diff --git a/charts/cryostat/README.md b/charts/cryostat/README.md index 6234921..2887862 100644 --- a/charts/cryostat/README.md +++ b/charts/cryostat/README.md @@ -55,6 +55,7 @@ helm install cryostat ./charts/cryostat | `core.image.repository` | Repository for the main Cryostat container image | `quay.io/cryostat/cryostat` | | `core.image.pullPolicy` | Image pull policy for the main Cryostat container image | `Always` | | `core.image.tag` | Tag for the main Cryostat container image | `4.0.0-snapshot` | +| `core.podAnnotations` | Annotations to be applied to the Cryostat Pods | `{}` | | `core.service.type` | Type of Service to create for the Cryostat application | `ClusterIP` | | `core.service.httpPort` | Port number to expose on the Service for Cryostat's HTTP server | `8181` | | `core.debug.log.level` | Log level for troubleshooting and debugging | `INFO` | @@ -93,6 +94,7 @@ helm install cryostat ./charts/cryostat | `reports.image.repository` | Repository for the Report Generator container image | `quay.io/cryostat/cryostat-reports` | | `reports.image.pullPolicy` | Image pull policy for the Report Generator container image | `Always` | | `reports.image.tag` | Tag for the Report Generator image | `4.0.0-snapshot` | +| `reports.podAnnotations` | Annotations to be applied to the Report Generator Pods | `{}` | | `reports.service.type` | Type of Service to create for the Report Generator Deployment | `ClusterIP` | | `reports.service.httpPort` | Port number to expose on the Service for the Report Generator Deployment | `10001` | | `reports.reportsSecretName` | Name of the secret containing the report generator access keys. This secret must contain a REPORTS_PASS secret which is the secret credential for the report generators. It must not be updated across chart upgrades, or else the connection between Cryostat and report generators will not be able to initialize. It is recommended that the secret should be marked as immutable to avoid accidental changes to secret's data. More details: https://kubernetes.io/docs/concepts/configuration/secret/#secret-immutable | `""` | @@ -110,6 +112,7 @@ helm install cryostat ./charts/cryostat | `db.image.repository` | Repository for the database container image | `quay.io/cryostat/cryostat-db` | | `db.image.pullPolicy` | Image pull policy for the database container image | `Always` | | `db.image.tag` | Tag for the database container image | `latest` | +| `db.podAnnotations` | Annotations to be applied to the Database Pods | `{}` | | `db.service.type` | Type of Service to create for the database | `ClusterIP` | | `db.service.port` | Port number to expose on the Service | `5432` | | `db.resources.requests.cpu` | CPU resource request for the database container. See: [ResourceRequirements](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#resources) | `25m` | @@ -126,6 +129,7 @@ helm install cryostat ./charts/cryostat | `storage.image.pullPolicy` | Image pull policy for the storage container image | `Always` | | `storage.image.tag` | Tag for the storage container image | `latest` | | `storage.encryption.enabled` | Enable at-rest encryption of stored objects. The storage container will generate a secret key for each stored object and use this key to encrypt and decrypt objects transparently. The key is written to the object metadata, so in the default storage container configuration this only adds a small layer of additional security. | `true` | +| `storage.podAnnotations` | Annotations to be applied to the Storage Pods | `{}` | | `storage.service.type` | Type of Service to create for the object storage | `ClusterIP` | | `storage.service.port` | Port number to expose on the Service | `8333` | | `storage.resources.requests.cpu` | CPU resource request for the object storage container. See: [ResourceRequirements](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#resources) | `50m` | @@ -140,6 +144,7 @@ helm install cryostat ./charts/cryostat | `grafana.image.repository` | Repository for the Grafana container image | `quay.io/cryostat/cryostat-grafana-dashboard` | | `grafana.image.pullPolicy` | Image pull policy for the Grafana container image | `Always` | | `grafana.image.tag` | Tag for the Grafana container image | `latest` | +| `grafana.podAnnotations` | Annotations to be applied to the Grafana Pods | `{}` | | `grafana.service.type` | Type of Service to create for Grafana | `ClusterIP` | | `grafana.service.port` | Port number to expose on the Service for Grafana's HTTP server | `3000` | | `grafana.resources.requests.cpu` | CPU resource request for the Grafana container. See: [ResourceRequirements](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#resources) | `25m` | @@ -154,6 +159,7 @@ helm install cryostat ./charts/cryostat | `datasource.image.repository` | Repository for the JFR Data Source container image | `quay.io/cryostat/jfr-datasource` | | `datasource.image.pullPolicy` | Image pull policy for the JFR Data Source container image | `Always` | | `datasource.image.tag` | Tag for the JFR Data Source container image | `latest` | +| `datasource.podAnnotations` | Annotations to be applied to the JFR Datasource Pods | `{}` | | `datasource.resources.requests.cpu` | CPU resource request for the JFR Data Source container. See: [ResourceRequirements](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#resources) | `200m` | | `datasource.resources.requests.memory` | Memory resource request for the JFR Data Source container. | `200Mi` | | `datasource.securityContext` | Security Context for the JFR Data Source container. Defaults to meet "restricted" [Pod Security Standard](https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted). See: [SecurityContext](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#security-context-1) | `{}` | @@ -210,7 +216,7 @@ helm install cryostat ./charts/cryostat | `serviceAccount.create` | Specifies whether a service account should be created | `true` | | `serviceAccount.annotations` | Annotations to add to the service account | `{}` | | `serviceAccount.name` | The name of the service account to use. If not set and create is true, a name is generated using the fullname template | `""` | -| `podAnnotations` | Annotations to be applied to the Cryostat Pod | `{}` | +| `podAnnotations` | Annotations to be applied to the various Pods | `{}` | | `podSecurityContext` | Security Context for the Cryostat Pod. Defaults to meet "restricted" [Pod Security Standard](https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted). See: [PodSecurityContext](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#security-context) | `{}` | | `nodeSelector` | Node Selector for the Cryostat Pod. See: [NodeSelector](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling) | `{}` | | `tolerations` | Tolerations for the Cryostat Pod. See: [Tolerations](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling) | `[]` | diff --git a/charts/cryostat/templates/cryostat_deployment.yaml b/charts/cryostat/templates/cryostat_deployment.yaml index cb0fbca..10cc8fa 100644 --- a/charts/cryostat/templates/cryostat_deployment.yaml +++ b/charts/cryostat/templates/cryostat_deployment.yaml @@ -17,8 +17,11 @@ spec: app.kubernetes.io/component: cryostat template: metadata: - {{- with .Values.podAnnotations }} annotations: + {{- with .Values.core.podAnnotations }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.podAnnotations }} {{- toYaml . | nindent 8 }} {{- end }} labels: diff --git a/charts/cryostat/templates/db_deployment.yaml b/charts/cryostat/templates/db_deployment.yaml index c6c753f..bf899af 100644 --- a/charts/cryostat/templates/db_deployment.yaml +++ b/charts/cryostat/templates/db_deployment.yaml @@ -17,8 +17,11 @@ spec: app.kubernetes.io/component: db template: metadata: - {{- with .Values.podAnnotations }} annotations: + {{- with .Values.db.podAnnotations }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.podAnnotations }} {{- toYaml . | nindent 8 }} {{- end }} labels: diff --git a/charts/cryostat/templates/reports_deployment.yaml b/charts/cryostat/templates/reports_deployment.yaml index 05c846d..6f5f218 100644 --- a/charts/cryostat/templates/reports_deployment.yaml +++ b/charts/cryostat/templates/reports_deployment.yaml @@ -18,8 +18,11 @@ spec: app.kubernetes.io/component: reports template: metadata: - {{- with .Values.podAnnotations }} annotations: + {{- with .Values.reports.podAnnotations }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.podAnnotations }} {{- toYaml . | nindent 8 }} {{- end }} labels: diff --git a/charts/cryostat/templates/storage_deployment.yaml b/charts/cryostat/templates/storage_deployment.yaml index 3031633..5aee4e6 100644 --- a/charts/cryostat/templates/storage_deployment.yaml +++ b/charts/cryostat/templates/storage_deployment.yaml @@ -17,8 +17,11 @@ spec: app.kubernetes.io/component: storage template: metadata: - {{- with .Values.podAnnotations }} annotations: + {{- with .Values.storage.podAnnotations }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.podAnnotations }} {{- toYaml . | nindent 8 }} {{- end }} labels: diff --git a/charts/cryostat/tests/cryostat_deployment_test.yaml b/charts/cryostat/tests/cryostat_deployment_test.yaml index 0548fc7..f26dd4f 100644 --- a/charts/cryostat/tests/cryostat_deployment_test.yaml +++ b/charts/cryostat/tests/cryostat_deployment_test.yaml @@ -514,3 +514,35 @@ tests: path: spec.template.spec.containers[?(@.name=='cryostat-jfr-datasource')].imagePullPolicy value: "IfNotPresent" + - it: should set default podAnnotations + set: + podAnnotations: + foo: bar + asserts: + - equal: + path: spec.template.metadata.annotations + value: + foo: bar + + - it: should set pod-specific podAnnotations + set: + core.podAnnotations: + foo: bar + asserts: + - equal: + path: spec.template.metadata.annotations + value: + foo: bar + + - it: should set merge pod-specific and default podAnnotations + set: + core.podAnnotations: + foo: bar + podAnnotations: + alice: bob + asserts: + - equal: + path: spec.template.metadata.annotations + value: + alice: bob + foo: bar diff --git a/charts/cryostat/tests/db_deployment_test.yaml b/charts/cryostat/tests/db_deployment_test.yaml index fa1ff93..7d6be92 100644 --- a/charts/cryostat/tests/db_deployment_test.yaml +++ b/charts/cryostat/tests/db_deployment_test.yaml @@ -195,3 +195,35 @@ tests: path: spec.template.spec.containers[?(@.name=='cryostat-db')].imagePullPolicy value: "IfNotPresent" + - it: should set default podAnnotations + set: + podAnnotations: + foo: bar + asserts: + - equal: + path: spec.template.metadata.annotations + value: + foo: bar + + - it: should set pod-specific podAnnotations + set: + db.podAnnotations: + foo: bar + asserts: + - equal: + path: spec.template.metadata.annotations + value: + foo: bar + + - it: should set merge pod-specific and default podAnnotations + set: + db.podAnnotations: + foo: bar + podAnnotations: + alice: bob + asserts: + - equal: + path: spec.template.metadata.annotations + value: + alice: bob + foo: bar diff --git a/charts/cryostat/tests/reports_deployment_test.yaml b/charts/cryostat/tests/reports_deployment_test.yaml index 28ebff6..98dee20 100644 --- a/charts/cryostat/tests/reports_deployment_test.yaml +++ b/charts/cryostat/tests/reports_deployment_test.yaml @@ -157,3 +157,39 @@ tests: - equal: path: spec.template.spec.containers[?(@.name=='cryostat-reports')].imagePullPolicy value: "IfNotPresent" + + - it: should set default podAnnotations + set: + reports.replicas: 1 + podAnnotations: + foo: bar + asserts: + - equal: + path: spec.template.metadata.annotations + value: + foo: bar + + - it: should set pod-specific podAnnotations + set: + reports.replicas: 1 + reports.podAnnotations: + foo: bar + asserts: + - equal: + path: spec.template.metadata.annotations + value: + foo: bar + + - it: should set merge pod-specific and default podAnnotations + set: + reports.replicas: 1 + reports.podAnnotations: + foo: bar + podAnnotations: + alice: bob + asserts: + - equal: + path: spec.template.metadata.annotations + value: + alice: bob + foo: bar diff --git a/charts/cryostat/tests/storage_deployment_test.yaml b/charts/cryostat/tests/storage_deployment_test.yaml index a077cd0..f9beb7b 100644 --- a/charts/cryostat/tests/storage_deployment_test.yaml +++ b/charts/cryostat/tests/storage_deployment_test.yaml @@ -223,3 +223,36 @@ tests: - equal: path: spec.template.spec.containers[?(@.name=='cryostat-storage')].imagePullPolicy value: "IfNotPresent" + + - it: should set default podAnnotations + set: + podAnnotations: + foo: bar + asserts: + - equal: + path: spec.template.metadata.annotations + value: + foo: bar + + - it: should set pod-specific podAnnotations + set: + storage.podAnnotations: + foo: bar + asserts: + - equal: + path: spec.template.metadata.annotations + value: + foo: bar + + - it: should set merge pod-specific and default podAnnotations + set: + storage.podAnnotations: + foo: bar + podAnnotations: + alice: bob + asserts: + - equal: + path: spec.template.metadata.annotations + value: + alice: bob + foo: bar diff --git a/charts/cryostat/values.schema.json b/charts/cryostat/values.schema.json index 88c3baf..116fb83 100644 --- a/charts/cryostat/values.schema.json +++ b/charts/cryostat/values.schema.json @@ -374,6 +374,26 @@ "db": { "type": "object", "properties": { + "image": { + "type": "object", + "properties": { + "repository": { + "type": "string", + "description": "Repository for the database container image", + "default": "quay.io/cryostat/cryostat-db" + }, + "pullPolicy": { + "type": "string", + "description": "Image pull policy for the database container image", + "default": "Always" + }, + "tag": { + "type": "string", + "description": "Tag for the database container image", + "default": "latest" + } + } + }, "securityContext": { "type": "object", "properties": { @@ -399,26 +419,6 @@ } } }, - "image": { - "type": "object", - "properties": { - "repository": { - "type": "string", - "description": "Repository for the database container image", - "default": "quay.io/cryostat/cryostat-db" - }, - "pullPolicy": { - "type": "string", - "description": "Image pull policy for the database container image", - "default": "Always" - }, - "tag": { - "type": "string", - "description": "Tag for the database container image", - "default": "latest" - } - } - }, "service": { "type": "object", "properties": { diff --git a/charts/cryostat/values.yaml b/charts/cryostat/values.yaml index 79fdd4d..432566f 100644 --- a/charts/cryostat/values.yaml +++ b/charts/cryostat/values.yaml @@ -8,6 +8,8 @@ core: pullPolicy: Always ## @param core.image.tag Tag for the main Cryostat container image tag: "4.0.0-snapshot" + ## @param core.podAnnotations [object] Annotations to be applied to the Cryostat Pods + podAnnotations: {} service: ## @param core.service.type Type of Service to create for the Cryostat application type: ClusterIP @@ -96,6 +98,8 @@ reports: pullPolicy: Always ## @param reports.image.tag Tag for the Report Generator image tag: "4.0.0-snapshot" + ## @param reports.podAnnotations [object] Annotations to be applied to the Report Generator Pods + podAnnotations: {} service: ## @param reports.service.type Type of Service to create for the Report Generator Deployment type: ClusterIP @@ -134,6 +138,8 @@ db: pullPolicy: Always ## @param db.image.tag Tag for the database container image tag: "latest" + ## @param db.podAnnotations [object] Annotations to be applied to the Database Pods + podAnnotations: {} service: ## @param db.service.type Type of Service to create for the database type: ClusterIP @@ -169,6 +175,8 @@ storage: encryption: ## @param storage.encryption.enabled Enable at-rest encryption of stored objects. The storage container will generate a secret key for each stored object and use this key to encrypt and decrypt objects transparently. The key is written to the object metadata, so in the default storage container configuration this only adds a small layer of additional security. enabled: true + ## @param storage.podAnnotations [object] Annotations to be applied to the Storage Pods + podAnnotations: {} service: ## @param storage.service.type Type of Service to create for the object storage type: ClusterIP @@ -199,6 +207,8 @@ grafana: pullPolicy: Always ## @param grafana.image.tag Tag for the Grafana container image tag: "latest" + ## @param grafana.podAnnotations [object] Annotations to be applied to the Grafana Pods + podAnnotations: {} service: ## @param grafana.service.type Type of Service to create for Grafana type: ClusterIP @@ -229,6 +239,8 @@ datasource: pullPolicy: Always ## @param datasource.image.tag Tag for the JFR Data Source container image tag: "latest" + ## @param datasource.podAnnotations [object] Annotations to be applied to the JFR Datasource Pods + podAnnotations: {} resources: requests: ## @param datasource.resources.requests.cpu CPU resource request for the JFR Data Source container. See: [ResourceRequirements](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#resources) @@ -351,7 +363,7 @@ serviceAccount: ## @param serviceAccount.name The name of the service account to use. If not set and create is true, a name is generated using the fullname template name: "" -## @param podAnnotations [object] Annotations to be applied to the Cryostat Pod +## @param podAnnotations [object] Annotations to be applied to the various Pods podAnnotations: {} ## @param podSecurityContext [object] Security Context for the Cryostat Pod. Defaults to meet "restricted" [Pod Security Standard](https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted). See: [PodSecurityContext](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#security-context)