Merge pull request #7 from restackio/operator

Add Operator

Author: aboutphilippe

restack/templates/ingress.yaml

@@ -64,5 +64,17 @@ spec:
               serviceName: {{ $fullName }}-stream
               servicePort: 9233
               {{- end }}
+          - path: /operator
+            pathType: Prefix
+            backend:
+              {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }}
+              service:
+                name: {{ $fullName }}-operator
+                port:
+                  number: 10233
+              {{- else }}
+              serviceName: {{ $fullName }}-operator
+              servicePort: 10233
+              {{- end }}
     {{- end }}
 {{- end }}

restack/templates/operator/deployment.yaml

@@ -0,0 +1,88 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ include "restack.fullname" . }}-operator
+  labels:
+    {{- include "restack.operatorLabels" . | nindent 4 }}
+  annotations:
+    reloader.stakater.com/search: "true"
+spec:
+  strategy:
+    type: RollingUpdate
+    rollingUpdate:
+      maxSurge: 1
+      maxUnavailable: 1
+  selector:
+    matchLabels:
+      {{- include "restack.operatorSelectorLabels" . | nindent 6 }}
+  template:
+    metadata:
+      labels:
+        {{- include "restack.operatorSelectorLabels" . | nindent 8 }}
+    spec:
+      {{- with .Values.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      serviceAccountName: {{ include "restack.serviceAccountName" . }}
+      securityContext:
+        {{- toYaml .Values.podSecurityContext | nindent 8 }}
+      {{- if .Values.logs.gcp.bucket }}
+      initContainers:
+        - name: workload-identity-initcontainer
+          image: gcr.io/google.com/cloudsdktool/cloud-sdk:alpine
+          command:
+          - '/bin/bash'
+          - '-c'
+          - |
+            curl -sS -H 'Metadata-Flavor: Google' 'http://169.254.169.254/computeMetadata/v1/instance/service-accounts/default/token' --retry 30 --retry-connrefused --retry-max-time 60 --connect-timeout 3 --fail --retry-all-errors > /dev/null && exit 0 || echo 'Retry limit exceeded. Failed to wait for metadata server to be available. Check if the gke-metadata-server Pod in the kube-system namespace is healthy.' >&2; exit 1
+      {{- end }}
+      containers:
+        - name: {{ .Chart.Name }}-operator
+          envFrom:
+            - configMapRef:
+                name: {{ include "restack.fullname" . }}-configmap
+            - secretRef:
+                name: {{ include "restack.fullname" . }}-secret
+          securityContext:
+            {{- toYaml .Values.securityContext | nindent 12 }}
+          image: ghcr.io/restackio/restack-operator-cloud:main
+          imagePullPolicy: Always
+          ports:
+            - containerPort: 10233
+              name: operator
+          resources:
+            {{- toYaml .Values.operator.resources | nindent 12 }}
+
+        {{- if .Values.logs.enabled }}
+        # Sidecar container for logging
+        - name: deployment-logs
+          image: ghcr.io/restackio/k8s-logs-sidecar:main
+          imagePullPolicy: Always
+          env:
+            - name: POD_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: DEPLOYMENT_NAME
+              value: {{ include "restack.fullname" . }}-operator
+            - name: GCS_BUCKET_NAME
+              value: {{ .Values.logs.gcp.bucket }}
+            - name: POD_SELECTOR
+              value: {{ include "restack.name" . }}-operator
+            - name: CONTAINER_LOGS_NAME
+              value: {{ .Chart.Name }}-operator
+        {{- end }}
+
+      {{- with .Values.nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.affinity }}
+      affinity:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.tolerations }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}

restack/templates/operator/hpa.yaml

@@ -0,0 +1,41 @@
+{{- if .Values.operator.hpa.enabled }}
+apiVersion: autoscaling/v2
+kind: HorizontalPodAutoscaler
+metadata:
+  name: {{ include "restack.fullname" . }}-operator-hpa
+spec:
+  scaleTargetRef:
+    apiVersion: apps/v1
+    kind: Deployment
+    name: {{ include "restack.fullname" . }}-operator
+  minReplicas: {{ .Values.operator.hpa.minReplicas }}
+  maxReplicas: {{ .Values.operator.hpa.maxReplicas }}
+  metrics:
+    - type: Resource
+      resource:
+        name: cpu
+        target:
+          type: Utilization
+          averageUtilization: {{ .Values.operator.hpa.averageUtilization.cpu }}
+    - type: Resource
+      resource:
+        name: memory
+        target:
+          type: Utilization
+          averageUtilization: {{ .Values.operator.hpa.averageUtilization.memory }}
+  behavior:
+    scaleUp:
+      stabilizationWindowSeconds: 0 # increased stabilization window for scale up
+      selectPolicy: Max
+      policies:
+        - type: Pods
+          value: 1 # reduced value for scale up
+          periodSeconds: 30
+    scaleDown:
+      stabilizationWindowSeconds: 300 # increased stabilization window for scale down
+      selectPolicy: Max
+      policies:
+        - type: Pods
+          value: 1 # reduced value for scale down
+          periodSeconds: 60
+{{- end }}

restack/templates/operator/service.yaml

@@ -0,0 +1,16 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "restack.fullname" . }}-operator
+  labels:
+    {{- include "restack.operatorLabels" . | nindent 4 }}
+spec:
+  type: {{ .Values.service.type }}
+  ports:
+    - port: 10233
+      targetPort: 10233
+      protocol: TCP
+      name: operator
+      
+  selector:
+    {{- include "restack.operatorSelectorLabels" . | nindent 4 }}