linki · multimac · Jul 1, 2021 · Jul 2, 2021 · Jul 2, 2021 · Jul 2, 2021
diff --git a/chart/chaoskube/templates/clusterrole.yaml b/chart/chaoskube/templates/clusterrole.yaml
@@ -1,3 +1,4 @@
+{{- if .Values.rbac.create }}
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
@@ -10,3 +11,4 @@ rules:
   - apiGroups: [""]
     resources: ["events"]
     verbs: ["create"]
+{{- end }}
diff --git a/chart/chaoskube/templates/clusterrolebinding.yaml b/chart/chaoskube/templates/clusterrolebinding.yaml
@@ -1,3 +1,4 @@
+{{- if .Values.rbac.create }}
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
@@ -11,3 +12,4 @@ subjects:
 - kind: ServiceAccount
   name: {{ include "chaoskube.serviceAccountName" . }}
   namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/chart/chaoskube/templates/deployment.yaml b/chart/chaoskube/templates/deployment.yaml
@@ -21,24 +21,43 @@ spec:
       {{- end }}
       labels:
         {{- include "chaoskube.selectorLabels" . | nindent 8 }}
+        {{- with .Values.podLabels }}
+        {{- toYaml . | nindent 8 }}
+        {{- end }}
     spec:
+      {{- with .Values.image.pullSecrets }}
+      imagePullSecrets: {{- toYaml . | nindent 6 }}
+      {{- end }}
       serviceAccountName: {{ include "chaoskube.serviceAccountName" . }}
       containers:
       - name: {{ .Chart.Name }}
+        {{- if .Values.image.digest }}
+        image: "{{ .Values.image.repository }}@{{ .Values.image.digest }}"
+        {{- else }}
         image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
+        {{- end }}
         imagePullPolicy: {{ .Values.image.pullPolicy }}
         {{- if .Values.chaoskube.env }}
         env:
           {{ toYaml .Values.chaoskube.env | indent 8 }}
         {{- end }}
         args:
         {{- range $key, $value := .Values.chaoskube.args }}
-        {{- if $value }}
         - --{{ $key }}={{ $value }}
-        {{- else }}
+        {{- end }}
+        {{- range $key, $value := .Values.chaoskube.flags }}
+        {{- if $value }}
         - --{{ $key }}
         {{- end }}
         {{- end }}
+        {{- if .Values.chaoskube.metrics.enabled }}
+        - --metrics-address=:{{ .Values.chaoskube.metrics.port }}
+        {{- end }}
+        {{- if .Values.chaoskube.metrics.enabled }}
+        ports:
+          - name: metrics
+            containerPort: {{ .Values.chaoskube.metrics.port }}
+        {{- end }}
         securityContext:
           {{- toYaml .Values.podSecurityContext | nindent 10 }}
         resources:

diff --git a/chart/chaoskube/templates/service.yaml b/chart/chaoskube/templates/service.yaml
@@ -0,0 +1,22 @@
+{{- if and .Values.chaoskube.metrics.enabled .Values.chaoskube.metrics.service.create }}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "chaoskube.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "chaoskube.labels" . | nindent 4 }}
+
+spec:
+  type: {{ .Values.chaoskube.metrics.service.type }}
+
+  ports:
+    - port: {{ .Values.chaoskube.metrics.port }}
+      targetPort: metrics
+      protocol: TCP
+      name: metrics
+
+  selector:
+    app.kubernetes.io/name: {{ include "chaoskube.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
diff --git a/chart/chaoskube/templates/serviceaccount.yaml b/chart/chaoskube/templates/serviceaccount.yaml
@@ -1,3 +1,4 @@
+{{- if .Values.serviceAccount.create }}
 ---
 apiVersion: v1
 kind: ServiceAccount
@@ -10,3 +11,4 @@ metadata:
   annotations:
     {{- toYaml . | nindent 4 }}
   {{- end }}
+{{- end }}
diff --git a/chart/chaoskube/values.yaml b/chart/chaoskube/values.yaml
@@ -5,13 +5,23 @@ replicaCount: 1
 # image specifies image location, tag and pullPolicy
 image:
   repository: quay.io/linki/chaoskube
+
   pullPolicy: IfNotPresent
+  pullSecrets: []
+
+  # Provide digest of specific image to run
+  digest: ""
   # Overrides the image tag whose default is the chart appVersion.
   tag: ""
 
 # chaoskube is used to configure chaoskube
 chaoskube:
   env: {}
+
+  flags:
+    # terminate pods for real: this disables dry-run mode which is on by default
+    no-dry-run: true
+
   args:
     # kill a pod every 10 minutes
     interval: "10m"
@@ -33,18 +43,34 @@ chaoskube:
     timezone: "UTC"
     # exclude all pods that haven't been running for at least one hour
     minimum-age: "1h"
-    # terminate pods for real: this disables dry-run mode which is on by default
-    no-dry-run: ""
+    # sets the annotation prefix to use when looking for configuration overrides in pod annotations
+    # eg. termination frequency will look for the annotation "chaos.alpha.kubernetes.io/frequency"
+    config-annotation-prefix: "chaos.alpha.kubernetes.io"
+
+  metrics:
+    enabled: true
+    port: 8080
+
+    service:
+      create: true
+      type: ClusterIP
 
 # serviceAccount can be used to customize the service account which will be crated and used by chaoskube
 serviceAccount:
   create: true
   name: ""
   annotations: {}
 
+# rbac allows configuring the permissions for chaoskube
+rbac:
+  create: true
+
 # podAnnotations can be used to add additional annotations to the pod
 podAnnotations: {}
 
+# podAnnotations can be used to add additional labels to the pod
+podLabels: {}
+
 # podSecurityContext is used to customize the security context of the pod
 podSecurityContext:
   runAsNonRoot: true