From e63af4f489086d1e13c14071dabf7ede27193bf7 Mon Sep 17 00:00:00 2001 From: Stefan Reimer Date: Thu, 14 May 2020 18:24:51 +0100 Subject: [PATCH 1/2] First draft of Kiam chart, various fixes and improvements, cascade delete enabled by default --- charts/kubezero-app/Chart.yaml | 3 +- .../kubezero-app/templates/_apps_common.yaml | 10 +++-- charts/kubezero-app/templates/calico.yaml | 2 +- charts/kubezero-app/templates/kiam.yaml | 3 ++ charts/kubezero-app/values-all.yaml | 3 ++ charts/kubezero-app/values.yaml | 3 ++ charts/kubezero-cert-manager/Chart.yaml | 3 +- charts/kubezero-kiam/.helmignore | 23 ++++++++++ charts/kubezero-kiam/Chart.yaml | 17 ++++++++ charts/kubezero-kiam/values.yaml | 42 +++++++++++++++++++ charts/kubezero/Chart.yaml | 5 ++- scripts/publish.sh | 4 +- 12 files changed, 109 insertions(+), 9 deletions(-) create mode 100644 charts/kubezero-app/templates/kiam.yaml create mode 100644 charts/kubezero-kiam/.helmignore create mode 100644 charts/kubezero-kiam/Chart.yaml create mode 100644 charts/kubezero-kiam/values.yaml diff --git a/charts/kubezero-app/Chart.yaml b/charts/kubezero-app/Chart.yaml index 24d1daa..3110b30 100644 --- a/charts/kubezero-app/Chart.yaml +++ b/charts/kubezero-app/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: kubezero-app description: KubeZero ArgoCD Application - Root chart of the KubeZero type: application -version: 0.1.10 +version: 0.2.0 home: https://kubezero.com icon: https://cdn.zero-downtime.net/assets/logo_small.png keywords: @@ -11,3 +11,4 @@ keywords: - gitops maintainers: - name: Quarky9 +kubeVersion: ">= 1.16.0" diff --git a/charts/kubezero-app/templates/_apps_common.yaml b/charts/kubezero-app/templates/_apps_common.yaml index 4e849ae..1fca9aa 100644 --- a/charts/kubezero-app/templates/_apps_common.yaml +++ b/charts/kubezero-app/templates/_apps_common.yaml @@ -9,6 +9,10 @@ metadata: helm.sh/chart: {{ .root.Chart.Name }}-{{ .root.Chart.Version | replace "+" "_" }} app.kubernetes.io/managed-by: {{ .root.Release.Service }} app.kubernetes.io/part-of: kubezero + {{- if not .retain }} + finalizers: + - resources-finalizer.argocd.argoproj.io + {{ end }} spec: project: kubezero @@ -16,12 +20,12 @@ spec: repoURL: {{ default .root.Values.defaultSource.repoURL }} targetRevision: {{ default .root.Values.defaultSource.targetRevision }} {{- if eq .type "helm" }} - {{ $values := index .root.Values .name "values" }} + {{ $my_values := index .root.Values .name "values" }} path: {{ default .root.Values.defaultSource.pathPrefix }}charts/kubezero-{{ .name }} - {{- if $values }} + {{- if $my_values }} helm: values: | -{{- toYaml $values | nindent 8 }} +{{- toYaml $my_values | nindent 8 }} {{- end }} {{- else }} path: {{ default .root.Values.defaultSource.pathPrefix }}artifacts/kubezero-{{ .name }} diff --git a/charts/kubezero-app/templates/calico.yaml b/charts/kubezero-app/templates/calico.yaml index 5fd8522..8b0ee58 100644 --- a/charts/kubezero-app/templates/calico.yaml +++ b/charts/kubezero-app/templates/calico.yaml @@ -1,3 +1,3 @@ {{- if .Values.calico.enabled }} -{{ template "kubezero.app" dict "root" . "name" "calico" "type" "kustomize" }} +{{ template "kubezero.app" dict "root" . "name" "calico" "type" "kustomize" "retain" true }} {{- end }} diff --git a/charts/kubezero-app/templates/kiam.yaml b/charts/kubezero-app/templates/kiam.yaml new file mode 100644 index 0000000..298f6fb --- /dev/null +++ b/charts/kubezero-app/templates/kiam.yaml @@ -0,0 +1,3 @@ +{{- if index .Values "kiam" "enabled" }} +{{ template "kubezero.app" dict "root" . "name" "kiam" "type" "helm" }} +{{- end }} diff --git a/charts/kubezero-app/values-all.yaml b/charts/kubezero-app/values-all.yaml index 2920d7e..684de3a 100644 --- a/charts/kubezero-app/values-all.yaml +++ b/charts/kubezero-app/values-all.yaml @@ -17,3 +17,6 @@ local-volume-provisioner: cert-manager: enabled: true + +kiam: + enabled: true diff --git a/charts/kubezero-app/values.yaml b/charts/kubezero-app/values.yaml index aef4cbc..fbc8a03 100644 --- a/charts/kubezero-app/values.yaml +++ b/charts/kubezero-app/values.yaml @@ -20,3 +20,6 @@ local-volume-provisioner: cert-manager: enabled: false + +kiam: + enabled: false diff --git a/charts/kubezero-cert-manager/Chart.yaml b/charts/kubezero-cert-manager/Chart.yaml index 0e73737..09e2842 100644 --- a/charts/kubezero-cert-manager/Chart.yaml +++ b/charts/kubezero-cert-manager/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: kubezero-cert-manager description: KubeZero Umbrella Chart for cert-manager type: application -version: 0.3.1 +version: 0.3.2 home: https://kubezero.com icon: https://cdn.zero-downtime.net/assets/logo_small.png keywords: @@ -14,3 +14,4 @@ dependencies: - name: cert-manager version: 0.15.0 repository: https://charts.jetstack.io +kubeVersion: ">= 1.16.0" diff --git a/charts/kubezero-kiam/.helmignore b/charts/kubezero-kiam/.helmignore new file mode 100644 index 0000000..0e8a0eb --- /dev/null +++ b/charts/kubezero-kiam/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/charts/kubezero-kiam/Chart.yaml b/charts/kubezero-kiam/Chart.yaml new file mode 100644 index 0000000..f341d4a --- /dev/null +++ b/charts/kubezero-kiam/Chart.yaml @@ -0,0 +1,17 @@ +apiVersion: v2 +name: kubezero-kiam +description: KubeZero Umbrella Chart for Kiam +type: application +version: 0.1.0 +home: https://kubezero.com +icon: https://cdn.zero-downtime.net/assets/logo_small.png +keywords: + - kubezero + - kiam +maintainers: + - name: Quarky9 +dependencies: + - name: kiam + version: 5.7.0 + repository: https://uswitch.github.io/kiam-helm-charts/charts/ +kubeVersion: ">= 1.16.0" diff --git a/charts/kubezero-kiam/values.yaml b/charts/kubezero-kiam/values.yaml new file mode 100644 index 0000000..f397fe7 --- /dev/null +++ b/charts/kubezero-kiam/values.yaml @@ -0,0 +1,42 @@ +kiam: + server: + # assumeRoleArn: + useHostNetwork: true + sslCertHostPath: /etc/ssl/certs + tlsSecret: kiam-server-tls + service: + port: 6444 + targetPort: 6444 + deployment: + enabled: true + replicas: 2 + tolerations: + - key: node-role.kubernetes.io/master + effect: NoSchedule + nodeSelector: + node-role.kubernetes.io/master: "" + prometheus: + servicemonitor: + enabled: false + # log: + # level: warn + + agent: + host: + iptables: true + whiteListRouteRegexp: '^/latest/(meta-data/instance-id|dynamic)' + sslCertHostPath: /etc/ssl/certs + tlsSecret: kiam-agent-tls + tolerations: + - key: node-role.kubernetes.io/master + effect: NoSchedule + prometheus: + servicemonitor: + enabled: false + # log: + # level: warn + # extraEnv: + # - name: GRPC_GO_LOG_SEVERITY_LEVEL + # value: "info" + # - name: GRPC_GO_LOG_VERBOSITY_LEVEL + # value: "8" diff --git a/charts/kubezero/Chart.yaml b/charts/kubezero/Chart.yaml index a3ad720..13b3711 100644 --- a/charts/kubezero/Chart.yaml +++ b/charts/kubezero/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 description: KubeZero Helm chart to install Zero Down Time Kuberenetes platform name: kubezero -version: 0.2.3 +version: 0.2.4 home: https://kubezero.com icon: https://cdn.zero-downtime.net/assets/logo_small.png keywords: @@ -12,5 +12,6 @@ maintainers: - name: Quarky9 dependencies: - name: argo-cd - version: 2.2.15 + version: 2.3.2 repository: https://argoproj.github.io/argo-helm +kubeVersion: ">= 1.16.0" diff --git a/scripts/publish.sh b/scripts/publish.sh index c3e95f4..d3a971e 100755 --- a/scripts/publish.sh +++ b/scripts/publish.sh @@ -12,6 +12,8 @@ rm -rf $SRCROOT/output && git clone -b gh-pages ssh://git@git.zero-downtime.net: helm repo add stable https://kubernetes-charts.storage.googleapis.com helm repo add argoproj https://argoproj.github.io/argo-helm +helm repo add jetstack https://charts.jetstack.io +helm repo add uswitch https://uswitch.github.io/kiam-helm-charts/charts/ for dir in $(find $SRCROOT/charts -mindepth 1 -maxdepth 1 -type d); do @@ -33,7 +35,7 @@ do fi echo "Processing $dir" - helm --debug package $dir + helm lint $dir && helm --debug package $dir done cp $SRCROOT/*.tgz output/ -- 2.40.1 From 2fb3100379e88f3d7f6b48e0247276d54bcfab25 Mon Sep 17 00:00:00 2001 From: Stefan Reimer Date: Fri, 15 May 2020 10:38:06 +0100 Subject: [PATCH 2/2] Move defaultrepo options into global --- .../kubezero-app/templates/_apps_common.yaml | 12 ++++----- charts/kubezero-app/values-all.yaml | 18 +++++++------ charts/kubezero-app/values.yaml | 25 ++++++++++--------- charts/kubezero/templates/app.yaml | 10 +++++--- charts/kubezero/values.yaml | 15 +++++++++++ 5 files changed, 51 insertions(+), 29 deletions(-) diff --git a/charts/kubezero-app/templates/_apps_common.yaml b/charts/kubezero-app/templates/_apps_common.yaml index 1fca9aa..2b44ab7 100644 --- a/charts/kubezero-app/templates/_apps_common.yaml +++ b/charts/kubezero-app/templates/_apps_common.yaml @@ -17,22 +17,22 @@ spec: project: kubezero source: - repoURL: {{ default .root.Values.defaultSource.repoURL }} - targetRevision: {{ default .root.Values.defaultSource.targetRevision }} + repoURL: {{ .root.Values.global.defaultSource.repoURL }} + targetRevision: {{ .root.Values.global.defaultSource.targetRevision }} {{- if eq .type "helm" }} - {{ $my_values := index .root.Values .name "values" }} - path: {{ default .root.Values.defaultSource.pathPrefix }}charts/kubezero-{{ .name }} + {{- $my_values := index .root.Values .name "values" }} + path: {{ .root.Values.global.defaultSource.pathPrefix}}charts/kubezero-{{ .name }} {{- if $my_values }} helm: values: | {{- toYaml $my_values | nindent 8 }} {{- end }} {{- else }} - path: {{ default .root.Values.defaultSource.pathPrefix }}artifacts/kubezero-{{ .name }} + path: {{ .root.Values.global.defaultSource.pathPrefix }}artifacts/kubezero-{{ .name }} {{- end }} destination: - server: {{ default .root.Values.defaultDestination.server }} + server: {{ .root.Values.global.defaultDestination.server }} namespace: {{ default "kube-system" .namespace }} syncPolicy: diff --git a/charts/kubezero-app/values-all.yaml b/charts/kubezero-app/values-all.yaml index 684de3a..acfbcfb 100644 --- a/charts/kubezero-app/values-all.yaml +++ b/charts/kubezero-app/values-all.yaml @@ -1,13 +1,17 @@ -defaultDestination: - server: https://kubernetes.default.svc +global: + defaultDestination: + server: https://kubernetes.default.svc -defaultSource: # This repoURL is used a base for all the repoURLs applications - # Setting this to a eg. private git repo incl. the use of pathPrefix allows kubezero to be + # Setting this to a eg. private git repo incl. the use of pathPrefix allows kubezero to be # integrated into any repository as a git subtree if for example public internet access is unavailable - repoURL: https://github.com/zero-down-time/kubezero - targetRevision: HEAD - pathPrefix: '' + defaultSource: + # defaultSource.repoURL -- default repository for argocd applications + repoURL: https://github.com/zero-down-time/kubezero + # defaultSource.targetRevision -- default tracking of repoURL + targetRevision: HEAD + # defaultSource.pathPrefix -- optional path prefix within repoURL to support eg. remote subtrees + pathPrefix: '' calico: enabled: true diff --git a/charts/kubezero-app/values.yaml b/charts/kubezero-app/values.yaml index fbc8a03..0b88a44 100644 --- a/charts/kubezero-app/values.yaml +++ b/charts/kubezero-app/values.yaml @@ -1,16 +1,17 @@ -defaultDestination: - server: https://kubernetes.default.svc +global: + defaultDestination: + server: https://kubernetes.default.svc -# This repoURL is used a base for all the repoURLs applications -# Setting this to a eg. private git repo incl. the use of pathPrefix allows kubezero to be -# integrated into any repository as a git subtree if for example public internet access is unavailable -defaultSource: - # defaultSource.repoURL -- default repository for argocd applications - repoURL: https://github.com/zero-down-time/kubezero - # defaultSource.targetRevision -- default tracking of repoURL - targetRevision: HEAD - # defaultSource.pathPrefix -- optional path prefix within repoURL to support eg. remote subtrees - pathPrefix: '' + # This repoURL is used a base for all the repoURLs applications + # Setting this to a eg. private git repo incl. the use of pathPrefix allows kubezero to be + # integrated into any repository as a git subtree if for example public internet access is unavailable + defaultSource: + # defaultSource.repoURL -- default repository for argocd applications + repoURL: https://github.com/zero-down-time/kubezero + # defaultSource.targetRevision -- default tracking of repoURL + targetRevision: HEAD + # defaultSource.pathPrefix -- optional path prefix within repoURL to support eg. remote subtrees + pathPrefix: '' calico: enabled: false diff --git a/charts/kubezero/templates/app.yaml b/charts/kubezero/templates/app.yaml index 959a8de..79ed4ba 100644 --- a/charts/kubezero/templates/app.yaml +++ b/charts/kubezero/templates/app.yaml @@ -11,16 +11,18 @@ metadata: spec: project: kubezero source: - repoURL: https://github.com/Zero-Down-Time/kubezero - targetRevision: HEAD - path: charts/kubezero-app + repoURL: {{ .Values.global.defaultSource.repoURL }} + targetRevision: {{ .Values.global.defaultSource.targetRevision }} + path: {{ .Values.global.defaultSource.pathPrefix}}charts/kubezero-app +{{ if .Values.kubezero }} helm: values: | {{- toYaml .Values.kubezero | nindent 8 }} +{{- end }} destination: - server: https://kubernetes.default.svc + server: {{ .Values.global.defaultDestination.server }} namespace: argocd syncPolicy: automated: diff --git a/charts/kubezero/values.yaml b/charts/kubezero/values.yaml index 880b1e3..12f853b 100644 --- a/charts/kubezero/values.yaml +++ b/charts/kubezero/values.yaml @@ -1,3 +1,18 @@ +global: + defaultDestination: + server: https://kubernetes.default.svc + + # This repoURL is used a base for all the repoURLs applications + # Setting this to a eg. private git repo incl. the use of pathPrefix allows kubezero to be + # integrated into any repository as a git subtree if for example public internet access is unavailable + defaultSource: + # defaultSource.repoURL -- default repository for argocd applications + repoURL: https://github.com/zero-down-time/kubezero + # defaultSource.targetRevision -- default tracking of repoURL + targetRevision: HEAD + # defaultSource.pathPrefix -- optional path prefix within repoURL to support eg. remote subtrees + pathPrefix: '' + # kubezero -- Kubezero configuration, values.yaml please see kubezeroApp kubezero: {} -- 2.40.1