diff --git a/charts/connect/README.md b/charts/connect/README.md index f46ea61..a84c18f 100644 --- a/charts/connect/README.md +++ b/charts/connect/README.md @@ -84,7 +84,19 @@ helm install --set connect.applicationName=connect connect ./connect | connect.ingress.pathType | string | `"Prefix"` | Ingress PathType see [docs](https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types) | | connect.ingress.tls | list | `[]` | Ingress TLS see [docs](https://kubernetes.io/docs/concepts/services-networking/ingress/#tls) | | connect.nodeSelector | object | `{}` | [Node selector](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector) stanza for the Connect pod | -| connect.priorityClassName | string | `""` | [priorityClassName](https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/) to apply to the Connect API deployment resource. | +| connect.priorityClassName | string | `""` | [priorityClassName](https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/) to apply to the Connect API deployment resource. | +| connect.affinity | object | `{}` | [Affinity](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity) rules for the Connect pod | +| connect.hpa.enabled | boolean | `false` | Enable Horizontal Pod Autoscaling for the Connect pod | +| connect.hpa.annotations | object | `{}` | Additional annotations to be added to the HPA Connect | +| connect.hpa.minReplicas | integer | `1` | Minimum number of replicas for the Connect pod | +| connect.hpa.maxReplicas | integer | `3` | Maximum number of replicas for the Connect pod | +| connect.hpa.avgMemoryUtilization | integer | `50` | Average Memory utilization percentage for the Connect pod | +| connect.hpa.avgCpuUtilization | integer | `50` | Average CPU utilization percentage for the Connect pod | +| connect.hpa.behavior | object | `{}` | Defines the Autoscaling Behavior in up/down directions | +| connect.pdb.enabled | boolean | `false` | Enable Horizontal Pod Autoscaling for the Connect pod | +| connect.pdb.annotations | object | `{}` | Additional annotations to be added to the PDB Connect | +| connect.pdb.maxUnavailable | integer | `1` | Number of pods that are unavailble after eviction as number or percentage (eg.: 50%) | +| connect.pdb.minAvailable | integer | `0` | Number of pods that are available after eviction as number or percentage (eg.: 50%) | | connect.probes.readiness | boolean | `true` | Denotes whether the 1Password Connect API readiness probe will operate and ensure the pod is ready before serving traffic | | connect.probes.liveness | boolean | `true` | Denotes whether the 1Password Connect API will be continually checked by Kubernetes for liveness and restarted if the pod becomes unresponsive | | connect.annotations | object | `{}` | Additional annotations to be added to the Connect API deployment resource. | @@ -105,17 +117,30 @@ helm install --set connect.applicationName=connect connect ./connect | connect.version | string | `{{.Chart.AppVersion}}` | The 1Password Connect version to pull | | operator.autoRestart | boolean | `false` | Denotes whether the 1Password Operator will automatically restart deployments based on associated updated secrets. | | operator.create | boolean | `false` | Denotes whether the 1Password Operator will be deployed | +| operator.replicas | integer | `1` | The number of replicas to run the 1Password Operator deployment | | operator.imagePullPolicy | string | `"IfNotPresent"` | The 1Password Operator image pull policy | | operator.imagePullSecrets | array | `[]` | List of secret names to use as image pull secrets. Secrets must exist in the same namespace. | | operator.imageRepository | string | `"1password/onepassword-operator"` | The 1Password Operator repository | | operator.nodeSelector | object | `{}` | [Node selector](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector) stanza for the operator pod | +| operator.affinity | object | `{}` | [Affinity](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity) rules for the Operator pod | +| operator.hpa.enabled | boolean | `false` | Enable Horizontal Pod Autoscaling for the Operator pod | +| operator.hpa.annotations | object | `{}` | Additional annotations to be added to the HPA Operator | +| operator.hpa.minReplicas | integer | `1` | Minimum number of replicas for the Operator pod | +| operator.hpa.maxReplicas | integer | `3` | Maximum number of replicas for the Operator pod | +| operator.hpa.avgMemoryUtilization | integer | `50` | Average Memory utilization percentage for the Operator pod | +| operator.hpa.avgCpuUtilization | integer | `50` | Average CPU utilization percentage for the Operator pod | +| operator.hpa.behavior | object | `{}` | Defines the Autoscaling Behavior in up/down directions | +| operator.pdb.enabled | boolean | `false` | Enable Horizontal Pod Autoscaling for the Operator pod | +| operator.pdb.annotations | object | `{}` | Additional annotations to be added to the PDB Operator | +| operator.pdb.maxUnavailable | integer | `1` | Number of pods that are unavailble after eviction as number or percentage (eg.: 50%) | +| operator.pdb.minAvailable | integer | `0` | Number of pods that are available after eviction as number or percentage (eg.: 50%) | | operator.annotations | object | `{}` | Additional annotations to be added to the Operator deployment resource. | | operator.labels | object | `{}` | Additional labels to be added to the Operator deployment resource. | | operator.logLevel | string | `info` | Log level of the Operator container. Valid options are: debug, info and error. | | operator.podAnnotations | object | `{}` | Additional annotations to be added to the Operator pods. | | operator.podLabels | object | `{}` | Additional labels to be added to the Operator pods. | | operator.pollingInterval | integer | `600` | How often the 1Password Operator will poll for secrets updates. | -| operator.priorityClassName | string | `""` | [priorityClassName](https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/) to apply to the Operator pods. | +| operator.priorityClassName | string | `""` | [priorityClassName](https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/) to apply to the Operator pods. | | operator.clusterRole.create | boolean | `{{.Values.operator.create}}` | Denotes whether or not a cluster role will be created for each for the 1Password Operator | | operator.clusterRole.name | string | `"onepassword-connect-operator"` | The name of the 1Password Operator Cluster Role | | operator.clusterRoleBinding.create | boolean | `{{.Values.operator.create}}` | Denotes whether or not a Cluster role binding will be created for the 1Password Operator Service Account | @@ -123,9 +148,9 @@ helm install --set connect.applicationName=connect connect ./connect | operator.roleBinding.name | string | `"onepassword-connect-operator"` | The name of the 1Password Operator Role Binding | | operator.serviceAccount.annotations | object | `{}` | Annotations for the 1Password Connect Service Account | | operator.serviceAccount.create | boolean | `{{.Values.operator.create}}` | Denotes whether or not a service account will be created for the 1Password Operator | -| operator.serviceAccount.name | string | `"onepassword-connect-operator"` | The name of the 1Password Connect Operator | +| operator.serviceAccount.name | string | `"onepassword-connect-operator"` | The name of the 1Password Conenct Operator | | operator.tolerations | list | `[]` | List of tolerations to be added to the Operator pods. | -| operator.version | string | `"1.8.1"` | T 1Password Operator version to pull | +| operator.version | string | `"1.8.0"` | T 1Password Operator version to pull | | operator.token.key | string | `"token"` | The key for the 1Password Connect token stored in the 1Password token secret | | operator.token.name | string | `"onepassword-token"` | The name of Kubernetes Secret containing the 1Password Connect API token | | operator.token.value | string | `"onepassword-token"` | An API token generated for 1Password Connect to be used by the Connect Operator | diff --git a/charts/connect/templates/_helpers.tpl b/charts/connect/templates/_helpers.tpl index 9d900d1..fefa80f 100644 --- a/charts/connect/templates/_helpers.tpl +++ b/charts/connect/templates/_helpers.tpl @@ -106,6 +106,21 @@ Sets extra service annotations {{- end }} {{- end -}} +{{/* +Sets extra annotations +*/}} +{{- define "onepassword-connect.extraAnnotations" -}} + {{- with .annotations }} + annotations: + {{- $tp := typeOf . }} + {{- if eq $tp "string" }} + {{- tpl . . | nindent 4 }} + {{- else }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- end }} +{{- end -}} + {{/* Sets environment variables when profiler is enabled */}} diff --git a/charts/connect/templates/connect-deployment.yaml b/charts/connect/templates/connect-deployment.yaml index b78b172..b853a17 100644 --- a/charts/connect/templates/connect-deployment.yaml +++ b/charts/connect/templates/connect-deployment.yaml @@ -35,11 +35,15 @@ spec: spec: {{- with .Values.connect.nodeSelector }} nodeSelector: - {{ toYaml . | indent 8 }} + {{- toYaml . | nindent 8 }} {{- end }} {{- if .Values.connect.priorityClassName }} priorityClassName: {{ .Values.connect.priorityClassName }} {{- end }} + {{- with .Values.connect.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} volumes: - name: {{ .Values.connect.dataVolume.name }} {{ .Values.connect.dataVolume.type }}: {{- toYaml .Values.connect.dataVolume.values | nindent 12 }} @@ -52,7 +56,7 @@ spec: secretName: {{ .Values.connect.tls.secret }} {{- end }} tolerations: - {{ toYaml .Values.connect.tolerations | indent 8 }} + {{- toYaml .Values.connect.tolerations | nindent 8 }} containers: - name: {{ .Values.connect.api.name }} image: {{ .Values.connect.api.imageRepository }}:{{ tpl .Values.connect.version . }} diff --git a/charts/connect/templates/connect-hpa.yaml b/charts/connect/templates/connect-hpa.yaml new file mode 100644 index 0000000..e85f80d --- /dev/null +++ b/charts/connect/templates/connect-hpa.yaml @@ -0,0 +1,39 @@ +{{- if (and .Values.connect.create .Values.connect.hpa.enabled ) }} +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: {{ .Values.connect.applicationName }} + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/component: connect + {{- include "onepassword-connect.labels" . | nindent 4 }} +{{- include "onepassword-connect.extraAnnotations" .Values.connect.hpa }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ .Values.connect.applicationName }} + minReplicas: {{ .Values.connect.hpa.minReplicas }} + maxReplicas: {{ .Values.connect.hpa.maxReplicas }} + metrics: + {{- with .Values.connect.hpa.avgMemoryUtilization }} + - type: Resource + resource: + name: memory + target: + averageUtilization: {{ . }} + type: Utilization + {{- end }} + {{- with .Values.connect.hpa.avgCpuUtilization }} + - type: Resource + resource: + name: cpu + target: + averageUtilization: {{ . }} + type: Utilization + {{- end }} + {{- with .Values.connect.hpa.behavior }} + behavior: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/charts/connect/templates/connect-pdb.yaml b/charts/connect/templates/connect-pdb.yaml new file mode 100644 index 0000000..1ef7159 --- /dev/null +++ b/charts/connect/templates/connect-pdb.yaml @@ -0,0 +1,21 @@ +{{- if (and .Values.connect.create .Values.connect.pdb.enabled ) }} +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + name: {{ .Values.connect.applicationName }} + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/component: connect + {{- include "onepassword-connect.labels" . | nindent 4 }} +{{- include "onepassword-connect.extraAnnotations" .Values.connect.pdb }} +spec: + {{- with .Values.connect.pdb.maxUnavailable }} + maxUnavailable: {{ . }} + {{- else }} + minAvailable: {{ .Values.connect.pdb.minAvailable }} + {{- end }} + selector: + matchLabels: + app.kubernetes.io/component: connect + {{- include "onepassword-connect.selectorLabels" . | nindent 6 }} +{{- end }} \ No newline at end of file diff --git a/charts/connect/templates/operator-deployment.yaml b/charts/connect/templates/operator-deployment.yaml index 5584f0c..ab081e2 100644 --- a/charts/connect/templates/operator-deployment.yaml +++ b/charts/connect/templates/operator-deployment.yaml @@ -15,7 +15,7 @@ metadata: {{- toYaml . | nindent 4 }} {{- end }} spec: - replicas: 1 + replicas: {{ .Values.operator.replicas }} selector: matchLabels: name: {{ .Values.connect.applicationName }} @@ -32,15 +32,19 @@ spec: {{- toYaml . | nindent 8 }} {{- end }} spec: -{{- with .Values.operator.nodeSelector }} + {{- with .Values.operator.nodeSelector }} nodeSelector: -{{ toYaml . | indent 8 }} -{{- end }} + {{- toYaml . | nindent 8 }} + {{- end }} {{- if .Values.operator.priorityClassName }} priorityClassName: {{ .Values.operator.priorityClassName }} {{- end }} + {{- with .Values.operator.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} tolerations: -{{ toYaml .Values.operator.tolerations | indent 8 }} + {{- toYaml .Values.operator.tolerations | nindent 8 }} serviceAccountName: {{ .Values.operator.serviceAccount.name }} containers: - name: {{ .Values.connect.applicationName }} diff --git a/charts/connect/templates/operator-hpa.yaml b/charts/connect/templates/operator-hpa.yaml new file mode 100644 index 0000000..5639dc6 --- /dev/null +++ b/charts/connect/templates/operator-hpa.yaml @@ -0,0 +1,39 @@ +{{- if (and .Values.operator.create .Values.operator.hpa.enabled ) }} +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: {{ .Values.operator.applicationName }} + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/component: operator + {{- include "onepassword-connect.labels" . | nindent 4 }} +{{- include "onepassword-connect.extraAnnotations" .Values.operator.hpa }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ .Values.operator.applicationName }} + minReplicas: {{ .Values.operator.hpa.minReplicas }} + maxReplicas: {{ .Values.operator.hpa.maxReplicas }} + metrics: + {{- with .Values.operator.hpa.avgMemoryUtilization }} + - type: Resource + resource: + name: memory + target: + averageUtilization: {{ . }} + type: Utilization + {{- end }} + {{- with .Values.operator.hpa.avgCpuUtilization }} + - type: Resource + resource: + name: cpu + target: + averageUtilization: {{ . }} + type: Utilization + {{- end }} + {{- with .Values.operator.hpa.behavior }} + behavior: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/charts/connect/templates/operator-pdb.yaml b/charts/connect/templates/operator-pdb.yaml new file mode 100644 index 0000000..89e29ea --- /dev/null +++ b/charts/connect/templates/operator-pdb.yaml @@ -0,0 +1,21 @@ +{{- if (and .Values.operator.create .Values.operator.pdb.enabled ) }} +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + name: {{ .Values.operator.applicationName }} + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/component: operator + {{- include "onepassword-connect.labels" . | nindent 4 }} +{{- include "onepassword-connect.extraAnnotations" .Values.operator.pdb }} +spec: + {{- with .Values.operator.pdb.maxUnavailable }} + maxUnavailable: {{ . }} + {{- else }} + minAvailable: {{ .Values.operator.pdb.minAvailable }} + {{- end }} + selector: + matchLabels: + app.kubernetes.io/component: operator + {{- include "onepassword-connect.selectorLabels" . | nindent 6 }} +{{- end }} \ No newline at end of file diff --git a/charts/connect/values.yaml b/charts/connect/values.yaml index 5f53a4f..cf7b999 100644 --- a/charts/connect/values.yaml +++ b/charts/connect/values.yaml @@ -101,6 +101,37 @@ connect: # See: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector nodeSelector: {} + # Affinity rules for the Connect pod + affinity: {} + + ## Horizontal Pod Autoscaling for the Connect pod + hpa: + # Enable Horizontal Pod Autoscaling for the Connect pod + enabled: false + # Additional annotations to be added to the HPA Connect + annotations: {} + # Minimum number of replicas for the Connect pod + minReplicas: 1 + # Maximum number of replicas for the Connect pod + maxReplicas: 3 + # Average Memory utilization percentage for the Connect pod + avgMemoryUtilization: 50 + # Average CPU utilization percentage for the Connect pod + avgCpuUtilization: 50 + # Defines the Autoscaling Behavior in up/down directions + behavior: {} + + ## Pod Disruption Budget for the Connect pod + pdb: + # Enable Pod Disruption Budget for the Connect pod + enabled: false + # Additional annotations to be added to the PDB Connect + annotations: {} + # Number of pods that are unavailble after eviction as number or percentage (eg.: 50%) + maxUnavailable: 1 + # Number of pods that are available after eviction as number or percentage (eg.: 50%) + minAvailable: 0 + # 1Password Connect API and Sync Service probes: # Denotes whether the 1Password Connect API readiness probe will operate @@ -206,6 +237,9 @@ operator: # Denotes whether the 1Password Operator will be deployed create: false + # The number of replicas to run the 1Password Connect Operator deployment + replicas: 1 + # Denotes whether the 1Password Operator will automatically restart deployments based on associated updated secrets. autoRestart: false @@ -231,6 +265,37 @@ operator: # See: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector nodeSelector: {} + # Affinity rules for the Operator pod + affinity: {} + + ## Horizontal Pod Autoscaling for the Operator pod + hpa: + # Enable Horizontal Pod Autoscaling for the Operator pod + enabled: false + # Additional annotations to be added to the HPA Operator + annotations: {} + # Minimum number of replicas for the Operator pod + minReplicas: 1 + # Maximum number of replicas for the Operator pod + maxReplicas: 3 + # Average Memory utilization percentage for the Operator pod + avgMemoryUtilization: 50 + # Average CPU utilization percentage for the Operator pod + avgCpuUtilization: 50 + # Defines the Autoscaling Behavior in up/down directions + behavior: {} + + ## Pod Disruption Budget for the Operator pod + pdb: + # Enable Pod Disruption Budget for the Operator pod + enabled: false + # Additional annotations to be added to the PDB Operator + annotations: {} + # Number of pods that are unavailble after eviction as number or percentage (eg.: 50%) + maxUnavailable: 1 + # Number of pods that are available after eviction as number or percentage (eg.: 50%) + minAvailable: 0 + # Additional annotations to be added to the Operator pods. annotations: {}