[stable/kured] Add initial chart (helm#6470)

* [incubator/kured] Add initial chart * [incubator/kured] CR: Add home and maintainers to Chart.yaml * [incubator/kured] CR: Add sources to Chart.yaml * [incubator/kured] CR: Fix apiVersion for DaemonSet * [incubator/kured] CR: wrap ServiceAccount in rbac.create * [incubator/kured] Exlicitly set .spec.selector for the DaemonSet * [stable/kured] Move from incubator to stable * [stable/kured] CR: Update for RBAC/ServiceAccount best practices * CR: linting, remove extra space * CR: allow tolerations for daemonset Signed-off-by: Jakob Niggel <info@jakobniggel.de>
Jnig · Nov 13, 2018 · 4be19b6 · 4be19b6
1 parent ef6e595
commit 4be19b6
Show file tree

Hide file tree

Showing 12 changed files with 287 additions and 0 deletions.
diff --git a/stable/kured/.helmignore b/stable/kured/.helmignore
@@ -0,0 +1,21 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
diff --git a/stable/kured/Chart.yaml b/stable/kured/Chart.yaml
@@ -0,0 +1,11 @@
+apiVersion: v1
+appVersion: "master-c42fff3"
+description: A Helm chart for kured
+name: kured
+version: 0.1.0
+home: https://github.com/weaveworks/kured
+maintainers:
+  - name: plumdog
+    email: plummer574@gmail.com
+sources:
+  - https://github.com/weaveworks/kured
diff --git a/stable/kured/README.md b/stable/kured/README.md
@@ -0,0 +1,23 @@
+# Kured (KUbernetes REboot Daemon)
+
+See https://github.com/weaveworks/kured
+
+| Config                  | Description                                                                 | Default                    |
+| ------                  | -----------                                                                 | -------                    |
+| `image.repository`      | Image repository                                                            | `quay.io/weaveworks/kured` |
+| `image.tag`             | Image tag                                                                   | `master-c42fff3`           |
+| `image.pullPolicy`      | Image pull policy                                                           | `IfNotPresent`             |
+| `extraArgs`             | Extra arguments to pass to `/usr/bin/kured`. See below.                     | `{}`                       |
+| `rbac.create`           | Create RBAC roles                                                           | `true`                     |
+| `serviceAccount.create` | Create service account roles                                                | `true`                     |
+| `serviceAccount.name`   | Service account name to create (or use if `serviceAccount.create` is false) | (chart fullname)           |
+| `updateStrategy`        | Daemonset update strategy                                                   | `OnDelete`                 |
+| `tolerations`           | Tolerations to apply to the daemonset (eg to allow running on master)       | `[]`                       |
+
+See https://github.com/weaveworks/kured#configuration for values for `extraArgs`. Note that
+```yaml
+extraArgs:
+  foo: 1
+  bar-baz: 2
+```
+becomes `/usr/bin/kured ... --foo=1 --bar-baz=2`.
diff --git a/stable/kured/templates/NOTES.txt b/stable/kured/templates/NOTES.txt
@@ -0,0 +1,3 @@
+Kured will check for /var/run/reboot-required, and reboot nodes when needed.
+
+See https://github.com/weaveworks/kured/ for details.
diff --git a/stable/kured/templates/_helpers.tpl b/stable/kured/templates/_helpers.tpl
@@ -0,0 +1,43 @@
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "kured.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "kured.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "kured.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "kured.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create -}}
+    {{ default (include "kured.fullname" .) .Values.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
diff --git a/stable/kured/templates/clusterrole.yaml b/stable/kured/templates/clusterrole.yaml
@@ -0,0 +1,39 @@
+{{- if .Values.rbac.create -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "kured.fullname" . }}
+  labels:
+    app: {{ template "kured.name" . }}
+    chart: {{ template "kured.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+rules:
+# Allow kured to read spec.unschedulable
+# Allow kubectl to drain/uncordon
+#
+# NB: These permissions are tightly coupled to the bundled version of kubectl; the ones below
+# match https://github.com/kubernetes/kubernetes/blob/v1.9.6/pkg/kubectl/cmd/drain.go
+#
+- apiGroups: [""]
+  resources: ["nodes"]
+  verbs:     ["get", "patch"]
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs:     ["list"]
+- apiGroups: [""]
+  resources: ["replicationcontrollers"]
+  verbs:     ["get"]
+- apiGroups: ["apps"]
+  resources: ["statefulsets"]
+  verbs:     ["get"]
+- apiGroups: ["extensions"]
+  resources: ["daemonsets", "replicasets"]
+  verbs:     ["get"]
+- apiGroups: ["batch"]
+  resources: ["jobs"]
+  verbs:     ["get"]
+- apiGroups: [""]
+  resources: ["pods/eviction"]
+  verbs:     ["create"]
+{{- end -}}
diff --git a/stable/kured/templates/clusterrolebinding.yaml b/stable/kured/templates/clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- if .Values.rbac.create -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "kured.fullname" . }}
+  labels:
+    app: {{ template "kured.name" . }}
+    chart: {{ template "kured.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "kured.fullname" . }}
+subjects:
+- kind: ServiceAccount
+  name: {{ template "kured.serviceAccountName" . }}
+  namespace: {{ .Release.Namespace }}
+{{- end -}}
diff --git a/stable/kured/templates/daemonset.yaml b/stable/kured/templates/daemonset.yaml
@@ -0,0 +1,65 @@
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ template "kured.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app: {{ template "kured.name" . }}
+    chart: {{ template "kured.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+
+spec:
+  updateStrategy:
+    type: {{ .Values.updateStrategy }}
+  selector:
+    matchLabels:
+      app: {{ template "kured.name" . }}
+      release: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app: {{ template "kured.name" . }}
+        release: {{ .Release.Name }}
+    spec:
+      serviceAccountName: {{ template "kured.serviceAccountName" . }}
+      containers:
+        - name: {{ .Chart.Name }}
+          image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
+          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          resources:
+{{ toYaml .Values.resources | indent 12 }}
+          command:
+            - /usr/bin/kured
+          args:
+            - --ds-name={{ template "kured.fullname" . }}
+            - --ds-namespace={{ .Release.Namespace }}
+          {{- range $key, $value := .Values.extraArgs }}
+            {{- if $value }}
+            - --{{ $key }}={{ $value }}
+            {{- else }}
+            - --{{ $key }}
+            {{- end }}
+          {{- end }}
+          env:
+            # Pass in the name of the node on which this pod is scheduled
+            # for use with drain/uncordon operations and lock acquisition
+            - name: KURED_NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: spec.nodeName
+          volumeMounts:
+            # Needed for two purposes:
+            # * Testing for the existence of /var/run/reboot-required
+            # * Accessing /var/run/dbus/system_bus_socket to effect reboot
+            - name: hostrun
+              mountPath: /var/run
+      restartPolicy: Always
+      {{- with .Values.tolerations }}
+      tolerations:
+{{ toYaml . | indent 8 }}
+      {{- end }}
+      volumes:
+        - name: hostrun
+          hostPath:
+            path: /var/run
diff --git a/stable/kured/templates/role.yaml b/stable/kured/templates/role.yaml
@@ -0,0 +1,18 @@
+{{- if .Values.rbac.create -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "kured.fullname" . }}
+  labels:
+    app: {{ template "kured.name" . }}
+    chart: {{ template "kured.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+rules:
+# Allow kured to lock/unlock itself
+- apiGroups:     ["extensions"]
+  resources:     ["daemonsets"]
+  resourceNames: ["kured"]
+  verbs:         ["update"]
+{{- end -}}
diff --git a/stable/kured/templates/rolebinding.yaml b/stable/kured/templates/rolebinding.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.rbac.create -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "kured.fullname" . }}
+  labels:
+    app: {{ template "kured.name" . }}
+    chart: {{ template "kured.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+subjects:
+- kind: ServiceAccount
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "kured.serviceAccountName" . }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "kured.fullname" . }}
+{{- end -}}
diff --git a/stable/kured/templates/serviceaccount.yaml b/stable/kured/templates/serviceaccount.yaml
@@ -0,0 +1,7 @@
+{{- if .Values.serviceAccount.create -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "kured.serviceAccountName" . }}
+  namespace: {{ .Release.Namespace }}
+{{- end -}}
diff --git a/stable/kured/values.yaml b/stable/kured/values.yaml
@@ -0,0 +1,18 @@
+image:
+  repository: quay.io/weaveworks/kured
+  # Appears to be without numbered numbered tags, so using this instead
+  tag: master-c42fff3
+  pullPolicy: IfNotPresent
+
+extraArgs: {}
+
+rbac:
+  create: true
+
+serviceAccount:
+  create: true
+  name:
+
+updateStrategy: OnDelete
+
+tolerations: []