feat: Map gemini controller to controller nodes, fix ebs storageclass, integrate timemachine into kubezero

This commit is contained in:
Stefan Reimer 2021-04-19 12:46:42 +02:00
parent b9c341a55b
commit f1cb2dbb66
20 changed files with 380 additions and 6 deletions

View File

@ -2,7 +2,7 @@ apiVersion: v2
name: kubezero-aws-ebs-csi-driver
description: KubeZero Umbrella Chart for aws-ebs-csi-driver
type: application
version: 0.5.0
version: 0.5.1
appVersion: 0.10.0
home: https://kubezero.com
icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png

View File

@ -3,6 +3,8 @@ apiVersion: snapshot.storage.k8s.io/v1beta1
kind: VolumeSnapshotClass
metadata:
name: csi-aws-vsc
annotations:
snapshot.storage.kubernetes.io/is-default-class: "true"
labels:
{{ include "kubezero-lib.labels" . | indent 4 }}
driver: ebs.csi.aws.com

View File

@ -13,5 +13,5 @@ maintainers:
dependencies:
- name: gemini
version: 0.0.6
repository: https://charts.fairwinds.com/stable
# repository: https://charts.fairwinds.com/stable
kubeVersion: ">= 1.18.0"

View File

@ -0,0 +1,9 @@
apiVersion: v1
appVersion: 0.1.0
description: Automated backup and restore of PersistentVolumes using the VolumeSnapshot
API
maintainers:
- email: robertb@fairwinds.com
name: rbren
name: gemini
version: 0.0.6

View File

@ -0,0 +1,35 @@
<div align="center">
<a href="https://github.com/FairwindsOps/gemini"><img src="logo.png" height="150" alt="Gemini" style="padding-bottom: 20px" /></a>
<br>
</div>
## Intro
This is a Helm chart for the Fairwinds
[Gemini project](https://github.com/FairwindsOps/gemini).
It provides a Kubernetes CRD and operator for managing `VolumeSnapshots`, allowing you
to back up your `PersistentVolumes` on a regular schedule, retire old backups, and restore
backups with minimal downtime.
See the [Gemini README](https://github.com/FairwindsOps/gemini) for more information.
## Installation
```bash
helm repo add fairwinds-stable https://charts.fairwinds.com/stable
helm install gemini fairwinds-stable/gemini --namespace gemini
```
## Requirements
Your cluster must support the [VolumeSnapshot API](https://kubernetes.io/docs/concepts/storage/volume-snapshots/)
## Values
| Key | Type | Default | Description |
|-----|------|---------|-------------|
| image.pullPolicy | string | `"Always"` | imagePullPolicy - Highly recommended to leave this as `Always` |
| image.repository | string | `"quay.io/fairwinds/gemini"` | Repository for the gemini image |
| image.tag | string | `"0.1"` | The gemini image tag to use |
| rbac.create | bool | `true` | If true, create a new ServiceAccount and attach permissions |
| rbac.serviceAccountName | string | `nil` | |
| verbosity | int | `5` | How verbose the controller logs should be |
| resources | object | `{"limits":{"cpu":"200m","memory":"512Mi"},"requests":{"cpu":"25m","memory":"64Mi"}}` | The resources block for the controller pods |

View File

@ -0,0 +1,25 @@
<div align="center">
<a href="https://github.com/FairwindsOps/gemini"><img src="logo.png" height="150" alt="Gemini" style="padding-bottom: 20px" /></a>
<br>
</div>
## Intro
This is a Helm chart for the Fairwinds
[Gemini project](https://github.com/FairwindsOps/gemini).
It provides a Kubernetes CRD and operator for managing `VolumeSnapshots`, allowing you
to back up your `PersistentVolumes` on a regular schedule, retire old backups, and restore
backups with minimal downtime.
See the [Gemini README](https://github.com/FairwindsOps/gemini) for more information.
## Installation
```bash
helm repo add fairwinds-stable https://charts.fairwinds.com/stable
helm install gemini fairwinds-stable/gemini --namespace gemini
```
## Requirements
Your cluster must support the [VolumeSnapshot API](https://kubernetes.io/docs/concepts/storage/volume-snapshots/)
{{ template "chart.valuesSection" . }}

View File

@ -0,0 +1 @@
testMode: true

BIN
charts/kubezero-timemachine/charts/gemini/logo.png (Stored with Git LFS) Normal file

Binary file not shown.

View File

@ -0,0 +1,30 @@
Gemini is now installed!
To start using Gemini, create a SnapshotGroup. You can use an
existing PVC, or ask Gemini to create one for you.
apiVersion: gemini.fairwinds.com/v1beta1
kind: SnapshotGroup
metadata:
name: test-volume
spec:
persistentVolumeClaim:
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi
schedule:
- every: 10 minutes
keep: 3
- every: hour
keep: 1
- every: day
keep: 1
- every: month
keep: 1
- every: year
keep: 1
Read more at https://github.com/FairwindsOps/gemini

View File

@ -0,0 +1,56 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Expand the name of the chart.
*/}}
{{- define "gemini.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "gemini.fullname" -}}
{{- if .Values.fullnameOverride -}}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- $name := default .Chart.Name .Values.nameOverride -}}
{{- if contains $name .Release.Name -}}
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "gemini.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Standard labels
*/}}
{{- define "gemini.labels" -}}
app: {{ include "gemini.name" . }}
{{- if not .Values.templateOnly }}
app.kubernetes.io/name: {{ include "gemini.name" . }}
helm.sh/chart: {{ include "gemini.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end -}}
{{- end -}}
{{/*
Standard selector
*/}}
{{- define "gemini.selectors" -}}
app: {{ include "gemini.name" . }}
{{- if not .Values.templateOnly }}
app.kubernetes.io/name: {{ include "gemini.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end -}}
{{- end -}}

View File

@ -0,0 +1,46 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "gemini.fullname" . }}-controller
labels:
app: gemini
spec:
replicas: 1
selector:
matchLabels:
app: gemini
template:
metadata:
labels:
app: gemini
spec:
{{- if .Values.rbac.create }}
serviceAccountName: {{ include "gemini.fullname" . }}-controller
{{- else }}
serviceAccountName: {{ .Values.rbac.serviceAccountName }}
{{- end }}
nodeSelector:
node-role.kubernetes.io/master: ""
tolerations:
- effect: NoSchedule
key: node-role.kubernetes.io/master
containers:
- command:
- gemini
{{- with .Values.verbosity }}
- -v
- {{ . | quote }}
{{- end }}
image: '{{.Values.image.repository}}:{{.Values.image.tag}}'
imagePullPolicy: '{{.Values.image.pullPolicy}}'
name: gemini-controller
resources:
{{- toYaml .Values.resources | nindent 12 }}
securityContext:
allowPrivilegeEscalation: false
privileged: false
readOnlyRootFilesystem: true
runAsNonRoot: true
capabilities:
drop:
- ALL

View File

@ -0,0 +1,62 @@
{{- if .Values.rbac.create }}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "gemini.fullname" . }}-controller
labels:
{{- include "gemini.labels" . | nindent 4 }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: {{ include "gemini.fullname" . }}-controller
labels:
{{- include "gemini.labels" . | nindent 4 }}
rules:
- apiGroups:
- gemini.fairwinds.com
resources:
- snapshotgroups
verbs:
- get
- list
- watch
- create
- update
- delete
- apiGroups:
- snapshot.storage.k8s.io
- ''
resources:
- volumesnapshots
- persistentvolumeclaims
verbs:
- get
- list
- create
- update
- delete
- apiGroups:
- apiextensions.k8s.io
resources:
- customresourcedefinitions
verbs:
- get
- create
- delete
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: {{ include "gemini.fullname" . }}-controller
labels:
{{- include "gemini.labels" . | nindent 4 }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: {{ include "gemini.fullname" . }}-controller
subjects:
- kind: ServiceAccount
name: {{ include "gemini.fullname" . }}-controller
namespace: {{ .Release.Namespace }}
{{- end }}

View File

@ -0,0 +1,44 @@
{{- if and .Values.testMode (not .Release.IsUpgrade) }}
{{- if not (.Capabilities.APIVersions.Has "snapshot.storage.k8s.io/v1beta1/VolumeSnapshot") }}
kind: CustomResourceDefinition
metadata:
name: volumesnapshots.snapshot.storage.k8s.io
annotations:
api-approved.kubernetes.io: "unapproved - test mode"
helm.sh/hook: pre-install
helm.sh/hook-delete-policy: before-hook-creation
{{- if .Capabilities.APIVersions.Has "apiextensions.k8s.io/v1/CustomResourceDefinition" }}
apiVersion: apiextensions.k8s.io/v1
spec:
versions:
- name: v1beta1
served: true
storage: true
schema:
openAPIV3Schema:
type: object
properties:
spec:
type: object
{{- else }}
apiVersion: apiextensions.k8s.io/v1beta1
spec:
versions:
- name: v1beta1
served: true
storage: true
validation:
openAPIV3Schema:
type: object
properties:
spec:
type: object
{{- end }}
group: snapshot.storage.k8s.io
scope: Namespaced
names:
plural: volumesnapshots
singular: volumesnapshot
kind: VolumeSnapshot
{{- end }}
{{- end }}

View File

@ -0,0 +1,25 @@
image:
# image.pullPolicy -- imagePullPolicy - Highly recommended to leave this as `Always`
pullPolicy: Always
# image.repository -- Repository for the gemini image
repository: quay.io/fairwinds/gemini
# image.tag -- The gemini image tag to use
tag: "0.1"
rbac:
# rbac.create -- If true, create a new ServiceAccount and attach permissions
create: true
# If rbac.create is false, the name of an existing ServiceAccount to use
serviceAccountName:
# verbosity -- How verbose the controller logs should be
verbosity: 5
# resources -- The resources block for the controller pods
resources:
requests:
memory: 64Mi
cpu: 25m
limits:
memory: 512Mi
cpu: 200m

View File

@ -0,0 +1,15 @@
diff -rtubN charts/gemini/templates/deployment.yaml charts/gemini.zdt/templates/deployment.yaml
--- charts/gemini/templates/deployment.yaml 2021-04-19 12:00:43.605005861 +0200
+++ charts/gemini.zdt/templates/deployment.yaml 2021-04-19 12:00:08.365005781 +0200
@@ -19,6 +19,11 @@
{{- else }}
serviceAccountName: {{ .Values.rbac.serviceAccountName }}
{{- end }}
+ nodeSelector:
+ node-role.kubernetes.io/master: ""
+ tolerations:
+ - effect: NoSchedule
+ key: node-role.kubernetes.io/master
containers:
- command:
- gemini

View File

@ -0,0 +1,10 @@
#!/bin/bash
set -ex
export VERSION=0.0.6
rm -rf charts/gemini
helm pull fairwinds-stable/gemini --untar --untardir charts
# Patch for istiod to control plane
patch -p0 -i run-on-controller.patch --no-backup-if-mismatch

View File

@ -211,19 +211,19 @@ function logging-post() {
## MAIN ##
if [ $1 == "deploy" ]; then
for t in ${ARTIFACTS[@]}; do
is_enabled $t && _helm apply $t
is_enabled $t && _helm apply $t || true
done
# If artifact enabled and has crds install
elif [ $1 == "crds" ]; then
for t in ${ARTIFACTS[@]}; do
is_enabled $t && has_crds $t && _helm crds $t
is_enabled $t && has_crds $t && _helm crds $t || true
done
# Delete in reverse order, continue even if errors
elif [ $1 == "delete" ]; then
set +e
for (( idx=${#ARTIFACTS[@]}-1 ; idx>=0 ; idx-- )) ; do
is_enabled ${ARTIFACTS[idx]} && _helm delete ${ARTIFACTS[idx]}
is_enabled ${ARTIFACTS[idx]} && _helm delete ${ARTIFACTS[idx]} || true
done
fi

View File

@ -1,6 +1,6 @@
{{- if not .Values.argo }}
{{- $artifacts := list "calico" "cert-manager" "kiam" "aws-node-termination-handler" "aws-ebs-csi-driver" "aws-efs-csi-driver" "local-volume-provisioner" "local-path-provisioner" "istio" "istio-ingress" "metrics" "logging" "argocd" }}
{{- $artifacts := list "calico" "cert-manager" "kiam" "aws-node-termination-handler" "aws-ebs-csi-driver" "aws-efs-csi-driver" "local-volume-provisioner" "local-path-provisioner" "istio" "istio-ingress" "metrics" "logging" "argocd" "timemachine" }}
{{- if .Values.global }}
global:

View File

@ -0,0 +1,8 @@
{{- define "timemachine-values" }}
{{- end }}
{{- define "timemachine-argo" }}
{{- end }}
{{ include "kubezero-app.app" . }}

View File

@ -23,6 +23,9 @@ kiam:
aws-node-termination-handler:
enabled: false
timemachine:
enabled: false
local-volume-provisioner:
enabled: false