Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support helm charts for network resource injector #14

Merged
merged 1 commit into from
May 11, 2022
Merged

Support helm charts for network resource injector #14

merged 1 commit into from
May 11, 2022

Conversation

VivekThrivikraman-est
Copy link

Currently network resource injector does not support helm charts. This commit implements helm charts for nri.

Fixes: k8snetworkplumbingwg/network-resources-injector#118

e0ne
e0ne requested changes Apr 18, 2022
View reviewed changes
network-resources-injector/templates/auth.yaml Outdated
@@ -0,0 +1,163 @@

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: please remove empty line here

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done.

network-resources-injector/templates/deployment.yaml Outdated
command:
- webhook
args:
- -bind-address=0.0.0.0
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

IMO, it's not secure to bind to all IP addresses. Can we bind to localhost be default?. We need to make it configurable

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done.

network-resources-injector/templates/deployment.yaml Outdated
- name: tls
emptyDir: {}

# For third-party certificate, use secret resource
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We should make it configurable via values or add TODO note here to make it configurable in the future. There is no option to change this template if chart will be used from the repository

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Used condition for taking appropriate config based on type of certificate.

network-resources-injector/templates/service.yaml Outdated
@@ -0,0 +1,26 @@

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: please remove empty line here

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done.

network-resources-injector/templates/deployment.yaml Outdated
- webhook
args:
- -bind-address=0.0.0.0
- -port=8443
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

should we use port number from the values?

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done.

network-resources-injector/values.yaml
port: 443
targetPort: 8443

webhookconf:
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: webhookconf => webhook?

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There is webhook as key in child hierarchy also, so this was to distinguish the webhook config(kind) to the actual webhook(one in webhooks in the webhookconfig). I can change it if you feel this is better.

network-resources-injector/templates/pdb.yaml
apiVersion: policy/v1
kind: PodDisruptionBudget
metadata:
name: {{ .Values.pdb.name }}
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we really need this configurable?

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The other names are using templates(even in other non nri templates), should we only omit for this? I feel its ok to hardcode, but I was following the other templates already available. Or should we have it as " {{.Chart.Name}}+ "-pdb" " ?

e0ne
e0ne approved these changes May 5, 2022
View reviewed changes
Copy link
Collaborator

@e0ne e0ne left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank for addressing my comments!

@rthakur-est
Copy link

@e0ne can this review be merged?

@e0ne e0ne merged commit 7d79cc6 into k8snetworkplumbingwg:master May 11, 2022
@e0ne
Copy link
Collaborator

e0ne commented May 11, 2022

@rthakur-est merged

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@e0ne e0ne e0ne approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Add Helm Chart
3 participants
@VivekThrivikraman-est @rthakur-est @e0ne