dana-team
diff --git a/‎charts/container-app-operator/.helmignore‎
Lines changed: 23 additions & 0 deletions b/‎charts/container-app-operator/.helmignore‎
Lines changed: 23 additions & 0 deletions
diff --git a/‎charts/container-app-operator/Chart.yaml‎
Lines changed: 3 additions & 6 deletions b/‎charts/container-app-operator/Chart.yaml‎
Lines changed: 3 additions & 6 deletions
diff --git a/‎charts/container-app-operator/README.md‎
Lines changed: 30 additions & 37 deletions b/‎charts/container-app-operator/README.md‎
Lines changed: 30 additions & 37 deletions
diff --git a/‎charts/container-app-operator/crds/rcs.dana.io_cappconfigs.yaml‎
Lines changed: 86 additions & 7 deletions b/‎charts/container-app-operator/crds/rcs.dana.io_cappconfigs.yaml‎
Lines changed: 86 additions & 7 deletions
@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
@@ -1,7 +1,6 @@
 apiVersion: v2
 name: container-app-operator
-description: A Helm chart for container-app-operator
-
+description: A Helm chart for Kubernetes
 # A chart can be either an 'application' or a 'library' chart.
 #
 # Application charts are a collection of templates that can be packaged into versioned archives
@@ -11,14 +10,12 @@ description: A Helm chart for container-app-operator
 # a dependency of application charts to inject those utilities and functions into the rendering
 # pipeline. Library charts do not define any templates and therefore cannot be deployed.
 type: application
-
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.0.0
-
+version: 0.1.0
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
-appVersion: "latest"
+appVersion: "0.1.0"
@@ -1,53 +1,46 @@
 # container-app-operator
 
-![Version: 0.0.0](https://img.shields.io/badge/Version-0.0.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: latest](https://img.shields.io/badge/AppVersion-latest-informational?style=flat-square)
+![Version: 0.1.0](https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.1.0](https://img.shields.io/badge/AppVersion-0.1.0-informational?style=flat-square)
 
-A Helm chart for container-app-operator
+A Helm chart for Kubernetes
 
 ## Values
 
 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
-| affinity | object | `{}` | Node affinity rules for scheduling pods. Allows you to specify advanced node selection constraints. |
-| config | object | `{"autoscaleConfig":{"activationScale":3,"concurrency":10,"cpu":80,"memory":70,"rps":200},"dnsConfig":{"cname":"ingress.capp-zone.com.","issuer":"cert-issuer","provider":"dns-default","zone":"capp-zone.com."}}` | Configuration for Cappconfig CRD |
-| config.autoscaleConfig.activationScale | int | `3` | The default activationScale for autoscaling. |
+| config | object | `{"autoscaleConfig":{"activationScale":3,"concurrency":10,"cpu":80,"memory":70,"rps":200},"defaultResources":{"limits":{"cpu":"200m","memory":"200Mi"},"requests":{"cpu":"100m","memory":"100Mi"}},"dnsConfig":{"cname":"ingress.capp-zone.com.","issuer":"cert-issuer","provider":"dns-default","zone":"capp-zone.com."},"enabled":true,"invalidHostnamePatterns":[""]}` | Configuration for CappConfig CRD |
+| config.autoscaleConfig.activationScale | int | `3` | The default activation scale (minimum replicas before scaling starts). |
 | config.autoscaleConfig.concurrency | int | `10` | The default concurrency limit for autoscaling. |
 | config.autoscaleConfig.cpu | int | `80` | The default CPU utilization percentage for autoscaling. |
 | config.autoscaleConfig.memory | int | `70` | The default memory utilization percentage for autoscaling. |
 | config.autoscaleConfig.rps | int | `200` | The default Requests Per Second (RPS) threshold for autoscaling. |
+| config.defaultResources.limits | object | `{"cpu":"200m","memory":"200Mi"}` | Default compute resource limits applied to all Capp workloads. |
+| config.defaultResources.limits.cpu | string | `"200m"` | Maximum requested CPU per Capp workload. |
+| config.defaultResources.limits.memory | string | `"200Mi"` | Maximum allowed memory per Capp workload. |
+| config.defaultResources.requests.cpu | string | `"100m"` | Default requested CPU per Capp workload. |
+| config.defaultResources.requests.memory | string | `"100Mi"` | Default requested memory per Capp workload. |
 | config.dnsConfig.cname | string | `"ingress.capp-zone.com."` | The canonical name that CNAMEs created by the operator should point at. |
-| config.dnsConfig.issuer | string | `"cert-issuer"` | The name of the Certificate External Issuer name |
+| config.dnsConfig.issuer | string | `"cert-issuer"` | The name of the Certificate External Issuer name. |
 | config.dnsConfig.provider | string | `"dns-default"` | The name of the Crossplane DNS provider config. |
 | config.dnsConfig.zone | string | `"capp-zone.com."` | The DNS zone for the application. |
-| fullnameOverride | string | `""` |  |
-| image.manager.pullPolicy | string | `"IfNotPresent"` | The pull policy for the image. |
-| image.manager.repository | string | `"ghcr.io/dana-team/container-app-operator"` | The repository of the manager container image. |
-| image.manager.tag | string | `""` | The tag of the manager container image. |
-| klusterlet | object | `{"enabled":true,"namespace":"open-cluster-management-agent","serviceAccountName":"klusterlet-work-sa"}` | Configuration for the service account used by the Klusterlet work. |
-| klusterlet.enabled | bool | `true` | Flag to indiciate whether to deploy Klusterlet-related resources (defaults to true) |
-| klusterlet.namespace | string | `"open-cluster-management-agent"` | The namespace where the service account resides. |
-| klusterlet.serviceAccountName | string | `"klusterlet-work-sa"` | The name of the Klusterset service account. |
-| livenessProbe | object | `{"initialDelaySeconds":15,"periodSeconds":20}` | Configuration for the liveness probe. |
-| livenessProbe.initialDelaySeconds | int | `15` | The initial delay before the liveness probe is initiated. |
-| livenessProbe.periodSeconds | int | `20` | The frequency (in seconds) with which the probe will be performed. |
-| manager | object | `{"args":["--leader-elect","--health-probe-bind-address=:8081","--metrics-bind-address=127.0.0.1:8080"],"command":["/manager"],"ports":{"health":{"containerPort":8081,"name":"health","protocol":"TCP"}},"resources":{"limits":{"cpu":"500m","memory":"128Mi"},"requests":{"cpu":"10m","memory":"64Mi"}},"securityContext":{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]}}}` | Configuration for the manager container. |
-| manager.args | list | `["--leader-elect","--health-probe-bind-address=:8081","--metrics-bind-address=127.0.0.1:8080"]` | Command-line arguments passed to the manager container. |
-| manager.command | list | `["/manager"]` | Command-line commands passed to the manager container. |
-| manager.ports.health.containerPort | int | `8081` | The port for the health check endpoint. |
-| manager.ports.health.name | string | `"health"` | The name of the health check port. |
-| manager.ports.health.protocol | string | `"TCP"` | The protocol used by the health check endpoint. |
-| manager.resources | object | `{"limits":{"cpu":"500m","memory":"128Mi"},"requests":{"cpu":"10m","memory":"64Mi"}}` | Resource requests and limits for the manager container. |
-| manager.securityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]}}` | Security settings for the manager container. |
-| nameOverride | string | `""` |  |
-| nodeSelector | object | `{}` | Node selector for scheduling pods. Allows you to specify node labels for pod assignment. |
-| readinessProbe | object | `{"initialDelaySeconds":5,"periodSeconds":10}` | Configuration for the readiness probe. |
-| readinessProbe.initialDelaySeconds | int | `5` | The initial delay before the readiness probe is initiated. |
-| readinessProbe.periodSeconds | int | `10` | The frequency (in seconds) with which the probe will be performed. |
-| replicaCount | int | `1` | The number of replicas for the deployment. |
-| securityContext | object | `{}` | Pod-level security context for the entire pod. |
-| service | object | `{"httpsPort":8443,"protocol":"TCP","targetPort":"https"}` | Configuration for the metrics service. |
-| service.httpsPort | int | `8443` | The port for the HTTPS endpoint. |
-| service.protocol | string | `"TCP"` | The protocol used by the HTTPS endpoint. |
-| service.targetPort | string | `"https"` | The name of the target port. |
-| tolerations | list | `[]` | Node tolerations for scheduling pods. Allows the pods to be scheduled on nodes with matching taints. |
+| config.enabled | bool | `true` | Enable or disable creation of the CappConfig resource by Helm. |
+| config.invalidHostnamePatterns[0] | string | `""` | A list of regex patterns that hostnames of Capp workloads must not match. If a Capp hostname matches one of these patterns, its creation will be blocked. |
+| controllerManager.manager.args | list | `["--metrics-bind-address=:8443","--leader-elect"]` | Arguments passed to the controller manager container. |
+| controllerManager.manager.containerSecurityContext.allowPrivilegeEscalation | bool | `false` | Whether a process can gain more privileges than its parent process. |
+| controllerManager.manager.containerSecurityContext.capabilities | object | `{"drop":["ALL"]}` | Linux capabilities to drop from the container for improved security. |
+| controllerManager.manager.image.imagePullPolicy | string | `"IfNotPresent"` | Controller manager container image pull policy. |
+| controllerManager.manager.image.repository | string | `"controller"` | Controller manager container image repository. |
+| controllerManager.manager.image.tag | string | `"latest"` | Controller manager container image tag. |
+| controllerManager.manager.resources.limits.cpu | string | `"500m"` | Maximum CPU limit for the controller manager container. |
+| controllerManager.manager.resources.limits.memory | string | `"128Mi"` | Maximum memory limit for the controller manager container. |
+| controllerManager.manager.resources.requests.cpu | string | `"10m"` | Minimum CPU request for the controller manager container. |
+| controllerManager.manager.resources.requests.memory | string | `"64Mi"` | Minimum memory request for the controller manager container. |
+| controllerManager.podSecurityContext.runAsNonRoot | bool | `true` | Run controller manager pods as non-root user. |
+| controllerManager.replicas | int | `1` | Number of replicas for the controller manager Deployment. |
+| controllerManager.serviceAccount.annotations | object | `{}` | Annotations to add to the service account used by the controller manager. |
+| kubernetesClusterDomain | string | `"cluster.local"` | Domain name of the Kubernetes cluster. |
+| webhookService.ports | list | `[{"port":443,"protocol":"TCP","targetPort":9443}]` | List of ports exposed by the webhook service. |
+| webhookService.type | string | `"ClusterIP"` | Type of Kubernetes Service to expose the webhook (ClusterIP, NodePort, LoadBalancer). |
 
+----------------------------------------------
+Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2)
@@ -1,10 +1,13 @@
----
 apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
-  annotations:
-    controller-gen.kubebuilder.io/version: v0.16.2
   name: cappconfigs.rcs.dana.io
+  annotations:
+    cert-manager.io/inject-ca-from: '{{ .Release.Namespace }}/{{ include "container-app-operator.fullname"
+      . }}-serving-cert'
+    controller-gen.kubebuilder.io/version: v0.16.4
+  labels:
+  {{- include "container-app-operator.labels" . | nindent 4 }}
 spec:
   group: rcs.dana.io
   names:
@@ -55,8 +58,7 @@ spec:
                         upscaling.
                       type: integer
                     rps:
-                      description: RPS is the desired requests per second to trigger
-                        upscaling.
+                      description: RPS is the desired requests per second to trigger upscaling.
                       type: integer
                   required:
                     - activationScale
@@ -65,11 +67,72 @@ spec:
                     - memory
                     - rps
                   type: object
+                defaultResources:
+                  description: |-
+                    DefaultResources is the default resources to be assigned to Capp.
+                    If other resources are specified then they override the default values.
+                  properties:
+                    claims:
+                      description: |-
+                        Claims lists the names of resources, defined in spec.resourceClaims,
+                        that are used by this container.
+
+                        This field depends on the
+                        DynamicResourceAllocation feature gate.
+
+                        This field is immutable. It can only be set for containers.
+                      items:
+                        description: ResourceClaim references one entry in PodSpec.ResourceClaims.
+                        properties:
+                          name:
+                            description: |-
+                              Name must match the name of one entry in pod.spec.resourceClaims of
+                              the Pod where this field is used. It makes that resource available
+                              inside a container.
+                            type: string
+                          request:
+                            description: |-
+                              Request is the name chosen for a request in the referenced claim.
+                              If empty, everything from the claim is made available, otherwise
+                              only the result of this request.
+                            type: string
+                        required:
+                          - name
+                        type: object
+                      type: array
+                      x-kubernetes-list-map-keys:
+                        - name
+                      x-kubernetes-list-type: map
+                    limits:
+                      additionalProperties:
+                        anyOf:
+                          - type: integer
+                          - type: string
+                        pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                        x-kubernetes-int-or-string: true
+                      description: |-
+                        Limits describes the maximum amount of compute resources allowed.
+                        More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+                      type: object
+                    requests:
+                      additionalProperties:
+                        anyOf:
+                          - type: integer
+                          - type: string
+                        pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                        x-kubernetes-int-or-string: true
+                      description: |-
+                        Requests describes the minimum amount of compute resources required.
+                        If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
+                        otherwise to an implementation-defined value. Requests cannot exceed Limits.
+                        More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+                      type: object
+                  type: object
                 dnsConfig:
                   properties:
                     cname:
-                      description: CNAME defines the CNAME record that will be used
-                        for Capp Hostnames
+                      description: CNAME defines the CNAME record that will be used for
+                        Capp Hostnames
                       type: string
                     issuer:
                       description: Issuer defines the certificate issuer
@@ -86,13 +149,29 @@ spec:
                     - provider
                     - zone
                   type: object
+                invalidHostnamePatterns:
+                  default: []
+                  description: |-
+                    InvalidHostnamePatterns is an optional slice of regex patterns to be used to validate the hostname of the Capp.
+                    If the Capp hostname matches a pattern, it is blocked from being created.
+                  items:
+                    type: string
+                  type: array
               required:
                 - autoscaleConfig
+                - defaultResources
                 - dnsConfig
+                - invalidHostnamePatterns
               type: object
             status:
               description: CappConfigStatus defines the observed state of CappConfig
               type: object
           type: object
       served: true
       storage: true
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []