Skip to content

Commit

Permalink
Regenerate the template
Browse files Browse the repository at this point in the history
  • Loading branch information
@houshengbo
houshengbo committed Aug 22, 2024
1 parent ff0fef1 commit 97a8a33
Show file tree
Hide file tree
Showing 2 changed files with 123 additions and 24 deletions.
127 changes: 123 additions & 4 deletions config/charts/knative-operator/templates/operator.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -48,6 +48,10 @@ metadata:
app.kubernetes.io/component: operator-webhook
app.kubernetes.io/version: "{{ .Chart.Version }}"
app.kubernetes.io/name: knative-operator
{{- if and .Values.knative_operator.operator_webhook.annotations }}
annotations:
{{ toYaml .Values.knative_operator.operator_webhook.annotations }}
{{- end }}
spec:
selector:
matchLabels:
Expand All @@ -63,6 +67,10 @@ spec:
app.kubernetes.io/component: operator-webhook
app.kubernetes.io/version: "{{ .Chart.Version }}"
app.kubernetes.io/name: knative-operator
{{- if and .Values.knative_operator.operator_webhook.annotations }}
annotations:
{{ toYaml .Values.knative_operator.operator_webhook.annotations }}
{{- end }}
spec:
# To avoid node becoming SPOF, spread our replicas to different nodes.
affinity:
Expand All @@ -81,15 +89,23 @@ spec:
# This is the Go import path for the binary that is containerized
# and substituted here.
image: "{{ .Values.knative_operator.operator_webhook.image }}:{{ .Values.knative_operator.operator_webhook.tag }}"

{{- if and .Values.knative_operator.operator_webhook.resources }}
resources:
requests:
cpu: {{ .Values.knative_operator.operator_webhook.resources.requests.cpu }}
memory: {{ .Values.knative_operator.operator_webhook.resources.requests.memory }}
limits:
cpu: {{ .Values.knative_operator.operator_webhook.resources.limits.cpu }}
memory: {{ .Values.knative_operator.operator_webhook.resources.limits.memory }}
{{- else }}
resources:
requests:
cpu: 100m
memory: 100Mi
limits:
cpu: 500m
memory: 500Mi

{{- end }}
env:
- name: POD_NAME
valueFrom:
Expand All @@ -114,14 +130,23 @@ spec:
value: knative.dev/operator
- name: KUBERNETES_MIN_VERSION
value: "{{ .Values.knative_operator.kubernetes_min_version }}"
{{- if and .Values.knative_operator.operator_webhook.securityContext }}
securityContext:
allowPrivilegeEscalation: {{ .Values.knative_operator.operator_webhook.securityContext.allowPrivilegeEscalation }}
readOnlyRootFilesystem: {{ .Values.knative_operator.operator_webhook.securityContext.readOnlyRootFilesystem }}
runAsNonRoot: {{ .Values.knative_operator.operator_webhook.securityContext.runAsNonRoot }}
capabilities:
drop:
- ALL
{{- else }}
securityContext:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
runAsNonRoot: true
capabilities:
drop:
- all

- ALL
{{- end }}
ports:
- name: metrics
containerPort: 9090
Expand Down Expand Up @@ -2397,6 +2422,12 @@ spec:
- type: string
description: An eviction is allowed if at least "minAvailable" pods selected by "selector" will still be available after the eviction, i.e. even in the absence of the evicted pod. So for example you can prevent all voluntary evictions by specifying "100%".
x-kubernetes-int-or-string: true
maxUnavailable:
anyOf:
- type: integer
- type: string
description: An eviction is allowed if at most "maxUnavailable" pods selected by "selector" are unavailable after the eviction, i.e. even in absence of the evicted pod. For example, one can prevent all voluntary evictions by specifying 0. This is a mutually exclusive setting with "minAvailable".
x-kubernetes-int-or-string: true
source:
description: The source configuration for Knative Eventing
properties:
Expand Down Expand Up @@ -4775,6 +4806,12 @@ spec:
- type: string
description: An eviction is allowed if at least "minAvailable" pods selected by "selector" will still be available after the eviction, i.e. even in the absence of the evicted pod. So for example you can prevent all voluntary evictions by specifying "100%".
x-kubernetes-int-or-string: true
maxUnavailable:
anyOf:
- type: integer
- type: string
description: An eviction is allowed if at most "maxUnavailable" pods selected by "selector" are unavailable after the eviction, i.e. even in absence of the evicted pod. For example, one can prevent all voluntary evictions by specifying 0. This is a mutually exclusive setting with "minAvailable".
x-kubernetes-int-or-string: true
ingress:
description: The ingress configuration for Knative Serving
properties:
Expand Down Expand Up @@ -4824,6 +4861,17 @@ spec:
format: string
type: string
type: object
tls:
properties:
mode:
description: TLS mode can be SIMPLE, MUTUAL, ISTIO_MUTUAL.
format: string
type: string
credentialName:
description: TLS certificate name.
format: string
type: string
type: object
type: object
type: array
type: object
Expand Down Expand Up @@ -4862,6 +4910,17 @@ spec:
format: string
type: string
type: object
tls:
properties:
mode:
description: TLS mode can be SIMPLE, MUTUAL, ISTIO_MUTUAL.
format: string
type: string
credentialName:
description: TLS certificate name.
format: string
type: string
type: object
type: object
type: array
type: object
Expand All @@ -4873,8 +4932,14 @@ spec:
type: boolean
service-type:
type: string
service-load-balancer-ip:
type: string
bootstrap-configmap:
type: string
http-port:
type: integer
https-port:
type: integer
type: object
type: object
security:
Expand Down Expand Up @@ -5580,6 +5645,8 @@ rules:
- watch
- update
- patch
- create
- delete
- apiGroups:
- rbac.authorization.k8s.io
resources:
Expand Down Expand Up @@ -5703,6 +5770,32 @@ rules:
verbs:
- deletecollection

# Eventing TLS
- apiGroups:
- "cert-manager.io"
resources:
- certificates
- issuers
- clusterissuers
verbs:
- create
- delete
- update
- list
- get
- watch
- apiGroups:
- "trust.cert-manager.io"
resources:
- bundles
verbs:
- create
- delete
- update
- list
- get
- watch

---
# Copyright 2020 The Knative Authors
#
Expand Down Expand Up @@ -6206,6 +6299,10 @@ metadata:
labels:
app.kubernetes.io/name: knative-operator
app.kubernetes.io/version: "{{ .Chart.Version }}"
{{- if and .Values.knative_operator.knative_operator.annotations }}
annotations:
{{ toYaml .Values.knative_operator.knative_operator.annotations }}
{{- end }}
spec:
replicas: 1
selector:
Expand All @@ -6219,12 +6316,25 @@ spec:
name: knative-operator
app.kubernetes.io/name: knative-operator
app.kubernetes.io/version: "{{ .Chart.Version }}"
{{- if and .Values.knative_operator.knative_operator.annotations }}
annotations:
{{ toYaml .Values.knative_operator.knative_operator.annotations }}
{{- end }}
spec:
serviceAccountName: knative-operator
containers:
- name: knative-operator
image: "{{ .Values.knative_operator.knative_operator.image }}:{{ .Values.knative_operator.knative_operator.tag }}"
imagePullPolicy: IfNotPresent
{{- if and .Values.knative_operator.knative_operator.resources }}
resources:
requests:
cpu: {{ .Values.knative_operator.knative_operator.resources.requests.cpu }}
memory: {{ .Values.knative_operator.knative_operator.resources.requests.memory }}
limits:
cpu: {{ .Values.knative_operator.knative_operator.resources.limits.cpu }}
memory: {{ .Values.knative_operator.knative_operator.resources.limits.memory }}
{{- end }}
env:
- name: POD_NAME
valueFrom:
Expand All @@ -6242,6 +6352,15 @@ spec:
value: config-observability
- name: KUBERNETES_MIN_VERSION
value: "{{ .Values.knative_operator.kubernetes_min_version }}"
{{- if and .Values.knative_operator.knative_operator.securityContext }}
securityContext:
allowPrivilegeEscalation: {{ .Values.knative_operator.knative_operator.securityContext.allowPrivilegeEscalation }}
readOnlyRootFilesystem: {{ .Values.knative_operator.knative_operator.securityContext.readOnlyRootFilesystem }}
runAsNonRoot: {{ .Values.knative_operator.knative_operator.securityContext.runAsNonRoot }}
capabilities:
drop:
- ALL
{{- end }}
ports:
- name: metrics
containerPort: 9090
Expand Down
20 changes: 0 additions & 20 deletions hack/generate-helm.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -36,26 +36,6 @@ readonly TARGET_DIR="${CHARTS_DIR}/${NAME}"
# Create the directory, if it does not exist.
mkdir -p ${TARGET_DIR}/templates

# Generate the template based on the yaml files under config
echo "" > ${TARGET_DIR}/templates/operator.yaml
for filename in config/*.yaml; do
if [[ $filename == *namespace.yaml ]]; then
continue
fi
cat $filename >> ${TARGET_DIR}/templates/operator.yaml
echo -e "\n---" >> ${TARGET_DIR}/templates/operator.yaml
done

# Replace the namespace and images with the helm parameters
sed -i.bak 's/namespace: knative-operator/namespace: "{{ .Release.Namespace }}"/g' ${TARGET_DIR}/templates/operator.yaml
sed -i.bak 's/image: ko:\/\/knative.dev\/operator\/cmd\/operator/image: "{{ .Values.knative_operator.knative_operator.image }}:{{ .Values.knative_operator.knative_operator.tag }}"/g' ${TARGET_DIR}/templates/operator.yaml
sed -i.bak 's/image: ko:\/\/knative.dev\/operator\/cmd\/webhook/image: "{{ .Values.knative_operator.operator_webhook.image }}:{{ .Values.knative_operator.operator_webhook.tag }}"/g' ${TARGET_DIR}/templates/operator.yaml
sed -i.bak 's/operator.knative.dev\/release: devel/operator.knative.dev\/release: "v{{ .Chart.Version }}"/g' ${TARGET_DIR}/templates/operator.yaml
sed -i.bak 's/app.kubernetes.io\/version: devel/app.kubernetes.io\/version: "{{ .Chart.Version }}"/g' ${TARGET_DIR}/templates/operator.yaml
sed -i.bak 's/value: ""/value: "{{ .Values.knative_operator.kubernetes_min_version }}"/g' ${TARGET_DIR}/templates/operator.yaml

rm ${TARGET_DIR}/templates/operator.yaml.bak

sed -i.bak "s/{{ version }}/${VERSION:1}/g" ${TARGET_DIR}/Chart.yaml
sed -i.bak "s/{{ tag }}/${VERSION}/g" ${TARGET_DIR}/values.yaml

Expand Down

0 comments on commit 97a8a33

Please sign in to comment.