From 5bfe9732af8a7e8ad0878ba17efa4adb9479df4a Mon Sep 17 00:00:00 2001 From: Michal Pieta Date: Fri, 12 Jul 2024 21:57:47 +0200 Subject: [PATCH] feat(sidecar): allow more than one container per pod --- dotnet/Chart.yaml | 4 +- golang/Chart.yaml | 4 +- java/Chart.yaml | 4 +- java/values.yaml | 44 ++++++++++++++++++++- libchart/Chart.yaml | 2 +- libchart/templates/_container.tpl | 65 +++++++++++++++++++++++++++++++ libchart/templates/_pod.tpl | 64 ++++-------------------------- libchart/values.yaml | 44 ++++++++++++++++++++- nodejs/Chart.yaml | 4 +- web/Chart.yaml | 4 +- 10 files changed, 169 insertions(+), 70 deletions(-) create mode 100644 libchart/templates/_container.tpl diff --git a/dotnet/Chart.yaml b/dotnet/Chart.yaml index a985a1d..07c1c1f 100644 --- a/dotnet/Chart.yaml +++ b/dotnet/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v2 description: .NET Core Helm Chart name: dotnet -version: 13.0.1 +version: 13.1.0 dependencies: - name: libchart - version: 4.0.1 + version: 4.2.0 repository: file://../libchart diff --git a/golang/Chart.yaml b/golang/Chart.yaml index 583eab5..169450e 100644 --- a/golang/Chart.yaml +++ b/golang/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v2 description: golan Helm Chart name: golang -version: 17.0.1 +version: 17.1.0 dependencies: - name: libchart - version: 4.0.1 + version: 4.2.0 repository: file://../libchart diff --git a/java/Chart.yaml b/java/Chart.yaml index 1de5148..b4a547f 100644 --- a/java/Chart.yaml +++ b/java/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v2 description: Java Helm Chart name: java -version: 10.0.1 +version: 10.1.0 dependencies: - name: libchart - version: 4.0.1 + version: 4.2.0 repository: file://../libchart diff --git a/java/values.yaml b/java/values.yaml index 71d3f0e..206a57e 100644 --- a/java/values.yaml +++ b/java/values.yaml @@ -13,7 +13,49 @@ image: # pullSecrets: # - secret1 # - secret2 - +sidecars: + - name: helper1 + image: + repository: "repo" + tag: "123" + extraContainerPorts: [8088, 9099] + securityContext: + readOnlyRootFilesystem: true + allowPrivilegeEscalation: false + resources: + limits: + cpu: 100m + memory: 128Mi + requests: + cpu: 100m + memory: 128Mi + environment: { } + secrets: { } + volumeMounts: [ ] + # - name: secret-volume + # mountPath: /app/secrets + # readOnly: true + - name: helper2 + image: + repository: "repo" + tag: "456" + extraContainerPorts: [8088, 9099] + securityContext: + readOnlyRootFilesystem: true + allowPrivilegeEscalation: false + resources: + limits: + cpu: 100m + memory: 128Mi + requests: + cpu: 100m + memory: 128Mi + environment: { } + secrets: { } + volumeMounts: + - name: secret-volume + mountPath: /app/secrets + readOnly: true nameOverride: "" fullnameOverride: "" diff --git a/libchart/Chart.yaml b/libchart/Chart.yaml index 8e1f40c..3e0312a 100644 --- a/libchart/Chart.yaml +++ b/libchart/Chart.yaml @@ -15,7 +15,7 @@ type: library # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 4.0.1 +version: 4.2.0 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/libchart/templates/_container.tpl b/libchart/templates/_container.tpl new file mode 100644 index 0000000..1f195e9 --- /dev/null +++ b/libchart/templates/_container.tpl @@ -0,0 +1,65 @@ +{{- define "libchart.container" }} + image: "{{ .image.repository }}:{{ .image.tag }}" + imagePullPolicy: Always + {{- if .command }} + command: + {{ toYaml .command | nindent 6 }} + {{- end }} + {{- if .args }} + args: + {{ toYaml .args | nindent 6 }} + {{- end }} + {{- if or (.volumeMounts) (.csi) }} + volumeMounts: + {{- if .volumeMounts }} + {{- toYaml .volumeMounts | nindent 6 }} + {{- end }} + {{- if .csi }} + - name: {{ .csi.name }} + mountPath: {{ .csi.mountPath | quote }} + readOnly: true + {{- end }} + {{- end }} + ports: + {{- if .deployKind }} {{/* a hack to check if we are in the root context or in a sidecar; sidecars are not using the port mapping from the service */}} + {{- "- name: http" | nindent 4 }} + {{- "containerPort: " | nindent 6 }}{{ .service.targetPort | default 8080 }} + protocol: TCP + {{- end }} + {{- if .extraContainerPorts }} + {{ toYaml .extraContainerPorts | nindent 6 }} + {{- end }} + {{- $liveness := default dict .liveness }} + {{- $livenessEnabled := default false $liveness.enabled }} + {{- if and $liveness $livenessEnabled }} + livenessProbe: + httpGet: + path: {{ .liveness.path | default "/" }} + port: {{ .liveness.port | default 8080 }} + initialDelaySeconds: {{ .liveness.delay | default 15 }} + timeoutSeconds: {{ .liveness.timeout | default 15 }} + periodSeconds: {{ .liveness.periodSeconds | default 15 }} + {{- end }} + {{- $readiness := default dict .readiness }} + {{- $readinessEnabled := default false $readiness.enabled }} + {{- if and $readiness $readinessEnabled }} + readinessProbe: + httpGet: + path: {{ .readiness.path | default "/" }} + port: {{ .readiness.port | default 8080 }} + initialDelaySeconds: {{ .readiness.delay | default 15 }} + timeoutSeconds: {{ .readiness.timeout | default 15 }} + periodSeconds: {{ .readiness.periodSeconds | default 15 }} + {{- end }} + env: + {{- if .secrets }} + {{ toYaml .secrets | nindent 6 }} + {{- end }} + {{- if .environment }} + {{ toYaml .environment | nindent 6 }} + {{- end }} + resources: + {{- toYaml .resources | nindent 6 }} + securityContext: + {{- toYaml .securityContext | nindent 6 }} +{{- end }} diff --git a/libchart/templates/_pod.tpl b/libchart/templates/_pod.tpl index 47637b0..0c66607 100644 --- a/libchart/templates/_pod.tpl +++ b/libchart/templates/_pod.tpl @@ -10,63 +10,13 @@ securityContext: {{- toYaml .Values.podSecurityContext | nindent 2 }} containers: - name: {{ .Chart.Name }} - image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" - imagePullPolicy: Always - {{- if .Values.command }} - command: - {{ toYaml .Values.command | nindent 6 }} - {{- end }} - {{- if .Values.args }} - args: - {{ toYaml .Values.args | nindent 6 }} - {{- end }} - {{- if or (.Values.volumeMounts) (.Values.csi) }} - volumeMounts: - {{- if .Values.volumeMounts }} - {{ toYaml .Values.volumeMounts | nindent 6 }} - {{- end }} - {{- if .Values.csi }} - - name: {{ .Values.csi.name }} - mountPath: {{ .Values.csi.mountPath | quote }} - readOnly: true - {{- end }} - {{- end }} - ports: - - name: http - containerPort: {{ .Values.service.targetPort | default 8080 }} - protocol: TCP - {{ if .Values.extraContainerPorts }} - {{ toYaml .Values.extraContainerPorts | nindent 6 }} - {{- end }} - {{- if and (.Values.liveness) (.Values.liveness.enabled) }} - livenessProbe: - httpGet: - path: {{ .Values.liveness.path | default "/" }} - port: {{ .Values.liveness.port | default 8080 }} - initialDelaySeconds: {{ .Values.liveness.delay | default 15 }} - timeoutSeconds: {{ .Values.liveness.timeout | default 15 }} - periodSeconds: {{ .Values.liveness.periodSeconds | default 15 }} - {{- end }} - {{- if and (.Values.readiness) (.Values.readiness.enabled) }} - readinessProbe: - httpGet: - path: {{ .Values.readiness.path | default "/" }} - port: {{ .Values.readiness.port | default 8080 }} - initialDelaySeconds: {{ .Values.readiness.delay | default 15 }} - timeoutSeconds: {{ .Values.readiness.timeout | default 15 }} - periodSeconds: {{ .Values.readiness.periodSeconds | default 15 }} - {{- end }} - env: - {{- if .Values.secrets }} - {{ toYaml .Values.secrets | nindent 6 }} - {{- end }} - {{- if .Values.environment }} - {{ toYaml .Values.environment | nindent 6 }} - {{- end }} - resources: - {{ toYaml .Values.resources | nindent 6 }} - securityContext: - {{- toYaml .Values.securityContext | nindent 6 }} + {{- include "libchart.container" .Values | indent 2 -}} + {{- range $sc := .Values.sidecars -}} + {{ "- name: " | nindent 2 }}{{ $sc.name }} + {{- include "libchart.container" $sc | indent 2 }} + {{- end }} + {{- if .Values.initContainers }} + {{- end }} {{- with .Values.nodeSelector }} nodeSelector: {{ toYaml . | nindent 4 }} diff --git a/libchart/values.yaml b/libchart/values.yaml index a5fd960..2358758 100644 --- a/libchart/values.yaml +++ b/libchart/values.yaml @@ -14,7 +14,49 @@ image: # pullSecrets: # - secret1 # - secret2 - +sidecars: + - name: helper1 + image: + repository: "repo" + tag: "123" + extraContainerPorts: [8088, 9099] + securityContext: + readOnlyRootFilesystem: true + allowPrivilegeEscalation: false + resources: + limits: + cpu: 100m + memory: 128Mi + requests: + cpu: 100m + memory: 128Mi + environment: { } + secrets: { } + volumeMounts: [ ] + # - name: secret-volume + # mountPath: /app/secrets + # readOnly: true + - name: helper2 + image: + repository: "repo" + tag: "456" + extraContainerPorts: [8088, 9099] + securityContext: + readOnlyRootFilesystem: true + allowPrivilegeEscalation: false + resources: + limits: + cpu: 100m + memory: 128Mi + requests: + cpu: 100m + memory: 128Mi + environment: { } + secrets: { } + volumeMounts: + - name: secret-volume + mountPath: /app/secrets + readOnly: true nameOverride: "" fullnameOverride: "" diff --git a/nodejs/Chart.yaml b/nodejs/Chart.yaml index bb073d8..4fcf47e 100644 --- a/nodejs/Chart.yaml +++ b/nodejs/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v2 description: Node.js Helm Chart name: nodejs -version: 17.0.1 +version: 17.1.0 dependencies: - name: libchart - version: 4.0.1 + version: 4.2.0 repository: file://../libchart diff --git a/web/Chart.yaml b/web/Chart.yaml index da32808..32d25a3 100644 --- a/web/Chart.yaml +++ b/web/Chart.yaml @@ -2,8 +2,8 @@ apiVersion: v2 appVersion: "1.0" description: Helm chart for deployment of web servers name: web -version: 14.0.1 +version: 14.1.0 dependencies: - name: libchart - version: 4.0.1 + version: 4.2.0 repository: file://../libchart