Skip to content

helm chart from kustomize/cluster-config rework #95

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 14 commits into
base: main
Choose a base branch
from
Open

helm chart from kustomize/cluster-config rework #95

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
14 commits
Select commit Hold shift + click to select a range
4a02a59
new agent deployment
scott-cotton Sep 6, 2025
6bd0992
checkpoint for diff
scott-cotton Sep 6, 2025
fc2eb04
for diff
scott-cotton Sep 6, 2025
8c441db
preparation for v1.2.0
scott-cotton Sep 6, 2025
afe46b7
bugfix
scott-cotton Sep 6, 2025
9b42cdf
compile dev values into cluster-config
scott-cotton Sep 8, 2025
3f88bff
fixes from CR and update
scott-cotton Sep 9, 2025
58bd971
fix-agent-to-controlPlane-values-change
scott-cotton Sep 12, 2025
bc47325
fix compile-cluster-config
scott-cotton Sep 12, 2025
7643f41
incorporate using old cluster-agent secret on upgrade
scott-cotton Sep 12, 2025
a766dd5
Merge branch 'main' into prep-v1.2.0
scott-cotton Sep 12, 2025
31afa5a
make helm-chart
daniel-de-vera Oct 14, 2025
3b704de
Addition of trafficManager.enabled
daniel-de-vera Oct 14, 2025
85b0891
Merge pull request #96 from signadot/disable-traffic-manager
daniel-de-vera Oct 14, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 8 additions & 2 deletions signadot/operator/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -546,16 +546,22 @@ Note that, unlike with Istio, routing in Linkerd is not expressed via Linkerd CR
| `routing.customHeaders` | List of custom headers used for sandbox routing | `[]` |


### Traffic Manager parameters

### Traffic capture parameters
| Name | Description | Default |
| ------------------------ | ---------------------- | ------- |
| `trafficManager.enabled` | Enable traffic manager | `true` |


### Traffic Capture parameters

| Name | Description | Default |
| ------------------------------------- | ----------------------------------------------------------- | ------- |
| `trafficCapture.enabled` | Enable traffic capture | `true` |
| `trafficCapture.requestHeadersElide` | List of request headers to be elided from traffic captures | `[]` |
| `trafficCapture.responseHeadersElide` | List of response headers to be elided from traffic captures | `[]` |

### Control plane parameters
### Control Plane parameters

| Name | Description | Default |
| ------------------------------------- | ----------------------------------------------------------- | ------- |
Expand Down
20 changes: 19 additions & 1 deletion signadot/operator/templates/_helpers.tpl
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,8 +5,24 @@ cluster config template
{{- define "compileClusterConfig" -}}
{{- $allowedNamespaces := (include "getAllowedNamespaces" . | fromJsonArray) -}}
allowedNamespaces: {{ if gt (len $allowedNamespaces) 0 }}{{ printf "\n" }}{{ toYaml $allowedNamespaces | indent 2}}{{- else -}}[]{{- end }}
{{- if (hasKey .Values "controlPlane") }}
controlPlane:
proxy: {{ if and (hasKey .Values "controlPlane") (hasKey .Values.controlPlane "proxy") -}}{{ .Values.controlPlane.proxy }}{{- else -}}enabled{{- end }}
proxy: {{ if (hasKey .Values.controlPlane "proxy") -}}{{ .Values.controlPlane.proxy }}{{- else -}}enabled{{- end }}
controlAPI: {{ if (hasKey .Values.controlPlane "controlAPI") -}}{{ .Values.controlPlane.controlAPI }}{{- else -}}https://api.signadot.com{{- end}}
tunnelAddr: {{ if (hasKey .Values.controlPlane "tunnelAddr") -}}{{ .Values.controlPlane.tunnelAddr }}{{- else -}}tunnel.signadot.com:443{{- end}}
{{- if (hasKey .Values.controlPlane "tunnelTLS") }}
tunnelTLS: {{ .Values.controlPlane.tunnelTLS }}
{{- end }}
{{- if (hasKey .Values.controlPlane "artifactsAPI") }}
artifactsAPI: {{ .Values.controlPlane.artifactsAPI }}
{{- end }}
{{- if (hasKey .Values.controlPlane "trafficmodelsAPI") }}
trafficmodelsAPI: {{ .Values.controlPlane.trafficmodelsAPI }}
{{- end }}
{{- if (hasKey .Values.controlPlane "tokenSecret") }}
tokenSecret: {{ .Values.controlPlane.tokenSecret }}
{{- end }}
{{- end }}
allowOrphanedResources: {{ if hasKey .Values "allowOrphanedResources" -}}{{ toString .Values.allowOrphanedResources }}{{- else -}}false{{- end }}
routing:
istio:
Expand All @@ -26,6 +42,8 @@ routing:
{{- end}}
iptablesMode: {{ if and (hasKey .Values "routing") (hasKey .Values.routing "iptablesMode") -}}{{ .Values.routing.iptablesMode }}{{- else -}}legacy{{- end }}
customHeaders: {{ with .Values }}{{ with .routing }}{{ with .customHeaders }}{{ printf "\n" }}{{ toYaml . | indent 4}}{{- else -}}[]{{- end }}{{- else -}}[]{{- end }}{{- else -}}[]{{- end }}
trafficManager:
enabled: {{ if and (hasKey .Values "trafficManager") (hasKey .Values.trafficManager "enabled") -}}{{ toString .Values.trafficManager.enabled }}{{- else -}}true{{- end }}
trafficCapture:
enabled: {{ if and (hasKey .Values "trafficCapture") (hasKey .Values.trafficCapture "enabled") -}}{{ toString .Values.trafficCapture.enabled }}{{- else -}}true{{- end }}
requestHeadersElide: {{ with .Values }}{{ with .trafficCapture }}{{ with .requestHeadersElide }}{{ printf "\n" }}{{ toYaml . | indent 4}}{{- else -}}[]{{- end }}{{- else -}}[]{{- end }}{{- else -}}[]{{- end }}
Expand Down
43 changes: 27 additions & 16 deletions signadot/operator/templates/agent-deployment.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -33,8 +33,6 @@ spec:
{{- range $key, $val := .Values.podAnnotations }}
{{ $key | quote }}: {{ $val | quote }}
{{- end }}
cluster-config-checksum: '{{ include (print $.Template.BasePath "/signadot-cluster-config-configmap.yaml")
. | sha256sum }}'
{{- if $linkerdEnabled }}
{{- if and (hasKey .Values.linkerd "operator") (hasKey .Values.linkerd.operator "podAnnotations") (.Values.linkerd.operator.podAnnotations)}}
{{- range $key, $val := .Values.linkerd.operator.podAnnotations }}
Expand Down Expand Up @@ -63,20 +61,7 @@ spec:
{{- end }}
spec:
containers:
- args:
- --api-url={{ with .Values }}{{ with .dev }}{{ with .apiURL }}{{ . }}{{- else -}}"https://api.signadot.com"{{- end }}{{- else -}}"https://api.signadot.com"{{- end }}{{- else -}}"https://api.signadot.com"{{- end }}
- --tunnel-addr={{ with .Values }}{{ with .dev }}{{ with .agentTunnelAddr }}{{ . }}{{- else -}}"tunnel.signadot.com:443"{{- end }}{{- else -}}"tunnel.signadot.com:443"{{- end }}{{- else -}}"tunnel.signadot.com:443"{{- end }}
env:
- name: DEV
{{- with .Values }}{{- with .dev }}{{- with .agentTunnelNoTLS }}
value: {{ . | quote }}
{{- else -}}{{- end }}{{- else -}}{{- end }}{{- else -}}{{- end }}
- name: AGENT_TOKEN
valueFrom:
secretKeyRef:
key: token
name: {{ with .Values }}{{ with .agent }}{{ with .tokenSecret }}{{ . }}{{- else -}}"cluster-agent"{{- end }}{{- else -}}"cluster-agent"{{- end }}{{- else -}}"cluster-agent"{{- end }}
image: {{ with .Values }}{{ with .agent }}{{ with .image }}{{ . | quote}}{{- else -}}signadot/agent:v1.1.0{{- end }}{{- else -}}signadot/agent:v1.1.0{{- end }}{{- else -}}signadot/agent:v1.1.0{{- end }}
- image: {{ with .Values }}{{ with .agent }}{{ with .image }}{{ . | quote}}{{- else -}}signadot/agent:v1.1.0{{- end }}{{- else -}}signadot/agent:v1.1.0{{- end }}{{- else -}}signadot/agent:v1.1.0{{- end }}
imagePullPolicy: {{ with .Values }}{{ with .agent }}{{ with .imagePullPolicy }}{{ . | quote}}{{- else -}}IfNotPresent{{- end }}{{- else -}}IfNotPresent{{- end }}{{- else -}}IfNotPresent{{- end }}
livenessProbe:
httpGet:
Expand All @@ -93,5 +78,31 @@ spec:
resources:
{{ toYaml . | indent 10 }}
{{- else -}}{{- end }}{{- else -}}{{- end }}{{- else -}}{{- end }}
volumeMounts:
- mountPath: /etc/signadot/token
name: cluster-token
readOnly: true
subPath: token
- mountPath: /etc/signadot/cluster_config.yaml
name: cluster-config
readOnly: true
subPath: cluster_config.yaml
serviceAccountName: agent
volumes:
- name: cluster-token
secret:
items:
- key: token
path: token
secretName: '{{ $oldSecret := (lookup "v1" "Secret" "signadot" "cluster-agent")
}} {{- with .Values }} {{- with .controlPlane }} {{- with .tokenSecret
}} {{- . }} {{- else }} {{- if $oldSecret }}{{- $oldSecret.metadata.name
}} {{- else }}cluster-token {{- end }} {{- end }} {{- else }}cluster-token
{{- end }} {{- else }}cluster-token {{- end }}'
- configMap:
items:
- key: cluster_config.yaml
path: cluster_config.yaml
name: cluster-config
name: cluster-config
{{ end }}
10 changes: 0 additions & 10 deletions signadot/operator/templates/cluster-agent-secret.yaml
View file
Open in desktop

This file was deleted.

2 changes: 1 addition & 1 deletion ...es/signadot-cluster-config-configmap.yaml → ...r/templates/cluster-config-configmap.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: signadot-cluster-config
name: cluster-config
namespace: signadot
data:
cluster_config.yaml: |
Expand Down
10 changes: 10 additions & 0 deletions signadot/operator/templates/cluster-token-secret.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
{{- if and (hasKey .Values "controlPlane") (hasKey .Values.controlPlane "clusterToken")
}}
apiVersion: v1
kind: Secret
metadata:
name: {{ with .Values }}{{ with .controlPlane }}{{ with .tokenSecret }}{{ . }}{{- else -}}"cluster-token"{{- end }}{{- else -}}"cluster-token"{{- end }}{{- else -}}"cluster-token"{{- end }}
namespace: signadot
data:
token: {{ .Values.controlPlane.clusterToken | b64enc | quote }}
{{- end }}
1 change: 1 addition & 0 deletions signadot/operator/templates/io-context-server-service.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@ apiVersion: v1
kind: Service
metadata:
annotations:
routing.signadot.com/ignore: "true"
{{- range $key, $val := .Values.commonAnnotations }}
{{ $key | quote }}: {{ $val | quote }}
{{- end }}
Expand Down
47 changes: 47 additions & 0 deletions signadot/operator/templates/istioroutes.signadot.com-customresourcedefinition.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -100,6 +100,53 @@ spec:
- toService
type: object
type: array
middlewares:
description: Middlewares
items:
description: |-
RequestMiddlewareInstance specifies the name of a request middleware
and a set of arguments passed to parameters for the request middleware.
A list of RequestMiddlewareInstances are associated with workloads in
a sandbox or route group, providing the definition of the programmatic
treatment of requests sent to that workload.
properties:
args:
description: Arguments used to instantiate Parameters in
the named middleware.
items:
description: |-
Argument is a generic api struct representing arguments to
Parameters which are used to instantiate a set of parameters.
properties:
name:
description: Name indicates the name of the associated
parameter.
type: string
value:
description: |-
Value indicates the value passed to the parameter of
the same name.
type: string
valueFrom:
properties:
forward:
type: string
required:
- forward
type: object
required:
- name
- value
type: object
type: array
middleware:
description: Kubernetes resource name of the middleware
to instantiate.
type: string
required:
- middleware
type: object
type: array
namespace:
description: Namespace of this managed route
type: string
Expand Down
11 changes: 11 additions & 0 deletions signadot/operator/templates/jobrunnergroups.signadot.com-customresourcedefinition.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -762,6 +762,8 @@ spec:
- port
type: object
type: object
stopSignal:
type: string
type: object
livenessProbe:
properties:
Expand Down Expand Up @@ -1472,6 +1474,8 @@ spec:
- port
type: object
type: object
stopSignal:
type: string
type: object
livenessProbe:
properties:
Expand Down Expand Up @@ -2196,6 +2200,8 @@ spec:
- port
type: object
type: object
stopSignal:
type: string
type: object
livenessProbe:
properties:
Expand Down Expand Up @@ -3729,6 +3735,11 @@ spec:
zero and not specified. Defaults to 1.
format: int32
type: integer
reusePods:
description: |-
ReusePods specifies whether JRG pods are reused after job executions.
If false (default), JRG pods are always recreated after each job.
type: boolean
required:
- image
type: object
Expand Down
12 changes: 12 additions & 0 deletions signadot/operator/templates/resources.signadot.com-customresourcedefinition.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -822,6 +822,8 @@ spec:
- port
type: object
type: object
stopSignal:
type: string
type: object
livenessProbe:
properties:
Expand Down Expand Up @@ -1532,6 +1534,8 @@ spec:
- port
type: object
type: object
stopSignal:
type: string
type: object
livenessProbe:
properties:
Expand Down Expand Up @@ -2256,6 +2260,8 @@ spec:
- port
type: object
type: object
stopSignal:
type: string
type: object
livenessProbe:
properties:
Expand Down Expand Up @@ -4623,6 +4629,8 @@ spec:
- port
type: object
type: object
stopSignal:
type: string
type: object
livenessProbe:
properties:
Expand Down Expand Up @@ -5333,6 +5341,8 @@ spec:
- port
type: object
type: object
stopSignal:
type: string
type: object
livenessProbe:
properties:
Expand Down Expand Up @@ -6057,6 +6067,8 @@ spec:
- port
type: object
type: object
stopSignal:
type: string
type: object
livenessProbe:
properties:
Expand Down
12 changes: 12 additions & 0 deletions signadot/operator/templates/routeserver-deployment.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -52,4 +52,16 @@ spec:
resources:
{{ toYaml . | indent 10 }}
{{- else -}}{{- end }}{{- else -}}{{- end }}{{- else -}}{{- end }}
volumeMounts:
- mountPath: /etc/signadot/cluster_config.yaml
name: cluster-config
readOnly: true
subPath: cluster_config.yaml
serviceAccountName: routeserver
volumes:
- configMap:
items:
- key: cluster_config.yaml
path: cluster_config.yaml
name: cluster-config
name: cluster-config
1 change: 1 addition & 0 deletions signadot/operator/templates/routeserver-service.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@ apiVersion: v1
kind: Service
metadata:
annotations:
routing.signadot.com/ignore: "true"
{{- range $key, $val := .Values.commonAnnotations }}
{{ $key | quote }}: {{ $val | quote }}
{{- end }}
Expand Down
Loading