chore(helm): releasing new helm chart (#605)

charts/capsule/Chart.yaml

@@ -21,7 +21,7 @@ sources:
 
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
-version: 0.1.9
+version: 0.1.10
 
 # This is the version number of the application being deployed.
 # This version number should be incremented each time you make changes to the application.

charts/capsule/README.md

@@ -85,11 +85,12 @@ Here the values you can override:
 
 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
-| manager.hostNetwork | bool | `false` | Specifies if the container should be started in hostNetwork mode. Required for use in some managed kubernetes clusters (such as AWS EKS) with custom CNI (such as calico), because control-plane managed by AWS cannot communicate with pods' IP CIDR and admission webhooks are not working |
+| manager.hostNetwork | bool | `false` | Specifies if the container should be started in hostNetwork mode.  Required for use in some managed kubernetes clusters (such as AWS EKS) with custom CNI (such as calico), because control-plane managed by AWS cannot communicate with pods' IP CIDR and admission webhooks are not working |
 | manager.image.pullPolicy | string | `"IfNotPresent"` | Set the image pull policy. |
 | manager.image.repository | string | `"clastix/capsule"` | Set the image repository of the capsule. |
 | manager.image.tag | string | `""` | Overrides the image tag whose default is the chart appVersion. |
 | manager.imagePullSecrets | list | `[]` | Configuration for `imagePullSecrets` so that you can use a private images registry.   |
+| manager.kind | string | `"Deployment"` | Set the controller deployment mode as `Deployment` or `DaemonSet`.  |
 | manager.livenessProbe | object | `{"httpGet":{"path":"/healthz","port":10080}}` | Configure the liveness probe using Deployment probe spec    |
 | manager.options.capsuleUserGroups | list | `["capsule.clastix.io"]` | Override the Capsule user groups   |
 | manager.options.forceTenantPrefix | bool | `false` | Boolean, enforces the Tenant owner, during Namespace creation, to name it using the selected Tenant name as prefix, separated by a dash |

charts/capsule/templates/_helpers.tpl

@@ -113,9 +113,9 @@ Create the jobs fully-qualified Docker image to use
 {{- end }}
 
 {{/*
-Create the Capsule Deployment name to use
+Create the Capsule controller name to use
 */}}
-{{- define "capsule.deploymentName" -}}
+{{- define "capsule.controllerName" -}}
 {{- printf "%s-controller-manager" (include "capsule.fullname" .) -}}
 {{- end }}
 

charts/capsule/templates/daemonset.yaml

@@ -0,0 +1,88 @@
+{{- if eq .Values.manager.kind "DaemonSet" }}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ include "capsule.controllerName" . }}
+  labels:
+    {{- include "capsule.labels" . | nindent 4 }}
+  {{- with .Values.customAnnotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+spec:
+  updateStrategy:
+    type: RollingUpdate
+  selector:
+    matchLabels:
+      {{- include "capsule.selectorLabels" . | nindent 6 }}
+  template:
+    metadata:
+      {{- with .Values.podAnnotations }}
+      annotations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      labels:
+        {{- include "capsule.labels" . | nindent 8 }}
+    spec:
+      {{- with .Values.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      serviceAccountName: {{ include "capsule.serviceAccountName" . }}
+      {{- if .Values.manager.hostNetwork }}
+      hostNetwork: true
+      dnsPolicy: ClusterFirstWithHostNet
+      {{- end }}
+      priorityClassName: {{ .Values.priorityClassName }}
+      {{- with .Values.nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.tolerations }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.affinity }}
+      affinity:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      volumes:
+        - name: cert
+          secret:
+            defaultMode: 420
+            secretName: {{ include "capsule.secretTlsName" . }}
+      containers:
+        - name: manager
+          command:
+          - /manager
+          args:
+          - --enable-leader-election
+          - --zap-log-level={{ default 4 .Values.manager.options.logLevel }}
+          - --configuration-name=default
+          image: {{ include "capsule.managerFullyQualifiedDockerImage" . }}
+          imagePullPolicy: {{ .Values.manager.image.pullPolicy }}
+          env:
+          - name: NAMESPACE
+            valueFrom:
+              fieldRef:
+                fieldPath: metadata.namespace
+          ports:
+            - name: webhook-server
+              containerPort: 9443
+              protocol: TCP
+            - name: metrics
+              containerPort: 8080
+              protocol: TCP
+          livenessProbe:
+            {{- toYaml .Values.manager.livenessProbe | nindent 12}}
+          readinessProbe:
+            {{- toYaml .Values.manager.readinessProbe | nindent 12}}
+          volumeMounts:
+          - mountPath: /tmp/k8s-webhook-server/serving-certs
+            name: cert
+            readOnly: true
+          resources:
+            {{- toYaml .Values.manager.resources | nindent 12 }}
+          securityContext:
+            allowPrivilegeEscalation: false
+{{- end }}

charts/capsule/templates/deployment.yaml

@@ -1,7 +1,8 @@
+{{- if eq .Values.manager.kind "Deployment" }}
 apiVersion: apps/v1
 kind: Deployment
 metadata:
-  name: {{ include "capsule.deploymentName" . }}
+  name: {{ include "capsule.controllerName" . }}
   labels:
     {{- include "capsule.labels" . | nindent 4 }}
   {{- with .Values.customAnnotations }}
@@ -29,6 +30,7 @@ spec:
       serviceAccountName: {{ include "capsule.serviceAccountName" . }}
       {{- if .Values.manager.hostNetwork }}
       hostNetwork: true
+      dnsPolicy: ClusterFirstWithHostNet
       {{- end }}
       priorityClassName: {{ .Values.priorityClassName }}
       {{- with .Values.nodeSelector }}
@@ -82,3 +84,4 @@ spec:
             {{- toYaml .Values.manager.resources | nindent 12 }}
           securityContext:
             allowPrivilegeEscalation: false
+{{- end }}

charts/capsule/templates/pre-delete-job.yaml

@@ -1,4 +1,4 @@
-{{- $cmd := printf "kubectl scale deployment -n $NAMESPACE %s --replicas 0 &&" (include "capsule.deploymentName" .) -}}
+{{- $cmd := ""}}
 {{- if not .Values.certManager.generateCertificates }}
 {{- $cmd = printf "%s kubectl delete secret -n $NAMESPACE %s --ignore-not-found &&" $cmd (include "capsule.secretTlsName" .) -}}
 {{- end }}

charts/capsule/values.yaml

@@ -5,6 +5,9 @@
 # Manager Options
 manager:
 
+  # -- Set the controller deployment mode as `Deployment` or `DaemonSet`. 
+  kind: Deployment
+
   image:
     # -- Set the image repository of the capsule.
     repository: clastix/capsule
@@ -193,4 +196,4 @@ serviceMonitor:
     # -- Set metricRelabelings for the endpoint of the serviceMonitor
     metricRelabelings: []
     # -- Set relabelings for the endpoint of the serviceMonitor
-    relabelings: []
+    relabelings: []

config/grafana/dashboard.yaml

@@ -0,0 +1,7 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  labels:
+    # label selector used by Grafana to load the dashboards from Config Maps
+    grafana_dashboard: "1"
+  name: capsule-grafana-dashboard

config/grafana/kustomization.yaml

@@ -0,0 +1,8 @@
+configMapGenerator:
+- name: capsule-grafana-dashboard
+  files:
+  - dashboard.json
+generatorOptions:
+  disableNameSuffixHash: true
+patchesStrategicMerge:
+- dashboard.yaml

config/install.yaml

@@ -1411,7 +1411,7 @@ spec:
           valueFrom:
             fieldRef:
               fieldPath: metadata.namespace
-        image: clastix/capsule:v0.1.2-rc0
+        image: clastix/capsule:v0.1.2-rc1
         imagePullPolicy: IfNotPresent
         name: manager
         ports:

config/manager/kustomization.yaml

@@ -7,4 +7,4 @@ kind: Kustomization
 images:
 - name: controller
   newName: clastix/capsule
-  newTag: v0.1.2-rc0
+  newTag: v0.1.2-rc1

docs/content/guides/monitoring.md

@@ -47,9 +47,15 @@ Verify that the service monitor is working correctly through the Prometheus "tar
 ![Prometheus Targets](./assets/prometheus_targets.png)
 
 ### Deploy dashboard
+A dashboard for Grafana is provided as [dashboard.json](https://github.com/clastix/capsule/blob/master/config/grafana/dashboard.json).
 
-Simply upload [dashboard.json](https://github.com/clastix/capsule/blob/master/config/grafana/dashboard.json) file to Grafana through _Create_ -> _Import_,
-making sure to select the correct Prometheus data source:
+Render with `kustomize` the dashboard as a ConfigMap and apply in the namespace where Grafana is installed, making sure to select the correct Prometheus datasource:
+
+```
+kubectl -n <grafana-namespace> apply -k config/grafana
+```
+
+Alternatively, manual upload the dashboard in JSON format to Grafana through _Create -> Import_:
 
 ![Grafana Import](./assets/upload_json.png)