feat: add DaemonSet support to the helm chart (#62)

Adds the `kind` value which defaults to `Deployment` but can be set to
`DaemonSet` if desired.

Replica and HPA configuration is ignored if `kind` is `DaemonSet`.

Furthermore this change updates the `apiVersion` for the
`HorizontalPodAutoscaler` to `autoscaling/v2` since
`autoscaling/v2beta1` is deprecated and removed in Kubernetes 1.25. This
required some minor changes to the configuration schema.

Author: martinohmann

charts/pod-image-swap-webhook/Chart.yaml

@@ -2,5 +2,5 @@ apiVersion: v2
 name: pod-image-swap-webhook
 description: A webhook that replaces Pod images based on configuration values.
 type: application
-version: 0.0.3
+version: 0.1.0
 appVersion: "v0.0.3"

charts/pod-image-swap-webhook/templates/_helpers.tpl

@@ -60,3 +60,86 @@ Create the name of the service account to use
 {{- default "default" .Values.serviceAccount.name }}
 {{- end }}
 {{- end }}
+
+{{/*
+The pod template used by the Deployment and DaemonSet resources 
+*/}}
+{{- define "pod-image-swap-webhook.podTemplate" -}}
+metadata:
+  {{- with .Values.podAnnotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  labels:
+    # Revision forces recreation of pods on upgrade.
+    # Required to refresh the server certificate and key.
+    revision: {{ .Release.Revision | quote }}
+    {{- include "pod-image-swap-webhook.selectorLabels" . | nindent 4 }}
+  {{- with .Values.podLabels }}
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+spec:
+  {{- with .Values.imagePullSecrets }}
+  imagePullSecrets:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  serviceAccountName: {{ include "pod-image-swap-webhook.serviceAccountName" . }}
+  securityContext:
+    {{- toYaml .Values.podSecurityContext | nindent 4 }}
+  containers:
+    - name: {{ .Chart.Name }}
+      securityContext:
+        {{- toYaml .Values.securityContext | nindent 8 }}
+      image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
+      imagePullPolicy: {{ .Values.image.pullPolicy }}
+      env:
+        - name: PISW_CONFIG_PATH
+          value: /config/config.yaml
+        - name: PISW_CERT_DIR
+          value: /certs
+      ports:
+        - name: metrics
+          containerPort: 8080
+          protocol: TCP
+        - name: healthz
+          containerPort: 8081
+          protocol: TCP
+        - name: webhook
+          containerPort: 9443
+          protocol: TCP
+      livenessProbe:
+        httpGet:
+          path: /healthz
+          port: healthz
+      readinessProbe:
+        httpGet:
+          path: /readyz
+          port: healthz
+      resources:
+        {{- toYaml .Values.resources | nindent 8 }}
+      volumeMounts:
+        - name: config
+          mountPath: /config/config.yaml
+          subPath: config.yaml
+        - name: certs
+          mountPath: /certs
+  volumes:
+    - configMap:
+        name: {{ include "pod-image-swap-webhook.fullname" . }}
+      name: config
+    - secret:
+        secretName: {{ include "pod-image-swap-webhook.fullname" . }}
+      name: certs
+  {{- with .Values.nodeSelector }}
+  nodeSelector:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  {{- with .Values.affinity }}
+  affinity:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  {{- with .Values.tolerations }}
+  tolerations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+{{- end }}

charts/pod-image-swap-webhook/templates/daemonset.yaml

@@ -0,0 +1,15 @@
+{{- if eq .Values.kind "DaemonSet" -}}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ include "pod-image-swap-webhook.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "pod-image-swap-webhook.labels" . | nindent 4 }}
+spec:
+  selector:
+    matchLabels:
+      {{- include "pod-image-swap-webhook.selectorLabels" . | nindent 6 }}
+  template:
+    {{- include "pod-image-swap-webhook.podTemplate" . | nindent 4 }}
+{{- end }}

charts/pod-image-swap-webhook/templates/deployment.yaml

@@ -1,3 +1,4 @@
+{{- if eq .Values.kind "Deployment" -}}
 apiVersion: apps/v1
 kind: Deployment
 metadata:
@@ -13,80 +14,5 @@ spec:
     matchLabels:
       {{- include "pod-image-swap-webhook.selectorLabels" . | nindent 6 }}
   template:
-    metadata:
-      {{- with .Values.podAnnotations }}
-      annotations:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      labels:
-        # Revision forces recreation of pods on upgrade.
-        # Required to refresh the server certificate and key.
-        revision: {{ .Release.Revision | quote }}
-        {{- include "pod-image-swap-webhook.selectorLabels" . | nindent 8 }}
-      {{- with .Values.podLabels }}
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-    spec:
-      {{- with .Values.imagePullSecrets }}
-      imagePullSecrets:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      serviceAccountName: {{ include "pod-image-swap-webhook.serviceAccountName" . }}
-      securityContext:
-        {{- toYaml .Values.podSecurityContext | nindent 8 }}
-      containers:
-        - name: {{ .Chart.Name }}
-          securityContext:
-            {{- toYaml .Values.securityContext | nindent 12 }}
-          image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
-          imagePullPolicy: {{ .Values.image.pullPolicy }}
-          env:
-            - name: PISW_CONFIG_PATH
-              value: /config/config.yaml
-            - name: PISW_CERT_DIR
-              value: /certs
-          ports:
-            - name: metrics
-              containerPort: 8080
-              protocol: TCP
-            - name: healthz
-              containerPort: 8081
-              protocol: TCP
-            - name: webhook
-              containerPort: 9443
-              protocol: TCP
-          livenessProbe:
-            httpGet:
-              path: /healthz
-              port: healthz
-          readinessProbe:
-            httpGet:
-              path: /readyz
-              port: healthz
-          resources:
-            {{- toYaml .Values.resources | nindent 12 }}
-          volumeMounts:
-            - name: config
-              mountPath: /config/config.yaml
-              subPath: config.yaml
-            - name: certs
-              mountPath: /certs
-      volumes:
-        - configMap:
-            name: {{ include "pod-image-swap-webhook.fullname" . }}
-          name: config
-        - secret:
-            secretName: {{ include "pod-image-swap-webhook.fullname" . }}
-          name: certs
-      {{- with .Values.nodeSelector }}
-      nodeSelector:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.affinity }}
-      affinity:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.tolerations }}
-      tolerations:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
+    {{- include "pod-image-swap-webhook.podTemplate" . | nindent 4 }}
+{{- end }}

charts/pod-image-swap-webhook/templates/hpa.yaml

@@ -1,5 +1,5 @@
-{{- if .Values.hpa.create }}
-apiVersion: autoscaling/v2beta1
+{{- if and .Values.hpa.create (eq .Values.kind "Deployment") }}
+apiVersion: autoscaling/v2
 kind: HorizontalPodAutoscaler
 metadata:
   name: {{ include "pod-image-swap-webhook.fullname" . }}
@@ -18,12 +18,16 @@ spec:
     - type: Resource
       resource:
         name: cpu
-        targetAverageUtilization: {{ .Values.hpa.targetCPUUtilizationPercentage }}
+        target:
+          type: Utilization
+          averageUtilization: {{ .Values.hpa.targetCPUUtilizationPercentage }}
     {{- end }}
     {{- if .Values.hpa.targetMemoryUtilizationPercentage }}
     - type: Resource
       resource:
         name: memory
-        targetAverageUtilization: {{ .Values.hpa.targetMemoryUtilizationPercentage }}
+        target:
+          type: Utilization
+          averageUtilization: {{ .Values.hpa.targetMemoryUtilizationPercentage }}
     {{- end }}
 {{- end }}

charts/pod-image-swap-webhook/values.yaml

@@ -1,6 +1,9 @@
 # Default values for pod-image-swap-webhook.
 
-# Ignored if `hpa.create` is set to `true`.
+# Valid values are `Deployment` and `DaemonSet`.
+kind: Deployment
+
+# Ignored if `hpa.create` is set to `true` or if `kind` is `DaemonSet`.
 replicaCount: 2
 
 image:
@@ -45,6 +48,7 @@ resources: {}
   #   memory: 20Mi
 
 hpa:
+  # Ignored if `kind` is `DaemonSet`.
   create: true
   minReplicas: 2
   maxReplicas: 6