Merge pull request #34 from eminaktas/helm-chart-imp

feat: helm chart improvements

Author: eminaktas

README.md

@@ -61,8 +61,8 @@ spec:
     nameservers:
       - 10.96.0.10
     searches:
-      - "svc.{{ .clusterDomain }}"
-      - "{{ .podNamespace }}.svc.{{ .clusterDomain }}"
+      - "svc.cluster.local"
+      - "{{ .podNamespace }}.svc.cluster.local"
     options:
       - name: ndots
         value: "2"

chart/kubedns-shepherd/templates/api-check-job.yaml

@@ -0,0 +1,53 @@
+{{- if .Values.dnsclass.enabled }}
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: {{ include "chart.fullname" . }}-api-check
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    helm.sh/hook: post-install,post-upgrade
+    helm.sh/hook-weight: "3"
+    helm.sh/hook-delete-policy: hook-succeeded
+  labels:
+    app.kubernetes.io/component: api-check
+    app.kubernetes.io/part-of: kubedns-shepherd
+  {{- include "chart.labels" . | nindent 4 }}
+spec:
+  template:
+    spec:
+      containers:
+        - name: api-check
+          image: quay.io/curl/curl:latest
+          command:
+            - /bin/sh
+            - -c
+            - |
+              # Max retries and sleep interval
+              MAX_RETRIES={{ .Values.readyCheck.maxRetries }}
+              SLEEP_INTERVAL={{ .Values.readyCheck.sleepInterval }}
+
+              # Check API readiness with a limit on retries
+              retries=0
+              until [ "$retries" -ge "$MAX_RETRIES" ] || curl -sf http://{{ include "chart.fullname" . }}-probe-service.{{ .Release.Namespace }}:8081/readyz; do
+                echo "Waiting for API to be ready... Attempt $((retries+1))/$MAX_RETRIES"
+                retries=$((retries+1))
+                sleep $SLEEP_INTERVAL
+              done
+
+              # If API is not ready after max retries, exit with failure
+              if [ "$retries" -ge "$MAX_RETRIES" ]; then
+                echo "API did not become ready within the time limit, exiting."
+                exit 1
+              fi
+
+              echo "API is ready to respond!"
+          resources:
+            limits:
+              cpu: "100m"
+              memory: "128Mi"
+            requests:
+              cpu: "50m"
+              memory: "64Mi"
+      restartPolicy: Never
+  backoffLimit: 4
+{{- end }}

chart/kubedns-shepherd/templates/dnsclass-crd.yaml chart/kubedns-shepherd/templates/crds/crd-dnsclass.yaml

@@ -1,26 +1,26 @@
-{{- if .Values.crds.enabled }}
+# START crd {{- if .Values.crds.enabled }}
 apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   name: dnsclasses.config.kubedns-shepherd.io
   annotations:
-    helm.sh/hook: post-install,post-upgrade
-    helm.sh/hook-weight: "3"
     cert-manager.io/inject-ca-from: '{{ .Release.Namespace }}/{{ include "chart.fullname" . }}-serving-cert'
     controller-gen.kubebuilder.io/version: v0.16.3
-    {{- if .Values.crds.keep }}
+    # START keep {{- if .Values.crds.keep }}
     helm.sh/resource-policy: keep
-    {{- end }}
+    # END keep {{- end }}
   labels:
-  {{- include "chart.labels" . | nindent 4 }}
+    app.kubernetes.io/component: crd
+    app.kubernetes.io/part-of: kubedns-shepherd
+  # Generated labels {{- include "chart.labels" . | nindent 4 }}
 spec:
   conversion:
     strategy: Webhook
     webhook:
       clientConfig:
         service:
-          name: {{ include "chart.fullname" . }}-webhook-service
-          namespace: {{ .Release.Namespace }}
+          name: '{{ include "chart.fullname" . }}-webhook-service'
+          namespace: '{{ .Release.Namespace }}'
           path: /convert
       conversionReviewVersions:
       - v1
@@ -211,4 +211,4 @@ spec:
     storage: true
     subresources:
       status: {}
-{{- end }}
+# END crd {{- end }}

chart/kubedns-shepherd/templates/deployment.yaml

@@ -3,9 +3,6 @@ kind: Deployment
 metadata:
   name: {{ include "chart.fullname" . }}
   namespace: {{ .Release.Namespace }}
-  annotations:
-    helm.sh/hook: post-install,post-upgrade
-    helm.sh/hook-weight: "4"
   labels:
     app.kubernetes.io/component: controller
     app.kubernetes.io/part-of: kubedns-shepherd
@@ -42,12 +39,6 @@ spec:
         {{- end }}
         image: {{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}
         imagePullPolicy: {{ .Values.imagePullPolicy }}
-        livenessProbe:
-          httpGet:
-            path: /healthz
-            port: 8081
-          initialDelaySeconds: 15
-          periodSeconds: 20
         name: controller
         ports:
         - containerPort: 9443
@@ -56,10 +47,19 @@ spec:
         - containerPort: 8080
           name: metrics
           protocol: TCP
+        - containerPort: 8081
+          name: probe
+          protocol: TCP
+        livenessProbe:
+          httpGet:
+            path: /healthz
+            port: probe
+          initialDelaySeconds: 15
+          periodSeconds: 20
         readinessProbe:
           httpGet:
             path: /readyz
-            port: 8081
+            port: probe
           initialDelaySeconds: 5
           periodSeconds: 10
         resources: {{- toYaml .Values.resources | nindent 10 }}

chart/kubedns-shepherd/templates/dnsclass-configuration.yaml

@@ -1,10 +1,11 @@
+{{- if .Values.dnsclass.enabled }}
 apiVersion: config.kubedns-shepherd.io/v1alpha1
 kind: DNSClass
 metadata:
   name: {{ include "chart.fullname" . }}-dnsclass-config
   annotations:
     helm.sh/hook: post-install,post-upgrade
-    helm.sh/hook-weight: "6"
+    helm.sh/hook-weight: "4"
   labels:
   {{- include "chart.labels" . | nindent 4 }}
 spec:
@@ -21,4 +22,5 @@ spec:
     searches:
       {{- toYaml .Values.dnsclass.dnsConfig.searches | nindent 6 }}
     options:
-      {{- toYaml .Values.dnsclass.dnsConfig.options | nindent 6 }}
+      {{- toYaml .Values.dnsclass.dnsConfig.options | nindent 6 }}
+{{- end }}

chart/kubedns-shepherd/templates/metric-service.yaml chart/kubedns-shepherd/templates/metrics-service.yaml

@@ -1,7 +1,7 @@
 apiVersion: v1
 kind: Service
 metadata:
-  name: {{ include "chart.fullname" . }}-metric-service
+  name: {{ include "chart.fullname" . }}-metrics-service
   namespace: {{ .Release.Namespace }}
   labels:
     app.kubernetes.io/component: metrics

chart/kubedns-shepherd/templates/mutating-webhook-configuration.yaml

@@ -3,18 +3,16 @@ kind: MutatingWebhookConfiguration
 metadata:
   name: {{ include "chart.fullname" . }}-mutating-webhook-configuration
   annotations:
-    helm.sh/hook: post-install,post-upgrade
-    helm.sh/hook-weight: "5"
-    cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/{{ include "chart.fullname" . }}-serving-cert
+    cert-manager.io/inject-ca-from: '{{ .Release.Namespace }}/{{ include "chart.fullname" . }}-serving-cert'
   labels:
   {{- include "chart.labels" . | nindent 4 }}
 webhooks:
 - admissionReviewVersions:
   - v1
   clientConfig:
     service:
-      name: {{ include "chart.fullname" . }}-webhook-service
-      namespace: {{ .Release.Namespace }}
+      name: '{{ include "chart.fullname" . }}-webhook-service'
+      namespace: '{{ .Release.Namespace }}'
       path: /mutate-config-kubedns-shepherd-io-v1alpha1-dnsclass
   failurePolicy: Fail
   name: mdnsclass.kubedns-shepherd.io
@@ -33,8 +31,8 @@ webhooks:
   - v1
   clientConfig:
     service:
-      name: {{ include "chart.fullname" . }}-webhook-service
-      namespace: {{ .Release.Namespace }}
+      name: '{{ include "chart.fullname" . }}-webhook-service'
+      namespace: '{{ .Release.Namespace }}'
       path: /mutate-v1-pod
   failurePolicy: Ignore
   name: mpod.kubedns-shepherd.io

chart/kubedns-shepherd/templates/probe-service.yaml

@@ -0,0 +1,21 @@
+{{- if .Values.dnsclass.enabled }}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "chart.fullname" . }}-probe-service
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/component: probe
+    app.kubernetes.io/part-of: kubedns-shepherd
+  {{- include "chart.labels" . | nindent 4 }}
+spec:
+  type: ClusterIP
+  selector:
+    control-plane: controller-manager
+  {{- include "chart.selectorLabels" . | nindent 4 }}
+  ports:
+  - name: probe
+    port: 8081
+    protocol: TCP
+    targetPort: probe
+{{- end }}

chart/kubedns-shepherd/templates/selfsigned-issuer.yaml

@@ -6,11 +6,10 @@ metadata:
   annotations:
   {{- if .Values.certmanager.enabled }}
     helm.sh/hook: post-install,post-upgrade
-    helm.sh/hook-weight: "1"
   {{- else }}
     helm.sh/hook: pre-install,pre-upgrade
-    helm.sh/hook-weight: "1"
   {{- end }}
+    helm.sh/hook-weight: "1"
   labels:
   {{- include "chart.labels" . | nindent 4 }}
 spec:

chart/kubedns-shepherd/templates/serving-cert.yaml

@@ -6,11 +6,10 @@ metadata:
   annotations:
   {{- if .Values.certmanager.enabled }}
     helm.sh/hook: post-install,post-upgrade
-    helm.sh/hook-weight: "2"
   {{- else }}
     helm.sh/hook: pre-install,pre-upgrade
-    helm.sh/hook-weight: "2"
   {{- end }}
+    helm.sh/hook-weight: "2"
   labels:
   {{- include "chart.labels" . | nindent 4 }}
 spec:

chart/kubedns-shepherd/templates/validating-webhook-configuration.yaml

@@ -3,18 +3,16 @@ kind: ValidatingWebhookConfiguration
 metadata:
   name: {{ include "chart.fullname" . }}-validating-webhook-configuration
   annotations:
-    helm.sh/hook: post-install,post-upgrade
-    helm.sh/hook-weight: "5"
-    cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/{{ include "chart.fullname" . }}-serving-cert
+    cert-manager.io/inject-ca-from: '{{ .Release.Namespace }}/{{ include "chart.fullname" . }}-serving-cert'
   labels:
   {{- include "chart.labels" . | nindent 4 }}
 webhooks:
 - admissionReviewVersions:
   - v1
   clientConfig:
     service:
-      name: {{ include "chart.fullname" . }}-webhook-service
-      namespace: {{ .Release.Namespace }}
+      name: '{{ include "chart.fullname" . }}-webhook-service'
+      namespace: '{{ .Release.Namespace }}'
       path: /validate-config-kubedns-shepherd-io-v1alpha1-dnsclass
   failurePolicy: Fail
   name: vdnsclass.kubedns-shepherd.io

chart/kubedns-shepherd/values.yaml

@@ -55,22 +55,30 @@ certmanager:
     keep: true
 
 dnsclass:
+  enabled: false
   disabledNamespaces:
     - kube-system
-  allowedNamespaces:
-    - default
+  allowedNamespaces: []
   allowedDNSPolicies:
     - None
     - ClusterFirst
     - ClusterFirstWithHostNet
   dnsPolicy: None
+  # dnsConfig supports templating for dynamic configuration.
+  # For more details on how to use templating with dnsConfig,
+  # please refer to the documentation:
+  # https://github.com/eminaktas/kubedns-shepherd?tab=readme-ov-file#dynamic-configuration-in-dnsclass
   dnsConfig:
     nameservers:
       - 10.96.0.10
     searches:
-      - "svc.{{ .clusterDomain }}"
-      - "{{ .podNamespace }}.svc.{{ .clusterDomain }}"
+      - "svc.cluster.local"
+      - "{{ .podNamespace }}.svc.cluster.local"
     options:
       - name: ndots
         value: "2"
-      - name: edns0
+      - name: edns0
+
+readyCheck:
+  maxRetries: 12
+  sleepInterval: 10