Merge branch 'main' into issue-176-include-image-pull-secrets

Author: msafwankarim

.github/workflows/ci.yml

@@ -2,26 +2,25 @@ name: CI
 
 on:
   push:
-    branches: [ main ]
+    branches: [main]
   pull_request:
-    branches: [ main ]
+    branches: [main]
 
 jobs:
-
   build:
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v3
+      - uses: actions/checkout@v3
 
-# GO tests
-    - name: Set up Go
-      uses: actions/setup-go@v4
-      with:
-        go-version: '1.21'
-        cache: false
+      # GO tests
+      - name: Set up Go
+        uses: actions/setup-go@v4
+        with:
+          go-version: "1.21"
+          cache: false
 
-    - name: Fmt
-      run: |
+      - name: Fmt
+        run: |
           # Run gofmt in "diff" mode to check for unformatted code
           UNFORMATTED_FILES=$(gofmt -l .)
           # Check if any files are unformatted
@@ -33,23 +32,23 @@ jobs:
           else
             echo "All Go files are properly formatted."
           fi
-    - name: Vet
-      run: go vet ./...
+      - name: Vet
+        run: go vet ./...
 
-    - name: Test
-      run: go test ./...
+      - name: Test
+        run: go test ./...
 
-    - name: golangci-lint
-      uses: golangci/golangci-lint-action@v3
-      with:
-        version: v1.54
-# Generate example charts
-    - name: Generate example charts
-      run: |
+      - name: golangci-lint
+        uses: golangci/golangci-lint-action@v3
+        with:
+          version: v1.54
+      # Generate example charts
+      - name: Generate example charts
+        run: |
           cat test_data/sample-app.yaml | go run ./cmd/helmify examples/app
           cat test_data/k8s-operator-kustomize.output | go run ./cmd/helmify examples/operator
-    - name: Check that chart examples were commited
-      run: |
+      - name: Check that chart examples were commited
+        run: |
           if [[ -n "$(git status --porcelain)" ]]; then
             # Capture the list of uncommitted files
             UNCOMMITTED_FILES=$(git status --porcelain)
@@ -61,36 +60,36 @@ jobs:
           else
             echo "Chart examples generation check passed. No uncommitted changes."
           fi
-# Dry-run generated charts in cluster
-    - name: Install k8s cluster
-      uses: helm/kind-action@v1.4.0
-    - name: Install certs
-      run: kubectl apply -f https://github.com/jetstack/cert-manager/releases/download/v1.1.1/cert-manager.yaml
+      # Dry-run generated charts in cluster
+      - name: Install k8s cluster
+        uses: helm/kind-action@v1.13.0
+      - name: Install certs
+        run: kubectl apply -f https://github.com/jetstack/cert-manager/releases/download/v1.1.1/cert-manager.yaml
 
-    - name: Generate operator ci chart
-      run: cat test_data/k8s-operator-ci.yaml | go run ./cmd/helmify examples/operator-ci
-    - name: Fill operator ci secrets
-      run: sed -i 's/""/"abc"/' ./examples/operator-ci/values.yaml
-    - name: Dry-run operator in k8s cluster
-      run: helm template ./examples/operator-ci -n operator-ns --create-namespace | kubectl apply --dry-run=server -f -
+      - name: Generate operator ci chart
+        run: cat test_data/k8s-operator-ci.yaml | go run ./cmd/helmify examples/operator-ci
+      - name: Fill operator ci secrets
+        run: sed -i 's/""/"abc"/' ./examples/operator-ci/values.yaml
+      - name: Dry-run operator in k8s cluster
+        run: helm template ./examples/operator-ci -n operator-ns --create-namespace | kubectl apply --dry-run=server -f -
 
-    - name: Generate app chart
-      run: cat test_data/sample-app.yaml | go run ./cmd/helmify examples/app
-    - name: Fill app secrets
-      run: sed -i 's/""/"abc"/' ./examples/app/values.yaml
-    - name: Dry-run app in k8s cluster
-      run: helm template ./examples/app -n app-ns --create-namespace | kubectl apply --dry-run=server -f -
+      - name: Generate app chart
+        run: cat test_data/sample-app.yaml | go run ./cmd/helmify examples/app
+      - name: Fill app secrets
+        run: sed -i 's/""/"abc"/' ./examples/app/values.yaml
+      - name: Dry-run app in k8s cluster
+        run: helm template ./examples/app -n app-ns --create-namespace | kubectl apply --dry-run=server -f -
 
-# Validate charts with Kubeconform
-    - name: Install Kubeconform
-      run: go install github.com/yannh/kubeconform/cmd/[email protected]
+      # Validate charts with Kubeconform
+      - name: Install Kubeconform
+        run: go install github.com/yannh/kubeconform/cmd/[email protected]
 
-    - name: Validate app
-      run: helm template ./examples/app -n app-ns --create-namespace | kubeconform -schema-location 'https://raw.githubusercontent.com/kubernetes/kubernetes/master/api/openapi-spec/v3/apis__apiextensions.k8s.io__v1_openapi.json' -strict
+      - name: Validate app
+        run: helm template ./examples/app -n app-ns --create-namespace | kubeconform -schema-location 'https://raw.githubusercontent.com/kubernetes/kubernetes/master/api/openapi-spec/v3/apis__apiextensions.k8s.io__v1_openapi.json' -strict
 
-    - name: Generate operator example chart
-      run: cat test_data/k8s-operator-kustomize.output | go run ./cmd/helmify examples/operator
-    - name: Fill operator example secrets
-      run: sed -i 's/""/"abc"/' ./examples/operator/values.yaml
-    - name: Validate example operator
-      run: helm template ./examples/operator -n operator-ns --create-namespace | kubeconform -schema-location 'https://raw.githubusercontent.com/kubernetes/kubernetes/master/api/openapi-spec/v3/apis__apiextensions.k8s.io__v1_openapi.json' -strict
+      - name: Generate operator example chart
+        run: cat test_data/k8s-operator-kustomize.output | go run ./cmd/helmify examples/operator
+      - name: Fill operator example secrets
+        run: sed -i 's/""/"abc"/' ./examples/operator/values.yaml
+      - name: Validate example operator
+        run: helm template ./examples/operator -n operator-ns --create-namespace | kubeconform -schema-location 'https://raw.githubusercontent.com/kubernetes/kubernetes/master/api/openapi-spec/v3/apis__apiextensions.k8s.io__v1_openapi.json' -strict

examples/app/templates/_helpers.tpl

@@ -54,9 +54,12 @@ app.kubernetes.io/instance: {{ .Release.Name }}
 Create the name of the service account to use
 */}}
 {{- define "app.serviceAccountName" -}}
-{{- if .Values.serviceAccount.create }}
-{{- default (include "app.fullname" .) .Values.serviceAccount.name }}
+{{- $default := (include "app.fullname" .) }}
+{{- with .Values.serviceAccount }}
+{{- if .create }}
+{{- default $default .name }}
 {{- else }}
-{{- default "default" .Values.serviceAccount.name }}
+{{- default "default" .name }}
+{{- end }}
 {{- end }}
 {{- end }}

examples/app/templates/batch-job.yaml

@@ -21,4 +21,9 @@ spec:
           | default .Chart.AppVersion }}
         name: pi
         resources: {}
+      nodeSelector: {{- toYaml .Values.batchJob.nodeSelector | nindent 8 }}
       restartPolicy: Never
+      serviceAccountName: {{ include "app.serviceAccountName" . }}
+      tolerations: {{- toYaml .Values.batchJob.tolerations | nindent 8 }}
+      topologySpreadConstraints: {{- toYaml .Values.batchJob.topologySpreadConstraints
+        | nindent 8 }}

examples/app/templates/cron-job.yaml

@@ -22,5 +22,10 @@ spec:
             imagePullPolicy: {{ .Values.cronJob.hello.imagePullPolicy }}
             name: hello
             resources: {}
+          nodeSelector: {{- toYaml .Values.cronJob.nodeSelector | nindent 12 }}
           restartPolicy: OnFailure
+          serviceAccountName: {{ include "app.serviceAccountName" . }}
+          tolerations: {{- toYaml .Values.cronJob.tolerations | nindent 12 }}
+          topologySpreadConstraints: {{- toYaml .Values.cronJob.topologySpreadConstraints
+            | nindent 12 }}
   schedule: {{ .Values.cronJob.schedule | quote }}

examples/app/templates/daemonset.yaml

@@ -32,11 +32,12 @@ spec:
         - mountPath: /var/lib/docker/containers
           name: varlibdockercontainers
           readOnly: true
+      nodeSelector: {{- toYaml .Values.fluentdElasticsearch.nodeSelector | nindent 8 }}
+      serviceAccountName: {{ include "app.serviceAccountName" . }}
       terminationGracePeriodSeconds: 30
-      tolerations:
-      - effect: NoSchedule
-        key: node-role.kubernetes.io/master
-        operator: Exists
+      tolerations: {{- toYaml .Values.fluentdElasticsearch.tolerations | nindent 8 }}
+      topologySpreadConstraints: {{- toYaml .Values.fluentdElasticsearch.topologySpreadConstraints
+        | nindent 8 }}
       volumes:
       - hostPath:
           path: /var/log

examples/app/templates/deployment.yaml

@@ -96,7 +96,11 @@ spec:
         resources: {}
       nodeSelector: {{- toYaml .Values.myapp.nodeSelector | nindent 8 }}
       securityContext: {{- toYaml .Values.myapp.podSecurityContext | nindent 8 }}
+      serviceAccountName: {{ include "app.serviceAccountName" . }}
       terminationGracePeriodSeconds: 10
+      tolerations: {{- toYaml .Values.myapp.tolerations | nindent 8 }}
+      topologySpreadConstraints: {{- toYaml .Values.myapp.topologySpreadConstraints | nindent
+        8 }}
       volumes:
       - configMap:
           name: {{ include "app.fullname" . }}-my-config

examples/app/templates/myapp-ipfamily-service.yaml

@@ -0,0 +1,21 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "app.fullname" . }}-myapp-ipfamily-service
+  labels:
+    app: myapp
+  {{- include "app.labels" . | nindent 4 }}
+spec:
+  type: {{ .Values.myappIpfamilyService.type }}
+  selector:
+    app: myapp
+    {{- include "app.selectorLabels" . | nindent 4 }}
+  {{- if .Values.myappIpfamilyService.ipFamilyPolicy }}
+  ipFamilyPolicy: {{ .Values.myappIpfamilyService.ipFamilyPolicy }}
+  {{- end }}
+  {{- if .Values.myappIpfamilyService.ipFamilies }}
+  ipFamilies:
+  {{- .Values.myappIpfamilyService.ipFamilies | toYaml | nindent 2 }}
+  {{- end }}
+  ports:
+  {{- .Values.myappIpfamilyService.ports | toYaml | nindent 2 }}

examples/app/templates/statefulset.yaml

@@ -29,6 +29,11 @@ spec:
         volumeMounts:
         - mountPath: /usr/share/nginx/html
           name: www
+      nodeSelector: {{- toYaml .Values.web.nodeSelector | nindent 8 }}
+      serviceAccountName: {{ include "app.serviceAccountName" . }}
+      tolerations: {{- toYaml .Values.web.tolerations | nindent 8 }}
+      topologySpreadConstraints: {{- toYaml .Values.web.topologySpreadConstraints |
+        nindent 8 }}
   updateStrategy: {}
   volumeClaimTemplates:
   - metadata:

examples/app/values.yaml

@@ -1,16 +1,22 @@
 batchJob:
   backoffLimit: 4
+  nodeSelector: {}
   pi:
     image:
       repository: perl
       tag: 5.34.0
+  tolerations: []
+  topologySpreadConstraints: []
 cronJob:
   hello:
     image:
       repository: busybox
       tag: "1.28"
     imagePullPolicy: IfNotPresent
+  nodeSelector: {}
   schedule: '* * * * *'
+  tolerations: []
+  topologySpreadConstraints: []
 fluentdElasticsearch:
   fluentdElasticsearch:
     image:
@@ -22,6 +28,12 @@ fluentdElasticsearch:
       requests:
         cpu: 100m
         memory: 200Mi
+  nodeSelector: {}
+  tolerations:
+  - effect: NoSchedule
+    key: node-role.kubernetes.io/master
+    operator: Exists
+  topologySpreadConstraints: []
 kubernetesClusterDomain: cluster.local
 myConfig:
   dummyconfigmapkey: dummyconfigmapvalue
@@ -89,6 +101,17 @@ myapp:
       tag: v0.8.0
   replicas: 3
   revisionHistoryLimit: 5
+  tolerations: []
+  topologySpreadConstraints: []
+myappIpfamilyService:
+  ipFamilies:
+  - IPv4
+  ipFamilyPolicy: SingleStack
+  ports:
+  - name: https
+    port: 8443
+    targetPort: https
+  type: ClusterIP
 myappLbService:
   loadBalancerSourceRanges:
   - 10.0.0.0/8
@@ -121,7 +144,10 @@ web:
     image:
       repository: registry.k8s.io/nginx-slim
       tag: "0.8"
+  nodeSelector: {}
   replicas: 2
+  tolerations: []
+  topologySpreadConstraints: []
   volumeClaims:
     www:
       requests:

examples/operator/templates/deployment.yaml

@@ -96,15 +96,11 @@ spec:
       nodeSelector: {{- toYaml .Values.controllerManager.nodeSelector | nindent 8 }}
       securityContext: {{- toYaml .Values.controllerManager.podSecurityContext | nindent
         8 }}
-      serviceAccountName: {{ include "operator.fullname" . }}-controller-manager
+      serviceAccountName: {{ include "operator.serviceAccountName" . }}
       terminationGracePeriodSeconds: 10
-      topologySpreadConstraints:
-      - matchLabelKeys:
-        - app
-        - pod-template-hash
-        maxSkew: 1
-        topologyKey: kubernetes.io/hostname
-        whenUnsatisfiable: DoNotSchedule
+      tolerations: {{- toYaml .Values.controllerManager.tolerations | nindent 8 }}
+      topologySpreadConstraints: {{- toYaml .Values.controllerManager.topologySpreadConstraints
+        | nindent 8 }}
       volumes:
       - configMap:
           name: {{ include "operator.fullname" . }}-manager-config