Merge pull request #40 from Trungtin1011/contribute-some-useful-chart…

…-configs Add some useful configs for operator helm chart
coroot · Jan 23, 2025 · 6000c45 · 6000c45
2 parents 0a63dbe + 47b4fce
commit 6000c45
Show file tree

Hide file tree

Showing 4 changed files with 74 additions and 6 deletions.
diff --git a/charts/operator/templates/deployment.yaml b/charts/operator/templates/deployment.yaml
@@ -2,6 +2,7 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   name: coroot-operator
+  namespace: {{ .Release.Namespace }}
   labels:
     app.kubernetes.io/name: coroot-operator
 spec:
@@ -10,14 +11,37 @@ spec:
       app.kubernetes.io/name: coroot-operator
   template:
     metadata:
+      {{- with .Values.podAnnotations }}
+      annotations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
       labels:
         app.kubernetes.io/name: coroot-operator
     spec:
+      {{- with .Values.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
       securityContext:
-        runAsNonRoot: true
-      serviceAccountName: coroot-operator
+        {{- toYaml .Values.podSecurityContext | nindent 8 }}
+      serviceAccountName: {{ .Values.serviceAccount.name }}
       containers:
         - name: operator
           image: "{{ .Values.image.repository }}:{{ .Chart.AppVersion }}"
+          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          securityContext:
+            {{- toYaml .Values.containerSecurityContext | nindent 12 }}
           resources:
             {{- toYaml .Values.resources | nindent 12 }}
+      {{- with .Values.nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.affinity }}
+      affinity:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.tolerations }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
diff --git a/charts/operator/templates/role_binding.yaml b/charts/operator/templates/role_binding.yaml
@@ -9,6 +9,6 @@ roleRef:
   kind: ClusterRole
   name: coroot-operator
 subjects:
-- kind: ServiceAccount
-  name: coroot-operator
-  namespace: {{ .Release.Namespace }}
+  - kind: ServiceAccount
+    name: { { .Values.serviceAccount.name } }
+    namespace: { { .Release.Namespace } }
diff --git a/charts/operator/templates/service_account.yaml b/charts/operator/templates/service_account.yaml
@@ -1,6 +1,13 @@
+{{- if .Values.serviceAccount.create -}}
 apiVersion: v1
 kind: ServiceAccount
 metadata:
   labels:
     app.kubernetes.io/name: coroot-operator
-  name: coroot-operator
+  name: {{ .Values.serviceAccount.name }}
+  namespace: {{ .Release.Namespace }}
+  {{- with .Values.serviceAccount.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+{{- end }}
diff --git a/charts/operator/values.yaml b/charts/operator/values.yaml
@@ -1,7 +1,44 @@
+## Service Account configuration
+serviceAccount:
+  # Specifies whether a service account should be created
+  create: true
+  # Annotations to add to the service account
+  annotations: {}
+  # The name of the service account to use.
+  name: "coroot-operator"
+
 image:
   repository: ghcr.io/coroot/coroot-operator
+  pullPolicy: IfNotPresent
+imagePullSecrets: []
 
 resources:
   requests:
     cpu: 100m
     memory: 64Mi
+
+## Extra annotations for pods
+podAnnotations: {}
+
+## Configure Pods Security Context
+podSecurityContext:
+  runAsNonRoot: true
+
+## Configure Container Security Context
+containerSecurityContext:
+  {}
+  # capabilities:
+  #   drop:
+  #   - ALL
+  # readOnlyRootFilesystem: true
+  # runAsNonRoot: true
+  # runAsUser: 1000
+
+## Node labels selector for pods assignment
+nodeSelector: {}
+
+## Tolerations for pods assignment
+tolerations: []
+
+## Affinity for pods assignment
+affinity: {}