Helm Charts to Deploy Cluster API

Why?

clusterctl is very opinionated, it will pull down some kustomize generated maifests, then do some environment substitution on them. This isn't compatible with ArgoCD for example, hence this project.

How

In simple terms, we run kubectl kustomize, chop up the manifests and auto generate templates. When we encounter one of the annoying evironment variables, we replace it with Go templating, then add the replacement into values.yaml.

Deploying Prerequisites

This chart requires the following to be installed on the target cluster first:

Cert-Manager

Helm

helm repo add jetstack https://charts.jetstack.io
helm repo update
helm install cert-manager jetstack/cert-manager --version v1.10.1 --namespace cert-manager --create-namespace

ArgoCD

apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
  generateName: cert-manager-
  namespace: argocd
  labels:
    project.unikorn.eschercloud.ai: ${PROJECT}
    controlplane.unikorn.eschercloud.ai: ${CONTROL_PLANE}
spec:
  project: default
  source:
    chart: cert-manager
    repoURL: https://charts.jetstack.io
    targetRevision: v1.10.1
    helm:
      releaseName: cert-manager
      parameters:
      - name: installCRDs
        value: true
  destination:
    name: ${TARGET_VCLUSTER}
    namespace: cert-manager
  syncPolicy:
    automated:
      selfHeal: true
    syncOptions:
    - CreateNamespace=true

Deploying One-Shot

There is a top level chart-of-charts that will just install everything as a big bang operation.

Helm

helm repo add eschercloudai-capi https://eschercloudai.github.io/helm-cluster-api
helm repo update
helm install eschercloudai-capi/cluster-api --version v0.1.1

ArgoCD

apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
  name: cluster-api
  namespace: argocd
spec:
  project: default
  source:
    repoURL: https://eschercloudai.github.io/helm-cluster-api
    chart: cluster-api
    targetRevision: v0.1.9
  destination:
    server: https://172.18.255.200:443
  ignoreDifferences:
  # Aggregated roles are mangically updated by the API.
  - group: rbac.authorization.k8s.io
    kind: ClusterRole
    name: capi-aggregated-manager-role
    jsonPointers:
    - /rules
  - group: rbac.authorization.k8s.io
    kind: ClusterRole
    name: capi-kubeadm-control-plane-aggregated-manager-role
    jsonPointers:
    - /rules
  # CA certs are injected by cert-manager mutation
  - group: apiextensions.k8s.io
    kind: CustomResourceDefinition
    jsonPointers:
    - /spec/conversion/webhook/clientConfig/caBundle
  syncPolicy:
    automated:
      selfHeal: true
    syncOptions:
    - RespectIgnoreDifferences=true

Deploying Main Components

You may want to be a little less gung-ho and deploy the pieces as separate applications.

Core

Helm

helm repo add eschercloudai-capi https://eschercloudai.github.io/helm-cluster-api
helm repo update
helm install eschercloudai-capi/cluster-api-core --version v0.1.1

ArgoCD

apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
  generateName: cluster-api-core-
  namespace: argocd
spec:
  project: default
  source:
    repoURL: https://eschercloudai.github.io/helm-cluster-api
    chart: cluster-api-core
    targetRevision: v0.1.9
  destination:
    server: https://172.18.255.200:443
  ignoreDifferences:
  # Aggregated roles are mangically updated by the API.
  - group: rbac.authorization.k8s.io
    kind: ClusterRole
    name: capi-aggregated-manager-role
    jsonPointers:
    - /rules
  # CA certs are injected by cert-manager mutation
  - group: apiextensions.k8s.io
    kind: CustomResourceDefinition
    jsonPointers:
    - /spec/conversion/webhook/clientConfig/caBundle
  syncPolicy:
    automated:
      selfHeal: true
    syncOptions:
    - RespectIgnoreDifferences=true

Bootstrap

Helm

helm repo add eschercloudai-capi https://eschercloudai.github.io/helm-cluster-api
helm repo update
helm install eschercloudai-capi/cluster-api-bootstrap-kubeadm --version v0.1.1

ArgoCD

apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
  generateName: cluster-api-bootstrap-kubeadm-
  namespace: argocd
spec:
  project: default
  source:
    repoURL: https://eschercloudai.github.io/helm-cluster-api
    chart: cluster-api-bootstrap-kubeadm
    targetRevision: v0.1.9
  destination:
    server: https://172.18.255.200:443
  ignoreDifferences:
  - group: apiextensions.k8s.io
    jsonPointers:
    - /spec/conversion/webhook/clientConfig/caBundle
    kind: CustomResourceDefinition
  syncPolicy:
    automated:
      selfHeal: true
    syncOptions:
    - RespectIgnoreDifferences=true

Control Plane

Helm

helm repo add eschercloudai-capi https://eschercloudai.github.io/helm-cluster-api
helm repo update
helm install eschercloudai-capi/cluster-api-control-plane-kubeadm --version v0.1.1

ArgoCD

apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
  generateName: cluster-api-control-plane-kubeadm-
  namespace: argocd
spec:
  project: default
  source:
    repoURL: https://eschercloudai.github.io/helm-cluster-api
    chart: cluster-api-control-plane-kubeadm
    targetRevision: v0.1.9
  destination:
    server: https://172.18.255.200:443
  ignoreDifferences:
  - group: rbac.authorization.k8s.io
    jsonPointers:
    - /rules
    kind: ClusterRole
    name: capi-kubeadm-control-plane-aggregated-manager-role
  - group: apiextensions.k8s.io
    jsonPointers:
    - /spec/conversion/webhook/clientConfig/caBundle
    kind: CustomResourceDefinition
  syncPolicy:
    automated:
      selfHeal: true
    syncOptions:
    - RespectIgnoreDifferences=true

Deploying Infrastructure Providers and Clusters

Add providers to allow CAPI to talk to various cloud providers.

OpenStack

• Install the provider
• Install a cluster

Developers

It's a simple as:

• Bump the versions in Makefile and charts/cluster-api/Chart.yaml
• Run make
• Commit and merge.