diff --git a/chart/chaoskube/templates/clusterrole.yaml b/chart/chaoskube/templates/clusterrole.yaml index 03f1a846..9dd10267 100644 --- a/chart/chaoskube/templates/clusterrole.yaml +++ b/chart/chaoskube/templates/clusterrole.yaml @@ -1,3 +1,4 @@ +{{- if .Values.rbac.create }} --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole @@ -10,3 +11,4 @@ rules: - apiGroups: [""] resources: ["events"] verbs: ["create"] +{{- end }} diff --git a/chart/chaoskube/templates/clusterrolebinding.yaml b/chart/chaoskube/templates/clusterrolebinding.yaml index a085063a..3fc8a315 100644 --- a/chart/chaoskube/templates/clusterrolebinding.yaml +++ b/chart/chaoskube/templates/clusterrolebinding.yaml @@ -1,3 +1,4 @@ +{{- if .Values.rbac.create }} --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding @@ -11,3 +12,4 @@ subjects: - kind: ServiceAccount name: {{ include "chaoskube.serviceAccountName" . }} namespace: {{ .Release.Namespace }} +{{- end }} diff --git a/chart/chaoskube/templates/deployment.yaml b/chart/chaoskube/templates/deployment.yaml index 85ebb2e4..22c05dd8 100644 --- a/chart/chaoskube/templates/deployment.yaml +++ b/chart/chaoskube/templates/deployment.yaml @@ -21,11 +21,21 @@ spec: {{- end }} labels: {{- include "chaoskube.selectorLabels" . | nindent 8 }} + {{- with .Values.podLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} spec: + {{- with .Values.image.pullSecrets }} + imagePullSecrets: {{- toYaml . | nindent 6 }} + {{- end }} serviceAccountName: {{ include "chaoskube.serviceAccountName" . }} containers: - name: {{ .Chart.Name }} + {{- if .Values.image.digest }} + image: "{{ .Values.image.repository }}@{{ .Values.image.digest }}" + {{- else }} image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + {{- end }} imagePullPolicy: {{ .Values.image.pullPolicy }} {{- if .Values.chaoskube.env }} env: @@ -33,12 +43,21 @@ spec: {{- end }} args: {{- range $key, $value := .Values.chaoskube.args }} - {{- if $value }} - --{{ $key }}={{ $value }} - {{- else }} + {{- end }} + {{- range $key, $value := .Values.chaoskube.flags }} + {{- if $value }} - --{{ $key }} {{- end }} {{- end }} + {{- if .Values.chaoskube.metrics.enabled }} + - --metrics-address=:{{ .Values.chaoskube.metrics.port }} + {{- end }} + {{- if .Values.chaoskube.metrics.enabled }} + ports: + - name: metrics + containerPort: {{ .Values.chaoskube.metrics.port }} + {{- end }} securityContext: {{- toYaml .Values.podSecurityContext | nindent 10 }} resources: diff --git a/chart/chaoskube/templates/service.yaml b/chart/chaoskube/templates/service.yaml new file mode 100644 index 00000000..156c9bb7 --- /dev/null +++ b/chart/chaoskube/templates/service.yaml @@ -0,0 +1,22 @@ +{{- if and .Values.chaoskube.metrics.enabled .Values.chaoskube.metrics.service.create }} +apiVersion: v1 +kind: Service +metadata: + name: {{ include "chaoskube.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "chaoskube.labels" . | nindent 4 }} + +spec: + type: {{ .Values.chaoskube.metrics.service.type }} + + ports: + - port: {{ .Values.chaoskube.metrics.port }} + targetPort: metrics + protocol: TCP + name: metrics + + selector: + app.kubernetes.io/name: {{ include "chaoskube.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} diff --git a/chart/chaoskube/templates/serviceaccount.yaml b/chart/chaoskube/templates/serviceaccount.yaml index 8d505e36..94a3d5c6 100644 --- a/chart/chaoskube/templates/serviceaccount.yaml +++ b/chart/chaoskube/templates/serviceaccount.yaml @@ -1,3 +1,4 @@ +{{- if .Values.serviceAccount.create }} --- apiVersion: v1 kind: ServiceAccount @@ -10,3 +11,4 @@ metadata: annotations: {{- toYaml . | nindent 4 }} {{- end }} +{{- end }} diff --git a/chart/chaoskube/values.yaml b/chart/chaoskube/values.yaml index c2440a47..e409818e 100644 --- a/chart/chaoskube/values.yaml +++ b/chart/chaoskube/values.yaml @@ -5,13 +5,23 @@ replicaCount: 1 # image specifies image location, tag and pullPolicy image: repository: quay.io/linki/chaoskube + pullPolicy: IfNotPresent + pullSecrets: [] + + # Provide digest of specific image to run + digest: "" # Overrides the image tag whose default is the chart appVersion. tag: "" # chaoskube is used to configure chaoskube chaoskube: env: {} + + flags: + # terminate pods for real: this disables dry-run mode which is on by default + no-dry-run: true + args: # kill a pod every 10 minutes interval: "10m" @@ -33,8 +43,17 @@ chaoskube: timezone: "UTC" # exclude all pods that haven't been running for at least one hour minimum-age: "1h" - # terminate pods for real: this disables dry-run mode which is on by default - no-dry-run: "" + # sets the annotation prefix to use when looking for configuration overrides in pod annotations + # eg. termination frequency will look for the annotation "chaos.alpha.kubernetes.io/frequency" + config-annotation-prefix: "chaos.alpha.kubernetes.io" + + metrics: + enabled: true + port: 8080 + + service: + create: true + type: ClusterIP # serviceAccount can be used to customize the service account which will be crated and used by chaoskube serviceAccount: @@ -42,9 +61,16 @@ serviceAccount: name: "" annotations: {} +# rbac allows configuring the permissions for chaoskube +rbac: + create: true + # podAnnotations can be used to add additional annotations to the pod podAnnotations: {} +# podAnnotations can be used to add additional labels to the pod +podLabels: {} + # podSecurityContext is used to customize the security context of the pod podSecurityContext: runAsNonRoot: true