From 841943f57e32343e80cff1a8632b8b463fa7eac2 Mon Sep 17 00:00:00 2001 From: keptn-bot <86361500+keptn-bot@users.noreply.github.com> Date: Mon, 11 Nov 2024 16:04:30 +0100 Subject: [PATCH] Update keptn-lifecycle-operator Helm chart (#182) BREAKING CHANGE: The Lifecycle Operator helm chart was adapted after removal of the Keptn Scheduler and many Helm values were simplified, please double check your values files and adapt them accordingly. --- charts/keptn-lifecycle-operator/Chart.yaml | 6 +- charts/keptn-lifecycle-operator/README.md | 149 ++++---- .../templates/_helpers.tpl | 11 +- .../templates/deployment.yaml | 179 ++-------- ...-apiserver-authentication-reader-rbac.yaml | 21 -- .../templates/keptn-scheduler-rbac.yaml | 210 ----------- .../templates/lifecycle-manager-config.yaml | 10 +- .../lifecycle-operator-metrics-service.yaml | 4 +- .../templates/lifecycle-webhook-service.yaml | 4 +- .../templates/scheduler-config.yaml | 22 -- .../scheduler-leader-election-rbac.yaml | 65 ---- charts/keptn-lifecycle-operator/values.yaml | 325 +++++++----------- 12 files changed, 227 insertions(+), 779 deletions(-) delete mode 100644 charts/keptn-lifecycle-operator/templates/extension-apiserver-authentication-reader-rbac.yaml delete mode 100644 charts/keptn-lifecycle-operator/templates/keptn-scheduler-rbac.yaml delete mode 100644 charts/keptn-lifecycle-operator/templates/scheduler-config.yaml delete mode 100644 charts/keptn-lifecycle-operator/templates/scheduler-leader-election-rbac.yaml diff --git a/charts/keptn-lifecycle-operator/Chart.yaml b/charts/keptn-lifecycle-operator/Chart.yaml index b1d5360b..1614f5fa 100644 --- a/charts/keptn-lifecycle-operator/Chart.yaml +++ b/charts/keptn-lifecycle-operator/Chart.yaml @@ -26,10 +26,10 @@ annotations: artifacthub.io/license: Apache-2.0 artifacthub.io/operator: 'true' artifacthub.io/operatorCapabilities: Full Lifecycle -kubeVersion: '>= 1.24.0-0' +kubeVersion: '>= 1.27.0-0' type: application -version: 0.5.0 -appVersion: v1.2.0 # x-release-please-version +version: 0.6.0 # Helm Chart version +appVersion: v2.0.0 # x-release-please-version dependencies: - name: common repository: https://charts.lifecycle.keptn.sh diff --git a/charts/keptn-lifecycle-operator/README.md b/charts/keptn-lifecycle-operator/README.md index 7abedc3d..271cc4e6 100644 --- a/charts/keptn-lifecycle-operator/README.md +++ b/charts/keptn-lifecycle-operator/README.md @@ -11,94 +11,67 @@ and application health checks ### Global parameters -| Name | Description | Value | -| ------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------- | -| `global.certManagerEnabled` | Enable this value to install Keptn Certificate Manager | `true` | -| `global.imageRegistry` | Global container image registry | `ghcr.io` | -| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` | -| `global.imagePullPolicy` | select global image pull policy | `""` | -| `global.commonLabels` | Common labels to add to all Keptn resources. Evaluated as a template | `{}` | -| `global.commonAnnotations` | Common annotations to add to all Keptn resources. Evaluated as a template | `{}` | -| `global.caInjectionAnnotations` | CA injection annotations for cert-manager.io configuration | `{}` | -| `global.openShift.enabled` | Enable this value to install on Openshift | `false` | -| `lifecycleOperatorConfig.health.healthProbeBindAddress` | setup on what address to start the default health handler | `:8081` | -| `lifecycleOperatorConfig.leaderElection.leaderElect` | enable leader election for multiple replicas of the lifecycle operator | `true` | -| `lifecycleOperatorConfig.leaderElection.resourceName` | define LeaderElectionID | `6b866dd9.keptn.sh` | -| `lifecycleOperatorConfig.metrics.bindAddress` | MetricsBindAddress is the TCP address that the controller should bind to for serving prometheus metrics. It can be set to "0" to disable the metrics serving. | `127.0.0.1:8080` | -| `lifecycleOperatorConfig.webhook.port` | setup port for the lifecycle operator admission webhook | `9443` | -| `lifecycleWebhookService` | Mutating Webhook Configurations for lifecycle Operator | | -| `lifecycleWebhookService.ports[0].port` | | `443` | -| `lifecycleWebhookService.ports[0].protocol` | | `TCP` | -| `lifecycleWebhookService.ports[0].targetPort` | | `9443` | -| `lifecycleWebhookService.type` | | `ClusterIP` | - -### Keptn Lifecycle Operator controller - -| Name | Description | Value | -| --------------------------------------------------------------------- | ------------------------------------------------------------------------------ | ------------------------------------- | -| `lifecycleOperator.containerSecurityContext` | Sets security context privileges | | -| `lifecycleOperator.containerSecurityContext.allowPrivilegeEscalation` | | `false` | -| `lifecycleOperator.containerSecurityContext.capabilities.drop` | | `["ALL"]` | -| `lifecycleOperator.containerSecurityContext.privileged` | | `false` | -| `lifecycleOperator.containerSecurityContext.runAsGroup` | | `65532` | -| `lifecycleOperator.containerSecurityContext.runAsNonRoot` | | `true` | -| `lifecycleOperator.containerSecurityContext.runAsUser` | | `65532` | -| `lifecycleOperator.containerSecurityContext.seccompProfile.type` | | `RuntimeDefault` | -| `lifecycleOperator.env.functionRunnerImage` | specify image for deno task runtime | `ghcr.io/keptn/deno-runtime:v3.0.0` | -| `lifecycleOperator.env.keptnAppControllerLogLevel` | sets the log level of Keptn App Controller | `0` | -| `lifecycleOperator.env.keptnAppCreationRequestControllerLogLevel` | sets the log level of Keptn App Creation Request Controller | `0` | -| `lifecycleOperator.env.keptnAppVersionControllerLogLevel` | sets the log level of Keptn AppVersion Controller | `0` | -| `lifecycleOperator.env.keptnEvaluationControllerLogLevel` | sets the log level of Keptn Evaluation Controller | `0` | -| `lifecycleOperator.env.keptnTaskControllerLogLevel` | sets the log level of Keptn Task Controller | `0` | -| `lifecycleOperator.env.keptnTaskDefinitionControllerLogLevel` | sets the log level of Keptn TaskDefinition Controller | `0` | -| `lifecycleOperator.env.keptnWorkloadControllerLogLevel` | sets the log level of Keptn Workload Controller | `0` | -| `lifecycleOperator.env.keptnWorkloadVersionControllerLogLevel` | sets the log level of Keptn WorkloadVersion Controller | `0` | -| `lifecycleOperator.env.keptnDoraMetricsPort` | sets the port for accessing lifecycle metrics in prometheus format | `2222` | -| `lifecycleOperator.env.optionsControllerLogLevel` | sets the log level of Keptn Options Controller | `0` | -| `lifecycleOperator.env.pythonRunnerImage` | specify image for python task runtime | `ghcr.io/keptn/python-runtime:v1.0.7` | -| `lifecycleOperator.image.registry` | specify the container registry for the lifecycle-operator image | `""` | -| `lifecycleOperator.image.repository` | specify registry for manager image | `keptn/lifecycle-operator` | -| `lifecycleOperator.image.tag` | select tag for manager image | `v1.2.0` | -| `lifecycleOperator.image.imagePullPolicy` | specify pull policy for the manager image. This overrides global values | `""` | -| `lifecycleOperator.livenessProbe` | custom liveness probe for manager container | | -| `lifecycleOperator.readinessProbe` | custom readinessprobe for manager container | | -| `lifecycleOperator.resources` | specify limits and requests for manager container | | -| `lifecycleOperator.nodeSelector` | add custom nodes selector to lifecycle operator | `{}` | -| `lifecycleOperator.replicas` | customize number of installed lifecycle operator replicas | `1` | -| `lifecycleOperator.tolerations` | add custom tolerations to lifecycle operator | `[]` | -| `lifecycleOperator.topologySpreadConstraints` | add custom topology constraints to lifecycle operator | `[]` | -| `lifecycleOperator.hostNetwork` | Sets hostNetwork option for lifecycle operator | `false` | -| `lifecycleOperatorMetricsService` | Adjust settings here to change the k8s service for scraping Prometheus metrics | | +| Name | Description | Value | +| --------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------- | +| `global.certManagerEnabled` | Enable this value to install Keptn Certificate Manager | `true` | +| `global.imageRegistry` | Global container image registry | `ghcr.io` | +| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` | +| `global.imagePullPolicy` | select global image pull policy | `""` | +| `global.commonLabels` | Common labels to add to all Keptn resources. Evaluated as a template | `{}` | +| `global.commonAnnotations` | Common annotations to add to all Keptn resources. Evaluated as a template | `{}` | +| `global.caInjectionAnnotations` | CA injection annotations for cert-manager.io configuration | `{}` | +| `global.openShift.enabled` | Enable this value to install on Openshift | `false` | +| `config.health.healthProbeBindAddress` | setup on what address to start the default health handler | `:8081` | +| `config.leaderElection.leaderElect` | enable leader election for multiple replicas of the lifecycle operator | `true` | +| `config.leaderElection.resourceName` | define LeaderElectionID | `6b866dd9.keptn.sh` | +| `config.metrics.bindAddress` | MetricsBindAddress is the TCP address that the controller should bind to for serving prometheus metrics. It can be set to "0" to disable the metrics serving. | `127.0.0.1:8080` | +| `config.webhook.port` | setup port for the lifecycle operator admission webhook | `9443` | +| `webhookService` | Mutating Webhook Configurations for lifecycle Operator | | +| `webhookService.ports[0].port` | | `443` | +| `webhookService.ports[0].protocol` | | `TCP` | +| `webhookService.ports[0].targetPort` | | `9443` | +| `webhookService.type` | | `ClusterIP` | +| `containerSecurityContext` | Sets security context privileges | | +| `containerSecurityContext.allowPrivilegeEscalation` | | `false` | +| `containerSecurityContext.capabilities.drop` | | `["ALL"]` | +| `containerSecurityContext.privileged` | | `false` | +| `containerSecurityContext.runAsGroup` | | `65532` | +| `containerSecurityContext.runAsNonRoot` | | `true` | +| `containerSecurityContext.runAsUser` | | `65532` | +| `containerSecurityContext.seccompProfile.type` | | `RuntimeDefault` | +| `env.functionRunnerImage` | specify image for deno task runtime | `ghcr.io/keptn/deno-runtime:v3.0.1` | +| `env.keptnAppControllerLogLevel` | sets the log level of Keptn App Controller | `0` | +| `env.keptnAppCreationRequestControllerLogLevel` | sets the log level of Keptn App Creation Request Controller | `0` | +| `env.keptnAppVersionControllerLogLevel` | sets the log level of Keptn AppVersion Controller | `0` | +| `env.keptnEvaluationControllerLogLevel` | sets the log level of Keptn Evaluation Controller | `0` | +| `env.keptnTaskControllerLogLevel` | sets the log level of Keptn Task Controller | `0` | +| `env.keptnTaskDefinitionControllerLogLevel` | sets the log level of Keptn TaskDefinition Controller | `0` | +| `env.keptnWorkloadControllerLogLevel` | sets the log level of Keptn Workload Controller | `0` | +| `env.keptnWorkloadVersionControllerLogLevel` | sets the log level of Keptn WorkloadVersion Controller | `0` | +| `env.keptnDoraMetricsPort` | sets the port for accessing lifecycle metrics in prometheus format | `2222` | +| `env.optionsControllerLogLevel` | sets the log level of Keptn Options Controller | `0` | +| `env.pythonRunnerImage` | specify image for python task runtime | `ghcr.io/keptn/python-runtime:v1.0.8` | +| `image.registry` | specify the container registry for the lifecycle-operator image | `""` | +| `image.repository` | specify registry for manager image | `keptn/lifecycle-operator` | +| `image.tag` | select tag for manager image | `v2.0.0` | +| `image.imagePullPolicy` | specify pull policy for the manager image. This overrides global values | `""` | +| `livenessProbe` | custom liveness probe for manager container | | +| `readinessProbe` | custom readinessprobe for manager container | | +| `resources` | specify limits and requests for manager container | | +| `nodeSelector` | add custom nodes selector to lifecycle operator | `{}` | +| `replicas` | customize number of installed lifecycle operator replicas | `1` | +| `tolerations` | add custom tolerations to lifecycle operator | `[]` | +| `topologySpreadConstraints` | add custom topology constraints to lifecycle operator | `[]` | +| `hostNetwork` | Sets hostNetwork option for lifecycle operator | `false` | +| `operatorMetricsService` | Adjust settings here to change the k8s service for scraping Prometheus metrics | | ### Global -| Name | Description | Value | -| ------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------------------- | -| `kubernetesClusterDomain` | overrides cluster.local | `cluster.local` | -| `annotations` | add deployment level annotations | `{}` | -| `podAnnotations` | adds pod level annotations | `{}` | -| `schedulingGatesEnabled` | enables the scheduling gates in lifecycle-operator. This feature is available in alpha version from K8s 1.27 or 1.26 enabling the alpha version | `false` | -| `promotionTasksEnabled` | enables the promotion task feature in the lifecycle-operator. | `false` | -| `allowedNamespaces` | specifies the allowed namespaces for the lifecycle orchestration functionality | `[]` | -| `deniedNamespaces` | specifies a list of namespaces where the lifecycle orchestration functionality is disabled, ignored if `allowedNamespaces` is set | `["cert-manager","keptn-system","observability","monitoring"]` | - -### Keptn Scheduler - -| Name | Description | Value | -| ------------------------------------------------------------ | ----------------------------------------------------------------------- | --------------------- | -| `scheduler.nodeSelector` | adds node selectors for scheduler | `{}` | -| `scheduler.replicas` | modifies replicas | `1` | -| `scheduler.containerSecurityContext` | Sets security context | | -| `scheduler.env.otelCollectorUrl` | sets url for open telemetry collector | `otel-collector:4317` | -| `scheduler.image.registry` | specify the container registry for the scheduler image | `""` | -| `scheduler.image.repository` | set image repository for scheduler | `keptn/scheduler` | -| `scheduler.image.tag` | set image tag for scheduler | `v1.0.2` | -| `scheduler.image.imagePullPolicy` | specify pull policy for the manager image. This overrides global values | `""` | -| `scheduler.livenessProbe` | customizable liveness probe for the scheduler | | -| `scheduler.readinessProbe` | customizable readiness probe for the scheduler | | -| `scheduler.resources` | sets cpu and memory resources/limits for scheduler | | -| `scheduler.topologySpreadConstraints` | add topology constraints for scheduler | `[]` | -| `schedulerConfig.profiles[0].schedulerName` | changes scheduler name | `keptn-scheduler` | -| `schedulerConfig.leaderElection.leaderElect` | enables leader election for multiple replicas of the scheduler | `false` | -| `schedulerConfig.profiles[0].plugins.permit.enabled[0].name` | enables permit plugin | `KLCPermit` | -| `scheduler.tolerations` | adds tolerations for scheduler | `[]` | +| Name | Description | Value | +| ------------------------- | --------------------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------------------- | +| `kubernetesClusterDomain` | overrides cluster.local | `cluster.local` | +| `annotations` | add deployment level annotations | `{}` | +| `podAnnotations` | adds pod level annotations | `{}` | +| `promotionTasksEnabled` | enables the promotion task feature in the lifecycle-operator. | `false` | +| `allowedNamespaces` | specifies the allowed namespaces for the lifecycle orchestration functionality | `[]` | +| `deniedNamespaces` | specifies a list of namespaces where the lifecycle orchestration functionality is disabled, ignored if `allowedNamespaces` is set | `["cert-manager","keptn-system","observability","monitoring"]` | diff --git a/charts/keptn-lifecycle-operator/templates/_helpers.tpl b/charts/keptn-lifecycle-operator/templates/_helpers.tpl index e9598caa..c5a49fc3 100644 --- a/charts/keptn-lifecycle-operator/templates/_helpers.tpl +++ b/charts/keptn-lifecycle-operator/templates/_helpers.tpl @@ -1,13 +1,6 @@ {{/* Return the proper Image Registry Secret Names for lifecycle operator */}} -{{- define "lifecycleOperator.imagePullSecrets" -}} -{{ include "common.images.renderPullSecrets" (dict "images" (list .Values.lifecycleOperator.image) "context" $) }} -{{- end -}} - -{{/* -Return the proper Image Registry Secret Names for scheduler -*/}} -{{- define "scheduler.imagePullSecrets" -}} -{{ include "common.images.renderPullSecrets" (dict "images" (list .Values.scheduler.image) "context" $) }} +{{- define "imagePullSecrets" -}} +{{ include "common.images.renderPullSecrets" (dict "images" (list .Values.image) "context" $) }} {{- end -}} diff --git a/charts/keptn-lifecycle-operator/templates/deployment.yaml b/charts/keptn-lifecycle-operator/templates/deployment.yaml index bde24392..e8c69525 100644 --- a/charts/keptn-lifecycle-operator/templates/deployment.yaml +++ b/charts/keptn-lifecycle-operator/templates/deployment.yaml @@ -1,17 +1,3 @@ -{{- if or (le .Capabilities.KubeVersion.Minor "26") (not .Values.schedulingGatesEnabled) }} ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: keptn-scheduler - namespace: {{ .Release.Namespace | quote }} - {{- $annotations := include "common.annotations" (dict "context" .) }} - {{- with $annotations }} - annotations: {{- . -}} - {{- end }} - labels: -{{- include "common.labels.standard" ( dict "context" . ) | nindent 4 }} -{{- end }} --- apiVersion: v1 kind: ServiceAccount @@ -34,7 +20,7 @@ metadata: {{- include "common.labels.standard" ( dict "context" . ) | nindent 4 }} {{- include "common.annotations" ( dict "context" . ) }} spec: - replicas: {{ .Values.lifecycleOperator.replicas }} + replicas: {{ .Values.replicas }} selector: matchLabels: control-plane: lifecycle-operator @@ -67,40 +53,37 @@ spec: fieldRef: fieldPath: metadata.name - name: FUNCTION_RUNNER_IMAGE - value: {{ .Values.lifecycleOperator.env.functionRunnerImage | quote }} + value: {{ .Values.env.functionRunnerImage | quote }} - name: PYTHON_RUNNER_IMAGE - value: {{ .Values.lifecycleOperator.env.pythonRunnerImage | quote }} + value: {{ .Values.env.pythonRunnerImage | quote }} - name: KEPTN_APP_CONTROLLER_LOG_LEVEL - value: {{ .Values.lifecycleOperator.env.keptnAppControllerLogLevel | quote + value: {{ .Values.env.keptnAppControllerLogLevel | quote }} - name: KEPTN_APP_CREATION_REQUEST_CONTROLLER_LOG_LEVEL - value: {{ .Values.lifecycleOperator.env.keptnAppCreationRequestControllerLogLevel + value: {{ .Values.env.keptnAppCreationRequestControllerLogLevel | quote }} - name: KEPTN_APP_VERSION_CONTROLLER_LOG_LEVEL - value: {{ .Values.lifecycleOperator.env.keptnAppVersionControllerLogLevel + value: {{ .Values.env.keptnAppVersionControllerLogLevel | quote }} - name: KEPTN_EVALUATION_CONTROLLER_LOG_LEVEL - value: {{ .Values.lifecycleOperator.env.keptnEvaluationControllerLogLevel + value: {{ .Values.env.keptnEvaluationControllerLogLevel | quote }} - name: KEPTN_TASK_CONTROLLER_LOG_LEVEL - value: {{ .Values.lifecycleOperator.env.keptnTaskControllerLogLevel | quote + value: {{ .Values.env.keptnTaskControllerLogLevel | quote }} - name: KEPTN_TASK_DEFINITION_CONTROLLER_LOG_LEVEL - value: {{ .Values.lifecycleOperator.env.keptnTaskDefinitionControllerLogLevel + value: {{ .Values.env.keptnTaskDefinitionControllerLogLevel | quote }} - name: KEPTN_WORKLOAD_CONTROLLER_LOG_LEVEL - value: {{ .Values.lifecycleOperator.env.keptnWorkloadControllerLogLevel + value: {{ .Values.env.keptnWorkloadControllerLogLevel | quote }} - name: KEPTN_WORKLOAD_VERSION_CONTROLLER_LOG_LEVEL - value: {{ .Values.lifecycleOperator.env.keptnWorkloadVersionControllerLogLevel + value: {{ .Values.env.keptnWorkloadVersionControllerLogLevel | quote }} - name: KEPTN_DORA_METRICS_PORT - value: {{ .Values.lifecycleOperator.env.keptnDoraMetricsPort | quote }} + value: {{ .Values.env.keptnDoraMetricsPort | quote }} - name: OPTIONS_CONTROLLER_LOG_LEVEL - value: {{ .Values.lifecycleOperator.env.optionsControllerLogLevel | quote - }} - - name: SCHEDULING_GATES_ENABLED - value: {{ .Values.schedulingGatesEnabled | quote + value: {{ .Values.env.optionsControllerLogLevel | quote }} - name: PROMOTION_TASKS_ENABLED value: {{ .Values.promotionTasksEnabled | quote @@ -109,8 +92,8 @@ spec: value: {{ .Values.kubernetesClusterDomain }} - name: CERT_MANAGER_ENABLED value: {{ .Values.global.certManagerEnabled | quote }} - image: {{ include "common.images.image" ( dict "imageRoot" .Values.lifecycleOperator.image "global" .Values.global ) }} - imagePullPolicy: {{ .Values.lifecycleOperator.image.imagePullPolicy | default (.Values.global.imagePullPolicy | default "IfNotPresent") }} + image: {{ include "common.images.image" ( dict "imageRoot" .Values.image "global" .Values.global ) }} + imagePullPolicy: {{ .Values.image.imagePullPolicy | default (.Values.global.imagePullPolicy | default "IfNotPresent") }} name: lifecycle-operator ports: - containerPort: 9443 @@ -119,29 +102,29 @@ spec: - containerPort: 2222 name: metrics protocol: TCP - resources: {{- toYaml .Values.lifecycleOperator.resources | nindent 10 }} + resources: {{- toYaml .Values.resources | nindent 10 }} securityContext: - allowPrivilegeEscalation: {{ .Values.lifecycleOperator.containerSecurityContext.allowPrivilegeEscalation + allowPrivilegeEscalation: {{ .Values.containerSecurityContext.allowPrivilegeEscalation }} - capabilities: {{- include "common.tplvalues.render" (dict "value" .Values.lifecycleOperator.containerSecurityContext.capabilities + capabilities: {{- include "common.tplvalues.render" (dict "value" .Values.containerSecurityContext.capabilities "context" $) | nindent 12 }} - privileged: {{ .Values.lifecycleOperator.containerSecurityContext.privileged + privileged: {{ .Values.containerSecurityContext.privileged }} {{- if not .Values.global.openShift.enabled }} - runAsGroup: {{ .Values.lifecycleOperator.containerSecurityContext.runAsGroup + runAsGroup: {{ .Values.containerSecurityContext.runAsGroup }} - runAsUser: {{ .Values.lifecycleOperator.containerSecurityContext.runAsUser + runAsUser: {{ .Values.containerSecurityContext.runAsUser }} {{- end }} - runAsNonRoot: {{ .Values.lifecycleOperator.containerSecurityContext.runAsNonRoot + runAsNonRoot: {{ .Values.containerSecurityContext.runAsNonRoot }} - seccompProfile: {{- include "common.tplvalues.render" (dict "value" .Values.lifecycleOperator.containerSecurityContext.seccompProfile + seccompProfile: {{- include "common.tplvalues.render" (dict "value" .Values.containerSecurityContext.seccompProfile "context" $) | nindent 12 }} volumeMounts: - name: keptn-certs mountPath: /tmp/webhook/certs/ - {{- if .Values.lifecycleOperator.livenessProbe }} - livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.lifecycleOperator.livenessProbe "context" $) | nindent 10 }} + {{- if .Values.livenessProbe }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.livenessProbe "context" $) | nindent 10 }} {{- else }} livenessProbe: httpGet: @@ -150,8 +133,8 @@ spec: initialDelaySeconds: 15 periodSeconds: 20 {{- end }} - {{- if .Values.lifecycleOperator.readinessProbe }} - readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.lifecycleOperator.readinessProbe "context" $) | nindent 10 }} + {{- if .Values.readinessProbe }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.readinessProbe "context" $) | nindent 10 }} {{- else }} readinessProbe: httpGet: @@ -160,114 +143,22 @@ spec: initialDelaySeconds: 5 periodSeconds: 10 {{- end }} - {{- include "lifecycleOperator.imagePullSecrets" . | nindent 6 }} + {{- include "imagePullSecrets" . | nindent 6 }} securityContext: runAsNonRoot: true serviceAccountName: lifecycle-operator terminationGracePeriodSeconds: 10 - hostNetwork: {{ .Values.lifecycleOperator.hostNetwork }} + hostNetwork: {{ .Values.hostNetwork }} volumes: - name: keptn-certs secret: secretName: keptn-certs -{{- if .Values.lifecycleOperator.topologySpreadConstraints }} - topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.lifecycleOperator.topologySpreadConstraints "context" $) | nindent 8 }} -{{- end }} -{{- if .Values.lifecycleOperator.nodeSelector }} - nodeSelector: {{- include "common.tplvalues.render" ( dict "value" .Values.lifecycleOperator.nodeSelector "context" $) | nindent 8 }} -{{- end }} -{{- if .Values.lifecycleOperator.tolerations }} - tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.lifecycleOperator.tolerations "context" .) | nindent 8 }} -{{- end }} - -{{- if or (le .Capabilities.KubeVersion.Minor "26") (not .Values.schedulingGatesEnabled) }} ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: scheduler - namespace: {{ .Release.Namespace | quote }} - labels: - component: scheduler -{{- include "common.labels.standard" ( dict "context" . ) | nindent 4 }} -{{- include "common.annotations" ( dict "context" . ) }} -spec: - replicas: {{ .Values.scheduler.replicas }} - selector: - matchLabels: - component: scheduler - {{- include "common.selectorLabels" ( dict "context" . ) | nindent 6 }} - template: - metadata: - labels: - component: scheduler - {{- include "common.selectorLabels" ( dict "context" . ) | nindent 8 }} - spec: - containers: - - command: - - /bin/kube-scheduler - - --config=/etc/kubernetes/scheduler-config.yaml - env: - - name: OTEL_COLLECTOR_URL - value: {{ .Values.scheduler.env.otelCollectorUrl | quote }} - - name: KUBERNETES_CLUSTER_DOMAIN - value: {{ .Values.kubernetesClusterDomain }} - image: {{ include "common.images.image" ( dict "imageRoot" .Values.scheduler.image "global" .Values.global ) }} - imagePullPolicy: {{.Values.scheduler.image.imagePullPolicy | default (.Values.global.imagePullPolicy | default "IfNotPresent") }} - name: scheduler - resources: {{- toYaml .Values.scheduler.resources | nindent 10 }} - securityContext: - allowPrivilegeEscalation: {{ .Values.scheduler.containerSecurityContext.allowPrivilegeEscalation - }} - capabilities: {{- include "common.tplvalues.render" (dict "value" .Values.scheduler.containerSecurityContext.capabilities - "context" $) | nindent 12 }} - privileged: {{ .Values.scheduler.containerSecurityContext.privileged - }} - readOnlyRootFilesystem: {{ .Values.scheduler.containerSecurityContext.readOnlyRootFilesystem - }} - runAsNonRoot: {{ .Values.scheduler.containerSecurityContext.runAsNonRoot - }} - {{- if not .Values.global.openShift.enabled }} - runAsUser: {{ .Values.scheduler.containerSecurityContext.runAsUser }} - {{- end }} - seccompProfile: {{- include "common.tplvalues.render" (dict "value" .Values.scheduler.containerSecurityContext.seccompProfile - "context" $) | nindent 12 }} - volumeMounts: - - mountPath: /etc/kubernetes - name: scheduler-config - readOnly: true - {{- if .Values.scheduler.livenessProbe }} - livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.scheduler.livenessProbe "context" $) | nindent 10 }} - {{- else }} - livenessProbe: - httpGet: - path: /healthz - port: 10259 - scheme: HTTPS - initialDelaySeconds: 15 - {{- end }} - {{- if .Values.scheduler.readinessProbe }} - readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.scheduler.readinessProbe "context" $) | nindent 10 }} - {{- else }} - readinessProbe: - httpGet: - path: /healthz - port: 10259 - scheme: HTTPS - {{- end }} - {{- include "scheduler.imagePullSecrets" . | nindent 6 }} - serviceAccountName: keptn-scheduler - volumes: - - configMap: - name: scheduler-config - name: scheduler-config -{{- if .Values.scheduler.topologySpreadConstraints }} - topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.scheduler.topologySpreadConstraints "context" $) | nindent 8 }} -{{- end }} -{{- if .Values.scheduler.nodeSelector }} - nodeSelector: {{- include "common.tplvalues.render" ( dict "value" .Values.scheduler.nodeSelector "context" $) | nindent 8 }} +{{- if .Values.topologySpreadConstraints }} + topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.topologySpreadConstraints "context" $) | nindent 8 }} {{- end }} -{{- if .Values.scheduler.tolerations }} - tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.scheduler.tolerations "context" .) | nindent 8 }} +{{- if .Values.nodeSelector }} + nodeSelector: {{- include "common.tplvalues.render" ( dict "value" .Values.nodeSelector "context" $) | nindent 8 }} {{- end }} +{{- if .Values.tolerations }} + tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.tolerations "context" .) | nindent 8 }} {{- end }} diff --git a/charts/keptn-lifecycle-operator/templates/extension-apiserver-authentication-reader-rbac.yaml b/charts/keptn-lifecycle-operator/templates/extension-apiserver-authentication-reader-rbac.yaml deleted file mode 100644 index 44ee048c..00000000 --- a/charts/keptn-lifecycle-operator/templates/extension-apiserver-authentication-reader-rbac.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- if or (le .Capabilities.KubeVersion.Minor "26") (not .Values.schedulingGatesEnabled) }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: extension-apiserver-authentication-reader - namespace: {{ .Release.Namespace | quote }} - {{- $annotations := include "common.annotations" (dict "context" .) }} - {{- with $annotations }} - annotations: {{- . -}} - {{- end }} - labels: -{{- include "common.labels.standard" ( dict "context" . ) | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: 'extension-apiserver-authentication-reader' -subjects: -- kind: ServiceAccount - name: 'keptn-scheduler' - namespace: '{{ .Release.Namespace }}' -{{- end }} \ No newline at end of file diff --git a/charts/keptn-lifecycle-operator/templates/keptn-scheduler-rbac.yaml b/charts/keptn-lifecycle-operator/templates/keptn-scheduler-rbac.yaml deleted file mode 100644 index 82e6fb44..00000000 --- a/charts/keptn-lifecycle-operator/templates/keptn-scheduler-rbac.yaml +++ /dev/null @@ -1,210 +0,0 @@ -{{- if or (le .Capabilities.KubeVersion.Minor "26") (not .Values.schedulingGatesEnabled) }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: keptn-scheduler - namespace: {{ .Release.Namespace | quote }} - {{- $annotations := include "common.annotations" (dict "context" .) }} - {{- with $annotations }} - annotations: {{- . -}} - {{- end }} - labels: -{{- include "common.labels.standard" ( dict "context" . ) | nindent 4 }} -rules: -- apiGroups: - - "" - resources: - - namespaces - verbs: - - get - - list - - watch -- apiGroups: - - "" - - events.k8s.io - resources: - - events - verbs: - - create - - patch - - update -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - create -- apiGroups: - - coordination.k8s.io - resourceNames: - - kube-scheduler - resources: - - leases - verbs: - - get - - update -- apiGroups: - - "" - resources: - - endpoints - verbs: - - create -- apiGroups: - - "" - resourceNames: - - kube-scheduler - resources: - - endpoints - verbs: - - get - - update -- apiGroups: - - "" - resources: - - nodes - verbs: - - get - - list - - watch - - patch -- apiGroups: - - "" - resources: - - pods - verbs: - - delete - - get - - list - - watch - - update -- apiGroups: - - "" - resources: - - bindings - - pods/binding - verbs: - - create -- apiGroups: - - "" - resources: - - pods/status - verbs: - - patch - - update -- apiGroups: - - "" - resources: - - replicationcontrollers - - services - verbs: - - get - - list - - watch -- apiGroups: - - apps - - extensions - resources: - - replicasets - verbs: - - get - - list - - watch -- apiGroups: - - apps - resources: - - statefulsets - verbs: - - get - - list - - watch -- apiGroups: - - policy - resources: - - poddisruptionbudgets - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - persistentvolumeclaims - - persistentvolumes - verbs: - - get - - list - - watch - - patch - - update -- apiGroups: - - authentication.k8s.io - resources: - - tokenreviews - verbs: - - create -- apiGroups: - - authorization.k8s.io - resources: - - subjectaccessreviews - verbs: - - create -- apiGroups: - - storage.k8s.io - resources: - - csinodes - - storageclasses - - csidrivers - - csistoragecapacities - verbs: - - get - - list - - watch -- apiGroups: - - scheduling.sigs.k8s.io - resources: - - podgroups - - elasticquotas - verbs: - - get - - list - - watch - - create - - delete - - update - - patch -- apiGroups: - - lifecycle.keptn.sh - resources: - - keptnworkloadversions - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - configmaps - verbs: - - get - - list - - watch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: keptn-scheduler - namespace: {{ .Release.Namespace | quote }} - {{- with $annotations }} - annotations: {{- . -}} - {{- end }} - labels: -{{- include "common.labels.standard" ( dict "context" . ) | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: 'keptn-scheduler' -subjects: -- kind: ServiceAccount - name: 'keptn-scheduler' - namespace: '{{ .Release.Namespace }}' -{{- end }} \ No newline at end of file diff --git a/charts/keptn-lifecycle-operator/templates/lifecycle-manager-config.yaml b/charts/keptn-lifecycle-operator/templates/lifecycle-manager-config.yaml index 66a72555..ffe685be 100644 --- a/charts/keptn-lifecycle-operator/templates/lifecycle-manager-config.yaml +++ b/charts/keptn-lifecycle-operator/templates/lifecycle-manager-config.yaml @@ -13,17 +13,17 @@ data: controller_manager_config.yaml: | apiVersion: controller-runtime.sigs.k8s.io/v1alpha1 health: - healthProbeBindAddress: {{ .Values.lifecycleOperatorConfig.health.healthProbeBindAddress + healthProbeBindAddress: {{ .Values.config.health.healthProbeBindAddress | quote }} kind: ControllerManagerConfig leaderElection: - leaderElect: {{ .Values.lifecycleOperatorConfig.leaderElection.leaderElect + leaderElect: {{ .Values.config.leaderElection.leaderElect }} - resourceName: {{ .Values.lifecycleOperatorConfig.leaderElection.resourceName + resourceName: {{ .Values.config.leaderElection.resourceName | quote }} metrics: - bindAddress: {{ .Values.lifecycleOperatorConfig.metrics.bindAddress + bindAddress: {{ .Values.config.metrics.bindAddress | quote }} webhook: - port: {{ .Values.lifecycleOperatorConfig.webhook.port + port: {{ .Values.config.webhook.port }} \ No newline at end of file diff --git a/charts/keptn-lifecycle-operator/templates/lifecycle-operator-metrics-service.yaml b/charts/keptn-lifecycle-operator/templates/lifecycle-operator-metrics-service.yaml index 62d55783..520d2115 100644 --- a/charts/keptn-lifecycle-operator/templates/lifecycle-operator-metrics-service.yaml +++ b/charts/keptn-lifecycle-operator/templates/lifecycle-operator-metrics-service.yaml @@ -11,9 +11,9 @@ metadata: control-plane: lifecycle-operator {{- include "common.labels.standard" ( dict "context" . ) | nindent 4 }} spec: - type: {{ .Values.lifecycleOperatorMetricsService.type }} + type: {{ .Values.operatorMetricsService.type }} selector: control-plane: lifecycle-operator {{- include "common.selectorLabels" ( dict "context" . ) | nindent 4 }} ports: - {{- .Values.lifecycleOperatorMetricsService.ports | toYaml | nindent 2 -}} \ No newline at end of file + {{- .Values.operatorMetricsService.ports | toYaml | nindent 2 -}} \ No newline at end of file diff --git a/charts/keptn-lifecycle-operator/templates/lifecycle-webhook-service.yaml b/charts/keptn-lifecycle-operator/templates/lifecycle-webhook-service.yaml index 80a47574..7c6438a3 100644 --- a/charts/keptn-lifecycle-operator/templates/lifecycle-webhook-service.yaml +++ b/charts/keptn-lifecycle-operator/templates/lifecycle-webhook-service.yaml @@ -10,9 +10,9 @@ metadata: labels: {{- include "common.labels.standard" ( dict "context" . ) | nindent 4 }} spec: - type: {{ .Values.lifecycleWebhookService.type }} + type: {{ .Values.webhookService.type }} selector: control-plane: lifecycle-operator {{- include "common.selectorLabels" ( dict "context" . ) | nindent 4 }} ports: - {{- .Values.lifecycleWebhookService.ports | toYaml | nindent 2 -}} \ No newline at end of file + {{- .Values.webhookService.ports | toYaml | nindent 2 -}} \ No newline at end of file diff --git a/charts/keptn-lifecycle-operator/templates/scheduler-config.yaml b/charts/keptn-lifecycle-operator/templates/scheduler-config.yaml deleted file mode 100644 index 24815ff6..00000000 --- a/charts/keptn-lifecycle-operator/templates/scheduler-config.yaml +++ /dev/null @@ -1,22 +0,0 @@ -{{- if or (le .Capabilities.KubeVersion.Minor "26") (not .Values.schedulingGatesEnabled) }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: scheduler-config - namespace: {{ .Release.Namespace | quote }} - {{- $annotations := include "common.annotations" (dict "context" .) }} - {{- with $annotations }} - annotations: {{- . -}} - {{- end }} - labels: -{{- include "common.labels.standard" ( dict "context" . ) | nindent 4 }} -data: - scheduler-config.yaml: | - apiVersion: kubescheduler.config.k8s.io/v1beta3 - kind: KubeSchedulerConfiguration - leaderElection: - leaderElect: {{ .Values.schedulerConfig.leaderElection.leaderElect - }} - profiles: {{ toYaml .Values.schedulerConfig.profiles | nindent - 6 }} -{{- end }} \ No newline at end of file diff --git a/charts/keptn-lifecycle-operator/templates/scheduler-leader-election-rbac.yaml b/charts/keptn-lifecycle-operator/templates/scheduler-leader-election-rbac.yaml deleted file mode 100644 index 67ecb010..00000000 --- a/charts/keptn-lifecycle-operator/templates/scheduler-leader-election-rbac.yaml +++ /dev/null @@ -1,65 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: keptn-scheduler-leader-election-role - namespace: {{ .Release.Namespace | quote }} - {{- $annotations := include "common.annotations" (dict "context" .) }} - {{- with $annotations }} - annotations: {{- . -}} - {{- end }} - labels: - app.kubernetes.io/component: rbac - app.kubernetes.io/created-by: scheduler - app.kubernetes.io/part-of: keptn -{{- include "common.labels.standard" ( dict "context" . ) | nindent 4 }} -rules: -- apiGroups: - - "" - resources: - - configmaps - verbs: - - get - - list - - watch - - create - - update - - patch - - delete -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - get - - list - - watch - - create - - update - - patch - - delete -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: keptn-scheduler-leader-election-rolebinding - namespace: {{ .Release.Namespace | quote }} - {{- with $annotations }} - annotations: {{- . -}} - {{- end }} - labels: -{{- include "common.labels.standard" ( dict "context" . ) | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: 'keptn-scheduler-leader-election-role' -subjects: -- kind: ServiceAccount - name: 'keptn-scheduler' - namespace: '{{ .Release.Namespace }}' diff --git a/charts/keptn-lifecycle-operator/values.yaml b/charts/keptn-lifecycle-operator/values.yaml index 0f75a02e..413f2b8d 100644 --- a/charts/keptn-lifecycle-operator/values.yaml +++ b/charts/keptn-lifecycle-operator/values.yaml @@ -30,139 +30,137 @@ global: ## @param global.openShift.enabled Enable this value to install on Openshift enabled: false -lifecycleOperatorConfig: +config: health: -## @param lifecycleOperatorConfig.health.healthProbeBindAddress setup on what address to start the default health handler +## @param config.health.healthProbeBindAddress setup on what address to start the default health handler healthProbeBindAddress: :8081 leaderElection: -## @param lifecycleOperatorConfig.leaderElection.leaderElect enable leader election for multiple replicas of the lifecycle operator +## @param config.leaderElection.leaderElect enable leader election for multiple replicas of the lifecycle operator leaderElect: true -## @param lifecycleOperatorConfig.leaderElection.resourceName define LeaderElectionID +## @param config.leaderElection.resourceName define LeaderElectionID resourceName: 6b866dd9.keptn.sh metrics: -## @param lifecycleOperatorConfig.metrics.bindAddress MetricsBindAddress is the TCP address that the controller should bind to for serving prometheus metrics. It can be set to "0" to disable the metrics serving. +## @param config.metrics.bindAddress MetricsBindAddress is the TCP address that the controller should bind to for serving prometheus metrics. It can be set to "0" to disable the metrics serving. bindAddress: 127.0.0.1:8080 webhook: -## @param lifecycleOperatorConfig.webhook.port setup port for the lifecycle operator admission webhook +## @param config.webhook.port setup port for the lifecycle operator admission webhook port: 9443 -## @extra lifecycleWebhookService Mutating Webhook Configurations for lifecycle Operator -lifecycleWebhookService: +## @extra webhookService Mutating Webhook Configurations for lifecycle Operator +webhookService: ports: -## @param lifecycleWebhookService.ports[0].port +## @param webhookService.ports[0].port - port: 443 -## @param lifecycleWebhookService.ports[0].protocol +## @param webhookService.ports[0].protocol protocol: TCP -## @param lifecycleWebhookService.ports[0].targetPort +## @param webhookService.ports[0].targetPort targetPort: 9443 -## @param lifecycleWebhookService.type +## @param webhookService.type type: ClusterIP -## @section Keptn Lifecycle Operator controller -## @extra lifecycleOperator.containerSecurityContext Sets security context privileges -lifecycleOperator: - containerSecurityContext: -## @param lifecycleOperator.containerSecurityContext.allowPrivilegeEscalation - allowPrivilegeEscalation: false - capabilities: -## @param lifecycleOperator.containerSecurityContext.capabilities.drop - drop: - - ALL -## @param lifecycleOperator.containerSecurityContext.privileged - privileged: false -## @param lifecycleOperator.containerSecurityContext.runAsGroup - runAsGroup: 65532 -## @param lifecycleOperator.containerSecurityContext.runAsNonRoot - runAsNonRoot: true -## @param lifecycleOperator.containerSecurityContext.runAsUser - runAsUser: 65532 - seccompProfile: -## @param lifecycleOperator.containerSecurityContext.seccompProfile.type - type: RuntimeDefault -## @param lifecycleOperator.env.functionRunnerImage specify image for deno task runtime - env: - functionRunnerImage: ghcr.io/keptn/deno-runtime:v3.0.0 -## @param lifecycleOperator.env.keptnAppControllerLogLevel sets the log level of Keptn App Controller - keptnAppControllerLogLevel: "0" -## @param lifecycleOperator.env.keptnAppCreationRequestControllerLogLevel sets the log level of Keptn App Creation Request Controller - keptnAppCreationRequestControllerLogLevel: "0" -## @param lifecycleOperator.env.keptnAppVersionControllerLogLevel sets the log level of Keptn AppVersion Controller - keptnAppVersionControllerLogLevel: "0" -## @param lifecycleOperator.env.keptnEvaluationControllerLogLevel sets the log level of Keptn Evaluation Controller - keptnEvaluationControllerLogLevel: "0" -## @param lifecycleOperator.env.keptnTaskControllerLogLevel sets the log level of Keptn Task Controller - keptnTaskControllerLogLevel: "0" -## @param lifecycleOperator.env.keptnTaskDefinitionControllerLogLevel sets the log level of Keptn TaskDefinition Controller - keptnTaskDefinitionControllerLogLevel: "0" -## @param lifecycleOperator.env.keptnWorkloadControllerLogLevel sets the log level of Keptn Workload Controller - keptnWorkloadControllerLogLevel: "0" -## @param lifecycleOperator.env.keptnWorkloadVersionControllerLogLevel sets the log level of Keptn WorkloadVersion Controller - keptnWorkloadVersionControllerLogLevel: "0" -## @param lifecycleOperator.env.keptnDoraMetricsPort sets the port for accessing lifecycle metrics in prometheus format - keptnDoraMetricsPort: "2222" -## @param lifecycleOperator.env.optionsControllerLogLevel sets the log level of Keptn Options Controller - optionsControllerLogLevel: "0" -## @param lifecycleOperator.env.pythonRunnerImage specify image for python task runtime - pythonRunnerImage: ghcr.io/keptn/python-runtime:v1.0.7 - image: -## @param lifecycleOperator.image.registry specify the container registry for the lifecycle-operator image - registry: "" -## @param lifecycleOperator.image.repository specify registry for manager image - repository: keptn/lifecycle-operator -## @param lifecycleOperator.image.tag select tag for manager image - tag: v1.2.0 # x-release-please-version -## @param lifecycleOperator.image.imagePullPolicy specify pull policy for the manager image. This overrides global values - imagePullPolicy: "" -## @extra lifecycleOperator.livenessProbe custom liveness probe for manager container -## @skip lifecycleOperator.livenessProbe.httpGet.path -## @skip lifecycleOperator.livenessProbe.httpGet.port -## @skip lifecycleOperator.livenessProbe.initialDelaySeconds -## @skip lifecycleOperator.livenessProbe.periodSeconds - livenessProbe: - httpGet: - path: /healthz - port: 8081 - initialDelaySeconds: 15 - periodSeconds: 20 -## @extra lifecycleOperator.readinessProbe custom readinessprobe for manager container -## @skip lifecycleOperator.readinessProbe.httpGet.path -## @skip lifecycleOperator.readinessProbe.httpGet.port -## @skip lifecycleOperator.readinessProbe.initialDelaySeconds -## @skip lifecycleOperator.readinessProbe.periodSeconds - readinessProbe: - httpGet: - path: /readyz - port: 8081 - initialDelaySeconds: 5 - periodSeconds: 10 -## @extra lifecycleOperator.resources specify limits and requests for manager container -## @skip lifecycleOperator.resources.limits.cpu -## @skip lifecycleOperator.resources.limits.memory -## @skip lifecycleOperator.resources.requests.cpu -## @skip lifecycleOperator.resources.requests.memory - resources: - limits: - cpu: 500m - memory: 128Mi - requests: - cpu: 5m - memory: 64Mi -## @param lifecycleOperator.nodeSelector add custom nodes selector to lifecycle operator - nodeSelector: {} -## @param lifecycleOperator.replicas customize number of installed lifecycle operator replicas - replicas: 1 -## @param lifecycleOperator.tolerations add custom tolerations to lifecycle operator - tolerations: [] -## @param lifecycleOperator.topologySpreadConstraints add custom topology constraints to lifecycle operator - topologySpreadConstraints: [] -## @param lifecycleOperator.hostNetwork Sets hostNetwork option for lifecycle operator - hostNetwork: false -## @extra lifecycleOperatorMetricsService Adjust settings here to change the k8s service for scraping Prometheus metrics -## @skip lifecycleOperatorMetricsService.ports[0].name -## @skip lifecycleOperatorMetricsService.ports[0].port -## @skip lifecycleOperatorMetricsService.ports[0].protocol -## @skip lifecycleOperatorMetricsService.ports[0].targetPort -## @skip lifecycleOperatorMetricsService.type -lifecycleOperatorMetricsService: +## @extra containerSecurityContext Sets security context privileges +containerSecurityContext: +## @param containerSecurityContext.allowPrivilegeEscalation + allowPrivilegeEscalation: false + capabilities: +## @param containerSecurityContext.capabilities.drop + drop: + - ALL +## @param containerSecurityContext.privileged + privileged: false +## @param containerSecurityContext.runAsGroup + runAsGroup: 65532 +## @param containerSecurityContext.runAsNonRoot + runAsNonRoot: true +## @param containerSecurityContext.runAsUser + runAsUser: 65532 + seccompProfile: +## @param containerSecurityContext.seccompProfile.type + type: RuntimeDefault +## @param env.functionRunnerImage specify image for deno task runtime +env: + functionRunnerImage: ghcr.io/keptn/deno-runtime:v3.0.1 +## @param env.keptnAppControllerLogLevel sets the log level of Keptn App Controller + keptnAppControllerLogLevel: "0" +## @param env.keptnAppCreationRequestControllerLogLevel sets the log level of Keptn App Creation Request Controller + keptnAppCreationRequestControllerLogLevel: "0" +## @param env.keptnAppVersionControllerLogLevel sets the log level of Keptn AppVersion Controller + keptnAppVersionControllerLogLevel: "0" +## @param env.keptnEvaluationControllerLogLevel sets the log level of Keptn Evaluation Controller + keptnEvaluationControllerLogLevel: "0" +## @param env.keptnTaskControllerLogLevel sets the log level of Keptn Task Controller + keptnTaskControllerLogLevel: "0" +## @param env.keptnTaskDefinitionControllerLogLevel sets the log level of Keptn TaskDefinition Controller + keptnTaskDefinitionControllerLogLevel: "0" +## @param env.keptnWorkloadControllerLogLevel sets the log level of Keptn Workload Controller + keptnWorkloadControllerLogLevel: "0" +## @param env.keptnWorkloadVersionControllerLogLevel sets the log level of Keptn WorkloadVersion Controller + keptnWorkloadVersionControllerLogLevel: "0" +## @param env.keptnDoraMetricsPort sets the port for accessing lifecycle metrics in prometheus format + keptnDoraMetricsPort: "2222" +## @param env.optionsControllerLogLevel sets the log level of Keptn Options Controller + optionsControllerLogLevel: "0" +## @param env.pythonRunnerImage specify image for python task runtime + pythonRunnerImage: ghcr.io/keptn/python-runtime:v1.0.8 +image: +## @param image.registry specify the container registry for the lifecycle-operator image + registry: "" +## @param image.repository specify registry for manager image + repository: keptn/lifecycle-operator +## @param image.tag select tag for manager image + tag: v2.0.0 # x-release-please-version +## @param image.imagePullPolicy specify pull policy for the manager image. This overrides global values + imagePullPolicy: "" +## @extra livenessProbe custom liveness probe for manager container +## @skip livenessProbe.httpGet.path +## @skip livenessProbe.httpGet.port +## @skip livenessProbe.initialDelaySeconds +## @skip livenessProbe.periodSeconds +livenessProbe: + httpGet: + path: /healthz + port: 8081 + initialDelaySeconds: 15 + periodSeconds: 20 +## @extra readinessProbe custom readinessprobe for manager container +## @skip readinessProbe.httpGet.path +## @skip readinessProbe.httpGet.port +## @skip readinessProbe.initialDelaySeconds +## @skip readinessProbe.periodSeconds +readinessProbe: + httpGet: + path: /readyz + port: 8081 + initialDelaySeconds: 5 + periodSeconds: 10 +## @extra resources specify limits and requests for manager container +## @skip resources.limits.cpu +## @skip resources.limits.memory +## @skip resources.requests.cpu +## @skip resources.requests.memory +resources: + limits: + cpu: 500m + memory: 128Mi + requests: + cpu: 5m + memory: 64Mi +## @param nodeSelector add custom nodes selector to lifecycle operator +nodeSelector: {} +## @param replicas customize number of installed lifecycle operator replicas +replicas: 1 +## @param tolerations add custom tolerations to lifecycle operator +tolerations: [] +## @param topologySpreadConstraints add custom topology constraints to lifecycle operator +topologySpreadConstraints: [] +## @param hostNetwork Sets hostNetwork option for lifecycle operator +hostNetwork: false +## @extra operatorMetricsService Adjust settings here to change the k8s service for scraping Prometheus metrics +## @skip operatorMetricsService.ports[0].name +## @skip operatorMetricsService.ports[0].port +## @skip operatorMetricsService.ports[0].protocol +## @skip operatorMetricsService.ports[0].targetPort +## @skip operatorMetricsService.type +operatorMetricsService: ports: - name: metrics port: 2222 @@ -171,15 +169,13 @@ lifecycleOperatorMetricsService: type: ClusterIP ## @section Global -## Current available parameters: kubernetesClusterDomain, imagePullSecrets, schedulingGatesEnabled, allowedNamespaces, deniedNamespaces, promotionTasksEnabled +## Current available parameters: kubernetesClusterDomain, imagePullSecrets, allowedNamespaces, deniedNamespaces, promotionTasksEnabled ## @param kubernetesClusterDomain overrides cluster.local kubernetesClusterDomain: cluster.local ## @param annotations add deployment level annotations annotations: {} ## @param podAnnotations adds pod level annotations podAnnotations: {} -## @param schedulingGatesEnabled enables the scheduling gates in lifecycle-operator. This feature is available in alpha version from K8s 1.27 or 1.26 enabling the alpha version -schedulingGatesEnabled: false ## @param promotionTasksEnabled enables the promotion task feature in the lifecycle-operator. promotionTasksEnabled: false ## @param allowedNamespaces specifies the allowed namespaces for the lifecycle orchestration functionality @@ -190,90 +186,3 @@ deniedNamespaces: - keptn-system - observability - monitoring - -# yamllint disable rule:line-length -## @section Keptn Scheduler -scheduler: -## @param scheduler.nodeSelector adds node selectors for scheduler - nodeSelector: {} -## @param scheduler.replicas modifies replicas - replicas: 1 -## @extra scheduler.containerSecurityContext Sets security context -## @skip scheduler.containerSecurityContext.allowPrivilegeEscalation -## @skip scheduler.containerSecurityContext.capabilities.drop -## @skip scheduler.containerSecurityContext.privileged -## @skip scheduler.containerSecurityContext.readOnlyRootFilesystem -## @skip scheduler.containerSecurityContext.runAsNonRoot -## @skip scheduler.containerSecurityContext.runAsUser -## @skip scheduler.containerSecurityContext.seccompProfile.type - containerSecurityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - privileged: false - readOnlyRootFilesystem: true - runAsNonRoot: true - runAsUser: 65532 - seccompProfile: - type: RuntimeDefault - env: -## @param scheduler.env.otelCollectorUrl sets url for open telemetry collector - otelCollectorUrl: otel-collector:4317 - image: -## @param scheduler.image.registry specify the container registry for the scheduler image - registry: "" -## @param scheduler.image.repository set image repository for scheduler - repository: keptn/scheduler -## @param scheduler.image.tag set image tag for scheduler - tag: v1.0.2 -## @param scheduler.image.imagePullPolicy specify pull policy for the manager image. This overrides global values - imagePullPolicy: "" -## @extra scheduler.livenessProbe customizable liveness probe for the scheduler -## @skip scheduler.livenessProbe.httpGet.path -## @skip scheduler.livenessProbe.httpGet.port -## @skip scheduler.livenessProbe.httpGet.scheme -## @skip scheduler.livenessProbe.initialDelaySeconds - livenessProbe: - httpGet: - path: /healthz - port: 10259 - scheme: HTTPS - initialDelaySeconds: 15 -## @extra scheduler.readinessProbe customizable readiness probe for the scheduler -## @skip scheduler.readinessProbe.httpGet.path -## @skip scheduler.readinessProbe.httpGet.port -## @skip scheduler.readinessProbe.httpGet.scheme - readinessProbe: - httpGet: - path: /healthz - port: 10259 - scheme: HTTPS -## @extra scheduler.resources sets cpu and memory resources/limits for scheduler -## @skip scheduler.resources.limits.cpu -## @skip scheduler.resources.limits.memory -## @skip scheduler.resources.requests.cpu -## @skip scheduler.resources.requests.memory - resources: - limits: - cpu: 300m - memory: 100Mi - requests: - cpu: 100m - memory: 20Mi - tolerations: [] -## @param scheduler.topologySpreadConstraints add topology constraints for scheduler - topologySpreadConstraints: [] -## @param schedulerConfig.profiles[0].schedulerName changes scheduler name -schedulerConfig: - leaderElection: -## @param schedulerConfig.leaderElection.leaderElect enables leader election for multiple replicas of the scheduler - leaderElect: false - profiles: - - plugins: - permit: - enabled: -## @param schedulerConfig.profiles[0].plugins.permit.enabled[0].name enables permit plugin - - name: KLCPermit -## @param scheduler.tolerations adds tolerations for scheduler - schedulerName: keptn-scheduler