diff --git a/.github/workflows/ci-chart.yaml b/.github/workflows/ci-chart.yaml index 725c37a..7529831 100644 --- a/.github/workflows/ci-chart.yaml +++ b/.github/workflows/ci-chart.yaml @@ -30,6 +30,18 @@ jobs: python-version: "3.x" check-latest: true + - name: Run docs-testing (helm-docs) + id: helm-docs + run: | + make helm-docs + if [[ $(git diff --stat) != '' ]]; then + echo -e '\033[0;31mDocumentation outdated! (Run make helm-docs locally and commit)\033[0m ❌' + git diff --color + exit 1 + else + echo -e '\033[0;32mDocumentation up to date\033[0m ✔' + fi + - name: Set up chart-testing uses: helm/chart-testing-action@v2.7.0 diff --git a/Makefile b/Makefile index 689d46a..4b8628b 100644 --- a/Makefile +++ b/Makefile @@ -283,3 +283,21 @@ catalog-push: ## Push a catalog image. .PHONY: go-unittest go-unittest: ## Build the bundle image. go test -v ./... + +.PHONY: helm-docs +helm-docs: helm-doc + $(HELM_DOCS) --chart-search-root ./deploy/charts + +HELM_DOCS := $(LOCALBIN)/helm-docs +HELM_DOCS_VERSION := v1.14.1 +HELM_DOCS_LOOKUP := norwoodj/helm-docs +helm-doc: + @test -s $(HELM_DOCS) || $(call go-install-tool,$(HELM_DOCS),github.com/$(HELM_DOCS_LOOKUP)/cmd/helm-docs@$(HELM_DOCS_VERSION)) + +PROJECT_DIR := $(shell dirname $(abspath $(lastword $(MAKEFILE_LIST)))) +define go-install-tool +[ -f $(1) ] || { \ + set -e ;\ + GOBIN=$(LOCALBIN) go install $(2) ;\ +} +endef \ No newline at end of file diff --git a/deploy/charts/s3-operator/README.md b/deploy/charts/s3-operator/README.md index 6bd39e6..8655bde 100644 --- a/deploy/charts/s3-operator/README.md +++ b/deploy/charts/s3-operator/README.md @@ -1,6 +1,6 @@ # s3-operator -![Version: 0.3.0](https://img.shields.io/badge/Version-0.3.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.8.0](https://img.shields.io/badge/AppVersion-0.8.0-informational?style=flat-square) +![Version: 0.9.0-rc1](https://img.shields.io/badge/Version-0.9.0--rc1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v0.13.0-rc1](https://img.shields.io/badge/AppVersion-v0.13.0--rc1-informational?style=flat-square) A Helm chart for deploying an operator to manage S3 resources (eg buckets, policies) @@ -8,25 +8,22 @@ A Helm chart for deploying an operator to manage S3 resources (eg buckets, polic | Key | Type | Default | Description | |-----|------|---------|-------------| -| controllerManager.manager.containerSecurityContext.allowPrivilegeEscalation | bool | `false` | | -| controllerManager.manager.containerSecurityContext.capabilities.drop[0] | string | `"ALL"` | | +| controllerManager.manager.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]}}` | Set the Container securityContext | +| controllerManager.manager.extraArgs | list | `[]` | Additional Arguments | +| controllerManager.manager.extraEnv | object | `{}` | Additional Environment Variables | | controllerManager.manager.image.repository | string | `"inseefrlab/s3-operator"` | | -| controllerManager.manager.image.tag | string | `"latest"` | | +| controllerManager.manager.image.tag | string | `nil` | | | controllerManager.manager.imagePullPolicy | string | `"IfNotPresent"` | | -| controllerManager.manager.imagePullSecrets | list | `[]` | | -| controllerManager.manager.resources.limits.cpu | string | `"1000m"` | | -| controllerManager.manager.resources.limits.memory | string | `"512Mi"` | | -| controllerManager.manager.resources.requests.cpu | string | `"50m"` | | -| controllerManager.manager.resources.requests.memory | string | `"64Mi"` | | -| controllerManager.replicas | int | `1` | | +| controllerManager.manager.imagePullSecrets | list | `[]` | Configuration for `imagePullSecrets` so that you can use a private images registry. | +| controllerManager.manager.podAnnotations | object | `{}` | Annotations to add to the pod. | +| controllerManager.manager.podLabels | object | `{}` | Labels to add to the pod. | +| controllerManager.manager.podSecurityContext | object | `{"runAsNonRoot":true}` | Set the Pod securityContext | +| controllerManager.manager.priorityClassName | string | `""` | Set the priority class name | +| controllerManager.manager.resources | object | `{"limits":{"cpu":"1000m","memory":"512Mi"},"requests":{"cpu":"50m","memory":"64Mi"}}` | Set the resources | +| controllerManager.replicas | int | `1` | Amount of Replicas | | crds.install | bool | `true` | Install and upgrade CRDs | | crds.keep | bool | `true` | Keep CRDs on chart uninstall | -| kubernetesClusterDomain | string | `"cluster.local"` | | -| s3.deletion.bucket | bool | `false` | | -| s3.deletion.path | bool | `false` | | -| s3.deletion.policy | bool | `false` | | -| s3.endpointUrl | string | `"localhost:9000"` | | -| s3.existingSecret | string | `"my-s3-operator-auth-secret"` | | +| kubernetes.clusterDomain | string | `"cluster.local"` | | +| kubernetes.overrideExistingSecret | bool | `false` | | +| s3 | object | `{"default":{"accessKey":"accessKey","deletion":{"bucket":true,"path":false,"policy":false,"s3user":false},"enabled":false,"region":"us-east-1","s3Provider":"minio","secretKey":"secretKey","url":"https://localhost:9000"}}` | Default S3 Instance | ----------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) diff --git a/deploy/charts/s3-operator/templates/deployment.yaml b/deploy/charts/s3-operator/templates/deployment.yaml index 714c9f8..a5a2755 100644 --- a/deploy/charts/s3-operator/templates/deployment.yaml +++ b/deploy/charts/s3-operator/templates/deployment.yaml @@ -19,8 +19,14 @@ spec: labels: control-plane: controller-manager {{- include "s3-operator.selectorLabels" . | nindent 8 }} + {{- with .Values.podLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} annotations: kubectl.kubernetes.io/default-container: manager + {{- with .Values.podAnnotations }} + {{- toYaml . | nindent 8 }} + {{- end }} spec: {{- with .Values.controllerManager.manager.imagePullSecrets }} imagePullSecrets: @@ -68,6 +74,7 @@ spec: securityContext: {{- toYaml .Values.controllerManager.manager.containerSecurityContext | nindent 10 }} securityContext: - runAsNonRoot: true + {{- toYaml .Values.controllerManager.manager.podSecurityContext | nindent 10 }} + priorityClassName: {{ .Values.priorityClassName }} serviceAccountName: {{ include "s3-operator.fullname" . }}-controller-manager terminationGracePeriodSeconds: 10 diff --git a/deploy/charts/s3-operator/values.yaml b/deploy/charts/s3-operator/values.yaml index 1ae7df5..351db8c 100644 --- a/deploy/charts/s3-operator/values.yaml +++ b/deploy/charts/s3-operator/values.yaml @@ -6,17 +6,31 @@ crds: controllerManager: manager: + # -- Set the priority class name + priorityClassName: '' # system-cluster-critical + # -- Set the Pod securityContext + podSecurityContext: + runAsNonRoot: true + # -- Annotations to add to the pod. + podAnnotations: {} + # -- Labels to add to the pod. + podLabels: {} + # -- Set the Container securityContext containerSecurityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL image: + # Image Repository repository: inseefrlab/s3-operator # Use the charts appVersion as a default tag: null + # -- Set the image pull policy imagePullPolicy: IfNotPresent + # -- Configuration for `imagePullSecrets` so that you can use a private images registry. imagePullSecrets: [] + # -- Set the resources resources: limits: cpu: 1000m @@ -24,14 +38,18 @@ controllerManager: requests: cpu: 50m memory: 64Mi + # -- Additional Arguments extraArgs: [] + # -- Additional Environment Variables extraEnv: {} + # -- Amount of Replicas replicas: 1 kubernetes: clusterDomain: cluster.local overrideExistingSecret: false +# -- Default S3 Instance s3: default: enabled: false