feat: Map gemini controller to controller nodes, fix ebs storageclass, integrate timemachine into kubezero

charts/kubezero-aws-ebs-csi-driver/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 name: kubezero-aws-ebs-csi-driver
 description: KubeZero Umbrella Chart for aws-ebs-csi-driver
 type: application
-version: 0.5.0
+version: 0.5.1
 appVersion: 0.10.0
 home: https://kubezero.com
 icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png

charts/kubezero-aws-ebs-csi-driver/templates/snapshot-class.yaml

@@ -3,6 +3,8 @@ apiVersion: snapshot.storage.k8s.io/v1beta1
 kind: VolumeSnapshotClass
 metadata:
   name: csi-aws-vsc
+  annotations:
+    snapshot.storage.kubernetes.io/is-default-class: "true"
   labels:
 {{ include "kubezero-lib.labels" . | indent 4 }}
 driver: ebs.csi.aws.com

charts/kubezero-timemachine/Chart.yaml

@@ -13,5 +13,5 @@ maintainers:
 dependencies:
   - name: gemini
     version: 0.0.6
-    repository: https://charts.fairwinds.com/stable
+    # repository: https://charts.fairwinds.com/stable
 kubeVersion: ">= 1.18.0"

charts/kubezero-timemachine/charts/gemini/Chart.yaml

@@ -0,0 +1,9 @@
+apiVersion: v1
+appVersion: 0.1.0
+description: Automated backup and restore of PersistentVolumes using the VolumeSnapshot
+  API
+maintainers:
+- email: robertb@fairwinds.com
+  name: rbren
+name: gemini
+version: 0.0.6

charts/kubezero-timemachine/charts/gemini/README.md

@@ -0,0 +1,35 @@
+<div align="center">
+<a href="https://github.com/FairwindsOps/gemini"><img src="logo.png" height="150" alt="Gemini" style="padding-bottom: 20px" /></a>
+<br>
+</div>
+
+## Intro
+
+This is a Helm chart for the Fairwinds
+[Gemini project](https://github.com/FairwindsOps/gemini).
+It provides a Kubernetes CRD and operator for managing `VolumeSnapshots`, allowing you
+to back up your `PersistentVolumes` on a regular schedule, retire old backups, and restore
+backups with minimal downtime.
+
+See the [Gemini README](https://github.com/FairwindsOps/gemini) for more information.
+
+## Installation
+```bash
+helm repo add fairwinds-stable https://charts.fairwinds.com/stable
+helm install gemini fairwinds-stable/gemini --namespace gemini
+```
+## Requirements
+
+Your cluster must support the [VolumeSnapshot API](https://kubernetes.io/docs/concepts/storage/volume-snapshots/)
+
+## Values
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| image.pullPolicy | string | `"Always"` | imagePullPolicy - Highly recommended to leave this as `Always` |
+| image.repository | string | `"quay.io/fairwinds/gemini"` | Repository for the gemini image |
+| image.tag | string | `"0.1"` | The gemini image tag to use |
+| rbac.create | bool | `true` | If true, create a new ServiceAccount and attach permissions |
+| rbac.serviceAccountName | string | `nil` |  |
+| verbosity | int | `5` | How verbose the controller logs should be |
+| resources | object | `{"limits":{"cpu":"200m","memory":"512Mi"},"requests":{"cpu":"25m","memory":"64Mi"}}` | The resources block for the controller pods |

charts/kubezero-timemachine/charts/gemini/README.md.gotmpl

@@ -0,0 +1,25 @@
+<div align="center">
+<a href="https://github.com/FairwindsOps/gemini"><img src="logo.png" height="150" alt="Gemini" style="padding-bottom: 20px" /></a>
+<br>
+</div>
+
+## Intro
+
+This is a Helm chart for the Fairwinds
+[Gemini project](https://github.com/FairwindsOps/gemini).
+It provides a Kubernetes CRD and operator for managing `VolumeSnapshots`, allowing you
+to back up your `PersistentVolumes` on a regular schedule, retire old backups, and restore
+backups with minimal downtime.
+
+See the [Gemini README](https://github.com/FairwindsOps/gemini) for more information.
+
+## Installation
+```bash
+helm repo add fairwinds-stable https://charts.fairwinds.com/stable
+helm install gemini fairwinds-stable/gemini --namespace gemini
+```
+## Requirements
+
+Your cluster must support the [VolumeSnapshot API](https://kubernetes.io/docs/concepts/storage/volume-snapshots/)
+
+{{ template "chart.valuesSection" . }}

charts/kubezero-timemachine/charts/gemini/ci/test-values.yaml

@@ -0,0 +1 @@
+testMode: true

charts/kubezero-timemachine/charts/gemini/templates/NOTES.txt

@@ -0,0 +1,30 @@
+Gemini is now installed!
+
+To start using Gemini, create a SnapshotGroup. You can use an
+existing PVC, or ask Gemini to create one for you.
+
+apiVersion: gemini.fairwinds.com/v1beta1
+kind: SnapshotGroup
+metadata:
+  name: test-volume
+spec:
+  persistentVolumeClaim:
+    spec:
+      accessModes:
+        - ReadWriteOnce
+      resources:
+        requests:
+          storage: 1Gi
+  schedule:
+    - every: 10 minutes
+      keep: 3
+    - every: hour
+      keep: 1
+    - every: day
+      keep: 1
+    - every: month
+      keep: 1
+    - every: year
+      keep: 1
+
+Read more at https://github.com/FairwindsOps/gemini

charts/kubezero-timemachine/charts/gemini/templates/_helpers.tpl

@@ -0,0 +1,56 @@
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "gemini.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "gemini.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "gemini.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Standard labels
+*/}}
+{{- define "gemini.labels" -}}
+app: {{ include "gemini.name" . }}
+{{- if not .Values.templateOnly }}
+app.kubernetes.io/name: {{ include "gemini.name" . }}
+helm.sh/chart: {{ include "gemini.chart" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Standard selector
+*/}}
+{{- define "gemini.selectors" -}}
+app: {{ include "gemini.name" . }}
+{{- if not .Values.templateOnly }}
+app.kubernetes.io/name: {{ include "gemini.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end -}}
+{{- end -}}

charts/kubezero-timemachine/charts/gemini/templates/deployment.yaml

@@ -0,0 +1,46 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ include "gemini.fullname" . }}-controller
+  labels:
+    app: gemini
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: gemini
+  template:
+    metadata:
+      labels:
+        app: gemini
+    spec:
+      {{- if .Values.rbac.create }}
+      serviceAccountName: {{ include "gemini.fullname" . }}-controller
+      {{- else }}
+      serviceAccountName: {{ .Values.rbac.serviceAccountName }}
+      {{- end }}
+      nodeSelector:
+        node-role.kubernetes.io/master: ""
+      tolerations:
+      - effect: NoSchedule
+        key: node-role.kubernetes.io/master
+      containers:
+      - command:
+        - gemini
+        {{- with .Values.verbosity }}
+        - -v
+        - {{ . | quote }}
+        {{- end }}
+        image: '{{.Values.image.repository}}:{{.Values.image.tag}}'
+        imagePullPolicy: '{{.Values.image.pullPolicy}}'
+        name: gemini-controller
+        resources:
+          {{- toYaml .Values.resources | nindent 12 }}
+        securityContext:
+          allowPrivilegeEscalation: false
+          privileged: false
+          readOnlyRootFilesystem: true
+          runAsNonRoot: true
+          capabilities:
+            drop:
+              - ALL

charts/kubezero-timemachine/charts/gemini/templates/rbac.yaml

@@ -0,0 +1,62 @@
+{{- if .Values.rbac.create }}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ include "gemini.fullname" . }}-controller
+  labels:
+    {{- include "gemini.labels" . | nindent 4 }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ include "gemini.fullname" . }}-controller
+  labels:
+    {{- include "gemini.labels" . | nindent 4 }}
+rules:
+  - apiGroups:
+      - gemini.fairwinds.com
+    resources:
+      - snapshotgroups
+    verbs:
+      - get
+      - list
+      - watch
+      - create
+      - update
+      - delete
+  - apiGroups:
+      - snapshot.storage.k8s.io
+      - ''
+    resources:
+      - volumesnapshots
+      - persistentvolumeclaims
+    verbs:
+      - get
+      - list
+      - create
+      - update
+      - delete
+  - apiGroups:
+      - apiextensions.k8s.io
+    resources:
+      - customresourcedefinitions
+    verbs:
+      - get
+      - create
+      - delete
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ include "gemini.fullname" . }}-controller
+  labels:
+    {{- include "gemini.labels" . | nindent 4 }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ include "gemini.fullname" . }}-controller
+subjects:
+  - kind: ServiceAccount
+    name: {{ include "gemini.fullname" . }}-controller
+    namespace: {{ .Release.Namespace }}
+{{- end }}

charts/kubezero-timemachine/charts/gemini/templates/test_crd.yaml

@@ -0,0 +1,44 @@
+{{- if and .Values.testMode (not .Release.IsUpgrade) }}
+{{- if not (.Capabilities.APIVersions.Has "snapshot.storage.k8s.io/v1beta1/VolumeSnapshot") }}
+kind: CustomResourceDefinition
+metadata:
+  name: volumesnapshots.snapshot.storage.k8s.io
+  annotations:
+    api-approved.kubernetes.io: "unapproved - test mode"
+    helm.sh/hook: pre-install
+    helm.sh/hook-delete-policy: before-hook-creation
+{{- if .Capabilities.APIVersions.Has "apiextensions.k8s.io/v1/CustomResourceDefinition" }}
+apiVersion: apiextensions.k8s.io/v1
+spec:
+  versions:
+    - name: v1beta1
+      served: true
+      storage: true
+      schema:
+        openAPIV3Schema:
+          type: object
+          properties:
+            spec:
+              type: object
+{{- else }}
+apiVersion: apiextensions.k8s.io/v1beta1
+spec:
+  versions:
+    - name: v1beta1
+      served: true
+      storage: true
+  validation:
+    openAPIV3Schema:
+      type: object
+      properties:
+        spec:
+          type: object
+{{- end }}
+  group: snapshot.storage.k8s.io
+  scope: Namespaced
+  names:
+    plural: volumesnapshots
+    singular: volumesnapshot
+    kind: VolumeSnapshot
+{{- end }}
+{{- end }}

charts/kubezero-timemachine/charts/gemini/values.yaml

@@ -0,0 +1,25 @@
+image:
+  # image.pullPolicy -- imagePullPolicy - Highly recommended to leave this as `Always`
+  pullPolicy: Always
+  # image.repository -- Repository for the gemini image
+  repository: quay.io/fairwinds/gemini
+  # image.tag -- The gemini image tag to use
+  tag: "0.1"
+
+rbac:
+  # rbac.create -- If true, create a new ServiceAccount and attach permissions
+  create: true
+  # If rbac.create is false, the name of an existing ServiceAccount to use
+  serviceAccountName:
+
+# verbosity -- How verbose the controller logs should be
+verbosity: 5
+
+# resources -- The resources block for the controller pods
+resources:
+  requests:
+    memory: 64Mi
+    cpu: 25m
+  limits:
+    memory: 512Mi
+    cpu: 200m

charts/kubezero-timemachine/run-on-controller.patch

@@ -0,0 +1,15 @@
+diff -rtubN charts/gemini/templates/deployment.yaml charts/gemini.zdt/templates/deployment.yaml
+--- charts/gemini/templates/deployment.yaml	2021-04-19 12:00:43.605005861 +0200
++++ charts/gemini.zdt/templates/deployment.yaml	2021-04-19 12:00:08.365005781 +0200
+@@ -19,6 +19,11 @@
+       {{- else }}
+       serviceAccountName: {{ .Values.rbac.serviceAccountName }}
+       {{- end }}
++      nodeSelector:
++        node-role.kubernetes.io/master: ""
++      tolerations:
++      - effect: NoSchedule
++        key: node-role.kubernetes.io/master
+       containers:
+       - command:
+         - gemini

charts/kubezero-timemachine/update.sh

@@ -0,0 +1,10 @@
+#!/bin/bash
+set -ex
+
+export VERSION=0.0.6
+
+rm -rf charts/gemini
+helm pull fairwinds-stable/gemini --untar --untardir charts
+
+# Patch for istiod to control plane
+patch -p0 -i run-on-controller.patch --no-backup-if-mismatch

charts/kubezero/bootstrap.sh

@@ -211,19 +211,19 @@ function logging-post() {
 ## MAIN ##
 if [ $1 == "deploy" ]; then
   for t in ${ARTIFACTS[@]}; do
-    is_enabled $t && _helm apply $t
+    is_enabled $t && _helm apply $t || true
   done
 
 # If artifact enabled and has crds install
 elif [ $1 == "crds" ]; then
   for t in ${ARTIFACTS[@]}; do
-    is_enabled $t && has_crds $t && _helm crds $t
+    is_enabled $t && has_crds $t && _helm crds $t || true
   done
 
 # Delete in reverse order, continue even if errors
 elif [ $1 == "delete" ]; then
   set +e
   for (( idx=${#ARTIFACTS[@]}-1 ; idx>=0 ; idx-- )) ; do
-    is_enabled ${ARTIFACTS[idx]} && _helm delete ${ARTIFACTS[idx]}
+    is_enabled ${ARTIFACTS[idx]} && _helm delete ${ARTIFACTS[idx]} || true
   done
 fi

charts/kubezero/templates/argoless.yaml

@@ -1,6 +1,6 @@
 {{- if not .Values.argo }}
 
-{{- $artifacts := list "calico" "cert-manager" "kiam" "aws-node-termination-handler" "aws-ebs-csi-driver" "aws-efs-csi-driver" "local-volume-provisioner" "local-path-provisioner" "istio" "istio-ingress" "metrics" "logging" "argocd" }}
+{{- $artifacts := list "calico" "cert-manager" "kiam" "aws-node-termination-handler" "aws-ebs-csi-driver" "aws-efs-csi-driver" "local-volume-provisioner" "local-path-provisioner" "istio" "istio-ingress" "metrics" "logging" "argocd" "timemachine" }}
 
 {{- if .Values.global }}
 global:

charts/kubezero/templates/timemachine.yaml

@@ -0,0 +1,8 @@
+{{- define "timemachine-values" }}
+{{- end }}
+
+
+{{- define "timemachine-argo" }}
+{{- end }}
+
+{{ include "kubezero-app.app" . }}

charts/kubezero/values.yaml

@@ -23,6 +23,9 @@ kiam:
 aws-node-termination-handler:
   enabled: false
 
+timemachine:
+  enabled: false
+
 local-volume-provisioner:
   enabled: false