Update chart

Signed-off-by: Matthew DeVenny <[email protected]>

README.md

@@ -1,2 +1,21 @@
 # k8s-tpm-device
-Kubernetes device plugin based on [intel-device-plugin-for-kubernetes](https://github.com/intel/intel-device-plugin-for-kubernetes)
+Kubernetes [device plugin](https://kubernetes.io/docs/concepts/extend-kubernetes/compute-storage-net/device-plugins/) 
+based on [intel-device-plugin-for-kubernetes](https://github.com/intel/intel-device-plugin-for-kubernetes)
+
+## About
+The device plugin runs as a `DaemonSet` to register a TPM with the kubelet.
+
+## Usage
+To install
+```shell
+helm repo add k8s-tpm-device https://boxboat.github.io/k8s-tpm-device/chart
+helm repo update
+helm upgrade install k8s-tpm-device --namespace tpm-device --create-namespace k8s-tpm-device/k8s-tpm-device 
+```
+
+Add this resource limit to grant the desired container access to `/dev/tpmrm0` 
+```yaml
+resources:
+  limits:
+    tpm.boxboat.io/tpmrm: '1'
+```

chart/k8s-tpm-device/Chart.yaml

@@ -1,4 +1,4 @@
 apiVersion: v2
 name: k8s-tpm-device
 description: installs the k8s-tpm-device
-version: 0.1.1
+version: 0.2.0

chart/k8s-tpm-device/README.md

@@ -1,2 +1,35 @@
 # k8s-tpm-device
+
 Helm chart for k8s-tpm-device
+
+## Values
+
+| Key               | Type   | Default                  | Description                          |
+|-------------------|--------|--------------------------|--------------------------------------|
+| nameOverride      | string | `""`                     |                                      |
+| fullnameOverride  | string | `""`                     |                                      |
+| imagePullPolicy   | string | `IfNotPresent`           |                                      |
+| debug             | bool   | `false`                  | enables debug logging                |
+| image.registry    | string | `ghcr.io`                |                                      |
+| image.repository  | string | `boxboat/k8s-tpm-device` |                                      |
+| image.tag         | string | `master`                 |                                      |
+| device.namespace  | string | `tpm.boxboat.io`         | device namespace                     |
+| device.capacity   | int    | `1`                      | specifies the tpm capacity           |
+| priorityClassName | string | `""`                     |                                      |
+| securityContext   | object | `{}`                     | override the default securityContext |
+| resources         | object | `{}`                     |                                      |
+| tolerations       | object | `{}`                     |                                      |
+| extraVolumes      | list   | `[]`                     |                                      |
+| extraVolumeMounts | list   | `[]`                     |                                      |
+| extraContainers   | list   | `[]`                     |                                      |
+| initContainers    | list   | `[]`                     |                                      |
+
+## TPM Device Usage
+
+Add this resource limit to grant the desired container access to `/dev/tpmrm0`
+
+```yaml
+resources:
+  limits:
+    tpm.boxboat.io/tpmrm: '1'
+```

chart/k8s-tpm-device/templates/daemonset.yaml

@@ -12,15 +12,33 @@ spec:
     metadata:
       labels:
         {{- include "k8s-tpm-device.selectorLabels" . | nindent 8 }}
+      {{- with .Values.podAnnotations }}
+      annotations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
     spec:
+      {{- with .Values.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- if .Values.priorityClassName }}
+      priorityClassName: {{ .Values.priorityClassName }}
+      {{- end }}
+      {{- if gt (len .Values.initContainers) 0 }}
+      initContainers:
+      {{- toYaml .Values.initContainers | nindent 8 }}
+      {{- end }}
       containers:
         - name: tpm-device-plugin
           image: "{{ .Values.image.registry }}/{{ .Values.image.repository }}:{{ .Values.image.tag }}"
           imagePullPolicy: {{ .Values.imagePullPolicy }}
           securityContext:
-            {{- if .Values.podSecurityContext }}
-              {{- toYaml .Values.podSecurityContext | nindent 12 }}
-            {{- end }}
+          {{- if .Values.securityContext }}
+              {{- toYaml .Values.securityContext | nindent 12 }}
+          {{ else }}
+            readOnlyRootFilesystem: true
+            allowPrivilegeEscalation: false
+          {{- end }}
           args:
             - run
             - --namespace
@@ -40,8 +58,11 @@ spec:
               readOnly: true
             - name: kubelet-device-plugins
               mountPath: /var/lib/kubelet/device-plugins
-      tolerations:
+          {{- if gt (len .Values.extraVolumeMounts) 0 }}
+            {{- toYaml .Values.extraVolumeMounts | nindent 12 }}
+          {{- end }}
       {{- if .Values.tolerations }}
+      tolerations:
         {{- toYaml .Values.tolerations | nindent 8 }}
       {{- end }}
       volumes:
@@ -51,3 +72,6 @@ spec:
         - name: kubelet-device-plugins
           hostPath:
             path: /var/lib/kubelet/device-plugins
+      {{- if gt (len .Values.extraVolumes) 0 }}
+        {{- toYaml .Values.extraVolumes | nindent 8 }}
+      {{- end }}

chart/k8s-tpm-device/values.yaml

@@ -1,4 +1,8 @@
+nameOverride: ""
+fullnameOverride: ""
+
 imagePullPolicy: IfNotPresent
+imagePullSecrets: {}
 debug: false
 
 image:
@@ -10,10 +14,22 @@ device:
   namespace: tpm.boxboat.io
   capacity: 1
 
-podSecurityContext:
-  readOnlyRootFilesystem: true
-  allowPrivilegeEscalation: false
+priorityClassName: ""
+
+podAnnotations: {}
 
+# override the default podSecurityContext (defaults are commented out below)
+securityContext: {}
+#  readOnlyRootFilesystem: true
+#  allowPrivilegeEscalation: false
+
+# specify pod container resources
 resources: {}
 
+# add tolerations to the daemonset
 tolerations: {}
+
+extraVolumes: []
+extraVolumeMounts: []
+extraContainers: []
+initContainers: []