Create a Helm chart (replaces config/ folder using kustomize)

.github/workflows/kind-e2e.yaml

@@ -23,7 +23,7 @@ jobs:
         - v1.28.x
         - v1.29.x
         os:
-        # - ubuntu-20.04 # Ubuntu 20.04 uses cgroup v1 # TODO: temporarily disabled because of openssl commands incompatibility (1.1.1 version vs 3.x)
+        - ubuntu-20.04 # Ubuntu 20.04 uses cgroup v1
         - ubuntu-22.04 # Ubuntu 22.04 uses cgroup v2
     runs-on: ${{ matrix.os }}
 
@@ -50,10 +50,14 @@ jobs:
         kind-worker-count: 1
         feature-gates: InPlacePodVerticalScaling
 
+    - name: Install helm
+      run: |
+        curl https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 | bash
+
     - name: Install k8s-pod-cpu-booster
       run: |
-        make --directory config/ mutating-webhook-certs
-        kustomize build config/ | ko apply -f -
+        KO_DOCKER_REPO=kind.local ko build -P ./cmd/informer ./cmd/webhook
+        helm install k8s-pod-cpu-booster --namespace pod-cpu-booster --create-namespace ./helm
 
     - name: Wait for Ready
       run: |

README.md

@@ -27,11 +27,11 @@ The CPU boost can be configured with `norbjd.github.io/k8s-pod-cpu-booster-multi
 
 ## Install
 
-Use `ko`. Example on a `kind` cluster:
+Use `ko` and `helm`. Example on a `kind` cluster:
 
 ```sh
-make --directory config/ mutating-webhook-certs # generates self-signed certificates for the webhook
-kustomize build config/ | KO_DOCKER_REPO=kind.local ko apply -f -
+KO_DOCKER_REPO=kind.local ko build -P ./cmd/informer ./cmd/webhook
+helm install k8s-pod-cpu-booster --namespace pod-cpu-booster --create-namespace ./helm
 ```
 
 ## Test/Demo
@@ -52,8 +52,8 @@ kind load docker-image python:3.11-alpine
 Install `k8s-pod-cpu-booster`:
 
 ```sh
-make --directory config/ mutating-webhook-certs # generates self-signed certificates for the webhook
-kustomize build config/ | KO_DOCKER_REPO=kind.local ko apply -f -
+KO_DOCKER_REPO=kind.local ko build -P ./cmd/informer ./cmd/webhook
+helm install k8s-pod-cpu-booster --namespace pod-cpu-booster --create-namespace ./helm
 ```
 
 Start two similar pods with low CPU limits and running `python -m http.server`, with a readiness probe configured to check when the http server is started. The only differences are the name (obviously), and the label `norbjd.github.io/k8s-pod-cpu-booster-enabled`:
@@ -106,8 +106,7 @@ Cleanup:
 ```sh
 kubectl delete -f examples/pod-no-boost.yaml -f examples/pod-with-default-boost.yaml
 
-kustomize build config/ | KO_DOCKER_REPO=kind.local ko delete -f -
-make --directory config/ remove-certs
+helm uninstall -n pod-cpu-booster k8s-pod-cpu-booster
 
 kind delete cluster
 ```

helm/Chart.yaml

@@ -0,0 +1,7 @@
+apiVersion: v2
+name: k8s-pod-cpu-booster
+description: Simple PoC to give pods a CPU boost during startup
+
+type: application
+
+version: 0.1.0

config/mutating-webhook.yaml → helm/templates/mutating-webhook.yaml

@@ -1,3 +1,7 @@
+{{- $ca := genCA "svc-cat-ca" 3650 }}
+{{- $cn := "mutating-webhook" -}}
+{{- $altName := printf "%s.%s.svc" $cn .Release.Namespace }}
+{{- $cert := genSignedCert $cn nil (list $altName) 3650 $ca }}
 ---
 apiVersion: admissionregistration.k8s.io/v1
 kind: MutatingWebhookConfiguration
@@ -6,8 +10,9 @@ metadata:
 webhooks:
   - name: k8s-pod-cpu-booster.norbjd.github.io
     clientConfig:
-      caBundle: "" # will be overridden by kustomization replacement
-      service: # namespace field is overridden by the namespace defined in kustomization.yaml
+      caBundle: {{ b64enc $ca.Cert }}
+      service:
+        namespace: {{ .Release.Namespace }}
         name: mutating-webhook
         path: /mutate
     objectSelector:
@@ -30,12 +35,21 @@ webhooks:
     sideEffects: None
     admissionReviewVersions: ["v1"]
 ---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: mutating-webhook-certs
+type: kubernetes.io/tls
+data:
+  tls.crt: {{ b64enc $cert.Cert }}
+  tls.key: {{ b64enc $cert.Key }}
+---
 apiVersion: apps/v1
 kind: Deployment
 metadata:
   name: mutating-webhook
 spec:
-  replicas: 3
+  replicas: {{ .Values.webhook.replicaCount }}
   selector:
     matchLabels:
       app: mutating-webhook
@@ -46,7 +60,8 @@ spec:
     spec:
       containers:
         - name: mutating-webhook
-          image: ko://github.com/norbjd/k8s-pod-cpu-booster/cmd/webhook
+          image: {{ .Values.webhook.image }}
+          imagePullPolicy: {{ .Values.webhook.imagePullPolicy }}
           args:
             - -v=9
             - -port=8443
@@ -58,6 +73,8 @@ spec:
             - name: certs
               mountPath: /etc/certs
               readOnly: true
+          resources:
+            {{ toYaml .Values.resources }}
       volumes:
         - name: certs
           secret:

config/pod-cpu-boost-reset.yaml → helm/templates/pod-cpu-boost-reset.yaml

@@ -30,6 +30,7 @@ roleRef:
 subjects:
   - kind: ServiceAccount
     name: pod-cpu-boost-reset
+    namespace: {{ .Release.Namespace }}
 ---
 apiVersion: apps/v1
 kind: Deployment
@@ -47,13 +48,9 @@ spec:
     spec:
       containers:
       - name: pod-cpu-boost-reset
-        image: ko://github.com/norbjd/k8s-pod-cpu-booster/cmd/informer
+        image: {{ .Values.informer.image }}
+        imagePullPolicy: {{ .Values.informer.imagePullPolicy }}
         resources:
-          limits:
-            cpu: 100m
-            memory: 100Mi
-          requests:
-            cpu: 100m
-            memory: 100Mi
+          {{ toYaml .Values.resources }}
       serviceAccountName: pod-cpu-boost-reset
       terminationGracePeriodSeconds: 0 # TODO: change for production environments

helm/values.yaml

@@ -0,0 +1,14 @@
+# Default values for k8s-pod-cpu-booster.
+nameOverride: ""
+fullnameOverride: ""
+
+informer:
+  image: kind.local/github.com/norbjd/k8s-pod-cpu-booster/cmd/informer:latest
+  imagePullPolicy: Never
+  resources: {}
+
+webhook:
+  image: kind.local/github.com/norbjd/k8s-pod-cpu-booster/cmd/webhook:latest
+  imagePullPolicy: Never
+  replicaCount: 3
+  resources: {}