First draft of Kiam chart, various fixes and improvements, cascade delete enabled by default

charts/kubezero-app/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 name: kubezero-app
 description: KubeZero ArgoCD Application - Root chart of the KubeZero
 type: application
-version: 0.1.10
+version: 0.2.0
 home: https://kubezero.com
 icon: https://cdn.zero-downtime.net/assets/logo_small.png
 keywords:
@@ -11,3 +11,4 @@ keywords:
   - gitops
 maintainers:
   - name: Quarky9
+kubeVersion: ">= 1.16.0"

charts/kubezero-app/templates/_apps_common.yaml

@@ -9,6 +9,10 @@ metadata:
     helm.sh/chart: {{ .root.Chart.Name }}-{{ .root.Chart.Version | replace "+" "_" }}
     app.kubernetes.io/managed-by: {{ .root.Release.Service }}
     app.kubernetes.io/part-of: kubezero
+  {{- if not .retain }}
+  finalizers:
+    - resources-finalizer.argocd.argoproj.io
+  {{ end }}
 spec:
   project: kubezero
 
@@ -16,12 +20,12 @@ spec:
     repoURL: {{ default .root.Values.defaultSource.repoURL }}
     targetRevision: {{ default .root.Values.defaultSource.targetRevision }}
     {{- if eq .type "helm" }}
-    {{ $values := index .root.Values .name "values" }}
+    {{ $my_values := index .root.Values .name "values" }}
     path: {{ default .root.Values.defaultSource.pathPrefix }}charts/kubezero-{{ .name }}
-    {{- if $values }}
+    {{- if $my_values }}
     helm:
       values: |
-{{- toYaml $values | nindent 8 }}
+{{- toYaml $my_values | nindent 8 }}
     {{- end }}
     {{- else }}
     path: {{ default .root.Values.defaultSource.pathPrefix }}artifacts/kubezero-{{ .name }}

charts/kubezero-app/templates/calico.yaml

@@ -1,3 +1,3 @@
 {{- if .Values.calico.enabled }}
-{{ template "kubezero.app" dict "root" . "name" "calico" "type" "kustomize" }}
+{{ template "kubezero.app" dict "root" . "name" "calico" "type" "kustomize" "retain" true }}
 {{- end }}

charts/kubezero-app/templates/kiam.yaml

@@ -0,0 +1,3 @@
+{{- if index .Values "kiam" "enabled" }}
+{{ template "kubezero.app" dict "root" . "name" "kiam" "type" "helm" }}
+{{- end }}

charts/kubezero-app/values-all.yaml

@@ -17,3 +17,6 @@ local-volume-provisioner:
 
 cert-manager:
   enabled: true
+
+kiam:
+  enabled: true

charts/kubezero-app/values.yaml

@@ -20,3 +20,6 @@ local-volume-provisioner:
 
 cert-manager:
   enabled: false
+
+kiam:
+  enabled: false

charts/kubezero-cert-manager/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 name: kubezero-cert-manager
 description: KubeZero Umbrella Chart for cert-manager
 type: application
-version: 0.3.1
+version: 0.3.2
 home: https://kubezero.com
 icon: https://cdn.zero-downtime.net/assets/logo_small.png
 keywords:
@@ -14,3 +14,4 @@ dependencies:
   - name: cert-manager
     version: 0.15.0
     repository: https://charts.jetstack.io
+kubeVersion: ">= 1.16.0"

charts/kubezero-kiam/.helmignore

@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/

charts/kubezero-kiam/Chart.yaml

@@ -0,0 +1,17 @@
+apiVersion: v2
+name: kubezero-kiam
+description: KubeZero Umbrella Chart for Kiam
+type: application
+version: 0.1.0
+home: https://kubezero.com
+icon: https://cdn.zero-downtime.net/assets/logo_small.png
+keywords:
+  - kubezero
+  - kiam
+maintainers:
+  - name: Quarky9
+dependencies:
+  - name: kiam
+    version: 5.7.0
+    repository: https://uswitch.github.io/kiam-helm-charts/charts/
+kubeVersion: ">= 1.16.0"

charts/kubezero-kiam/values.yaml

@@ -0,0 +1,42 @@
+kiam:
+  server:
+    # assumeRoleArn: <INSERT_CLOUDFORMATION_OUTPUT_KiamServerRoleArn> 
+    useHostNetwork: true
+    sslCertHostPath: /etc/ssl/certs
+    tlsSecret: kiam-server-tls
+    service:
+      port: 6444
+      targetPort: 6444
+    deployment:
+      enabled: true
+      replicas: 2
+    tolerations:
+    - key: node-role.kubernetes.io/master
+      effect: NoSchedule
+    nodeSelector:
+      node-role.kubernetes.io/master: ""
+    prometheus:
+      servicemonitor:
+        enabled: false
+  #  log:
+  #    level: warn
+  
+  agent:
+    host:
+      iptables: true
+    whiteListRouteRegexp: '^/latest/(meta-data/instance-id|dynamic)'
+    sslCertHostPath: /etc/ssl/certs
+    tlsSecret: kiam-agent-tls
+    tolerations:
+    - key: node-role.kubernetes.io/master
+      effect: NoSchedule
+    prometheus:
+      servicemonitor:
+        enabled: false
+  #  log:
+  #    level: warn
+  #  extraEnv:
+  #  - name: GRPC_GO_LOG_SEVERITY_LEVEL
+  #    value: "info"
+  #  - name: GRPC_GO_LOG_VERBOSITY_LEVEL
+  #    value: "8"

charts/kubezero/Chart.yaml

@@ -1,7 +1,7 @@
 apiVersion: v2
 description: KubeZero Helm chart to install Zero Down Time Kuberenetes platform
 name: kubezero
-version: 0.2.3
+version: 0.2.4
 home: https://kubezero.com
 icon: https://cdn.zero-downtime.net/assets/logo_small.png
 keywords:
@@ -12,5 +12,6 @@ maintainers:
   - name: Quarky9
 dependencies:
   - name: argo-cd
-    version: 2.2.15
+    version: 2.3.2
     repository: https://argoproj.github.io/argo-helm
+kubeVersion: ">= 1.16.0"

scripts/publish.sh

@@ -12,6 +12,8 @@ rm -rf $SRCROOT/output && git clone -b gh-pages ssh://git@git.zero-downtime.net:
 
 helm repo add stable https://kubernetes-charts.storage.googleapis.com
 helm repo add argoproj https://argoproj.github.io/argo-helm
+helm repo add jetstack https://charts.jetstack.io
+helm repo add uswitch https://uswitch.github.io/kiam-helm-charts/charts/
 
 for dir in $(find $SRCROOT/charts -mindepth 1 -maxdepth 1 -type d);
 do
@@ -33,7 +35,7 @@ do
     fi
 
     echo "Processing $dir"
-    helm --debug package $dir
+    helm lint $dir && helm --debug package $dir
 done
 
 cp $SRCROOT/*.tgz output/