feat(sidecar): allow more than one container per pod

evry-ace · Jul 12, 2024 · 5bfe973 · 5bfe973
1 parent 104e22a
commit 5bfe973
Show file tree

Hide file tree

Showing 10 changed files with 169 additions and 70 deletions.
diff --git a/dotnet/Chart.yaml b/dotnet/Chart.yaml
@@ -1,8 +1,8 @@
 apiVersion: v2
 description: .NET Core Helm Chart
 name: dotnet
-version: 13.0.1
+version: 13.1.0
 dependencies:
   - name: libchart
-    version: 4.0.1
+    version: 4.2.0
     repository: file://../libchart
diff --git a/golang/Chart.yaml b/golang/Chart.yaml
@@ -1,8 +1,8 @@
 apiVersion: v2
 description: golan Helm Chart
 name: golang
-version: 17.0.1
+version: 17.1.0
 dependencies:
   - name: libchart
-    version: 4.0.1
+    version: 4.2.0
     repository: file://../libchart
diff --git a/java/Chart.yaml b/java/Chart.yaml
@@ -1,8 +1,8 @@
 apiVersion: v2
 description: Java Helm Chart
 name: java
-version: 10.0.1
+version: 10.1.0
 dependencies:
   - name: libchart
-    version: 4.0.1
+    version: 4.2.0
     repository: file://../libchart
diff --git a/java/values.yaml b/java/values.yaml
@@ -13,7 +13,49 @@ image:
   # pullSecrets:
   #   - secret1
   #   - secret2
-
+sidecars:
+  - name: helper1
+    image:
+      repository: "repo"
+      tag: "123"
+      extraContainerPorts: [8088, 9099]
+    securityContext:
+      readOnlyRootFilesystem: true
+      allowPrivilegeEscalation: false
+    resources:
+      limits:
+        cpu: 100m
+        memory: 128Mi
+      requests:
+        cpu: 100m
+        memory: 128Mi
+    environment: { }
+    secrets: { }
+    volumeMounts: [ ]
+    # - name: secret-volume
+    #   mountPath: /app/secrets
+    #   readOnly: true
+  - name: helper2
+    image:
+      repository: "repo"
+      tag: "456"
+      extraContainerPorts: [8088, 9099]
+    securityContext:
+      readOnlyRootFilesystem: true
+      allowPrivilegeEscalation: false
+    resources:
+      limits:
+        cpu: 100m
+        memory: 128Mi
+      requests:
+        cpu: 100m
+        memory: 128Mi
+    environment: { }
+    secrets: { }
+    volumeMounts:
+    - name: secret-volume
+      mountPath: /app/secrets
+      readOnly: true
 nameOverride: ""
 fullnameOverride: ""
 

diff --git a/libchart/Chart.yaml b/libchart/Chart.yaml
@@ -15,7 +15,7 @@ type: library
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 4.0.1
+version: 4.2.0
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to

diff --git a/libchart/templates/_container.tpl b/libchart/templates/_container.tpl
@@ -0,0 +1,65 @@
+{{- define "libchart.container" }}
+  image: "{{ .image.repository }}:{{ .image.tag }}"
+  imagePullPolicy: Always
+  {{- if .command }}
+  command:
+    {{ toYaml .command | nindent 6 }}
+  {{- end }}
+  {{- if .args }}
+  args:
+    {{ toYaml .args | nindent 6 }}
+  {{- end }}
+  {{- if or (.volumeMounts) (.csi) }}
+  volumeMounts:
+  {{- if .volumeMounts }}
+  {{- toYaml .volumeMounts | nindent 6 }}
+  {{- end }}
+  {{- if .csi }}
+    - name: {{ .csi.name }}
+      mountPath: {{ .csi.mountPath | quote }}
+      readOnly: true
+  {{- end }}
+  {{- end }}
+  ports:
+    {{- if .deployKind }} {{/* a hack to check if we are in the root context or in a sidecar; sidecars are not using the port mapping from the service */}}
+      {{- "- name: http" | nindent 4 }}
+      {{- "containerPort: " | nindent 6 }}{{ .service.targetPort | default 8080 }}
+      protocol: TCP
+    {{- end }}
+    {{- if .extraContainerPorts }}
+    {{ toYaml .extraContainerPorts | nindent 6 }}
+    {{- end }}
+  {{- $liveness := default dict .liveness }}
+  {{- $livenessEnabled := default false $liveness.enabled }}
+  {{- if and $liveness $livenessEnabled }}
+  livenessProbe:
+    httpGet:
+      path: {{ .liveness.path | default "/" }}
+      port: {{ .liveness.port | default 8080 }}
+    initialDelaySeconds: {{ .liveness.delay | default 15 }}
+    timeoutSeconds: {{ .liveness.timeout | default 15 }}
+    periodSeconds: {{ .liveness.periodSeconds | default 15 }}
+  {{- end }}
+  {{- $readiness := default dict .readiness }}
+  {{- $readinessEnabled := default false $readiness.enabled }}
+  {{- if and $readiness $readinessEnabled }}
+  readinessProbe:
+    httpGet:
+      path: {{ .readiness.path | default "/" }}
+      port: {{ .readiness.port | default 8080 }}
+    initialDelaySeconds: {{ .readiness.delay | default 15 }}
+    timeoutSeconds: {{ .readiness.timeout | default 15 }}
+    periodSeconds: {{ .readiness.periodSeconds | default 15 }}
+  {{- end }}
+  env:
+    {{- if .secrets }}
+    {{ toYaml .secrets | nindent 6 }}
+    {{- end }}
+    {{- if .environment }}
+    {{ toYaml .environment | nindent 6 }}
+    {{- end }}
+  resources:
+    {{- toYaml .resources | nindent 6 }}
+  securityContext:
+    {{- toYaml .securityContext | nindent 6 }}
+{{- end }}
diff --git a/libchart/templates/_pod.tpl b/libchart/templates/_pod.tpl
@@ -10,63 +10,13 @@ securityContext:
   {{- toYaml .Values.podSecurityContext | nindent 2 }}
 containers:
   - name: {{ .Chart.Name }}
-    image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
-    imagePullPolicy: Always
-    {{- if .Values.command }}
-    command:
-      {{ toYaml .Values.command | nindent 6 }}
-    {{- end }}
-    {{- if .Values.args }}
-    args:
-      {{ toYaml .Values.args | nindent 6 }}
-    {{- end }}
-    {{- if or (.Values.volumeMounts) (.Values.csi) }}
-    volumeMounts:
-    {{- if .Values.volumeMounts }}
-    {{ toYaml .Values.volumeMounts | nindent 6 }}
-    {{- end }}
-    {{- if .Values.csi }}
-      - name: {{ .Values.csi.name }}
-        mountPath: {{ .Values.csi.mountPath | quote }}
-        readOnly: true
-    {{- end }}
-    {{- end }}
-    ports:
-      - name: http
-        containerPort: {{ .Values.service.targetPort | default 8080 }}
-        protocol: TCP
-      {{ if .Values.extraContainerPorts }}
-      {{ toYaml .Values.extraContainerPorts | nindent 6 }}
-      {{- end }}
-    {{- if and (.Values.liveness) (.Values.liveness.enabled) }}
-    livenessProbe:
-      httpGet:
-        path: {{ .Values.liveness.path | default "/" }}
-        port: {{ .Values.liveness.port | default 8080 }}
-      initialDelaySeconds: {{ .Values.liveness.delay | default 15 }}
-      timeoutSeconds: {{ .Values.liveness.timeout | default 15 }}
-      periodSeconds: {{ .Values.liveness.periodSeconds | default 15 }}
-    {{- end }}
-    {{- if and (.Values.readiness) (.Values.readiness.enabled) }}
-    readinessProbe:
-      httpGet:
-        path: {{ .Values.readiness.path | default "/" }}
-        port: {{ .Values.readiness.port | default 8080 }}
-      initialDelaySeconds: {{ .Values.readiness.delay | default 15 }}
-      timeoutSeconds: {{ .Values.readiness.timeout | default 15 }}
-      periodSeconds: {{ .Values.readiness.periodSeconds | default 15 }}
-    {{- end }}
-    env:
-      {{- if .Values.secrets }}
-      {{ toYaml .Values.secrets | nindent 6 }}
-      {{- end }}
-      {{- if .Values.environment }}
-      {{ toYaml .Values.environment | nindent 6 }}
-      {{- end }}
-    resources:
-      {{ toYaml .Values.resources | nindent 6 }}
-    securityContext:
-      {{- toYaml .Values.securityContext | nindent 6 }}
+  {{- include "libchart.container" .Values | indent 2 -}}
+  {{- range $sc := .Values.sidecars -}}
+    {{ "- name: " | nindent 2 }}{{ $sc.name }}
+    {{- include "libchart.container" $sc  | indent 2 }}
+  {{- end }}
+  {{- if .Values.initContainers }}
+  {{- end }}
 {{- with .Values.nodeSelector }}
 nodeSelector:
   {{ toYaml . | nindent 4 }}

diff --git a/libchart/values.yaml b/libchart/values.yaml
@@ -14,7 +14,49 @@ image:
   # pullSecrets:
   #   - secret1
   #   - secret2
-
+sidecars:
+  - name: helper1
+    image:
+      repository: "repo"
+      tag: "123"
+      extraContainerPorts: [8088, 9099]
+    securityContext:
+      readOnlyRootFilesystem: true
+      allowPrivilegeEscalation: false
+    resources:
+      limits:
+        cpu: 100m
+        memory: 128Mi
+      requests:
+        cpu: 100m
+        memory: 128Mi
+    environment: { }
+    secrets: { }
+    volumeMounts: [ ]
+    # - name: secret-volume
+    #   mountPath: /app/secrets
+    #   readOnly: true
+  - name: helper2
+    image:
+      repository: "repo"
+      tag: "456"
+      extraContainerPorts: [8088, 9099]
+    securityContext:
+      readOnlyRootFilesystem: true
+      allowPrivilegeEscalation: false
+    resources:
+      limits:
+        cpu: 100m
+        memory: 128Mi
+      requests:
+        cpu: 100m
+        memory: 128Mi
+    environment: { }
+    secrets: { }
+    volumeMounts:
+      - name: secret-volume
+        mountPath: /app/secrets
+        readOnly: true
 nameOverride: ""
 fullnameOverride: ""
 

diff --git a/nodejs/Chart.yaml b/nodejs/Chart.yaml
@@ -1,8 +1,8 @@
 apiVersion: v2
 description: Node.js Helm Chart
 name: nodejs
-version: 17.0.1
+version: 17.1.0
 dependencies:
   - name: libchart
-    version: 4.0.1
+    version: 4.2.0
     repository: file://../libchart
diff --git a/web/Chart.yaml b/web/Chart.yaml
@@ -2,8 +2,8 @@ apiVersion: v2
 appVersion: "1.0"
 description: Helm chart for deployment of web servers
 name: web
-version: 14.0.1
+version: 14.1.0
 dependencies:
   - name: libchart
-    version: 4.0.1
+    version: 4.2.0
     repository: file://../libchart