From aa72ce02277b3eda6ee670c0daea45bc073d9475 Mon Sep 17 00:00:00 2001 From: Florent Delannoy Date: Thu, 24 Oct 2019 15:23:11 +0100 Subject: [PATCH] [incubator/kube-downscaler] Add support for SecurityContext (#18276) * [incubator/kube-downscaler] Fix README Add missing values, fix misleading defaults, and add capitalisation :) Signed-off-by: Florent Delannoy * [incubator/kube-downscaler] Add support for SecurityContext Also bump the chart's minor version as it's a new feature. Signed-off-by: Florent Delannoy --- incubator/kube-downscaler/Chart.yaml | 2 +- incubator/kube-downscaler/README.md | 32 +++++++++++-------- .../kube-downscaler/templates/deployment.yaml | 4 +++ incubator/kube-downscaler/values.yaml | 3 ++ 4 files changed, 26 insertions(+), 15 deletions(-) diff --git a/incubator/kube-downscaler/Chart.yaml b/incubator/kube-downscaler/Chart.yaml index da3fad6d3021..0325f58fdf22 100644 --- a/incubator/kube-downscaler/Chart.yaml +++ b/incubator/kube-downscaler/Chart.yaml @@ -1,6 +1,6 @@ name: kube-downscaler apiVersion: v1 -version: 0.2.1 +version: 0.3.0 appVersion: 19.10.1 description: A Helm chart for kube-downscaler home: https://github.com/hjacobs/kube-downscaler diff --git a/incubator/kube-downscaler/README.md b/incubator/kube-downscaler/README.md index ca3f2e79782a..5b347ca1c7d0 100644 --- a/incubator/kube-downscaler/README.md +++ b/incubator/kube-downscaler/README.md @@ -44,21 +44,25 @@ The following tables lists the configurable parameters of the kube-downscaler ch | Parameter | Description | Default | | ------------------------- | ---------------------------------------------------------------------------------------------------- | ------------------------- | -| `debug.enable` | Do you want to start the downscaler in debug mode | False | -| `namespace.active_in` | Which namespace does the downscaler scans for deployment/statefulsets to downscale (`''` equals all) | '' | -| `interval` | interval for the scans | false | -| `image.repository` | downscaler container image repository | `hjacobs/kube-downscaler` | -| `image.tag` | downscaler container image tag | `0.6` | -| `image.pullPolicy` | downscaler container image pull policy | `IfNotPresent` | -| `nodeSelector` | node labels for downscaler pod assignment | `{}` | -| `tolerations` | downscaler pod toleration for taints | `{}` | -| `podAnnotations` | annotations to be added to downscaler pod | `{}` | -| `podLabels` | labels to be added to downscaler pod | `{}` | -| `resources` | downscaler pod resource requests & limits | `{}` | -| `rbac.create` | If true, create & use RBAC resources | `false` | +| `replicaCount` | Number of replicas to run | `1` | +| `name` | How to name resources created by this chart | `kube-downscaler` | +| `debug.enable` | Do you want to start the downscaler in debug mode | `false` | +| `namespace.active_in` | Which namespace does the downscaler scans for deployment/statefulsets to downscale (`''` equals all) | `''` | +| `interval` | Interval between scans, in seconds | `60` | +| `image.repository` | Downscaler container image repository | `hjacobs/kube-downscaler` | +| `image.tag` | Downscaler container image tag | `19.10.1` | +| `image.pullPolicy` | Downscaler container image pull policy | `IfNotPresent` | +| `nodeSelector` | Node labels for downscaler pod assignment | `{}` | +| `tolerations` | Downscaler pod toleration for taints | `[]` | +| `affinity` | Downscaler pod affinity | `{}` | +| `podAnnotations` | Annotations to be added to downscaler pod | `{}` | +| `podLabels` | Labels to be added to downscaler pod | `{}` | +| `resources` | Downscaler pod resource requests & limits | `{}` | +| `securityContext` | SecurityContext to apply to the downscaler pod | `{}` | +| `rbac.create` | If true, create & use RBAC resources | `true` | | `rbac.serviceAccountName` | ServiceAccount downscaler will use (ignored if rbac.create=true) | `default` | -| `extraArgs` | Add extra args to docker command | `[]` | +| `extraArgs` | Add extra args to docker command | `[]` | > **Tip**: You can use the default [values.yaml](values.yaml) -> **Tip**: If you use `kube-downscaler` as releaseName, the generated pod name will be shorter.(e.g. `kube-downscaler-66cc9fb67c-7mg4w` instead of `my-release-kube-downscaler-66cc9fb67c-7mg4w`) \ No newline at end of file +> **Tip**: If you use `kube-downscaler` as releaseName, the generated pod name will be shorter.(e.g. `kube-downscaler-66cc9fb67c-7mg4w` instead of `my-release-kube-downscaler-66cc9fb67c-7mg4w`) diff --git a/incubator/kube-downscaler/templates/deployment.yaml b/incubator/kube-downscaler/templates/deployment.yaml index 608fd9109667..047c9bca5540 100644 --- a/incubator/kube-downscaler/templates/deployment.yaml +++ b/incubator/kube-downscaler/templates/deployment.yaml @@ -45,6 +45,10 @@ spec: {{- end }} resources: {{ toYaml .Values.resources | indent 12 }} + {{- with .Values.securityContext }} + securityContext: +{{ toYaml . | indent 8 }} + {{- end }} {{- with .Values.nodeSelector }} nodeSelector: {{ toYaml . | indent 8 }} diff --git a/incubator/kube-downscaler/values.yaml b/incubator/kube-downscaler/values.yaml index d33b955ce85d..f4a0eca6651f 100644 --- a/incubator/kube-downscaler/values.yaml +++ b/incubator/kube-downscaler/values.yaml @@ -36,6 +36,9 @@ resources: # cpu: 50m # memory: 200Mi +securityContext: {} +# runAsUser: 1000 + extraArgs: [] # - --include-resources deployments