Merge pull request #35 from jmenan/feat/chart/update-pod-identity-web…

…hook
jkroepke · Feb 3, 2023 · 8ecaf1e · 8ecaf1e
2 parents 8dee072 + 42acf37
commit 8ecaf1e
Show file tree

Hide file tree

Showing 8 changed files with 93 additions and 51 deletions.
diff --git a/charts/amazon-eks-pod-identity-webhook/Chart.yaml b/charts/amazon-eks-pod-identity-webhook/Chart.yaml
@@ -1,7 +1,7 @@
 apiVersion: v2
 name: amazon-eks-pod-identity-webhook
 description: A Kubernetes webhook for pods that need AWS IAM access
-version: 1.0.3
+version: 1.1.0
 type: application
 # renovate: image=amazon/amazon-eks-pod-identity-webhook
 appVersion: "v0.3.0"

diff --git a/charts/amazon-eks-pod-identity-webhook/templates/_helpers.tpl b/charts/amazon-eks-pod-identity-webhook/templates/_helpers.tpl
@@ -71,3 +71,14 @@ Create the name of the service account to use
 {{- default "default" .Values.serviceAccount.name }}
 {{- end }}
 {{- end }}
+
+{{/* 
+Get PodDisruptionBudget API Version 
+*/}}
+{{- define "amazon-eks-pod-identity-webhook.pdb.apiVersion" -}}
+  {{- if and (.Capabilities.APIVersions.Has "policy/v1") (semverCompare ">= 1.21-0" .Capabilities.KubeVersion.Version) -}}
+      {{- print "policy/v1" -}}
+  {{- else -}}
+    {{- print "policy/v1beta1" -}}
+  {{- end -}}
+{{- end -}}
diff --git a/charts/amazon-eks-pod-identity-webhook/templates/deployment.yaml b/charts/amazon-eks-pod-identity-webhook/templates/deployment.yaml
@@ -31,6 +31,9 @@ spec:
       imagePullSecrets:
         {{- toYaml . | nindent 8 }}
       {{- end }}
+      {{- if .Values.priorityClassName }}
+      priorityClassName: "{{ .Values.priorityClassName }}"
+      {{- end }}
       containers:
         - name: {{ .Chart.Name }}
           securityContext:

diff --git a/charts/amazon-eks-pod-identity-webhook/templates/pdb.yaml b/charts/amazon-eks-pod-identity-webhook/templates/pdb.yaml
@@ -0,0 +1,18 @@
+{{- if and .Values.podDisruptionBudget.enabled (gt (.Values.replicaCount | int) 1) -}}
+apiVersion: {{ include "amazon-eks-pod-identity-webhook.pdb.apiVersion" . }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ include "amazon-eks-pod-identity-webhook.fullname" . }}
+  labels:
+    {{- include "amazon-eks-pod-identity-webhook.labels" . | nindent 4 }}
+spec:
+  {{- if .Values.podDisruptionBudget.minAvailable }}
+  minAvailable: {{ .Values.podDisruptionBudget.minAvailable }}
+  {{- end  }}
+  {{- if .Values.podDisruptionBudget.maxUnavailable }}
+  maxUnavailable: {{ .Values.podDisruptionBudget.maxUnavailable }}
+  {{- end  }}
+  selector:
+    matchLabels:
+      {{- include "amazon-eks-pod-identity-webhook.selectorLabels" . | nindent 6 }}
+{{- end -}}
diff --git a/charts/amazon-eks-pod-identity-webhook/templates/podmonitor.yaml b/charts/amazon-eks-pod-identity-webhook/templates/podmonitor.yaml
diff --git a/charts/amazon-eks-pod-identity-webhook/templates/service.yaml b/charts/amazon-eks-pod-identity-webhook/templates/service.yaml
@@ -16,5 +16,9 @@ spec:
       targetPort: https
       protocol: TCP
       name: https
+    - port: {{ .Values.config.ports.metrics }}
+      targetPort: metrics
+      protocol: TCP
+      name: metrics
   selector:
     {{- include "amazon-eks-pod-identity-webhook.selectorLabels" . | nindent 4 }}
diff --git a/charts/amazon-eks-pod-identity-webhook/templates/servicemonitor.yaml b/charts/amazon-eks-pod-identity-webhook/templates/servicemonitor.yaml
@@ -0,0 +1,35 @@
+{{- if .Values.metrics.serviceMonitor.enabled -}}
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+  name: {{ .Release.Name }}
+  labels:
+    {{- include "amazon-eks-pod-identity-webhook.labels" . | nindent 4 }}
+  {{- with .Values.metrics.serviceMonitor.additionalLabels }}
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+spec:
+  jobLabel: {{ .Release.Name }}
+  namespaceSelector:
+    matchNames:
+      - {{ include "amazon-eks-pod-identity-webhook.namespace" . }}
+  selector:
+    matchLabels:
+      {{- include "amazon-eks-pod-identity-webhook.selectorLabels" . | nindent 6 }}
+  endpoints:
+    - port: metrics
+      path: /metrics
+      scheme: http
+      {{- if .Values.metrics.serviceMonitor.interval }}
+      interval: {{ .Values.metrics.serviceMonitor.interval }}
+      {{- end }}
+      {{- if .Values.metrics.serviceMonitor.scrapeTimeout }}
+      scrapeTimeout: {{ .Values.metrics.serviceMonitor.scrapeTimeout }}
+      {{- end }}
+      {{- if .Values.metrics.serviceMonitor.honorLabels }}
+      honorLabels: {{ .Values.metrics.serviceMonitor.honorLabels }}
+      {{- end }}
+      {{- if .Values.metrics.serviceMonitor.relabelings }}
+      relabelings: {{- toYaml .Values.metrics.serviceMonitor.relabelings | nindent 6 }}
+      {{- end }}
+{{- end -}}
diff --git a/charts/amazon-eks-pod-identity-webhook/values.yaml b/charts/amazon-eks-pod-identity-webhook/values.yaml
@@ -1,16 +1,25 @@
 ---
 # -- String to partially override amazon-eks-pod-identity-webhook.fullname template (will maintain the release name)
-nameOverride: ''
+nameOverride: ""
 
 # -- String to partially override amazon-eks-pod-identity-webhook.fullname template (will maintain the release name)
-namespaceOverride: ''
+namespaceOverride: ""
 
 # -- String to fully override amazon-eks-pod-identity.fullname template
-fullnameOverride: ''
+fullnameOverride: ""
 
 # -- Number of amazon-eks-pod-identity-webhook replicas to deploy
 replicaCount: 1
 
+# -- https://kubernetes.io/docs/tasks/run-application/configure-pdb/
+podDisruptionBudget:
+  enabled: false
+  minAvailable:
+  maxUnavailable:
+
+# -- PriorityClass applied to deployment
+priorityClassName: ""
+
 image:
   pullPolicy: IfNotPresent
   # -- amazon-eks-pod-identity-webhook image registry
@@ -19,7 +28,7 @@ image:
   repository: amazon/amazon-eks-pod-identity-webhook
   # -- amazon-eks-pod-identity-webhook image tag (immutable tags are recommended).
   # @default -- `.Chart.AppVersion`
-  tag: ''
+  tag: ""
 
 # -- registry secret names as an array
 imagePullSecrets: []
@@ -90,19 +99,19 @@ pki:
       # -- Name of the existing cert-manager issuer.
       name: selfsigned
   # -- ca bundle of the manual generated server tls key
-  caBundle: ''
+  caBundle: ""
   # -- manual generated server tls cert. Used if pki.certManager.enabled is false
-  cert: ''
+  cert: ""
   # -- manual generated server tls key. Used if pki.certManager.enabled is false
-  key: ''
+  key: ""
   # -- name of the external secret (type kubernetes.io/tls). Used if pki.certManager.enabled is false
-  existingSecret: ''
+  existingSecret: ""
 
 metrics:
-  podMonitor:
-    # -- Create PodMonitor Resource for scraping metrics using PrometheusOperator
+  serviceMonitor:
+    # -- Create serviceMonitor Resource for scraping metrics using PrometheusOperator
     enabled: false
-    # -- Specify the namespace in which the podMonitor resource will be created
+    # -- Specify the namespace in which the serviceMonitor resource will be created
     namespace: ""
     # -- Used to pass Labels that are required by the installed Prometheus Operator
     additionalLabels: {}
@@ -168,7 +177,7 @@ serviceAccount:
   create: true
   # -- The name of the ServiceAccount to use.
   # @default -- A name is generated using the `amazon-eks-pod-identity-webhook.fullname` template
-  name: ''
+  name: ""
   # -- Annotations for service account. Evaluated as a template.
   annotations: {}