From 0dfa0534629c96a4c87993b7dd6b8bad7f4ceb9e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Charles-Edouard=20Br=C3=A9t=C3=A9ch=C3=A9?= Date: Thu, 2 Mar 2023 13:01:06 +0100 Subject: [PATCH] refactor: helm admission controller replicas (#6453) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Charles-Edouard Brétéché --- charts/kyverno/README.md | 3 ++- charts/kyverno/README.md.gotmpl | 1 + charts/kyverno/templates/NOTES.txt | 4 ++-- .../templates/admission-controller/deployment.yaml | 2 +- .../admission-controller/poddisruptionbudget.yaml | 2 +- charts/kyverno/templates/validate.yaml | 6 +++--- charts/kyverno/values.yaml | 9 ++++++--- 7 files changed, 16 insertions(+), 11 deletions(-) diff --git a/charts/kyverno/README.md b/charts/kyverno/README.md index 3703dda395..ac38442edc 100644 --- a/charts/kyverno/README.md +++ b/charts/kyverno/README.md @@ -121,6 +121,7 @@ In `v3` chart values changed significantly, please read the instructions below t - `testImage` has been replaced with `test.image` - `testResources` has been replaced with `test.resources` - `testSecurityContext` has been replaced with `test.securityContext` +- `replicaCount` has been replaced with `admissionController.replicas` - Labels and selectors have been reworked and due to immutability, upgrading from `v2` to `v3` is going to be rejected. The easiest solution is to uninstall `v2` and reinstall `v3` once values have been adapted to the changes described above. @@ -187,7 +188,6 @@ The command removes all the Kubernetes components associated with the chart and | initImage.tag | string | `nil` | Image tag If initImage.tag is missing, defaults to image.tag | | initImage.pullPolicy | string | `nil` | Image pull policy If initImage.pullPolicy is missing, defaults to image.pullPolicy | | initContainer.extraArgs | list | `["--loggingFormat=text"]` | Extra arguments to give to the kyvernopre binary. | -| replicaCount | int | `nil` | Desired number of pods | | podLabels | object | `{}` | Additional labels to add to each pod | | podAnnotations | object | `{}` | Additional annotations to add to each pod | | podSecurityContext | object | `{}` | Security context for the pod | @@ -247,6 +247,7 @@ The command removes all the Kubernetes components associated with the chart and | grafana.configMapName | string | `"{{ include \"kyverno.fullname\" . }}-grafana"` | Configmap name template. | | grafana.namespace | string | `nil` | Namespace to create the grafana dashboard configmap. If not set, it will be created in the same namespace where the chart is deployed. | | grafana.annotations | object | `{}` | Grafana dashboard configmap annotations. | +| admissionController.replicas | int | `nil` | Desired number of pods | | cleanupController.enabled | bool | `true` | Enable cleanup controller. | | cleanupController.rbac.create | bool | `true` | Create RBAC resources | | cleanupController.rbac.serviceAccount.name | string | `nil` | Service account name | diff --git a/charts/kyverno/README.md.gotmpl b/charts/kyverno/README.md.gotmpl index e05ce3f72c..551337bc45 100644 --- a/charts/kyverno/README.md.gotmpl +++ b/charts/kyverno/README.md.gotmpl @@ -121,6 +121,7 @@ In `v3` chart values changed significantly, please read the instructions below t - `testImage` has been replaced with `test.image` - `testResources` has been replaced with `test.resources` - `testSecurityContext` has been replaced with `test.securityContext` +- `replicaCount` has been replaced with `admissionController.replicas` - Labels and selectors have been reworked and due to immutability, upgrading from `v2` to `v3` is going to be rejected. The easiest solution is to uninstall `v2` and reinstall `v3` once values have been adapted to the changes described above. diff --git a/charts/kyverno/templates/NOTES.txt b/charts/kyverno/templates/NOTES.txt index cd50070aba..bbeb139d8e 100644 --- a/charts/kyverno/templates/NOTES.txt +++ b/charts/kyverno/templates/NOTES.txt @@ -21,9 +21,9 @@ The following components have been installed in your cluster: - Grafana dashboard {{- end }} -{{ if not .Values.replicaCount }} +{{ if not .Values.admissionController.replicas }} ⚠️ WARNING: Setting replicas count below 3 means Kyverno is not running in high availability mode. -{{- else if lt (int .Values.replicaCount) 3 }} +{{- else if lt (int .Values.admissionController.replicas) 3 }} ⚠️ WARNING: Setting replicas count below 3 means Kyverno is not running in high availability mode. {{- end }} diff --git a/charts/kyverno/templates/admission-controller/deployment.yaml b/charts/kyverno/templates/admission-controller/deployment.yaml index c92b4b0cff..653f7d4e1f 100644 --- a/charts/kyverno/templates/admission-controller/deployment.yaml +++ b/charts/kyverno/templates/admission-controller/deployment.yaml @@ -7,7 +7,7 @@ metadata: labels: {{- include "kyverno.admission-controller.labels" . | nindent 4 }} spec: - replicas: {{ template "kyverno.deployment.replicas" .Values.replicaCount }} + replicas: {{ template "kyverno.deployment.replicas" .Values.admissionController.replicas }} selector: matchLabels: {{- include "kyverno.admission-controller.matchLabels" . | nindent 6 }} diff --git a/charts/kyverno/templates/admission-controller/poddisruptionbudget.yaml b/charts/kyverno/templates/admission-controller/poddisruptionbudget.yaml index 18b8b52ff9..91beb6d486 100644 --- a/charts/kyverno/templates/admission-controller/poddisruptionbudget.yaml +++ b/charts/kyverno/templates/admission-controller/poddisruptionbudget.yaml @@ -1,4 +1,4 @@ -{{- if (gt (int .Values.replicaCount) 1) -}} +{{- if (gt (int .Values.admissionController.replicas) 1) -}} apiVersion: {{ template "kyverno.pdb.apiVersion" . }} kind: PodDisruptionBudget metadata: diff --git a/charts/kyverno/templates/validate.yaml b/charts/kyverno/templates/validate.yaml index 35864e9c11..bdcb760f18 100644 --- a/charts/kyverno/templates/validate.yaml +++ b/charts/kyverno/templates/validate.yaml @@ -1,9 +1,9 @@ {{- if hasKey .Values "mode" }} - {{ fail "mode is not supported anymore, please remove it from your release and use replicaCount instead." }} + {{ fail "mode is not supported anymore, please remove it from your release and use admissionController.replicas instead." }} {{- end }} -{{- if .Values.replicaCount }} - {{- if eq (int .Values.replicaCount) 2 }} +{{- if .Values.admissionController.replicas }} + {{- if eq (int .Values.admissionController.replicas) 2 }} {{ fail "Kyverno does not support running with 2 replicas. For a highly-available deployment, select 3 replicas or for standalone select 1 replica." }} {{- end }} {{- end }} diff --git a/charts/kyverno/values.yaml b/charts/kyverno/values.yaml index 8dc86033ea..5fccdf7bfc 100644 --- a/charts/kyverno/values.yaml +++ b/charts/kyverno/values.yaml @@ -234,9 +234,6 @@ initContainer: extraArgs: - --loggingFormat=text -# -- (int) Desired number of pods -replicaCount: ~ - # -- Additional labels to add to each pod podLabels: {} # example.com/label: foo @@ -511,6 +508,12 @@ grafana: # -- Grafana dashboard configmap annotations. annotations: {} +# Admission controller configuration +admissionController: + + # -- (int) Desired number of pods + replicas: ~ + # Cleanup controller configuration cleanupController: