Skip to content

Commit

Permalink
helm: Add serviceAccounts, rbac, and small fixes
Browse files Browse the repository at this point in the history
  • Loading branch information
@jwitko
jwitko committed Feb 3, 2023
1 parent 7580248 commit 33818bf
Show file tree
Hide file tree
Showing 27 changed files with 517 additions and 14 deletions.
2 changes: 1 addition & 1 deletion helm/druid/Chart.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@ dependencies:
version: 8.6.4
repository: https://charts.helm.sh/stable
condition: postgresql.enabled
version: 0.3.2
version: 0.3.4
home: https://druid.apache.org/
icon: https://druid.apache.org/img/favicon.png
sources:
Expand Down
31 changes: 31 additions & 0 deletions helm/druid/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -96,10 +96,16 @@ The following table lists the configurable parameters of the Druid chart and the
| `configVars` | druid configuration variables for all components | `` |
| `gCloudStorage.enabled` | look for secret to set google cloud credentials | `false` |
| `gCloudStorage.secretName` | secretName to be mounted as google cloud credentials | `false` |
| `rbac.create` | Create roles and roleBindings for service Accounts | `true` |
| `broker.enabled` | enable broker | `true` |
| `broker.name` | broker component name | `broker` |
| `broker.replicaCount` | broker node replicas (deployment) | `1` |
| `broker.port` | port of broker component | `8082` |
| `broker.serviceAccount.create` | Create a service account for broker service | `true` |
| `broker.serviceAccount.name` | Service account name | `true` |
| `broker.serviceAccount.annotations` | Annotations applied to created service account | `true` |
| `broker.serviceAccount.labels` | Labels applied to created service account | `true` |
| `broker.serviceAccount.automountServiceAccountToken` | Automount API credentials for the Service Account | `true` |
| `broker.serviceType` | service type for service | `ClusterIP` |
| `broker.resources` | broker node resources requests & limits | `{}` |
| `broker.podAnnotations` | broker deployment annotations | `{}` |
Expand All @@ -117,6 +123,11 @@ The following table lists the configurable parameters of the Druid chart and the
| `coordinator.replicaCount` | coordinator node replicas (deployment) | `1` |
| `coordinator.port` | port of coordinator component | `8081` |
| `coordinator.serviceType` | service type for service | `ClusterIP` |
| `coordinator.serviceAccount.create` | Create a service account for coordinator service | `true` |
| `coordinator.serviceAccount.name` | Service account name | `true` |
| `coordinator.serviceAccount.annotations` | Annotations applied to created service account | `true` |
| `coordinator.serviceAccount.labels` | Labels applied to created service account | `true` |
| `coordinator.serviceAccount.automountServiceAccountToken` | Automount API credentials for the Service Account | `true` |
| `coordinator.resources` | coordinator node resources requests & limits | `{}` |
| `coordinator.podAnnotations` | coordinator Deployment annotations | `{}` |
| `coordinator.nodeSelector` | node labels for coordinator pod assignment | `{}` |
Expand All @@ -133,6 +144,11 @@ The following table lists the configurable parameters of the Druid chart and the
| `overlord.replicaCount` | overlord node replicas (deployment) | `1` |
| `overlord.port` | port of overlord component | `8081` |
| `overlord.serviceType` | service type for service | `ClusterIP` |
| `overlord.serviceAccount.create` | Create a service account for overlord service | `true` |
| `overlord.serviceAccount.name` | Service account name | `true` |
| `overlord.serviceAccount.annotations` | Annotations applied to created service account | `true` |
| `overlord.serviceAccount.labels` | Labels applied to created service account | `true` |
| `overlord.serviceAccount.automountServiceAccountToken` | Automount API credentials for the Service Account | `true` |
| `overlord.resources` | overlord node resources requests & limits | `{}` |
| `overlord.podAnnotations` | overlord Deployment annotations | `{}` |
| `overlord.nodeSelector` | node labels for overlord pod assignment | `{}` |
Expand All @@ -149,6 +165,11 @@ The following table lists the configurable parameters of the Druid chart and the
| `historical.replicaCount` | historical node replicas (statefulset) | `1` |
| `historical.port` | port of historical component | `8083` |
| `historical.serviceType` | service type for service | `ClusterIP` |
| `historical.serviceAccount.create` | Create a service account for historical service | `true` |
| `historical.serviceAccount.name` | Service account name | `true` |
| `historical.serviceAccount.annotations` | Annotations applied to created service account | `true` |
| `historical.serviceAccount.labels` | Labels applied to created service account | `true` |
| `historical.serviceAccount.automountServiceAccountToken` | Automount API credentials for the Service Account | `true` |
| `historical.resources` | historical node resources requests & limits | `{}` |
| `historical.livenessProbeInitialDelaySeconds` | historical node liveness probe initial delay in seconds | `60` |
| `historical.readinessProbeInitialDelaySeconds` | historical node readiness probe initial delay in seconds | `60` |
Expand All @@ -173,6 +194,11 @@ The following table lists the configurable parameters of the Druid chart and the
| `middleManager.replicaCount` | middleManager node replicas (statefulset) | `1` |
| `middleManager.port` | port of middleManager component | `8091` |
| `middleManager.serviceType` | service type for service | `ClusterIP` |
| `middleManager.serviceAccount.create` | Create a service account for middleManager service | `true` |
| `middleManager.serviceAccount.name` | Service account name | `true` |
| `middleManager.serviceAccount.annotations` | Annotations applied to created service account | `true` |
| `middleManager.serviceAccount.labels` | Labels applied to created service account | `true` |
| `middleManager.serviceAccount.automountServiceAccountToken` | Automount API credentials for the Service Account | `true` |
| `middleManager.resources` | middleManager node resources requests & limits | `{}` |
| `middleManager.podAnnotations` | middleManager Deployment annotations | `{}` |
| `middleManager.nodeSelector` | Node labels for middleManager pod assignment | `{}` |
Expand All @@ -199,6 +225,11 @@ The following table lists the configurable parameters of the Druid chart and the
| `router.replicaCount` | router node replicas (deployment) | `1` |
| `router.port` | port of router component | `8888` |
| `router.serviceType` | service type for service | `ClusterIP` |
| `router.serviceAccount.create` | Create a service account for router service | `true` |
| `router.serviceAccount.name` | Service account name | `true` |
| `router.serviceAccount.annotations` | Annotations applied to created service account | `true` |
| `router.serviceAccount.labels` | Labels applied to created service account | `true` |
| `router.serviceAccount.automountServiceAccountToken` | Automount API credentials for the Service Account | `true` |
| `router.resources` | router node resources requests & limits | `{}` |
| `router.podAnnotations` | router Deployment annotations | `{}` |
| `router.nodeSelector` | node labels for router pod assignment | `{}` |
Expand Down
8 changes: 6 additions & 2 deletions helm/druid/templates/broker/deployment.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -41,11 +41,15 @@ spec:
app: {{ include "druid.name" . }}
release: {{ .Release.Name }}
component: {{ .Values.broker.name }}
{{- with .Values.broker.podAnnotations }}
annotations:
{{ toYaml . | indent 8 }}
druid.k8s.enablePatching: "true"
{{- with .Values.broker.podAnnotations }}
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
{{- if .Values.broker.serviceAccount.create }}
serviceAccountName: "{{ .Values.broker.serviceAccount.name }}"
{{- end }}
containers:
- name: {{ .Chart.Name }}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
Expand Down
21 changes: 21 additions & 0 deletions helm/druid/templates/broker/role.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
{{- if .Values.rbac.create }}
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: {{ template "druid.broker.fullname" . }}
labels:
app: {{ include "druid.name" . }}
chart: {{ include "druid.chart" . }}
component: {{ .Values.broker.name }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
rules:
- apiGroups:
- ""
resources:
- pods
- configmaps
verbs:
- '*'
{{- end }}

20 changes: 20 additions & 0 deletions helm/druid/templates/broker/roleBinding.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
{{- if .Values.rbac.create }}
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: {{ template "druid.broker.fullname" . }}
labels:
app: {{ include "druid.name" . }}
chart: {{ include "druid.chart" . }}
component: {{ .Values.broker.name }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: {{ template "druid.broker.fullname" . }}
subjects:
- kind: ServiceAccount
name: {{ .Values.broker.serviceAccount.name }}
namespace: {{ .Release.Namespace }}
{{- end }}
20 changes: 20 additions & 0 deletions helm/druid/templates/broker/serviceAccount.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
{{- if .Values.broker.serviceAccount.create }}
apiVersion: v1
kind: ServiceAccount
automountServiceAccountToken: {{ .Values.broker.serviceAccount.automountServiceAccountToken }}
metadata:
name: {{ .Values.broker.serviceAccount.name }}
{{- with .Values.broker.serviceAccount.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
labels:
app: {{ include "druid.name" . }}
chart: {{ include "druid.chart" . }}
component: {{ .Values.broker.name }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
{{- with .Values.broker.serviceAccount.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}
8 changes: 6 additions & 2 deletions helm/druid/templates/coordinator/deployment.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -41,11 +41,15 @@ spec:
app: {{ include "druid.name" . }}
release: {{ .Release.Name }}
component: {{ .Values.coordinator.name }}
{{- with .Values.coordinator.podAnnotations }}
annotations:
{{ toYaml . | indent 8 }}
druid.k8s.enablePatching: "true"
{{- with .Values.coordinator.podAnnotations }}
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
{{- if .Values.coordinator.serviceAccount.create }}
serviceAccountName: "{{ .Values.coordinator.serviceAccount.name }}"
{{- end }}
containers:
- name: {{ .Chart.Name }}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
Expand Down
21 changes: 21 additions & 0 deletions helm/druid/templates/coordinator/role.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
{{- if .Values.rbac.create }}
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: {{ template "druid.coordinator.fullname" . }}
labels:
app: {{ include "druid.name" . }}
chart: {{ include "druid.chart" . }}
component: {{ .Values.coordinator.name }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
rules:
- apiGroups:
- ""
resources:
- pods
- configmaps
verbs:
- '*'
{{- end }}

20 changes: 20 additions & 0 deletions helm/druid/templates/coordinator/roleBinding.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
{{- if .Values.rbac.create }}
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: {{ template "druid.coordinator.fullname" . }}
labels:
app: {{ include "druid.name" . }}
chart: {{ include "druid.chart" . }}
component: {{ .Values.coordinator.name }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: {{ template "druid.coordinator.fullname" . }}
subjects:
- kind: ServiceAccount
name: {{ .Values.coordinator.serviceAccount.name }}
namespace: {{ .Release.Namespace }}
{{- end }}
20 changes: 20 additions & 0 deletions helm/druid/templates/coordinator/serviceAccount.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
{{- if .Values.coordinator.serviceAccount.create }}
apiVersion: v1
kind: ServiceAccount
automountServiceAccountToken: {{ .Values.coordinator.serviceAccount.automountServiceAccountToken }}
metadata:
name: {{ .Values.coordinator.serviceAccount.name }}
{{- with .Values.coordinator.serviceAccount.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
labels:
app: {{ include "druid.name" . }}
chart: {{ include "druid.chart" . }}
component: {{ .Values.coordinator.name }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
{{- with .Values.coordinator.serviceAccount.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}
21 changes: 21 additions & 0 deletions helm/druid/templates/historical/role.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
{{- if .Values.rbac.create }}
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: {{ template "druid.historical.fullname" . }}
labels:
app: {{ include "druid.name" . }}
chart: {{ include "druid.chart" . }}
component: {{ .Values.historical.name }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
rules:
- apiGroups:
- ""
resources:
- pods
- configmaps
verbs:
- '*'
{{- end }}

20 changes: 20 additions & 0 deletions helm/druid/templates/historical/roleBinding.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
{{- if .Values.rbac.create }}
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: {{ template "druid.historical.fullname" . }}
labels:
app: {{ include "druid.name" . }}
chart: {{ include "druid.chart" . }}
component: {{ .Values.historical.name }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: {{ template "druid.historical.fullname" . }}
subjects:
- kind: ServiceAccount
name: {{ .Values.historical.serviceAccount.name }}
namespace: {{ .Release.Namespace }}
{{- end }}
20 changes: 20 additions & 0 deletions helm/druid/templates/historical/serviceAccount.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
{{- if .Values.historical.serviceAccount.create }}
apiVersion: v1
kind: ServiceAccount
automountServiceAccountToken: {{ .Values.historical.serviceAccount.automountServiceAccountToken }}
metadata:
name: {{ .Values.historical.serviceAccount.name }}
{{- with .Values.historical.serviceAccount.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
labels:
app: {{ include "druid.name" . }}
chart: {{ include "druid.chart" . }}
component: {{ .Values.historical.name }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
{{- with .Values.historical.serviceAccount.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}
8 changes: 6 additions & 2 deletions helm/druid/templates/historical/statefulset.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -42,9 +42,10 @@ spec:
app: {{ template "druid.name" . }}
component: {{ .Values.historical.name }}
release: {{ .Release.Name }}
{{- with .Values.historical.podAnnotations }}
annotations:
{{ toYaml . | indent 8 }}
druid.k8s.enablePatching: "true"
{{- with .Values.historical.podAnnotations }}
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
{{- if or .Values.historical.antiAffinity .Values.historical.nodeAffinity }}
Expand Down Expand Up @@ -91,6 +92,9 @@ spec:
imagePullSecrets:
{{ toYaml .Values.image.pullSecrets | indent 8 }}
{{- end }}
{{- if .Values.historical.serviceAccount.create }}
serviceAccountName: "{{ .Values.historical.serviceAccount.name }}"
{{- end }}
containers:
- name: druid
args: [ "historical" ]
Expand Down
21 changes: 21 additions & 0 deletions helm/druid/templates/middleManager/role.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
{{- if .Values.rbac.create }}
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: {{ template "druid.middleManager.fullname" . }}
labels:
app: {{ include "druid.name" . }}
chart: {{ include "druid.chart" . }}
component: {{ .Values.middleManager.name }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
rules:
- apiGroups:
- ""
resources:
- pods
- configmaps
verbs:
- '*'
{{- end }}

20 changes: 20 additions & 0 deletions helm/druid/templates/middleManager/roleBinding.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
{{- if .Values.rbac.create }}
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: {{ template "druid.middleManager.fullname" . }}
labels:
app: {{ include "druid.name" . }}
chart: {{ include "druid.chart" . }}
component: {{ .Values.middleManager.name }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: {{ template "druid.middleManager.fullname" . }}
subjects:
- kind: ServiceAccount
name: {{ .Values.middleManager.serviceAccount.name }}
namespace: {{ .Release.Namespace }}
{{- end }}
Loading

0 comments on commit 33818bf

Please sign in to comment.