn }}
   {{- end }}
-  {{- if .Values.externalSecret.controllerId }}
-  controllerId: {{ .Values.externalSecret.controllerId }}
+  {{- if $value.externalSecret.controllerId }}
+  controllerId: {{ $value.externalSecret.controllerId }}
   {{- end }}
-  {{- if .Values.externalSecret.region }}
-  region: {{ .Values.externalSecret.region }}
+  {{- if $value.externalSecret.region }}
+  region: {{ $value.externalSecret.region }}
   {{- end }}
-  {{- with .Values.externalSecret.data }}
+  {{- with $value.externalSecret.data }}
   data:
     {{- toYaml . | nindent 4 }}
   {{- end }}
-  {{- with .Values.externalSecret.dataFrom }}
+  {{- with $value.externalSecret.dataFrom }}
   dataFrom:
     {{- toYaml . | nindent 4 }}
   {{- end }}
-  {{- with .Values.externalSecret.template }}
+  {{- with $value.externalSecret.template }}
   template:
     {{- toYaml . | nindent 4 }}
   {{- end }}
 {{- end }}
 
-{{- if eq .Values.externalSecret.backendType "vaults" }}
+{{- if eq $value.externalSecret.backendType "vaults" }}
 apiVersion: external-secrets.io/v1beta1
 kind: ExternalSecret
 metadata:
-  name: {{ include "common.externalSecretName" . }}
+  name: {{ $value.externalSecret.name }}
   labels:
-    {{- include "common.labels" . | nindent 4 }}
-  {{- with .Values.externalSecret.annotations }}
+    {{- $labels | nindent 4 }}
+  {{- with $value.externalSecret.annotations }}
   annotations:
     {{- toYaml . | nindent 4 }}
   {{- end }}
 spec:
   refreshInterval: 15s
   secretStoreRef:
-    name: vault-secret-manager
-    kind: ClusterSecretStore
+    name: {{ $value.externalSecret.secretStoreRefName }}
+    kind: {{ $value.externalSecret.secretStoreRefKind }}
   target:
-    name: {{ .Values.externalSecret.name }}
+    name: {{ $value.externalSecret.name }}
     creationPolicy: Owner
+  {{- with $value.externalSecret.data }}
+  data:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  {{- with $value.externalSecret.dataFrom }}
   dataFrom:
-  - extract:
-      key: {{ .Values.externalSecret.dataFrom }}
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
 
 {{- end }}
 
 {{- end }}
+
+---
+{{- end }}