(incubator-streampark) branch dev-2.1.5 updated: fix: optimize helm script (#3972)

[benjobs]

This is an automated email from the ASF dual-hosted git repository.

benjobs pushed a commit to branch dev-2.1.5
in repository https://gitbox.apache.org/repos/asf/incubator-streampark.git


The following commit(s) were added to refs/heads/dev-2.1.5 by this push:
     new a2b7606d7 fix: optimize helm script (#3972)
a2b7606d7 is described below

commit a2b7606d704648010615d36f5acfcd6adb505987
Author: Darcy <331046...@qq.com>
AuthorDate: Mon Aug 19 22:46:37 2024 +0800

    fix: optimize helm script (#3972)
---
 helm/streampark/templates/ingress.yaml   |  8 +++++++-
 helm/streampark/templates/rbac.yaml      | 33 ++++++++++++++++++++++++++++++--
 helm/streampark/templates/streampark.yml |  7 ++++++-
 helm/streampark/values.yaml              | 12 +++++++++---
 4 files changed, 53 insertions(+), 7 deletions(-)

diff --git a/helm/streampark/templates/ingress.yaml 
b/helm/streampark/templates/ingress.yaml
index d6406bf03..35b99a6d4 100644
--- a/helm/streampark/templates/ingress.yaml
+++ b/helm/streampark/templates/ingress.yaml
@@ -38,4 +38,10 @@ spec:
                   name: {{ .Values.spec.name }}
             path: {{ .Values.ingress.path }}
             pathType: {{ .Values.ingress.pathType }}
-{{- end }}
\ No newline at end of file
+{{- if .Values.ingress.tls.enabled }}
+  tls:
+    - hosts:
+        - {{ .Values.ingress.host }}
+      secretName: {{ .Values.ingress.tls.tlsSecretName }}
+{{- end }}
+{{- end }}
diff --git a/helm/streampark/templates/rbac.yaml 
b/helm/streampark/templates/rbac.yaml
index 474425d74..b271ee42c 100644
--- a/helm/streampark/templates/rbac.yaml
+++ b/helm/streampark/templates/rbac.yaml
@@ -44,8 +44,8 @@ rules:
 {{/*
 Namespaced scoped RBAC.
 */}}
-{{- if .Values.watchNamespaces }}
-{{- range .Values.watchNamespaces }}
+{{- if .Values.rbac.watchNamespaces }}
+{{- range .Values.rbac.watchNamespaces }}
 apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
@@ -71,6 +71,22 @@ subjects:
     name: {{ include "streampark.serviceAccountName" $ }}
     namespace: {{ $.Release.Namespace }}
 ---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: streampark-flink-role-binding-default
+  namespace: {{ . }}
+  labels:
+    {{- include "streampark.labels" $ | nindent 4 }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: edit
+subjects:
+  - kind: ServiceAccount
+    name: default
+    namespace: {{ . }}
+---
 {{- end }}
 {{ else }}
 {{/*
@@ -101,5 +117,18 @@ subjects:
   - kind: ServiceAccount
     name: {{ include "streampark.serviceAccountName" . }}
     namespace: {{ .Release.Namespace }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: streampark-flink-role-binding-default
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: edit
+subjects:
+  - kind: ServiceAccount
+    name: default
+    namespace: {{ .Release.Namespace }}
 {{- end }}
 {{- end }}
diff --git a/helm/streampark/templates/streampark.yml 
b/helm/streampark/templates/streampark.yml
index 9be7ba0df..797530521 100755
--- a/helm/streampark/templates/streampark.yml
+++ b/helm/streampark/templates/streampark.yml
@@ -60,7 +60,6 @@ spec:
             {{- toYaml .Values.spec.container.env | nindent 12 }}
           securityContext:
             privileged: false
-          command: ["bash","-c","bash ./bin/streampark.sh start_docker"]
           {{- if .Values.spec.livenessProbe.enabled }}
           livenessProbe:
             httpGet:
@@ -94,6 +93,9 @@ spec:
           volumeMounts:
             - name: streampark-default-config-volume
               mountPath: /streampark/conf
+            {{- if .Values.spec.volumeMounts }}
+            {{ toYaml .Values.spec.volumeMounts | trim | nindent 12 }}
+            {{- end }}
           resources:
           {{- toYaml .Values.spec.resources | nindent 12 }}
       volumes:
@@ -105,3 +107,6 @@ spec:
                 path: config.yaml
               - key: logback-spring.xml
                 path: logback-spring.xml
+        {{- if .Values.spec.volumes }}
+        {{ toYaml .Values.spec.volumes | trim | nindent 8 }}
+        {{- end }}
diff --git a/helm/streampark/values.yaml b/helm/streampark/values.yaml
index b0b64473c..ea47e0d55 100644
--- a/helm/streampark/values.yaml
+++ b/helm/streampark/values.yaml
@@ -15,9 +15,6 @@
 # limitations under the License.
 #
 
-# When enabled RBAC is only created for said namespaces, otherwise it is done 
for the cluster scope.
-# watchNamespaces: ["streampark"]
-
 image:
   repository: "apache/streampark"
   pullPolicy: "IfNotPresent"
@@ -26,6 +23,8 @@ image:
 
 rbac:
   create: true
+  ## When enabled RBAC is only created for said namespaces, otherwise it is 
done for the cluster scope.
+#  watchNamespaces: ["streampark"]
 
 spec:
   container:
@@ -107,6 +106,9 @@ spec:
     failureThreshold: "3"
     successThreshold: "1"
 
+  volumeMounts: []
+  volumes: []
+
 ingress:
   enabled: true
   host: "streampark.apache.org"
@@ -120,6 +122,10 @@ ingress:
     nginx.ingress.kubernetes.io/configuration-snippet: 'rewrite 
^(/streampark)$ $1/ permanent;',
     kubernetes.io/ingress.class: "nginx"
   }
+  tls:
+    enabled: false
+    ## Secret that contains the TLS certificate
+    tlsSecretName: streampark-tls-secret
 
 service:
   ## type determines how the Service is exposed. Defaults to ClusterIP. Valid 
options are ExternalName, ClusterIP, NodePort, and LoadBalancer