[KYUUBI #3976] Helm chart improvements

### _Why are the changes needed?_ The changes are needed to improve helm chart usability. The PR introduces a few enhancements (one per commit) to make Kyuubi helm chart more friendly to be used. ### _How was this patch tested?_ - [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible - [ ] Add screenshots for manual tests if appropriate - [ ] [Run test](https://kyuubi.apache.org/docs/latest/develop_tools/testing.html#running-tests) locally before make a pull request Closes #3976 from dnskr/helm_charts_improvements. Closes #3976 b289613 [dnskr] [K8S][HELM] Add serviceAccount and rbac creation support to helm chart f677247 [dnskr] [K8S][HELM] Add nodeSelector, tolerations, affinity and securityContext support to helm chart 00337f0 [dnskr] [K8S][HELM] Use {{ .Release.Name }} for resource names in helm chart 53677ae [dnskr] [K8S][HELM] Do not render Deployment resources if the value is not set 1073e03 [dnskr] [K8S][HELM] Add env and envFrom support to helm chart and delete redundant $KYUUBI_HOME variable set 95db61b [dnskr] [K8S][HELM] Add more options for liveness and readiness probes to helm chart e860a2c [dnskr] [K8S][HELM] Add imagePullSecrets support to helm chart 6f4fd18 [dnskr] [K8S][HELM] Fix image tag assignment and compact Chart.yaml Authored-by: dnskr <dnskrv88@gmail.com> Signed-off-by: ulysses-you <ulyssesyou@apache.org>
apache · Dec 14, 2022 · 0295c0f · 0295c0f
1 parent 6445d7e
commit 0295c0f
Show file tree

Hide file tree

Showing 8 changed files with 147 additions and 43 deletions.
diff --git a/docker/helm/Chart.yaml b/docker/helm/Chart.yaml
@@ -17,30 +17,11 @@
 
 apiVersion: v2
 name: kyuubi
-description: A Helm chart for kyuubi server
-
-# A chart can be either an 'application' or a 'library' chart.
-#
-# Application charts are a collection of templates that can be packaged into versioned archives
-# to be deployed.
-#
-# Library charts provide useful utilities or functions for the chart developer. They're included as
-# a dependency of application charts to inject those utilities and functions into the rendering
-# pipeline. Library charts do not define any templates and therefore cannot be deployed.
+description: A Helm chart for Kyuubi server
 type: application
-
-# This is the chart version. This version number should be incremented each time you make changes
-# to the chart and its templates, including the app version.
-# Versions are expected to follow Semantic Versioning (https://semver.org/)
 version: 0.1.0
-
-# This is the version number of the application being deployed. This version number should be
-# incremented each time you make changes to the application. Versions are not expected to
-# follow Semantic Versioning. They should reflect the version the application is using.
-# It is recommended to use it with quotes.
-appVersion: "1.5.2"
-
+appVersion: "master-snapshot"
+home: https://kyuubi.apache.org
 icon: https://raw.githubusercontent.com/apache/incubator-kyuubi/master/docs/imgs/logo.png
-
 sources:
-  - https://github.com/apache/incubator-kyuubi/tree/master/docker
+  - https://github.com/apache/incubator-kyuubi
diff --git a/docker/helm/templates/kyuubi-configmap.yaml b/docker/helm/templates/kyuubi-configmap.yaml
@@ -18,7 +18,7 @@
 apiVersion: v1
 kind: ConfigMap
 metadata:
-  name: kyuubi-defaults
+  name: {{ .Release.Name }}-kyuubi-defaults
   labels:
     app: {{ template "kyuubi.name" . }}
 data:

diff --git a/docker/helm/templates/kyuubi-deployment.yaml b/docker/helm/templates/kyuubi-deployment.yaml
@@ -18,7 +18,7 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
-  name: kyuubi-server
+  name: {{ .Release.Name }}
   labels:
     app: {{ template "kyuubi.name" . }}
     release: {{ .Release.Name }}
@@ -35,13 +35,20 @@ spec:
         app: {{ template "kyuubi.name" . }}
         release: {{ .Release.Name }}
     spec:
-      {{- if .Values.serviceAccount }}
-      serviceAccountName: {{ .Values.serviceAccount.name }}
-      {{- end}}
+      {{- with .Values.imagePullSecrets }}
+      imagePullSecrets: {{- toYaml . | nindent 8 }}
+      {{- end }}
+      serviceAccountName: {{ .Values.serviceAccount.name | default .Release.Name }}
       containers:
         - name: kyuubi-server
-          image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
+          image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
           imagePullPolicy: {{ .Values.image.pullPolicy }}
+          {{- with .Values.env }}
+          env: {{- tpl (toYaml .) $ | nindent 12 }}
+          {{- end }}
+          {{- with .Values.envFrom }}
+          envFrom: {{- tpl (toYaml .) $ | nindent 12 }}
+          {{- end }}
           ports:
             - name: frontend-port
               containerPort: {{ .Values.server.bind.port }}
@@ -52,27 +59,39 @@ spec:
               port: {{ .Values.server.bind.port }}
             initialDelaySeconds: {{ .Values.probe.liveness.initialDelaySeconds }}
             periodSeconds: {{ .Values.probe.liveness.periodSeconds }}
+            timeoutSeconds: {{ .Values.probe.liveness.timeoutSeconds }}
             failureThreshold: {{ .Values.probe.liveness.failureThreshold }}
+            successThreshold: {{ .Values.probe.liveness.successThreshold }}
           {{- end }}
           {{- if .Values.probe.readiness.enabled }}
           readinessProbe:
             tcpSocket:
               port: {{ .Values.server.bind.port }}
             initialDelaySeconds: {{ .Values.probe.readiness.initialDelaySeconds }}
             periodSeconds: {{ .Values.probe.readiness.periodSeconds }}
+            timeoutSeconds: {{ .Values.probe.readiness.timeoutSeconds }}
             failureThreshold: {{ .Values.probe.readiness.failureThreshold }}
+            successThreshold: {{ .Values.probe.readiness.successThreshold }}
+          {{- end }}
+          {{- with .Values.resources }}
+          resources:  {{- toYaml . | nindent 12 }}
           {{- end }}
-          resources:
-            {{- toYaml .Values.resources | nindent 12 }}
           volumeMounts:
             - name: kyuubi-defaults
               mountPath: {{ .Values.server.conf.mountPath }}
-          env:
-            {{- range $key, $val := .Values.environments }}
-            - name: {{ $key }}
-              value: {{ $val | quote }}
-            {{- end }}
       volumes:
         - name: kyuubi-defaults
           configMap:
-            name: kyuubi-defaults
+            name: {{ .Release.Name }}-kyuubi-defaults
+      {{- with .Values.nodeSelector }}
+      nodeSelector: {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.affinity }}
+      affinity: {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.tolerations }}
+      tolerations: {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.securityContext }}
+      securityContext: {{- toYaml . | nindent 8 }}
+      {{- end }}
diff --git a/docker/helm/templates/kyuubi-role.yaml b/docker/helm/templates/kyuubi-role.yaml
@@ -0,0 +1,26 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License.  You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+{{- if .Values.rbac.create }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ .Release.Name }}
+  labels:
+    app: {{ template "kyuubi.name" . }}
+rules: {{- toYaml .Values.rbac.rules | nindent 2 }}
+{{- end }}
diff --git a/docker/helm/templates/kyuubi-rolebinding.yaml b/docker/helm/templates/kyuubi-rolebinding.yaml
@@ -0,0 +1,32 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License.  You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+{{- if .Values.rbac.create }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ .Release.Name }}
+  labels:
+    app: {{ template "kyuubi.name" . }}
+subjects:
+  - kind: ServiceAccount
+    name: {{ .Values.serviceAccount.name | default .Release.Name }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ .Release.Name }}
+{{- end }}
diff --git a/docker/helm/templates/kyuubi-service.yaml b/docker/helm/templates/kyuubi-service.yaml
@@ -18,7 +18,7 @@
 apiVersion: v1
 kind: Service
 metadata:
-  name: kyuubi-svc
+  name: {{ .Release.Name }}
   labels:
     app: {{ template "kyuubi.name" . }}
   {{- with .Values.service.annotations }}

diff --git a/docker/helm/templates/kyuubi-serviceaccount.yaml b/docker/helm/templates/kyuubi-serviceaccount.yaml
@@ -0,0 +1,25 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License.  You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+{{- if .Values.serviceAccount.create }}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ .Values.serviceAccount.name | default .Release.Name }}
+  labels:
+    app: {{ template "kyuubi.name" . }}
+{{- end }}
diff --git a/docker/helm/values.yaml b/docker/helm/values.yaml
@@ -25,24 +25,37 @@ replicaCount: 2
 image:
   repository: apache/kyuubi
   pullPolicy: Always
-  # Overrides the image tag whose default is the chart appVersion.
-  tag: "master-snapshot"
+  tag: ~
+
+imagePullSecrets: []
 
 # ServiceAccount used for Kyuubi create/list/delete pod in kubernetes
 serviceAccount:
-  name: default
+  create: true
+  name: ~
+
+rbac:
+  create: true
+  rules:
+    - apiGroups: [""]
+      resources: ["pods"]
+      verbs: ["create", "list", "delete"]
 
 probe:
   liveness:
     enabled: true
     initialDelaySeconds: 30
     periodSeconds: 10
+    timeoutSeconds: 2
     failureThreshold: 10
+    successThreshold: 1
   readiness:
     enabled: true
     initialDelaySeconds: 30
     periodSeconds: 10
+    timeoutSeconds: 2
     failureThreshold: 10
+    successThreshold: 1
 
 server:
   bind:
@@ -51,8 +64,9 @@ server:
   conf:
     mountPath: /opt/kyuubi/conf
 
-environments:
-  KYUUBI_HOME: /opt/kyuubi
+# Environment variables (templated)
+env: []
+envFrom: []
 
 service:
   type: NodePort
@@ -74,3 +88,10 @@ resources: {}
   # requests:
   #   cpu: 2
   #   memory: 4Gi
+
+# Constrain Kyuubi server pods to specific nodes
+nodeSelector: {}
+tolerations: []
+affinity: {}
+
+securityContext: {}