From f1cb2dbb66794cb7043bcf6feb812f1cc9f496d8 Mon Sep 17 00:00:00 2001 From: Stefan Reimer Date: Mon, 19 Apr 2021 12:46:42 +0200 Subject: [PATCH] feat: Map gemini controller to controller nodes, fix ebs storageclass, integrate timemachine into kubezero --- charts/kubezero-aws-ebs-csi-driver/Chart.yaml | 2 +- .../templates/snapshot-class.yaml | 2 + charts/kubezero-timemachine/Chart.yaml | 2 +- .../charts/gemini/Chart.yaml | 9 +++ .../charts/gemini/README.md | 35 +++++++++++ .../charts/gemini/README.md.gotmpl | 25 ++++++++ .../charts/gemini/ci/test-values.yaml | 1 + .../charts/gemini/logo.png | 3 + .../charts/gemini/templates/NOTES.txt | 30 +++++++++ .../charts/gemini/templates/_helpers.tpl | 56 +++++++++++++++++ .../charts/gemini/templates/deployment.yaml | 46 ++++++++++++++ .../charts/gemini/templates/rbac.yaml | 62 +++++++++++++++++++ .../charts/gemini/templates/test_crd.yaml | 44 +++++++++++++ .../charts/gemini/values.yaml | 25 ++++++++ .../run-on-controller.patch | 15 +++++ charts/kubezero-timemachine/update.sh | 10 +++ charts/kubezero/bootstrap.sh | 6 +- charts/kubezero/templates/argoless.yaml | 2 +- charts/kubezero/templates/timemachine.yaml | 8 +++ charts/kubezero/values.yaml | 3 + 20 files changed, 380 insertions(+), 6 deletions(-) create mode 100644 charts/kubezero-timemachine/charts/gemini/Chart.yaml create mode 100644 charts/kubezero-timemachine/charts/gemini/README.md create mode 100644 charts/kubezero-timemachine/charts/gemini/README.md.gotmpl create mode 100644 charts/kubezero-timemachine/charts/gemini/ci/test-values.yaml create mode 100644 charts/kubezero-timemachine/charts/gemini/logo.png create mode 100644 charts/kubezero-timemachine/charts/gemini/templates/NOTES.txt create mode 100644 charts/kubezero-timemachine/charts/gemini/templates/_helpers.tpl create mode 100644 charts/kubezero-timemachine/charts/gemini/templates/deployment.yaml create mode 100644 charts/kubezero-timemachine/charts/gemini/templates/rbac.yaml create mode 100644 charts/kubezero-timemachine/charts/gemini/templates/test_crd.yaml create mode 100644 charts/kubezero-timemachine/charts/gemini/values.yaml create mode 100644 charts/kubezero-timemachine/run-on-controller.patch create mode 100755 charts/kubezero-timemachine/update.sh create mode 100644 charts/kubezero/templates/timemachine.yaml diff --git a/charts/kubezero-aws-ebs-csi-driver/Chart.yaml b/charts/kubezero-aws-ebs-csi-driver/Chart.yaml index bbfda714..14f5d118 100644 --- a/charts/kubezero-aws-ebs-csi-driver/Chart.yaml +++ b/charts/kubezero-aws-ebs-csi-driver/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: kubezero-aws-ebs-csi-driver description: KubeZero Umbrella Chart for aws-ebs-csi-driver type: application -version: 0.5.0 +version: 0.5.1 appVersion: 0.10.0 home: https://kubezero.com icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png diff --git a/charts/kubezero-aws-ebs-csi-driver/templates/snapshot-class.yaml b/charts/kubezero-aws-ebs-csi-driver/templates/snapshot-class.yaml index 1b4a831b..e0858382 100644 --- a/charts/kubezero-aws-ebs-csi-driver/templates/snapshot-class.yaml +++ b/charts/kubezero-aws-ebs-csi-driver/templates/snapshot-class.yaml @@ -3,6 +3,8 @@ apiVersion: snapshot.storage.k8s.io/v1beta1 kind: VolumeSnapshotClass metadata: name: csi-aws-vsc + annotations: + snapshot.storage.kubernetes.io/is-default-class: "true" labels: {{ include "kubezero-lib.labels" . | indent 4 }} driver: ebs.csi.aws.com diff --git a/charts/kubezero-timemachine/Chart.yaml b/charts/kubezero-timemachine/Chart.yaml index d6b94a40..42b2930b 100644 --- a/charts/kubezero-timemachine/Chart.yaml +++ b/charts/kubezero-timemachine/Chart.yaml @@ -13,5 +13,5 @@ maintainers: dependencies: - name: gemini version: 0.0.6 - repository: https://charts.fairwinds.com/stable + # repository: https://charts.fairwinds.com/stable kubeVersion: ">= 1.18.0" diff --git a/charts/kubezero-timemachine/charts/gemini/Chart.yaml b/charts/kubezero-timemachine/charts/gemini/Chart.yaml new file mode 100644 index 00000000..5d099a2f --- /dev/null +++ b/charts/kubezero-timemachine/charts/gemini/Chart.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +appVersion: 0.1.0 +description: Automated backup and restore of PersistentVolumes using the VolumeSnapshot + API +maintainers: +- email: robertb@fairwinds.com + name: rbren +name: gemini +version: 0.0.6 diff --git a/charts/kubezero-timemachine/charts/gemini/README.md b/charts/kubezero-timemachine/charts/gemini/README.md new file mode 100644 index 00000000..f8067076 --- /dev/null +++ b/charts/kubezero-timemachine/charts/gemini/README.md @@ -0,0 +1,35 @@ +
+Gemini +
+
+ +## Intro + +This is a Helm chart for the Fairwinds +[Gemini project](https://github.com/FairwindsOps/gemini). +It provides a Kubernetes CRD and operator for managing `VolumeSnapshots`, allowing you +to back up your `PersistentVolumes` on a regular schedule, retire old backups, and restore +backups with minimal downtime. + +See the [Gemini README](https://github.com/FairwindsOps/gemini) for more information. + +## Installation +```bash +helm repo add fairwinds-stable https://charts.fairwinds.com/stable +helm install gemini fairwinds-stable/gemini --namespace gemini +``` +## Requirements + +Your cluster must support the [VolumeSnapshot API](https://kubernetes.io/docs/concepts/storage/volume-snapshots/) + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| image.pullPolicy | string | `"Always"` | imagePullPolicy - Highly recommended to leave this as `Always` | +| image.repository | string | `"quay.io/fairwinds/gemini"` | Repository for the gemini image | +| image.tag | string | `"0.1"` | The gemini image tag to use | +| rbac.create | bool | `true` | If true, create a new ServiceAccount and attach permissions | +| rbac.serviceAccountName | string | `nil` | | +| verbosity | int | `5` | How verbose the controller logs should be | +| resources | object | `{"limits":{"cpu":"200m","memory":"512Mi"},"requests":{"cpu":"25m","memory":"64Mi"}}` | The resources block for the controller pods | diff --git a/charts/kubezero-timemachine/charts/gemini/README.md.gotmpl b/charts/kubezero-timemachine/charts/gemini/README.md.gotmpl new file mode 100644 index 00000000..9028c92b --- /dev/null +++ b/charts/kubezero-timemachine/charts/gemini/README.md.gotmpl @@ -0,0 +1,25 @@ +
+Gemini +
+
+ +## Intro + +This is a Helm chart for the Fairwinds +[Gemini project](https://github.com/FairwindsOps/gemini). +It provides a Kubernetes CRD and operator for managing `VolumeSnapshots`, allowing you +to back up your `PersistentVolumes` on a regular schedule, retire old backups, and restore +backups with minimal downtime. + +See the [Gemini README](https://github.com/FairwindsOps/gemini) for more information. + +## Installation +```bash +helm repo add fairwinds-stable https://charts.fairwinds.com/stable +helm install gemini fairwinds-stable/gemini --namespace gemini +``` +## Requirements + +Your cluster must support the [VolumeSnapshot API](https://kubernetes.io/docs/concepts/storage/volume-snapshots/) + +{{ template "chart.valuesSection" . }} diff --git a/charts/kubezero-timemachine/charts/gemini/ci/test-values.yaml b/charts/kubezero-timemachine/charts/gemini/ci/test-values.yaml new file mode 100644 index 00000000..0a5389e5 --- /dev/null +++ b/charts/kubezero-timemachine/charts/gemini/ci/test-values.yaml @@ -0,0 +1 @@ +testMode: true diff --git a/charts/kubezero-timemachine/charts/gemini/logo.png b/charts/kubezero-timemachine/charts/gemini/logo.png new file mode 100644 index 00000000..3cba4387 --- /dev/null +++ b/charts/kubezero-timemachine/charts/gemini/logo.png @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:d8a61c813d8b9a1a5a0a2f60d95ff34d5f62207076a313480ec40b7b8b346d0a +size 36202 diff --git a/charts/kubezero-timemachine/charts/gemini/templates/NOTES.txt b/charts/kubezero-timemachine/charts/gemini/templates/NOTES.txt new file mode 100644 index 00000000..6fb90d2d --- /dev/null +++ b/charts/kubezero-timemachine/charts/gemini/templates/NOTES.txt @@ -0,0 +1,30 @@ +Gemini is now installed! + +To start using Gemini, create a SnapshotGroup. You can use an +existing PVC, or ask Gemini to create one for you. + +apiVersion: gemini.fairwinds.com/v1beta1 +kind: SnapshotGroup +metadata: + name: test-volume +spec: + persistentVolumeClaim: + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi + schedule: + - every: 10 minutes + keep: 3 + - every: hour + keep: 1 + - every: day + keep: 1 + - every: month + keep: 1 + - every: year + keep: 1 + +Read more at https://github.com/FairwindsOps/gemini diff --git a/charts/kubezero-timemachine/charts/gemini/templates/_helpers.tpl b/charts/kubezero-timemachine/charts/gemini/templates/_helpers.tpl new file mode 100644 index 00000000..388f494b --- /dev/null +++ b/charts/kubezero-timemachine/charts/gemini/templates/_helpers.tpl @@ -0,0 +1,56 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "gemini.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "gemini.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "gemini.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Standard labels +*/}} +{{- define "gemini.labels" -}} +app: {{ include "gemini.name" . }} +{{- if not .Values.templateOnly }} +app.kubernetes.io/name: {{ include "gemini.name" . }} +helm.sh/chart: {{ include "gemini.chart" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end -}} +{{- end -}} + +{{/* +Standard selector +*/}} +{{- define "gemini.selectors" -}} +app: {{ include "gemini.name" . }} +{{- if not .Values.templateOnly }} +app.kubernetes.io/name: {{ include "gemini.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end -}} +{{- end -}} diff --git a/charts/kubezero-timemachine/charts/gemini/templates/deployment.yaml b/charts/kubezero-timemachine/charts/gemini/templates/deployment.yaml new file mode 100644 index 00000000..ed1088e8 --- /dev/null +++ b/charts/kubezero-timemachine/charts/gemini/templates/deployment.yaml @@ -0,0 +1,46 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "gemini.fullname" . }}-controller + labels: + app: gemini +spec: + replicas: 1 + selector: + matchLabels: + app: gemini + template: + metadata: + labels: + app: gemini + spec: + {{- if .Values.rbac.create }} + serviceAccountName: {{ include "gemini.fullname" . }}-controller + {{- else }} + serviceAccountName: {{ .Values.rbac.serviceAccountName }} + {{- end }} + nodeSelector: + node-role.kubernetes.io/master: "" + tolerations: + - effect: NoSchedule + key: node-role.kubernetes.io/master + containers: + - command: + - gemini + {{- with .Values.verbosity }} + - -v + - {{ . | quote }} + {{- end }} + image: '{{.Values.image.repository}}:{{.Values.image.tag}}' + imagePullPolicy: '{{.Values.image.pullPolicy}}' + name: gemini-controller + resources: + {{- toYaml .Values.resources | nindent 12 }} + securityContext: + allowPrivilegeEscalation: false + privileged: false + readOnlyRootFilesystem: true + runAsNonRoot: true + capabilities: + drop: + - ALL diff --git a/charts/kubezero-timemachine/charts/gemini/templates/rbac.yaml b/charts/kubezero-timemachine/charts/gemini/templates/rbac.yaml new file mode 100644 index 00000000..6f900d01 --- /dev/null +++ b/charts/kubezero-timemachine/charts/gemini/templates/rbac.yaml @@ -0,0 +1,62 @@ +{{- if .Values.rbac.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "gemini.fullname" . }}-controller + labels: + {{- include "gemini.labels" . | nindent 4 }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "gemini.fullname" . }}-controller + labels: + {{- include "gemini.labels" . | nindent 4 }} +rules: + - apiGroups: + - gemini.fairwinds.com + resources: + - snapshotgroups + verbs: + - get + - list + - watch + - create + - update + - delete + - apiGroups: + - snapshot.storage.k8s.io + - '' + resources: + - volumesnapshots + - persistentvolumeclaims + verbs: + - get + - list + - create + - update + - delete + - apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get + - create + - delete +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ include "gemini.fullname" . }}-controller + labels: + {{- include "gemini.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ include "gemini.fullname" . }}-controller +subjects: + - kind: ServiceAccount + name: {{ include "gemini.fullname" . }}-controller + namespace: {{ .Release.Namespace }} +{{- end }} diff --git a/charts/kubezero-timemachine/charts/gemini/templates/test_crd.yaml b/charts/kubezero-timemachine/charts/gemini/templates/test_crd.yaml new file mode 100644 index 00000000..0f5b63a3 --- /dev/null +++ b/charts/kubezero-timemachine/charts/gemini/templates/test_crd.yaml @@ -0,0 +1,44 @@ +{{- if and .Values.testMode (not .Release.IsUpgrade) }} +{{- if not (.Capabilities.APIVersions.Has "snapshot.storage.k8s.io/v1beta1/VolumeSnapshot") }} +kind: CustomResourceDefinition +metadata: + name: volumesnapshots.snapshot.storage.k8s.io + annotations: + api-approved.kubernetes.io: "unapproved - test mode" + helm.sh/hook: pre-install + helm.sh/hook-delete-policy: before-hook-creation +{{- if .Capabilities.APIVersions.Has "apiextensions.k8s.io/v1/CustomResourceDefinition" }} +apiVersion: apiextensions.k8s.io/v1 +spec: + versions: + - name: v1beta1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + properties: + spec: + type: object +{{- else }} +apiVersion: apiextensions.k8s.io/v1beta1 +spec: + versions: + - name: v1beta1 + served: true + storage: true + validation: + openAPIV3Schema: + type: object + properties: + spec: + type: object +{{- end }} + group: snapshot.storage.k8s.io + scope: Namespaced + names: + plural: volumesnapshots + singular: volumesnapshot + kind: VolumeSnapshot +{{- end }} +{{- end }} diff --git a/charts/kubezero-timemachine/charts/gemini/values.yaml b/charts/kubezero-timemachine/charts/gemini/values.yaml new file mode 100644 index 00000000..07ec88a5 --- /dev/null +++ b/charts/kubezero-timemachine/charts/gemini/values.yaml @@ -0,0 +1,25 @@ +image: + # image.pullPolicy -- imagePullPolicy - Highly recommended to leave this as `Always` + pullPolicy: Always + # image.repository -- Repository for the gemini image + repository: quay.io/fairwinds/gemini + # image.tag -- The gemini image tag to use + tag: "0.1" + +rbac: + # rbac.create -- If true, create a new ServiceAccount and attach permissions + create: true + # If rbac.create is false, the name of an existing ServiceAccount to use + serviceAccountName: + +# verbosity -- How verbose the controller logs should be +verbosity: 5 + +# resources -- The resources block for the controller pods +resources: + requests: + memory: 64Mi + cpu: 25m + limits: + memory: 512Mi + cpu: 200m diff --git a/charts/kubezero-timemachine/run-on-controller.patch b/charts/kubezero-timemachine/run-on-controller.patch new file mode 100644 index 00000000..59e2320e --- /dev/null +++ b/charts/kubezero-timemachine/run-on-controller.patch @@ -0,0 +1,15 @@ +diff -rtubN charts/gemini/templates/deployment.yaml charts/gemini.zdt/templates/deployment.yaml +--- charts/gemini/templates/deployment.yaml 2021-04-19 12:00:43.605005861 +0200 ++++ charts/gemini.zdt/templates/deployment.yaml 2021-04-19 12:00:08.365005781 +0200 +@@ -19,6 +19,11 @@ + {{- else }} + serviceAccountName: {{ .Values.rbac.serviceAccountName }} + {{- end }} ++ nodeSelector: ++ node-role.kubernetes.io/master: "" ++ tolerations: ++ - effect: NoSchedule ++ key: node-role.kubernetes.io/master + containers: + - command: + - gemini diff --git a/charts/kubezero-timemachine/update.sh b/charts/kubezero-timemachine/update.sh new file mode 100755 index 00000000..3817ad90 --- /dev/null +++ b/charts/kubezero-timemachine/update.sh @@ -0,0 +1,10 @@ +#!/bin/bash +set -ex + +export VERSION=0.0.6 + +rm -rf charts/gemini +helm pull fairwinds-stable/gemini --untar --untardir charts + +# Patch for istiod to control plane +patch -p0 -i run-on-controller.patch --no-backup-if-mismatch diff --git a/charts/kubezero/bootstrap.sh b/charts/kubezero/bootstrap.sh index c1bf05eb..b1eb0ae4 100755 --- a/charts/kubezero/bootstrap.sh +++ b/charts/kubezero/bootstrap.sh @@ -211,19 +211,19 @@ function logging-post() { ## MAIN ## if [ $1 == "deploy" ]; then for t in ${ARTIFACTS[@]}; do - is_enabled $t && _helm apply $t + is_enabled $t && _helm apply $t || true done # If artifact enabled and has crds install elif [ $1 == "crds" ]; then for t in ${ARTIFACTS[@]}; do - is_enabled $t && has_crds $t && _helm crds $t + is_enabled $t && has_crds $t && _helm crds $t || true done # Delete in reverse order, continue even if errors elif [ $1 == "delete" ]; then set +e for (( idx=${#ARTIFACTS[@]}-1 ; idx>=0 ; idx-- )) ; do - is_enabled ${ARTIFACTS[idx]} && _helm delete ${ARTIFACTS[idx]} + is_enabled ${ARTIFACTS[idx]} && _helm delete ${ARTIFACTS[idx]} || true done fi diff --git a/charts/kubezero/templates/argoless.yaml b/charts/kubezero/templates/argoless.yaml index 229f6b4c..9a733d17 100644 --- a/charts/kubezero/templates/argoless.yaml +++ b/charts/kubezero/templates/argoless.yaml @@ -1,6 +1,6 @@ {{- if not .Values.argo }} -{{- $artifacts := list "calico" "cert-manager" "kiam" "aws-node-termination-handler" "aws-ebs-csi-driver" "aws-efs-csi-driver" "local-volume-provisioner" "local-path-provisioner" "istio" "istio-ingress" "metrics" "logging" "argocd" }} +{{- $artifacts := list "calico" "cert-manager" "kiam" "aws-node-termination-handler" "aws-ebs-csi-driver" "aws-efs-csi-driver" "local-volume-provisioner" "local-path-provisioner" "istio" "istio-ingress" "metrics" "logging" "argocd" "timemachine" }} {{- if .Values.global }} global: diff --git a/charts/kubezero/templates/timemachine.yaml b/charts/kubezero/templates/timemachine.yaml new file mode 100644 index 00000000..5a557172 --- /dev/null +++ b/charts/kubezero/templates/timemachine.yaml @@ -0,0 +1,8 @@ +{{- define "timemachine-values" }} +{{- end }} + + +{{- define "timemachine-argo" }} +{{- end }} + +{{ include "kubezero-app.app" . }} diff --git a/charts/kubezero/values.yaml b/charts/kubezero/values.yaml index 4b7efc5a..66b5f5e0 100644 --- a/charts/kubezero/values.yaml +++ b/charts/kubezero/values.yaml @@ -23,6 +23,9 @@ kiam: aws-node-termination-handler: enabled: false +timemachine: + enabled: false + local-volume-provisioner: enabled: false