From 231b3c6ac476bce681fa9c4105af22a5ffd51c00 Mon Sep 17 00:00:00 2001 From: jaime merino Date: Wed, 11 Feb 2026 14:40:11 +0100 Subject: [PATCH] add helm chart support Signed-off-by: jaime merino --- charts/sysbox/.helmignore | 23 ++++ charts/sysbox/Chart.yaml | 24 ++++ charts/sysbox/templates/NOTES.txt | 20 +++ charts/sysbox/templates/_helpers.tpl | 62 +++++++++ charts/sysbox/templates/config_map.yaml | 8 ++ charts/sysbox/templates/daemon_set.yaml | 130 +++++++++++++++++++ charts/sysbox/templates/roles.yaml | 24 ++++ charts/sysbox/templates/runtime.yaml | 8 ++ charts/sysbox/templates/service_account.yaml | 5 + charts/sysbox/values.yaml | 10 ++ 10 files changed, 314 insertions(+) create mode 100644 charts/sysbox/.helmignore create mode 100644 charts/sysbox/Chart.yaml create mode 100644 charts/sysbox/templates/NOTES.txt create mode 100644 charts/sysbox/templates/_helpers.tpl create mode 100644 charts/sysbox/templates/config_map.yaml create mode 100644 charts/sysbox/templates/daemon_set.yaml create mode 100644 charts/sysbox/templates/roles.yaml create mode 100644 charts/sysbox/templates/runtime.yaml create mode 100644 charts/sysbox/templates/service_account.yaml create mode 100644 charts/sysbox/values.yaml diff --git a/charts/sysbox/.helmignore b/charts/sysbox/.helmignore new file mode 100644 index 00000000..0e8a0eb3 --- /dev/null +++ b/charts/sysbox/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/charts/sysbox/Chart.yaml b/charts/sysbox/Chart.yaml new file mode 100644 index 00000000..0e2d48ed --- /dev/null +++ b/charts/sysbox/Chart.yaml @@ -0,0 +1,24 @@ +apiVersion: v2 +name: sysbox +description: A Helm chart for Kubernetes + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.1.0 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "v0.6.7-0" diff --git a/charts/sysbox/templates/NOTES.txt b/charts/sysbox/templates/NOTES.txt new file mode 100644 index 00000000..00739bf1 --- /dev/null +++ b/charts/sysbox/templates/NOTES.txt @@ -0,0 +1,20 @@ +Sysbox has been installed! + +1. Check that the Sysbox DaemonSet is running on your nodes: + kubectl get pods -n {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "sysbox.name" . }}" -o wide + +2. Verify that the RuntimeClass has been created: + kubectl get runtimeclass sysbox-runc + +3. You can now deploy pods using Sysbox by adding the runtimeClassName: + + apiVersion: v1 + kind: Pod + metadata: + name: my-sysbox-pod + spec: + runtimeClassName: sysbox-runc + containers: + - name: system-container + image: ubuntu + command: ["sleep", "inf"] \ No newline at end of file diff --git a/charts/sysbox/templates/_helpers.tpl b/charts/sysbox/templates/_helpers.tpl new file mode 100644 index 00000000..7874d990 --- /dev/null +++ b/charts/sysbox/templates/_helpers.tpl @@ -0,0 +1,62 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "sysbox.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "sysbox.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "sysbox.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "sysbox.labels" -}} +helm.sh/chart: {{ include "sysbox.chart" . }} +{{ include "sysbox.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "sysbox.selectorLabels" -}} +app.kubernetes.io/name: {{ include "sysbox.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "sysbox.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "sysbox.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} diff --git a/charts/sysbox/templates/config_map.yaml b/charts/sysbox/templates/config_map.yaml new file mode 100644 index 00000000..b6339019 --- /dev/null +++ b/charts/sysbox/templates/config_map.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: sysbox-operational-attributes + namespace: kube-system +data: + SYSBOX_MGR_CONFIG: "" + SYSBOX_FS_CONFIG: "" \ No newline at end of file diff --git a/charts/sysbox/templates/daemon_set.yaml b/charts/sysbox/templates/daemon_set.yaml new file mode 100644 index 00000000..e33b586b --- /dev/null +++ b/charts/sysbox/templates/daemon_set.yaml @@ -0,0 +1,130 @@ +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: {{ include "sysbox.fullname" . }} + namespace: kube-system +spec: + selector: + matchLabels: + sysbox-install: "yes" + template: + metadata: + labels: + sysbox-install: "yes" + spec: + serviceAccountName: sysbox-label-node + nodeSelector: + sysbox-install: "yes" + tolerations: + - key: "sysbox-runtime" + operator: "Equal" + value: "not-running" + effect: "NoSchedule" + containers: + - name: sysbox-deploy-k8s + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + command: [ "bash", "-c", "/opt/sysbox/scripts/sysbox-deploy-k8s.sh ce install" ] + env: + - name: NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: SYSBOX_MGR_CONFIG + valueFrom: + configMapKeyRef: + name: sysbox-operational-attributes + key: SYSBOX_MGR_CONFIG + - name: SYSBOX_FS_CONFIG + valueFrom: + configMapKeyRef: + name: sysbox-operational-attributes + key: SYSBOX_FS_CONFIG + securityContext: + privileged: true + volumeMounts: + - name: host-etc + mountPath: /mnt/host/etc + - name: host-osrelease + mountPath: /mnt/host/os-release + - name: host-dbus + mountPath: /var/run/dbus + - name: host-run-systemd + mountPath: /run/systemd + - name: host-lib-systemd + mountPath: /mnt/host/lib/systemd/system + - name: host-etc-systemd + mountPath: /mnt/host/etc/systemd/system + - name: host-lib-sysctl + mountPath: /mnt/host/lib/sysctl.d + - name: host-opt-lib-sysctl + mountPath: /mnt/host/opt/lib/sysctl.d + - name: host-usr-bin + mountPath: /mnt/host/usr/bin + - name: host-opt-bin + mountPath: /mnt/host/opt/bin + - name: host-usr-local-bin + mountPath: /mnt/host/usr/local/bin + - name: host-opt-local-bin + mountPath: /mnt/host/opt/local/bin + - name: host-usr-lib-mod-load + mountPath: /mnt/host/usr/lib/modules-load.d + - name: host-opt-lib-mod-load + mountPath: /mnt/host/opt/lib/modules-load.d + - name: host-run + mountPath: /mnt/host/run + - name: host-var-lib + mountPath: /mnt/host/var/lib + volumes: + - name: host-etc + hostPath: + path: /etc + - name: host-osrelease + hostPath: + path: /etc/os-release + - name: host-dbus + hostPath: + path: /var/run/dbus + - name: host-run-systemd + hostPath: + path: /run/systemd + - name: host-lib-systemd + hostPath: + path: /lib/systemd/system + - name: host-etc-systemd + hostPath: + path: /etc/systemd/system + - name: host-lib-sysctl + hostPath: + path: /lib/sysctl.d + - name: host-opt-lib-sysctl + hostPath: + path: /opt/lib/sysctl.d + - name: host-usr-bin + hostPath: + path: /usr/bin/ + - name: host-opt-bin + hostPath: + path: /opt/bin/ + - name: host-usr-local-bin + hostPath: + path: /usr/local/bin/ + - name: host-opt-local-bin + hostPath: + path: /opt/local/bin/ + - name: host-usr-lib-mod-load + hostPath: + path: /usr/lib/modules-load.d + - name: host-opt-lib-mod-load + hostPath: + path: /opt/lib/modules-load.d + - name: host-run + hostPath: + path: /run + - name: host-var-lib + hostPath: + path: /var/lib + updateStrategy: + rollingUpdate: + maxUnavailable: 1 + type: RollingUpdate diff --git a/charts/sysbox/templates/roles.yaml b/charts/sysbox/templates/roles.yaml new file mode 100644 index 00000000..4f99bee7 --- /dev/null +++ b/charts/sysbox/templates/roles.yaml @@ -0,0 +1,24 @@ +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: sysbox-node-labeler +rules: + - apiGroups: [""] + resources: ["nodes"] + verbs: ["get", "patch"] + - apiGroups: [""] + resources: ["pods"] + verbs: ["get", "list", "delete", "watch"] +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: sysbox-label-node-rb +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: sysbox-node-labeler +subjects: + - kind: ServiceAccount + name: sysbox-label-node + namespace: kube-system diff --git a/charts/sysbox/templates/runtime.yaml b/charts/sysbox/templates/runtime.yaml new file mode 100644 index 00000000..ea7779de --- /dev/null +++ b/charts/sysbox/templates/runtime.yaml @@ -0,0 +1,8 @@ +apiVersion: node.k8s.io/v1 +kind: RuntimeClass +metadata: + name: sysbox-runc +handler: sysbox-runc +scheduling: + nodeSelector: + sysbox-runtime: running \ No newline at end of file diff --git a/charts/sysbox/templates/service_account.yaml b/charts/sysbox/templates/service_account.yaml new file mode 100644 index 00000000..806ce566 --- /dev/null +++ b/charts/sysbox/templates/service_account.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: sysbox-label-node + namespace: kube-system \ No newline at end of file diff --git a/charts/sysbox/values.yaml b/charts/sysbox/values.yaml new file mode 100644 index 00000000..216fb6c1 --- /dev/null +++ b/charts/sysbox/values.yaml @@ -0,0 +1,10 @@ +image: + repository: registry.nestybox.com/nestybox/sysbox-deploy-k8s + tag: "v0.6.7-0" + pullPolicy: Always + +httpRoute: + enabled: false + +ingress: + enabled: false