diff --git a/charts/jaeger/Chart.yaml b/charts/jaeger/Chart.yaml index 9d44f60e..e9fa14f6 100644 --- a/charts/jaeger/Chart.yaml +++ b/charts/jaeger/Chart.yaml @@ -3,7 +3,7 @@ appVersion: 1.53.0 description: A Jaeger Helm chart for Kubernetes name: jaeger type: application -version: 3.0.2 +version: 3.1.0 # CronJobs require v1.21 kubeVersion: ">= 1.21-0" keywords: @@ -14,6 +14,7 @@ keywords: home: https://jaegertracing.io icon: https://camo.githubusercontent.com/afa87494e0753b4b1f5719a2f35aa5263859dffb/687474703a2f2f6a61656765722e72656164746865646f63732e696f2f656e2f6c61746573742f696d616765732f6a61656765722d766563746f722e737667 sources: + - https://github.com/jaegertracing/helm-charts - https://hub.docker.com/u/jaegertracing/ maintainers: - name: dvonthenen diff --git a/charts/jaeger/templates/agent-ds.yaml b/charts/jaeger/templates/agent-ds.yaml index 7194d65e..12551801 100644 --- a/charts/jaeger/templates/agent-ds.yaml +++ b/charts/jaeger/templates/agent-ds.yaml @@ -32,8 +32,6 @@ spec: {{- toYaml .Values.agent.podLabels | nindent 8 }} {{- end }} spec: - securityContext: - {{- toYaml .Values.agent.podSecurityContext | nindent 8 }} {{- if .Values.agent.useHostNetwork }} hostNetwork: true {{- end }} @@ -49,8 +47,6 @@ spec: {{- end}} containers: - name: {{ template "jaeger.agent.name" . }} - securityContext: - {{- toYaml .Values.agent.securityContext | nindent 10 }} image: {{ include "agent.image" . }} imagePullPolicy: {{ .Values.agent.image.pullPolicy }} args: @@ -102,8 +98,15 @@ spec: httpGet: path: / port: admin + {{- if .Values.agent.resources }} resources: - {{- toYaml .Values.agent.resources | nindent 10 }} + {{- toYaml .Values.agent.resources | nindent 10 }} + {{- end }} + {{- if or (.Values.agent.securityContext) (.Values.securityContext) }} + securityContext: + {{- merge .Values.securityContext .Values.agent.securityContext | toYaml | nindent 10 }} + {{- end }} + {{- if or (.Values.agent.extraConfigmapMounts) (.Values.agent.extraSecretMounts) }} volumeMounts: {{- range .Values.agent.extraConfigmapMounts }} - name: {{ .name }} @@ -117,6 +120,12 @@ spec: subPath: {{ .subPath }} readOnly: {{ .readOnly }} {{- end }} + {{- end }} + {{- if or (.Values.agent.podSecurityContext) (.Values.podSecurityContext) }} + securityContext: + {{- merge .Values.podSecurityContext .Values.agent.podSecurityContext | toYaml | nindent 8 }} + {{- end }} + {{- if or (.Values.agent.extraConfigmapMounts) (.Values.agent.extraSecretMounts) }} volumes: {{- range .Values.agent.extraConfigmapMounts }} - name: {{ .name }} @@ -128,6 +137,7 @@ spec: secret: secretName: {{ .secretName }} {{- end }} + {{- end }} {{- with .Values.agent.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} diff --git a/charts/jaeger/templates/allinone-deploy.yaml b/charts/jaeger/templates/allinone-deploy.yaml index 87788207..aa84de94 100644 --- a/charts/jaeger/templates/allinone-deploy.yaml +++ b/charts/jaeger/templates/allinone-deploy.yaml @@ -98,16 +98,21 @@ spec: periodSeconds: 10 successThreshold: 1 timeoutSeconds: 1 - {{- with .Values.allInOne.resources }} + {{- with .Values.allInOne.resources }} resources: {{- toYaml . | nindent 12 }} - {{- end }} + {{- end }} + {{- if or (.Values.allInOne.securityContext) (.Values.securityContext) }} + securityContext: + {{- merge .Values.securityContext .Values.allInOne.securityContext | toYaml | nindent 12 }} + {{- end }} + {{- if or (.Values.allInOne.samplingConfig) (.Values.allInOne.extraSecretMounts) }} volumeMounts: {{- if not .Values.storage.badger.ephemeral }} - name: badger-data mountPath: {{ .Values.storage.badger.persistence.mountPath }} {{- end }} - {{- if .Values.allInOne.samplingConfig}} + {{- if .Values.allInOne.samplingConfig }} - name: strategies mountPath: /etc/conf/ {{- end }} @@ -117,11 +122,13 @@ spec: subPath: {{ .subPath }} readOnly: {{ .readOnly }} {{- end }} + {{- end }} + {{- if or (.Values.allInOne.podSecurityContext) (.Values.podSecurityContext) }} securityContext: - runAsUser: 10001 - runAsGroup: 10001 - fsGroup: 10001 + {{- merge .Values.podSecurityContext .Values.allInOne.podSecurityContext | toYaml | nindent 8 }} + {{- end }} serviceAccountName: {{ template "jaeger.fullname" . }} + {{- if or (.Values.allInOne.samplingConfig) (.Values.allInOne.extraSecretMounts)}} volumes: {{- if not .Values.storage.badger.ephemeral }} - name: badger-data @@ -132,14 +139,15 @@ spec: - name: strategies configMap: name: {{ include "jaeger.fullname" . }}-sampling-strategies - {{- end }} - {{- range .Values.allInOne.extraSecretMounts }} + {{- end }} + {{- range .Values.allInOne.extraSecretMounts }} - name: {{ .name }} secret: secretName: {{ .secretName }} - {{- end }} - {{- with .Values.allInOne.nodeSelector }} + {{- end }} + {{- end }} + {{- with .Values.allInOne.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} - {{- end }} + {{- end }} {{- end -}} diff --git a/charts/jaeger/templates/cassandra-schema-job.yaml b/charts/jaeger/templates/cassandra-schema-job.yaml index f5ee5a45..def727de 100644 --- a/charts/jaeger/templates/cassandra-schema-job.yaml +++ b/charts/jaeger/templates/cassandra-schema-job.yaml @@ -26,16 +26,12 @@ spec: {{- toYaml .Values.schema.podLabels | nindent 8 }} {{- end }} spec: - securityContext: - {{- toYaml .Values.schema.podSecurityContext | nindent 8 }} serviceAccountName: {{ template "jaeger.cassandraSchema.serviceAccountName" . }} {{- include "schema.imagePullSecrets" . | nindent 6 }} containers: - name: {{ include "jaeger.fullname" . }}-cassandra-schema image: {{ include "schema.image" . }} imagePullPolicy: {{ .Values.schema.image.pullPolicy }} - securityContext: - {{- toYaml .Values.schema.securityContext | nindent 10 }} env: {{- if .Values.schema.extraEnv }} {{- toYaml .Values.schema.extraEnv | nindent 10 }} @@ -57,8 +53,15 @@ spec: - name: KEYSPACE value: {{ .Values.storage.cassandra.keyspace }} {{- end }} + {{- if .Values.schema.resources }} resources: - {{- toYaml .Values.schema.resources | nindent 10 }} + {{- toYaml .Values.schema.resources | nindent 10 }} + {{- end }} + {{- if or (.Values.schema.podSecurityContext) (.Values.podSecurityContext) }} + securityContext: + {{- merge .Values.podSecurityContext .Values.schema.podSecurityContext | toYaml | nindent 10 }} + {{- end }} + {{- if or (.Values.schema.extraConfigmapMounts) (.Values.storage.cassandra.tls.enabled) }} volumeMounts: {{- range .Values.schema.extraConfigmapMounts }} - name: {{ .name }} @@ -84,7 +87,13 @@ spec: subPath: "cqlshrc" readOnly: true {{- end }} + {{- end }} restartPolicy: OnFailure + {{- if or (.Values.schema.podSecurityContext) (.Values.podSecurityContext) }} + securityContext: + {{- merge .Values.podSecurityContext .Values.schema.podSecurityContext | toYaml | nindent 8 }} + {{- end }} + {{- if or (.Values.schema.extraConfigmapMounts) (.Values.storage.cassandra.tls.enabled) }} volumes: {{- range .Values.schema.extraConfigmapMounts }} - name: {{ .name }} @@ -96,6 +105,7 @@ spec: secret: secretName: {{ .Values.storage.cassandra.tls.secretName }} {{- end }} + {{- end }} {{- end -}} {{- end -}} {{- end -}} diff --git a/charts/jaeger/templates/collector-deploy.yaml b/charts/jaeger/templates/collector-deploy.yaml index dfdd1dc7..8fa6a89b 100644 --- a/charts/jaeger/templates/collector-deploy.yaml +++ b/charts/jaeger/templates/collector-deploy.yaml @@ -35,8 +35,6 @@ spec: {{- with .Values.collector.priorityClassName }} priorityClassName: {{ . }} {{- end }} - securityContext: - {{- toYaml .Values.collector.podSecurityContext | nindent 8 }} serviceAccountName: {{ template "jaeger.collector.serviceAccountName" . }} {{- include "collector.imagePullSecrets" . | nindent 6 }} {{- if .Values.collector.initContainers }} @@ -45,8 +43,6 @@ spec: {{- end}} containers: - name: {{ template "jaeger.collector.name" . }} - securityContext: - {{- toYaml .Values.collector.securityContext | nindent 10 }} image: {{ include "collector.image" . }} imagePullPolicy: {{ .Values.collector.image.pullPolicy }} args: @@ -133,8 +129,15 @@ spec: httpGet: path: / port: admin + {{- if .Values.collector.resources }} resources: - {{- toYaml .Values.collector.resources | nindent 10 }} + {{- toYaml .Values.collector.resources | nindent 10 }} + {{- end }} + {{- if or (.Values.collector.securityContext) (.Values.securityContext) }} + securityContext: + {{- merge .Values.securityContext .Values.collector.securityContext | toYaml | nindent 10 }} + {{- end }} + {{- if or (.Values.collector.extraConfigmapMounts) (.Values.collector.extraSecretMounts) (.Values.collector.samplingConfig) (.Values.storage.cassandra.tls.enable) (.Values.storage.elasticsearch.tls.enabled) }} volumeMounts: {{- range .Values.collector.extraConfigmapMounts }} - name: {{ .name }} @@ -172,8 +175,14 @@ spec: - name: strategies mountPath: /etc/conf/ {{- end }} + {{- end }} dnsPolicy: {{ .Values.collector.dnsPolicy }} restartPolicy: Always + {{- if or (.Values.collector.podSecurityContext) (.Values.podSecurityContext) }} + securityContext: + {{- merge .Values.podSecurityContext .Values.collector.podSecurityContext | toYaml | nindent 8 }} + {{- end }} + {{- if or (.Values.collector.extraConfigmapMounts) (.Values.collector.extraSecretMounts) (.Values.collector.samplingConfig) (.Values.storage.cassandra.tls.enable) (.Values.storage.elasticsearch.tls.enabled) }} volumes: {{- range .Values.collector.extraConfigmapMounts }} - name: {{ .name }} @@ -200,6 +209,7 @@ spec: secret: secretName: {{ .Values.storage.elasticsearch.tls.secretName }} {{- end }} + {{- end }} {{- with .Values.collector.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} diff --git a/charts/jaeger/templates/es-index-cleaner-cronjob.yaml b/charts/jaeger/templates/es-index-cleaner-cronjob.yaml index cf3f58aa..76978ee1 100644 --- a/charts/jaeger/templates/es-index-cleaner-cronjob.yaml +++ b/charts/jaeger/templates/es-index-cleaner-cronjob.yaml @@ -56,8 +56,15 @@ spec: {{- toYaml .Values.esIndexCleaner.extraEnv | nindent 14 }} {{- end }} {{ include "elasticsearch.env" . | nindent 14 }} + {{- if .Values.esIndexCleaner.resources }} resources: - {{- toYaml .Values.esIndexCleaner.resources | nindent 14 }} + {{- toYaml .Values.esIndexCleaner.resources | nindent 14 }} + {{- end }} + {{- if or (.Values.esIndexCleaner.securityContext) (.Values.securityContext) }} + securityContext: + {{- merge .Values.securityContext .Values.esIndexCleaner.securityContext | toYaml | nindent 14 }} + {{- end }} + {{- if or (.Values.esIndexCleaner.extraConfigmapMounts) (.Values.esIndexCleaner.extraSecretMounts) (.Values.storage.elasticsearch.tls.enabled) }} volumeMounts: {{- range .Values.esIndexCleaner.extraConfigmapMounts }} - name: {{ .name }} @@ -77,6 +84,7 @@ spec: subPath: {{ .Values.storage.elasticsearch.tls.subPath }} readOnly: true {{- end }} + {{- end }} restartPolicy: OnFailure {{- with .Values.esIndexCleaner.nodeSelector }} nodeSelector: @@ -90,6 +98,11 @@ spec: tolerations: {{- toYaml . | nindent 12 }} {{- end }} + {{- if or (.Values.esIndexCleaner.podSecurityContext) (.Values.podSecurityContext) }} + securityContext: + {{- merge .Values.podSecurityContext .Values.esIndexCleaner.podSecurityContext | toYaml | nindent 12 }} + {{- end }} + {{- if or (.Values.esIndexCleaner.extraConfigmapMounts) (.Values.esIndexCleaner.extraSecretMounts) (.Values.storage.elasticsearch.tls.enabled) }} volumes: {{- range .Values.esIndexCleaner.extraConfigmapMounts }} - name: {{ .name }} @@ -106,4 +119,5 @@ spec: secret: secretName: {{ .Values.storage.elasticsearch.tls.secretName }} {{- end }} + {{- end }} {{- end -}} diff --git a/charts/jaeger/templates/es-lookback-cronjob.yaml b/charts/jaeger/templates/es-lookback-cronjob.yaml index c5f70dc2..db973825 100644 --- a/charts/jaeger/templates/es-lookback-cronjob.yaml +++ b/charts/jaeger/templates/es-lookback-cronjob.yaml @@ -70,8 +70,15 @@ spec: {{- if .Values.esLookback.extraEnv }} {{- toYaml .Values.esLookback.extraEnv | nindent 14 }} {{- end }} + {{- if .Values.esLookback.resources }} resources: - {{- toYaml .Values.esLookback.resources | nindent 14 }} + {{- toYaml .Values.esLookback.resources | nindent 14 }} + {{- end }} + {{- if or (.Values.esLoopback.securityContext) (.Values.securityContext) }} + securityContext: + {{- merge .Values.securityContext .Values.esLoopback.securityContext | toYaml | nindent 14 }} + {{- end }} + {{- if or (.Values.esLookback.extraConfigmapMounts) (.Values.esLookback.extraSecretMounts) (.Values.storage.elasticsearch.tls.enabled) }} volumeMounts: {{- range .Values.esLookback.extraConfigmapMounts }} - name: {{ .name }} @@ -91,6 +98,12 @@ spec: subPath: {{ .Values.storage.elasticsearch.tls.subPath }} readOnly: true {{- end }} + {{- end }} + {{- if or (.Values.esLoopback.podSecurityContext) (.Values.podSecurityContext) }} + securityContext: + {{- merge .Values.podSecurityContext .Values.esLoopback.podSecurityContext | toYaml | nindent 12 }} + {{- end }} + {{- if or (.Values.esLookback.extraConfigmapMounts) (.Values.esLookback.extraSecretMounts) (.Values.storage.elasticsearch.tls.enabled) }} volumes: {{- range .Values.esLookback.extraConfigmapMounts }} - name: {{ .name }} @@ -107,4 +120,5 @@ spec: secret: secretName: {{ .Values.storage.elasticsearch.tls.secretName }} {{- end }} + {{- end }} {{- end -}} diff --git a/charts/jaeger/templates/es-rollover-cronjob.yaml b/charts/jaeger/templates/es-rollover-cronjob.yaml index 35f9e5bc..104b3bc8 100644 --- a/charts/jaeger/templates/es-rollover-cronjob.yaml +++ b/charts/jaeger/templates/es-rollover-cronjob.yaml @@ -70,8 +70,15 @@ spec: {{- if .Values.esRollover.extraEnv }} {{- toYaml .Values.esRollover.extraEnv | nindent 14 }} {{- end }} + {{- if .Values.esRollover.resources }} resources: - {{- toYaml .Values.esRollover.resources | nindent 14 }} + {{- toYaml .Values.esRollover.resources | nindent 14 }} + {{- end }} + {{- if or (.Values.esRollover.securityContext) (.Values.securityContext) }} + securityContext: + {{- merge .Values.securityContext .Values.esRollover.securityContext | toYaml | nindent 14 }} + {{- end }} + {{- if or (.Values.esRollover.extraConfigmapMounts) (.Values.esRollover.extraSecretMounts) (.Values.storage.elasticsearch.tls.enabled) }} volumeMounts: {{- range .Values.esRollover.extraConfigmapMounts }} - name: {{ .name }} @@ -91,6 +98,12 @@ spec: subPath: {{ .Values.storage.elasticsearch.tls.subPath }} readOnly: true {{- end }} + {{- end }} + {{- if or (.Values.esRollover.podSecurityContext) (.Values.podSecurityContext) }} + securityContext: + {{- merge .Values.podSecurityContext .Values.esRollover.podSecurityContext | toYaml | nindent 12 }} + {{- end }} + {{- if or (.Values.esRollover.extraConfigmapMounts) (.Values.esRollover.extraSecretMounts) (.Values.storage.elasticsearch.tls.enabled) }} volumes: {{- range .Values.esRollover.extraConfigmapMounts }} - name: {{ .name }} @@ -107,4 +120,5 @@ spec: secret: secretName: {{ .Values.storage.elasticsearch.tls.secretName }} {{- end }} + {{- end }} {{- end -}} diff --git a/charts/jaeger/templates/hotrod-deploy.yaml b/charts/jaeger/templates/hotrod-deploy.yaml index ad74c1e9..e5c272ba 100644 --- a/charts/jaeger/templates/hotrod-deploy.yaml +++ b/charts/jaeger/templates/hotrod-deploy.yaml @@ -18,14 +18,14 @@ spec: {{- include "jaeger.selectorLabels" . | nindent 8 }} app.kubernetes.io/component: hotrod spec: + {{- if or (.Values.hotrod.podSecurityContext) (.Values.podSecurityContext) }} securityContext: - {{- toYaml .Values.hotrod.podSecurityContext | nindent 8 }} + {{- merge .Values.podSecurityContext .Values.hotrod.podSecurityContext | toYaml | nindent 8 }} + {{- end }} serviceAccountName: {{ template "jaeger.hotrod.serviceAccountName" . }} {{- include "hotrod.imagePullSecrets" . | nindent 6 }} containers: - name: {{ include "jaeger.fullname" . }}-hotrod - securityContext: - {{- toYaml .Values.hotrod.securityContext | nindent 12 }} image: {{ include "hotrod.image" . }} imagePullPolicy: {{ .Values.hotrod.image.pullPolicy }} args: @@ -55,6 +55,10 @@ spec: port: http resources: {{- toYaml .Values.hotrod.resources | nindent 12 }} + {{- if or (.Values.hotrod.securityContext) (.Values.securityContext) }} + securityContext: + {{- merge .Values.securityContext .Values.hotrod.securityContext | toYaml | nindent 12 }} + {{- end }} {{- with .Values.hotrod.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} diff --git a/charts/jaeger/templates/ingester-deploy.yaml b/charts/jaeger/templates/ingester-deploy.yaml index 844f8042..f108589b 100644 --- a/charts/jaeger/templates/ingester-deploy.yaml +++ b/charts/jaeger/templates/ingester-deploy.yaml @@ -32,8 +32,10 @@ spec: {{- end }} spec: serviceAccountName: {{ include "jaeger.ingester.serviceAccountName" . }} + {{- if or (.Values.ingester.podSecurityContext) (.Values.podSecurityContext) }} securityContext: - {{- toYaml .Values.ingester.podSecurityContext | nindent 8 }} + {{- merge .Values.podSecurityContext .Values.ingester.podSecurityContext | toYaml | nindent 8 }} + {{- end }} {{- include "ingester.imagePullSecrets" . | nindent 6 }} {{- with .Values.ingester.nodeSelector }} nodeSelector: @@ -53,8 +55,6 @@ spec: {{- end}} containers: - name: {{ include "jaeger.fullname" . }}-ingester - securityContext: - {{- toYaml .Values.ingester.securityContext | nindent 10 }} image: {{ include "ingester.image" . }} imagePullPolicy: {{ .Values.ingester.image.pullPolicy }} args: @@ -96,6 +96,10 @@ spec: port: admin resources: {{- toYaml .Values.ingester.resources | nindent 10 }} + {{- if or (.Values.ingester.securityContext) (.Values.securityContext) }} + securityContext: + {{- merge .Values.securityContext .Values.ingester.securityContext | toYaml | nindent 10 }} + {{- end }} volumeMounts: {{- range .Values.ingester.extraConfigmapMounts }} - name: {{ .name }} diff --git a/charts/jaeger/templates/query-deploy.yaml b/charts/jaeger/templates/query-deploy.yaml index 7aef1c62..e38aa933 100644 --- a/charts/jaeger/templates/query-deploy.yaml +++ b/charts/jaeger/templates/query-deploy.yaml @@ -40,8 +40,6 @@ spec: {{- with .Values.query.priorityClassName }} priorityClassName: {{ . }} {{- end }} - securityContext: - {{- toYaml .Values.query.podSecurityContext | nindent 8 }} serviceAccountName: {{ template "jaeger.query.serviceAccountName" . }} {{- include "query.imagePullSecrets" . | nindent 6 }} {{- if .Values.query.initContainers }} @@ -50,8 +48,6 @@ spec: {{- end}} containers: - name: {{ template "jaeger.query.name" . }} - securityContext: - {{- toYaml .Values.query.securityContext | nindent 10 }} image: {{ include "query.image" . }} imagePullPolicy: {{ .Values.query.image.pullPolicy }} args: @@ -87,8 +83,15 @@ spec: - name: admin containerPort: 16687 protocol: TCP + {{- if .Values.query.resources }} resources: - {{- toYaml .Values.query.resources | nindent 10 }} + {{- toYaml .Values.query.resources | nindent 10 }} + {{- end }} + {{- if or (.Values.query.securityContext) (.Values.securityContext) }} + securityContext: + {{- merge .Values.securityContext .Values.query.securityContext | toYaml | nindent 10 }} + {{- end }} + {{- if or (.Values.query.extraConfigmapMounts) (.Values.query.extraSecretMounts) (.Values.query.config) (.Values.storage.cassandra.tls.enabled) (.Values.storage.elasticsearch.tls.enabled) }} volumeMounts: {{- range .Values.query.extraSecretMounts }} - name: {{ .name }} @@ -126,6 +129,7 @@ spec: - name: ui-configuration mountPath: /etc/conf/ {{- end }} + {{- end }} livenessProbe: httpGet: path: / @@ -138,14 +142,17 @@ spec: - name: {{ template "jaeger.agent.name" . }}-oauth2-sidecar image: {{ include "oAuthSidecar.image" . }} imagePullPolicy: {{ .Values.query.oAuthSidecar.image.pullPolicy }} + {{- if .Values.query.oAuthSidecar.args }} args: {{- range .Values.query.oAuthSidecar.args }} - {{ . }} {{- end }} + {{- end }} {{- if .Values.query.oAuthSidecar.extraEnv }} env: {{- toYaml .Values.query.oAuthSidecar.extraEnv | nindent 10 }} {{- end }} + {{- if or (.Values.query.oAuthSidecar.extraConfigmapMounts) (.Values.query.oAuthSidecar.extraSecretMounts) (.Values.query.oAuthSidecar.config)}} volumeMounts: {{- range .Values.query.oAuthSidecar.extraConfigmapMounts }} - name: {{ .name }} @@ -163,11 +170,18 @@ spec: - name: jaeger-oauth-configuration mountPath: /etc/oauth2-proxy {{- end }} + {{- end }} ports: - containerPort: {{ .Values.query.oAuthSidecar.containerPort }} name: oauth-proxy + {{- if .Values.query.oAuthSidecar.resources }} resources: - {{- toYaml .Values.query.oAuthSidecar.resources | nindent 10 }} + {{- toYaml .Values.query.oAuthSidecar.resources | nindent 10 }} + {{- end }} + {{- if or (.Values.query.oAuthSidecar.securityContext) (.Values.securityContext) }} + securityContext: + {{- merge .Values.securityContext .Values.query.oAuthSidecar.securityContext | toYaml | nindent 10 }} + {{- end }} {{- if .Values.query.oAuthSidecar.livenessProbe }} livenessProbe: {{- toYaml .Values.query.oAuthSidecar.livenessProbe | nindent 10 }} @@ -179,10 +193,9 @@ spec: {{- end }} {{- if .Values.query.agentSidecar.enabled }} - name: {{ template "jaeger.agent.name" . }}-sidecar - securityContext: - {{- toYaml .Values.query.securityContext | nindent 10 }} image: {{ include "agent.image" . }} imagePullPolicy: {{ .Values.agent.image.pullPolicy }} + {{- if .Values.agent.cmdlineParams }} args: {{- range $key, $value := .Values.agent.cmdlineParams }} {{- if $value }} @@ -191,8 +204,9 @@ spec: - --{{ $key }} {{- end }} {{- end }} - env: + {{- end }} {{- if not (hasKey .Values.agent.cmdlineParams "reporter.grpc.host-port") }} + env: - name: REPORTER_GRPC_HOST_PORT value: {{ include "jaeger.collector.name" . }}:{{ .Values.collector.service.grpc.port }} {{- end }} @@ -200,8 +214,15 @@ spec: - name: admin containerPort: 14271 protocol: TCP + {{- if .Values.query.agentSidecar.resources }} resources: - {{- toYaml .Values.query.agentSidecar.resources | nindent 10 }} + {{- toYaml .Values.query.agentSidecar.resources | nindent 10 }} + {{- end }} + {{- if or (.Values.query.agentSidecar.securityContext) (.Values.securityContext) }} + securityContext: + {{- merge .Values.securityContext .Values.query.agentSidecar.securityContext | toYaml | nindent 10 }} + {{- end }} + {{- if or (.Values.agent.extraConfigmapMounts) (.Values.agent.extraSecretMounts) }} volumeMounts: {{- range .Values.agent.extraConfigmapMounts }} - name: {{ .name }} @@ -215,6 +236,7 @@ spec: subPath: {{ .subPath }} readOnly: {{ .readOnly }} {{- end }} + {{- end }} livenessProbe: httpGet: path: / @@ -229,6 +251,11 @@ spec: {{- end }} dnsPolicy: {{ .Values.query.dnsPolicy }} restartPolicy: Always + {{- if or (.Values.query.podSecurityContext) (.Values.podSecurityContext) }} + securityContext: + {{- merge .Values.podSecurityContext .Values.query.podSecurityContext | toYaml | nindent 8 }} + {{- end }} + {{- if or (.Values.query.extraConfigmapMounts) (.Values.query.extraSecretMounts) (.Values.query.config) (.Values.storage.cassandra.tls.enabled) (.Values.storage.elasticsearch.tls.enabled) }} volumes: {{- range .Values.query.extraConfigmapMounts }} - name: {{ .name }} @@ -255,6 +282,7 @@ spec: secret: secretName: {{ .Values.storage.elasticsearch.tls.secretName }} {{- end }} + {{- end }} {{- if .Values.query.oAuthSidecar.enabled }} {{- range .Values.query.oAuthSidecar.extraConfigmapMounts }} - name: {{ .name }} diff --git a/charts/jaeger/templates/spark-cronjob.yaml b/charts/jaeger/templates/spark-cronjob.yaml index c577cbeb..e27ac416 100644 --- a/charts/jaeger/templates/spark-cronjob.yaml +++ b/charts/jaeger/templates/spark-cronjob.yaml @@ -61,8 +61,14 @@ spec: - name: ES_NODES_WAN_ONLY value: {{ .Values.storage.elasticsearch.nodesWanOnly | quote }} {{- end }} + {{- if .Values.spark.resources }} resources: - {{- toYaml .Values.spark.resources | nindent 14 }} + {{- toYaml .Values.spark.resources | nindent 14 }} + {{- end }} + {{- if or (.Values.spark.securityContext) (.Values.securityContext) }} + securityContext: + {{- merge .Values.securityContext .Values.spark.securityContext | toYaml | nindent 14 }} + {{- end }} volumeMounts: {{- range .Values.spark.extraConfigmapMounts }} - name: {{ .name }} @@ -77,6 +83,10 @@ spec: readOnly: {{ .readOnly }} {{- end }} restartPolicy: OnFailure + {{- if or (.Values.spark.podSecurityContext) (.Values.podSecurityContext) }} + securityContext: + {{- merge .Values.podSecurityContext .Values.spark.podSecurityContext | toYaml | nindent 12 }} + {{- end }} volumes: {{- range .Values.spark.extraConfigmapMounts }} - name: {{ .name }} diff --git a/charts/jaeger/values.yaml b/charts/jaeger/values.yaml index 778ba1dd..d69b4628 100644 --- a/charts/jaeger/values.yaml +++ b/charts/jaeger/values.yaml @@ -2,6 +2,23 @@ # This is a YAML-formatted file. # Jaeger values are grouped by component. Cassandra values override subchart values +# Set securityContext for pod or container global and/or define for each service +podSecurityContext: {} +# podSecurityContext: +# fsGroup: 1000 +# supplementalGroups: +# - 1000 +securityContext: {} +# securityContext: +# allowPrivilegeEscalation: false +# capabilities: +# drop: +# - ALL +# privileged: false +# readOnlyRootFilesystem: true +# runAsUser: 1000 +# runAsGroup: 1000 + global: imageRegistry: @@ -86,6 +103,8 @@ allInOne: # cpu: 256m # memory: 128Mi nodeSelector: {} + podSecurityContext: {} + securityContext: {} storage: # allowed values (cassandra, elasticsearch, grpc-plugin, badger, memory) @@ -230,8 +249,7 @@ schema: digest: "" pullPolicy: IfNotPresent pullSecrets: [] - resources: - {} + resources: {} # limits: # cpu: 500m # memory: 512Mi @@ -249,8 +267,7 @@ schema: podSecurityContext: {} ## Deadline for cassandra schema creation job activeDeadlineSeconds: 300 - extraEnv: - [] + extraEnv: [] # - name: MODE # value: prod # - name: TRACE_TTL @@ -326,8 +343,7 @@ ingester: # List of IP ranges that are allowed to access the load balancer (if supported) loadBalancerSourceRanges: [] type: ClusterIP - resources: - {} + resources: {} # limits: # cpu: 1 # memory: 1Gi @@ -363,8 +379,6 @@ ingester: metricRelabelings: [] agent: - podSecurityContext: {} - securityContext: {} enabled: true annotations: {} image: @@ -396,14 +410,15 @@ agent: binaryPort: 6832 # samplingPort: (HTTP) serve configs, sampling strategies samplingPort: 5778 - resources: - {} + resources: {} # limits: # cpu: 500m # memory: 512Mi # requests: # cpu: 256m # memory: 128Mi + podSecurityContext: {} + securityContext: {} serviceAccount: create: true # Explicitly mounts the API credentials for the Service Account @@ -445,8 +460,6 @@ agent: metricRelabelings: [] collector: - podSecurityContext: {} - securityContext: {} enabled: true annotations: {} image: @@ -527,14 +540,15 @@ collector: # hosts: # - chart-example.local pathType: - resources: - {} + resources: {} # limits: # cpu: 1 # memory: 1Gi # requests: # cpu: 500m # memory: 512Mi + podSecurityContext: {} + securityContext: {} serviceAccount: create: true # Explicitly mounts the API credentials for the Service Account @@ -560,6 +574,7 @@ collector: # subPath: "" # configMap: jaeger-config # readOnly: true + samplingConfig: {} # samplingConfig: |- # { # "service_strategies": [ @@ -618,14 +633,15 @@ query: initContainers: [] oAuthSidecar: enabled: false - resources: - {} + resources: {} # limits: # cpu: 500m # memory: 512Mi # requests: # cpu: 256m # memory: 128Mi + podSecurityContext: {} + securityContext: {} image: registry: quay.io repository: oauth2-proxy/oauth2-proxy @@ -650,17 +666,27 @@ query: # oidc_groups_claim = "groups" # user_id_claim = "preferred_username" # skip_provider_button = "true" + resources: {} + # resources: + # limits: + # cpu: 500m + # memory: 512Mi + # requests: + # cpu: 256m + # memory: 128Mi podSecurityContext: {} securityContext: {} agentSidecar: enabled: true - # resources: - # limits: - # cpu: 500m - # memory: 512Mi - # requests: - # cpu: 256m - # memory: 128Mi + resources: {} + # limits: + # cpu: 500m + # memory: 512Mi + # requests: + # cpu: 256m + # memory: 128Mi + podSecurityContext: {} + securityContext: {} annotations: {} image: registry: "" @@ -707,14 +733,6 @@ query: pathType: health: exposed: false - resources: - {} - # limits: - # cpu: 500m - # memory: 512Mi - # requests: - # cpu: 256m - # memory: 128Mi serviceAccount: create: true # Explicitly mounts the API credentials for the Service Account @@ -789,14 +807,15 @@ spark: successfulJobsHistoryLimit: 5 failedJobsHistoryLimit: 5 concurrencyPolicy: Forbid - resources: - {} + resources: {} # limits: # cpu: 500m # memory: 512Mi # requests: # cpu: 256m # memory: 128Mi + podSecurityContext: {} + securityContext: {} serviceAccount: create: true annotations: {} @@ -837,14 +856,15 @@ esIndexCleaner: successfulJobsHistoryLimit: 3 failedJobsHistoryLimit: 3 concurrencyPolicy: Forbid - resources: - {} + resources: {} # limits: # cpu: 500m # memory: 512Mi # requests: # cpu: 256m # memory: 128Mi + podSecurityContext: {} + securityContext: {} numberOfDays: 7 serviceAccount: create: true @@ -884,14 +904,15 @@ esRollover: successfulJobsHistoryLimit: 3 failedJobsHistoryLimit: 3 concurrencyPolicy: Forbid - resources: - {} + resources: {} # limits: # cpu: 500m # memory: 512Mi # requests: # cpu: 256m # memory: 128Mi + podSecurityContext: {} + securityContext: {} serviceAccount: create: true # Explicitly mounts the API credentials for the Service Account @@ -940,14 +961,15 @@ esLookback: successfulJobsHistoryLimit: 3 failedJobsHistoryLimit: 3 concurrencyPolicy: Forbid - resources: - {} + resources: {} # limits: # cpu: 500m # memory: 512Mi # requests: # cpu: 256m # memory: 128Mi + podSecurityContext: {} + securityContext: {} serviceAccount: create: true annotations: {} @@ -968,8 +990,6 @@ esLookback: hotrod: enabled: false - podSecurityContext: {} - securityContext: {} replicaCount: 1 # set the primary command(s) for the hotrod application args: @@ -1014,8 +1034,7 @@ hotrod: # hosts: # - chart-example.local pathType: - resources: - {} + resources: {} # We usually recommend not to specify default resources and to leave this as a conscious # choice for the user. This also increases chances charts run on environments with little # resources, such as Minikube. If you do want to specify resources, uncomment the following @@ -1026,6 +1045,8 @@ hotrod: # requests: # cpu: 100m # memory: 128Mi + podSecurityContext: {} + securityContext: {} serviceAccount: create: true # Explicitly mounts the API credentials for the Service Account