refactor: reorganize Helm chart structure and update service configurations

2025-10-23 16:57:12 +08:00
parent c998de2e9d
commit 17e6cea1d9
61 changed files with 3156 additions and 984 deletions
--- a/deployment/helm/datamate/charts/kuberay-operator/templates/_helpers.tpl
+++ b/deployment/helm/datamate/charts/kuberay-operator/templates/_helpers.tpl
@@ -0,0 +1,322 @@
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "kuberay-operator.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Allow the component label to be overridden, otherwise provide a default value.
+*/}}
+{{- define "kuberay-operator.component" -}}
+{{- default .Chart.Name .Values.componentOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "kuberay-operator.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "kuberay-operator.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Common labels
+*/}}
+{{- define "kuberay-operator.labels" -}}
+app.kubernetes.io/name: {{ include "kuberay-operator.name" . }}
+helm.sh/chart: {{ include "kuberay-operator.chart" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end -}}
+
+{{- /* Create the name of the deployment to use. */ -}}
+{{- define "kuberay-operator.deployment.name" -}}
+{{- include "kuberay-operator.fullname" . }}
+{{- end -}}
+
+{{/*
+FeatureGates
+*/}}
+{{- define "kuberay.featureGates" -}}
+{{- $features := "" }}
+{{- range .Values.featureGates }}
+  {{- $str := printf "%s=%t," .name .enabled }}
+  {{- $features = print $features $str }}
+{{- end }}
+{{- with .Values.featureGates }}
+--feature-gates={{ $features | trimSuffix "," }}
+{{- end }}
+{{- end }}
+
+{{- /* Create the name of the service to use. */ -}}
+{{- define "kuberay-operator.service.name" -}}
+{{- include "kuberay-operator.fullname" . }}
+{{- end -}}
+
+{{- /* Create the name of the service account to use. */ -}}
+{{- define "kuberay-operator.serviceAccount.name" -}}
+{{- if .Values.serviceAccount.create -}}
+{{- default (include "kuberay-operator.fullname" .) .Values.serviceAccount.name }}
+{{- else }}
+{{- default "default" .Values.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{- /* Create the name of the cluster role to use. */ -}}
+{{- define "kuberay-operator.clusterRole.name" -}}
+{{- include "kuberay-operator.fullname" . -}}
+{{- end -}}
+
+{{- /* Create the name of the cluster role binding to use. */ -}}
+{{- define "kuberay-operator.clusterRoleBinding.name" -}}
+{{- include "kuberay-operator.fullname" . -}}
+{{- end -}}
+
+{{- /* Create the name of the role to use. */ -}}
+{{- define "kuberay-operator.role.name" -}}
+{{- include "kuberay-operator.fullname" . -}}
+{{- end -}}
+
+{{- /* Create the name of the role binding to use. */ -}}
+{{- define "kuberay-operator.roleBinding.name" -}}
+{{- include "kuberay-operator.fullname" . -}}
+{{- end -}}
+
+{{- /* Create the name of the leader election role to use. */ -}}
+{{- define "kuberay-operator.leaderElectionRole.name" -}}
+{{- include "kuberay-operator.fullname" . -}}-leader-election
+{{- end -}}
+
+{{- /* Create the name of the leader election role binding to use. */ -}}
+{{- define "kuberay-operator.leaderElectionRoleBinding.name" -}}
+{{- include "kuberay-operator.fullname" . -}}-leader-election
+{{- end -}}
+
+{{/*
+Create a template to ensure consistency for Role and ClusterRole.
+*/}}
+{{- define "role.consistentRules" -}}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - endpoints
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - ""
+  resources:
+  - events
+  - pods/status
+  - services
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - ""
+  resources:
+  - pods
+  verbs:
+  - create
+  - delete
+  - deletecollection
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - ""
+  resources:
+  - pods/proxy
+  - services/status
+  verbs:
+  - get
+  - patch
+  - update
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - watch
+- apiGroups:
+  - ""
+  resources:
+  - services/proxy
+  verbs:
+  - create
+  - get
+  - patch
+  - update
+- apiGroups:
+  - batch
+  resources:
+  - jobs
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - coordination.k8s.io
+  resources:
+  - leases
+  verbs:
+  - create
+  - get
+  - list
+  - update
+- apiGroups:
+  - extensions
+  - networking.k8s.io
+  resources:
+  - ingresses
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - networking.k8s.io
+  resources:
+  - ingressclasses
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - ray.io
+  resources:
+  - rayclusters
+  - rayjobs
+  - rayservices
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - ray.io
+  resources:
+  - rayclusters/finalizers
+  - rayjobs/finalizers
+  - rayservices/finalizers
+  verbs:
+  - update
+- apiGroups:
+  - ray.io
+  resources:
+  - rayclusters/status
+  - rayjobs/status
+  - rayservices/status
+  verbs:
+  - get
+  - patch
+  - update
+- apiGroups:
+  - rbac.authorization.k8s.io
+  resources:
+  - rolebindings
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - watch
+- apiGroups:
+  - rbac.authorization.k8s.io
+  resources:
+  - roles
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - update
+  - watch
+- apiGroups:
+  - route.openshift.io
+  resources:
+  - routes
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+{{- if or .batchSchedulerEnabled (eq .batchSchedulerName "volcano") }}
+- apiGroups:
+  - scheduling.volcano.sh
+  resources:
+  - podgroups
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - update
+  - watch
+- apiGroups:
+  - apiextensions.k8s.io
+  resources:
+  - customresourcedefinitions
+  verbs:
+  - get
+{{- end -}}
+{{- if or .batchSchedulerEnabled (eq .batchSchedulerName "scheduler-plugins") }}
+- apiGroups:
+  - scheduling.x-k8s.io
+  resources:
+  - podgroups
+  verbs:
+  - create
+  - get
+  - list
+  - watch
+{{- end -}}
+{{- end -}}
--- a/deployment/helm/datamate/charts/kuberay-operator/templates/deployment.yaml
+++ b/deployment/helm/datamate/charts/kuberay-operator/templates/deployment.yaml
@@ -0,0 +1,150 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ include "kuberay-operator.deployment.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "kuberay-operator.labels" . | nindent 4 }}
+    {{- with .Values.labels }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
+spec:
+  replicas: 1
+  strategy:
+    type: Recreate
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "kuberay-operator.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ include "kuberay-operator.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        app.kubernetes.io/component: {{ include "kuberay-operator.component" . }}
+        {{- with .Values.labels }}
+        {{- toYaml . | nindent 8 }}
+        {{- end }}
+      {{- with .Values.annotations }}
+      annotations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+    spec:
+    {{- with .Values.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+    {{- end }}
+      serviceAccountName: {{ include "kuberay-operator.serviceAccount.name" . }}
+      {{- if and (.Values.logging.baseDir) (.Values.logging.fileName) }}
+      volumes:
+        - name: kuberay-logs
+          {{- if .Values.logging.sizeLimit }}
+          emptyDir:
+            sizeLimit: {{ .Values.logging.sizeLimit }}
+          {{- else }}
+          emptyDir: {}
+          {{- end }}
+      {{- end }}
+      {{- with .Values.podSecurityContext }}
+      securityContext:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      containers:
+        - name: {{ .Chart.Name }}
+          {{- with .Values.securityContext }}
+          securityContext:
+            {{- toYaml . | nindent 12 }}
+          {{- end }}
+          image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
+          {{- with .Values.image.pullPolicy }}
+          imagePullPolicy: {{ . }}
+          {{- end }}
+          {{- if and (.Values.logging.baseDir) (.Values.logging.fileName) }}
+          volumeMounts:
+            - name: kuberay-logs
+              mountPath: "{{ .Values.logging.baseDir }}"
+          {{- end }}
+          command:
+            - {{ .Values.operatorCommand }}
+          args:
+            {{- $argList := list -}}
+            {{- $argList = append $argList (include "kuberay.featureGates" . | trim) -}}
+            {{- if .Values.batchScheduler -}}
+            {{- if .Values.batchScheduler.enabled -}}
+            {{- $argList = append $argList "--enable-batch-scheduler" -}}
+            {{- end -}}
+            {{- if .Values.batchScheduler.name -}}
+            {{- $argList = append $argList (printf "--batch-scheduler=%s" .Values.batchScheduler.name) -}}
+            {{- end -}}
+            {{- end -}}
+            {{- $watchNamespace := "" -}}
+            {{- if and .Values.singleNamespaceInstall (not .Values.watchNamespace) -}}
+            {{- $watchNamespace = .Release.Namespace -}}
+            {{- else if .Values.watchNamespace -}}
+            {{- $watchNamespace = join "," .Values.watchNamespace -}}
+            {{- end -}}
+            {{- if $watchNamespace -}}
+            {{- $argList = append $argList "--watch-namespace" -}}
+            {{- $argList = append $argList $watchNamespace -}}
+            {{- end -}}
+            {{- if and (.Values.logging.baseDir) (.Values.logging.fileName) -}}
+            {{- $argList = append $argList "--log-file-path" -}}
+            {{- $argList = append $argList (printf "%s/%s" .Values.logging.baseDir .Values.logging.fileName) -}}
+            {{- end -}}
+            {{- if .Values.logging.stdoutEncoder -}}
+            {{- $argList = append $argList "--log-stdout-encoder" -}}
+            {{- $argList = append $argList .Values.logging.stdoutEncoder -}}
+            {{- end -}}
+            {{- if .Values.logging.fileEncoder -}}
+            {{- $argList = append $argList "--log-file-encoder" -}}
+            {{- $argList = append $argList .Values.logging.fileEncoder -}}
+            {{- end -}}
+            {{- if hasKey .Values "useKubernetesProxy" -}}
+            {{- $argList = append $argList (printf "--use-kubernetes-proxy=%t" .Values.useKubernetesProxy) -}}
+            {{- end -}}
+            {{- if hasKey .Values "leaderElectionEnabled" -}}
+            {{- $argList = append $argList (printf "--enable-leader-election=%t" .Values.leaderElectionEnabled) -}}
+            {{- end -}}
+            {{- if and (hasKey .Values "metrics") (hasKey .Values.metrics "enabled") }}
+            {{- $argList = append $argList (printf "--enable-metrics=%t" .Values.metrics.enabled) -}}
+            {{- end -}}
+            {{- (printf "\n") -}}
+            {{- $argList | toYaml | indent 12 }}
+          ports:
+            - name: http
+              containerPort: 8080
+              protocol: TCP
+          {{- with .Values.env }}
+          env:
+            {{- toYaml . | nindent 12 }}
+          {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /metrics
+              port: http
+            initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.livenessProbe.periodSeconds }}
+            failureThreshold: {{ .Values.livenessProbe.failureThreshold }}
+          readinessProbe:
+            httpGet:
+              path: /metrics
+              port: http
+            initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.readinessProbe.periodSeconds }}
+            failureThreshold: {{ .Values.readinessProbe.failureThreshold }}
+          {{- with .Values.resources }}
+          resources:
+            {{- toYaml . | nindent 12 }}
+          {{- end }}
+      {{- with .Values.nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.affinity }}
+      affinity:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.tolerations }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
--- a/deployment/helm/datamate/charts/kuberay-operator/templates/leader_election_role.yaml
+++ b/deployment/helm/datamate/charts/kuberay-operator/templates/leader_election_role.yaml
@@ -0,0 +1,37 @@
+{{- if .Values.rbacEnable }}
+kind: Role
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: {{ include "kuberay-operator.leaderElectionRole.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "kuberay-operator.labels" . | nindent 4 }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - configmaps
+  verbs:
+  - get
+  - list
+  - watch
+  - create
+  - update
+  - patch
+  - delete
+- apiGroups:
+  - ""
+  resources:
+  - events
+  verbs:
+  - create
+- apiGroups:
+  - coordination.k8s.io
+  resources:
+  - leases
+  verbs:
+  - create
+  - get
+  - list
+  - update
+{{- end }}
--- a/deployment/helm/datamate/charts/kuberay-operator/templates/leader_election_role_binding.yaml
+++ b/deployment/helm/datamate/charts/kuberay-operator/templates/leader_election_role_binding.yaml
@@ -0,0 +1,17 @@
+{{- if .Values.rbacEnable -}}
+kind: RoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: {{ include "kuberay-operator.leaderElectionRoleBinding.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "kuberay-operator.labels" . | nindent 4 }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ include "kuberay-operator.leaderElectionRole.name" . }}
+subjects:
+- kind: ServiceAccount
+  name: {{ include "kuberay-operator.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{- end }}
--- a/deployment/helm/datamate/charts/kuberay-operator/templates/multiple_namespaces_role.yaml
+++ b/deployment/helm/datamate/charts/kuberay-operator/templates/multiple_namespaces_role.yaml
@@ -0,0 +1,13 @@
+{{- if and .Values.rbacEnable .Values.singleNamespaceInstall .Values.crNamespacedRbacEnable }}
+{{- $watchNamespaces := default (list .Release.Namespace) .Values.watchNamespace }}
+{{- range $namespace := $watchNamespaces }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ include "kuberay-operator.fullname" $ }}
+  namespace: {{ $namespace }}
+  labels: {{ include "kuberay-operator.labels" $ | nindent 4 }}
+{{ include "role.consistentRules" (dict "batchSchedulerEnabled" $.Values.batchScheduler.enabled) }}
+{{- end }}
+{{- end }}
--- a/deployment/helm/datamate/charts/kuberay-operator/templates/multiple_namespaces_rolebinding.yaml
+++ b/deployment/helm/datamate/charts/kuberay-operator/templates/multiple_namespaces_rolebinding.yaml
@@ -0,0 +1,20 @@
+{{- if and .Values.rbacEnable .Values.singleNamespaceInstall .Values.crNamespacedRbacEnable }}
+{{- $watchNamespaces := default (list .Release.Namespace) .Values.watchNamespace }}
+{{- range $namespace := $watchNamespaces }}
+---
+kind: RoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: {{ include "kuberay-operator.fullname" $ }}
+  namespace: {{ $namespace }}
+  labels: {{ include "kuberay-operator.labels" $ | nindent 4 }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ include "kuberay-operator.fullname" $ }}
+subjects:
+- kind: ServiceAccount
+  name: {{ include "kuberay-operator.serviceAccount.name" $ }}
+  namespace: {{ $.Release.Namespace }}
+{{- end }}
+{{- end }}
--- a/deployment/helm/datamate/charts/kuberay-operator/templates/ray_rayjob_editor_role.yaml
+++ b/deployment/helm/datamate/charts/kuberay-operator/templates/ray_rayjob_editor_role.yaml
@@ -0,0 +1,28 @@
+{{- /* ClusterRole for end users to view and edit RayJob. */ -}}
+{{- if and .Values.rbacEnable (not .Values.singleNamespaceInstall) }}
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: rayjob-editor-role
+  labels:
+    {{- include "kuberay-operator.labels" . | nindent 4 }}
+rules:
+- apiGroups:
+  - ray.io
+  resources:
+  - rayjobs
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - ray.io
+  resources:
+  - rayjobs/status
+  verbs:
+  - get
+{{- end }}
--- a/deployment/helm/datamate/charts/kuberay-operator/templates/ray_rayjob_viewer_role.yaml
+++ b/deployment/helm/datamate/charts/kuberay-operator/templates/ray_rayjob_viewer_role.yaml
@@ -0,0 +1,24 @@
+{{- /* ClusterRole for end users to view RayJob. */ -}}
+{{- if and .Values.rbacEnable (not .Values.singleNamespaceInstall) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: rayjob-viewer-role
+  labels:
+    {{- include "kuberay-operator.labels" . | nindent 4 }}
+rules:
+- apiGroups:
+  - ray.io
+  resources:
+  - rayjobs
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - ray.io
+  resources:
+  - rayjobs/status
+  verbs:
+  - get
+{{- end }}
--- a/deployment/helm/datamate/charts/kuberay-operator/templates/ray_rayservice_editor_role.yaml
+++ b/deployment/helm/datamate/charts/kuberay-operator/templates/ray_rayservice_editor_role.yaml
@@ -0,0 +1,28 @@
+{{- /* ClusterRole for end users to view and edit RayService. */ -}}
+{{- if and .Values.rbacEnable (not .Values.singleNamespaceInstall) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: rayservice-editor-role
+  labels:
+    {{- include "kuberay-operator.labels" . | nindent 4 }}
+rules:
+- apiGroups:
+  - ray.io
+  resources:
+  - rayservices
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - ray.io
+  resources:
+  - rayservices/status
+  verbs:
+  - get
+{{- end }}
--- a/deployment/helm/datamate/charts/kuberay-operator/templates/ray_rayservice_viewer_role.yaml
+++ b/deployment/helm/datamate/charts/kuberay-operator/templates/ray_rayservice_viewer_role.yaml
@@ -0,0 +1,24 @@
+{{- /* ClusterRole for end users to view RayService. */ -}}
+{{- if and .Values.rbacEnable (not .Values.singleNamespaceInstall) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: rayservice-viewer-role
+  labels:
+    {{- include "kuberay-operator.labels" . | nindent 4 }}
+rules:
+- apiGroups:
+  - ray.io
+  resources:
+  - rayservices
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - ray.io
+  resources:
+  - rayservices/status
+  verbs:
+  - get
+{{- end }}
--- a/deployment/helm/datamate/charts/kuberay-operator/templates/role.yaml
+++ b/deployment/helm/datamate/charts/kuberay-operator/templates/role.yaml
@@ -0,0 +1,9 @@
+{{- if and .Values.rbacEnable (not .Values.singleNamespaceInstall) }}
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: {{ include "kuberay-operator.clusterRole.name" . }}
+  labels:
+    {{- include "kuberay-operator.labels" . | nindent 4 }}
+{{ include "role.consistentRules" (dict "batchSchedulerEnabled" .Values.batchScheduler.enabled "batchSchedulerName" .Values.batchScheduler.name) }}
+{{- end }}
--- a/deployment/helm/datamate/charts/kuberay-operator/templates/rolebinding.yaml
+++ b/deployment/helm/datamate/charts/kuberay-operator/templates/rolebinding.yaml
@@ -0,0 +1,16 @@
+{{- if and .Values.rbacEnable (not .Values.singleNamespaceInstall) }}
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: {{ include "kuberay-operator.clusterRoleBinding.name" . }}
+  labels:
+    {{- include "kuberay-operator.labels" . | nindent 4 }}
+subjects:
+- kind: ServiceAccount
+  name: {{ include "kuberay-operator.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ include "kuberay-operator.clusterRole.name" . }}
+{{- end }}
--- a/deployment/helm/datamate/charts/kuberay-operator/templates/service.yaml
+++ b/deployment/helm/datamate/charts/kuberay-operator/templates/service.yaml
@@ -0,0 +1,17 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "kuberay-operator.service.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "kuberay-operator.labels" . | nindent 4 }}
+spec:
+  type: {{ .Values.service.type }}
+  ports:
+    - port: {{ .Values.service.port }}
+      targetPort: http
+      protocol: TCP
+      name: http
+  selector:
+    app.kubernetes.io/name: {{ include "kuberay-operator.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
--- a/deployment/helm/datamate/charts/kuberay-operator/templates/serviceaccount.yaml
+++ b/deployment/helm/datamate/charts/kuberay-operator/templates/serviceaccount.yaml
@@ -0,0 +1,9 @@
+{{- if .Values.serviceAccount.create -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "kuberay-operator.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "kuberay-operator.labels" . | nindent 4 }}
+{{- end -}}
--- a/deployment/helm/datamate/charts/kuberay-operator/templates/servicemonitor.yaml
+++ b/deployment/helm/datamate/charts/kuberay-operator/templates/servicemonitor.yaml
@@ -0,0 +1,23 @@
+{{- if .Values.metrics.serviceMonitor.enabled }}
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+  name: {{ include "kuberay-operator.fullname" . }}
+  namespace: {{ .Values.metrics.serviceMonitor.namespace | default .Release.Namespace }}
+  labels:
+    {{- with .Values.metrics.serviceMonitor.selector }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+spec:
+  endpoints:
+    - path: /metrics
+      targetPort: http
+      interval: {{ .Values.metrics.serviceMonitor.interval }}
+      honorLabels: {{ .Values.metrics.serviceMonitor.honorLabels }}
+  namespaceSelector:
+    matchNames:
+      - {{ .Release.Namespace }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "kuberay-operator.name" . }}
+{{- end }}