update helm chart

senthilrch · May 30, 2020 · 600e49b · 600e49b
1 parent 63a7bb7
commit 600e49b
Show file tree

Hide file tree

Showing 12 changed files with 254 additions and 71 deletions.
diff --git a/Makefile b/Makefile
@@ -78,6 +78,14 @@ ifndef BUILD_OUTPUT
   BUILD_OUTPUT=--push
 endif
 
+ifndef OPERATOR_NAMESPACE
+  OPERATOR_NAMESPACE=kubefledged-operator
+endif
+
+ifndef KUBEFLEDGED_NAMESPACE
+  KUBEFLEDGED_NAMESPACE=kube-fledged
+endif
+
 HTTP_PROXY_CONFIG=
 ifdef HTTP_PROXY
   HTTP_PROXY_CONFIG=--build-arg http_proxy=${HTTP_PROXY}
@@ -164,62 +172,65 @@ test:
 
 deploy-using-yaml:
 	-kubectl apply -f deploy/kubefledged-namespace.yaml
-	bash deploy/webhook-create-signed-cert.sh --namespace kube-fledged --service kubefledged-webhook-server --secret kubefledged-webhook-server && \
-	bash deploy/webhook-patch-ca-bundle.sh && \
-	kubectl apply -f deploy/kubefledged-crd.yaml && \
-	kubectl apply -f deploy/kubefledged-serviceaccount.yaml && \
-	kubectl apply -f deploy/kubefledged-clusterrole.yaml && \
-	kubectl apply -f deploy/kubefledged-clusterrolebinding.yaml && \
-	kubectl apply -f deploy/kubefledged-deployment-controller.yaml && \
-	kubectl apply -f deploy/kubefledged-deployment-webhook-server.yaml && \
-	kubectl apply -f deploy/kubefledged-service-webhook-server.yaml && \
+	bash deploy/webhook-create-signed-cert.sh --namespace kube-fledged --service kubefledged-webhook-server --secret kubefledged-webhook-server
+	bash deploy/webhook-patch-ca-bundle.sh
+	kubectl apply -f deploy/kubefledged-crd.yaml
+	kubectl apply -f deploy/kubefledged-serviceaccount.yaml
+	kubectl apply -f deploy/kubefledged-clusterrole.yaml
+	kubectl apply -f deploy/kubefledged-clusterrolebinding.yaml
+	kubectl apply -f deploy/kubefledged-deployment-controller.yaml
+	kubectl apply -f deploy/kubefledged-deployment-webhook-server.yaml
+	kubectl apply -f deploy/kubefledged-service-webhook-server.yaml
 	kubectl apply -f deploy/kubefledged-validatingwebhook.yaml
 
 deploy-using-operator:
-	# Deploy the operator to a separate namespace called "operators"
-	sed -i "s|OPERATOR_NAMESPACE|operators|g" deploy/kubefledged-operator/deploy/service_account.yaml
-	sed -i "s|OPERATOR_NAMESPACE|operators|g" deploy/kubefledged-operator/deploy/clusterrole_binding.yaml
-	sed -i "s|OPERATOR_NAMESPACE|operators|g" deploy/kubefledged-operator/deploy/operator.yaml
-	-kubectl create namespace operators
-	kubectl create -f deploy/kubefledged-operator/deploy/crds/charts.helm.k8s.io_kubefledgeds_crd.yaml
-	kubectl create -f deploy/kubefledged-operator/deploy/service_account.yaml
-	kubectl create -f deploy/kubefledged-operator/deploy/clusterrole.yaml
-	kubectl create -f deploy/kubefledged-operator/deploy/clusterrole_binding.yaml
-	kubectl create -f deploy/kubefledged-operator/deploy/operator.yaml
-	# Deploy kube-fledged to a separate namespace called "kube-fledged"
-	sed -i "s|OPERATOR_NAMESPACE|operators|g" deploy/kubefledged-operator/deploy/crds/charts.helm.k8s.io_v1alpha1_kubefledged_cr.yaml
-	sed -i "s|KUBEFLEDGED_NAMESPACE|kube-fledged|g" deploy/kubefledged-operator/deploy/crds/charts.helm.k8s.io_v1alpha1_kubefledged_cr.yaml
-	-kubectl create namespace kube-fledged
-	kubectl create -f deploy/kubefledged-operator/deploy/crds/charts.helm.k8s.io_v1alpha1_kubefledged_cr.yaml
+	# Create the namespaces for operator and kubefledged
+	-kubectl create namespace ${OPERATOR_NAMESPACE}
+	-kubectl create namespace ${KUBEFLEDGED_NAMESPACE}
+	# Deploy the operator to a separate namespace
+	sed -i "s|\${OPERATOR_NAMESPACE}|${OPERATOR_NAMESPACE}|g" deploy/kubefledged-operator/deploy/service_account.yaml
+	sed -i "s|\${OPERATOR_NAMESPACE}|${OPERATOR_NAMESPACE}|g" deploy/kubefledged-operator/deploy/clusterrole_binding.yaml
+	sed -i "s|\${OPERATOR_NAMESPACE}|${OPERATOR_NAMESPACE}|g" deploy/kubefledged-operator/deploy/operator.yaml
+	kubectl apply -f deploy/kubefledged-operator/deploy/crds/charts.helm.k8s.io_kubefledgeds_crd.yaml
+	kubectl apply -f deploy/kubefledged-operator/deploy/service_account.yaml
+	kubectl apply -f deploy/kubefledged-operator/deploy/clusterrole.yaml
+	kubectl apply -f deploy/kubefledged-operator/deploy/clusterrole_binding.yaml
+	kubectl apply -f deploy/kubefledged-operator/deploy/operator.yaml
+	# Deploy kube-fledged to a separate namespace
+	sed -i "s|\${OPERATOR_NAMESPACE}|${OPERATOR_NAMESPACE}|g" deploy/kubefledged-operator/deploy/crds/charts.helm.k8s.io_v1alpha1_kubefledged_cr.yaml
+	sed -i "s|\${KUBEFLEDGED_NAMESPACE}|${KUBEFLEDGED_NAMESPACE}|g" deploy/kubefledged-operator/deploy/crds/charts.helm.k8s.io_v1alpha1_kubefledged_cr.yaml
+	bash deploy/webhook-create-signed-cert.sh --namespace ${KUBEFLEDGED_NAMESPACE} --service kubefledged-webhook-server --secret kubefledged-webhook-server
+	bash deploy/webhook-patch-ca-bundle.sh
+	kubectl apply -f deploy/kubefledged-operator/deploy/crds/charts.helm.k8s.io_v1alpha1_kubefledged_cr.yaml
 
 update:
-	kubectl scale deployment kubefledged-controller --replicas=0 -n kube-fledged && \
-	kubectl scale deployment kubefledged-webhook-server --replicas=0 -n kube-fledged && sleep 1 && \
-	kubectl scale deployment kubefledged-controller --replicas=1 -n kube-fledged && sleep 1 && \
-	kubectl scale deployment kubefledged-webhook-server --replicas=1 -n kube-fledged && sleep 1 && \
+	kubectl scale deployment kubefledged-controller --replicas=0 -n kube-fledged
+	kubectl scale deployment kubefledged-webhook-server --replicas=0 -n kube-fledged && sleep 1
+	kubectl scale deployment kubefledged-controller --replicas=1 -n kube-fledged && sleep 1
+	kubectl scale deployment kubefledged-webhook-server --replicas=1 -n kube-fledged && sleep 1
 	kubectl get pods -l app=kubefledged -n kube-fledged
 
 remove:
-	kubectl delete -f deploy/kubefledged-namespace.yaml && \
-	kubectl delete -f deploy/kubefledged-clusterrolebinding.yaml && \
-	kubectl delete -f deploy/kubefledged-clusterrole.yaml && \
-	kubectl delete -f deploy/kubefledged-crd.yaml && \
+	kubectl delete -f deploy/kubefledged-namespace.yaml
+	kubectl delete -f deploy/kubefledged-clusterrolebinding.yaml
+	kubectl delete -f deploy/kubefledged-clusterrole.yaml
+	kubectl delete -f deploy/kubefledged-crd.yaml
 	kubectl delete -f deploy/kubefledged-validatingwebhook.yaml
 
 remove-all:
-	# Remove kube-fledged and the namespace "kube-fledged"
+	# Remove kubefledged and the namespace
 	kubectl delete -f deploy/kubefledged-operator/deploy/crds/charts.helm.k8s.io_v1alpha1_kubefledged_cr.yaml
-	-kubectl delete namespace kube-fledged
-	sed -i "s|kube-fledged|KUBEFLEDGED_NAMESPACE|g" deploy/kubefledged-operator/deploy/crds/charts.helm.k8s.io_v1alpha1_kubefledged_cr.yaml
-	sed -i "s|operators|OPERATOR_NAMESPACE|g" deploy/kubefledged-operator/deploy/crds/charts.helm.k8s.io_v1alpha1_kubefledged_cr.yaml
-	# Remove the operator and the namespace "operators"
+	-kubectl delete namespace ${KUBEFLEDGED_NAMESPACE}
+	sed -i "s|${KUBEFLEDGED_NAMESPACE}|\${KUBEFLEDGED_NAMESPACE}|g" deploy/kubefledged-operator/deploy/crds/charts.helm.k8s.io_v1alpha1_kubefledged_cr.yaml
+	sed -i "s|${OPERATOR_NAMESPACE}|\${OPERATOR_NAMESPACE}|g" deploy/kubefledged-operator/deploy/crds/charts.helm.k8s.io_v1alpha1_kubefledged_cr.yaml
+	# Remove the kubefledged-operator and the namespace
 	kubectl delete -f deploy/kubefledged-operator/deploy/operator.yaml
 	kubectl delete -f deploy/kubefledged-operator/deploy/clusterrole_binding.yaml
 	kubectl delete -f deploy/kubefledged-operator/deploy/clusterrole.yaml
 	kubectl delete -f deploy/kubefledged-operator/deploy/service_account.yaml
 	kubectl delete -f deploy/kubefledged-operator/deploy/crds/charts.helm.k8s.io_kubefledgeds_crd.yaml
-	-kubectl delete namespace operators
-	sed -i "s|operators|OPERATOR_NAMESPACE|g" deploy/kubefledged-operator/deploy/operator.yaml
-	sed -i "s|operators|OPERATOR_NAMESPACE|g" deploy/kubefledged-operator/deploy/clusterrole_binding.yaml
-	sed -i "s|operators|OPERATOR_NAMESPACE|g" deploy/kubefledged-operator/deploy/service_account.yaml
+	-kubectl delete namespace ${OPERATOR_NAMESPACE}
+	sed -i "s|${OPERATOR_NAMESPACE}|\${OPERATOR_NAMESPACE}|g" deploy/kubefledged-operator/deploy/operator.yaml
+	sed -i "s|${OPERATOR_NAMESPACE}|\${OPERATOR_NAMESPACE}|g" deploy/kubefledged-operator/deploy/clusterrole_binding.yaml
+	sed -i "s|${OPERATOR_NAMESPACE}|\${OPERATOR_NAMESPACE}|g" deploy/kubefledged-operator/deploy/service_account.yaml
 
diff --git a/deploy/kubefledged-operator/deploy/clusterrole.yaml b/deploy/kubefledged-operator/deploy/clusterrole.yaml
@@ -1,7 +1,6 @@
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
-  creationTimestamp: null
   name: kubefledged-operator
 rules:
 - apiGroups:
@@ -104,7 +103,7 @@ rules:
   - get
   - patch
 - apiGroups:
-    - "fledged.k8s.io"
+    - "kubefledged.k8s.io"
   resources:
     - imagecaches
   verbs:
@@ -114,7 +113,7 @@ rules:
     - update
     - patch      
 - apiGroups:
-    - "fledged.k8s.io"
+    - "kubefledged.k8s.io"
   resources:
     - imagecaches/status
   verbs:
@@ -146,4 +145,14 @@ rules:
     - list
     - create
     - delete
-
+- apiGroups:
+    - "admissionregistration.k8s.io"
+  resources:
+    - validatingwebhookconfigurations
+  verbs:
+    - get
+    - list
+    - create
+    - update
+    - patch
+    - delete    
diff --git a/deploy/kubefledged-operator/deploy/crds/charts.helm.k8s.io_v1alpha1_kubefledged_cr.yaml b/deploy/kubefledged-operator/deploy/crds/charts.helm.k8s.io_v1alpha1_kubefledged_cr.yaml
@@ -1,8 +1,9 @@
 apiVersion: charts.helm.k8s.io/v1alpha1
 kind: KubeFledged
 metadata:
-  name: mykubefledged
-  namespace: OPERATOR_NAMESPACE
+  name: kubefledged
+  namespace: ${OPERATOR_NAMESPACE}
 spec:
   # Defaults defined in <project_dir>/helm-charts/kubefledged/values.yaml
-  kubefledgedNameSpace: KUBEFLEDGED_NAMESPACE
+  kubefledgedNameSpace: ${KUBEFLEDGED_NAMESPACE}
+  validatingWebhook.ca-bundle: ${CA_BUNDLE}
diff --git a/deploy/kubefledged-operator/helm-charts/kubefledged/templates/_helpers.tpl b/deploy/kubefledged-operator/helm-charts/kubefledged/templates/_helpers.tpl
@@ -83,3 +83,32 @@ Create the name of the cluster role binding to use
     {{ default "default" .Values.clusterRoleBinding.name }}
 {{- end -}}
 {{- end -}}
+
+{{/*
+Create the name of the validating webhook configuration to use
+*/}}
+{{- define "kubefledged.validatingWebhookName" -}}
+{{- if .Values.validatingWebhook.create -}}
+    {{ default (include "kubefledged.fullname" .) .Values.validatingWebhook.name }}
+{{- else -}}
+    {{ default "default" .Values.validatingWebhook.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create the name of the service for the webhook server to use
+*/}}
+{{- define "kubefledged.webhookServiceName" -}}
+{{- if .Values.webhookService.create -}}
+    {{ default (include "kubefledged.fullname" .) .Values.webhookService.name }}
+{{- else -}}
+    {{ default "default" .Values.webhookService.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create the name of the secret containing the webhook server's keypair
+*/}}
+{{- define "kubefledged.secretName" -}}
+{{ default (include "kubefledged.fullname" .) .Values.secret.name }}
+{{- end -}}
diff --git a/deploy/kubefledged-operator/helm-charts/kubefledged/templates/clusterrole.yaml b/deploy/kubefledged-operator/helm-charts/kubefledged/templates/clusterrole.yaml
@@ -9,7 +9,7 @@ metadata:
     rbac.authorization.kubernetes.io/autoupdate: "true"
 rules:
   - apiGroups:
-      - "fledged.k8s.io"
+      - "kubefledged.k8s.io"
     resources:
       - imagecaches
     verbs:
@@ -18,7 +18,7 @@ rules:
       - watch
       - update      
   - apiGroups:
-      - "fledged.k8s.io"
+      - "kubefledged.k8s.io"
     resources:
       - imagecaches/status
     verbs:

diff --git a/deploy/kubefledged-operator/helm-charts/kubefledged/templates/crd.yaml b/deploy/kubefledged-operator/helm-charts/kubefledged/templates/crd.yaml
@@ -1,11 +1,11 @@
 apiVersion: apiextensions.k8s.io/v1beta1
 kind: CustomResourceDefinition
 metadata:
-  name: imagecaches.fledged.k8s.io
+  name: imagecaches.kubefledged.k8s.io
   labels:
 {{ include "kubefledged.labels" . | nindent 4 }}
 spec:
-  group: fledged.k8s.io
+  group: kubefledged.k8s.io
   versions:
   - name: v1alpha1
     served: true

diff --git a/...rts/kubefledged/templates/deployment.yaml → ...dged/templates/deployment-controller.yaml b/...rts/kubefledged/templates/deployment.yaml → ...dged/templates/deployment-controller.yaml
@@ -1,19 +1,19 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
-  name: {{ include "kubefledged.fullname" . }}
+  name: {{ include "kubefledged.fullname" . }}-controller
   labels:
     {{- include "kubefledged.labels" . | nindent 4 }}
   namespace: {{ .Values.kubefledgedNameSpace }}
 spec:
-  replicas: {{ .Values.replicaCount }}
+  replicas: {{ .Values.controllerReplicaCount }}
   selector:
     matchLabels:
-      {{- include "kubefledged.selectorLabels" . | nindent 6 }}
+      {{- include "kubefledged.selectorLabels" . | nindent 6 }}-controller
   template:
     metadata:
       labels:
-        {{- include "kubefledged.selectorLabels" . | nindent 8 }}
+        {{- include "kubefledged.selectorLabels" . | nindent 8 }}-controller
     spec:
     {{- with .Values.imagePullSecrets }}
       imagePullSecrets:
@@ -26,14 +26,14 @@ spec:
         - name: {{ .Chart.Name }}
           securityContext:
             {{- toYaml .Values.securityContext | nindent 12 }}
-          image: {{ .Values.image.fledgedRepository }}:{{ .Chart.AppVersion }}
-          command: {{ .Values.command }}
+          image: {{ .Values.image.kubefledgedControllerRepository }}:{{ .Chart.AppVersion }}
+          command: {{ .Values.command.kubefledgedControllerCommand }}
           args:
-            - "--stderrthreshold={{ .Values.args.logLevel}}"
-            - "--image-pull-deadline-duration={{ .Values.args.imagePullDeadlineDuration}}"
-            - "--image-cache-refresh-frequency={{ .Values.args.imageCacheRefreshFrequency}}"
-            - "--docker-client-image={{ .Values.image.dockerClientRepository }}:{{ .Chart.AppVersion }}"
-            - "--image-pull-policy={{ .Values.args.imagePullPolicy}}"
+            - "--stderrthreshold={{ .Values.args.controllerLogLevel }}"
+            - "--image-pull-deadline-duration={{ .Values.args.controllerImagePullDeadlineDuration }}"
+            - "--image-cache-refresh-frequency={{ .Values.args.controllerImageCacheRefreshFrequency }}"
+            - "--cri-client-image={{ .Values.image.kubefledgedCRIClientRepository }}:{{ .Chart.AppVersion }}"
+            - "--image-pull-policy={{ .Values.args.controllerImagePullPolicy }}"
           imagePullPolicy: {{ .Values.image.pullPolicy }}
           env:
             - name: KUBEFLEDGED_NAMESPACE

diff --git a/deploy/kubefledged-operator/helm-charts/kubefledged/templates/deployment-webhook-server.yaml b/deploy/kubefledged-operator/helm-charts/kubefledged/templates/deployment-webhook-server.yaml
@@ -0,0 +1,63 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ include "kubefledged.fullname" . }}-webhook-server
+  labels:
+    {{- include "kubefledged.labels" . | nindent 4 }}
+  namespace: {{ .Values.kubefledgedNameSpace }}
+spec:
+  replicas: {{ .Values.replicaCount }}
+  selector:
+    matchLabels:
+      {{- include "kubefledged.selectorLabels" . | nindent 6 }}-webhook-server
+  template:
+    metadata:
+      labels:
+        {{- include "kubefledged.selectorLabels" . | nindent 8 }}-webhook-server
+    spec:
+    {{- with .Values.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+    {{- end }}
+      serviceAccountName: {{ include "kubefledged.serviceAccountName" . }}
+      securityContext:
+        {{- toYaml .Values.podSecurityContext | nindent 8 }}
+      containers:
+        - name: {{ .Chart.Name }}
+          securityContext:
+            {{- toYaml .Values.securityContext | nindent 12 }}
+          image: {{ .Values.image.kubefledgedWebhookServerRepository }}:{{ .Chart.AppVersion }}
+          command: {{ .Values.command.kubefledgedWebhookServerCommand }}
+          args:
+            - "--stderrthreshold={{ .Values.args.webhookServerLogLevel }}"
+            - "--cert-file={{ .Values.args.webhookServerCertFile }}"
+            - "--key-file={{ .Values.args.webhookServerKeyFile }}"
+            - "--port={{ .Values.args.webhookServerPort }}"
+          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          env:
+            - name: KUBEFLEDGED_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+          resources:
+            {{- toYaml .Values.resources | nindent 12 }}
+          volumeMounts:
+          - name: secret-volume
+            mountPath: "/var/run/secrets/webhook-server"
+            readOnly: true
+      volumes:
+      - name: secret-volume
+        secret:
+          secretName: kubefledged-webhook-server              
+      {{- with .Values.nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+    {{- with .Values.affinity }}
+      affinity:
+        {{- toYaml . | nindent 8 }}
+    {{- end }}
+    {{- with .Values.tolerations }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+    {{- end }}
diff --git a/deploy/kubefledged-operator/helm-charts/kubefledged/templates/service-webhook-server.yaml b/deploy/kubefledged-operator/helm-charts/kubefledged/templates/service-webhook-server.yaml
@@ -0,0 +1,18 @@
+{{- if .Values.webhookService.create -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "kubefledged.webhookServiceName" . }}
+  labels:
+    {{ include "kubefledged.labels" . | nindent 4 }}
+  namespace: {{ .Values.kubefledgedNameSpace }}
+spec:
+  ports:
+  - name: webhook-server
+    port: {{ .Values.webhookService.port }}
+    protocol: TCP
+    targetPort: {{ .Values.webhookService.targetPort }}
+  selector:
+    {{- include "kubefledged.selectorLabels" . | nindent 4 }}-webhook-server
+  type: ClusterIP
+{{- end -}}
diff --git a/deploy/kubefledged-operator/helm-charts/kubefledged/templates/validatingwebhook.yaml b/deploy/kubefledged-operator/helm-charts/kubefledged/templates/validatingwebhook.yaml
@@ -0,0 +1,25 @@
+{{- if .Values.validatingWebhook.create -}}
+apiVersion: admissionregistration.k8s.io/v1
+kind: ValidatingWebhookConfiguration
+metadata:
+  name: {{ include "kubefledged.validatingWebhookName" . }}
+webhooks:
+  - name: validate-image-cache.kubefledged.k8s.io
+    admissionReviewVersions: ["v1"]
+    timeoutSeconds: 1
+    failurePolicy: Fail
+    sideEffects: None
+    clientConfig:
+      service:
+        namespace: kube-fledged
+        name: kubefledged-webhook-server
+        path: "/validate-image-cache"
+        port: {{ .Values.webhookService.port }}
+      caBundle: {{ .Values.validatingWebhook.ca-bundle }}
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: ["kubefledged.k8s.io"]
+        apiVersions: ["v1alpha1"]
+        resources: ["imagecaches"]
+        scope: "Namespaced"
+{{- end -}}