File templates.obscpio of Package akri-chart
07070100000000000081a400000000000000000000000168e8e226000000c9000000000000000000000000000000000000001400000000templates/NOTES.txt1. Get the Akri Controller:
kubectl get -o wide pods | grep controller
2. Get the Akri Agent(s):
kubectl get -o wide pods | grep agent
3. Get the Akri Configuration(s):
kubectl get -o wide akric
07070100000001000081a400000000000000000000000168e8e22600000701000000000000000000000000000000000000001700000000templates/_helpers.tpl{{/* vim: set filetype=mustache: */}}
{{/*
Expand the name of the chart.
*/}}
{{- define "akri.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "akri.fullname" -}}
{{- if .Values.fullnameOverride }}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- $name := default .Chart.Name .Values.nameOverride }}
{{- if contains $name .Release.Name }}
{{- .Release.Name | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
{{- end }}
{{- end }}
{{- end }}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "akri.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Common labels
*/}}
{{- define "akri.labels" -}}
helm.sh/chart: {{ include "akri.chart" . }}
{{ include "akri.selectorLabels" . }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "akri.selectorLabels" -}}
app.kubernetes.io/part-of: {{ include "akri.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}
{{/*
Create the name of the service account to use
*/}}
{{- define "akri.serviceAccountName" -}}
{{- if .Values.serviceAccount.create }}
{{- default (include "akri.fullname" .) .Values.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.serviceAccount.name }}
{{- end }}
{{- end }}
07070100000002000081a400000000000000000000000168e8e22600001482000000000000000000000000000000000000001500000000templates/agent.yaml{{- if .Values.agent.enabled }}
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: akri-agent-daemonset
labels: {{- include "akri.labels" . | nindent 4 }}
app.kubernetes.io/name: akri-agent
app.kubernetes.io/component: agent
spec:
selector:
matchLabels: {{- include "akri.selectorLabels" . | nindent 6 }}
app.kubernetes.io/name: akri-agent
template:
metadata:
labels: {{- include "akri.labels" . | nindent 8 }}
app.kubernetes.io/name: akri-agent
app.kubernetes.io/component: agent
spec:
nodeSelector:
"kubernetes.io/os": linux
{{- if .Values.agent.nodeSelectors }}
{{- toYaml .Values.agent.nodeSelectors | nindent 8 }}
{{- end }}
{{- if .Values.rbac.enabled }}
serviceAccountName: 'akri-agent-sa'
{{- end }}
containers:
- name: akri-agent
{{- $repository := .Values.agent.image.repository -}}
{{- if .Values.useDevelopmentContainers }}
{{- if .Values.useLatestContainers }}
image: {{ printf "%s:%s" $repository (default "latest-dev" .Values.agent.image.tag) | quote }}
{{- else }}
image: {{ printf "%s:%s" $repository (default (printf "v%s-dev" .Chart.AppVersion) .Values.agent.image.tag) | quote }}
{{- end }}
{{- else }}
{{- if .Values.useLatestContainers }}
image: {{ printf "%s:%s" $repository (default "latest" .Values.agent.image.tag) | quote }}
{{- else }}
image: {{ printf "%s:%s" $repository (default (printf "v%s" .Chart.AppVersion) .Values.agent.image.tag) | quote }}
{{- end }}
{{- end }}
{{- with .Values.agent.image.pullPolicy }}
imagePullPolicy: {{ . }}
{{- end }}
resources:
requests:
memory: {{ .Values.agent.resources.memoryRequest }}
cpu: {{ .Values.agent.resources.cpuRequest }}
limits:
memory: {{ .Values.agent.resources.memoryLimit }}
cpu: {{ .Values.agent.resources.cpuLimit }}
{{- if .Values.agent.securityContext }}
securityContext:
{{- toYaml .Values.agent.securityContext | nindent 10 }}
{{- else }}
securityContext:
privileged: true
{{- end}}
env:
{{- if .Values.agent.allowDebugEcho }}
- name: ENABLE_DEBUG_ECHO
value: "1"
{{- /* environment variable to tell the Agent's embedded debug echo Discovery Handler whether its instances are shared */}}
- name: DEBUG_ECHO_INSTANCES_SHARED
value: {{ .Values.debugEcho.configuration.shared | quote }}
{{- end }}
- name: HOST_CRICTL_PATH
value: /usr/bin/crictl
- name: HOST_RUNTIME_ENDPOINT
value: unix:///host/run/containerd/containerd.sock
- name: HOST_IMAGE_ENDPOINT
value: unix:///host/run/containerd/containerd.sock
- name: AGENT_NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
- name: DISCOVERY_HANDLERS_DIRECTORY
value: /var/lib/akri
volumeMounts:
- name: discovery-handlers
mountPath: /var/lib/akri
- name: device-plugin
mountPath: /var/lib/kubelet/device-plugins
- name: var-run-dockershim
mountPath: /host/run/containerd/containerd.sock
{{- if .Values.agent.host.udev }}
- name: devices
mountPath: /run/udev
{{- end }}
{{- if .Values.prometheus.enabled }}
ports:
- name: {{ .Values.prometheus.portName | quote }}
containerPort: {{ .Values.prometheus.port }}
{{- end }}
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
volumes:
- name: discovery-handlers
hostPath:
path: {{ .Values.agent.host.discoveryHandlers }}
- name: device-plugin
hostPath:
path: "{{ .Values.agent.host.kubeletDevicePlugins }}"
- name: var-run-dockershim
hostPath:
{{- if ne "" .Values.agent.host.containerRuntimeSocket }}
path: {{.Values.agent.host.containerRuntimeSocket }}
{{- else if eq .Values.kubernetesDistro "microk8s" }}
path: "/var/snap/microk8s/common/run/containerd.sock"
{{- else if eq .Values.kubernetesDistro "k3s" }}
path: "/run/k3s/containerd/containerd.sock"
{{- else if eq .Values.kubernetesDistro "k8s" }}
path: "/run/containerd/containerd.sock"
{{- else }}
# Please set container runtime socket by either selecting the appropriate K8s distro `kubernetesDistro=<k8s|k3s|microk8s>`
# or setting `agent.host.containerRuntimeSocket=/container/runtime.sock`.
# See https://docs.akri.sh/user-guide/cluster-setup for more information.
# Using K8s default "/run/containerd/containerd.sock" for now.
path: "/run/containerd/containerd.sock"
{{- end }}
{{- if .Values.agent.host.udev }}
- name: devices
hostPath:
path: "{{ .Values.agent.host.udev }}"
{{- end }}
{{- end }}
07070100000003000081a400000000000000000000000168e8e22600000bd0000000000000000000000000000000000000001a00000000templates/controller.yaml{{- if .Values.controller.enabled }}
apiVersion: apps/v1
kind: Deployment
metadata:
name: akri-controller-deployment
labels: {{- include "akri.labels" . | nindent 4 }}
app.kubernetes.io/name: akri-controller
app.kubernetes.io/component: controller
spec:
replicas: 1
selector:
matchLabels: {{- include "akri.selectorLabels" . | nindent 6 }}
app.kubernetes.io/name: akri-controller
template:
metadata:
labels: {{- include "akri.labels" . | nindent 8 }}
app.kubernetes.io/name: akri-controller
app.kubernetes.io/component: controller
spec:
{{- if .Values.rbac.enabled }}
serviceAccountName: 'akri-controller-sa'
{{- end }}
containers:
- name: akri-controller
{{- if .Values.useDevelopmentContainers }}
{{- if .Values.useLatestContainers }}
image: {{ printf "%s:%s" .Values.controller.image.repository (default "latest-dev" .Values.controller.image.tag) | quote }}
{{- else }}
image: {{ printf "%s:%s" .Values.controller.image.repository (default (printf "v%s-dev" .Chart.AppVersion) .Values.controller.image.tag) | quote }}
{{- end }}
{{- else }}
{{- if .Values.useLatestContainers }}
image: {{ printf "%s:%s" .Values.controller.image.repository (default "latest" .Values.controller.image.tag) | quote }}
{{- else }}
image: {{ printf "%s:%s" .Values.controller.image.repository (default (printf "v%s" .Chart.AppVersion) .Values.controller.image.tag) | quote }}
{{- end }}
{{- end }}
{{- with .Values.controller.image.pullPolicy }}
imagePullPolicy: {{ . }}
{{- end }}
{{- if .Values.controller.securityContext }}
securityContext:
{{- toYaml .Values.controller.securityContext | nindent 10 }}
{{- end}}
resources:
requests:
memory: {{ .Values.controller.resources.memoryRequest }}
cpu: {{ .Values.controller.resources.cpuRequest }}
limits:
memory: {{ .Values.controller.resources.memoryLimit }}
cpu: {{ .Values.controller.resources.cpuLimit }}
{{- if .Values.prometheus.enabled }}
ports:
- name: {{ .Values.prometheus.portName | quote }}
containerPort: {{ .Values.prometheus.port }}
{{- end }}
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- if .Values.controller.allowOnControlPlane }}
tolerations:
{{- /* Allow this pod to run on the master. */}}
- key: node-role.kubernetes.io/master
effect: NoSchedule
{{- end }}
nodeSelector:
{{- if .Values.controller.onlyOnControlPlane }}
node-role.kubernetes.io/master: ""
{{- end }}
"kubernetes.io/os": linux
{{- if .Values.controller.nodeSelectors }}
{{- toYaml .Values.controller.nodeSelectors | nindent 8 }}
{{- end }}
{{- end }}
07070100000004000081a400000000000000000000000168e8e22600001a50000000000000000000000000000000000000002400000000templates/custom-configuration.yaml{{- if .Values.custom.configuration.enabled }}
apiVersion: {{ printf "%s/%s" .Values.crds.group .Values.crds.version }}
kind: Configuration
metadata:
name: {{ .Values.custom.configuration.name }}
spec:
discoveryHandler:
name: {{ required "A custom.configuration.discoveryHandlerName is required." .Values.custom.configuration.discoveryHandlerName }}
discoveryDetails: {{ .Values.custom.configuration.discoveryDetails | quote }}
{{- if or .Values.custom.configuration.brokerPod.image.repository .Values.custom.configuration.brokerJob.image.repository }}
{{- /* Only add brokerSpec if a broker image is provided */}}
brokerSpec:
{{- if .Values.custom.configuration.brokerPod.image.repository }}
brokerPodSpec:
containers:
- name: {{ .Values.custom.configuration.name }}-broker
image: {{ printf "%s:%s" .Values.custom.configuration.brokerPod.image.repository .Values.custom.configuration.brokerPod.image.tag | quote }}
{{- with .Values.custom.configuration.pullPolicy }}
imagePullPolicy: {{ . }}
{{- end }}
{{- if .Values.custom.configuration.brokerPod.env }}
env:
{{- range $key, $val := .Values.custom.configuration.brokerPod.env }}
- name: {{ $key }}
value: {{ $val | quote }}
{{- end }}
{{- end }}
{{- if .Values.custom.configuration.brokerPod.envFrom }}
envFrom:
{{- range $val := .Values.custom.configuration.brokerPod.envFrom.secretRef }}
- secretRef:
name: {{ $val | quote }}
{{- end }}
{{- range $val := .Values.custom.configuration.brokerPod.envFrom.configMapRef }}
- configMapRef:
name: {{ $val | quote }}
{{- end }}
{{- end }}
resources:
requests:
{{`"{{PLACEHOLDER}}"`}} : "1"
memory: {{ .Values.custom.configuration.brokerPod.resources.memoryRequest }}
cpu: {{ .Values.custom.configuration.brokerPod.resources.cpuRequest }}
limits:
{{`"{{PLACEHOLDER}}"`}} : "1"
memory: {{ .Values.custom.configuration.brokerPod.resources.memoryLimit }}
cpu: {{ .Values.custom.configuration.brokerPod.resources.cpuLimit }}
{{- with .Values.custom.configuration.brokerPod.volumeMounts}}
volumeMounts:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.custom.configuration.brokerPod.volumes}}
volumes:
{{- toYaml . | nindent 6 }}
{{- end }}
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 6 }}
{{- end }}
{{- else }}
brokerJobSpec:
template:
spec:
containers:
- name: {{ .Values.custom.configuration.name }}-broker
image: {{ printf "%s:%s" .Values.custom.configuration.brokerJob.image.repository .Values.custom.configuration.brokerPod.image.tag | quote }}
{{- if .Values.custom.configuration.brokerJob.command }}
command:
{{- toYaml .Values.custom.configuration.brokerJob.command | nindent 14 }}
{{- end }}
{{- with .Values.custom.configuration.pullPolicy }}
imagePullPolicy: {{ . }}
{{- end }}
{{- if .Values.custom.configuration.brokerJob.env }}
env:
{{- range $key, $val := .Values.custom.configuration.brokerJob.env }}
- name: {{ $key }}
value: {{ $val | quote }}
{{- end }}
{{- end }}
{{- if .Values.custom.configuration.brokerJob.envFrom }}
envFrom:
{{- range $val := .Values.custom.configuration.brokerJob.envFrom.secretRef }}
- secretRef:
name: {{ $val | quote }}
{{- end }}
{{- range $val := .Values.custom.configuration.brokerJob.envFrom.configMapRef }}
- configMapRef:
name: {{ $val | quote }}
{{- end }}
{{- end }}
resources:
requests:
{{`"{{PLACEHOLDER}}"`}} : "1"
memory: {{ .Values.custom.configuration.brokerJob.resources.memoryRequest }}
cpu: {{ .Values.custom.configuration.brokerJob.resources.cpuRequest }}
limits:
{{`"{{PLACEHOLDER}}"`}} : "1"
memory: {{ .Values.custom.configuration.brokerJob.resources.memoryLimit }}
cpu: {{ .Values.custom.configuration.brokerJob.resources.cpuLimit }}
{{- with .Values.custom.configuration.brokerJob.volumeMounts}}
volumeMounts:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- with .Values.custom.configuration.brokerJob.volumes}}
volumes:
{{- toYaml . | nindent 10 }}
{{- end }}
restartPolicy: {{ .Values.custom.configuration.brokerJob.restartPolicy }}
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 10 }}
{{- end }}
backoffLimit: {{ .Values.custom.configuration.brokerJob.backoffLimit }}
parallelism: {{ .Values.custom.configuration.brokerJob.parallelism }}
completions: {{ .Values.custom.configuration.brokerJob.completions }}
{{- end }}
{{- end }}
{{- if .Values.custom.configuration.brokerPod.image.repository }}
{{- if .Values.custom.configuration.createInstanceServices }}
instanceServiceSpec:
type: {{ .Values.custom.configuration.instanceService.type }}
ports:
- name: {{ .Values.custom.configuration.instanceService.name }}
port: {{ .Values.custom.configuration.instanceService.port }}
protocol: {{ .Values.custom.configuration.instanceService.protocol }}
targetPort: {{ .Values.custom.configuration.instanceService.targetPort }}
{{- end }}
{{- if .Values.custom.configuration.createConfigurationService }}
configurationServiceSpec:
type: {{ .Values.custom.configuration.configurationService.type }}
ports:
- name: {{ .Values.custom.configuration.configurationService.name }}
port: {{ .Values.custom.configuration.configurationService.port }}
protocol: {{ .Values.custom.configuration.configurationService.protocol }}
targetPort: {{ .Values.custom.configuration.configurationService.port }}
{{- end }}
{{- end }}
{{- if .Values.custom.configuration.brokerProperties }}
brokerProperties:
{{- range $key, $val := .Values.custom.configuration.brokerProperties }}
{{- $key | nindent 4 }}: {{ $val | quote }}
{{- end }}
{{- else }}
brokerProperties: {}
{{- end }}
capacity: {{ .Values.custom.configuration.capacity }}
{{- end }}07070100000005000081a400000000000000000000000168e8e22600000a16000000000000000000000000000000000000002800000000templates/custom-discovery-handler.yaml{{- if .Values.custom.discovery.enabled }}
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: {{ printf "%s-daemonset" .Values.custom.discovery.name }}
{{- if .Values.custom.discovery.discoveryHandlerName }}
annotations:
akri.sh/discoveryHandlerName: {{ .Values.custom.discovery.discoveryHandlerName }}
{{- end }}
labels: {{- include "akri.labels" . | nindent 4 }}
app.kubernetes.io/name: {{ .Values.custom.discovery.name }}
app.kubernetes.io/component: discovery-handler
spec:
selector:
matchLabels: {{- include "akri.selectorLabels" . | nindent 6 }}
app.kubernetes.io/name: {{ .Values.custom.discovery.name }}
template:
metadata:
labels: {{- include "akri.labels" . | nindent 8 }}
app.kubernetes.io/name: {{ .Values.custom.discovery.name }}
app.kubernetes.io/component: discovery-handler
spec:
containers:
- name: {{ .Values.custom.discovery.name }}
image: {{ printf "%s:%s" (required "A custom.discovery.image.repository is required." .Values.custom.discovery.image.repository) .Values.custom.discovery.image.tag | quote }}
{{- with .Values.custom.discovery.image.pullPolicy }}
imagePullPolicy: {{ . }}
{{- end}}
resources:
requests:
memory: {{ .Values.custom.discovery.resources.memoryRequest }}
cpu: {{ .Values.custom.discovery.resources.cpuRequest }}
limits:
memory: {{ .Values.custom.discovery.resources.memoryLimit }}
cpu: {{ .Values.custom.discovery.resources.cpuLimit }}
{{- if .Values.custom.discovery.useNetworkConnection }}
ports:
- name: discovery
containerPort: {{ .Values.custom.discovery.port }}
{{- end }}
env:
{{- if .Values.custom.discovery.useNetworkConnection }}
- name: POD_IP
valueFrom:
fieldRef:
fieldPath: status.podIP
{{- end }}
- name: DISCOVERY_HANDLERS_DIRECTORY
value: /var/lib/akri
volumeMounts:
- name: discovery-handlers
mountPath: /var/lib/akri
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
nodeSelector:
"kubernetes.io/os": linux
{{- if .Values.custom.discovery.nodeSelectors }}
{{- toYaml .Values.custom.discovery.nodeSelectors | nindent 8 }}
{{- end }}
volumes:
- name: discovery-handlers
hostPath:
path: {{ .Values.agent.host.discoveryHandlers }}
{{- end }}
07070100000006000081a400000000000000000000000168e8e22600001b89000000000000000000000000000000000000002800000000templates/debug-echo-configuration.yaml{{- if .Values.debugEcho.configuration.enabled }}
apiVersion: {{ printf "%s/%s" .Values.crds.group .Values.crds.version }}
kind: Configuration
metadata:
name: {{ .Values.debugEcho.configuration.name }}
spec:
discoveryHandler:
name: debugEcho
discoveryDetails: |+
{{- if .Values.debugEcho.configuration.discoveryDetails.descriptions }}
descriptions:
{{- toYaml .Values.debugEcho.configuration.discoveryDetails.descriptions | nindent 6 }}
{{- else }}
descriptions: []
{{- end }}
{{- if or .Values.debugEcho.configuration.brokerPod.image.repository .Values.debugEcho.configuration.brokerJob.image.repository }}
{{- /* Only add brokerSpec if a broker image is provided */}}
brokerSpec:
{{- if .Values.debugEcho.configuration.brokerPod.image.repository }}
brokerPodSpec:
containers:
- name: {{ .Values.debugEcho.configuration.name }}-broker
image: {{ printf "%s:%s" .Values.debugEcho.configuration.brokerPod.image.repository .Values.debugEcho.configuration.brokerPod.image.tag | quote }}
{{- with .Values.debugEcho.configuration.pullPolicy }}
imagePullPolicy: {{ . }}
{{- end }}
{{- if .Values.debugEcho.configuration.brokerPod.env }}
env:
{{- range $key, $val := .Values.debugEcho.configuration.brokerPod.env }}
- name: {{ $key }}
value: {{ $val | quote }}
{{- end }}
{{- end }}
{{- if .Values.debugEcho.configuration.brokerPod.envFrom }}
envFrom:
{{- range $val := .Values.debugEcho.configuration.brokerPod.envFrom.secretRef }}
- secretRef:
name: {{ $val | quote }}
{{- end }}
{{- range $val := .Values.debugEcho.configuration.brokerPod.envFrom.configMapRef }}
- configMapRef:
name: {{ $val | quote }}
{{- end }}
{{- end }}
resources:
requests:
{{`"{{PLACEHOLDER}}"`}} : "1"
memory: {{ .Values.debugEcho.configuration.brokerPod.resources.memoryRequest }}
cpu: {{ .Values.debugEcho.configuration.brokerPod.resources.cpuRequest }}
limits:
{{`"{{PLACEHOLDER}}"`}} : "1"
memory: {{ .Values.debugEcho.configuration.brokerPod.resources.memoryLimit }}
cpu: {{ .Values.debugEcho.configuration.brokerPod.resources.cpuLimit }}
{{- with .Values.debugEcho.configuration.brokerPod.volumeMounts}}
volumeMounts:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.debugEcho.configuration.brokerPod.volumes}}
volumes:
{{- toYaml . | nindent 6 }}
{{- end }}
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 6 }}
{{- end }}
{{- else }}
brokerJobSpec:
template:
spec:
containers:
- name: {{ .Values.debugEcho.configuration.name }}-broker
image: {{ printf "%s:%s" .Values.debugEcho.configuration.brokerJob.image.repository .Values.debugEcho.configuration.brokerPod.image.tag | quote }}
{{- if .Values.debugEcho.configuration.brokerJob.command }}
command:
{{- toYaml .Values.debugEcho.configuration.brokerJob.command | nindent 14 }}
{{- end }}
{{- with .Values.debugEcho.configuration.pullPolicy }}
imagePullPolicy: {{ . }}
{{- end }}
{{- if .Values.debugEcho.configuration.brokerJob.env }}
env:
{{- range $key, $val := .Values.debugEcho.configuration.brokerJob.env }}
- name: {{ $key }}
value: {{ $val | quote }}
{{- end }}
{{- end }}
{{- if .Values.debugEcho.configuration.brokerJob.envFrom }}
envFrom:
{{- range $val := .Values.debugEcho.configuration.brokerJob.envFrom.secretRef }}
- secretRef:
name: {{ $val | quote }}
{{- end }}
{{- range $val := .Values.debugEcho.configuration.brokerJob.envFrom.configMapRef }}
- configMapRef:
name: {{ $val | quote }}
{{- end }}
{{- end }}
resources:
requests:
{{`"{{PLACEHOLDER}}"`}} : "1"
memory: {{ .Values.debugEcho.configuration.brokerJob.resources.memoryRequest }}
cpu: {{ .Values.debugEcho.configuration.brokerJob.resources.cpuRequest }}
limits:
{{`"{{PLACEHOLDER}}"`}} : "1"
memory: {{ .Values.debugEcho.configuration.brokerJob.resources.memoryLimit }}
cpu: {{ .Values.debugEcho.configuration.brokerJob.resources.cpuLimit }}
{{- with .Values.debugEcho.configuration.brokerJob.volumeMounts}}
volumeMounts:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- with .Values.debugEcho.configuration.brokerJob.volumes}}
volumes:
{{- toYaml . | nindent 10 }}
{{- end }}
restartPolicy: {{ .Values.debugEcho.configuration.brokerJob.restartPolicy }}
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 10 }}
{{- end }}
backoffLimit: {{ .Values.debugEcho.configuration.brokerJob.backoffLimit }}
parallelism: {{ .Values.debugEcho.configuration.brokerJob.parallelism }}
completions: {{ .Values.debugEcho.configuration.brokerJob.completions }}
{{- end }}
{{- end }}
{{- if or .Values.debugEcho.configuration.brokerPod.image.repository .Values.debugEcho.configuration.brokerJob.image.repository }}
{{- if .Values.debugEcho.configuration.createInstanceServices }}
instanceServiceSpec:
type: {{ .Values.debugEcho.configuration.instanceService.type }}
ports:
- name: {{ .Values.debugEcho.configuration.instanceService.name }}
port: {{ .Values.debugEcho.configuration.instanceService.port }}
protocol: {{ .Values.debugEcho.configuration.instanceService.protocol }}
targetPort: {{ .Values.debugEcho.configuration.instanceService.targetPort }}
{{- end }}
{{- if .Values.debugEcho.configuration.createConfigurationService }}
configurationServiceSpec:
type: {{ .Values.debugEcho.configuration.configurationService.type }}
ports:
- name: {{ .Values.debugEcho.configuration.configurationService.name }}
port: {{ .Values.debugEcho.configuration.configurationService.port }}
protocol: {{ .Values.debugEcho.configuration.configurationService.protocol }}
targetPort: {{ .Values.debugEcho.configuration.configurationService.port }}
{{- end }}
{{- end }}
{{- if .Values.debugEcho.configuration.brokerProperties }}
brokerProperties:
{{- range $key, $val := .Values.debugEcho.configuration.brokerProperties }}
{{- $key | nindent 4 }}: {{ $val | quote }}
{{- end }}
{{- else }}
brokerProperties: {}
{{- end }}
capacity: {{ .Values.debugEcho.configuration.capacity }}
{{- end }}
07070100000007000081a400000000000000000000000168e8e22600000cc7000000000000000000000000000000000000002c00000000templates/debug-echo-discovery-handler.yaml{{- if .Values.debugEcho.discovery.enabled }}
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: akri-debug-echo-discovery-daemonset
annotations:
akri.sh/discoveryHandlerName: debugEcho
labels: {{- include "akri.labels" . | nindent 4 }}
app.kubernetes.io/name: akri-debug-echo-discovery
app.kubernetes.io/component: discovery-handler
spec:
selector:
matchLabels: {{- include "akri.selectorLabels" . | nindent 6 }}
app.kubernetes.io/name: akri-debug-echo-discovery
template:
metadata:
labels: {{- include "akri.labels" . | nindent 8 }}
app.kubernetes.io/name: akri-debug-echo-discovery
app.kubernetes.io/component: discovery-handler
spec:
containers:
- name: akri-debug-echo-discovery
{{- if .Values.useDevelopmentContainers }}
{{- if .Values.useLatestContainers }}
image: {{ printf "%s:%s" .Values.debugEcho.discovery.image.repository (default "latest-dev" .Values.debugEcho.discovery.image.tag) | quote }}
{{- else }}
image: {{ printf "%s:%s" .Values.debugEcho.discovery.image.repository (default (printf "v%s-dev" .Chart.AppVersion) .Values.debugEcho.discovery.image.tag) | quote }}
{{- end }}
{{- else }}
{{- if .Values.useLatestContainers }}
image: {{ printf "%s:%s" .Values.debugEcho.discovery.image.repository (default "latest" .Values.debugEcho.discovery.image.tag) | quote }}
{{- else }}
image: {{ printf "%s:%s" .Values.debugEcho.discovery.image.repository (default (printf "v%s" .Chart.AppVersion) .Values.debugEcho.discovery.image.tag) | quote }}
{{- end }}
{{- end }}
{{- with .Values.debugEcho.discovery.image.pullPolicy }}
imagePullPolicy: {{ . }}
{{- end}}
resources:
requests:
memory: {{ .Values.debugEcho.discovery.resources.memoryRequest }}
cpu: {{ .Values.debugEcho.discovery.resources.cpuRequest }}
limits:
memory: {{ .Values.debugEcho.discovery.resources.memoryLimit }}
cpu: {{ .Values.debugEcho.discovery.resources.cpuLimit }}
{{- if .Values.debugEcho.discovery.useNetworkConnection }}
ports:
- name: discovery
containerPort: {{ .Values.debugEcho.discovery.port }}
{{- end }}
env:
{{- if .Values.debugEcho.discovery.useNetworkConnection }}
- name: POD_IP
valueFrom:
fieldRef:
fieldPath: status.podIP
{{- end }}
- name: DISCOVERY_HANDLERS_DIRECTORY
value: /var/lib/akri
- name: DEBUG_ECHO_INSTANCES_SHARED
value: {{ .Values.debugEcho.configuration.shared | quote }}
volumeMounts:
- name: discovery-handlers
mountPath: /var/lib/akri
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
nodeSelector:
"kubernetes.io/os": linux
{{- if .Values.debugEcho.discovery.nodeSelectors }}
{{- toYaml .Values.debugEcho.discovery.nodeSelectors | nindent 8 }}
{{- end }}
volumes:
- name: discovery-handlers
hostPath:
path: {{ .Values.agent.host.discoveryHandlers }}
{{- end }}
07070100000008000081a400000000000000000000000168e8e2260000271c000000000000000000000000000000000000002300000000templates/onvif-configuration.yaml{{- if .Values.onvif.configuration.enabled }}
apiVersion: {{ printf "%s/%s" .Values.crds.group .Values.crds.version }}
kind: Configuration
metadata:
name: {{ .Values.onvif.configuration.name }}
spec:
discoveryHandler:
name: onvif
discoveryDetails: |+
ipAddresses:
action: {{ .Values.onvif.configuration.discoveryDetails.ipAddresses.action }}
{{- if .Values.onvif.configuration.discoveryDetails.ipAddresses.items}}
items:
{{- toYaml .Values.onvif.configuration.discoveryDetails.ipAddresses.items | nindent 8 }}
{{- else }}
items: []
{{- end }}
macAddresses:
action: {{ .Values.onvif.configuration.discoveryDetails.macAddresses.action }}
{{- if .Values.onvif.configuration.discoveryDetails.macAddresses.items}}
items:
{{- toYaml .Values.onvif.configuration.discoveryDetails.macAddresses.items | nindent 8 }}
{{- else }}
items: []
{{- end }}
scopes:
action: {{ .Values.onvif.configuration.discoveryDetails.scopes.action }}
{{- if .Values.onvif.configuration.discoveryDetails.scopes.items}}
items:
{{- toYaml .Values.onvif.configuration.discoveryDetails.scopes.items | nindent 8 }}
{{- else }}
items: []
{{- end }}
uuids:
action: {{ .Values.onvif.configuration.discoveryDetails.uuids.action }}
{{- if .Values.onvif.configuration.discoveryDetails.uuids.items}}
items:
{{- toYaml .Values.onvif.configuration.discoveryDetails.uuids.items | nindent 8 }}
{{- else }}
items: []
{{- end }}
discoveryTimeoutSeconds: {{ .Values.onvif.configuration.discoveryDetails.discoveryTimeoutSeconds }}
{{- if .Values.onvif.configuration.discoveryProperties}}
discoveryProperties:
{{- range $property := .Values.onvif.configuration.discoveryProperties }}
- name: {{ $property.name }}
{{- if $property.valueFrom }}
valueFrom:
{{- if $property.valueFrom.secretKeyRef }}
secretKeyRef:
name: {{ $property.valueFrom.secretKeyRef.name }}
{{- if $property.valueFrom.secretKeyRef.namespace }}
namespace: {{ $property.valueFrom.secretKeyRef.namespace }}
{{- end }}
{{- if $property.valueFrom.secretKeyRef.key }}
key: {{ $property.valueFrom.secretKeyRef.key }}
{{- end }}
{{- if hasKey $property.valueFrom.secretKeyRef "optional" }}
optional: {{ $property.valueFrom.secretKeyRef.optional }}
{{- end }}
{{- else if $property.valueFrom.configMapKeyRef}}
configMapKeyRef:
name: {{ $property.valueFrom.configMapKeyRef.name }}
{{- if $property.valueFrom.configMapKeyRef.namespace }}
namespace: {{ $property.valueFrom.configMapKeyRef.namespace }}
{{- end }}
{{- if $property.valueFrom.configMapKeyRef.key }}
key: {{ $property.valueFrom.configMapKeyRef.key }}
{{- end }}
{{- if hasKey $property.valueFrom.configMapKeyRef "optional" }}
optional: {{ $property.configMapKeyRef.optional }}
{{- end }}
{{- end }}
{{- else }}
value: {{ $property.value | quote }}
{{- end }}
{{- end }}
{{- end }}
{{- if or .Values.onvif.configuration.brokerPod.image.repository .Values.onvif.configuration.brokerJob.image.repository }}
{{- /* Only add brokerSpec if a broker image is provided */}}
brokerSpec:
{{- if .Values.onvif.configuration.brokerPod.image.repository }}
brokerPodSpec:
containers:
- name: {{ .Values.onvif.configuration.name }}-broker
image: {{ printf "%s:%s" .Values.onvif.configuration.brokerPod.image.repository .Values.onvif.configuration.brokerPod.image.tag | quote }}
{{- with .Values.onvif.configuration.brokerPod.image.pullPolicy }}
imagePullPolicy: {{ . }}
{{- end }}
{{- if .Values.onvif.configuration.brokerPod.env }}
env:
{{- range $key, $val := .Values.onvif.configuration.brokerPod.env }}
- name: {{ $key }}
value: {{ $val | quote }}
{{- end }}
{{- end }}
{{- if .Values.onvif.configuration.brokerPod.env }}
env:
{{- range $key, $val := .Values.onvif.configuration.brokerPod.env }}
- name: {{ $key }}
value: {{ $val | quote }}
{{- end }}
{{- end }}
{{- if .Values.onvif.configuration.brokerPod.envFrom }}
envFrom:
{{- range $val := .Values.onvif.configuration.brokerPod.envFrom.secretRef }}
- secretRef:
name: {{ $val | quote }}
{{- end }}
{{- range $val := .Values.onvif.configuration.brokerPod.envFrom.configMapRef }}
- configMapRef:
name: {{ $val | quote }}
{{- end }}
{{- end }}
resources:
requests:
{{`"{{PLACEHOLDER}}"`}} : "1"
memory: {{ .Values.onvif.configuration.brokerPod.resources.memoryRequest }}
cpu: {{ .Values.onvif.configuration.brokerPod.resources.cpuRequest }}
limits:
{{`"{{PLACEHOLDER}}"`}} : "1"
memory: {{ .Values.onvif.configuration.brokerPod.resources.memoryLimit }}
cpu: {{ .Values.onvif.configuration.brokerPod.resources.cpuLimit }}
{{- with .Values.onvif.configuration.brokerPod.volumeMounts}}
volumeMounts:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.onvif.configuration.brokerPod.volumes}}
volumes:
{{- toYaml . | nindent 6 }}
{{- end }}
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 6 }}
{{- end }}
{{- else }}
brokerJobSpec:
template:
spec:
containers:
- name: {{ .Values.onvif.configuration.name }}-broker
image: {{ printf "%s:%s" .Values.onvif.configuration.brokerJob.image.repository .Values.onvif.configuration.brokerPod.image.tag | quote }}
{{- if .Values.onvif.configuration.brokerJob.command }}
command:
{{- toYaml .Values.onvif.configuration.brokerJob.command | nindent 14 }}
{{- end }}
{{- with .Values.onvif.configuration.pullPolicy }}
imagePullPolicy: {{ . }}
{{- end }}
{{- if .Values.onvif.configuration.brokerJob.env }}
env:
{{- range $key, $val := .Values.onvif.configuration.brokerJob.env }}
- name: {{ $key }}
value: {{ $val | quote }}
{{- end }}
{{- end }}
{{- if .Values.onvif.configuration.brokerJob.envFrom }}
envFrom:
{{- range $val := .Values.onvif.configuration.brokerJob.envFrom.secretRef }}
- secretRef:
name: {{ $val | quote }}
{{- end }}
{{- range $val := .Values.onvif.configuration.brokerJob.envFrom.configMapRef }}
- configMapRef:
name: {{ $val | quote }}
{{- end }}
{{- end }}
resources:
requests:
{{`"{{PLACEHOLDER}}"`}} : "1"
memory: {{ .Values.onvif.configuration.brokerJob.resources.memoryRequest }}
cpu: {{ .Values.onvif.configuration.brokerJob.resources.cpuRequest }}
limits:
{{`"{{PLACEHOLDER}}"`}} : "1"
memory: {{ .Values.onvif.configuration.brokerJob.resources.memoryLimit }}
cpu: {{ .Values.onvif.configuration.brokerJob.resources.cpuLimit }}
{{- with .Values.onvif.configuration.brokerJob.volumeMounts}}
volumeMounts:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- with .Values.onvif.configuration.brokerJob.volumes}}
volumes:
{{- toYaml . | nindent 10 }}
{{- end }}
restartPolicy: {{ .Values.onvif.configuration.brokerJob.restartPolicy }}
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 10 }}
{{- end }}
backoffLimit: {{ .Values.onvif.configuration.brokerJob.backoffLimit }}
parallelism: {{ .Values.onvif.configuration.brokerJob.parallelism }}
completions: {{ .Values.onvif.configuration.brokerJob.completions }}
{{- end }}
{{- end }}
{{- /* Only add service specs if a broker image was specified and service creation was not disabled */}}
{{- if .Values.onvif.configuration.brokerPod.image.repository }}
{{- if .Values.onvif.configuration.createInstanceServices }}
instanceServiceSpec:
type: {{ .Values.onvif.configuration.instanceService.type }}
ports:
- name: {{ .Values.onvif.configuration.instanceService.portName }}
port: {{ .Values.onvif.configuration.instanceService.port }}
protocol: {{ .Values.onvif.configuration.instanceService.protocol }}
targetPort: {{ .Values.onvif.configuration.instanceService.targetPort }}
{{- end }}
{{- if .Values.onvif.configuration.createConfigurationService }}
configurationServiceSpec:
type: {{ .Values.onvif.configuration.configurationService.type }}
ports:
- name: {{ .Values.onvif.configuration.configurationService.portName }}
port: {{ .Values.onvif.configuration.configurationService.port }}
protocol: {{ .Values.onvif.configuration.configurationService.protocol }}
targetPort: {{ .Values.onvif.configuration.configurationService.targetPort }}
{{- end }}
{{- end }}
{{- if .Values.onvif.configuration.brokerProperties }}
brokerProperties:
{{- range $key, $val := .Values.onvif.configuration.brokerProperties }}
{{- $key | nindent 4 }}: {{ $val | quote }}
{{- end }}
{{- else }}
brokerProperties: {}
{{- end }}
capacity: {{ .Values.onvif.configuration.capacity }}
{{- end }}07070100000009000081a400000000000000000000000168e8e22600000c2d000000000000000000000000000000000000002700000000templates/onvif-discovery-handler.yaml{{- if .Values.onvif.discovery.enabled }}
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: akri-onvif-discovery-daemonset
annotations:
akri.sh/discoveryHandlerName: onvif
labels: {{- include "akri.labels" . | nindent 4 }}
app.kubernetes.io/name: akri-onvif-discovery
app.kubernetes.io/component: discovery-handler
spec:
selector:
matchLabels: {{- include "akri.selectorLabels" . | nindent 6 }}
app.kubernetes.io/name: akri-onvif-discovery
template:
metadata:
labels: {{- include "akri.labels" . | nindent 8 }}
app.kubernetes.io/name: akri-onvif-discovery
app.kubernetes.io/component: discovery-handler
spec:
hostNetwork: true
dnsPolicy: ClusterFirstWithHostNet
containers:
- name: akri-onvif-discovery
{{- if .Values.useDevelopmentContainers }}
{{- if .Values.useLatestContainers }}
image: {{ printf "%s:%s" .Values.onvif.discovery.image.repository (default "latest-dev" .Values.onvif.discovery.image.tag) | quote }}
{{- else }}
image: {{ printf "%s:%s" .Values.onvif.discovery.image.repository (default (printf "v%s-dev" .Chart.AppVersion) .Values.onvif.discovery.image.tag) | quote }}
{{- end }}
{{- else }}
{{- if .Values.useLatestContainers }}
image: {{ printf "%s:%s" .Values.onvif.discovery.image.repository (default "latest" .Values.onvif.discovery.image.tag) | quote }}
{{- else }}
image: {{ printf "%s:%s" .Values.onvif.discovery.image.repository (default (printf "v%s" .Chart.AppVersion) .Values.onvif.discovery.image.tag) | quote }}
{{- end }}
{{- end }}
{{- with .Values.onvif.discovery.image.pullPolicy }}
imagePullPolicy: {{ . }}
{{- end}}
resources:
requests:
memory: {{ .Values.onvif.discovery.resources.memoryRequest }}
cpu: {{ .Values.onvif.discovery.resources.cpuRequest }}
limits:
memory: {{ .Values.onvif.discovery.resources.memoryLimit }}
cpu: {{ .Values.onvif.discovery.resources.cpuLimit }}
{{- if .Values.onvif.discovery.useNetworkConnection }}
ports:
- name: discovery
containerPort: {{ .Values.onvif.discovery.port }}
{{- end }}
env:
{{- if .Values.onvif.discovery.useNetworkConnection }}
- name: POD_IP
valueFrom:
fieldRef:
fieldPath: status.podIP
{{- end }}
- name: DISCOVERY_HANDLERS_DIRECTORY
value: /var/lib/akri
volumeMounts:
- name: discovery-handlers
mountPath: /var/lib/akri
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
nodeSelector:
"kubernetes.io/os": linux
{{- if .Values.onvif.discovery.nodeSelectors }}
{{- toYaml .Values.onvif.discovery.nodeSelectors | nindent 8 }}
{{- end }}
volumes:
- name: discovery-handlers
hostPath:
path: {{ .Values.agent.host.discoveryHandlers }}
{{- end }}
0707010000000a000081a400000000000000000000000168e8e2260000204c000000000000000000000000000000000000002300000000templates/opcua-configuration.yaml{{- if .Values.opcua.configuration.enabled }}
apiVersion: {{ printf "%s/%s" .Values.crds.group .Values.crds.version }}
kind: Configuration
metadata:
name: {{ .Values.opcua.configuration.name }}
spec:
discoveryHandler:
name: opcua
discoveryDetails: |+
opcuaDiscoveryMethod:
standard:
discoveryUrls:
{{- toYaml .Values.opcua.configuration.discoveryDetails.discoveryUrls | nindent 10 }}
applicationNames:
action: {{ .Values.opcua.configuration.discoveryDetails.applicationNames.action }}
{{- if .Values.opcua.configuration.discoveryDetails.applicationNames.items}}
items:
{{- toYaml .Values.opcua.configuration.discoveryDetails.applicationNames.items | nindent 8 }}
{{- else }}
items: []
{{- end }}
{{- if or .Values.opcua.configuration.brokerPod.image.repository .Values.opcua.configuration.brokerJob.image.repository }}
{{- /* Only add brokerSpec if a broker image is provided */}}
brokerSpec:
{{- if .Values.opcua.configuration.brokerPod.image.repository }}
brokerPodSpec:
containers:
- name: {{ .Values.opcua.configuration.name }}-broker
image: {{ printf "%s:%s" .Values.opcua.configuration.brokerPod.image.repository .Values.opcua.configuration.brokerPod.image.tag | quote }}
{{- with .Values.opcua.configuration.brokerPod.image.pullPolicy }}
imagePullPolicy: {{ . }}
{{- end }}
{{- if .Values.opcua.configuration.brokerPod.env }}
env:
{{- range $key, $val := .Values.opcua.configuration.brokerPod.env }}
- name: {{ $key }}
value: {{ $val | quote }}
{{- end }}
{{- end }}
{{- if .Values.opcua.configuration.brokerPod.envFrom }}
envFrom:
{{- range $val := .Values.opcua.configuration.brokerPod.envFrom.secretRef }}
- secretRef:
name: {{ $val | quote }}
{{- end }}
{{- range $val := .Values.opcua.configuration.brokerPod.envFrom.configMapRef }}
- configMapRef:
name: {{ $val | quote }}
{{- end }}
{{- end }}
{{- if .Values.opcua.configuration.brokerPod.env }}
env:
{{- range $key, $val := .Values.opcua.configuration.brokerPod.env }}
- name: {{ $key }}
value: {{ $val | quote }}
{{- end }}
{{- end }}
resources:
requests:
{{`"{{PLACEHOLDER}}"`}} : "1"
memory: {{ .Values.opcua.configuration.brokerPod.resources.memoryRequest }}
cpu: {{ .Values.opcua.configuration.brokerPod.resources.cpuRequest }}
limits:
{{`"{{PLACEHOLDER}}"`}} : "1"
memory: {{ .Values.opcua.configuration.brokerPod.resources.memoryLimit }}
cpu: {{ .Values.opcua.configuration.brokerPod.resources.cpuLimit }}
{{- if or .Values.opcua.configuration.brokerPod.volumeMounts .Values.opcua.configuration.mountCertificates }}
volumeMounts:
{{- with .Values.opcua.configuration.brokerPod.volumeMounts}}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- if .Values.opcua.configuration.mountCertificates}}
- name: credentials
mountPath: "/etc/opcua-certs/client-pki"
readOnly: false
{{- end }}
{{- end }}
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 6 }}
{{- end }}
{{- if or .Values.opcua.configuration.brokerPod.volumeMounts .Values.opcua.configuration.mountCertificates }}
volumes:
{{- with .Values.opcua.configuration.brokerPod.volumes}}
{{- toYaml . | nindent 6 }}
{{- end }}
{{- if .Values.opcua.configuration.mountCertificates }}
- name: credentials
secret:
secretName: opcua-broker-credentials
items:
- key: client_certificate
path: own/certs/AkriBroker.der
- key: client_key
path: own/private/AkriBroker.pfx
- key: ca_certificate
path: trusted/certs/SomeCA.der
- key: ca_crl
path: trusted/crl/SomeCA.crl
{{- end }}
{{- end }}
{{- else }}
brokerJobSpec:
template:
spec:
containers:
- name: {{ .Values.opcua.configuration.name }}-broker
image: {{ printf "%s:%s" .Values.opcua.configuration.brokerJob.image.repository .Values.opcua.configuration.brokerPod.image.tag | quote }}
{{- if .Values.opcua.configuration.brokerJob.command }}
command:
{{- toYaml .Values.opcua.configuration.brokerJob.command | nindent 14 }}
{{- end }}
{{- with .Values.opcua.configuration.pullPolicy }}
imagePullPolicy: {{ . }}
{{- end }}
{{- if .Values.opcua.configuration.brokerJob.env }}
env:
{{- range $key, $val := .Values.opcua.configuration.brokerJob.env }}
- name: {{ $key }}
value: {{ $val | quote }}
{{- end }}
{{- end }}
{{- if .Values.opcua.configuration.brokerJob.envFrom }}
envFrom:
{{- range $val := .Values.opcua.configuration.brokerJob.envFrom.secretRef }}
- secretRef:
name: {{ $val | quote }}
{{- end }}
{{- range $val := .Values.opcua.configuration.brokerJob.envFrom.configMapRef }}
- configMapRef:
name: {{ $val | quote }}
{{- end }}
{{- end }}
resources:
requests:
{{`"{{PLACEHOLDER}}"`}} : "1"
memory: {{ .Values.opcua.configuration.brokerJob.resources.memoryRequest }}
cpu: {{ .Values.opcua.configuration.brokerJob.resources.cpuRequest }}
limits:
{{`"{{PLACEHOLDER}}"`}} : "1"
memory: {{ .Values.opcua.configuration.brokerJob.resources.memoryLimit }}
cpu: {{ .Values.opcua.configuration.brokerJob.resources.cpuLimit }}
{{- with .Values.opcua.configuration.brokerJob.volumeMounts}}
volumeMounts:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- with .Values.opcua.configuration.brokerJob.volumes}}
volumes:
{{- toYaml . | nindent 10 }}
{{- end }}
restartPolicy: {{ .Values.opcua.configuration.brokerJob.restartPolicy }}
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 10 }}
{{- end }}
backoffLimit: {{ .Values.opcua.configuration.brokerJob.backoffLimit }}
parallelism: {{ .Values.opcua.configuration.brokerJob.parallelism }}
completions: {{ .Values.opcua.configuration.brokerJob.completions }}
{{- end }}
{{- end }}
{{- /* Only add service specs if a broker image was specified and service
creation was not disabled */}}
{{- if .Values.opcua.configuration.brokerPod.image.repository }}
{{- if .Values.opcua.configuration.createInstanceServices }}
instanceServiceSpec:
type: {{ .Values.opcua.configuration.instanceService.type }}
ports:
- name: grpc
port: {{ .Values.opcua.configuration.instanceService.port }}
protocol: {{ .Values.opcua.configuration.instanceService.protocol }}
targetPort: {{ .Values.opcua.configuration.instanceService.targetPort }}
{{- end }}
{{- if .Values.opcua.configuration.createConfigurationService }}
configurationServiceSpec:
type: {{ .Values.opcua.configuration.configurationService.type }}
ports:
- name: grpc
port: {{ .Values.opcua.configuration.configurationService.port }}
protocol: {{ .Values.opcua.configuration.configurationService.protocol }}
targetPort: {{ .Values.opcua.configuration.configurationService.targetPort }}
{{- end }}
{{- end }}
{{- if .Values.opcua.configuration.brokerProperties }}
brokerProperties:
{{- range $key, $val := .Values.opcua.configuration.brokerProperties }}
{{- $key | nindent 4 }}: {{ $val | quote }}
{{- end }}
{{- else }}
brokerProperties: {}
{{- end }}
capacity: {{ .Values.opcua.configuration.capacity }}
{{- end }}0707010000000b000081a400000000000000000000000168e8e22600000bec000000000000000000000000000000000000002700000000templates/opcua-discovery-handler.yaml{{- if .Values.opcua.discovery.enabled }}
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: akri-opcua-discovery-daemonset
annotations:
akri.sh/discoveryHandlerName: opcua
labels: {{- include "akri.labels" . | nindent 4 }}
app.kubernetes.io/name: akri-opcua-discovery
app.kubernetes.io/component: discovery-handler
spec:
selector:
matchLabels: {{- include "akri.selectorLabels" . | nindent 6 }}
app.kubernetes.io/name: akri-opcua-discovery
template:
metadata:
labels: {{- include "akri.labels" . | nindent 8 }}
app.kubernetes.io/name: akri-opcua-discovery
app.kubernetes.io/component: discovery-handler
spec:
containers:
- name: akri-opcua-discovery
{{- if .Values.useDevelopmentContainers }}
{{- if .Values.useLatestContainers }}
image: {{ printf "%s:%s" .Values.opcua.discovery.image.repository (default "latest-dev" .Values.opcua.discovery.image.tag) | quote }}
{{- else }}
image: {{ printf "%s:%s" .Values.opcua.discovery.image.repository (default (printf "v%s-dev" .Chart.AppVersion) .Values.opcua.discovery.image.tag) | quote }}
{{- end }}
{{- else }}
{{- if .Values.useLatestContainers }}
image: {{ printf "%s:%s" .Values.opcua.discovery.image.repository (default "latest" .Values.opcua.discovery.image.tag) | quote }}
{{- else }}
image: {{ printf "%s:%s" .Values.opcua.discovery.image.repository (default (printf "v%s" .Chart.AppVersion) .Values.opcua.discovery.image.tag) | quote }}
{{- end }}
{{- end }}
{{- with .Values.opcua.discovery.image.pullPolicy }}
imagePullPolicy: {{ . }}
{{- end}}
resources:
requests:
memory: {{ .Values.opcua.discovery.resources.memoryRequest }}
cpu: {{ .Values.opcua.discovery.resources.cpuRequest }}
limits:
memory: {{ .Values.opcua.discovery.resources.memoryLimit }}
cpu: {{ .Values.opcua.discovery.resources.cpuLimit }}
{{- if .Values.opcua.discovery.useNetworkConnection }}
ports:
- name: discovery
containerPort: {{ .Values.opcua.discovery.port }}
{{- end }}
env:
{{- if .Values.opcua.discovery.useNetworkConnection }}
- name: POD_IP
valueFrom:
fieldRef:
fieldPath: status.podIP
{{- end }}
- name: DISCOVERY_HANDLERS_DIRECTORY
value: /var/lib/akri
volumeMounts:
- name: discovery-handlers
mountPath: /var/lib/akri
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
nodeSelector:
"kubernetes.io/os": linux
{{- if .Values.opcua.discovery.nodeSelectors }}
{{- toYaml .Values.opcua.discovery.nodeSelectors | nindent 8 }}
{{- end }}
volumes:
- name: discovery-handlers
hostPath:
path: {{ .Values.agent.host.discoveryHandlers }}
{{- end }}
0707010000000c000081a400000000000000000000000168e8e22600000418000000000000000000000000000000000000001a00000000templates/prometheus.yaml{{- if .Values.prometheus.enabled }}
apiVersion: monitoring.coreos.com/v1
kind: PodMonitor
metadata:
name: akri-agent-metrics
namespace: {{ .Release.Namespace }}
labels: {{- include "akri.labels" . | nindent 4 }}
app.kubernetes.io/name: akri-agent
release: prometheus
spec:
selector:
matchLabels: {{- include "akri.selectorLabels" . | nindent 6 }}
app.kubernetes.io/name: akri-agent
podMetricsEndpoints:
- port: {{ .Values.prometheus.portName | quote }}
path: {{ .Values.prometheus.endpoint }}
---
apiVersion: monitoring.coreos.com/v1
kind: PodMonitor
metadata:
name: akri-controller-metrics
namespace: {{ .Release.Namespace }}
labels: {{- include "akri.labels" . | nindent 4 }}
app.kubernetes.io/name: akri-controller
release: prometheus
spec:
selector:
matchLabels: {{- include "akri.selectorLabels" . | nindent 6 }}
app.kubernetes.io/name: akri-controller
podMetricsEndpoints:
- port: {{ .Values.prometheus.portName | quote }}
path: {{ .Values.prometheus.endpoint }}
{{- end }}0707010000000d000081a400000000000000000000000168e8e22600000af2000000000000000000000000000000000000001400000000templates/rbac.yaml{{- if .Values.rbac.enabled }}
apiVersion: v1
kind: ServiceAccount
metadata:
name: akri-controller-sa
labels: {{- include "akri.labels" . | nindent 4 }}
app.kubernetes.io/name: akri-controller
app.kubernetes.io/component: controller
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: akri-agent-sa
labels: {{- include "akri.labels" . | nindent 4 }}
app.kubernetes.io/name: akri-agent
app.kubernetes.io/component: agent
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: "akri-controller-role"
labels: {{- include "akri.labels" . | nindent 4 }}
app.kubernetes.io/name: akri-controller
app.kubernetes.io/component: controller
rules:
- apiGroups: [""]
resources: ["pods", "services"]
verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
- apiGroups: ["batch"]
resources: ["jobs"]
verbs: ["get", "list", "watch", "create", "update", "patch", "delete", "deletecollection"]
- apiGroups: [""]
resources: ["nodes"]
verbs: ["get", "list", "watch"]
- apiGroups: [{{ .Values.crds.group | quote }}]
resources: ["instances"]
verbs: ["get", "list", "watch", "update", "patch"]
- apiGroups: [{{ .Values.crds.group | quote }}]
resources: ["configurations"]
verbs: ["get", "list", "watch"]
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: "akri-agent-role"
labels: {{- include "akri.labels" . | nindent 4 }}
app.kubernetes.io/name: akri-agent
app.kubernetes.io/component: agent
rules:
- apiGroups: [""]
resources: ["pods"]
verbs: ["get", "list", "watch"]
- apiGroups: [{{ .Values.crds.group | quote }}]
resources: ["instances"]
verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
- apiGroups: [{{ .Values.crds.group | quote }}]
resources: ["configurations"]
verbs: ["get", "list", "watch"]
---
apiVersion: 'rbac.authorization.k8s.io/v1'
kind: 'ClusterRoleBinding'
metadata:
name: 'akri-controller-binding'
namespace: {{ .Release.Namespace }}
labels: {{- include "akri.labels" . | nindent 4 }}
app.kubernetes.io/name: akri-controller
app.kubernetes.io/component: controller
roleRef:
apiGroup: ''
kind: 'ClusterRole'
name: 'akri-controller-role'
subjects:
- kind: 'ServiceAccount'
name: 'akri-controller-sa'
namespace: {{ .Release.Namespace }}
---
apiVersion: 'rbac.authorization.k8s.io/v1'
kind: 'ClusterRoleBinding'
metadata:
name: 'akri-agent-binding'
namespace: {{ .Release.Namespace }}
labels: {{- include "akri.labels" . | nindent 4 }}
app.kubernetes.io/name: akri-agent
app.kubernetes.io/component: agent
roleRef:
apiGroup: ''
kind: 'ClusterRole'
name: 'akri-agent-role'
subjects:
- kind: 'ServiceAccount'
name: 'akri-agent-sa'
namespace: {{ .Release.Namespace }}
{{- end }}0707010000000e000081a400000000000000000000000168e8e22600001851000000000000000000000000000000000000002200000000templates/udev-configuration.yaml{{- if .Values.udev.configuration.enabled }}
apiVersion: {{ printf "%s/%s" .Values.crds.group .Values.crds.version }}
kind: Configuration
metadata:
name: {{ .Values.udev.configuration.name }}
spec:
discoveryHandler:
name: udev
discoveryDetails: |+
groupRecursive: {{ .Values.udev.configuration.discoveryDetails.groupRecursive }}
udevRules:
{{- required "Please set at least one udev rule with `--set udev.configuration.discoveryDetails.udevRules[0]==\"<udev rule>\"' to specify what you want discovered. See the udev Configuration document at https://docs.akri.sh/discovery-handlers/udev for more information." .Values.udev.configuration.discoveryDetails.udevRules | toYaml | nindent 6 }}
{{- if or .Values.udev.configuration.brokerPod.image.repository .Values.udev.configuration.brokerJob.image.repository }}
{{- /* Only add brokerSpec if a broker image is provided */}}
brokerSpec:
{{- if .Values.udev.configuration.brokerPod.image.repository }}
brokerPodSpec:
containers:
- name: {{ .Values.udev.configuration.name }}-broker
image: {{ printf "%s:%s" .Values.udev.configuration.brokerPod.image.repository .Values.udev.configuration.brokerPod.image.tag | quote }}
{{- with .Values.udev.configuration.brokerPod.image.pullPolicy }}
imagePullPolicy: {{ . }}
{{- end }}
{{- if .Values.udev.configuration.brokerPod.env }}
env:
{{- range $key, $val := .Values.udev.configuration.brokerPod.env }}
- name: {{ $key }}
value: {{ $val | quote }}
{{- end }}
{{- end }}
{{- if .Values.udev.configuration.brokerPod.envFrom }}
envFrom:
{{- range $val := .Values.udev.configuration.brokerPod.envFrom.secretRef }}
- secretRef:
name: {{ $val | quote }}
{{- end }}
{{- range $val := .Values.udev.configuration.brokerPod.envFrom.configMapRef }}
- configMapRef:
name: {{ $val | quote }}
{{- end }}
{{- end }}
securityContext:
{{- if .Values.udev.configuration.brokerPod.securityContext }}
{{- toYaml .Values.udev.configuration.brokerPod.securityContext | nindent 10 }}
{{- else}}
privileged: true
{{- end}}
resources:
requests:
{{`"{{PLACEHOLDER}}"`}} : "1"
memory: {{ .Values.udev.configuration.brokerPod.resources.memoryRequest }}
cpu: {{ .Values.udev.configuration.brokerPod.resources.cpuRequest }}
limits:
{{`"{{PLACEHOLDER}}"`}} : "1"
memory: {{ .Values.udev.configuration.brokerPod.resources.memoryLimit }}
cpu: {{ .Values.udev.configuration.brokerPod.resources.cpuLimit }}
{{- with .Values.udev.configuration.brokerPod.volumeMounts}}
volumeMounts:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.udev.configuration.brokerPod.volumes}}
volumes:
{{- toYaml . | nindent 6 }}
{{- end }}
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 6 }}
{{- end }}
{{- else }}
brokerJobSpec:
template:
spec:
containers:
- name: {{ .Values.udev.configuration.name }}-broker
image: {{ printf "%s:%s" .Values.udev.configuration.brokerJob.image.repository .Values.udev.configuration.brokerPod.image.tag | quote }}
{{- if .Values.udev.configuration.brokerJob.command }}
command:
{{- toYaml .Values.udev.configuration.brokerJob.command | nindent 14 }}
{{- end }}
{{- with .Values.udev.configuration.pullPolicy }}
imagePullPolicy: {{ . }}
{{- end }}
resources:
requests:
{{`"{{PLACEHOLDER}}"`}} : "1"
memory: {{ .Values.udev.configuration.brokerJob.resources.memoryRequest }}
cpu: {{ .Values.udev.configuration.brokerJob.resources.cpuRequest }}
limits:
{{`"{{PLACEHOLDER}}"`}} : "1"
memory: {{ .Values.udev.configuration.brokerJob.resources.memoryLimit }}
cpu: {{ .Values.udev.configuration.brokerJob.resources.cpuLimit }}
restartPolicy: {{ .Values.udev.configuration.brokerJob.restartPolicy }}
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 10 }}
{{- end }}
backoffLimit: {{ .Values.udev.configuration.brokerJob.backoffLimit }}
parallelism: {{ .Values.udev.configuration.brokerJob.parallelism }}
completions: {{ .Values.udev.configuration.brokerJob.completions }}
{{- end }}
{{- end }}
{{- /* Only add service specs if a broker image was specified and service
creation was not disabled */}}
{{- if .Values.udev.configuration.brokerPod.image.repository }}
{{- if .Values.udev.configuration.createInstanceServices }}
instanceServiceSpec:
type: {{ .Values.udev.configuration.instanceService.type }}
ports:
- name: {{ .Values.udev.configuration.instanceService.portName }}
port: {{ .Values.udev.configuration.instanceService.port }}
protocol: {{ .Values.udev.configuration.instanceService.protocol }}
targetPort: {{ .Values.udev.configuration.instanceService.targetPort }}
{{- end }}
{{- if .Values.udev.configuration.createConfigurationService }}
configurationServiceSpec:
type: {{ .Values.udev.configuration.configurationService.type }}
ports:
- name: {{ .Values.udev.configuration.configurationService.portName }}
port: {{ .Values.udev.configuration.configurationService.port }}
protocol: {{ .Values.udev.configuration.configurationService.protocol }}
targetPort: {{ .Values.udev.configuration.configurationService.targetPort }}
{{- end }}
{{- end }}
{{- if .Values.udev.configuration.brokerProperties }}
brokerProperties:
{{- range $key, $val := .Values.udev.configuration.brokerProperties }}
{{- $key | nindent 4 }}: {{ $val | quote }}
{{- end }}
{{- else }}
brokerProperties: {}
{{- end }}
capacity: {{ .Values.udev.configuration.capacity }}
{{- end }}0707010000000f000081a400000000000000000000000168e8e22600000d29000000000000000000000000000000000000002600000000templates/udev-discovery-handler.yaml{{- if .Values.udev.discovery.enabled }}
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: akri-udev-discovery-daemonset
annotations:
akri.sh/discoveryHandlerName: udev
labels: {{- include "akri.labels" . | nindent 4 }}
app.kubernetes.io/name: akri-udev-discovery
app.kubernetes.io/component: discovery-handler
spec:
selector:
matchLabels: {{- include "akri.selectorLabels" . | nindent 6 }}
app.kubernetes.io/name: akri-udev-discovery
template:
metadata:
labels: {{- include "akri.labels" . | nindent 8 }}
app.kubernetes.io/name: akri-udev-discovery
app.kubernetes.io/component: discovery-handler
spec:
nodeSelector:
"kubernetes.io/os": linux
containers:
- name: akri-udev-discovery
{{- if .Values.useDevelopmentContainers }}
{{- if .Values.useLatestContainers }}
image: {{ printf "%s:%s" .Values.udev.discovery.image.repository (default "latest-dev" .Values.udev.discovery.image.tag) | quote }}
{{- else }}
image: {{ printf "%s:%s" .Values.udev.discovery.image.repository (default (printf "v%s-dev" .Chart.AppVersion) .Values.udev.discovery.image.tag) | quote }}
{{- end }}
{{- else }}
{{- if .Values.useLatestContainers }}
image: {{ printf "%s:%s" .Values.udev.discovery.image.repository (default "latest" .Values.udev.discovery.image.tag) | quote }}
{{- else }}
image: {{ printf "%s:%s" .Values.udev.discovery.image.repository (default (printf "v%s" .Chart.AppVersion) .Values.udev.discovery.image.tag) | quote }}
{{- end }}
{{- end }}
{{- with .Values.udev.discovery.image.pullPolicy }}
imagePullPolicy: {{ . }}
{{- end}}
resources:
requests:
memory: {{ .Values.udev.discovery.resources.memoryRequest }}
cpu: {{ .Values.udev.discovery.resources.cpuRequest }}
limits:
memory: {{ .Values.udev.discovery.resources.memoryLimit }}
cpu: {{ .Values.udev.discovery.resources.cpuLimit }}
{{- if .Values.udev.discovery.useNetworkConnection }}
ports:
- name: discovery
containerPort: {{ .Values.udev.discovery.port }}
{{- end }}
env:
{{- if .Values.udev.discovery.useNetworkConnection }}
- name: POD_IP
valueFrom:
fieldRef:
fieldPath: status.podIP
{{- end }}
- name: DISCOVERY_HANDLERS_DIRECTORY
value: /var/lib/akri
volumeMounts:
- name: discovery-handlers
mountPath: /var/lib/akri
{{- if .Values.udev.discovery.host.udev }}
- name: devices
mountPath: /run/udev
{{- end }}
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
nodeSelector:
"kubernetes.io/os": linux
{{- if .Values.udev.discovery.nodeSelectors }}
{{- toYaml .Values.udev.discovery.nodeSelectors | nindent 8 }}
{{- end }}
volumes:
- name: discovery-handlers
hostPath:
path: {{ .Values.agent.host.discoveryHandlers }}
{{- if .Values.udev.discovery.host.udev }}
- name: devices
hostPath:
path: "{{ .Values.udev.discovery.host.udev }}"
{{- end }}
{{- end }}
07070100000010000081a400000000000000000000000168e8e226000017e3000000000000000000000000000000000000002400000000templates/webhook-cert-autogen.yaml{{- if and .Values.webhookConfiguration.enabled (not .Values.webhookConfiguration.caBundle) -}}
{{- if .Values.rbac.enabled }}
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: {{ .Values.webhookConfiguration.name }}-patch
annotations:
"helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade
"helm.sh/hook-weight": "-5"
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
labels:
{{- include "akri.labels" . | nindent 4 }}
app.kubernetes.io/component: admission-webhook
rules:
- apiGroups:
- admissionregistration.k8s.io
resources:
- validatingwebhookconfigurations
verbs:
- get
- update
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: {{ .Values.webhookConfiguration.name }}-patch
annotations:
"helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade
"helm.sh/hook-weight": "-5"
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
labels:
{{- include "akri.labels" . | nindent 4 }}
app.kubernetes.io/component: admission-webhook
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: {{ .Values.webhookConfiguration.name }}-patch
subjects:
- kind: ServiceAccount
name: {{ .Values.webhookConfiguration.name }}-patch
namespace: {{ .Release.Namespace | quote }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: {{ .Values.webhookConfiguration.name }}-patch
namespace: {{ .Release.Namespace }}
annotations:
"helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade
"helm.sh/hook-weight": "-5"
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
labels:
{{- include "akri.labels" . | nindent 4 }}
app.kubernetes.io/component: admission-webhook
rules:
- apiGroups:
- ""
resources:
- secrets
verbs:
- get
- create
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: {{ .Values.webhookConfiguration.name }}-patch
namespace: {{ .Release.Namespace }}
annotations:
"helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade
"helm.sh/hook-weight": "-5"
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
labels:
{{- include "akri.labels" . | nindent 4 }}
app.kubernetes.io/component: admission-webhook
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: {{ .Values.webhookConfiguration.name }}-patch
subjects:
- kind: ServiceAccount
name: {{ .Values.webhookConfiguration.name }}-patch
namespace: {{ .Release.Namespace | quote }}
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ .Values.webhookConfiguration.name }}-patch
namespace: {{ .Release.Namespace }}
annotations:
"helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade
"helm.sh/hook-weight": "-5"
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
labels:
{{- include "akri.labels" . | nindent 4 }}
app.kubernetes.io/component: admission-webhook
---
{{- end }}
apiVersion: batch/v1
kind: Job
metadata:
name: {{ .Values.webhookConfiguration.name }}-create
namespace: {{ .Release.Namespace }}
annotations:
"helm.sh/hook": pre-install,pre-upgrade
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
labels:
{{- include "akri.labels" . | nindent 4 }}
app.kubernetes.io/component: admission-webhook
spec:
ttlSecondsAfterFinished: 0
template:
metadata:
name: {{ .Values.webhookConfiguration.name }}-create
labels:
{{- include "akri.labels" . | nindent 8 }}
app.kubernetes.io/component: admission-webhook
spec:
containers:
- name: create
image: "{{ .Values.webhookConfiguration.certImage.reference }}:{{ .Values.webhookConfiguration.certImage.tag }}"
imagePullPolicy: {{ .Values.webhookConfiguration.certImage.pullPolicy }}
args:
- create
- --host={{ .Values.webhookConfiguration.name }},{{ .Values.webhookConfiguration.name }}.{{ .Release.Namespace }}.svc
- --namespace={{ .Release.Namespace }}
- --secret-name={{ .Values.webhookConfiguration.name }}
- --cert-name=tls.crt
- --key-name=tls.key
env:
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
restartPolicy: OnFailure
{{- if .Values.rbac.enabled }}
serviceAccountName: {{ .Values.webhookConfiguration.name }}-patch
{{- end }}
---
apiVersion: batch/v1
kind: Job
metadata:
name: {{ .Values.webhookConfiguration.name }}-patch
namespace: {{ .Release.Namespace }}
annotations:
"helm.sh/hook": post-install,post-upgrade
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
labels:
{{- include "akri.labels" . | nindent 4 }}
app.kubernetes.io/component: admission-webhook
spec:
ttlSecondsAfterFinished: 0
template:
metadata:
name: {{ .Values.webhookConfiguration.name }}-patch
labels:
{{- include "akri.labels" . | nindent 8 }}
app.kubernetes.io/component: admission-webhook
spec:
containers:
- name: patch
image: "{{ .Values.webhookConfiguration.certImage.reference }}:{{ .Values.webhookConfiguration.certImage.tag }}"
imagePullPolicy: {{ .Values.webhookConfiguration.certImage.pullPolicy }}
args:
- patch
- --webhook-name={{ .Values.webhookConfiguration.name }}
- --namespace={{ .Release.Namespace }}
- --patch-mutating=false
- --secret-name={{ .Values.webhookConfiguration.name }}
- --patch-failure-policy=Fail
env:
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
restartPolicy: OnFailure
{{- if .Values.rbac.enabled }}
serviceAccountName: {{ .Values.webhookConfiguration.name }}-patch
{{- end }}
{{- end -}}07070100000011000081a400000000000000000000000168e8e22600001a07000000000000000000000000000000000000002500000000templates/webhook-configuration.yaml{{- if .Values.webhookConfiguration.enabled }}
apiVersion: v1
kind: List
metadata:
name: {{ .Values.webhookConfiguration.name }}
labels: {{- include "akri.labels" . | nindent 4 }}
items:
- apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ .Values.webhookConfiguration.name }}
namespace: {{ .Release.Namespace }}
labels: {{- include "akri.labels" . | nindent 8 }}
app.kubernetes.io/name: {{ .Values.webhookConfiguration.name }}
app.kubernetes.io/component: admission-webhook
- apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: {{ .Values.webhookConfiguration.name }}
namespace: {{ .Release.Namespace }}
labels: {{- include "akri.labels" . | nindent 8 }}
app.kubernetes.io/name: {{ .Values.webhookConfiguration.name }}
app.kubernetes.io/component: admission-webhook
rules:
- apiGroups: [""]
resources: ["pods"]
verbs: ["get"]
- apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: {{ .Values.webhookConfiguration.name }}
namespace: {{ .Release.Namespace }}
labels: {{- include "akri.labels" . | nindent 8 }}
app.kubernetes.io/name: {{ .Values.webhookConfiguration.name }}
app.kubernetes.io/component: admission-webhook
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: {{ .Values.webhookConfiguration.name }}
subjects:
- kind: ServiceAccount
name: {{ .Values.webhookConfiguration.name }}
namespace: {{ .Release.Namespace }}
- apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ .Values.webhookConfiguration.name }}
labels: {{- include "akri.labels" . | nindent 8 }}
app.kubernetes.io/name: {{ .Values.webhookConfiguration.name }}
app.kubernetes.io/component: admission-webhook
spec:
replicas: 1
selector:
matchLabels: {{- include "akri.selectorLabels" . | nindent 10 }}
app.kubernetes.io/name: {{ .Values.webhookConfiguration.name }}
template:
metadata:
labels: {{- include "akri.labels" . | nindent 12 }}
app.kubernetes.io/name: {{ .Values.webhookConfiguration.name }}
app.kubernetes.io/component: admission-webhook
spec:
{{- if .Values.rbac.enabled }}
serviceAccountName: {{ .Values.webhookConfiguration.name }}
{{- end }}
containers:
- name: webhook
{{- if .Values.useDevelopmentContainers }}
{{- if .Values.useLatestContainers }}
image: {{ printf "%s:latest-dev" .Values.webhookConfiguration.image.repository | quote }}
{{- else }}
image: {{ printf "%s:%s" .Values.webhookConfiguration.image.repository (default (printf "v%s-dev" .Chart.AppVersion) .Values.webhookConfiguration.image.tag) | quote }}
{{- end }}
{{- else }}
{{- if .Values.useLatestContainers }}
image: {{ printf "%s:latest" .Values.webhookConfiguration.image.repository | quote }}
{{- else }}
image: {{ printf "%s:%s" .Values.webhookConfiguration.image.repository (default (printf "v%s" .Chart.AppVersion) .Values.webhookConfiguration.image.tag) | quote }}
{{- end }}
{{- end }}
imagePullPolicy: {{ .Values.webhookConfiguration.image.pullPolicy }}
resources:
requests:
memory: {{ .Values.webhookConfiguration.resources.memoryRequest }}
cpu: {{ .Values.webhookConfiguration.resources.cpuRequest }}
limits:
memory: {{ .Values.webhookConfiguration.resources.memoryLimit }}
cpu: {{ .Values.webhookConfiguration.resources.cpuLimit }}
args:
- --tls-crt-file=/secrets/tls.crt
- --tls-key-file=/secrets/tls.key
- --port=8443
volumeMounts:
- name: secrets
mountPath: /secrets
readOnly: true
volumes:
- name: secrets
secret:
secretName: {{ .Values.webhookConfiguration.name }}
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- if .Values.webhookConfiguration.allowOnControlPlane }}
tolerations:
{{- /* Allow this pod to run on the master. */}}
- key: node-role.kubernetes.io/master
effect: NoSchedule
{{- end }}
nodeSelector:
{{- if .Values.webhookConfiguration.nodeSelectors }}
{{- toYaml .Values.webhookConfiguration.nodeSelectors | nindent 8 }}
{{- end }}
"kubernetes.io/os": linux
{{- if .Values.webhookConfiguration.onlyOnControlPlane }}
node-role.kubernetes.io/master: ""
{{- end }}
- apiVersion: v1
kind: Service
metadata:
name: {{ .Values.webhookConfiguration.name }}
labels: {{- include "akri.labels" . | nindent 8 }}
app.kubernetes.io/name: {{ .Values.webhookConfiguration.name }}
app.kubernetes.io/component: admission-webhook
spec:
selector: {{- include "akri.selectorLabels" . | nindent 8 }}
app.kubernetes.io/name: {{ .Values.webhookConfiguration.name }}
ports:
- name: http
port: 443
targetPort: 8443
- apiVersion: admissionregistration.k8s.io/v1
kind: ValidatingWebhookConfiguration
metadata:
name: {{ .Values.webhookConfiguration.name }}
labels: {{- include "akri.labels" . | nindent 8 }}
app.kubernetes.io/name: {{ .Values.webhookConfiguration.name }}
app.kubernetes.io/component: admission-webhook
webhooks:
- name: {{ .Values.webhookConfiguration.name }}.{{ .Release.Namespace }}.svc
clientConfig:
service:
name: {{ .Values.webhookConfiguration.name }}
namespace: {{ .Release.Namespace }}
port: 443
path: "/validate"
{{- if .Values.webhookConfiguration.caBundle }}
caBundle: {{ .Values.webhookConfiguration.caBundle }}
{{- end }}
rules:
- operations:
- "CREATE"
- "UPDATE"
apiGroups:
- {{ .Values.crds.group }}
apiVersions:
- {{ .Values.crds.version }}
resources:
- "configurations"
scope: "*"
admissionReviewVersions:
- v1
- v1beta1
sideEffects: None
{{- end }}
07070100000012000041ed00000000000000000000000168e8e22600000000000000000000000000000000000000000000000a00000000templates07070100000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000b00000000TRAILER!!!
