Add extraPodSpec to allow customizing Pods

josephshanak commented 6 months ago

Not sure how this is normally tested, so here are examples of the template output.

Fixes #204.

$ helm template  charts/minecraft  --set 'minecraftServer.eula=true' --set 'extraPodSpec.priorityClassName=test-priority-class' | grep 'test-priority-class' -C 10
            drop:
            - ALL
          readOnlyRootFilesystem: true
      volumes:
      - name: tmp
        emptyDir: {}
      - name: datadir
        emptyDir: {}
      - name: backupdir
        emptyDir: {}
      priorityClassName: test-priority-class

$ helm template  charts/minecraft-bedrock  --set 'minecraftServer.eula=true' --set 'extraPodSpec.priorityClassName=test-priority-class' | grep 'test-priority-class' -C 10
          allowPrivilegeEscalation: false
          capabilities:
            drop:
            - ALL
          readOnlyRootFilesystem: true
      volumes:
      - name: tmp
        emptyDir: {}
      - name: datadir
        emptyDir: {}
      priorityClassName: test-priority-class

$ helm template  charts/mc-router  --set 'minecraftServer.eula=true' --set 'extraPodSpec.priorityClassName=test-priority-class' | grep 'test-priority-class' -C 70
        app.kubernetes.io/name: mc-router
        app.kubernetes.io/instance: release-name
        app.kubernetes.io/version: "1.20.0"
        app.kubernetes.io/managed-by: Helm
    spec:
      serviceAccountName: release-name-mc-router
      securityContext:
        {}
      containers:
        - name: mc-router
          securityContext:
            {}
          image: "itzg/mc-router:1.20.0"
          imagePullPolicy: IfNotPresent
          env:
            - name: IN_KUBE_CLUSTER
              value: "true"
            - name: API_BINDING
              value: ":8080"
            - name: PORT
              value: "25565"
            - name: AUTO_SCALE_UP
              value: "false"
            - name: CONNECTION_RATE_LIMIT
              value: "1"
            - name: DEBUG
              value: "false"
            - name: METRICS_BACKEND
              value: "discard"
            - name: SIMPLIFY_SRV
              value: "false"
            - name: USE_PROXY_PROTOCOL
              value: "false"
            - name: VERSION
              value: "false"
          ports:
            - name: api
              containerPort: 8080
              protocol: TCP
            - name: minecraft
              containerPort: 25565
              protocol: TCP
          livenessProbe:
            initialDelaySeconds: 30
            failureThreshold: 20
            httpGet:
              path: /routes
              httpHeaders:
                - name: Accept
                  value: application/json
              port: 8080
          readinessProbe:
            initialDelaySeconds: 30
            failureThreshold: 20
            httpGet:
              path: /routes
              httpHeaders:
                - name: Accept
                  value: application/json
              port: 8080
          startupProbe:
            failureThreshold: 30
            httpGet:
              path: /routes
              httpHeaders:
                - name: Accept
                  value: application/json
              port: 8080
          resources:
            {}
      priorityClassName: test-priority-class

$ helm template  charts/minecraft-proxy  --set 'minecraftServer.eula=true' --set 'extraPodSpec.priorityClassName=test-priority-class' | grep 'test-priority-class' -C 10
          allowPrivilegeEscalation: false
          capabilities:
            drop:
            - ALL
          readOnlyRootFilesystem: true
      volumes:
      - name: tmp
        emptyDir: {}
      - name: datadir
        emptyDir: {}
      priorityClassName: test-priority-class

helm template  charts/rcon-web-admin  --set 'minecraftServer.eula=true' --set 'extraPodSpec.priorityClassName=test-priority-class' --set 'rconWeb.password=testpass' --set 'service.type=LoadBalancer' | grep 'test-priority-class' -C90
        fsGroup: 2000
        runAsGroup: 3000
        runAsNonRoot: true
        runAsUser: 1000
        seccompProfile:
          type: RuntimeDefault
      volumes:
        - name: db
          emptyDir: {}
      containers:
        - name: rcon-web-admin
          securityContext:
            allowPrivilegeEscalation: false
            capabilities:
              drop:
              - ALL
            readOnlyRootFilesystem: true
          image: "docker.io/itzg/rcon:0.14.1-1"
          imagePullPolicy: Always
          env:
            - name: RWA_USERNAME
              value: "admin"
            - name: RWA_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: release-name-rcon-web-admin
                  key: password
            - name: RWA_ADMIN
              value: "FALSE"
            - name: RWA_RCON_HOST
              value: "127.0.0.1"
            - name: RWA_RCON_PORT
              value: "25575"
            - name: RWA_GAME
              value: "minecraft"
            - name: RWA_SERVER_NAME
              value: "minecraft"
            - name: RWA_RCON_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: release-name-rcon-web-admin
                  key: rcon-password
            - name: RWA_RESTRICT_COMMANDS
              value: ""
            - name: RWA_RESTRICT_WIDGETS
              value: ""
            - name: RWA_READ_ONLY_WIDGET_OPTIONS
              value: "FALSE"
            - name: RWA_WEB_RCON
              value: "FALSE"
          command:
            - '/bin/sh'
            - '-c'
            - |-
              # Installing jq to parse k8s response
              export DEBIAN_FRONTEND=noninteractive
              apt-get -qq update >/dev/null && apt-get -qq install -y jq > /dev/null
              # Configuring k8s API auth
              APISERVER=https://kubernetes.default.svc
              SERVICEACCOUNT=/var/run/secrets/kubernetes.io/serviceaccount
              NAMESPACE=$(cat ${SERVICEACCOUNT}/namespace)
              TOKEN=$(cat ${SERVICEACCOUNT}/token)
              CACERT=${SERVICEACCOUNT}/ca.crt
              # Querying for websocket service
              WS_SERVICE="$(curl --silent --cacert ${CACERT} --header "Authorization: Bearer ${TOKEN}" -X GET ${APISERVER}/api/v1/namespaces/default/services/release-name-rcon-web-admin)"
              WS_IP="$(echo "$WS_SERVICE" | jq -r .status.loadBalancer.ingress[0].ip)"
              WS_PORT="4327"
              export RWA_WEBSOCKET_URL="ws://$WS_IP:$WS_PORT"
              export RWA_WEBSOCKET_URL_SSL="wss://$WS_IP:$WS_PORT"
              /usr/local/bin/node src/main.js start
          ports:
            - name: http
              containerPort: 4326
              protocol: TCP
            - name: ws
              containerPort: 4327
              protocol: TCP
          volumeMounts:
            - name: db
              mountPath: /opt/rcon-web-admin/db
          livenessProbe:
            httpGet:
              path: /
              port: http
          readinessProbe:
            httpGet:
              path: /
              port: http
          resources:
            {}
      priorityClassName: test-priority-class

josephshanak commented 6 months ago

Seems like the lint-test check is failing because it couldn't get an IP for the rcon-web-admin service:

5m          Warning   AllocationFailed    service/rcon-web-admin-oyjfjwelyw                                                   metallb-controller                     Failed to allocate IP for "rcon-web-admin-oyjfjwelyw/rcon-web-admin-oyjfjwelyw": no available IPs                           5m           1       rcon-web-admin-oyjfjwelyw.17ca351cea9ab8ff

Perhaps re-running will fix?

itzg commented 6 months ago

I kicked off a re-run, but that rcon web admin is pretty flaky. Might just need to revert the change for that chart.

josephshanak commented 6 months ago

I kicked off a re-run, but that rcon web admin is pretty flaky. Might just need to revert the change for that chart.

Reverted.

itzg / minecraft-server-charts

Add extraPodSpec to allow customizing Pods #205