feat(k8s-ycl)!: Archive

2025-07-04 00:47:04 +02:00 · 2025-02-07 20:05:37 +01:00 · 2025-02-07 20:05:37 +01:00 · 1cbcf20cfe
commit 1cbcf20cfe
parent 8b33237e27
10 changed files with 0 additions and 0 deletions
--- a/.archive/k8s-ycl/.helmignore
+++ b/.archive/k8s-ycl/.helmignore
@ -0,0 +1,30 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
+# OWNERS file for Kubernetes
+OWNERS
+
+# helm-docs templates
+*.gotmpl
+
+# helm unit tests
+tests/
--- a/.archive/k8s-ycl/Chart.yaml
+++ b/.archive/k8s-ycl/Chart.yaml
@ -0,0 +1,30 @@
+---
+apiVersion: v2
+description: Kubernetes admission controller to remove CPU limits from Pods.
+name: k8s-ycl
+version: 1.3.3
+appVersion: v0.2.0
+kubeVersion: ">=1.22.0-0"
+sources:
+  - https://github.com/bjw-s/k8s-ycl
+keywords:
+  - cpu
+  - resources
+  - limits
+  - admission
+  - controller
+maintainers:
+  - name: bjw-s
+    email: me@bjw-s.dev
+dependencies:
+  - name: common
+    repository: https://bjw-s.github.io/helm-charts
+    version: 3.6.1
+annotations:
+  artifacthub.io/changes: |-
+    - kind: changed
+      description: |
+        Update common library to 3.6.1
+  artifacthub.io/links: |
+    - name: "source"
+      url: "https://github.com/bjw-s/k8s-ycl"
--- a/.archive/k8s-ycl/README.md
+++ b/.archive/k8s-ycl/README.md
@ -0,0 +1,71 @@
+# k8s-ycl
+
+![Version: 1.3.0](https://img.shields.io/badge/Version-1.3.0-informational?style=flat-square) ![AppVersion: v0.2.0](https://img.shields.io/badge/AppVersion-v0.2.0-informational?style=flat-square)
+
+Kubernetes admission controller to remove CPU limits from Pods.
+
+## Maintainers
+
+| Name | Email | Url |
+| ---- | ------ | --- |
+| bjw-s | <me@bjw-s.dev> |  |
+
+## Source Code
+
+* <https://github.com/bjw-s/k8s-ycl>
+
+## Requirements
+
+Kubernetes: `>=1.22.0-0`
+
+| Repository | Name | Version |
+|------------|------|---------|
+| https://bjw-s.github.io/helm-charts | common | 3.6.1 |
+
+## Values
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| controllers.main.containers.main.image.pullPolicy | string | `"Always"` |  |
+| controllers.main.containers.main.image.repository | string | `"ghcr.io/bjw-s/k8s-ycl"` |  |
+| controllers.main.containers.main.image.tag | string | `"{{ .Chart.AppVersion }}"` |  |
+| controllers.main.containers.main.probes.liveness.custom | bool | `true` |  |
+| controllers.main.containers.main.probes.liveness.enabled | bool | `true` |  |
+| controllers.main.containers.main.probes.liveness.spec.failureThreshold | int | `3` |  |
+| controllers.main.containers.main.probes.liveness.spec.httpGet.path | string | `"/healthz"` |  |
+| controllers.main.containers.main.probes.liveness.spec.httpGet.port | int | `8081` |  |
+| controllers.main.containers.main.probes.liveness.spec.initialDelaySeconds | int | `0` |  |
+| controllers.main.containers.main.probes.liveness.spec.periodSeconds | int | `10` |  |
+| controllers.main.containers.main.probes.liveness.spec.timeoutSeconds | int | `1` |  |
+| controllers.main.containers.main.probes.readiness.custom | bool | `true` |  |
+| controllers.main.containers.main.probes.readiness.enabled | bool | `true` |  |
+| controllers.main.containers.main.probes.readiness.spec.failureThreshold | int | `3` |  |
+| controllers.main.containers.main.probes.readiness.spec.httpGet.path | string | `"/readyz"` |  |
+| controllers.main.containers.main.probes.readiness.spec.httpGet.port | int | `8081` |  |
+| controllers.main.containers.main.probes.readiness.spec.initialDelaySeconds | int | `0` |  |
+| controllers.main.containers.main.probes.readiness.spec.periodSeconds | int | `10` |  |
+| controllers.main.containers.main.probes.readiness.spec.timeoutSeconds | int | `1` |  |
+| controllers.main.containers.main.probes.startup.custom | bool | `true` |  |
+| controllers.main.containers.main.probes.startup.enabled | bool | `true` |  |
+| controllers.main.containers.main.probes.startup.spec.failureThreshold | int | `30` |  |
+| controllers.main.containers.main.probes.startup.spec.httpGet.path | string | `"/healthz"` |  |
+| controllers.main.containers.main.probes.startup.spec.httpGet.port | int | `8081` |  |
+| controllers.main.containers.main.probes.startup.spec.initialDelaySeconds | int | `0` |  |
+| controllers.main.containers.main.probes.startup.spec.periodSeconds | int | `5` |  |
+| controllers.main.containers.main.probes.startup.spec.timeoutSeconds | int | `1` |  |
+| controllers.main.strategy | string | `"RollingUpdate"` |  |
+| persistence.certs.globalMounts[0].path | string | `"/tls"` |  |
+| persistence.certs.name | string | `"{{ include \"k8s-ycl.servingCertificate\" . }}"` |  |
+| persistence.certs.type | string | `"secret"` |  |
+| service.main.controller | string | `"main"` |  |
+| service.main.nameOverride | string | `"webhook"` |  |
+| service.main.ports.http.port | int | `9443` |  |
+| service.main.ports.metrics.port | int | `8080` |  |
+| service.main.ports.probe.port | int | `8081` |  |
+| serviceAccount.create | bool | `true` |  |
+| webhook.ignoreOwnNamespace | bool | `true` |  |
+| webhook.ignoredNamespaces[0] | string | `"kube-system"` |  |
+| webhook.path | string | `"/mutate--v1-pod"` |  |
+
+----------------------------------------------
+Autogenerated from chart metadata using [helm-docs v1.13.1](https://github.com/norwoodj/helm-docs/releases/v1.13.1)
--- a/.archive/k8s-ycl/templates/_hardcodedValues.tpl
+++ b/.archive/k8s-ycl/templates/_hardcodedValues.tpl
@ -0,0 +1,2 @@
+{{- define "k8s-ycl.hardcodedValues" -}}
+{{- end -}}
--- a/.archive/k8s-ycl/templates/_helpers.tpl
+++ b/.archive/k8s-ycl/templates/_helpers.tpl
@ -0,0 +1,44 @@
+{{- define "k8s-ycl.init" -}}
+  {{/* Make sure all variables are set properly */}}
+  {{- include "bjw-s.common.loader.init" . }}
+
+  {{- $_ := include "k8s-ycl.hardcodedValues" . | fromYaml | merge .Values -}}
+{{- end -}}
+
+{{- define "k8s-ycl.webhookPort" -}}
+9443
+{{- end -}}
+
+{{- define "k8s-ycl.webhookPath" -}}
+/mutate--v1-pod
+{{- end -}}
+
+{{- define "k8s-ycl.ignoredNamespaces" -}}
+  {{- $ownNamespace := $.Release.Namespace -}}
+  {{- $ignoredNamespaces := list -}}
+  {{- if $.Values.webhook.ignoreOwnNamespace -}}
+    {{- $ignoredNamespaces = append $ignoredNamespaces $ownNamespace -}}
+  {{- end -}}
+  {{- with $.Values.webhook.ignoredNamespaces -}}
+    {{- range . -}}
+      {{- $ignoredNamespaces = append $ignoredNamespaces . -}}
+    {{- end -}}
+  {{- end -}}
+  {{- $ignoredNamespaces | uniq | toYaml -}}
+{{- end -}}
+
+{{- define "k8s-ycl.selfSignedIssuer" -}}
+{{ printf "%s-webhook-selfsign" (include "bjw-s.common.lib.chart.names.fullname" .) }}
+{{- end -}}
+
+{{- define "k8s-ycl.rootCAIssuer" -}}
+{{ printf "%s-webhook-ca" (include "bjw-s.common.lib.chart.names.fullname" .) }}
+{{- end -}}
+
+{{- define "k8s-ycl.rootCACertificate" -}}
+{{ printf "%s-webhook-ca" (include "bjw-s.common.lib.chart.names.fullname" .) }}
+{{- end -}}
+
+{{- define "k8s-ycl.servingCertificate" -}}
+{{ printf "%s-webhook-tls" (include "bjw-s.common.lib.chart.names.fullname" .) }}
+{{- end -}}
--- a/.archive/k8s-ycl/templates/admissionregistration.yaml
+++ b/.archive/k8s-ycl/templates/admissionregistration.yaml
@ -0,0 +1,39 @@
+{{/* Make sure all variables are set properly */}}
+{{- include "k8s-ycl.init" . -}}
+---
+apiVersion: admissionregistration.k8s.io/v1
+kind: MutatingWebhookConfiguration
+metadata:
+  name: {{ include "bjw-s.common.lib.chart.names.fullname" . | quote }}
+  {{- with (include "bjw-s.common.lib.metadata.allLabels" $ | fromYaml) }}
+  labels: {{- toYaml . | nindent 4 }}
+  {{- end }}
+  annotations:
+    cert-manager.io/inject-ca-from: "{{ .Release.Namespace }}/{{ include "k8s-ycl.servingCertificate" . }}"
+webhooks:
+  - name: "{{ include "bjw-s.common.lib.chart.names.fullname" . }}.svc.cluster.local"
+    namespaceSelector:
+      matchExpressions:
+      - key: kubernetes.io/metadata.name
+        operator: NotIn
+        values: {{ include "k8s-ycl.ignoredNamespaces" . | nindent  10 }}
+    clientConfig:
+      service:
+        namespace: {{ .Release.Namespace | quote }}
+        name: {{ include "bjw-s.common.lib.chart.names.fullname" . }}-webhook
+        path: {{ include "k8s-ycl.webhookPath" . }}
+        port: {{ include "k8s-ycl.webhookPort" . }}
+    failurePolicy: Fail
+    admissionReviewVersions: ["v1", "v1beta1"]
+    sideEffects: None
+    timeoutSeconds: 5
+    rules:
+      - apiGroups:
+        - ""
+        apiVersions:
+        - v1
+        operations:
+        - CREATE
+        - UPDATE
+        resources:
+        - pods
--- a/.archive/k8s-ycl/templates/common.yaml
+++ b/.archive/k8s-ycl/templates/common.yaml
@ -0,0 +1,6 @@
+---
+{{/* Make sure all variables are set properly */}}
+{{- include "k8s-ycl.init" . }}
+
+{{/* Render the templates */}}
+{{- include "bjw-s.common.loader.all" . }}
--- a/.archive/k8s-ycl/templates/pki.yaml
+++ b/.archive/k8s-ycl/templates/pki.yaml
@ -0,0 +1,62 @@
+{{/* Make sure all variables are set properly */}}
+{{- include "k8s-ycl.init" . -}}
+---
+# Create a selfsigned Issuer, in order to create a root CA certificate for
+# signing webhook serving certificates
+apiVersion: cert-manager.io/v1
+kind: Issuer
+metadata:
+  name: {{ include "k8s-ycl.selfSignedIssuer" . }}
+  namespace: {{ .Release.Namespace | quote }}
+  labels:
+    {{- include "bjw-s.common.lib.metadata.allLabels" . | nindent 4 }}
+spec:
+  selfSigned: {}
+---
+# Generate a CA Certificate used to sign certificates for the webhook
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: {{ include "k8s-ycl.rootCACertificate" . }}
+  namespace: {{ .Release.Namespace | quote }}
+  labels:
+    {{- include "bjw-s.common.lib.metadata.allLabels" . | nindent 4 }}
+spec:
+  secretName: {{ include "k8s-ycl.rootCACertificate" . }}
+  duration: 43800h # 5y
+  issuerRef:
+    name: {{ include "k8s-ycl.selfSignedIssuer" . }}
+    kind: Issuer
+  commonName: "ca.k8s-ycl.cert-manager"
+  isCA: true
+---
+# Create an Issuer that uses the above generated CA certificate to issue certs
+apiVersion: cert-manager.io/v1
+kind: Issuer
+metadata:
+  name: {{ include "k8s-ycl.rootCAIssuer" . }}
+  namespace: {{ .Release.Namespace | quote }}
+  labels:
+    {{- include "bjw-s.common.lib.metadata.allLabels" . | nindent 4 }}
+spec:
+  ca:
+    secretName: {{ include "k8s-ycl.rootCACertificate" . }}
+---
+# Finally, generate a serving certificate for the webhook to use
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: {{ include "k8s-ycl.servingCertificate" . }}
+  namespace: {{ .Release.Namespace | quote }}
+  labels:
+    {{- include "bjw-s.common.lib.metadata.allLabels" . | nindent 4 }}
+spec:
+  secretName: {{ include "k8s-ycl.servingCertificate" . }}
+  duration: 8760h # 1y
+  issuerRef:
+    name: {{ include "k8s-ycl.rootCAIssuer" . }}
+    kind: Issuer
+  dnsNames:
+  - {{ include "bjw-s.common.lib.chart.names.fullname" . }}-webhook
+  - {{ include "bjw-s.common.lib.chart.names.fullname" . }}-webhook.{{ .Release.Namespace }}
+  - {{ include "bjw-s.common.lib.chart.names.fullname" . }}-webhook.{{ .Release.Namespace }}.svc
--- a/.archive/k8s-ycl/values.schema.json
+++ b/.archive/k8s-ycl/values.schema.json
@ -0,0 +1,3 @@
+{
+  "$ref": "https://raw.githubusercontent.com/bjw-s/helm-charts/common-3.6.1/charts/library/common/values.schema.json"
+}
--- a/.archive/k8s-ycl/values.yaml
+++ b/.archive/k8s-ycl/values.yaml
@ -0,0 +1,75 @@
+---
+# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/app-template-3.0.3/charts/other/app-template/schemas/helmrelease-helm-v2beta2.schema.json
+controllers:
+  main:
+    strategy: RollingUpdate
+    containers:
+      main:
+        image:
+          repository: ghcr.io/bjw-s/k8s-ycl
+          tag: "{{ .Chart.AppVersion }}"
+          pullPolicy: Always
+        probes:
+          liveness:
+            enabled: true
+            custom: true
+            spec:
+              httpGet:
+                path: /healthz
+                port: 8081
+              initialDelaySeconds: 0
+              periodSeconds: 10
+              timeoutSeconds: 1
+              failureThreshold: 3
+          readiness:
+            enabled: true
+            custom: true
+            spec:
+              httpGet:
+                path: /readyz
+                port: 8081
+              initialDelaySeconds: 0
+              periodSeconds: 10
+              timeoutSeconds: 1
+              failureThreshold: 3
+          startup:
+            enabled: true
+            custom: true
+            spec:
+              httpGet:
+                path: /healthz
+                port: 8081
+              initialDelaySeconds: 0
+              failureThreshold: 30
+              periodSeconds: 5
+              timeoutSeconds: 1
+
+persistence:
+  certs:
+    type: secret
+    name: >-
+      {{ include "k8s-ycl.servingCertificate" . }}
+    globalMounts:
+      - path: /tls
+
+service:
+  main:
+    controller: main
+    nameOverride: webhook
+    ports:
+      http:
+        port: 9443
+      metrics:
+        port: 8080
+      probe:
+        port: 8081
+
+serviceAccount:
+  create: true
+
+webhook:
+  path: /mutate--v1-pod
+
+  ignoreOwnNamespace: true
+  ignoredNamespaces:
+    - kube-system