diff --git a/.github/workflows/sync-remote-helm-charts.yaml b/.github/workflows/sync-remote-helm-charts.yaml index f7499b42c..db9a930b7 100644 --- a/.github/workflows/sync-remote-helm-charts.yaml +++ b/.github/workflows/sync-remote-helm-charts.yaml @@ -41,6 +41,11 @@ jobs: remote_repository: cloudwatch-controller remote_directory: helm target_directory: addons/cloudwatch-chart + - remote_owner: aws-controllers-k8s + remote_repository: cloudwatchlogs-controller + remote_directory: helm + target_directory: addons/cloudwatchlogs-chart + tag: v0.0.10 - remote_owner: aws-controllers-k8s remote_repository: dynamodb-controller remote_directory: helm diff --git a/addons/cloudwatchlogs-chart/Chart.yaml b/addons/cloudwatchlogs-chart/Chart.yaml new file mode 100644 index 000000000..56ce34bb0 --- /dev/null +++ b/addons/cloudwatchlogs-chart/Chart.yaml @@ -0,0 +1,18 @@ +apiVersion: v1 +name: cloudwatchlogs-chart +description: A Helm chart for the ACK service controller for Amazon CloudWatch Logs (CloudWatch Logs) +version: 0.0.10 +appVersion: 0.0.10 +home: https://github.com/aws-controllers-k8s/cloudwatchlogs-controller +icon: https://raw.githubusercontent.com/aws/eks-charts/master/docs/logo/aws.png +sources: + - https://github.com/aws-controllers-k8s/cloudwatchlogs-controller +maintainers: + - name: ACK Admins + url: https://github.com/orgs/aws-controllers-k8s/teams/ack-admin + - name: CloudWatch Logs Admins + url: https://github.com/orgs/aws-controllers-k8s/teams/cloudwatchlogs-maintainer +keywords: + - aws + - kubernetes + - cloudwatchlogs diff --git a/addons/cloudwatchlogs-chart/crds/cloudwatchlogs.services.k8s.aws_loggroups.yaml b/addons/cloudwatchlogs-chart/crds/cloudwatchlogs.services.k8s.aws_loggroups.yaml new file mode 100644 index 000000000..dea860f3e --- /dev/null +++ b/addons/cloudwatchlogs-chart/crds/cloudwatchlogs.services.k8s.aws_loggroups.yaml @@ -0,0 +1,210 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + name: loggroups.cloudwatchlogs.services.k8s.aws +spec: + group: cloudwatchlogs.services.k8s.aws + names: + kind: LogGroup + listKind: LogGroupList + plural: loggroups + singular: loggroup + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: LogGroup is the Schema for the LogGroups API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: |- + LogGroupSpec defines the desired state of LogGroup. + + + Represents a log group. + properties: + kmsKeyID: + description: |- + The Amazon Resource Name (ARN) of the KMS key to use when encrypting log + data. For more information, see Amazon Resource Names (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#arn-syntax-kms). + type: string + kmsKeyRef: + description: "AWSResourceReferenceWrapper provides a wrapper around + *AWSResourceReference\ntype to provide more user friendly syntax + for references using 'from' field\nEx:\nAPIIDRef:\n\n\n\tfrom:\n\t + \ name: my-api" + properties: + from: + description: |- + AWSResourceReference provides all the values necessary to reference another + k8s resource for finding the identifier(Id/ARN/Name) + properties: + name: + type: string + namespace: + type: string + type: object + type: object + name: + type: string + retentionDays: + format: int64 + type: integer + subscriptionFilters: + items: + properties: + destinationARN: + type: string + distribution: + description: |- + The method used to distribute log data to the destination, which can be either + random or grouped by log stream. + type: string + filterName: + type: string + filterPattern: + description: |- + A symbolic description of how CloudWatch Logs should interpret the data in + each log event. For example, a log event can contain timestamps, IP addresses, + strings, and so on. You use the filter pattern to specify what to look for + in the log event message. + type: string + roleARN: + type: string + type: object + type: array + tags: + additionalProperties: + type: string + description: |- + The key-value pairs to use for the tags. + + + You can grant users access to certain log groups while preventing them from + accessing other log groups. To do so, tag your groups and use IAM policies + that refer to those tags. To assign tags when you create a log group, you + must have either the logs:TagResource or logs:TagLogGroup permission. For + more information about tagging, see Tagging Amazon Web Services resources + (https://docs.aws.amazon.com/general/latest/gr/aws_tagging.html). For more + information about using tags to control access, see Controlling access to + Amazon Web Services resources using tags (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_tags.html). + type: object + required: + - name + type: object + status: + description: LogGroupStatus defines the observed state of LogGroup + properties: + ackResourceMetadata: + description: |- + All CRs managed by ACK have a common `Status.ACKResourceMetadata` member + that is used to contain resource sync state, account ownership, + constructed ARN for the resource + properties: + arn: + description: |- + ARN is the Amazon Resource Name for the resource. This is a + globally-unique identifier and is set only by the ACK service controller + once the controller has orchestrated the creation of the resource OR + when it has verified that an "adopted" resource (a resource where the + ARN annotation was set by the Kubernetes user on the CR) exists and + matches the supplied CR's Spec field values. + TODO(vijat@): Find a better strategy for resources that do not have ARN in CreateOutputResponse + https://github.com/aws/aws-controllers-k8s/issues/270 + type: string + ownerAccountID: + description: |- + OwnerAccountID is the AWS Account ID of the account that owns the + backend AWS service API resource. + type: string + region: + description: Region is the AWS region in which the resource exists + or will exist. + type: string + required: + - ownerAccountID + - region + type: object + conditions: + description: |- + All CRS managed by ACK have a common `Status.Conditions` member that + contains a collection of `ackv1alpha1.Condition` objects that describe + the various terminal states of the CR and its backend AWS service API + resource + items: + description: |- + Condition is the common struct used by all CRDs managed by ACK service + controllers to indicate terminal states of the CR and its backend AWS + service API resource + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type is the type of the Condition + type: string + required: + - status + - type + type: object + type: array + creationTime: + description: |- + The creation time of the log group, expressed as the number of milliseconds + after Jan 1, 1970 00:00:00 UTC. + format: int64 + type: integer + dataProtectionStatus: + description: |- + Displays whether this log group has a protection policy, or whether it had + one in the past. For more information, see PutDataProtectionPolicy (https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutDataProtectionPolicy.html). + type: string + metricFilterCount: + description: The number of metric filters. + format: int64 + type: integer + retentionInDays: + format: int64 + type: integer + storedBytes: + description: The number of bytes stored. + format: int64 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/addons/cloudwatchlogs-chart/crds/services.k8s.aws_adoptedresources.yaml b/addons/cloudwatchlogs-chart/crds/services.k8s.aws_adoptedresources.yaml new file mode 100644 index 000000000..65eff7353 --- /dev/null +++ b/addons/cloudwatchlogs-chart/crds/services.k8s.aws_adoptedresources.yaml @@ -0,0 +1,254 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + name: adoptedresources.services.k8s.aws +spec: + group: services.k8s.aws + names: + kind: AdoptedResource + listKind: AdoptedResourceList + plural: adoptedresources + singular: adoptedresource + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: AdoptedResource is the schema for the AdoptedResource API. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: AdoptedResourceSpec defines the desired state of the AdoptedResource. + properties: + aws: + description: AWSIdentifiers provide all unique ways to reference an + AWS resource. + properties: + additionalKeys: + additionalProperties: + type: string + description: |- + AdditionalKeys represents any additional arbitrary identifiers used when + describing the target resource. + type: object + arn: + description: |- + ARN is the AWS Resource Name for the resource. It is a globally + unique identifier. + type: string + nameOrID: + description: |- + NameOrId is a user-supplied string identifier for the resource. It may + or may not be globally unique, depending on the type of resource. + type: string + type: object + kubernetes: + description: |- + ResourceWithMetadata provides the values necessary to create a + Kubernetes resource and override any of its metadata values. + properties: + group: + type: string + kind: + type: string + metadata: + description: |- + ObjectMeta is metadata that all persisted resources must have, which includes all objects + users must create. + It is not possible to use `metav1.ObjectMeta` inside spec, as the controller-gen + automatically converts this to an arbitrary string-string map. + https://github.com/kubernetes-sigs/controller-tools/issues/385 + + + Active discussion about inclusion of this field in the spec is happening in this PR: + https://github.com/kubernetes-sigs/controller-tools/pull/395 + + + Until this is allowed, or if it never is, we will produce a subset of the object meta + that contains only the fields which the user is allowed to modify in the metadata. + properties: + annotations: + additionalProperties: + type: string + description: |- + Annotations is an unstructured key value map stored with a resource that may be + set by external tools to store and retrieve arbitrary metadata. They are not + queryable and should be preserved when modifying objects. + More info: http://kubernetes.io/docs/user-guide/annotations + type: object + generateName: + description: |- + GenerateName is an optional prefix, used by the server, to generate a unique + name ONLY IF the Name field has not been provided. + If this field is used, the name returned to the client will be different + than the name passed. This value will also be combined with a unique suffix. + The provided value has the same validation rules as the Name field, + and may be truncated by the length of the suffix required to make the value + unique on the server. + + + If this field is specified and the generated name exists, the server will + NOT return a 409 - instead, it will either return 201 Created or 500 with Reason + ServerTimeout indicating a unique name could not be found in the time allotted, and the client + should retry (optionally after the time indicated in the Retry-After header). + + + Applied only if Name is not specified. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency + type: string + labels: + additionalProperties: + type: string + description: |- + Map of string keys and values that can be used to organize and categorize + (scope and select) objects. May match selectors of replication controllers + and services. + More info: http://kubernetes.io/docs/user-guide/labels + type: object + name: + description: |- + Name must be unique within a namespace. Is required when creating resources, although + some resources may allow a client to request the generation of an appropriate name + automatically. Name is primarily intended for creation idempotence and configuration + definition. + Cannot be updated. + More info: http://kubernetes.io/docs/user-guide/identifiers#names + type: string + namespace: + description: |- + Namespace defines the space within each name must be unique. An empty namespace is + equivalent to the "default" namespace, but "default" is the canonical representation. + Not all objects are required to be scoped to a namespace - the value of this field for + those objects will be empty. + + + Must be a DNS_LABEL. + Cannot be updated. + More info: http://kubernetes.io/docs/user-guide/namespaces + type: string + ownerReferences: + description: |- + List of objects depended by this object. If ALL objects in the list have + been deleted, this object will be garbage collected. If this object is managed by a controller, + then an entry in this list will point to this controller, with the controller field set to true. + There cannot be more than one managing controller. + items: + description: |- + OwnerReference contains enough information to let you identify an owning + object. An owning object must be in the same namespace as the dependent, or + be cluster-scoped, so there is no namespace field. + properties: + apiVersion: + description: API version of the referent. + type: string + blockOwnerDeletion: + description: |- + If true, AND if the owner has the "foregroundDeletion" finalizer, then + the owner cannot be deleted from the key-value store until this + reference is removed. + See https://kubernetes.io/docs/concepts/architecture/garbage-collection/#foreground-deletion + for how the garbage collector interacts with this field and enforces the foreground deletion. + Defaults to false. + To set this field, a user needs "delete" permission of the owner, + otherwise 422 (Unprocessable Entity) will be returned. + type: boolean + controller: + description: If true, this reference points to the managing + controller. + type: boolean + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids + type: string + required: + - apiVersion + - kind + - name + - uid + type: object + x-kubernetes-map-type: atomic + type: array + type: object + required: + - group + - kind + type: object + required: + - aws + - kubernetes + type: object + status: + description: AdoptedResourceStatus defines the observed status of the + AdoptedResource. + properties: + conditions: + description: |- + A collection of `ackv1alpha1.Condition` objects that describe the various + terminal states of the adopted resource CR and its target custom resource + items: + description: |- + Condition is the common struct used by all CRDs managed by ACK service + controllers to indicate terminal states of the CR and its backend AWS + service API resource + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type is the type of the Condition + type: string + required: + - status + - type + type: object + type: array + required: + - conditions + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/addons/cloudwatchlogs-chart/crds/services.k8s.aws_fieldexports.yaml b/addons/cloudwatchlogs-chart/crds/services.k8s.aws_fieldexports.yaml new file mode 100644 index 000000000..4d3a8f1d5 --- /dev/null +++ b/addons/cloudwatchlogs-chart/crds/services.k8s.aws_fieldexports.yaml @@ -0,0 +1,144 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + name: fieldexports.services.k8s.aws +spec: + group: services.k8s.aws + names: + kind: FieldExport + listKind: FieldExportList + plural: fieldexports + singular: fieldexport + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: FieldExport is the schema for the FieldExport API. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: FieldExportSpec defines the desired state of the FieldExport. + properties: + from: + description: |- + ResourceFieldSelector provides the values necessary to identify an individual + field on an individual K8s resource. + properties: + path: + type: string + resource: + description: |- + NamespacedResource provides all the values necessary to identify an ACK + resource of a given type (within the same namespace as the custom resource + containing this type). + properties: + group: + type: string + kind: + type: string + name: + type: string + required: + - group + - kind + - name + type: object + required: + - path + - resource + type: object + to: + description: |- + FieldExportTarget provides the values necessary to identify the + output path for a field export. + properties: + key: + description: Key overrides the default value (`.`) + for the FieldExport target + type: string + kind: + description: |- + FieldExportOutputType represents all types that can be produced by a field + export operation + enum: + - configmap + - secret + type: string + name: + type: string + namespace: + description: Namespace is marked as optional, so we cannot compose + `NamespacedName` + type: string + required: + - kind + - name + type: object + required: + - from + - to + type: object + status: + description: FieldExportStatus defines the observed status of the FieldExport. + properties: + conditions: + description: |- + A collection of `ackv1alpha1.Condition` objects that describe the various + recoverable states of the field CR + items: + description: |- + Condition is the common struct used by all CRDs managed by ACK service + controllers to indicate terminal states of the CR and its backend AWS + service API resource + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type is the type of the Condition + type: string + required: + - status + - type + type: object + type: array + required: + - conditions + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/addons/cloudwatchlogs-chart/templates/NOTES.txt b/addons/cloudwatchlogs-chart/templates/NOTES.txt new file mode 100644 index 000000000..e7bea8b50 --- /dev/null +++ b/addons/cloudwatchlogs-chart/templates/NOTES.txt @@ -0,0 +1,16 @@ +{{ .Chart.Name }} has been installed. +This chart deploys "public.ecr.aws/aws-controllers-k8s/cloudwatchlogs-controller:0.0.10". + +Check its status by running: + kubectl --namespace {{ .Release.Namespace }} get pods -l "app.kubernetes.io/instance={{ .Release.Name }}" + +You are now able to create Amazon CloudWatch Logs (CloudWatch Logs) resources! + +The controller is running in "{{ .Values.installScope }}" mode. +The controller is configured to manage AWS resources in region: "{{ .Values.aws.region }}" + +Visit https://aws-controllers-k8s.github.io/community/reference/ for an API +reference of all the resources that can be created using this controller. + +For more information on the AWS Controllers for Kubernetes (ACK) project, visit: +https://aws-controllers-k8s.github.io/community/ diff --git a/addons/cloudwatchlogs-chart/templates/_helpers.tpl b/addons/cloudwatchlogs-chart/templates/_helpers.tpl new file mode 100644 index 000000000..63fb2acdd --- /dev/null +++ b/addons/cloudwatchlogs-chart/templates/_helpers.tpl @@ -0,0 +1,163 @@ +{{/* The name of the application this chart installs */}} +{{- define "ack-cloudwatchlogs-controller.app.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "ack-cloudwatchlogs-controller.app.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* The name and version as used by the chart label */}} +{{- define "ack-cloudwatchlogs-controller.chart.name-version" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* The name of the service account to use */}} +{{- define "ack-cloudwatchlogs-controller.service-account.name" -}} + {{ default "default" .Values.serviceAccount.name }} +{{- end -}} + +{{- define "ack-cloudwatchlogs-controller.watch-namespace" -}} +{{- if eq .Values.installScope "namespace" -}} +{{ .Values.watchNamespace | default .Release.Namespace }} +{{- end -}} +{{- end -}} + +{{/* The mount path for the shared credentials file */}} +{{- define "ack-cloudwatchlogs-controller.aws.credentials.secret_mount_path" -}} +{{- "/var/run/secrets/aws" -}} +{{- end -}} + +{{/* The path the shared credentials file is mounted */}} +{{- define "ack-cloudwatchlogs-controller.aws.credentials.path" -}} +{{ $secret_mount_path := include "ack-cloudwatchlogs-controller.aws.credentials.secret_mount_path" . }} +{{- printf "%s/%s" $secret_mount_path .Values.aws.credentials.secretKey -}} +{{- end -}} + +{{/* The rules a of ClusterRole or Role */}} +{{- define "ack-cloudwatchlogs-controller.rbac-rules" -}} +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - patch + - watch +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - patch + - watch +- apiGroups: + - cloudwatchlogs.services.k8s.aws + resources: + - loggroups + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - cloudwatchlogs.services.k8s.aws + resources: + - loggroups/status + verbs: + - get + - patch + - update +- apiGroups: + - kms.services.k8s.aws + resources: + - keys + verbs: + - get + - list +- apiGroups: + - kms.services.k8s.aws + resources: + - keys/status + verbs: + - get + - list +- apiGroups: + - services.k8s.aws + resources: + - adoptedresources + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - services.k8s.aws + resources: + - adoptedresources/status + verbs: + - get + - patch + - update +- apiGroups: + - services.k8s.aws + resources: + - fieldexports + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - services.k8s.aws + resources: + - fieldexports/status + verbs: + - get + - patch + - update +{{- end }} + +{{/* Convert k/v map to string like: "key1=value1,key2=value2,..." */}} +{{- define "ack-cloudwatchlogs-controller.feature-gates" -}} +{{- $list := list -}} +{{- range $k, $v := .Values.featureGates -}} +{{- $list = append $list (printf "%s=%s" $k ( $v | toString)) -}} +{{- end -}} +{{ join "," $list }} +{{- end -}} diff --git a/addons/cloudwatchlogs-chart/templates/caches-role-binding.yaml b/addons/cloudwatchlogs-chart/templates/caches-role-binding.yaml new file mode 100644 index 000000000..9e46efcd5 --- /dev/null +++ b/addons/cloudwatchlogs-chart/templates/caches-role-binding.yaml @@ -0,0 +1,26 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: ack-namespaces-cache-cloudwatchlogs-controller +roleRef: + kind: ClusterRole + apiGroup: rbac.authorization.k8s.io + name: ack-namespaces-cache-cloudwatchlogs-controller +subjects: +- kind: ServiceAccount + name: ack-cloudwatchlogs-controller + namespace: {{ .Release.Namespace }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: ack-configmaps-cache-cloudwatchlogs-controller + namespace: {{ .Release.Namespace }} +roleRef: + kind: Role + apiGroup: rbac.authorization.k8s.io + name: ack-configmaps-cache-cloudwatchlogs-controller +subjects: +- kind: ServiceAccount + name: ack-cloudwatchlogs-controller + namespace: {{ .Release.Namespace }} \ No newline at end of file diff --git a/addons/cloudwatchlogs-chart/templates/caches-role.yaml b/addons/cloudwatchlogs-chart/templates/caches-role.yaml new file mode 100644 index 000000000..a5fd23146 --- /dev/null +++ b/addons/cloudwatchlogs-chart/templates/caches-role.yaml @@ -0,0 +1,28 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: ack-namespaces-cache-cloudwatchlogs-controller +rules: +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: ack-configmaps-cache-cloudwatchlogs-controller + namespace: {{ .Release.Namespace }} +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch \ No newline at end of file diff --git a/addons/cloudwatchlogs-chart/templates/cluster-role-binding.yaml b/addons/cloudwatchlogs-chart/templates/cluster-role-binding.yaml new file mode 100644 index 000000000..5123c27a2 --- /dev/null +++ b/addons/cloudwatchlogs-chart/templates/cluster-role-binding.yaml @@ -0,0 +1,36 @@ +{{ if eq .Values.installScope "cluster" }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ include "ack-cloudwatchlogs-controller.app.fullname" . }} +roleRef: + kind: ClusterRole + apiGroup: rbac.authorization.k8s.io + name: ack-cloudwatchlogs-controller +subjects: +- kind: ServiceAccount + name: {{ include "ack-cloudwatchlogs-controller.service-account.name" . }} + namespace: {{ .Release.Namespace }} +{{ else if eq .Values.installScope "namespace" }} +{{ $wn := include "ack-cloudwatchlogs-controller.watch-namespace" . }} +{{ $namespaces := split "," $wn }} +{{ $fullname := include "ack-cloudwatchlogs-controller.app.fullname" . }} +{{ $releaseNamespace := .Release.Namespace }} +{{ $serviceAccountName := include "ack-cloudwatchlogs-controller.service-account.name" . }} +{{ range $namespaces }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ $fullname }} + namespace: {{ . }} +roleRef: + kind: Role + apiGroup: rbac.authorization.k8s.io + name: ack-cloudwatchlogs-controller +subjects: +- kind: ServiceAccount + name: {{ $serviceAccountName }} + namespace: {{ $releaseNamespace }} +{{ end }} +{{ end }} \ No newline at end of file diff --git a/addons/cloudwatchlogs-chart/templates/cluster-role-controller.yaml b/addons/cloudwatchlogs-chart/templates/cluster-role-controller.yaml new file mode 100644 index 000000000..ea6283fda --- /dev/null +++ b/addons/cloudwatchlogs-chart/templates/cluster-role-controller.yaml @@ -0,0 +1,29 @@ +{{ $labels := .Values.role.labels }} +{{ $rbacRules := include "ack-cloudwatchlogs-controller.rbac-rules" . }} +{{ if eq .Values.installScope "cluster" }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: ack-cloudwatchlogs-controller + labels: + {{- range $key, $value := $labels }} + {{ $key }}: {{ $value | quote }} + {{- end }} +{{$rbacRules }} +{{ else if eq .Values.installScope "namespace" }} +{{ $wn := include "ack-cloudwatchlogs-controller.watch-namespace" . }} +{{ $namespaces := split "," $wn }} +{{ range $namespaces }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: ack-cloudwatchlogs-controller + namespace: {{ . }} + labels: + {{- range $key, $value := $labels }} + {{ $key }}: {{ $value | quote }} + {{- end }} +{{ $rbacRules }} +{{ end }} +{{ end }} \ No newline at end of file diff --git a/addons/cloudwatchlogs-chart/templates/deployment.yaml b/addons/cloudwatchlogs-chart/templates/deployment.yaml new file mode 100644 index 000000000..289533e7c --- /dev/null +++ b/addons/cloudwatchlogs-chart/templates/deployment.yaml @@ -0,0 +1,197 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "ack-cloudwatchlogs-controller.app.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ include "ack-cloudwatchlogs-controller.app.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} + k8s-app: {{ include "ack-cloudwatchlogs-controller.app.name" . }} + helm.sh/chart: {{ include "ack-cloudwatchlogs-controller.chart.name-version" . }} +spec: + replicas: {{ .Values.deployment.replicas }} + selector: + matchLabels: + app.kubernetes.io/name: {{ include "ack-cloudwatchlogs-controller.app.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + template: + metadata: +{{- if .Values.deployment.annotations }} + annotations: + {{- range $key, $value := .Values.deployment.annotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} +{{- end }} + labels: + app.kubernetes.io/name: {{ include "ack-cloudwatchlogs-controller.app.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: Helm + k8s-app: {{ include "ack-cloudwatchlogs-controller.app.name" . }} +{{- range $key, $value := .Values.deployment.labels }} + {{ $key }}: {{ $value | quote }} +{{- end }} + spec: + serviceAccountName: {{ include "ack-cloudwatchlogs-controller.service-account.name" . }} + {{- if .Values.image.pullSecrets }} + imagePullSecrets: + {{- range .Values.image.pullSecrets }} + - name: {{ . }} + {{- end }} + {{- end }} + containers: + - command: + - ./bin/controller + args: + - --aws-region + - "$(AWS_REGION)" + - --aws-endpoint-url + - "$(AWS_ENDPOINT_URL)" +{{- if .Values.log.enable_development_logging }} + - --enable-development-logging +{{- end }} + - --log-level + - "$(ACK_LOG_LEVEL)" + - --resource-tags + - "$(ACK_RESOURCE_TAGS)" + - --watch-namespace + - "$(ACK_WATCH_NAMESPACE)" + - --deletion-policy + - "$(DELETION_POLICY)" +{{- if .Values.leaderElection.enabled }} + - --enable-leader-election + - --leader-election-namespace + - "$(LEADER_ELECTION_NAMESPACE)" +{{- end }} +{{- if gt (int .Values.reconcile.defaultResyncPeriod) 0 }} + - --reconcile-default-resync-seconds + - "$(RECONCILE_DEFAULT_RESYNC_SECONDS)" +{{- end }} +{{- range $key, $value := .Values.reconcile.resourceResyncPeriods }} + - --reconcile-resource-resync-seconds + - "$(RECONCILE_RESOURCE_RESYNC_SECONDS_{{ $key | upper }})" +{{- end }} +{{- if gt (int .Values.reconcile.defaultMaxConcurrentSyncs) 0 }} + - --reconcile-default-max-concurrent-syncs + - "$(RECONCILE_DEFAULT_MAX_CONCURRENT_SYNCS)" +{{- end }} +{{- range $key, $value := .Values.reconcile.resourceMaxConcurrentSyncs }} + - --reconcile-resource-max-concurrent-syncs + - "$(RECONCILE_RESOURCE_MAX_CONCURRENT_SYNCS_{{ $key | upper }})" +{{- end }} +{{- if .Values.featureGates}} + - --feature-gates + - "$(FEATURE_GATES)" +{{- end }} + image: {{ .Values.image.repository }}:{{ .Values.image.tag }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + name: controller + ports: + - name: http + containerPort: {{ .Values.deployment.containerPort }} + resources: + {{- toYaml .Values.resources | nindent 10 }} + env: + - name: ACK_SYSTEM_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: AWS_REGION + value: {{ .Values.aws.region }} + - name: AWS_ENDPOINT_URL + value: {{ .Values.aws.endpoint_url | quote }} + - name: ACK_WATCH_NAMESPACE + value: {{ include "ack-cloudwatchlogs-controller.watch-namespace" . }} + - name: DELETION_POLICY + value: {{ .Values.deletionPolicy }} + - name: LEADER_ELECTION_NAMESPACE + value: {{ .Values.leaderElection.namespace | quote }} + - name: ACK_LOG_LEVEL + value: {{ .Values.log.level | quote }} + - name: ACK_RESOURCE_TAGS + value: {{ join "," .Values.resourceTags | quote }} +{{- if gt (int .Values.reconcile.defaultResyncPeriod) 0 }} + - name: RECONCILE_DEFAULT_RESYNC_SECONDS + value: {{ .Values.reconcile.defaultResyncPeriod | quote }} +{{- end }} +{{- range $key, $value := .Values.reconcile.resourceResyncPeriods }} + - name: RECONCILE_RESOURCE_RESYNC_SECONDS_{{ $key | upper }} + value: {{ $key }}={{ $value }} +{{- end }} +{{- if gt (int .Values.reconcile.defaultMaxConcurrentSyncs) 0 }} + - name: RECONCILE_DEFAULT_MAX_CONCURRENT_SYNCS + value: {{ .Values.reconcile.defaultMaxConcurrentSyncs | quote }} +{{- end }} +{{- range $key, $value := .Values.reconcile.resourceMaxConcurrentSyncs }} + - name: RECONCILE_RESOURCE_MAX_CONCURRENT_SYNCS_{{ $key | upper }} + value: {{ $key }}={{ $value }} +{{- end }} +{{- if .Values.featureGates}} + - name: FEATURE_GATES + value: {{ include "ack-cloudwatchlogs-controller.feature-gates" . }} +{{- end }} + {{- if .Values.aws.credentials.secretName }} + - name: AWS_SHARED_CREDENTIALS_FILE + value: {{ include "ack-cloudwatchlogs-controller.aws.credentials.path" . }} + - name: AWS_PROFILE + value: {{ .Values.aws.credentials.profile }} + {{- end }} + {{- if .Values.deployment.extraEnvVars -}} + {{ toYaml .Values.deployment.extraEnvVars | nindent 8 }} + {{- end }} + volumeMounts: + {{- if .Values.aws.credentials.secretName }} + - name: {{ .Values.aws.credentials.secretName }} + mountPath: {{ include "ack-cloudwatchlogs-controller.aws.credentials.secret_mount_path" . }} + readOnly: true + {{- end }} + {{- if .Values.deployment.extraVolumeMounts -}} + {{ toYaml .Values.deployment.extraVolumeMounts | nindent 10 }} + {{- end }} + securityContext: + allowPrivilegeEscalation: false + privileged: false + runAsNonRoot: true + capabilities: + drop: + - ALL + livenessProbe: + httpGet: + path: /healthz + port: 8081 + initialDelaySeconds: 15 + periodSeconds: 20 + readinessProbe: + httpGet: + path: /readyz + port: 8081 + initialDelaySeconds: 5 + periodSeconds: 10 + securityContext: + seccompProfile: + type: RuntimeDefault + terminationGracePeriodSeconds: 10 + nodeSelector: {{ toYaml .Values.deployment.nodeSelector | nindent 8 }} + {{ if .Values.deployment.tolerations -}} + tolerations: {{ toYaml .Values.deployment.tolerations | nindent 8 }} + {{ end -}} + {{ if .Values.deployment.affinity -}} + affinity: {{ toYaml .Values.deployment.affinity | nindent 8 }} + {{ end -}} + {{ if .Values.deployment.priorityClassName -}} + priorityClassName: {{ .Values.deployment.priorityClassName }} + {{ end -}} + hostIPC: false + hostPID: false + hostNetwork: {{ .Values.deployment.hostNetwork }} + dnsPolicy: {{ .Values.deployment.dnsPolicy }} + volumes: + {{- if .Values.aws.credentials.secretName }} + - name: {{ .Values.aws.credentials.secretName }} + secret: + secretName: {{ .Values.aws.credentials.secretName }} + {{- end }} +{{- if .Values.deployment.extraVolumes }} +{{ toYaml .Values.deployment.extraVolumes | indent 8}} +{{- end }} diff --git a/addons/cloudwatchlogs-chart/templates/leader-election-role-binding.yaml b/addons/cloudwatchlogs-chart/templates/leader-election-role-binding.yaml new file mode 100644 index 000000000..66a76e68d --- /dev/null +++ b/addons/cloudwatchlogs-chart/templates/leader-election-role-binding.yaml @@ -0,0 +1,18 @@ +{{ if .Values.leaderElection.enabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: cloudwatchlogs-leader-election-rolebinding +{{ if .Values.leaderElection.namespace }} + namespace: {{ .Values.leaderElection.namespace }} +{{ else }} + namespace: {{ .Release.Namespace }} +{{ end }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: cloudwatchlogs-leader-election-role +subjects: +- kind: ServiceAccount + name: {{ include "ack-cloudwatchlogs-controller.service-account.name" . }} + namespace: {{ .Release.Namespace }}{{- end }} diff --git a/addons/cloudwatchlogs-chart/templates/leader-election-role.yaml b/addons/cloudwatchlogs-chart/templates/leader-election-role.yaml new file mode 100644 index 000000000..159ca120d --- /dev/null +++ b/addons/cloudwatchlogs-chart/templates/leader-election-role.yaml @@ -0,0 +1,30 @@ +{{ if .Values.leaderElection.enabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: cloudwatchlogs-leader-election-role +{{ if .Values.leaderElection.namespace }} + namespace: {{ .Values.leaderElection.namespace }} +{{ else }} + namespace: {{ .Release.Namespace }} +{{ end }} +rules: +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch{{- end }} diff --git a/addons/cloudwatchlogs-chart/templates/metrics-service.yaml b/addons/cloudwatchlogs-chart/templates/metrics-service.yaml new file mode 100644 index 000000000..ba68fb285 --- /dev/null +++ b/addons/cloudwatchlogs-chart/templates/metrics-service.yaml @@ -0,0 +1,29 @@ +{{- if .Values.metrics.service.create }} +apiVersion: v1 +kind: Service +metadata: + name: {{ .Chart.Name | trimSuffix "-chart" | trunc 44 }}-controller-metrics + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ include "ack-cloudwatchlogs-controller.app.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} + k8s-app: {{ include "ack-cloudwatchlogs-controller.app.name" . }} + helm.sh/chart: {{ include "ack-cloudwatchlogs-controller.chart.name-version" . }} +spec: + selector: + app.kubernetes.io/name: {{ include "ack-cloudwatchlogs-controller.app.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: Helm + k8s-app: {{ include "ack-cloudwatchlogs-controller.app.name" . }} +{{- range $key, $value := .Values.deployment.labels }} + {{ $key }}: {{ $value | quote }} +{{- end }} + type: {{ .Values.metrics.service.type }} + ports: + - name: metricsport + port: 8080 + targetPort: http + protocol: TCP +{{- end }} diff --git a/addons/cloudwatchlogs-chart/templates/role-reader.yaml b/addons/cloudwatchlogs-chart/templates/role-reader.yaml new file mode 100644 index 000000000..be30d0473 --- /dev/null +++ b/addons/cloudwatchlogs-chart/templates/role-reader.yaml @@ -0,0 +1,16 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + creationTimestamp: null + name: ack-cloudwatchlogs-reader + namespace: {{ .Release.Namespace }} +rules: +- apiGroups: + - cloudwatchlogs.services.k8s.aws + resources: + - loggroups + verbs: + - get + - list + - watch diff --git a/addons/cloudwatchlogs-chart/templates/role-writer.yaml b/addons/cloudwatchlogs-chart/templates/role-writer.yaml new file mode 100644 index 000000000..e93a012e0 --- /dev/null +++ b/addons/cloudwatchlogs-chart/templates/role-writer.yaml @@ -0,0 +1,28 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + creationTimestamp: null + name: ack-cloudwatchlogs-writer + namespace: {{ .Release.Namespace }} +rules: +- apiGroups: + - cloudwatchlogs.services.k8s.aws + resources: + - loggroups + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - cloudwatchlogs.services.k8s.aws + resources: + - loggroups + verbs: + - get + - patch + - update diff --git a/addons/cloudwatchlogs-chart/templates/service-account.yaml b/addons/cloudwatchlogs-chart/templates/service-account.yaml new file mode 100644 index 000000000..9444c51b5 --- /dev/null +++ b/addons/cloudwatchlogs-chart/templates/service-account.yaml @@ -0,0 +1,18 @@ +{{- if .Values.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/name: {{ include "ack-cloudwatchlogs-controller.app.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} + k8s-app: {{ include "ack-cloudwatchlogs-controller.app.name" . }} + helm.sh/chart: {{ include "ack-cloudwatchlogs-controller.chart.name-version" . }} + name: {{ include "ack-cloudwatchlogs-controller.service-account.name" . }} + namespace: {{ .Release.Namespace }} + annotations: + {{- range $key, $value := .Values.serviceAccount.annotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} +{{- end }} diff --git a/addons/cloudwatchlogs-chart/values.schema.json b/addons/cloudwatchlogs-chart/values.schema.json new file mode 100644 index 000000000..7ccb485d8 --- /dev/null +++ b/addons/cloudwatchlogs-chart/values.schema.json @@ -0,0 +1,290 @@ +{ + "$schema": "https://json-schema.org/draft-07/schema#", + "properties": { + "image": { + "description": "Container Image", + "properties": { + "repository": { + "type": "string", + "minLength": 1 + }, + "tag": { + "type": "string", + "minLength": 1 + }, + "pullPolicy": { + "type": "string", + "enum": ["IfNotPresent", "Always", "Never"] + }, + "pullSecrets": { + "type": "array" + } + }, + "required": [ + "repository", + "tag", + "pullPolicy" + ], + "type": "object" + }, + "nameOverride": { + "type": "string" + }, + "fullNameOverride": { + "type": "string" + }, + "deployment": { + "description": "Deployment settings", + "properties": { + "annotations": { + "type": "object" + }, + "labels": { + "type": "object" + }, + "containerPort": { + "type": "integer", + "minimum": 1, + "maximum": 65535 + }, + "replicas": { + "type": "integer" + }, + "nodeSelector": { + "type": "object" + }, + "tolerations": { + "type": "array" + }, + "affinity": { + "type": "object" + }, + "priorityClassName": { + "type": "string" + }, + "extraVolumeMounts": { + "type": "array" + }, + "extraVolumes": { + "type": "array" + }, + "extraEnvVars": { + "type": "array" + } + }, + "required": [ + "containerPort" + ], + "type": "object" + }, + "role": { + "description": "Role settings", + "properties": { + "labels": { + "type": "object" + } + } + }, + "metrics": { + "description": "Metrics settings", + "properties": { + "service": { + "description": "Kubernetes service settings", + "properties": { + "create": { + "type": "boolean" + }, + "type": { + "type": "string", + "enum": ["ClusterIP", "NodePort", "LoadBalancer", "ExternalName"] + } + }, + "required": [ + "create", + "type" + ], + "type": "object" + } + }, + "required": [ + "service" + ], + "type": "object" + }, + "resources": { + "description": "Kubernetes resources settings", + "properties": { + "requests": { + "description": "Kubernetes resource requests", + "properties": { + "memory": { + "oneOf": [ + { "type": "number" }, + { "type": "string" } + ] + }, + "cpu": { + "oneOf": [ + { "type": "number" }, + { "type": "string" } + ] + } + }, + "required": [ + "memory", + "cpu" + ], + "type": "object" + }, + "limits": { + "description": "Kubernetes resource limits", + "properties": { + "memory": { + "oneOf": [ + { "type": "number" }, + { "type": "string" } + ] + }, + "cpu": { + "oneOf": [ + { "type": "number" }, + { "type": "string" } + ] + } + }, + "required": [ + "memory", + "cpu" + ], + "type": "object" + } + }, + "required": [ + "requests", + "limits" + ], + "type": "object" + }, + "aws": { + "description": "AWS API settings", + "properties": { + "region": { + "type": "string" + }, + "endpoint": { + "type": "string" + }, + "credentials": { + "description": "AWS credentials information", + "properties": { + "secretName": { + "type": "string" + }, + "secretKey": { + "type": "string" + }, + "profile": { + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "log": { + "description": "Logging settings", + "properties": { + "enable_development_logging": { + "type": "boolean" + }, + "level": { + "type": "string" + } + }, + "type": "object" + }, + "installScope": { + "type": "string", + "enum": ["cluster", "namespace"] + }, + "watchNamespace": { + "type": "string" + }, + "resourceTags": { + "type": "array", + "items": { + "type": "string", + "pattern": "(^$|^.*=.*$)" + } + }, + "deletionPolicy": { + "type": "string", + "enum": ["delete", "retain"] + }, + "reconcile": { + "description": "Reconcile settings. This is used to configure the controller's reconciliation behavior. e.g resyncPeriod and maxConcurrentSyncs", + "properties": { + "defaultResyncPeriod": { + "type": "number" + }, + "resourceResyncPeriods": { + "type": "object" + }, + "defaultMaxConcurentSyncs": { + "type": "number" + }, + "resourceMaxConcurrentSyncs": { + "type": "object" + } + }, + "type": "object" + }, + "leaderElection": { + "description": "Parameter to configure the controller's leader election system.", + "properties": { + "enabled": { + "type": "boolean" + }, + "namespace": { + "type": "string" + } + }, + "type": "object" + }, + "serviceAccount": { + "description": "ServiceAccount settings", + "properties": { + "create": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "annotations": { + "type": "object" + } + }, + "type": "object" + } + }, + "featureGates": { + "description": "Feature gates settings", + "type": "object", + "additionalProperties": { + "type": "boolean" + } + }, + "required": [ + "image", + "deployment", + "metrics", + "resources", + "log", + "installScope", + "resourceTags", + "serviceAccount" + ], + "title": "Values", + "type": "object" +} diff --git a/addons/cloudwatchlogs-chart/values.yaml b/addons/cloudwatchlogs-chart/values.yaml new file mode 100644 index 000000000..074550b11 --- /dev/null +++ b/addons/cloudwatchlogs-chart/values.yaml @@ -0,0 +1,164 @@ +# Default values for ack-cloudwatchlogs-controller. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +image: + repository: public.ecr.aws/aws-controllers-k8s/cloudwatchlogs-controller + tag: 0.0.10 + pullPolicy: IfNotPresent + pullSecrets: [] + +nameOverride: "" +fullnameOverride: "" + +deployment: + annotations: {} + labels: {} + containerPort: 8080 + # Number of Deployment replicas + # This determines how many instances of the controller will be running. It's recommended + # to enable leader election if you need to increase the number of replicas > 1 + replicas: 1 + # Which nodeSelector to set? + # See: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector + nodeSelector: + kubernetes.io/os: linux + # Which tolerations to set? + # See: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/ + tolerations: [] + # What affinity to set? + # See: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity + affinity: {} + # Which priorityClassName to set? + # See: https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/#pod-priority + priorityClassName: "" + # Specifies the hostname of the Pod. + # If not specified, the pod's hostname will be set to a system-defined value. + hostNetwork: false + # Set DNS policy for the pod. + # Defaults to "ClusterFirst". + # Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'. + # To have DNS options set along with hostNetwork, you have to specify DNS policy + # explicitly to 'ClusterFirstWithHostNet'. + dnsPolicy: ClusterFirst + extraVolumes: [] + extraVolumeMounts: [] + + # Additional server container environment variables + # + # You specify this manually like you would a raw deployment manifest. + # This means you can bind in environment variables from secrets. + # + # e.g. static environment variable: + # - name: DEMO_GREETING + # value: "Hello from the environment" + # + # e.g. secret environment variable: + # - name: USERNAME + # valueFrom: + # secretKeyRef: + # name: mysecret + # key: username + extraEnvVars: [] + + +# If "installScope: cluster" then these labels will be applied to ClusterRole +role: + labels: {} + +metrics: + service: + # Set to true to automatically create a Kubernetes Service resource for the + # Prometheus metrics server endpoint in controller + create: false + # Which Type to use for the Kubernetes Service? + # See: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types + type: "ClusterIP" + +resources: + requests: + memory: "64Mi" + cpu: "50m" + limits: + memory: "128Mi" + cpu: "100m" + +aws: + # If specified, use the AWS region for AWS API calls + region: "" + endpoint_url: "" + credentials: + # If specified, Secret with shared credentials file to use. + secretName: "" + # Secret stringData key that contains the credentials + secretKey: "credentials" + # Profile used for AWS credentials + profile: "default" + +# log level for the controller +log: + enable_development_logging: false + level: info + +# Set to "namespace" to install the controller in a namespaced scope, will only +# watch for object creation in the namespace. By default installScope is +# cluster wide. +installScope: cluster + +# Set the value of the "namespace" to be watched by the controller +# This value is only used when the `installScope` is set to "namespace". If left empty, the default value is the release namespace for the chart. +# You can set multiple namespaces by providing a comma separated list of namespaces. e.g "namespace1,namespace2" +watchNamespace: "" + +resourceTags: + # Configures the ACK service controller to always set key/value pairs tags on + # resources that it manages. + - services.k8s.aws/controller-version=%CONTROLLER_SERVICE%-%CONTROLLER_VERSION% + - services.k8s.aws/namespace=%K8S_NAMESPACE% + +# Set to "retain" to keep all AWS resources intact even after the K8s resources +# have been deleted. By default, the ACK controller will delete the AWS resource +# before the K8s resource is removed. +deletionPolicy: delete + +# controller reconciliation configurations +reconcile: + # The default duration, in seconds, to wait before resyncing desired state of custom resources. + defaultResyncPeriod: 36000 # 10 Hours + # An object representing the reconcile resync configuration for each specific resource. + resourceResyncPeriods: {} + + # The default number of concurrent syncs that a reconciler can perform. + defaultMaxConcurrentSyncs: 1 + # An object representing the reconcile max concurrent syncs configuration for each specific + # resource. + resourceMaxConcurrentSyncs: {} + +serviceAccount: + # Specifies whether a service account should be created + create: true + # The name of the service account to use. + name: ack-cloudwatchlogs-controller + annotations: {} + # eks.amazonaws.com/role-arn: arn:aws:iam::AWS_ACCOUNT_ID:role/IAM_ROLE_NAME + +# Configuration of the leader election. Required for running multiple instances of the +# controller within the same cluster. +# See https://kubernetes.io/docs/concepts/architecture/leases/#leader-election +leaderElection: + # Enable Controller Leader Election. Set this to true to enable leader election + # for this controller. + enabled: false + # Leader election can be scoped to a specific namespace. By default, the controller + # will attempt to use the namespace of the service account mounted to the Controller + # pod. + namespace: "" + +# Configuration for feature gates. These are optional controller features that +# can be individually enabled ("true") or disabled ("false") by adding key/value +# pairs below. +featureGates: + # Enables the Service level granularity for CARM. See https://github.com/aws-controllers-k8s/community/issues/2031 + ServiceLevelCARM: false + # Enables the Team level granularity for CARM. See https://github.com/aws-controllers-k8s/community/issues/2031 + TeamLevelCARM: false diff --git a/vendored-charts b/vendored-charts index ce1dfd757..d450a70f5 100644 --- a/vendored-charts +++ b/vendored-charts @@ -4,6 +4,7 @@ addons/applicationautoscaling-chart addons/aws-cloudwatch-metrics addons/cloudtrail-chart addons/cloudwatch-chart +addons/cloudwatchlogs-chart addons/dynamodb-chart addons/ec2-chart addons/ecr-chart