refactor: reorganize Helm chart structure and update service configurations

This commit is contained in:
hhhhsc
2025-10-23 16:57:12 +08:00
parent c998de2e9d
commit 17e6cea1d9
61 changed files with 3156 additions and 984 deletions
@@ -0,0 +1,322 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Expand the name of the chart.
*/}}
{{- define "kuberay-operator.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Allow the component label to be overridden, otherwise provide a default value.
*/}}
{{- define "kuberay-operator.component" -}}
{{- default .Chart.Name .Values.componentOverride | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "kuberay-operator.fullname" -}}
{{- if .Values.fullnameOverride -}}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- $name := default .Chart.Name .Values.nameOverride -}}
{{- if contains $name .Release.Name -}}
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "kuberay-operator.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Common labels
*/}}
{{- define "kuberay-operator.labels" -}}
app.kubernetes.io/name: {{ include "kuberay-operator.name" . }}
helm.sh/chart: {{ include "kuberay-operator.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end -}}
{{- /* Create the name of the deployment to use. */ -}}
{{- define "kuberay-operator.deployment.name" -}}
{{- include "kuberay-operator.fullname" . }}
{{- end -}}
{{/*
FeatureGates
*/}}
{{- define "kuberay.featureGates" -}}
{{- $features := "" }}
{{- range .Values.featureGates }}
{{- $str := printf "%s=%t," .name .enabled }}
{{- $features = print $features $str }}
{{- end }}
{{- with .Values.featureGates }}
--feature-gates={{ $features | trimSuffix "," }}
{{- end }}
{{- end }}
{{- /* Create the name of the service to use. */ -}}
{{- define "kuberay-operator.service.name" -}}
{{- include "kuberay-operator.fullname" . }}
{{- end -}}
{{- /* Create the name of the service account to use. */ -}}
{{- define "kuberay-operator.serviceAccount.name" -}}
{{- if .Values.serviceAccount.create -}}
{{- default (include "kuberay-operator.fullname" .) .Values.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.serviceAccount.name }}
{{- end -}}
{{- end -}}
{{- /* Create the name of the cluster role to use. */ -}}
{{- define "kuberay-operator.clusterRole.name" -}}
{{- include "kuberay-operator.fullname" . -}}
{{- end -}}
{{- /* Create the name of the cluster role binding to use. */ -}}
{{- define "kuberay-operator.clusterRoleBinding.name" -}}
{{- include "kuberay-operator.fullname" . -}}
{{- end -}}
{{- /* Create the name of the role to use. */ -}}
{{- define "kuberay-operator.role.name" -}}
{{- include "kuberay-operator.fullname" . -}}
{{- end -}}
{{- /* Create the name of the role binding to use. */ -}}
{{- define "kuberay-operator.roleBinding.name" -}}
{{- include "kuberay-operator.fullname" . -}}
{{- end -}}
{{- /* Create the name of the leader election role to use. */ -}}
{{- define "kuberay-operator.leaderElectionRole.name" -}}
{{- include "kuberay-operator.fullname" . -}}-leader-election
{{- end -}}
{{- /* Create the name of the leader election role binding to use. */ -}}
{{- define "kuberay-operator.leaderElectionRoleBinding.name" -}}
{{- include "kuberay-operator.fullname" . -}}-leader-election
{{- end -}}
{{/*
Create a template to ensure consistency for Role and ClusterRole.
*/}}
{{- define "role.consistentRules" -}}
rules:
- apiGroups:
- ""
resources:
- endpoints
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- events
- pods/status
- services
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- ""
resources:
- pods
verbs:
- create
- delete
- deletecollection
- get
- list
- patch
- update
- watch
- apiGroups:
- ""
resources:
- pods/proxy
- services/status
verbs:
- get
- patch
- update
- apiGroups:
- ""
resources:
- serviceaccounts
verbs:
- create
- delete
- get
- list
- watch
- apiGroups:
- ""
resources:
- services/proxy
verbs:
- create
- get
- patch
- update
- apiGroups:
- batch
resources:
- jobs
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- create
- get
- list
- update
- apiGroups:
- extensions
- networking.k8s.io
resources:
- ingresses
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- networking.k8s.io
resources:
- ingressclasses
verbs:
- get
- list
- watch
- apiGroups:
- ray.io
resources:
- rayclusters
- rayjobs
- rayservices
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- ray.io
resources:
- rayclusters/finalizers
- rayjobs/finalizers
- rayservices/finalizers
verbs:
- update
- apiGroups:
- ray.io
resources:
- rayclusters/status
- rayjobs/status
- rayservices/status
verbs:
- get
- patch
- update
- apiGroups:
- rbac.authorization.k8s.io
resources:
- rolebindings
verbs:
- create
- delete
- get
- list
- watch
- apiGroups:
- rbac.authorization.k8s.io
resources:
- roles
verbs:
- create
- delete
- get
- list
- update
- watch
- apiGroups:
- route.openshift.io
resources:
- routes
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
{{- if or .batchSchedulerEnabled (eq .batchSchedulerName "volcano") }}
- apiGroups:
- scheduling.volcano.sh
resources:
- podgroups
verbs:
- create
- delete
- get
- list
- update
- watch
- apiGroups:
- apiextensions.k8s.io
resources:
- customresourcedefinitions
verbs:
- get
{{- end -}}
{{- if or .batchSchedulerEnabled (eq .batchSchedulerName "scheduler-plugins") }}
- apiGroups:
- scheduling.x-k8s.io
resources:
- podgroups
verbs:
- create
- get
- list
- watch
{{- end -}}
{{- end -}}
@@ -0,0 +1,150 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "kuberay-operator.deployment.name" . }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "kuberay-operator.labels" . | nindent 4 }}
{{- with .Values.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
replicas: 1
strategy:
type: Recreate
selector:
matchLabels:
app.kubernetes.io/name: {{ include "kuberay-operator.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
template:
metadata:
labels:
app.kubernetes.io/name: {{ include "kuberay-operator.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/component: {{ include "kuberay-operator.component" . }}
{{- with .Values.labels }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.annotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
serviceAccountName: {{ include "kuberay-operator.serviceAccount.name" . }}
{{- if and (.Values.logging.baseDir) (.Values.logging.fileName) }}
volumes:
- name: kuberay-logs
{{- if .Values.logging.sizeLimit }}
emptyDir:
sizeLimit: {{ .Values.logging.sizeLimit }}
{{- else }}
emptyDir: {}
{{- end }}
{{- end }}
{{- with .Values.podSecurityContext }}
securityContext:
{{- toYaml . | nindent 8 }}
{{- end }}
containers:
- name: {{ .Chart.Name }}
{{- with .Values.securityContext }}
securityContext:
{{- toYaml . | nindent 12 }}
{{- end }}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
{{- with .Values.image.pullPolicy }}
imagePullPolicy: {{ . }}
{{- end }}
{{- if and (.Values.logging.baseDir) (.Values.logging.fileName) }}
volumeMounts:
- name: kuberay-logs
mountPath: "{{ .Values.logging.baseDir }}"
{{- end }}
command:
- {{ .Values.operatorCommand }}
args:
{{- $argList := list -}}
{{- $argList = append $argList (include "kuberay.featureGates" . | trim) -}}
{{- if .Values.batchScheduler -}}
{{- if .Values.batchScheduler.enabled -}}
{{- $argList = append $argList "--enable-batch-scheduler" -}}
{{- end -}}
{{- if .Values.batchScheduler.name -}}
{{- $argList = append $argList (printf "--batch-scheduler=%s" .Values.batchScheduler.name) -}}
{{- end -}}
{{- end -}}
{{- $watchNamespace := "" -}}
{{- if and .Values.singleNamespaceInstall (not .Values.watchNamespace) -}}
{{- $watchNamespace = .Release.Namespace -}}
{{- else if .Values.watchNamespace -}}
{{- $watchNamespace = join "," .Values.watchNamespace -}}
{{- end -}}
{{- if $watchNamespace -}}
{{- $argList = append $argList "--watch-namespace" -}}
{{- $argList = append $argList $watchNamespace -}}
{{- end -}}
{{- if and (.Values.logging.baseDir) (.Values.logging.fileName) -}}
{{- $argList = append $argList "--log-file-path" -}}
{{- $argList = append $argList (printf "%s/%s" .Values.logging.baseDir .Values.logging.fileName) -}}
{{- end -}}
{{- if .Values.logging.stdoutEncoder -}}
{{- $argList = append $argList "--log-stdout-encoder" -}}
{{- $argList = append $argList .Values.logging.stdoutEncoder -}}
{{- end -}}
{{- if .Values.logging.fileEncoder -}}
{{- $argList = append $argList "--log-file-encoder" -}}
{{- $argList = append $argList .Values.logging.fileEncoder -}}
{{- end -}}
{{- if hasKey .Values "useKubernetesProxy" -}}
{{- $argList = append $argList (printf "--use-kubernetes-proxy=%t" .Values.useKubernetesProxy) -}}
{{- end -}}
{{- if hasKey .Values "leaderElectionEnabled" -}}
{{- $argList = append $argList (printf "--enable-leader-election=%t" .Values.leaderElectionEnabled) -}}
{{- end -}}
{{- if and (hasKey .Values "metrics") (hasKey .Values.metrics "enabled") }}
{{- $argList = append $argList (printf "--enable-metrics=%t" .Values.metrics.enabled) -}}
{{- end -}}
{{- (printf "\n") -}}
{{- $argList | toYaml | indent 12 }}
ports:
- name: http
containerPort: 8080
protocol: TCP
{{- with .Values.env }}
env:
{{- toYaml . | nindent 12 }}
{{- end }}
livenessProbe:
httpGet:
path: /metrics
port: http
initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.livenessProbe.periodSeconds }}
failureThreshold: {{ .Values.livenessProbe.failureThreshold }}
readinessProbe:
httpGet:
path: /metrics
port: http
initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.readinessProbe.periodSeconds }}
failureThreshold: {{ .Values.readinessProbe.failureThreshold }}
{{- with .Values.resources }}
resources:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
@@ -0,0 +1,37 @@
{{- if .Values.rbacEnable }}
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: {{ include "kuberay-operator.leaderElectionRole.name" . }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "kuberay-operator.labels" . | nindent 4 }}
rules:
- apiGroups:
- ""
resources:
- configmaps
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- ""
resources:
- events
verbs:
- create
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- create
- get
- list
- update
{{- end }}
@@ -0,0 +1,17 @@
{{- if .Values.rbacEnable -}}
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: {{ include "kuberay-operator.leaderElectionRoleBinding.name" . }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "kuberay-operator.labels" . | nindent 4 }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: {{ include "kuberay-operator.leaderElectionRole.name" . }}
subjects:
- kind: ServiceAccount
name: {{ include "kuberay-operator.serviceAccount.name" . }}
namespace: {{ .Release.Namespace }}
{{- end }}
@@ -0,0 +1,13 @@
{{- if and .Values.rbacEnable .Values.singleNamespaceInstall .Values.crNamespacedRbacEnable }}
{{- $watchNamespaces := default (list .Release.Namespace) .Values.watchNamespace }}
{{- range $namespace := $watchNamespaces }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: {{ include "kuberay-operator.fullname" $ }}
namespace: {{ $namespace }}
labels: {{ include "kuberay-operator.labels" $ | nindent 4 }}
{{ include "role.consistentRules" (dict "batchSchedulerEnabled" $.Values.batchScheduler.enabled) }}
{{- end }}
{{- end }}
@@ -0,0 +1,20 @@
{{- if and .Values.rbacEnable .Values.singleNamespaceInstall .Values.crNamespacedRbacEnable }}
{{- $watchNamespaces := default (list .Release.Namespace) .Values.watchNamespace }}
{{- range $namespace := $watchNamespaces }}
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: {{ include "kuberay-operator.fullname" $ }}
namespace: {{ $namespace }}
labels: {{ include "kuberay-operator.labels" $ | nindent 4 }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: {{ include "kuberay-operator.fullname" $ }}
subjects:
- kind: ServiceAccount
name: {{ include "kuberay-operator.serviceAccount.name" $ }}
namespace: {{ $.Release.Namespace }}
{{- end }}
{{- end }}
@@ -0,0 +1,28 @@
{{- /* ClusterRole for end users to view and edit RayJob. */ -}}
{{- if and .Values.rbacEnable (not .Values.singleNamespaceInstall) }}
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: rayjob-editor-role
labels:
{{- include "kuberay-operator.labels" . | nindent 4 }}
rules:
- apiGroups:
- ray.io
resources:
- rayjobs
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- ray.io
resources:
- rayjobs/status
verbs:
- get
{{- end }}
@@ -0,0 +1,24 @@
{{- /* ClusterRole for end users to view RayJob. */ -}}
{{- if and .Values.rbacEnable (not .Values.singleNamespaceInstall) }}
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: rayjob-viewer-role
labels:
{{- include "kuberay-operator.labels" . | nindent 4 }}
rules:
- apiGroups:
- ray.io
resources:
- rayjobs
verbs:
- get
- list
- watch
- apiGroups:
- ray.io
resources:
- rayjobs/status
verbs:
- get
{{- end }}
@@ -0,0 +1,28 @@
{{- /* ClusterRole for end users to view and edit RayService. */ -}}
{{- if and .Values.rbacEnable (not .Values.singleNamespaceInstall) }}
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: rayservice-editor-role
labels:
{{- include "kuberay-operator.labels" . | nindent 4 }}
rules:
- apiGroups:
- ray.io
resources:
- rayservices
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- ray.io
resources:
- rayservices/status
verbs:
- get
{{- end }}
@@ -0,0 +1,24 @@
{{- /* ClusterRole for end users to view RayService. */ -}}
{{- if and .Values.rbacEnable (not .Values.singleNamespaceInstall) }}
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: rayservice-viewer-role
labels:
{{- include "kuberay-operator.labels" . | nindent 4 }}
rules:
- apiGroups:
- ray.io
resources:
- rayservices
verbs:
- get
- list
- watch
- apiGroups:
- ray.io
resources:
- rayservices/status
verbs:
- get
{{- end }}
@@ -0,0 +1,9 @@
{{- if and .Values.rbacEnable (not .Values.singleNamespaceInstall) }}
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: {{ include "kuberay-operator.clusterRole.name" . }}
labels:
{{- include "kuberay-operator.labels" . | nindent 4 }}
{{ include "role.consistentRules" (dict "batchSchedulerEnabled" .Values.batchScheduler.enabled "batchSchedulerName" .Values.batchScheduler.name) }}
{{- end }}
@@ -0,0 +1,16 @@
{{- if and .Values.rbacEnable (not .Values.singleNamespaceInstall) }}
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: {{ include "kuberay-operator.clusterRoleBinding.name" . }}
labels:
{{- include "kuberay-operator.labels" . | nindent 4 }}
subjects:
- kind: ServiceAccount
name: {{ include "kuberay-operator.serviceAccount.name" . }}
namespace: {{ .Release.Namespace }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: {{ include "kuberay-operator.clusterRole.name" . }}
{{- end }}
@@ -0,0 +1,17 @@
apiVersion: v1
kind: Service
metadata:
name: {{ include "kuberay-operator.service.name" . }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "kuberay-operator.labels" . | nindent 4 }}
spec:
type: {{ .Values.service.type }}
ports:
- port: {{ .Values.service.port }}
targetPort: http
protocol: TCP
name: http
selector:
app.kubernetes.io/name: {{ include "kuberay-operator.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
@@ -0,0 +1,9 @@
{{- if .Values.serviceAccount.create -}}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ template "kuberay-operator.serviceAccount.name" . }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "kuberay-operator.labels" . | nindent 4 }}
{{- end -}}
@@ -0,0 +1,23 @@
{{- if .Values.metrics.serviceMonitor.enabled }}
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: {{ include "kuberay-operator.fullname" . }}
namespace: {{ .Values.metrics.serviceMonitor.namespace | default .Release.Namespace }}
labels:
{{- with .Values.metrics.serviceMonitor.selector }}
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
endpoints:
- path: /metrics
targetPort: http
interval: {{ .Values.metrics.serviceMonitor.interval }}
honorLabels: {{ .Values.metrics.serviceMonitor.honorLabels }}
namespaceSelector:
matchNames:
- {{ .Release.Namespace }}
selector:
matchLabels:
app.kubernetes.io/name: {{ include "kuberay-operator.name" . }}
{{- end }}