From ec82c66c70b58165103b083d9e467fd409271c29 Mon Sep 17 00:00:00 2001 From: "maximilian.schubert@telekom.de" Date: Mon, 4 Dec 2023 18:16:03 +0100 Subject: [PATCH] ci: fix config, add env, add proxy np, pre-commit helm --- .pre-commit-config.yaml | 7 +++ chart/README.md | 25 ++++------ chart/templates/configmap.yaml | 30 +++++++----- chart/templates/deployment.yaml | 7 +++ chart/templates/networkpolicy.yaml | 19 ++++++++ chart/values.yaml | 75 +++++++++++++++++------------- 6 files changed, 102 insertions(+), 61 deletions(-) create mode 100644 .pre-commit-config.yaml create mode 100644 chart/templates/networkpolicy.yaml diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml new file mode 100644 index 00000000..501eac9d --- /dev/null +++ b/.pre-commit-config.yaml @@ -0,0 +1,7 @@ +repos: + - repo: https://github.com/norwoodj/helm-docs + rev: "v1.11.3" + hooks: + - id: helm-docs + args: + - --chart-search-root=chart diff --git a/chart/README.md b/chart/README.md index f090b529..9e983f1c 100644 --- a/chart/README.md +++ b/chart/README.md @@ -20,12 +20,12 @@ A Helm chart to install Sparrow | Key | Type | Default | Description | |-----|------|---------|-------------| | affinity | object | `{}` | | -| extraArgs.loaderFilePath | string | `"/runconfig/checks.yaml"` | | -| extraArgs.loaderType | string | `"file"` | | +| env | object | `{}` | | +| extraArgs | object | `{"loaderFilePath":"/runconfig/checks.yaml","loaderType":"file"}` | extra command line start parameters see: https://github.com/caas-team/sparrow/blob/main/docs/sparrow_run.md | | fullnameOverride | string | `""` | | | image.pullPolicy | string | `"IfNotPresent"` | | | image.repository | string | `"ghcr.io/caas-team/sparrow"` | | -| image.tag | string | `""` | | +| image.tag | string | `""` | Overrides the image tag whose default is the chart appVersion. | | imagePullSecrets | list | `[]` | | | ingress.annotations | object | `{}` | | | ingress.className | string | `""` | | @@ -35,6 +35,7 @@ A Helm chart to install Sparrow | ingress.hosts[0].paths[0].pathType | string | `"ImplementationSpecific"` | | | ingress.tls | list | `[]` | | | nameOverride | string | `""` | | +| networkPolicies | object | `{"proxy":{"enabled":false}}` | define a network policy that will open egress traffic to a proxy | | nodeSelector | object | `{}` | | | podAnnotations | object | `{}` | | | podLabels | object | `{}` | | @@ -42,15 +43,7 @@ A Helm chart to install Sparrow | podSecurityContext.supplementalGroups[0] | int | `1000` | | | replicaCount | int | `1` | | | resources | object | `{}` | | -| runtimeConfig.enabled | bool | `true` | | -| runtimeConfig.healthEndpoint | bool | `false` | | -| runtimeConfig.latency.enabled | bool | `true` | | -| runtimeConfig.latency.interval | int | `1` | | -| runtimeConfig.latency.retry.count | int | `3` | | -| runtimeConfig.latency.retry.delay | int | `1` | | -| runtimeConfig.latency.timeout | int | `3` | | -| runtimeConfig.targets[0] | string | `"https://www.example.com/"` | | -| runtimeConfig.targets[1] | string | `"https://www.google.com/"` | | +| runtimeConfig | object | `{"health":{"enabled":true,"healthEndpoint":false,"targets":["https://www.example.com/","https://www.google.com/"]}}` | runtime configuration of the Sparrow see: https://github.com/caas-team/sparrow#runtime | | securityContext.allowPrivilegeEscalation | bool | `false` | | | securityContext.capabilities.drop[0] | string | `"ALL"` | | | securityContext.privileged | bool | `false` | | @@ -59,10 +52,10 @@ A Helm chart to install Sparrow | securityContext.runAsUser | int | `1000` | | | service.port | int | `8080` | | | service.type | string | `"ClusterIP"` | | -| serviceAccount.annotations | object | `{}` | | -| serviceAccount.automount | bool | `true` | | -| serviceAccount.create | bool | `true` | | -| serviceAccount.name | string | `""` | | +| serviceAccount.annotations | object | `{}` | Annotations to add to the service account | +| serviceAccount.automount | bool | `true` | Automatically mount a ServiceAccount's API credentials? | +| serviceAccount.create | bool | `true` | Specifies whether a service account should be created | +| serviceAccount.name | string | `""` | The name of the service account to use. If not set and create is true, a name is generated using the fullname template | | tolerations | list | `[]` | | ---------------------------------------------- diff --git a/chart/templates/configmap.yaml b/chart/templates/configmap.yaml index a114293e..ff03e768 100644 --- a/chart/templates/configmap.yaml +++ b/chart/templates/configmap.yaml @@ -10,20 +10,26 @@ data: apiVersion: 0.0.1 kind: Config checks: + {{- if .Values.runtimeConfig.health}} health: - enabled: {{ .Values.runtimeConfig.enabled }} + enabled: {{ .Values.runtimeConfig.health.enabled }} targets: - {{- with .Values.runtimeConfig.targets }} - {{- toYaml . | nindent 10 }} + {{- with .Values.runtimeConfig.health.targets }} + {{- toYaml . | nindent 10 }} {{- end }} - healthEndpoint: {{ .Values.runtimeConfig.healthEndpoint }} - {{- if .Values.runtimeConfig.latency.enabled}} - latency: - enabled: true - interval: {{ .Values.runtimeConfig.latency.interval | default 1 }} - timeout: {{ .Values.runtimeConfig.latency.timeout | default 3 }} - retry: - count: {{ .Values.runtimeConfig.latency.retry.count | default 3 }} - delay: {{ .Values.runtimeConfig.latency.retry.delay | default 1 }} + healthEndpoint: {{ .Values.runtimeConfig.health.healthEndpoint }} + {{- end }} + {{- if .Values.runtimeConfig.latency }} + latency: + enabled: true + interval: {{ .Values.runtimeConfig.latency.interval | default 1 }} + timeout: {{ .Values.runtimeConfig.latency.timeout | default 3 }} + retry: + count: {{ .Values.runtimeConfig.latency.retry.count | default 3 }} + delay: {{ .Values.runtimeConfig.latency.retry.delay | default 1 }} + targets: + {{- with .Values.runtimeConfig.latency.targets }} + {{- toYaml . | nindent 10 }} {{- end }} + {{- end }} {{- end }} diff --git a/chart/templates/deployment.yaml b/chart/templates/deployment.yaml index a6577373..0fb7df1c 100644 --- a/chart/templates/deployment.yaml +++ b/chart/templates/deployment.yaml @@ -41,6 +41,13 @@ spec: - --{{ $key }} - {{ $value }} {{- end }} + {{- if .Values.env }} + env: + {{- range $key, $val := .Values.env }} + - name: {{ $key }} + value: {{ $val | quote }} + {{- end }} + {{- end }} name: {{ .Chart.Name }} securityContext: {{- toYaml .Values.securityContext | nindent 12 }} diff --git a/chart/templates/networkpolicy.yaml b/chart/templates/networkpolicy.yaml new file mode 100644 index 00000000..a587008e --- /dev/null +++ b/chart/templates/networkpolicy.yaml @@ -0,0 +1,19 @@ +{{- if .Values.networkPolicies.proxy.enabled }} +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: {{ include "sparrow.fullname" . }}-proxy-np + labels: + {{- include "sparrow.labels" . | nindent 4 }} +spec: + egress: + - ports: + - port: {{ .Values.networkPolicies.proxy.port }} + protocol: TCP + to: + - ipBlock: + cidr: {{ .Values.networkPolicies.proxy.ip }}/32 + podSelector: {} + policyTypes: + - Egress +{{- end }} \ No newline at end of file diff --git a/chart/values.yaml b/chart/values.yaml index f5d81512..c496fb2f 100644 --- a/chart/values.yaml +++ b/chart/values.yaml @@ -7,7 +7,7 @@ replicaCount: 1 image: repository: ghcr.io/caas-team/sparrow pullPolicy: IfNotPresent - # Overrides the image tag whose default is the chart appVersion. + # -- Overrides the image tag whose default is the chart appVersion. tag: "" imagePullSecrets: [] @@ -15,13 +15,13 @@ nameOverride: "" fullnameOverride: "" serviceAccount: - # Specifies whether a service account should be created + # -- Specifies whether a service account should be created create: true - # Automatically mount a ServiceAccount's API credentials? + # -- Automatically mount a ServiceAccount's API credentials? automount: true - # Annotations to add to the service account + # -- Annotations to add to the service account annotations: {} - # The name of the service account to use. + # -- The name of the service account to use. # If not set and create is true, a name is generated using the fullname template name: "" @@ -31,13 +31,13 @@ podLabels: {} podSecurityContext: fsGroup: 1000 supplementalGroups: - - 1000 + - 1000 securityContext: allowPrivilegeEscalation: false capabilities: drop: - - ALL + - ALL privileged: false readOnlyRootFilesystem: true runAsUser: 1000 @@ -50,7 +50,8 @@ service: ingress: enabled: false className: "" - annotations: {} + annotations: + {} # kubernetes.io/ingress.class: nginx # kubernetes.io/tls-acme: "true" hosts: @@ -63,6 +64,20 @@ ingress: # hosts: # - chart-example.local +env: + {} + # HTTP_PROXY: + # HTTPS_PROXY: + # NO_PROXY: + +# -- define a network policy that will +# open egress traffic to a proxy +networkPolicies: + proxy: + enabled: false + # ip: 1.2.3.4 + # port: 8080 + resources: {} # resources: # limits: @@ -78,37 +93,31 @@ tolerations: [] affinity: {} -# extra command line start parameters +# -- extra command line start parameters # see: https://github.com/caas-team/sparrow/blob/main/docs/sparrow_run.md extraArgs: loaderFilePath: /runconfig/checks.yaml loaderType: file -# startup configuration of the Sparrow +# -- startup configuration of the Sparrow # see: https://github.com/caas-team/sparrow/blob/main/docs/sparrow_run.md -#startupConfig: - #apiAddress: - #loaderFilePath: /runconfig/checks.yaml - #loaderHttpRetryCount: - #loaderHttpRetryDelay: - #loaderHttpTimeout: - #loaderHttpToken: - #loaderHttpUrl: - #loaderInterval: - #loaderType: file - -# runtime configuration of the Sparrow +# startupConfig: +# apiAddress: +# loaderFilePath: /runconfig/checks.yaml +# loaderHttpRetryCount: +# loaderHttpRetryDelay: +# loaderHttpTimeout: +# loaderHttpToken: +# loaderHttpUrl: +# loaderInterval: +# loaderType: http | file + +# -- runtime configuration of the Sparrow # see: https://github.com/caas-team/sparrow#runtime runtimeConfig: - enabled: true - healthEndpoint: false - latency: + health: enabled: true - interval: 1 - timeout: 3 - retry: - count: 3 - delay: 1 - targets: - - "https://www.example.com/" - - "https://www.google.com/" + targets: + - "https://www.example.com/" + - "https://www.google.com/" + healthEndpoint: false