feat: Map gemini controller to controller nodes, fix ebs storageclass, integrate timemachine into kubezero
This commit is contained in:
parent
b9c341a55b
commit
f1cb2dbb66
@ -2,7 +2,7 @@ apiVersion: v2
|
||||
name: kubezero-aws-ebs-csi-driver
|
||||
description: KubeZero Umbrella Chart for aws-ebs-csi-driver
|
||||
type: application
|
||||
version: 0.5.0
|
||||
version: 0.5.1
|
||||
appVersion: 0.10.0
|
||||
home: https://kubezero.com
|
||||
icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
|
||||
|
@ -3,6 +3,8 @@ apiVersion: snapshot.storage.k8s.io/v1beta1
|
||||
kind: VolumeSnapshotClass
|
||||
metadata:
|
||||
name: csi-aws-vsc
|
||||
annotations:
|
||||
snapshot.storage.kubernetes.io/is-default-class: "true"
|
||||
labels:
|
||||
{{ include "kubezero-lib.labels" . | indent 4 }}
|
||||
driver: ebs.csi.aws.com
|
||||
|
@ -13,5 +13,5 @@ maintainers:
|
||||
dependencies:
|
||||
- name: gemini
|
||||
version: 0.0.6
|
||||
repository: https://charts.fairwinds.com/stable
|
||||
# repository: https://charts.fairwinds.com/stable
|
||||
kubeVersion: ">= 1.18.0"
|
||||
|
9
charts/kubezero-timemachine/charts/gemini/Chart.yaml
Normal file
9
charts/kubezero-timemachine/charts/gemini/Chart.yaml
Normal file
@ -0,0 +1,9 @@
|
||||
apiVersion: v1
|
||||
appVersion: 0.1.0
|
||||
description: Automated backup and restore of PersistentVolumes using the VolumeSnapshot
|
||||
API
|
||||
maintainers:
|
||||
- email: robertb@fairwinds.com
|
||||
name: rbren
|
||||
name: gemini
|
||||
version: 0.0.6
|
35
charts/kubezero-timemachine/charts/gemini/README.md
Normal file
35
charts/kubezero-timemachine/charts/gemini/README.md
Normal file
@ -0,0 +1,35 @@
|
||||
<div align="center">
|
||||
<a href="https://github.com/FairwindsOps/gemini"><img src="logo.png" height="150" alt="Gemini" style="padding-bottom: 20px" /></a>
|
||||
<br>
|
||||
</div>
|
||||
|
||||
## Intro
|
||||
|
||||
This is a Helm chart for the Fairwinds
|
||||
[Gemini project](https://github.com/FairwindsOps/gemini).
|
||||
It provides a Kubernetes CRD and operator for managing `VolumeSnapshots`, allowing you
|
||||
to back up your `PersistentVolumes` on a regular schedule, retire old backups, and restore
|
||||
backups with minimal downtime.
|
||||
|
||||
See the [Gemini README](https://github.com/FairwindsOps/gemini) for more information.
|
||||
|
||||
## Installation
|
||||
```bash
|
||||
helm repo add fairwinds-stable https://charts.fairwinds.com/stable
|
||||
helm install gemini fairwinds-stable/gemini --namespace gemini
|
||||
```
|
||||
## Requirements
|
||||
|
||||
Your cluster must support the [VolumeSnapshot API](https://kubernetes.io/docs/concepts/storage/volume-snapshots/)
|
||||
|
||||
## Values
|
||||
|
||||
| Key | Type | Default | Description |
|
||||
|-----|------|---------|-------------|
|
||||
| image.pullPolicy | string | `"Always"` | imagePullPolicy - Highly recommended to leave this as `Always` |
|
||||
| image.repository | string | `"quay.io/fairwinds/gemini"` | Repository for the gemini image |
|
||||
| image.tag | string | `"0.1"` | The gemini image tag to use |
|
||||
| rbac.create | bool | `true` | If true, create a new ServiceAccount and attach permissions |
|
||||
| rbac.serviceAccountName | string | `nil` | |
|
||||
| verbosity | int | `5` | How verbose the controller logs should be |
|
||||
| resources | object | `{"limits":{"cpu":"200m","memory":"512Mi"},"requests":{"cpu":"25m","memory":"64Mi"}}` | The resources block for the controller pods |
|
25
charts/kubezero-timemachine/charts/gemini/README.md.gotmpl
Normal file
25
charts/kubezero-timemachine/charts/gemini/README.md.gotmpl
Normal file
@ -0,0 +1,25 @@
|
||||
<div align="center">
|
||||
<a href="https://github.com/FairwindsOps/gemini"><img src="logo.png" height="150" alt="Gemini" style="padding-bottom: 20px" /></a>
|
||||
<br>
|
||||
</div>
|
||||
|
||||
## Intro
|
||||
|
||||
This is a Helm chart for the Fairwinds
|
||||
[Gemini project](https://github.com/FairwindsOps/gemini).
|
||||
It provides a Kubernetes CRD and operator for managing `VolumeSnapshots`, allowing you
|
||||
to back up your `PersistentVolumes` on a regular schedule, retire old backups, and restore
|
||||
backups with minimal downtime.
|
||||
|
||||
See the [Gemini README](https://github.com/FairwindsOps/gemini) for more information.
|
||||
|
||||
## Installation
|
||||
```bash
|
||||
helm repo add fairwinds-stable https://charts.fairwinds.com/stable
|
||||
helm install gemini fairwinds-stable/gemini --namespace gemini
|
||||
```
|
||||
## Requirements
|
||||
|
||||
Your cluster must support the [VolumeSnapshot API](https://kubernetes.io/docs/concepts/storage/volume-snapshots/)
|
||||
|
||||
{{ template "chart.valuesSection" . }}
|
@ -0,0 +1 @@
|
||||
testMode: true
|
BIN
charts/kubezero-timemachine/charts/gemini/logo.png
(Stored with Git LFS)
Normal file
BIN
charts/kubezero-timemachine/charts/gemini/logo.png
(Stored with Git LFS)
Normal file
Binary file not shown.
@ -0,0 +1,30 @@
|
||||
Gemini is now installed!
|
||||
|
||||
To start using Gemini, create a SnapshotGroup. You can use an
|
||||
existing PVC, or ask Gemini to create one for you.
|
||||
|
||||
apiVersion: gemini.fairwinds.com/v1beta1
|
||||
kind: SnapshotGroup
|
||||
metadata:
|
||||
name: test-volume
|
||||
spec:
|
||||
persistentVolumeClaim:
|
||||
spec:
|
||||
accessModes:
|
||||
- ReadWriteOnce
|
||||
resources:
|
||||
requests:
|
||||
storage: 1Gi
|
||||
schedule:
|
||||
- every: 10 minutes
|
||||
keep: 3
|
||||
- every: hour
|
||||
keep: 1
|
||||
- every: day
|
||||
keep: 1
|
||||
- every: month
|
||||
keep: 1
|
||||
- every: year
|
||||
keep: 1
|
||||
|
||||
Read more at https://github.com/FairwindsOps/gemini
|
@ -0,0 +1,56 @@
|
||||
{{/* vim: set filetype=mustache: */}}
|
||||
{{/*
|
||||
Expand the name of the chart.
|
||||
*/}}
|
||||
{{- define "gemini.name" -}}
|
||||
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Create a default fully qualified app name.
|
||||
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
|
||||
If release name contains chart name it will be used as a full name.
|
||||
*/}}
|
||||
{{- define "gemini.fullname" -}}
|
||||
{{- if .Values.fullnameOverride -}}
|
||||
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
|
||||
{{- else -}}
|
||||
{{- $name := default .Chart.Name .Values.nameOverride -}}
|
||||
{{- if contains $name .Release.Name -}}
|
||||
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
|
||||
{{- else -}}
|
||||
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Create chart name and version as used by the chart label.
|
||||
*/}}
|
||||
{{- define "gemini.chart" -}}
|
||||
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Standard labels
|
||||
*/}}
|
||||
{{- define "gemini.labels" -}}
|
||||
app: {{ include "gemini.name" . }}
|
||||
{{- if not .Values.templateOnly }}
|
||||
app.kubernetes.io/name: {{ include "gemini.name" . }}
|
||||
helm.sh/chart: {{ include "gemini.chart" . }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Standard selector
|
||||
*/}}
|
||||
{{- define "gemini.selectors" -}}
|
||||
app: {{ include "gemini.name" . }}
|
||||
{{- if not .Values.templateOnly }}
|
||||
app.kubernetes.io/name: {{ include "gemini.name" . }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
@ -0,0 +1,46 @@
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: {{ include "gemini.fullname" . }}-controller
|
||||
labels:
|
||||
app: gemini
|
||||
spec:
|
||||
replicas: 1
|
||||
selector:
|
||||
matchLabels:
|
||||
app: gemini
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: gemini
|
||||
spec:
|
||||
{{- if .Values.rbac.create }}
|
||||
serviceAccountName: {{ include "gemini.fullname" . }}-controller
|
||||
{{- else }}
|
||||
serviceAccountName: {{ .Values.rbac.serviceAccountName }}
|
||||
{{- end }}
|
||||
nodeSelector:
|
||||
node-role.kubernetes.io/master: ""
|
||||
tolerations:
|
||||
- effect: NoSchedule
|
||||
key: node-role.kubernetes.io/master
|
||||
containers:
|
||||
- command:
|
||||
- gemini
|
||||
{{- with .Values.verbosity }}
|
||||
- -v
|
||||
- {{ . | quote }}
|
||||
{{- end }}
|
||||
image: '{{.Values.image.repository}}:{{.Values.image.tag}}'
|
||||
imagePullPolicy: '{{.Values.image.pullPolicy}}'
|
||||
name: gemini-controller
|
||||
resources:
|
||||
{{- toYaml .Values.resources | nindent 12 }}
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
privileged: false
|
||||
readOnlyRootFilesystem: true
|
||||
runAsNonRoot: true
|
||||
capabilities:
|
||||
drop:
|
||||
- ALL
|
@ -0,0 +1,62 @@
|
||||
{{- if .Values.rbac.create }}
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
name: {{ include "gemini.fullname" . }}-controller
|
||||
labels:
|
||||
{{- include "gemini.labels" . | nindent 4 }}
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRole
|
||||
metadata:
|
||||
name: {{ include "gemini.fullname" . }}-controller
|
||||
labels:
|
||||
{{- include "gemini.labels" . | nindent 4 }}
|
||||
rules:
|
||||
- apiGroups:
|
||||
- gemini.fairwinds.com
|
||||
resources:
|
||||
- snapshotgroups
|
||||
verbs:
|
||||
- get
|
||||
- list
|
||||
- watch
|
||||
- create
|
||||
- update
|
||||
- delete
|
||||
- apiGroups:
|
||||
- snapshot.storage.k8s.io
|
||||
- ''
|
||||
resources:
|
||||
- volumesnapshots
|
||||
- persistentvolumeclaims
|
||||
verbs:
|
||||
- get
|
||||
- list
|
||||
- create
|
||||
- update
|
||||
- delete
|
||||
- apiGroups:
|
||||
- apiextensions.k8s.io
|
||||
resources:
|
||||
- customresourcedefinitions
|
||||
verbs:
|
||||
- get
|
||||
- create
|
||||
- delete
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRoleBinding
|
||||
metadata:
|
||||
name: {{ include "gemini.fullname" . }}-controller
|
||||
labels:
|
||||
{{- include "gemini.labels" . | nindent 4 }}
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: ClusterRole
|
||||
name: {{ include "gemini.fullname" . }}-controller
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: {{ include "gemini.fullname" . }}-controller
|
||||
namespace: {{ .Release.Namespace }}
|
||||
{{- end }}
|
@ -0,0 +1,44 @@
|
||||
{{- if and .Values.testMode (not .Release.IsUpgrade) }}
|
||||
{{- if not (.Capabilities.APIVersions.Has "snapshot.storage.k8s.io/v1beta1/VolumeSnapshot") }}
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
name: volumesnapshots.snapshot.storage.k8s.io
|
||||
annotations:
|
||||
api-approved.kubernetes.io: "unapproved - test mode"
|
||||
helm.sh/hook: pre-install
|
||||
helm.sh/hook-delete-policy: before-hook-creation
|
||||
{{- if .Capabilities.APIVersions.Has "apiextensions.k8s.io/v1/CustomResourceDefinition" }}
|
||||
apiVersion: apiextensions.k8s.io/v1
|
||||
spec:
|
||||
versions:
|
||||
- name: v1beta1
|
||||
served: true
|
||||
storage: true
|
||||
schema:
|
||||
openAPIV3Schema:
|
||||
type: object
|
||||
properties:
|
||||
spec:
|
||||
type: object
|
||||
{{- else }}
|
||||
apiVersion: apiextensions.k8s.io/v1beta1
|
||||
spec:
|
||||
versions:
|
||||
- name: v1beta1
|
||||
served: true
|
||||
storage: true
|
||||
validation:
|
||||
openAPIV3Schema:
|
||||
type: object
|
||||
properties:
|
||||
spec:
|
||||
type: object
|
||||
{{- end }}
|
||||
group: snapshot.storage.k8s.io
|
||||
scope: Namespaced
|
||||
names:
|
||||
plural: volumesnapshots
|
||||
singular: volumesnapshot
|
||||
kind: VolumeSnapshot
|
||||
{{- end }}
|
||||
{{- end }}
|
25
charts/kubezero-timemachine/charts/gemini/values.yaml
Normal file
25
charts/kubezero-timemachine/charts/gemini/values.yaml
Normal file
@ -0,0 +1,25 @@
|
||||
image:
|
||||
# image.pullPolicy -- imagePullPolicy - Highly recommended to leave this as `Always`
|
||||
pullPolicy: Always
|
||||
# image.repository -- Repository for the gemini image
|
||||
repository: quay.io/fairwinds/gemini
|
||||
# image.tag -- The gemini image tag to use
|
||||
tag: "0.1"
|
||||
|
||||
rbac:
|
||||
# rbac.create -- If true, create a new ServiceAccount and attach permissions
|
||||
create: true
|
||||
# If rbac.create is false, the name of an existing ServiceAccount to use
|
||||
serviceAccountName:
|
||||
|
||||
# verbosity -- How verbose the controller logs should be
|
||||
verbosity: 5
|
||||
|
||||
# resources -- The resources block for the controller pods
|
||||
resources:
|
||||
requests:
|
||||
memory: 64Mi
|
||||
cpu: 25m
|
||||
limits:
|
||||
memory: 512Mi
|
||||
cpu: 200m
|
15
charts/kubezero-timemachine/run-on-controller.patch
Normal file
15
charts/kubezero-timemachine/run-on-controller.patch
Normal file
@ -0,0 +1,15 @@
|
||||
diff -rtubN charts/gemini/templates/deployment.yaml charts/gemini.zdt/templates/deployment.yaml
|
||||
--- charts/gemini/templates/deployment.yaml 2021-04-19 12:00:43.605005861 +0200
|
||||
+++ charts/gemini.zdt/templates/deployment.yaml 2021-04-19 12:00:08.365005781 +0200
|
||||
@@ -19,6 +19,11 @@
|
||||
{{- else }}
|
||||
serviceAccountName: {{ .Values.rbac.serviceAccountName }}
|
||||
{{- end }}
|
||||
+ nodeSelector:
|
||||
+ node-role.kubernetes.io/master: ""
|
||||
+ tolerations:
|
||||
+ - effect: NoSchedule
|
||||
+ key: node-role.kubernetes.io/master
|
||||
containers:
|
||||
- command:
|
||||
- gemini
|
10
charts/kubezero-timemachine/update.sh
Executable file
10
charts/kubezero-timemachine/update.sh
Executable file
@ -0,0 +1,10 @@
|
||||
#!/bin/bash
|
||||
set -ex
|
||||
|
||||
export VERSION=0.0.6
|
||||
|
||||
rm -rf charts/gemini
|
||||
helm pull fairwinds-stable/gemini --untar --untardir charts
|
||||
|
||||
# Patch for istiod to control plane
|
||||
patch -p0 -i run-on-controller.patch --no-backup-if-mismatch
|
@ -211,19 +211,19 @@ function logging-post() {
|
||||
## MAIN ##
|
||||
if [ $1 == "deploy" ]; then
|
||||
for t in ${ARTIFACTS[@]}; do
|
||||
is_enabled $t && _helm apply $t
|
||||
is_enabled $t && _helm apply $t || true
|
||||
done
|
||||
|
||||
# If artifact enabled and has crds install
|
||||
elif [ $1 == "crds" ]; then
|
||||
for t in ${ARTIFACTS[@]}; do
|
||||
is_enabled $t && has_crds $t && _helm crds $t
|
||||
is_enabled $t && has_crds $t && _helm crds $t || true
|
||||
done
|
||||
|
||||
# Delete in reverse order, continue even if errors
|
||||
elif [ $1 == "delete" ]; then
|
||||
set +e
|
||||
for (( idx=${#ARTIFACTS[@]}-1 ; idx>=0 ; idx-- )) ; do
|
||||
is_enabled ${ARTIFACTS[idx]} && _helm delete ${ARTIFACTS[idx]}
|
||||
is_enabled ${ARTIFACTS[idx]} && _helm delete ${ARTIFACTS[idx]} || true
|
||||
done
|
||||
fi
|
||||
|
@ -1,6 +1,6 @@
|
||||
{{- if not .Values.argo }}
|
||||
|
||||
{{- $artifacts := list "calico" "cert-manager" "kiam" "aws-node-termination-handler" "aws-ebs-csi-driver" "aws-efs-csi-driver" "local-volume-provisioner" "local-path-provisioner" "istio" "istio-ingress" "metrics" "logging" "argocd" }}
|
||||
{{- $artifacts := list "calico" "cert-manager" "kiam" "aws-node-termination-handler" "aws-ebs-csi-driver" "aws-efs-csi-driver" "local-volume-provisioner" "local-path-provisioner" "istio" "istio-ingress" "metrics" "logging" "argocd" "timemachine" }}
|
||||
|
||||
{{- if .Values.global }}
|
||||
global:
|
||||
|
8
charts/kubezero/templates/timemachine.yaml
Normal file
8
charts/kubezero/templates/timemachine.yaml
Normal file
@ -0,0 +1,8 @@
|
||||
{{- define "timemachine-values" }}
|
||||
{{- end }}
|
||||
|
||||
|
||||
{{- define "timemachine-argo" }}
|
||||
{{- end }}
|
||||
|
||||
{{ include "kubezero-app.app" . }}
|
@ -23,6 +23,9 @@ kiam:
|
||||
aws-node-termination-handler:
|
||||
enabled: false
|
||||
|
||||
timemachine:
|
||||
enabled: false
|
||||
|
||||
local-volume-provisioner:
|
||||
enabled: false
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user