diff --git a/README.md b/README.md index 4f02f2d..3095b49 100644 --- a/README.md +++ b/README.md @@ -16,6 +16,30 @@ This Helm chart deploys and configures: - an optional `ServiceAccount` - a `Secret` to pull containers from container registries +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| affinity | object | `{}` | node affinity | +| image | object | `{"pullPolicy":"Always","repository":"ghcr.io/terradue/calrissian-session/calrissian-session","tag":"latest"}` | Calrissian container image for running the Calrissian pod | +| imageCredentials | list | `[{"auth":"bXNhZ2....RVURt","registry":"ghcr.io"},{"auth":"ZmFi...mlRTldqZw==","https://index.docker.io/v1/":null}]` | container registries credentials | +| imageCredentials[0] | object | `{"auth":"bXNhZ2....RVURt","registry":"ghcr.io"}` | registry is the container registry | +| imageCredentials[0].auth | string | `"bXNhZ2....RVURt"` | auth is the base64 auth string (see your ~/.docker/config.json file) | +| nodeSelector | object | `{"k8s.scaleway.com/pool-name":"processing-node-pool-iride-xl"}` | specify the node selector for the Calrissian pod and the Calrissian worker pods | +| podAnnotations | object | `{}` | optional pod annotations | +| podSecurityContext | object | `{}` | additional settings for the pod security context | +| replicaCount | int | `1` | number of pods, one is usually enough | +| resources | object | `{"limits":{"cpu":"4","memory":"12Gi"},"requests":{"cpu":"4","memory":"8Gi"}}` | specify the resources for the Calrissian pod | +| s3 | object | `{"access_key_id":"SC...8Z","bucket_pattern":"s3:\\/\\/ir....tplace\\/.*","enabled":true,"endpoint_url":"https://s3.....cloud","region":"...","secret_access_key":"bf...dc6","signature_version":"s3v4"}` | use s3, if true, configMaps are mounted to access the S3 bucket | +| securityContext | object | `{"privileged":true}` | running with privileged set to true allows running podman in the Calrissian pod | +| serviceAccount | object | `{"annotations":{},"create":true,"name":"calrissian-sa"}` | Service account to use | +| serviceAccount.annotations | object | `{}` | Annotations to add to the service account | +| serviceAccount.create | bool | `true` | Specifies whether a service account should be created | +| serviceAccount.name | string | `"calrissian-sa"` | The name of the service account to use. | +| storageClass | string | `"openebs-kernel-nfs-scw"` | ReadWriteMany storage class for Calrissian worker | +| tolerations | list | `[]` | tolerations | +| volumeSize | string | `"10Gi"` | size of the ReadWriteMany volume for Calrissian executions | + ## Requirements - a kubeconfig file to access a kubernetes cluster diff --git a/charts/calrissian-session/Chart.yaml b/charts/calrissian-session/Chart.yaml index 58b7806..34154aa 100644 --- a/charts/calrissian-session/Chart.yaml +++ b/charts/calrissian-session/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.11 +version: 0.1.12 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/charts/calrissian-session/templates/cm_cr.yaml b/charts/calrissian-session/templates/cm_cr.yaml index 8965325..955ba7a 100644 --- a/charts/calrissian-session/templates/cm_cr.yaml +++ b/charts/calrissian-session/templates/cm_cr.yaml @@ -1,4 +1,3 @@ -{{- if .Values.containerRegistry.enabled -}} kind: ConfigMap apiVersion: v1 metadata: @@ -7,4 +6,3 @@ metadata: data: container-registry: | {{- include "dockerconfigjson.b64dec" . | nindent 6 }} -{{- end }} \ No newline at end of file diff --git a/charts/calrissian-session/templates/cm_user_settings.yaml b/charts/calrissian-session/templates/cm_user_settings.yaml index 4f66e00..f1766e4 100644 --- a/charts/calrissian-session/templates/cm_user_settings.yaml +++ b/charts/calrissian-session/templates/cm_user_settings.yaml @@ -10,12 +10,12 @@ data: "S3": { "Services": { "iride": { - "UrlPattern": {{ .Values.s3.bucket_pattern }}, - "Region": {{ .Values.s3.region }}, - "AuthenticationRegion": {{ .Values.s3.region }}, - "AccessKey": {{ .Values.s3.access_key_id }}, - "SecretKey": {{ .Values.s3.secret_access_key }}, - "ServiceURL": {{ .Values.s3.endpoint_url }}, + "UrlPattern": "{{ .Values.s3.bucket_pattern }}", + "Region": "{{ .Values.s3.region }}", + "AuthenticationRegion": "{{ .Values.s3.region }}", + "AccessKey": "{{ .Values.s3.access_key_id }}", + "SecretKey": "{{ .Values.s3.secret_access_key }}", + "ServiceURL": "{{ .Values.s3.endpoint_url }}", "ForcePathStyle": true } } diff --git a/charts/calrissian-session/templates/cr_secret.yaml b/charts/calrissian-session/templates/cr_secret.yaml index fd6933e..7b705ab 100644 --- a/charts/calrissian-session/templates/cr_secret.yaml +++ b/charts/calrissian-session/templates/cr_secret.yaml @@ -1,4 +1,3 @@ -{{- if .Values.containerRegistry.enabled -}} apiVersion: v1 kind: Secret metadata: @@ -6,5 +5,4 @@ metadata: type: kubernetes.io/dockerconfigjson data: .dockerconfigjson: {{ template "dockerconfigjson.b64enc" . }} -{{- end }} diff --git a/charts/calrissian-session/templates/deployment.yaml b/charts/calrissian-session/templates/deployment.yaml index 38700c9..bb2d5b6 100644 --- a/charts/calrissian-session/templates/deployment.yaml +++ b/charts/calrissian-session/templates/deployment.yaml @@ -39,7 +39,11 @@ spec: lifecycle: postStart: exec: + {{- if .Values.s3.enabled }} + command: ["/bin/sh", "-c", "cp -r /home/.docker /workspace/.podman && cp -r /home/.aws /workspace/.aws && chown -R mambauser:100 /workspace/.podman && chown -R mambauser:100 /calrissian" ] + {{ else }} command: ["/bin/sh", "-c", "cp -r /home/.docker /workspace/.podman && chown -R mambauser:100 /workspace/.podman && chown -R mambauser:100 /calrissian" ] + {{ end }} command: ["sleep"] args: ["604800"] resources: @@ -62,11 +66,9 @@ spec: mountPath: /etc/Stars/appsettings.json subPath: user-settings {{- end }} - {{- if .Values.containerRegistry.enabled }} - name: container-registry mountPath: /home/.docker/config.json subPath: container-registry - {{- end }} env: - name: CALRISSIAN_POD_NAME valueFrom: {fieldRef: {fieldPath: metadata.name}} @@ -103,11 +105,9 @@ spec: configMap: name: user-settings {{- end }} - {{- if .Values.containerRegistry.enabled }} - name: container-registry configMap: name: container-registry - {{- end }} {{- with .Values.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} diff --git a/charts/calrissian-session/values.yaml b/charts/calrissian-session/values.yaml index 0500d8f..e5ab1b1 100644 --- a/charts/calrissian-session/values.yaml +++ b/charts/calrissian-session/values.yaml @@ -1,73 +1,73 @@ # Default values for calrissian-session. -# This is a YAML-formatted file. -# number of pods +# -- number of pods, one is usually enough replicaCount: 1 -# container image for running the pod +# -- Calrissian container image for running the Calrissian pod image: - repository: terradue/calrissian-session:develop - pullPolicy: IfNotPresent + repository: ghcr.io/terradue/calrissian-session/calrissian-session + pullPolicy: Always tag: latest +# -- specify the resources for the Calrissian pod +resources: + requests: + memory: "8Gi" + cpu: "4" + limits: + memory: "12Gi" + cpu: "4" +# -- Service account to use serviceAccount: - # Specifies whether a service account should be created - create: false - # Annotations to add to the service account + # -- Specifies whether a service account should be created + create: true + # -- Annotations to add to the service account annotations: {} - # The name of the service account to use. + # -- The name of the service account to use. name: "calrissian-sa" -# optional pod annotations +# -- optional pod annotations podAnnotations: {} -# additional settings for the pod security context +# -- additional settings for the pod security context podSecurityContext: {} -# running with privileged set to true allows running podman in the pod +# -- running with privileged set to true allows running podman in the Calrissian pod securityContext: privileged: true -service: - type: ClusterIP - port: 80 +# -- specify the node selector for the Calrissian pod and the Calrissian worker pods +nodeSelector: + k8s.scaleway.com/pool-name: processing-node-pool-iride-xl -# specify the resources for the pod -resources: {} - -# specify the node selector -nodeSelector: {} - -# tolerations +# -- tolerations tolerations: [] -# node affinity +# -- node affinity affinity: {} -# ReadWriteMany storage class to use +# -- ReadWriteMany storage class for Calrissian worker storageClass: openebs-kernel-nfs-scw +# -- size of the ReadWriteMany volume for Calrissian executions +volumeSize: 10Gi -# size of the ReadWriteMany volumes -persistence: - calrissian: 10Gi -# use s3, if true, configMaps are mounted to access the S3 bucket +# -- use s3, if true, configMaps are mounted to access the S3 bucket s3: - enabled: false - access_key_id: - secret_access_key: - region: - endpoint_url: - signature_version: s3v4 - -# enable the configuration of the docker config file on the pod (support for podman pull) -containerRegistry: enabled: true + access_key_id: "SC...8Z" + secret_access_key: "bf...dc6" + region: "..." + endpoint_url: "https://s3.....cloud" + signature_version: s3v4 + bucket_pattern: 's3:\/\/ir....tplace\/.*' -# container registries credentials +# -- container registries credentials imageCredentials: - # registry is the container registry - - registry: https://index.docker.io/v1/ - # auth is the base64 auth string (see your ~/.docker/config.json file) - auth: "" \ No newline at end of file + # -- registry is the container registry + - registry: ghcr.io # mandatory + # -- auth is the base64 auth string (see your ~/.docker/config.json file) + auth: "bXNhZ2....RVURt" + - 'https://index.docker.io/v1/': + auth: "ZmFi...mlRTldqZw==" \ No newline at end of file