Skip to content

Commit

Permalink
feat: ds mode support
Browse files Browse the repository at this point in the history
  • Loading branch information
@ryanfaircloth
ryanfaircloth committed Jun 7, 2024
1 parent 8792580 commit 72dd720
Show file tree
Hide file tree
Showing 4 changed files with 137 additions and 2 deletions.
129 changes: 129 additions & 0 deletions charts/s3proxy/templates/daemonset.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,129 @@
{{ if eq .Values.DeploymentMode "DaemonSet" }}
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: {{ include "s3proxy.fullname" . }}
labels:
{{- include "s3proxy.labels" . | nindent 4 }}
annotations:
checkov.io/skip1: CKV_K8S_35=Inorder to use a generated secret in two ways we can't do this
spec:
selector:
matchLabels:
{{- include "s3proxy.selectorLabels" . | nindent 6 }}
template:
metadata:
{{- with .Values.podAnnotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
labels:
{{- include "s3proxy.selectorLabels" . | nindent 8 }}
{{- with .Values.podLabels -}}
{{ toYaml . | nindent 8 }}
{{- end }}
spec:
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
serviceAccountName: {{ include "s3proxy.serviceAccountName" . }}
automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken | default false }}

securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }}
containers:
- name: {{ .Chart.Name }}
securityContext:
{{- toYaml .Values.securityContext | nindent 12 }}
#checkov:skip=CKV_K8S_43: Not for Public Charts
image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
command:
{{- .Values.command | toYaml | nindent 12 }}
args:
{{- .Values.args | toYaml | nindent 12 }}
env:
- name: S3PROXY_IDENTITY
valueFrom:
secretKeyRef:
{{- if empty .Values.existingSecretName }}
name: "{{ include "s3proxy.fullname" . }}-awsclient"
{{- else }}
name: {{ .Values.existingSecretName }}
{{- end }}
key: AWS_ACCESS_KEY_ID
optional: false
- name: S3PROXY_CREDENTIAL
valueFrom:
secretKeyRef:
{{- if empty .Values.existingSecretName }}
name: "{{ include "s3proxy.fullname" . }}-awsclient"
{{- else }}
name: {{ .Values.existingSecretName }}
{{- end }}
key: AWS_SECRET_ACCESS_KEY
optional: false
{{- with .Values.config.env }}
{{- toYaml . | nindent 10 }}
{{- end }}
ports:
- name: http
containerPort: {{ .Values.service.port }}
protocol: TCP
# livenessProbe:
# httpGet:
# path: /
# port: http
# readinessProbe:
# httpGet:
# path: /
# port: http
resources:
{{- toYaml .Values.resources | nindent 12 }}
volumeMounts:
{{- if eq .Values.config.jclouds.provider "filesystem" }}
- mountPath: {{ .Values.config.jclouds.filesystem.baseDir }}
name: tmp-volume
{{- end }}
- name: secret-volume
readOnly: true
mountPath: "/etc/s3proxy"
volumes:
{{- if eq .Values.config.jclouds.provider "filesystem" }}
- name: tmp-volume
emptyDir:
sizeLimit: {{ .Values.config.jclouds.filesystem.tmpSize }}
{{- end }}
- name: secret-volume
{{- if .Values.csiSecret.enabled }}
csi:
driver: {{ .Values.csiSecret.driver | default "secrets-store.csi.k8s.io" }}
readOnly: {{ .Values.csiSecret.readOnly | default true }}
volumeAttributes:
secretProviderClass: {{ .Values.csiSecret.class }}
{{ else }}
secret:
{{- if .Values.existingPropertiesSecret }}
secretName: {{ .Values.existingPropertiesSecret }}
{{ else }}
secretName: {{ include "s3proxy.fullname" . }}
{{- end }}
{{- end }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.topologySpreadConstraints }}
topologySpreadConstraints:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- end }}
5 changes: 4 additions & 1 deletion charts/s3proxy/templates/deployment.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
{{ if eq .Values.DeploymentMode "Deployment" }}
apiVersion: apps/v1
kind: Deployment
metadata:
Expand Down Expand Up @@ -30,7 +31,8 @@ spec:
{{- toYaml . | nindent 8 }}
{{- end }}
serviceAccountName: {{ include "s3proxy.serviceAccountName" . }}
automountServiceAccountToken: false
automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken | default false }}

securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }}
containers:
Expand Down Expand Up @@ -127,3 +129,4 @@ spec:
topologySpreadConstraints:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- end }}
2 changes: 2 additions & 0 deletions charts/s3proxy/templates/hpa.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
{{- if eq .Values.DeploymentMode "Deployment" }}
{{- if .Values.autoscaling.enabled }}
apiVersion: autoscaling/v2
kind: HorizontalPodAutoscaler
Expand Down Expand Up @@ -30,3 +31,4 @@ spec:
averageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }}
{{- end }}
{{- end }}
{{- end }}
3 changes: 2 additions & 1 deletion charts/s3proxy/values.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
# Default values for s3proxy.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.

DeploymentMode: Deployment
replicaCount: 1
labels: {}
podLabels: {}
Expand Down Expand Up @@ -50,6 +50,7 @@ serviceAccount:
# The name of the service account to use.
# If not set and create is true, a name is generated using the fullname template
name: ""
automountServiceAccountToken: false

podAnnotations: {}

Expand Down

0 comments on commit 72dd720

Please sign in to comment.