Browse Source

feat: Map gemini controller to controller nodes, fix ebs storageclass, integrate timemachine into kubezero

pull/42/head
Stefan Reimer 9 months ago
parent
commit
c15f5cbcda
  1. 2
      charts/kubezero-aws-ebs-csi-driver/Chart.yaml
  2. 2
      charts/kubezero-aws-ebs-csi-driver/templates/snapshot-class.yaml
  3. 2
      charts/kubezero-timemachine/Chart.yaml
  4. 9
      charts/kubezero-timemachine/charts/gemini/Chart.yaml
  5. 35
      charts/kubezero-timemachine/charts/gemini/README.md
  6. 25
      charts/kubezero-timemachine/charts/gemini/README.md.gotmpl
  7. 1
      charts/kubezero-timemachine/charts/gemini/ci/test-values.yaml
  8. BIN
      charts/kubezero-timemachine/charts/gemini/logo.png
  9. 30
      charts/kubezero-timemachine/charts/gemini/templates/NOTES.txt
  10. 56
      charts/kubezero-timemachine/charts/gemini/templates/_helpers.tpl
  11. 46
      charts/kubezero-timemachine/charts/gemini/templates/deployment.yaml
  12. 62
      charts/kubezero-timemachine/charts/gemini/templates/rbac.yaml
  13. 44
      charts/kubezero-timemachine/charts/gemini/templates/test_crd.yaml
  14. 25
      charts/kubezero-timemachine/charts/gemini/values.yaml
  15. 15
      charts/kubezero-timemachine/run-on-controller.patch
  16. 10
      charts/kubezero-timemachine/update.sh
  17. 6
      charts/kubezero/bootstrap.sh
  18. 2
      charts/kubezero/templates/argoless.yaml
  19. 8
      charts/kubezero/templates/timemachine.yaml
  20. 3
      charts/kubezero/values.yaml

2
charts/kubezero-aws-ebs-csi-driver/Chart.yaml

@ -2,7 +2,7 @@ apiVersion: v2
name: kubezero-aws-ebs-csi-driver
description: KubeZero Umbrella Chart for aws-ebs-csi-driver
type: application
version: 0.5.0
version: 0.5.1
appVersion: 0.10.0
home: https://kubezero.com
icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png

2
charts/kubezero-aws-ebs-csi-driver/templates/snapshot-class.yaml

@ -3,6 +3,8 @@ apiVersion: snapshot.storage.k8s.io/v1beta1
kind: VolumeSnapshotClass
metadata:
name: csi-aws-vsc
annotations:
snapshot.storage.kubernetes.io/is-default-class: "true"
labels:
{{ include "kubezero-lib.labels" . | indent 4 }}
driver: ebs.csi.aws.com

2
charts/kubezero-timemachine/Chart.yaml

@ -13,5 +13,5 @@ maintainers:
dependencies:
- name: gemini
version: 0.0.6
repository: https://charts.fairwinds.com/stable
# repository: https://charts.fairwinds.com/stable
kubeVersion: ">= 1.18.0"

9
charts/kubezero-timemachine/charts/gemini/Chart.yaml

@ -0,0 +1,9 @@
apiVersion: v1
appVersion: 0.1.0
description: Automated backup and restore of PersistentVolumes using the VolumeSnapshot
API
maintainers:
- email: robertb@fairwinds.com
name: rbren
name: gemini
version: 0.0.6

35
charts/kubezero-timemachine/charts/gemini/README.md

@ -0,0 +1,35 @@
<div align="center">
<a href="https://github.com/FairwindsOps/gemini"><img src="logo.png" height="150" alt="Gemini" style="padding-bottom: 20px" /></a>
<br>
</div>
## Intro
This is a Helm chart for the Fairwinds
[Gemini project](https://github.com/FairwindsOps/gemini).
It provides a Kubernetes CRD and operator for managing `VolumeSnapshots`, allowing you
to back up your `PersistentVolumes` on a regular schedule, retire old backups, and restore
backups with minimal downtime.
See the [Gemini README](https://github.com/FairwindsOps/gemini) for more information.
## Installation
```bash
helm repo add fairwinds-stable https://charts.fairwinds.com/stable
helm install gemini fairwinds-stable/gemini --namespace gemini
```
## Requirements
Your cluster must support the [VolumeSnapshot API](https://kubernetes.io/docs/concepts/storage/volume-snapshots/)
## Values
| Key | Type | Default | Description |
|-----|------|---------|-------------|
| image.pullPolicy | string | `"Always"` | imagePullPolicy - Highly recommended to leave this as `Always` |
| image.repository | string | `"quay.io/fairwinds/gemini"` | Repository for the gemini image |
| image.tag | string | `"0.1"` | The gemini image tag to use |
| rbac.create | bool | `true` | If true, create a new ServiceAccount and attach permissions |
| rbac.serviceAccountName | string | `nil` | |
| verbosity | int | `5` | How verbose the controller logs should be |
| resources | object | `{"limits":{"cpu":"200m","memory":"512Mi"},"requests":{"cpu":"25m","memory":"64Mi"}}` | The resources block for the controller pods |

25
charts/kubezero-timemachine/charts/gemini/README.md.gotmpl

@ -0,0 +1,25 @@
<div align="center">
<a href="https://github.com/FairwindsOps/gemini"><img src="logo.png" height="150" alt="Gemini" style="padding-bottom: 20px" /></a>
<br>
</div>
## Intro
This is a Helm chart for the Fairwinds
[Gemini project](https://github.com/FairwindsOps/gemini).
It provides a Kubernetes CRD and operator for managing `VolumeSnapshots`, allowing you
to back up your `PersistentVolumes` on a regular schedule, retire old backups, and restore
backups with minimal downtime.
See the [Gemini README](https://github.com/FairwindsOps/gemini) for more information.
## Installation
```bash
helm repo add fairwinds-stable https://charts.fairwinds.com/stable
helm install gemini fairwinds-stable/gemini --namespace gemini
```
## Requirements
Your cluster must support the [VolumeSnapshot API](https://kubernetes.io/docs/concepts/storage/volume-snapshots/)
{{ template "chart.valuesSection" . }}

1
charts/kubezero-timemachine/charts/gemini/ci/test-values.yaml

@ -0,0 +1 @@
testMode: true

BIN
charts/kubezero-timemachine/charts/gemini/logo.png

Binary file not shown.

After

Width:  |  Height:  |  Size: 35 KiB

30
charts/kubezero-timemachine/charts/gemini/templates/NOTES.txt

@ -0,0 +1,30 @@
Gemini is now installed!
To start using Gemini, create a SnapshotGroup. You can use an
existing PVC, or ask Gemini to create one for you.
apiVersion: gemini.fairwinds.com/v1beta1
kind: SnapshotGroup
metadata:
name: test-volume
spec:
persistentVolumeClaim:
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi
schedule:
- every: 10 minutes
keep: 3
- every: hour
keep: 1
- every: day
keep: 1
- every: month
keep: 1
- every: year
keep: 1
Read more at https://github.com/FairwindsOps/gemini

56
charts/kubezero-timemachine/charts/gemini/templates/_helpers.tpl

@ -0,0 +1,56 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Expand the name of the chart.
*/}}
{{- define "gemini.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "gemini.fullname" -}}
{{- if .Values.fullnameOverride -}}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- $name := default .Chart.Name .Values.nameOverride -}}
{{- if contains $name .Release.Name -}}
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "gemini.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Standard labels
*/}}
{{- define "gemini.labels" -}}
app: {{ include "gemini.name" . }}
{{- if not .Values.templateOnly }}
app.kubernetes.io/name: {{ include "gemini.name" . }}
helm.sh/chart: {{ include "gemini.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end -}}
{{- end -}}
{{/*
Standard selector
*/}}
{{- define "gemini.selectors" -}}
app: {{ include "gemini.name" . }}
{{- if not .Values.templateOnly }}
app.kubernetes.io/name: {{ include "gemini.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end -}}
{{- end -}}

46
charts/kubezero-timemachine/charts/gemini/templates/deployment.yaml

@ -0,0 +1,46 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "gemini.fullname" . }}-controller
labels:
app: gemini
spec:
replicas: 1
selector:
matchLabels:
app: gemini
template:
metadata:
labels:
app: gemini
spec:
{{- if .Values.rbac.create }}
serviceAccountName: {{ include "gemini.fullname" . }}-controller
{{- else }}
serviceAccountName: {{ .Values.rbac.serviceAccountName }}
{{- end }}
nodeSelector:
node-role.kubernetes.io/master: ""
tolerations:
- effect: NoSchedule
key: node-role.kubernetes.io/master
containers:
- command:
- gemini
{{- with .Values.verbosity }}
- -v
- {{ . | quote }}
{{- end }}
image: '{{.Values.image.repository}}:{{.Values.image.tag}}'
imagePullPolicy: '{{.Values.image.pullPolicy}}'
name: gemini-controller
resources:
{{- toYaml .Values.resources | nindent 12 }}
securityContext:
allowPrivilegeEscalation: false
privileged: false
readOnlyRootFilesystem: true
runAsNonRoot: true
capabilities:
drop:
- ALL

62
charts/kubezero-timemachine/charts/gemini/templates/rbac.yaml

@ -0,0 +1,62 @@
{{- if .Values.rbac.create }}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "gemini.fullname" . }}-controller
labels:
{{- include "gemini.labels" . | nindent 4 }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: {{ include "gemini.fullname" . }}-controller
labels:
{{- include "gemini.labels" . | nindent 4 }}
rules:
- apiGroups:
- gemini.fairwinds.com
resources:
- snapshotgroups
verbs:
- get
- list
- watch
- create
- update
- delete
- apiGroups:
- snapshot.storage.k8s.io
- ''
resources:
- volumesnapshots
- persistentvolumeclaims
verbs:
- get
- list
- create
- update
- delete
- apiGroups:
- apiextensions.k8s.io
resources:
- customresourcedefinitions
verbs:
- get
- create
- delete
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: {{ include "gemini.fullname" . }}-controller
labels:
{{- include "gemini.labels" . | nindent 4 }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: {{ include "gemini.fullname" . }}-controller
subjects:
- kind: ServiceAccount
name: {{ include "gemini.fullname" . }}-controller
namespace: {{ .Release.Namespace }}
{{- end }}

44
charts/kubezero-timemachine/charts/gemini/templates/test_crd.yaml

@ -0,0 +1,44 @@
{{- if and .Values.testMode (not .Release.IsUpgrade) }}
{{- if not (.Capabilities.APIVersions.Has "snapshot.storage.k8s.io/v1beta1/VolumeSnapshot") }}
kind: CustomResourceDefinition
metadata:
name: volumesnapshots.snapshot.storage.k8s.io
annotations:
api-approved.kubernetes.io: "unapproved - test mode"
helm.sh/hook: pre-install
helm.sh/hook-delete-policy: before-hook-creation
{{- if .Capabilities.APIVersions.Has "apiextensions.k8s.io/v1/CustomResourceDefinition" }}
apiVersion: apiextensions.k8s.io/v1
spec:
versions:
- name: v1beta1
served: true
storage: true
schema:
openAPIV3Schema:
type: object
properties:
spec:
type: object
{{- else }}
apiVersion: apiextensions.k8s.io/v1beta1
spec:
versions:
- name: v1beta1
served: true
storage: true
validation:
openAPIV3Schema:
type: object
properties:
spec:
type: object
{{- end }}
group: snapshot.storage.k8s.io
scope: Namespaced
names:
plural: volumesnapshots
singular: volumesnapshot
kind: VolumeSnapshot
{{- end }}
{{- end }}

25
charts/kubezero-timemachine/charts/gemini/values.yaml

@ -0,0 +1,25 @@
image:
# image.pullPolicy -- imagePullPolicy - Highly recommended to leave this as `Always`
pullPolicy: Always
# image.repository -- Repository for the gemini image
repository: quay.io/fairwinds/gemini
# image.tag -- The gemini image tag to use
tag: "0.1"
rbac:
# rbac.create -- If true, create a new ServiceAccount and attach permissions
create: true
# If rbac.create is false, the name of an existing ServiceAccount to use
serviceAccountName:
# verbosity -- How verbose the controller logs should be
verbosity: 5
# resources -- The resources block for the controller pods
resources:
requests:
memory: 64Mi
cpu: 25m
limits:
memory: 512Mi
cpu: 200m

15
charts/kubezero-timemachine/run-on-controller.patch

@ -0,0 +1,15 @@
diff -rtubN charts/gemini/templates/deployment.yaml charts/gemini.zdt/templates/deployment.yaml
--- charts/gemini/templates/deployment.yaml 2021-04-19 12:00:43.605005861 +0200
+++ charts/gemini.zdt/templates/deployment.yaml 2021-04-19 12:00:08.365005781 +0200
@@ -19,6 +19,11 @@
{{- else }}
serviceAccountName: {{ .Values.rbac.serviceAccountName }}
{{- end }}
+ nodeSelector:
+ node-role.kubernetes.io/master: ""
+ tolerations:
+ - effect: NoSchedule
+ key: node-role.kubernetes.io/master
containers:
- command:
- gemini

10
charts/kubezero-timemachine/update.sh

@ -0,0 +1,10 @@
#!/bin/bash
set -ex
export VERSION=0.0.6
rm -rf charts/gemini
helm pull fairwinds-stable/gemini --untar --untardir charts
# Patch for istiod to control plane
patch -p0 -i run-on-controller.patch --no-backup-if-mismatch

6
charts/kubezero/bootstrap.sh

@ -211,19 +211,19 @@ function logging-post() {
## MAIN ##
if [ $1 == "deploy" ]; then
for t in ${ARTIFACTS[@]}; do
is_enabled $t && _helm apply $t
is_enabled $t && _helm apply $t || true
done
# If artifact enabled and has crds install
elif [ $1 == "crds" ]; then
for t in ${ARTIFACTS[@]}; do
is_enabled $t && has_crds $t && _helm crds $t
is_enabled $t && has_crds $t && _helm crds $t || true
done
# Delete in reverse order, continue even if errors
elif [ $1 == "delete" ]; then
set +e
for (( idx=${#ARTIFACTS[@]}-1 ; idx>=0 ; idx-- )) ; do
is_enabled ${ARTIFACTS[idx]} && _helm delete ${ARTIFACTS[idx]}
is_enabled ${ARTIFACTS[idx]} && _helm delete ${ARTIFACTS[idx]} || true
done
fi

2
charts/kubezero/templates/argoless.yaml

@ -1,6 +1,6 @@
{{- if not .Values.argo }}
{{- $artifacts := list "calico" "cert-manager" "kiam" "aws-node-termination-handler" "aws-ebs-csi-driver" "aws-efs-csi-driver" "local-volume-provisioner" "local-path-provisioner" "istio" "istio-ingress" "metrics" "logging" "argocd" }}
{{- $artifacts := list "calico" "cert-manager" "kiam" "aws-node-termination-handler" "aws-ebs-csi-driver" "aws-efs-csi-driver" "local-volume-provisioner" "local-path-provisioner" "istio" "istio-ingress" "metrics" "logging" "argocd" "timemachine" }}
{{- if .Values.global }}
global:

8
charts/kubezero/templates/timemachine.yaml

@ -0,0 +1,8 @@
{{- define "timemachine-values" }}
{{- end }}
{{- define "timemachine-argo" }}
{{- end }}
{{ include "kubezero-app.app" . }}

3
charts/kubezero/values.yaml

@ -23,6 +23,9 @@ kiam:
aws-node-termination-handler:
enabled: false
timemachine:
enabled: false
local-volume-provisioner:
enabled: false

Loading…
Cancel
Save