DeepCypher/dc-kc
1
0
Fork 0
mirror of https://gitlab.com/deepcypher/dc-kc.git synced 2026-01-27 11:12:08 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Split controller from configuration

Browse Source
This commit is contained in:
GeorgeRaven
2025-06-22 14:31:38 +01:00
parent 4d425aa9ac
commit 21c6073c22
11 changed files with 228 additions and 92 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
charts/envoy-gateway-controller/.helmignore Normal file
View File

@@ -0,0 +1,23 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*.orig
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/

6
charts/envoy-gateway-controller/Chart.lock Normal file
View File

@@ -0,0 +1,6 @@
dependencies:
- name: gateway-helm
repository: oci://docker.io/envoyproxy
version: v1.4.1
digest: sha256:033c3f49f2642c2c50bed2a0169bbef8da4aa29d5296430c3a3d170a82deeaa3
generated: "2025-06-22T14:29:46.146880015+01:00"

13
charts/envoy-gateway-controller/Chart.yaml Normal file
View File

@@ -0,0 +1,13 @@
apiVersion: v2
name: envoy-gateway-controller
description: A Helm chart for Kubernetes
type: application
version: 0.1.0
appVersion: "1.16.0"
dependencies:
- alias: envoy-gateway-controller
name: gateway-helm
# https://gateway.envoyproxy.io/news/releases/matrix/
version: v1.4.1
repository: "oci://docker.io/envoyproxy"

41
charts/envoy-gateway-controller/README.md Normal file
View File

@@ -0,0 +1,41 @@
# envoy-gateway
![Version: 0.1.0](https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.16.0](https://img.shields.io/badge/AppVersion-1.16.0-informational?style=flat-square)
A Helm chart for Kubernetes
## Requirements
| Repository | Name | Version |
|------------|------|---------|
| oci://docker.io/envoyproxy | envoy-gateway(gateway-helm) | v1.4.1 |
## Values
| Key | Type | Default | Description |
|-----|------|---------|-------------|
| envoy-gateway.deployment.envoyGateway.resources.limits.memory | string | `"256Mi"` | |
| envoy-gateway.deployment.envoyGateway.resources.requests.cpu | string | `"100m"` | |
| envoy-gateway.deployment.envoyGateway.resources.requests.memory | string | `"256Mi"` | |
| envoy-gateway.hpa.behavior.scaleDown.policies[0].periodSeconds | int | `15` | |
| envoy-gateway.hpa.behavior.scaleDown.policies[0].type | string | `"Percent"` | |
| envoy-gateway.hpa.behavior.scaleDown.policies[0].value | int | `100` | |
| envoy-gateway.hpa.behavior.scaleDown.selectPolicy | string | `"Max"` | |
| envoy-gateway.hpa.behavior.scaleDown.stabilizationWindowSeconds | int | `300` | |
| envoy-gateway.hpa.behavior.scaleUp.policies[0].periodSeconds | int | `15` | |
| envoy-gateway.hpa.behavior.scaleUp.policies[0].type | string | `"Percent"` | |
| envoy-gateway.hpa.behavior.scaleUp.policies[0].value | int | `100` | |
| envoy-gateway.hpa.behavior.scaleUp.policies[1].periodSeconds | int | `15` | |
| envoy-gateway.hpa.behavior.scaleUp.policies[1].type | string | `"Pods"` | |
| envoy-gateway.hpa.behavior.scaleUp.policies[1].value | int | `4` | |
| envoy-gateway.hpa.behavior.scaleUp.selectPolicy | string | `"Max"` | |
| envoy-gateway.hpa.behavior.scaleUp.stabilizationWindowSeconds | int | `0` | |
| envoy-gateway.hpa.enabled | bool | `true` | |
| envoy-gateway.hpa.maxReplicas | int | `5` | |
| envoy-gateway.hpa.metrics[0].resource.name | string | `"cpu"` | |
| envoy-gateway.hpa.metrics[0].resource.target.averageUtilization | int | `80` | |
| envoy-gateway.hpa.metrics[0].resource.target.type | string | `"Utilization"` | |
| envoy-gateway.hpa.metrics[0].type | string | `"Resource"` | |
| envoy-gateway.hpa.minReplicas | int | `3` | |
| envoy-gateway.podDistruptionBudget.minAvailable | int | `1` | |

43
charts/envoy-gateway-controller/values.yaml Normal file
View File

@@ -0,0 +1,43 @@
envoy-gateway-controller:
deployment:
envoyGateway:
resources:
limits:
memory: 256Mi # default is 1024Mi
requests:
cpu: 100m
memory: 256Mi
hpa:
enabled: true
minReplicas: 3
maxReplicas: 5
metrics:
- type: Resource
resource:
name: cpu
target:
averageUtilization: 80
type: Utilization
behavior:
scaleDown:
stabilizationWindowSeconds: 300
policies:
- type: Percent
value: 100
periodSeconds: 15
selectPolicy: Max
scaleUp:
stabilizationWindowSeconds: 0
policies:
- type: Percent
value: 100
periodSeconds: 15
- type: Pods
value: 4
periodSeconds: 15
selectPolicy: Max
podDistruptionBudget:
minAvailable: 1

6
charts/envoy-gateway/Chart.lock
View File

@@ -1,6 +0,0 @@
dependencies:
- name: gateway-helm
repository: oci://docker.io/envoyproxy
version: v1.4.1
digest: sha256:6c7b2cadacc5deb812a239ef3cf642e2c98b8d56310954c30c24d233beb97e68
generated: "2025-06-22T12:09:47.981924268+01:00"

6
charts/envoy-gateway/Chart.yaml
View File

@@ -4,9 +4,3 @@ description: A Helm chart for Kubernetes
type: application type: application
version: 0.1.0 version: 0.1.0
appVersion: "1.16.0" appVersion: "1.16.0"
dependencies:
- alias: envoy-gateway
name: gateway-helm
version: v1.4.1
repository: "oci://docker.io/envoyproxy"

30
charts/envoy-gateway/README.md
View File

@@ -8,34 +8,14 @@ A Helm chart for Kubernetes
| Repository | Name | Version | | Repository | Name | Version |
|------------|------|---------| |------------|------|---------|
| oci://docker.io/envoyproxy | envoy-gateway(gateway-helm) | v1.4.1 | | https://charts.bitnami.com/bitnami | envoy-gateway | 2.5.15 |
## Values ## Values
| Key | Type | Default | Description | | Key | Type | Default | Description |
|-----|------|---------|-------------| |-----|------|---------|-------------|
| envoy-gateway.deployment.envoyGateway.resources.limits.memory | string | `"256Mi"` | | | envoy-gateway.createController | bool | `true` | |
| envoy-gateway.deployment.envoyGateway.resources.requests.cpu | string | `"100m"` | | | envoy-gateway.ingress.enabled | bool | `false` | |
| envoy-gateway.deployment.envoyGateway.resources.requests.memory | string | `"256Mi"` | | | envoy-gateway.ingress.hostname | string | `"secrets.deepcypher.me"` | |
| envoy-gateway.hpa.behavior.scaleDown.policies[0].periodSeconds | int | `15` | | | envoy-gateway.networkPolicy.enabled | bool | `true` | |
| envoy-gateway.hpa.behavior.scaleDown.policies[0].type | string | `"Percent"` | |
| envoy-gateway.hpa.behavior.scaleDown.policies[0].value | int | `100` | |
| envoy-gateway.hpa.behavior.scaleDown.selectPolicy | string | `"Max"` | |
| envoy-gateway.hpa.behavior.scaleDown.stabilizationWindowSeconds | int | `300` | |
| envoy-gateway.hpa.behavior.scaleUp.policies[0].periodSeconds | int | `15` | |
| envoy-gateway.hpa.behavior.scaleUp.policies[0].type | string | `"Percent"` | |
| envoy-gateway.hpa.behavior.scaleUp.policies[0].value | int | `100` | |
| envoy-gateway.hpa.behavior.scaleUp.policies[1].periodSeconds | int | `15` | |
| envoy-gateway.hpa.behavior.scaleUp.policies[1].type | string | `"Pods"` | |
| envoy-gateway.hpa.behavior.scaleUp.policies[1].value | int | `4` | |
| envoy-gateway.hpa.behavior.scaleUp.selectPolicy | string | `"Max"` | |
| envoy-gateway.hpa.behavior.scaleUp.stabilizationWindowSeconds | int | `0` | |
| envoy-gateway.hpa.enabled | bool | `true` | |
| envoy-gateway.hpa.maxReplicas | int | `5` | |
| envoy-gateway.hpa.metrics[0].resource.name | string | `"cpu"` | |
| envoy-gateway.hpa.metrics[0].resource.target.averageUtilization | int | `80` | |
| envoy-gateway.hpa.metrics[0].resource.target.type | string | `"Utilization"` | |
| envoy-gateway.hpa.metrics[0].type | string | `"Resource"` | |
| envoy-gateway.hpa.minReplicas | int | `3` | |
| envoy-gateway.podDistruptionBudget.minAvailable | int | `1` | |

44
charts/envoy-gateway/values.yaml
View File

@@ -1,43 +1 @@
envoy-gateway: envoy-gateway: {}
deployment:
envoyGateway:
resources:
limits:
memory: 256Mi # default is 1024Mi
requests:
cpu: 100m
memory: 256Mi
hpa:
enabled: true
minReplicas: 3
maxReplicas: 5
metrics:
- type: Resource
resource:
name: cpu
target:
averageUtilization: 80
type: Utilization
behavior:
scaleDown:
stabilizationWindowSeconds: 300
policies:
- type: Percent
value: 100
periodSeconds: 15
selectPolicy: Max
scaleUp:
stabilizationWindowSeconds: 0
policies:
- type: Percent
value: 100
periodSeconds: 15
- type: Pods
value: 4
periodSeconds: 15
selectPolicy: Max
podDistruptionBudget:
minAvailable: 1

93
charts/infrastructure/templates/envoy-gateway-controller.yaml Normal file
View File

@@ -0,0 +1,93 @@
apiVersion: v1
kind: Namespace
metadata:
# annotations:
# volsync.backube/privileged-movers: "true"
labels:
kubernetes.io/metadata.name: envoy-gateway-system
name: envoy-gateway-system
---
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: envoy-gateway-controller
namespace: argocd
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
ignoreDifferences:
# ignore deployment .spec.replicas as it is managed by HPA
- group: 'apps'
kind: Deployment
name: envoy-gateway-controller
jsonPointers:
- /spec/replicas
destination:
name: ''
namespace: envoy-gateway-system
server: 'https://kubernetes.default.svc'
source:
path: charts/envoy-gateway-controller
repoURL: {{ .Values.global.repo }}
targetRevision: {{ .Values.environment.revision }}
helm:
values: |
{{- include "defaultEnvironment" . | indent 8 }}
{{- if eq .Values.environment.mode "staging" }}
{{- else if eq .Values.environment.mode "production" }}
{{- end }}
#project: envoy-gateway-controller
project: default
syncPolicy:
automated:
prune: true
selfHeal: true
syncOptions:
- CreateNamespace=true
- ApplyOutOfSyncOnly=true
- ServerSideApply=true
- RespectIgnoreDifferences=true
---
apiVersion: argoproj.io/v1alpha1
kind: AppProject
metadata:
name: envoy-gateway-controller
namespace: argocd
# Finalizer that ensures that project is not deleted until it is not referenced by any application
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
description: Infra-level project to isolate envoy-gateway-controller
# Allow manifests to deploy from any Git repos
sourceRepos:
- '*'
# Only permit applications to deploy to the guestbook namespace in the same cluster
destinations:
- namespace: envoy-gateway-controller
server: https://kubernetes.default.svc
# Deny all cluster-scoped resources from being created, except for Namespace
clusterResourceWhitelist:
- group: ''
kind: Namespace
# Allow all namespaced-scoped resources to be created, except for ResourceQuota, LimitRange, NetworkPolicy
namespaceResourceBlacklist:
- group: ''
kind: ResourceQuota
- group: ''
kind: LimitRange
#- group: ''
# kind: NetworkPolicy
# # Deny all namespaced-scoped resources from being created, except for Deployment and StatefulSet
# namespaceResourceWhitelist:
# - group: 'apps'
# kind: Deployment
# - group: 'apps'
# kind: StatefulSet
roles:
# A role which provides read-only access to all applications in the project
- name: read-only
description: Read-only privileges to envoy-gateway-controller
policies:
- p, proj:my-project:read-only, applications, get, envoy-gateway-controller/*, allow
groups:
- my-oidc-group

15
charts/infrastructure/templates/envoy-gateway.yaml
View File

@@ -4,8 +4,8 @@ metadata:
# annotations: # annotations:
# volsync.backube/privileged-movers: "true" # volsync.backube/privileged-movers: "true"
labels: labels:
kubernetes.io/metadata.name: envoy-gateway-system kubernetes.io/metadata.name: envoy-gateway
name: envoy-gateway-system name: envoy-gateway
--- ---
apiVersion: argoproj.io/v1alpha1 apiVersion: argoproj.io/v1alpha1
kind: Application kind: Application
@@ -15,16 +15,9 @@ metadata:
finalizers: finalizers:
- resources-finalizer.argocd.argoproj.io - resources-finalizer.argocd.argoproj.io
spec: spec:
ignoreDifferences:
# ignore deployment .spec.replicas as it is managed by HPA
- group: 'apps'
kind: Deployment
name: envoy-gateway
jsonPointers:
- /spec/replicas
destination: destination:
name: '' name: ''
namespace: envoy-gateway-system namespace: envoy-gateway
server: 'https://kubernetes.default.svc' server: 'https://kubernetes.default.svc'
source: source:
path: charts/envoy-gateway path: charts/envoy-gateway
@@ -45,8 +38,6 @@ spec:
syncOptions: syncOptions:
- CreateNamespace=true - CreateNamespace=true
- ApplyOutOfSyncOnly=true - ApplyOutOfSyncOnly=true
- ServerSideApply=true
- RespectIgnoreDifferences=true
--- ---
apiVersion: argoproj.io/v1alpha1 apiVersion: argoproj.io/v1alpha1
kind: AppProject kind: AppProject