diff --git a/.github/linters/agent-ct.yaml b/.github/linters/agent-ct.yaml new file mode 100644 index 00000000..e58379ca --- /dev/null +++ b/.github/linters/agent-ct.yaml @@ -0,0 +1,8 @@ +# See https://github.com/helm/chart-testing#configuration +charts: + - charts/prefect-agent +chart-repos: + - bitnami=https://charts.bitnami.com/bitnami +helm-extra-args: --timeout 600s +namespace: prefect +release-label: prefect diff --git a/.github/linters/ct.yaml b/.github/linters/orion-ct.yaml similarity index 72% rename from .github/linters/ct.yaml rename to .github/linters/orion-ct.yaml index 1ae8f4ee..14dd9527 100644 --- a/.github/linters/ct.yaml +++ b/.github/linters/orion-ct.yaml @@ -1,8 +1,6 @@ # See https://github.com/helm/chart-testing#configuration -remote: origin -target-branch: main -chart-dirs: - - charts +charts: + - charts/prefect-orion chart-repos: - bitnami=https://charts.bitnami.com/bitnami helm-extra-args: --timeout 600s diff --git a/.github/workflows/agent-lint-and-test.yaml b/.github/workflows/agent-lint-and-test.yaml new file mode 100644 index 00000000..cceba14d --- /dev/null +++ b/.github/workflows/agent-lint-and-test.yaml @@ -0,0 +1,39 @@ +name: Lint and Test Prefect Agent Chart + +on: + pull_request: + paths: + - .github/workflows/agent-lint-and-test.yaml + - .github/linters/agent-ct.yaml + - 'charts/prefect-agent/**' + +jobs: + lint-test: + runs-on: ubuntu-latest + steps: + - name: Checkout Code + uses: actions/checkout@v3 + with: + fetch-depth: 0 + + - name: Set up Helm + uses: azure/setup-helm@v3.3 + with: + version: v3.9.2 + + - name: Set up chart-testing + uses: helm/chart-testing-action@v2.3.0 + + - name: Run chart-testing (lint) + run: ct lint --config .github/linters/agent-ct.yaml + + - name: Create kind cluster + uses: helm/kind-action@v1.3.0 + + - name: Create API Secret for Agent Chart + run: | + kubectl create ns prefect + kubectl create secret generic prefect-api-key --from-literal=key=${{ secrets.PREFECT_CLOUD_API_KEY }} -n prefect + + - name: Run chart-testing (install) + run: ct install --config .github/linters/agent-ct.yaml --helm-extra-set-args "--set=agent.config.workQueueName=test-helm --set=agent.config.accountId=${{ secrets.PREFECT_CLOUD_ACCOUNT_ID }} --set=agent.config.workspaceId=${{ secrets.PREFECT_CLOUD_WORKSPACE_ID }}" diff --git a/.github/workflows/linting.yaml b/.github/workflows/linting.yaml deleted file mode 100644 index 9e221031..00000000 --- a/.github/workflows/linting.yaml +++ /dev/null @@ -1,42 +0,0 @@ -name: Lint and Test Charts - -on: pull_request - -jobs: - lint-test: - runs-on: ubuntu-latest - steps: - - name: Checkout Code - uses: actions/checkout@v3 - with: - fetch-depth: 0 - - - name: Set up Helm - uses: azure/setup-helm@v3.3 - with: - version: v3.9.2 - - # - uses: actions/setup-python@v4 - # with: - # python-version: 3.7 - - - name: Set up chart-testing - uses: helm/chart-testing-action@v2.3.0 - - - name: Run chart-testing (list-changed) - id: list-changed - run: | - changed=$(ct list-changed --config .github/linters/ct.yaml) - if [[ -n "$changed" ]]; then - echo "::set-output name=changed::true" - fi - - - name: Run chart-testing (lint) - run: ct lint --config .github/linters/ct.yaml --check-version-increment=false - - - name: Create kind cluster - uses: helm/kind-action@v1.3.0 - if: steps.list-changed.outputs.changed == 'true' - - - name: Run chart-testing (install) - run: ct install --config .github/linters/ct.yaml diff --git a/.github/workflows/orion-lint-and-test.yaml b/.github/workflows/orion-lint-and-test.yaml new file mode 100644 index 00000000..f5fa121e --- /dev/null +++ b/.github/workflows/orion-lint-and-test.yaml @@ -0,0 +1,34 @@ +name: Lint and Test Prefect Orion Chart + +on: + pull_request: + paths: + - .github/workflows/orion-lint-and-test.yaml + - .github/linters/orion-ct.yaml + - 'charts/prefect-orion/**' + +jobs: + lint-test: + runs-on: ubuntu-latest + steps: + - name: Checkout Code + uses: actions/checkout@v3 + with: + fetch-depth: 0 + + - name: Set up Helm + uses: azure/setup-helm@v3.3 + with: + version: v3.9.2 + + - name: Set up chart-testing + uses: helm/chart-testing-action@v2.3.0 + + - name: Run chart-testing (lint) + run: ct lint --config .github/linters/orion-ct.yaml + + - name: Create kind cluster + uses: helm/kind-action@v1.3.0 + + - name: Run chart-testing (install) + run: ct install --config .github/linters/orion-ct.yaml --helm-extra-set-args "--set=postgresql.auth.password=TESTING" diff --git a/charts/prefect-agent/Chart.yaml b/charts/prefect-agent/Chart.yaml index f857c9a7..6a10d1d5 100644 --- a/charts/prefect-agent/Chart.yaml +++ b/charts/prefect-agent/Chart.yaml @@ -1,16 +1,23 @@ apiVersion: v2 -name: prefect-agent -description: Prefect orion application bundle -type: application +appVersion: latest +dependencies: + - name: common + repository: https://charts.bitnami.com/bitnami + tags: + - bitnami-common + version: 2.0.3 +description: Prefect Agent application bundle +engine: gotpl home: https://github.com/PrefectHQ -# This version is never actually shipped. github actions will replace it at build-time -# with the appropriate version -version: 1.0.0 -appVersion: "latest" maintainers: - name: gabcoyne email: george@prefect.io - name: jamiezieziula email: jamie@prefect.io +name: prefect-agent sources: - https://github.com/PrefectHQ/prefect-helm +type: application +# This version is never actually shipped. github actions will replace it at build-time +# with the appropriate version +version: 1.0.0 diff --git a/charts/prefect-agent/README.md b/charts/prefect-agent/README.md index 6d76613a..c4053ac8 100644 --- a/charts/prefect-agent/README.md +++ b/charts/prefect-agent/README.md @@ -2,7 +2,7 @@ ![Version: 1.0.0](https://img.shields.io/badge/Version-1.0.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: latest](https://img.shields.io/badge/AppVersion-latest-informational?style=flat-square) -Prefect orion application bundle +Prefect Agent application bundle **Homepage:** @@ -17,33 +17,48 @@ Prefect orion application bundle * +## Requirements + +| Repository | Name | Version | +|------------|------|---------| +| https://charts.bitnami.com/bitnami | common | 2.0.3 | + ## Values | Key | Type | Default | Description | |-----|------|---------|-------------| -| affinity | object | `{}` | | -| annotations | object | `{}` | | -| config.accountId | string | `""` | | -| config.apiKeySecret | object | `{"key":"","name":""}` | Prefect cloud API key | -| config.apiUrl | string | `"https://api.prefect.cloud"` | | -| config.commonLabels | object | `{}` | | -| config.debugEnabled | bool | `true` | | -| config.workQueueName | string | `"prd"` | | -| config.workspaceName | string | `""` | | -| fullnameOverride | string | `""` | | -| image.pullPolicy | string | `"IfNotPresent"` | | -| image.repository | string | `"prefecthq/prefect"` | | -| image.tag | string | `"2-latest"` | | -| nameOverride | string | `""` | | -| nodeSelector | object | `{}` | | -| podLabels | object | `{}` | | -| replicaCount | int | `1` | | -| resources | object | `{}` | | -| securityContext | object | `{}` | | -| serviceAccount.annotations | object | `{}` | | -| serviceAccount.create | bool | `true` | | -| serviceAccount.name | string | `""` | | -| tolerations | list | `[]` | | +| agent.affinity | object | `{}` | affinity for agent pods assignment | +| agent.config.accountId | string | `""` | prefect account ID | +| agent.config.apiKeySecret.key | string | `"key"` | prefect API secret key | +| agent.config.apiKeySecret.name | string | `"prefect-api-key"` | prefect API secret name | +| agent.config.apiUrl | string | `"https://api.prefect.cloud"` | prefect API url | +| agent.config.workQueueName | string | `""` | prefect workqueue name | +| agent.config.workspaceId | string | `""` | prefect workspace ID | +| agent.extraEnvVars | list | `[]` | array with extra environment variables to add to agent nodes | +| agent.extraEnvVarsCM | string | `""` | name of existing ConfigMap containing extra env vars to add to agent nodes | +| agent.extraEnvVarsSecret | string | `""` | name of existing Secret containing extra env vars to add to agent nodes | +| agent.image.debug | bool | `false` | enable agent image debug mode | +| agent.image.pullPolicy | string | `"IfNotPresent"` | agent image pull policy | +| agent.image.pullSecrets | list | `[]` | agent image pull secrets | +| agent.image.repository | string | `"prefecthq/prefect"` | agent image repository | +| agent.image.tag | string | `"2-latest"` | agent image tag (immutable tags are recommended) | +| agent.nodeSelector | object | `{}` | node labels for agent pods assignment | +| agent.podAnnotations | object | `{}` | extra annotations for agent pod | +| agent.podLabels | object | `{}` | extra labels for agent pod | +| agent.podSecurityContext.enabled | bool | `true` | enabled agent pods' security context | +| agent.podSecurityContext.fsGroup | int | `1001` | set agent pod's security context fsGroup | +| agent.replicaCount | int | `1` | number of agent replicas to deploy | +| agent.resources.limits | object | `{}` | the requested limits for the agent container | +| agent.resources.requests | object | `{}` | the requested resources for the agent container | +| agent.tolerations | list | `[]` | tolerations for agent pods assignment | +| commonAnnotations | object | `{}` | annotations to add to all deployed objects | +| commonLabels | object | `{}` | labels to add to all deployed objects | +| fullnameOverride | string | `"prefect-agent"` | fully override common.names.fullname | +| nameOverride | string | `""` | partially overrides common.names.name | +| namespaceOverride | string | `""` | fully override common.names.namespace | +| serviceAccount.annotations | object | `{}` | additional service account annotations (evaluated as a template) | +| serviceAccount.create | bool | `true` | specifies whether a ServiceAccount should be created | +| serviceAccount.name | string | `""` | the name of the ServiceAccount to use. if not set and create is true, a name is generated using the common.names.fullname template | ---------------------------------------------- Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) diff --git a/charts/prefect-agent/templates/NOTES.txt b/charts/prefect-agent/templates/NOTES.txt index 896509e6..fc0e796f 100644 --- a/charts/prefect-agent/templates/NOTES.txt +++ b/charts/prefect-agent/templates/NOTES.txt @@ -1 +1 @@ -1. Check Prefect agent connections in the prefect UI at {{ .Values.config.apiUrl }} +1. Check Prefect agent connections in the prefect UI at {{ .Values.agent.config.apiUrl }} diff --git a/charts/prefect-agent/templates/_helpers.tpl b/charts/prefect-agent/templates/_helpers.tpl index 83150777..1a9070cb 100644 --- a/charts/prefect-agent/templates/_helpers.tpl +++ b/charts/prefect-agent/templates/_helpers.tpl @@ -1,77 +1,22 @@ -{{/* -Expand the name of the chart. -*/}} -{{- define "prefect-agent.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "prefect-agent.fullname" -}} -{{- if .Values.fullnameOverride }} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- $name := default .Chart.Name .Values.nameOverride }} -{{- if contains $name .Release.Name }} -{{- .Release.Name | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end }} -{{- end }} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "prefect-agent.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Common labels -*/}} -{{- define "prefect-agent.labels" -}} -helm.sh/chart: {{ include "prefect-agent.chart" . }} -{{ include "prefect-agent.selectorLabels" . }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end }} -{{- if .Values.config.commonLabels}} -{{ toYaml .Values.config.commonLabels }} -{{- end }} - -{{/* -Selector labels -*/}} -{{- define "prefect-agent.selectorLabels" -}} -app.kubernetes.io/name: {{ include "prefect-agent.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- end }} - {{/* Create the name of the service account to use */}} -{{- define "prefect-agent.serviceAccountName" -}} -{{- if .Values.serviceAccount.create }} -{{- default (include "prefect-agent.fullname" .) .Values.serviceAccount.name }} -{{- else }} -{{- default "default" .Values.serviceAccount.name }} -{{- end }} -{{- end }} +{{- define "agent.serviceAccountName" -}} +{{- if .Values.serviceAccount.create -}} + {{ default (include "common.names.fullname" .) .Values.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.serviceAccount.name }} +{{- end -}} +{{- end -}} {{/* - prefect-agent.apiUrl: + agent.apiUrl: Define API URL for workspace or for */}} -{{- define "prefect-agent.apiUrl" -}} -{{- if ne .Values.config.apiUrl "https://api.prefect.cloud" }} -{{- .Values.config.apiUrl | quote }} +{{- define "agent.apiUrl" -}} +{{- if and .Values.agent.config.accountId .Values.agent.config.workspaceId }} +{{- printf "%s/api/accounts/%s/workspaces/%s" .Values.agent.config.apiUrl .Values.agent.config.accountId .Values.agent.config.workspaceId | quote }} {{- else }} -{{- printf "%s/api/accounts/%s/workspaces/%s" .Values.config.apiUrl .Values.config.accountId .Values.config.workspaceName | quote }} +{{- .Values.agent.config.apiUrl | quote }} {{- end }} {{- end }} diff --git a/charts/prefect-agent/templates/agent/deployment.yaml b/charts/prefect-agent/templates/agent/deployment.yaml deleted file mode 100644 index 38c02007..00000000 --- a/charts/prefect-agent/templates/agent/deployment.yaml +++ /dev/null @@ -1,49 +0,0 @@ -apiVersion : apps/v1 -kind: Deployment -metadata: - name: {{ template "prefect-agent.fullname" . }} - labels: - {{- include "prefect-agent.labels" . | nindent 4 }} -spec: - replicas: {{ .Values.replicaCount }} - selector: - matchLabels: - {{- include "prefect-agent.selectorLabels" . | nindent 6 }} - template: - metadata: - annotations: {{ toYaml .Values.annotations | nindent 8 }} - labels: - {{- include "prefect-agent.selectorLabels" . | nindent 8 }} - {{- if .Values.podLabels }} - {{ toYaml .Values.podLabels | trim }} - {{- end }} - spec: - {{- if .Values.image.pullSecrets }} - imagePullSecrets: - {{- range .Values.image.pullSecrets }} - - name: {{ . }} - {{- end }} - {{- end }} - serviceAccountName: {{ template "prefect-agent.serviceAccountName" . }} - containers: - - name: {{ .Chart.Name }} - image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} - command: ["prefect", "agent", "start", "-q", {{ .Values.config.workQueueName }}] - env: - - name: PREFECT_DEBUG_MODE - value: {{ .Values.config.debugEnabled | quote }} - - name: PREFECT_API_URL - value: {{ template "prefect-agent.apiUrl" . }} - {{- if and .Values.config.apiKeySecret.name .Values.config.apiKeySecret.key }} - - name: PREFECT_API_KEY - valueFrom: - secretKeyRef: - name: {{ .Values.config.apiKeySecret.name }} - key: {{ .Values.config.apiKeySecret.key }} - {{- end }} - resources: {{ toYaml .Values.resources | nindent 12 }} - securityContext: {{ toYaml .Values.securityContext | nindent 8 }} - nodeSelector: {{ toYaml .Values.nodeSelector | nindent 8 }} - affinity: {{ toYaml .Values.affinity | nindent 8 }} - tolerations: {{ toYaml .Values.tolerations | nindent 8 }} diff --git a/charts/prefect-agent/templates/agent/rbac.yaml b/charts/prefect-agent/templates/agent/rbac.yaml deleted file mode 100644 index 3afa60f9..00000000 --- a/charts/prefect-agent/templates/agent/rbac.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: flow-runner-role-binding - namespace: {{ .Release.Namespace | quote }} -subjects: -- kind: ServiceAccount - name: {{ template "prefect-agent.serviceAccountName" . }} - namespace: {{ .Release.Namespace | quote }} -roleRef: - kind: Role - name: flow-runner - apiGroup: rbac.authorization.k8s.io diff --git a/charts/prefect-agent/templates/agent/role.yaml b/charts/prefect-agent/templates/agent/role.yaml deleted file mode 100644 index b4809d69..00000000 --- a/charts/prefect-agent/templates/agent/role.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - namespace: {{ .Release.Namespace | quote }} - name: flow-runner -rules: -- apiGroups: [""] - resources: ["pods", "pods/log", "pods/status"] - verbs: ["get", "watch", "list"] -- apiGroups: ["batch"] - resources: ["jobs"] - verbs: [ "get", "list", "watch", "create", "update", "patch", "delete" ] diff --git a/charts/prefect-agent/templates/agent/serviceaccount.yaml b/charts/prefect-agent/templates/agent/serviceaccount.yaml deleted file mode 100644 index 229d1912..00000000 --- a/charts/prefect-agent/templates/agent/serviceaccount.yaml +++ /dev/null @@ -1,9 +0,0 @@ -{{- if .Values.serviceAccount.create -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ include "prefect-agent.serviceAccountName" . }} - labels: - {{- include "prefect-agent.labels" . | nindent 4 }} - annotations: {{ toYaml .Values.serviceAccount.annotations | nindent 4 }} -{{- end }} diff --git a/charts/prefect-agent/templates/deployment.yaml b/charts/prefect-agent/templates/deployment.yaml new file mode 100644 index 00000000..b7280275 --- /dev/null +++ b/charts/prefect-agent/templates/deployment.yaml @@ -0,0 +1,78 @@ +apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} +kind: Deployment +metadata: + name: {{ template "common.names.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: agent + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + replicas: {{ .Values.agent.replicaCount }} + selector: + matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} + app.kubernetes.io/component: agent + template: + metadata: + {{- if .Values.agent.podAnnotations }} + annotations: {{- include "common.tplvalues.render" (dict "value" .Values.agent.podAnnotations "context" $) | nindent 8 }} + {{- end }} + labels: {{- include "common.labels.standard" . | nindent 8 }} + app.kubernetes.io/component: agent + {{- if .Values.agent.podLabels }} + {{- include "common.tplvalues.render" (dict "value" .Values.agent.podLabels "context" $) | nindent 8 }} + {{- end }} + spec: + {{- if .Values.agent.image.pullSecrets }} + imagePullSecrets: + {{- range .Values.agent.image.pullSecrets }} + - name: {{ . }} + {{- end }} + {{- end }} + serviceAccountName: {{ template "agent.serviceAccountName" . }} + {{- if .Values.agent.affinity }} + affinity: {{- include "common.tplvalues.render" ( dict "value" .Values.agent.affinity "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.agent.nodeSelector }} + nodeSelector: {{- include "common.tplvalues.render" ( dict "value" .Values.agent.nodeSelector "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.agent.tolerations }} + tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.agent.tolerations "context" .) | nindent 8 }} + {{- end }} + {{- if .Values.agent.podSecurityContext.enabled }} + securityContext: {{- omit .Values.agent.podSecurityContext "enabled" | toYaml | nindent 8 }} + {{- end }} + containers: + - name: prefect-agent + image: "{{ .Values.agent.image.repository }}:{{ .Values.agent.image.tag }}" + imagePullPolicy: {{ .Values.agent.image.pullPolicy }} + command: ["prefect", "agent", "start", "-q", {{ .Values.agent.config.workQueueName }}] + env: + - name: PREFECT_DEBUG_MODE + value: {{ .Values.agent.image.debug | quote }} + - name: PREFECT_API_URL + value: {{ template "agent.apiUrl" . }} + - name: PREFECT_API_KEY + valueFrom: + secretKeyRef: + name: {{ .Values.agent.config.apiKeySecret.name }} + key: {{ .Values.agent.config.apiKeySecret.key }} + {{- if .Values.agent.extraEnvVars }} + {{- include "common.tplvalues.render" (dict "value" .Values.agent.extraEnvVars "context" $) | nindent 12 }} + {{- end }} + envFrom: + {{- if .Values.agent.extraEnvVarsCM }} + - configMapRef: + name: {{ include "common.tplvalues.render" (dict "value" .Values.agent.extraEnvVarsCM "context" $) }} + {{- end }} + {{- if .Values.agent.extraEnvVarsSecret }} + - secretRef: + name: {{ include "common.tplvalues.render" (dict "value" .Values.agent.extraEnvVarsSecret "context" $) }} + {{- end }} + {{- if .Values.agent.resources }} + resources: {{- toYaml .Values.agent.resources | nindent 12 }} + {{- end }} diff --git a/charts/prefect-agent/templates/role.yaml b/charts/prefect-agent/templates/role.yaml new file mode 100644 index 00000000..da2845e4 --- /dev/null +++ b/charts/prefect-agent/templates/role.yaml @@ -0,0 +1,20 @@ +apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} +kind: Role +metadata: + name: {{ include "common.names.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: agent + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +rules: +- apiGroups: [""] + resources: ["pods", "pods/log", "pods/status"] + verbs: ["get", "watch", "list"] +- apiGroups: ["batch"] + resources: ["jobs"] + verbs: [ "get", "list", "watch", "create", "update", "patch", "delete" ] diff --git a/charts/prefect-agent/templates/rolebinding.yaml b/charts/prefect-agent/templates/rolebinding.yaml new file mode 100644 index 00000000..ff2589cd --- /dev/null +++ b/charts/prefect-agent/templates/rolebinding.yaml @@ -0,0 +1,20 @@ +apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} +kind: RoleBinding +metadata: + name: {{ template "common.names.fullname" . }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: agent + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ template "common.names.fullname" . }} +subjects: + - kind: ServiceAccount + name: {{ template "agent.serviceAccountName" . }} + namespace: {{ include "common.names.namespace" . | quote }} diff --git a/charts/prefect-agent/templates/serviceaccount.yaml b/charts/prefect-agent/templates/serviceaccount.yaml new file mode 100644 index 00000000..cd7863de --- /dev/null +++ b/charts/prefect-agent/templates/serviceaccount.yaml @@ -0,0 +1,21 @@ +{{- if .Values.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "agent.serviceAccountName" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: agent + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if or .Values.serviceAccount.annotations .Values.commonAnnotations }} + annotations: + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.serviceAccount.annotations }} + {{- include "common.tplvalues.render" (dict "value" .Values.serviceAccount.annotations "context" $) | nindent 4 }} + {{- end }} + {{- end }} +{{- end }} diff --git a/charts/prefect-agent/values.yaml b/charts/prefect-agent/values.yaml index 8cf807de..592a2ec3 100644 --- a/charts/prefect-agent/values.yaml +++ b/charts/prefect-agent/values.yaml @@ -1,62 +1,105 @@ -replicaCount: 1 - -image: - repository: prefecthq/prefect - tag: 2-latest - pullPolicy: IfNotPresent +## Common parameters +# -- partially overrides common.names.name +nameOverride: "" +# -- fully override common.names.fullname +fullnameOverride: "prefect-agent" +# -- fully override common.names.namespace +namespaceOverride: "" +# -- labels to add to all deployed objects +commonLabels: {} +# -- annotations to add to all deployed objects +commonAnnotations: {} - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## - # pullSecrets: - # - myRegistrKeySecretName +## Deployment Configuration +agent: + image: + # -- agent image repository + repository: prefecthq/prefect + # -- agent image tag (immutable tags are recommended) + tag: 2-latest + # -- agent image pull policy + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## e.g: + ## pullSecrets: + ## - myRegistryKeySecretName + # -- agent image pull secrets + pullSecrets: [] + # -- enable agent image debug mode + debug: false -serviceAccount: - # Specifies whether a service account should be created - create: true - # Annotations to add to the service account - annotations: {} - # The name of the service account to use. - # If not set and create is true, a name is generated using the fullname template - name: "" + config: + # -- prefect API url + apiUrl: https://api.prefect.cloud + # -- prefect account ID + accountId: "" + # -- prefect workspace ID + workspaceId: "" + # -- prefect workqueue name + workQueueName: "" + apiKeySecret: + # -- prefect API secret name + name: prefect-api-key + # -- prefect API secret key + key: key -config: - apiUrl: https://api.prefect.cloud - accountId: "" - workspaceName: "" - workQueueName: prd + # -- number of agent replicas to deploy + replicaCount: 1 - debugEnabled: true + resources: + # -- the requested resources for the agent container + requests: {} + # -- the requested limits for the agent container + limits: {} - commonLabels: {} + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod + podSecurityContext: + # -- enabled agent pods' security context + enabled: true + # -- set agent pod's security context fsGroup + fsGroup: 1001 - # -- Prefect cloud API key - apiKeySecret: - name: "" - key: "" + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ + # -- extra labels for agent pod + podLabels: {} -securityContext: {} - # The securityContext this Pod should use. See https://kubernetes.io/docs/concepts/policy/security-context/ for more. - # runAsUser: 65534 + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ + # -- extra annotations for agent pod + podAnnotations: {} -nodeSelector: {} + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity + # -- affinity for agent pods assignment + affinity: {} -affinity: {} + ## ref: https://kubernetes.io/docs/user-guide/node-selection/ + # -- node labels for agent pods assignment + nodeSelector: {} -tolerations: [] + ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ + # -- tolerations for agent pods assignment + tolerations: [] -annotations: {} + ## List of extra env vars + ## e.g: + ## extraEnvVars: + ## - name: FOO + ## value: "bar" + # -- array with extra environment variables to add to agent nodes + extraEnvVars: [] -resources: {} - # limits: - # cpu: 100m - # memory: 128Mi - # requests: - # cpu: 100m - # memory: 128Mi + # -- name of existing ConfigMap containing extra env vars to add to agent nodes + extraEnvVarsCM: "" -podLabels: {} + # -- name of existing Secret containing extra env vars to add to agent nodes + extraEnvVarsSecret: "" -nameOverride: "" -fullnameOverride: "" +## ServiceAccount configuration +serviceAccount: + # -- specifies whether a ServiceAccount should be created + create: true + # -- the name of the ServiceAccount to use. if not set and create is true, a name is generated using the common.names.fullname template + name: "" + # -- additional service account annotations (evaluated as a template) + annotations: {} diff --git a/charts/prefect-orion/README.md b/charts/prefect-orion/README.md index f862b39e..92d75e5c 100644 --- a/charts/prefect-orion/README.md +++ b/charts/prefect-orion/README.md @@ -52,6 +52,7 @@ Prefect orion application bundle | api.tolerations | list | `[]` | | | postgresql.auth.database | string | `"orion"` | | | postgresql.auth.existingSecret | string | `nil` | | +| postgresql.auth.password | string | `""` | | | postgresql.auth.username | string | `"prefect"` | | | postgresql.containerPorts.postgresql | int | `5432` | | | postgresql.enabled | bool | `true` | | diff --git a/charts/prefect-orion/values.yaml b/charts/prefect-orion/values.yaml index 08361f12..1d699f3b 100644 --- a/charts/prefect-orion/values.yaml +++ b/charts/prefect-orion/values.yaml @@ -80,7 +80,7 @@ postgresql: # when using the Postgres database included in the chart. # For an external postgres connection, you must create # and use `existingSecret` instead of `postgresqlPassword`. - # password: "HEREWEGO" + password: "" # existingSecret configures which secret should be referenced # for access to the database. If null and `useSubChart` is