From 42fbee225e329f0b5048fc2d0045412ea0a49bbd Mon Sep 17 00:00:00 2001 From: "Miskiewicz, Piotr" Date: Mon, 22 Jun 2020 21:07:35 +0200 Subject: [PATCH 1/5] Chart dependencies stored in etcd --- charts/helm-broker/Chart.yaml | 2 - charts/helm-broker/README.md | 2 +- .../crds/addons-configuration.crd.yaml | 0 .../cluster-addons-configuration.crd.yaml | 0 .../crd/addons-configuration.crd.yaml | 149 -------------- .../crd/cluster-addons-configuration.crd.yaml | 148 -------------- charts/helm-broker/values.yaml | 4 +- charts_v3/helm-broker/Chart.yaml | 20 -- charts_v3/helm-broker/README.md | 7 - .../charts/etcd-stateful/Chart.yaml | 7 - .../etcd-stateful/templates/_helpers.tpl | 9 - .../charts/etcd-stateful/templates/rbac.yaml | 31 --- .../etcd-stateful/templates/service.yaml | 43 ---- .../etcd-stateful/templates/statefulset.yaml | 190 ------------------ .../charts/etcd-stateful/values.yaml | 17 -- charts_v3/helm-broker/ci/README.md | 5 - .../helm-broker/ci/built-image-values.yaml | 14 -- charts_v3/helm-broker/templates/_helpers.tpl | 15 -- .../templates/default-addons-cfg.yaml | 11 - charts_v3/helm-broker/templates/deploy.yaml | 149 -------------- .../templates/helm-broker-cfg.yaml | 22 -- .../helm-broker/templates/helm-secret.yaml | 10 - charts_v3/helm-broker/templates/rbac.yaml | 56 ------ charts_v3/helm-broker/templates/ssh-cfg.yaml | 16 -- charts_v3/helm-broker/templates/svc.yaml | 21 -- .../helm-broker/templates/tests/rbac.yaml | 45 ----- .../templates/tests/test-addons-serving.yaml | 24 --- charts_v3/helm-broker/values.yaml | 63 ------ internal/storage/driver/etcd/entity_chart.go | 69 +++++-- internal/storage/testing/chart_test.go | 18 ++ internal/storage/testing/testing/.helmignore | 21 ++ internal/storage/testing/testing/Chart.yaml | 5 + .../testing/testing/charts/subch/Chart.yaml | 5 + .../charts/subch/templates/_helpers.tpl | 8 + .../testing/charts/subch/templates/cm.yaml | 6 + .../testing/testing/templates/_helpers.tpl | 8 + .../storage/testing/testing/templates/cm.yaml | 9 + internal/storage/testing/testing/values.yaml | 0 38 files changed, 136 insertions(+), 1093 deletions(-) rename {charts_v3 => charts}/helm-broker/crds/addons-configuration.crd.yaml (100%) rename {charts_v3 => charts}/helm-broker/crds/cluster-addons-configuration.crd.yaml (100%) delete mode 100644 charts/helm-broker/templates/crd/addons-configuration.crd.yaml delete mode 100644 charts/helm-broker/templates/crd/cluster-addons-configuration.crd.yaml delete mode 100644 charts_v3/helm-broker/Chart.yaml delete mode 100644 charts_v3/helm-broker/README.md delete mode 100644 charts_v3/helm-broker/charts/etcd-stateful/Chart.yaml delete mode 100644 charts_v3/helm-broker/charts/etcd-stateful/templates/_helpers.tpl delete mode 100644 charts_v3/helm-broker/charts/etcd-stateful/templates/rbac.yaml delete mode 100644 charts_v3/helm-broker/charts/etcd-stateful/templates/service.yaml delete mode 100644 charts_v3/helm-broker/charts/etcd-stateful/templates/statefulset.yaml delete mode 100644 charts_v3/helm-broker/charts/etcd-stateful/values.yaml delete mode 100644 charts_v3/helm-broker/ci/README.md delete mode 100644 charts_v3/helm-broker/ci/built-image-values.yaml delete mode 100644 charts_v3/helm-broker/templates/_helpers.tpl delete mode 100644 charts_v3/helm-broker/templates/default-addons-cfg.yaml delete mode 100644 charts_v3/helm-broker/templates/deploy.yaml delete mode 100644 charts_v3/helm-broker/templates/helm-broker-cfg.yaml delete mode 100644 charts_v3/helm-broker/templates/helm-secret.yaml delete mode 100644 charts_v3/helm-broker/templates/rbac.yaml delete mode 100644 charts_v3/helm-broker/templates/ssh-cfg.yaml delete mode 100644 charts_v3/helm-broker/templates/svc.yaml delete mode 100644 charts_v3/helm-broker/templates/tests/rbac.yaml delete mode 100644 charts_v3/helm-broker/templates/tests/test-addons-serving.yaml delete mode 100644 charts_v3/helm-broker/values.yaml create mode 100644 internal/storage/testing/testing/.helmignore create mode 100644 internal/storage/testing/testing/Chart.yaml create mode 100644 internal/storage/testing/testing/charts/subch/Chart.yaml create mode 100644 internal/storage/testing/testing/charts/subch/templates/_helpers.tpl create mode 100644 internal/storage/testing/testing/charts/subch/templates/cm.yaml create mode 100644 internal/storage/testing/testing/templates/_helpers.tpl create mode 100644 internal/storage/testing/testing/templates/cm.yaml create mode 100644 internal/storage/testing/testing/values.yaml diff --git a/charts/helm-broker/Chart.yaml b/charts/helm-broker/Chart.yaml index 5235719e..12442acf 100644 --- a/charts/helm-broker/Chart.yaml +++ b/charts/helm-broker/Chart.yaml @@ -12,8 +12,6 @@ maintainers: url: https://github.com/pk85/ - name: piotrmiskiewicz email: piotr.miskiewicz@sap.com - - name: adamwalach - email: adam.walach@sap.com - name: jasiu001 email: piotr.jasiak@sap.com - name: polskikiel diff --git a/charts/helm-broker/README.md b/charts/helm-broker/README.md index ced6bbe2..7c053950 100644 --- a/charts/helm-broker/README.md +++ b/charts/helm-broker/README.md @@ -2,6 +2,6 @@ ## Overview -The Helm Broker is a [Service Broker](https://kyma-project.io/docs/master/components/service-catalog/#service-brokers-overview) which exposes Helm charts as Service Classes in the [Service Catalog](https://kyma-project.io/docs/master/components/service-catalog/#overview-overview). To do so, the Helm Broker uses the concept of addons. An addon is an abstraction layer over a Helm chart which provides all information required to convert the chart into a Service Class. +The Helm Broker is a [Service Broker](https://kyma-project.io/docs/master/components/service-catalog/#service-brokers-overview) which exposes Helm charts as ServiceClasses in the [Service Catalog](https://kyma-project.io/docs/master/components/service-catalog/#overview-overview). To do so, the Helm Broker uses the concept of addons. An addon is an abstraction layer over a Helm chart which provides all information required to convert the chart into a ServiceClass. The Helm Broker implements the [Open Service Broker API](https://github.com/openservicebrokerapi/servicebroker/blob/master/spec.md). For more information about the Helm Broker, read the [documentation](https://kyma-project.io/docs/master/components/helm-broker/). diff --git a/charts_v3/helm-broker/crds/addons-configuration.crd.yaml b/charts/helm-broker/crds/addons-configuration.crd.yaml similarity index 100% rename from charts_v3/helm-broker/crds/addons-configuration.crd.yaml rename to charts/helm-broker/crds/addons-configuration.crd.yaml diff --git a/charts_v3/helm-broker/crds/cluster-addons-configuration.crd.yaml b/charts/helm-broker/crds/cluster-addons-configuration.crd.yaml similarity index 100% rename from charts_v3/helm-broker/crds/cluster-addons-configuration.crd.yaml rename to charts/helm-broker/crds/cluster-addons-configuration.crd.yaml diff --git a/charts/helm-broker/templates/crd/addons-configuration.crd.yaml b/charts/helm-broker/templates/crd/addons-configuration.crd.yaml deleted file mode 100644 index 7ba17160..00000000 --- a/charts/helm-broker/templates/crd/addons-configuration.crd.yaml +++ /dev/null @@ -1,149 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - creationTimestamp: null - name: addonsconfigurations.addons.kyma-project.io - annotations: - helm.sh/hook: crd-install -spec: - additionalPrinterColumns: - - JSONPath: .status.phase - name: Phase - type: string - - JSONPath: .metadata.creationTimestamp - name: Age - type: date - group: addons.kyma-project.io - names: - categories: - - all - - addons - kind: AddonsConfiguration - listKind: AddonsConfigurationList - plural: addonsconfigurations - singular: addonsconfiguration - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - description: AddonsConfiguration is the Schema for the addonsconfigurations - API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: AddonsConfigurationSpec defines the desired state of AddonsConfiguration - properties: - repositories: - items: - description: SpecRepository define the addon repository - properties: - secretRef: - description: SecretReference represents a Secret Reference. It - has enough information to retrieve secret in any namespace - properties: - name: - description: Name is unique within a namespace to reference - a secret resource. - type: string - namespace: - description: Namespace defines the space within which the - secret name must be unique. - type: string - type: object - url: - type: string - required: - - url - type: object - type: array - reprocessRequest: - description: 'ReprocessRequest is strictly increasing, non-negative - integer counter that can be incremented by a user to manually trigger - the reprocessing action of given CR. TODO: Use validation webhook - to block negative values, explanation: https://github.com/kubernetes/community/blob/db7f270f2d04b497767ebbc59c5aea595d67ea2c/contributors/devel/sig-architecture/api-conventions.md#primitive-types' - format: int64 - type: integer - required: - - repositories - type: object - status: - description: AddonsConfigurationStatus defines the observed state of AddonsConfiguration - properties: - lastProcessedTime: - format: date-time - type: string - observedGeneration: - format: int64 - type: integer - phase: - description: AddonsConfigurationPhase defines the addons configuration - phase - type: string - repositories: - items: - description: StatusRepository define the addon repository - properties: - addons: - items: - description: Addon holds information about single addon - properties: - message: - type: string - name: - type: string - reason: - type: string - status: - description: AddonStatus define the addon status - enum: - - Ready - - Failed - type: string - version: - type: string - required: - - name - - version - type: object - type: array - message: - type: string - reason: - type: string - status: - description: RepositoryStatus define the repository status - type: string - url: - type: string - required: - - addons - - url - type: object - type: array - required: - - phase - type: object - type: object - version: v1alpha1 - versions: - - name: v1alpha1 - served: true - storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/charts/helm-broker/templates/crd/cluster-addons-configuration.crd.yaml b/charts/helm-broker/templates/crd/cluster-addons-configuration.crd.yaml deleted file mode 100644 index 5a995a99..00000000 --- a/charts/helm-broker/templates/crd/cluster-addons-configuration.crd.yaml +++ /dev/null @@ -1,148 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - creationTimestamp: null - name: clusteraddonsconfigurations.addons.kyma-project.io - annotations: - helm.sh/hook: crd-install -spec: - additionalPrinterColumns: - - JSONPath: .status.phase - name: Phase - type: string - - JSONPath: .metadata.creationTimestamp - name: Age - type: date - group: addons.kyma-project.io - names: - kind: ClusterAddonsConfiguration - listKind: ClusterAddonsConfigurationList - plural: clusteraddonsconfigurations - singular: clusteraddonsconfiguration - scope: Cluster - subresources: - status: {} - validation: - openAPIV3Schema: - description: ClusterAddonsConfiguration is the Schema for the addonsconfigurations - API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ClusterAddonsConfigurationSpec defines the desired state of - ClusterAddonsConfiguration - properties: - repositories: - items: - description: SpecRepository define the addon repository - properties: - secretRef: - description: SecretReference represents a Secret Reference. It - has enough information to retrieve secret in any namespace - properties: - name: - description: Name is unique within a namespace to reference - a secret resource. - type: string - namespace: - description: Namespace defines the space within which the - secret name must be unique. - type: string - type: object - url: - type: string - required: - - url - type: object - type: array - reprocessRequest: - description: 'ReprocessRequest is strictly increasing, non-negative - integer counter that can be incremented by a user to manually trigger - the reprocessing action of given CR. TODO: Use validation webhook - to block negative values, explanation: https://github.com/kubernetes/community/blob/db7f270f2d04b497767ebbc59c5aea595d67ea2c/contributors/devel/sig-architecture/api-conventions.md#primitive-types' - format: int64 - type: integer - required: - - repositories - type: object - status: - description: ClusterAddonsConfigurationStatus defines the observed state - of ClusterAddonsConfiguration - properties: - lastProcessedTime: - format: date-time - type: string - observedGeneration: - format: int64 - type: integer - phase: - description: AddonsConfigurationPhase defines the addons configuration - phase - type: string - repositories: - items: - description: StatusRepository define the addon repository - properties: - addons: - items: - description: Addon holds information about single addon - properties: - message: - type: string - name: - type: string - reason: - type: string - status: - description: AddonStatus define the addon status - enum: - - Ready - - Failed - type: string - version: - type: string - required: - - name - - version - type: object - type: array - message: - type: string - reason: - type: string - status: - description: RepositoryStatus define the repository status - type: string - url: - type: string - required: - - addons - - url - type: object - type: array - required: - - phase - type: object - type: object - version: v1alpha1 - versions: - - name: v1alpha1 - served: true - storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/charts/helm-broker/values.yaml b/charts/helm-broker/values.yaml index a55f14d1..793dd79d 100644 --- a/charts/helm-broker/values.yaml +++ b/charts/helm-broker/values.yaml @@ -55,9 +55,9 @@ global: # paths to docker images helm_broker: dir: /pr/ - version: PR-80 + version: PR-97 helm_controller: dir: /pr/ - version: PR-80 + version: PR-97 # etcd port uses by helm broker etcdClientPort: 2379 diff --git a/charts_v3/helm-broker/Chart.yaml b/charts_v3/helm-broker/Chart.yaml deleted file mode 100644 index 12442acf..00000000 --- a/charts_v3/helm-broker/Chart.yaml +++ /dev/null @@ -1,20 +0,0 @@ -name: helm-broker -description: Helm broker deployment chart. -version: 0.1.0 -appVersion: 0.1.0 -home: https://github.com/kyma-project/helm-broker -maintainers: - - name: mszostok - email: mateusz.szostok@sap.com - url: https://github.com/mszostok/ - - name: pk85 - email: piotr.kopczynski@sap.com - url: https://github.com/pk85/ - - name: piotrmiskiewicz - email: piotr.miskiewicz@sap.com - - name: jasiu001 - email: piotr.jasiak@sap.com - - name: polskikiel - email: michal.kempski@sap.com - - name: ksputo - email: kamil.sputo@sap.com diff --git a/charts_v3/helm-broker/README.md b/charts_v3/helm-broker/README.md deleted file mode 100644 index 7c053950..00000000 --- a/charts_v3/helm-broker/README.md +++ /dev/null @@ -1,7 +0,0 @@ -# Helm Broker - -## Overview - -The Helm Broker is a [Service Broker](https://kyma-project.io/docs/master/components/service-catalog/#service-brokers-overview) which exposes Helm charts as ServiceClasses in the [Service Catalog](https://kyma-project.io/docs/master/components/service-catalog/#overview-overview). To do so, the Helm Broker uses the concept of addons. An addon is an abstraction layer over a Helm chart which provides all information required to convert the chart into a ServiceClass. - -The Helm Broker implements the [Open Service Broker API](https://github.com/openservicebrokerapi/servicebroker/blob/master/spec.md). For more information about the Helm Broker, read the [documentation](https://kyma-project.io/docs/master/components/helm-broker/). diff --git a/charts_v3/helm-broker/charts/etcd-stateful/Chart.yaml b/charts_v3/helm-broker/charts/etcd-stateful/Chart.yaml deleted file mode 100644 index 8885ba41..00000000 --- a/charts_v3/helm-broker/charts/etcd-stateful/Chart.yaml +++ /dev/null @@ -1,7 +0,0 @@ -name: etcd-stateful -home: https://github.com/alexandrem/ -version: 0.1.0 -description: self-hosted etcd cluster -maintainers: - - name: Alexandre Mclean - email: alexandre.mclean@gmail.com \ No newline at end of file diff --git a/charts_v3/helm-broker/charts/etcd-stateful/templates/_helpers.tpl b/charts_v3/helm-broker/charts/etcd-stateful/templates/_helpers.tpl deleted file mode 100644 index cb54c1ca..00000000 --- a/charts_v3/helm-broker/charts/etcd-stateful/templates/_helpers.tpl +++ /dev/null @@ -1,9 +0,0 @@ -{{/* vim: set filetype=mustache: */}} - {{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "etcd-hb-fullname" -}} -{{- printf "%s-etcd-stateful" .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/charts_v3/helm-broker/charts/etcd-stateful/templates/rbac.yaml b/charts_v3/helm-broker/charts/etcd-stateful/templates/rbac.yaml deleted file mode 100644 index 7ea5f833..00000000 --- a/charts_v3/helm-broker/charts/etcd-stateful/templates/rbac.yaml +++ /dev/null @@ -1,31 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "etcd-hb-fullname" . }}-etcd-certs - ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ template "etcd-hb-fullname" . }}-etcd-certs -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "etcd-hb-fullname" . }}-etcd-certs -subjects: -- kind: ServiceAccount - name: {{ template "etcd-hb-fullname" . }}-etcd-certs - namespace: {{.Release.Namespace}} - ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1beta1 -metadata: - name: {{ template "etcd-hb-fullname" . }}-etcd-certs -rules: - - apiGroups: [""] - resources: ["secrets"] - verbs: ["get", "list", "patch"] - - apiGroups: [""] - resources: ["configmaps"] - verbs: ["get", "create", "delete"] diff --git a/charts_v3/helm-broker/charts/etcd-stateful/templates/service.yaml b/charts_v3/helm-broker/charts/etcd-stateful/templates/service.yaml deleted file mode 100644 index e2e09f37..00000000 --- a/charts_v3/helm-broker/charts/etcd-stateful/templates/service.yaml +++ /dev/null @@ -1,43 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ template "etcd-hb-fullname" . }} - labels: - app: {{ template "etcd-hb-fullname" . }} - chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - release: "{{ .Release.Name }}" - heritage: "{{ .Release.Service }}" - annotations: - # Create endpoints also if the related pod isn't ready - service.alpha.kubernetes.io/tolerate-unready-endpoints: "true" -spec: - ports: - - port: {{ .Values.global.etcdClientPort }} - name: client - - port: 2380 - name: peer - clusterIP: None - selector: - app: {{ template "etcd-hb-fullname" . }} - ---- -apiVersion: v1 -kind: Service -metadata: - name: "{{ template "etcd-hb-fullname" . }}-client" - labels: - app: {{ template "etcd-hb-fullname" . }} - chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - release: "{{ .Release.Name }}" - heritage: "{{ .Release.Service }}" - annotations: - # Create endpoints also if the related pod isn't ready - service.alpha.kubernetes.io/tolerate-unready-endpoints: "true" -spec: - ports: - - port: {{ .Values.global.etcdClientPort }} - name: client - - port: 2381 - name: metrics - selector: - app: {{ template "etcd-hb-fullname" . }} diff --git a/charts_v3/helm-broker/charts/etcd-stateful/templates/statefulset.yaml b/charts_v3/helm-broker/charts/etcd-stateful/templates/statefulset.yaml deleted file mode 100644 index 9e70c606..00000000 --- a/charts_v3/helm-broker/charts/etcd-stateful/templates/statefulset.yaml +++ /dev/null @@ -1,190 +0,0 @@ -apiVersion: apps/v1 -kind: StatefulSet -metadata: - name: {{ template "etcd-hb-fullname" . }} - labels: - app: {{ template "etcd-hb-fullname" . }} - chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - release: "{{ .Release.Name }}" - heritage: "{{ .Release.Service }}" -spec: - serviceName: {{ template "etcd-hb-fullname" . }} - replicas: {{ .Values.replicaCount }} - selector: - matchLabels: - app: {{ template "etcd-hb-fullname" . }} - template: - metadata: - name: {{ template "etcd-hb-fullname" . }} - annotations: - sidecar.istio.io/inject: "false" - labels: - app: {{ template "etcd-hb-fullname" . }} - chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - release: "{{ .Release.Name }}" - heritage: "{{ .Release.Service }}" - spec: - terminationGracePeriodSeconds: 60 - restartPolicy: Always - containers: - - name: "{{ template "etcd-hb-fullname" . }}" - image: "{{.Values.etcd.image}}:{{.Values.etcd.imageTag}}" - ports: - - containerPort: {{ .Values.global.etcdClientPort }} - name: client - - containerPort: 2380 - name: peer - - containerPort: 2381 - name: metrics - env: - - name: CLUSTER_SIZE - value: "{{ .Values.replicaCount }}" - - name: SET_NAME - value: "{{ template "etcd-hb-fullname" . }}" - - name: ETCDCTL_API - value: "3" - - name: ETCD_TLS - value: "{{.Values.etcd.secure}}" - - name: MY_POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - volumeMounts: - - name: data - mountPath: /var/run/etcd - resources: - limits: - cpu: "{{ .Values.etcd.resources.limits.cpu }}" - memory: "{{ .Values.etcd.resources.limits.memory }}" - requests: - cpu: "{{ .Values.etcd.resources.requests.cpu }}" - memory: "{{ .Values.etcd.resources.requests.memory }}" - command: - - "/bin/sh" - - "-ecx" - - | - IP=$(hostname -i) - for i in $(seq 0 $((${CLUSTER_SIZE} - 1))); do - while true; do - echo "Waiting for ${SET_NAME}-${i}.${SET_NAME} to come up" - ping -W 1 -c 1 ${SET_NAME}-${i}.${SET_NAME} > /dev/null && break - sleep 1s - done - done - - STATE="new" - PEERS="" - CLIENT_URLS="" - # - # only needed on etcdctl if enabling authorization - # --cert=/etc/etcdctl/server/server.crt \ - # --key=/etc/etcdctl/server/server.key \ - for i in $(seq 0 $((${CLUSTER_SIZE} - 1))); do - if [ $(ETCD_TLS) = "true" ]; then - PEERS="${PEERS}${PEERS:+,}${SET_NAME}-${i}=https://${SET_NAME}-${i}.${SET_NAME}.${MY_POD_NAMESPACE}.svc.cluster.local:2380" - CLIENT_URLS="${CLIENT_URLS}${CLIENT_URLS:+,}https://${SET_NAME}-${i}.${SET_NAME}.${MY_POD_NAMESPACE}.svc.cluster.local:{{ .Values.global.etcdClientPort }}" - set +e - etcdctl \ - --endpoints=https://etcd-${i}.${SET_NAME}.${MY_POD_NAMESPACE}.svc.cluster.local:{{ .Values.global.etcdClientPort }} \ - --cacert=/etc/etcdtls/member/server-tls/server-ca.crt \ - endpoint status - ret=$? - set -e - else - PEERS="${PEERS}${PEERS:+,}${SET_NAME}-${i}=http://${SET_NAME}-${i}.${SET_NAME}.${MY_POD_NAMESPACE}.svc.cluster.local:2380" - CLIENT_URLS="${CLIENT_URLS}${CLIENT_URLS:+,}http://${SET_NAME}-${i}.${SET_NAME}.${MY_POD_NAMESPACE}.svc.cluster.local:{{ .Values.global.etcdClientPort }}" - set +e - etcdctl \ - --endpoints=https://etcd-${i}.${SET_NAME}:{{ .Values.global.etcdClientPort }} \ - endpoint status - ret=$? - set -e - fi - if [[ $ret -eq 0 ]]; then - STATE="existing" - fi - done - - # If restored backup exists than replace old data-dir with the one from backup - if [ -d /var/run/etcd/backup.etcd/ ]; then - rm -rf /var/run/etcd/default.etcd - mv /var/run/etcd/backup.etcd /var/run/etcd/default.etcd - fi - - # start etcd. If cluster is already initialized the `--initial-*` options will be ignored. - # - # This would only be needed if enabling authorization and using CN in cacert client. - # --client-cert-auth=true \ - # --trusted-ca-file=/etc/etcdtls/server/server-ca.crt \ - - if [ $(ETCD_TLS) = "true" ]; then - exec etcd --name ${HOSTNAME} \ - --listen-peer-urls https://${IP}:2380 \ - --peer-client-cert-auth=true \ - --peer-trusted-ca-file=/etc/etcdtls/member/peer-tls/peer-ca.crt \ - --peer-cert-file=/etc/etcdtls/member/peer-tls/peer.crt \ - --peer-key-file=/etc/etcdtls/member/peer-tls/peer.key \ - --client-cert-auth=true \ - --trusted-ca-file=/etc/etcdtls/member/server-tls/server-ca.crt \ - --cert-file=/etc/etcdtls/member/server-tls/server.crt \ - --key-file=/etc/etcdtls/member/server-tls/server.key \ - --listen-client-urls https://${IP}:{{ .Values.global.etcdClientPort }},https://127.0.0.1:{{ .Values.global.etcdClientPort }} \ - --advertise-client-urls ${CLIENT_URLS} \ - --initial-advertise-peer-urls https://${HOSTNAME}.${SET_NAME}.${MY_POD_NAMESPACE}.svc.cluster.local:2380 \ - --initial-cluster-token etcd-cluster-1 \ - --initial-cluster ${PEERS} \ - --initial-cluster-state ${STATE} \ - --listen-metrics-urls http://${IP}:2381 \ - --data-dir /var/run/etcd/default.etcd - else - exec etcd --name ${HOSTNAME} \ - --listen-peer-urls http://${IP}:2380 \ - --peer-client-cert-auth=false \ - --listen-client-urls http://${IP}:{{ .Values.global.etcdClientPort }},http://127.0.0.1:{{ .Values.global.etcdClientPort }} \ - --advertise-client-urls ${CLIENT_URLS} \ - --initial-advertise-peer-urls http://${HOSTNAME}.${SET_NAME}.${MY_POD_NAMESPACE}.svc.cluster.local:2380 \ - --initial-cluster-token etcd-cluster-1 \ - --initial-cluster ${PEERS} \ - --initial-cluster-state ${STATE} \ - --listen-metrics-urls http://${IP}:2381 \ - --data-dir /var/run/etcd/default.etcd - fi - - livenessProbe: - exec: - command: - - /usr/local/bin/etcdctl - {{ if .Values.etcd.secure }} - - --endpoints=https://localhost:{{ .Values.global.etcdClientPort }} - - --cert=/etc/etcdtls/operator/etcd-tls/etcd-client.crt - - --key=/etc/etcdtls/operator/etcd-tls/etcd-client.key - - --cacert=/etc/etcdtls/operator/etcd-tls/etcd-client-ca.crt - {{ else }} - - --endpoints=http://localhost:{{ .Values.global.etcdClientPort }} - {{ end }} - - get - - foo - initialDelaySeconds: 30 - periodSeconds: 15 - timeoutSeconds: 5 - failureThreshold: 3 - - affinity: - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchExpressions: - - key: "app" - operator: In - values: - - {{ template "etcd-hb-fullname" . }} - topologyKey: "kubernetes.io/hostname" - volumeClaimTemplates: - - metadata: - name: data - spec: - accessModes: - - "ReadWriteOnce" - resources: - requests: - storage: 4Gi diff --git a/charts_v3/helm-broker/charts/etcd-stateful/values.yaml b/charts_v3/helm-broker/charts/etcd-stateful/values.yaml deleted file mode 100644 index 90927099..00000000 --- a/charts_v3/helm-broker/charts/etcd-stateful/values.yaml +++ /dev/null @@ -1,17 +0,0 @@ -tlsSetup: - image: "eu.gcr.io/kyma-project/etcd-tls-setup" - imageTag: "0.3.367" - -etcd: - image: "quay.io/coreos/etcd" - imageTag: "v3.3.9" - secure: false - resources: - limits: - cpu: 200m - memory: 256Mi - requests: - cpu: 50m - memory: 64Mi - -replicaCount: 1 \ No newline at end of file diff --git a/charts_v3/helm-broker/ci/README.md b/charts_v3/helm-broker/ci/README.md deleted file mode 100644 index a666ca8a..00000000 --- a/charts_v3/helm-broker/ci/README.md +++ /dev/null @@ -1,5 +0,0 @@ -## Providing custom test values - -In order to enable custom test values, add any number of `-values.yaml` files to this directory. Only files with the `-values.yaml` suffix are considered. Instead of using the defaults, the chart is installed and tested separately for each of these files using the `--values` flag. - -If you want to perform testing using the default values, an empty `values.yaml` file must be present in the `ci` directory. diff --git a/charts_v3/helm-broker/ci/built-image-values.yaml b/charts_v3/helm-broker/ci/built-image-values.yaml deleted file mode 100644 index 5a22a37e..00000000 --- a/charts_v3/helm-broker/ci/built-image-values.yaml +++ /dev/null @@ -1,14 +0,0 @@ -global: - containerRegistry: - path: "" - helm_broker: - dir: "" - version: "latest" - helm_controller: - dir: "" - version: "latest" - -tests: - image: helm-broker-tests - dir: "" - tag: "latest" diff --git a/charts_v3/helm-broker/templates/_helpers.tpl b/charts_v3/helm-broker/templates/_helpers.tpl deleted file mode 100644 index 60e5524c..00000000 --- a/charts_v3/helm-broker/templates/_helpers.tpl +++ /dev/null @@ -1,15 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "name" -}} -{{- default .Chart.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -*/}} -{{- define "fullname" -}} -{{- printf "%s" .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/charts_v3/helm-broker/templates/default-addons-cfg.yaml b/charts_v3/helm-broker/templates/default-addons-cfg.yaml deleted file mode 100644 index bfbcc94f..00000000 --- a/charts_v3/helm-broker/templates/default-addons-cfg.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: addons.kyma-project.io/v1alpha1 -kind: ClusterAddonsConfiguration -metadata: - name: "helm-repos-urls" - labels: - app: {{ template "fullname" . }} - chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - addons.kyma-project.io/managed: "true" -spec: - repositories: - - url: {{ .Values.defautlAddonsURL }} diff --git a/charts_v3/helm-broker/templates/deploy.yaml b/charts_v3/helm-broker/templates/deploy.yaml deleted file mode 100644 index 01761c54..00000000 --- a/charts_v3/helm-broker/templates/deploy.yaml +++ /dev/null @@ -1,149 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ template "fullname" . }} - labels: - app: {{ template "name" . }} - chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - release: "{{ .Release.Name }}" - heritage: "{{ .Release.Service }}" -spec: - replicas: 1 - selector: - matchLabels: - app: {{ template "fullname" . }} - strategy: - type: Recreate - template: - metadata: - annotations: -{{ toYaml .Values.deploy.annotations | indent 8 }} - labels: - app: {{ template "fullname" . }} - chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - release: "{{ .Release.Name }}" - heritage: "{{ .Release.Service }}" - spec: - serviceAccountName: {{ template "fullname" . }} - containers: - - name: broker - image: "{{ .Values.global.containerRegistry.path }}{{ .Values.global.helm_broker.dir }}helm-broker:{{ .Values.global.helm_broker.version }}" - imagePullPolicy: {{ .Values.global.image.pullPolicy }} - env: - - name: APP_PORT - value: "{{ .Values.broker.internalPort }}" - - name: APP_STATUS_PORT - value: "{{ .Values.broker.statusPort }}" - - name: APP_METRICS_PORT - value: "{{ .Values.broker.metricsPort }}" - - name: APP_CONFIG_FILE_NAME - value: /etc/config/helm-broker/config.yaml - - name: APP_HELM_TILLER_HOST - value: "tiller-deploy.kube-system.svc.cluster.local:44134" - - name: APP_HELM_TILLER_TLS_INSECURE - value: "{{ .Values.broker.tillerTLSInsecure }}" - - name: APP_HELM_TILLER_TLS_ENABLED - value: "{{ .Values.broker.tillerTLSEnabled }}" - resources: -{{ toYaml .Values.broker.resources | indent 10 }} - volumeMounts: - - mountPath: /tmp - name: tmp-empty-dir - - mountPath: /etc/config/helm-broker - name: config-volume -{{ if .Values.broker.tillerTLSEnabled }} - - mountPath: /etc/certs - name: helm-certs - readOnly: true -{{ end }} - ports: - - containerPort: {{ .Values.broker.internalPort }} - readinessProbe: - httpGet: - path: /ready - port: {{ .Values.broker.statusPort }} - initialDelaySeconds: 10 - periodSeconds: 10 - timeoutSeconds: 2 - livenessProbe: - httpGet: - path: /live - port: {{ .Values.broker.statusPort }} - initialDelaySeconds: 10 - periodSeconds: 15 - timeoutSeconds: 2 - - - name: ctrl - image: "{{ .Values.global.containerRegistry.path }}{{ .Values.global.helm_controller.dir }}helm-controller:{{ .Values.global.helm_controller.version }}" - imagePullPolicy: {{ .Values.global.image.pullPolicy }} - resources: -{{ toYaml .Values.ctrl.resources | indent 10 }} - env: - - name: APP_TMP_DIR - value: /tmp - - name: APP_STATUS_PORT - value: "{{ .Values.ctrl.statusPort }}" - - name: APP_NAMESPACE - value: {{ .Release.Namespace }} - - name: APP_SERVICE_NAME - value: {{ template "fullname" . }} - - name: APP_CONFIG_FILE_NAME - value: /etc/config/helm-broker/config.yaml - - name: APP_CLUSTER_SERVICE_BROKER_NAME - value: {{ template "fullname" . }} - - name: APP_DEVELOP_MODE - value: "{{ .Values.global.isDevelopMode }}" - - name: APP_DOCUMENTATION_ENABLED - value: "{{ .Values.ctrl.documentationEnabled }}" - - name: APP_UPLOAD_SERVICE_URL - value: "{{ .Values.ctrl.uploadServiceURL }}" - volumeMounts: - - mountPath: /tmp - name: tmp-empty-dir - - mountPath: /etc/config/helm-broker - name: config-volume -{{ if .Values.broker.tillerTLSEnabled }} - - mountPath: /etc/certs - name: helm-certs - readOnly: true -{{ end }} - - mountPath: /root/.ssh - name: ssh-cfg - readOnly: true - ports: - - containerPort: {{ .Values.ctrl.internalPort }} - readinessProbe: - httpGet: - path: /ready - port: {{ .Values.ctrl.statusPort }} - periodSeconds: 10 - timeoutSeconds: 2 - initialDelaySeconds: 10 - livenessProbe: - httpGet: - path: /live - port: {{ .Values.ctrl.statusPort }} - periodSeconds: 60 - timeoutSeconds: 30 - initialDelaySeconds: 10 - - volumes: - - name: tmp-empty-dir - emptyDir: - sizeLimit: "{{ .Values.ctrl.tmpDirSizeLimit }}" - - name: config-volume - configMap: - name: helm-config-map - - name: ssh-cfg - configMap: - name: ssh-cfg -{{ if .Values.broker.tillerTLSEnabled }} - - name: helm-certs - secret: - secretName: helm-secret - items: - - key: tls.crt - path: tls.crt - - key: tls.key - path: tls.key -{{ end }} \ No newline at end of file diff --git a/charts_v3/helm-broker/templates/helm-broker-cfg.yaml b/charts_v3/helm-broker/templates/helm-broker-cfg.yaml deleted file mode 100644 index ac232e68..00000000 --- a/charts_v3/helm-broker/templates/helm-broker-cfg.yaml +++ /dev/null @@ -1,22 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: helm-config-map - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "fullname" . }} - chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" -data: - config.yaml: |- - tillerTLSInsecure: {{ .Values.broker.tillerTLSInsecure }} - storage: - - driver: etcd - provide: - all: ~ - - etcd: - endpoints: - - http://{{ .Release.Name }}-etcd-stateful-client.{{ .Release.Namespace }}.svc.cluster.local:{{ .Values.global.etcdClientPort }} - dialTimeout: 5s - dialKeepAliveTime: 2s - dialKeepAliveTimeout: 5s diff --git a/charts_v3/helm-broker/templates/helm-secret.yaml b/charts_v3/helm-broker/templates/helm-secret.yaml deleted file mode 100644 index abce85ee..00000000 --- a/charts_v3/helm-broker/templates/helm-secret.yaml +++ /dev/null @@ -1,10 +0,0 @@ -{{ if .Values.broker.tillerTLSEnabled }} -apiVersion: v1 -data: - tls.crt: {{ .Values.global.helm.tls.crt | b64enc }} - tls.key: {{ .Values.global.helm.tls.key | b64enc }} -kind: Secret -metadata: - name: helm-secret -type: Opaque -{{- end -}} \ No newline at end of file diff --git a/charts_v3/helm-broker/templates/rbac.yaml b/charts_v3/helm-broker/templates/rbac.yaml deleted file mode 100644 index 52e94d06..00000000 --- a/charts_v3/helm-broker/templates/rbac.yaml +++ /dev/null @@ -1,56 +0,0 @@ -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1beta1 -metadata: - name: {{ template "fullname" . }} - labels: - app: {{ template "name" . }} - chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - release: "{{ .Release.Name }}" - heritage: "{{ .Release.Service }}" -rules: -- apiGroups: [""] - resources: ["secrets", "configmaps", "services"] - verbs: ["get", "list", "watch"] -- apiGroups: ["servicecatalog.k8s.io"] - resources: ["servicebrokers", "clusterservicebrokers"] - verbs: ["create","delete","list","get","update", "watch"] -- apiGroups: ["servicecatalog.k8s.io"] - resources: ["serviceclasses", "clusterserviceclasses", "serviceinstances"] - verbs: ["list","get", "watch"] -- apiGroups: ["rafter.kyma-project.io"] - resources: ["clusterassetgroups", "assetgroups"] - verbs: ["get", "create", "update", "delete", "list", "watch"] -- apiGroups: ["addons.kyma-project.io"] - resources: ["addonsconfigurations", "clusteraddonsconfigurations", "addonsconfigurations/status", "clusteraddonsconfigurations/status", "addonsconfigurations/finalizers", "clusteraddonsconfigurations/finalizers"] - verbs: ["get", "list", "watch", "create", "update", "delete"] - ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "name" . }} - chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - release: "{{ .Release.Name }}" - heritage: "{{ .Release.Service }}" - ---- -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1beta1 -metadata: - name: {{ template "fullname" . }} - labels: - app: {{ template "name" . }} - chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - release: "{{ .Release.Name }}" - heritage: "{{ .Release.Service }}" -subjects: -- kind: ServiceAccount - name: {{ template "fullname" . }} - namespace: {{ .Release.Namespace }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: cluster-admin diff --git a/charts_v3/helm-broker/templates/ssh-cfg.yaml b/charts_v3/helm-broker/templates/ssh-cfg.yaml deleted file mode 100644 index 87601088..00000000 --- a/charts_v3/helm-broker/templates/ssh-cfg.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: ssh-cfg - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "fullname" . }} - chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" -data: - known_hosts: |- - # generated from the command: ssh-keyscan -t rsa github.com - github.com ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ== - bitbucket.org ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAubiN81eDcafrgMeLzaFPsw2kNvEcqTKl/VqLat/MaB33pZy0y3rJZtnqwR2qOOvbwKZYKiEO1O6VqNEBxKvJJelCq0dTXWT5pbO2gDXC6h6QDXCaHo6pOHGPUy+YBaGQRGuSusMEASYiWunYN0vCAI8QaXnWMXNMdFP3jHAJH0eDsoiGnLPBlBp4TNm6rYI74nMzgz3B9IikW4WVK+dc8KZJZWYjAuORU3jc1c/NPskD2ASinf8v3xnfXeukU0sJ5N6m5E8VLjObPEO+mN2t/FZTMZLiFqPWc/ALSqnMnnhwrNi2rbfg/rd/IpL8Le3pSBne8+seeFVBoGqzHM9yXw== - gitlab.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsj2bNKTBSpIYDEGk9KxsGh3mySTRgMtXL583qmBpzeQ+jqCMRgBqB98u3z++J1sKlXHWfM9dyhSevkMwSbhoR8XIq/U0tCNyokEi/ueaBMCvbcTHhO7FcwzY92WK4Yt0aGROY5qX2UKSeOvuP4D6TPqKF1onrSzH9bx9XUf2lEdWT/ia1NEKjunUqu1xOB/StKDHMoX4/OKyIzuS0q/T1zOATthvasJFoPrAjkohTyaDUz2LN5JoH839hViyEG82yB+MjcFV5MU3N1l1QL3cVUCh93xSaua1N85qivl+siMkPGbO5xR/En4iEY6K2XPASUEMaieWVNTRCtJ4S8H+9 - config: |- - CheckHostIP no diff --git a/charts_v3/helm-broker/templates/svc.yaml b/charts_v3/helm-broker/templates/svc.yaml deleted file mode 100644 index 59f1d1a3..00000000 --- a/charts_v3/helm-broker/templates/svc.yaml +++ /dev/null @@ -1,21 +0,0 @@ -kind: Service -apiVersion: v1 -metadata: - name: {{ template "fullname" . }} - annotations: -{{ toYaml .Values.service.annotations | indent 4 }} - labels: - app: {{ template "name" . }} - chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - release: "{{ .Release.Name }}" - heritage: "{{ .Release.Service }}" -spec: - type: {{ .Values.service.type }} - selector: - app: {{ template "fullname" . }} - release: {{ .Release.Name }} - ports: - - protocol: TCP - name: http-hb-port - port: {{ .Values.service.externalPort }} - targetPort: {{ .Values.broker.internalPort }} diff --git a/charts_v3/helm-broker/templates/tests/rbac.yaml b/charts_v3/helm-broker/templates/tests/rbac.yaml deleted file mode 100644 index a4e12cf2..00000000 --- a/charts_v3/helm-broker/templates/tests/rbac.yaml +++ /dev/null @@ -1,45 +0,0 @@ -kind: ServiceAccount -apiVersion: v1 -metadata: - name: {{ .Chart.Name }}-tests - labels: - app: {{ .Chart.Name }}-tests - app.kubernetes.io/name: {{ .Chart.Name }}-tests - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1beta1 -metadata: - name: {{ .Chart.Name }}-tests - labels: - app: {{ .Chart.Name }}-tests - app.kubernetes.io/name: {{ .Chart.Name }}-tests - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} -rules: - - apiGroups: ["addons.kyma-project.io"] - resources: ["addonsconfigurations", "clusteraddonsconfigurations"] - verbs: ["create", "delete", "get", "list"] ---- -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1beta1 -metadata: - name: {{ .Chart.Name }}-tests - labels: - app: {{ .Chart.Name }}-tests - app.kubernetes.io/name: {{ .Chart.Name }}-tests - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} -subjects: - - kind: ServiceAccount - name: {{ .Chart.Name }}-tests - namespace: {{ .Release.Namespace }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ .Chart.Name }}-tests - diff --git a/charts_v3/helm-broker/templates/tests/test-addons-serving.yaml b/charts_v3/helm-broker/templates/tests/test-addons-serving.yaml deleted file mode 100644 index 0a934abb..00000000 --- a/charts_v3/helm-broker/templates/tests/test-addons-serving.yaml +++ /dev/null @@ -1,24 +0,0 @@ -apiVersion: v1 -kind: Pod -metadata: - name: "{{ .Release.Name }}-addon-serving-test" - annotations: - "helm.sh/hook": test-success -spec: - serviceAccountName: {{ .Chart.Name }}-tests - {{- with .Values.tests.securityContext }} - securityContext: -{{ toYaml . | indent 8 }} - {{- end }} - containers: - - name: {{ .Release.Name }}--addon-serving-test - imagePullPolicy: {{ .Values.global.image.pullPolicy }} - image: "{{ .Values.global.containerRegistry.path }}{{ .Values.tests.dir }}{{ .Values.tests.image }}:{{ .Values.tests.tag }}" - env: - - name: HELM_BROKER_URL - value: "http://{{ template "fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local/cluster" - - name: CLUSTER_ADDONS_CONFIGURATION_URL - value: "github.com/kyma-project/addons//addons/index-acc-testing.yaml?ref=2d671e3a9d840b877dd8cd5fd9e6e0147ad4caf0" - - name: EXPECTED_ADDON_ID - value: "a54abe18-0a84-22e9-ab34-d663bbce3d88" - restartPolicy: Never diff --git a/charts_v3/helm-broker/values.yaml b/charts_v3/helm-broker/values.yaml deleted file mode 100644 index 793dd79d..00000000 --- a/charts_v3/helm-broker/values.yaml +++ /dev/null @@ -1,63 +0,0 @@ -tests: - image: helm-broker-tests - dir: /pr/ - tag: PR-97 - securityContext: - runAsUser: 2000 - -service: - type: NodePort - externalPort: 80 - annotations: {} - -deploy: - annotations: {} - -ctrl: - tmpDirSizeLimit: 1Gi - resources: - limits: - memory: 96Mi - cpu: 100m - requests: - memory: 32Mi - cpu: 80m - internalPort: 8080 - statusPort: 8081 - # enable/disable docs topics support for helm controller - documentationEnabled: false - uploadServiceURL: "not-needed-if-APP_DOCUMENTATION_ENABLED-set-to-false" - -broker: - resources: - limits: - memory: 76Mi - cpu: 60m - requests: - memory: 32Mi - cpu: 30m - tillerTLSInsecure: true - tillerTLSEnabled: false - internalPort: 8070 - statusPort: 8071 - metricsPort: 8072 - -defautlAddonsURL: "https://github.com/kyma-project/addons/releases/download/0.10.0/index.yaml" - -global: - containerRegistry: - path: eu.gcr.io/kyma-project - # develop mode allows use insecure (http) url for addons configuration - isDevelopMode: false - # image pull policy for helm broker broker/controller containers - image: - pullPolicy: IfNotPresent - # paths to docker images - helm_broker: - dir: /pr/ - version: PR-97 - helm_controller: - dir: /pr/ - version: PR-97 - # etcd port uses by helm broker - etcdClientPort: 2379 diff --git a/internal/storage/driver/etcd/entity_chart.go b/internal/storage/driver/etcd/entity_chart.go index 2485a87d..155c7b6e 100644 --- a/internal/storage/driver/etcd/entity_chart.go +++ b/internal/storage/driver/etcd/entity_chart.go @@ -46,14 +46,12 @@ func (s *Chart) Upsert(namespace internal.Namespace, c *chart.Chart) (replaced b if err != nil { return false, err } - - buf := bytes.Buffer{} - enc := json.NewEncoder(&buf) - if err := enc.Encode(c); err != nil { - return false, errors.Wrap(err, "while encoding entity") + encoded, err := s.encodeChart(c) + if err != nil { + return false, errors.Wrap(err, "while encoding chart") } - resp, err := s.kv.Put(context.TODO(), s.key(namespace, nv), buf.String(), clientv3.WithPrevKV()) + resp, err := s.kv.Put(context.TODO(), s.key(namespace, nv), encoded, clientv3.WithPrevKV()) if err != nil { return false, errors.Wrap(err, "while calling database") } @@ -65,6 +63,7 @@ func (s *Chart) Upsert(namespace internal.Namespace, c *chart.Chart) (replaced b return false, nil } + // Get returns chart with given name and version from storage func (s *Chart) Get(namespace internal.Namespace, name internal.ChartName, ver semver.Version) (*chart.Chart, error) { nv, err := s.nameVersion(name, ver) @@ -93,16 +92,6 @@ func (s *Chart) Get(namespace internal.Namespace, name internal.ChartName, ver s return c, nil } -func (s *Chart) decodeChart(raw []byte) (*chart.Chart, error) { - dec := json.NewDecoder(bytes.NewReader(raw)) - var c chart.Chart - if err := dec.Decode(&c); err != nil { - return nil, err - } - - return &c, nil -} - // Remove is removing chart with given name and version from storage func (s *Chart) Remove(namespace internal.Namespace, name internal.ChartName, ver semver.Version) error { nv, err := s.nameVersion(name, ver) @@ -166,3 +155,51 @@ func (*Chart) key(namespace internal.Namespace, nv chartNameVersion) string { } return fmt.Sprintf("%s|%s", prefix, string(nv)) } + + +type dto struct { + Main *chart.Chart `json:"main"` + Deps []*dto `json:"dependencies"` +} + +func (s *Chart) toDto(c *chart.Chart) *dto { + var deps []*dto + for _, d := range c.Dependencies() { + deps = append(deps, s.toDto(d)) + } + return &dto { + Main: c, + Deps: deps, + } +} + +func (s *Chart) fromDto(obj *dto) *chart.Chart { + chrt := obj.Main + + var deps []*chart.Chart + for _, d := range obj.Deps { + deps = append(deps, s.fromDto(d)) + } + chrt.SetDependencies(deps...) + return chrt +} + +func (s *Chart) encodeChart(c *chart.Chart) (string, error) { + obj := s.toDto(c) + buf := bytes.Buffer{} + enc := json.NewEncoder(&buf) + if err := enc.Encode(obj); err != nil { + return "", errors.Wrap(err, "while encoding entity") + } + return buf.String(), nil +} + +func (s *Chart) decodeChart(raw []byte) (*chart.Chart, error) { + dec := json.NewDecoder(bytes.NewReader(raw)) + var obj dto + if err := dec.Decode(&obj); err != nil { + return nil, err + } + + return s.fromDto(&obj), nil +} diff --git a/internal/storage/testing/chart_test.go b/internal/storage/testing/chart_test.go index 1c224c40..23afaeaf 100644 --- a/internal/storage/testing/chart_test.go +++ b/internal/storage/testing/chart_test.go @@ -12,6 +12,7 @@ import ( "github.com/kyma-project/helm-broker/internal" "github.com/kyma-project/helm-broker/internal/storage" "github.com/stretchr/testify/require" + "helm.sh/helm/v3/pkg/chart/loader" ) func TestChartGet(t *testing.T) { @@ -92,6 +93,23 @@ func TestChartUpsert(t *testing.T) { }) } +func TestHappyPath(t *testing.T) { + tRunDrivers(t, "Upsert and get preserves dependencies", func(t *testing.T, sf storage.Factory) { + // given + ts := newChartTestSuite(t, sf) + chrt, err := loader.LoadDir("testing") + require.NoError(t, err) + + // when + ts.s.Upsert("ns1", chrt) + + // then + got, err := ts.s.Get("ns1", internal.ChartName(chrt.Name()), *semver.MustParse(chrt.Metadata.Version)) + require.NoError(t, err) + assert.Equal(t, len(chrt.Dependencies()), len(got.Dependencies())) + }) +} + func TestChartRemove(t *testing.T) { tRunDrivers(t, "Found", func(t *testing.T, sf storage.Factory) { // GIVEN: diff --git a/internal/storage/testing/testing/.helmignore b/internal/storage/testing/testing/.helmignore new file mode 100644 index 00000000..f0c13194 --- /dev/null +++ b/internal/storage/testing/testing/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/internal/storage/testing/testing/Chart.yaml b/internal/storage/testing/testing/Chart.yaml new file mode 100644 index 00000000..e904433e --- /dev/null +++ b/internal/storage/testing/testing/Chart.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +appVersion: "1.0" +description: Testing config map +name: testing +version: 0.0.1 diff --git a/internal/storage/testing/testing/charts/subch/Chart.yaml b/internal/storage/testing/testing/charts/subch/Chart.yaml new file mode 100644 index 00000000..e8dee76b --- /dev/null +++ b/internal/storage/testing/testing/charts/subch/Chart.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +appVersion: "1.0" +description: Subchart config map +name: subch +version: 0.0.1 diff --git a/internal/storage/testing/testing/charts/subch/templates/_helpers.tpl b/internal/storage/testing/testing/charts/subch/templates/_helpers.tpl new file mode 100644 index 00000000..461c41e9 --- /dev/null +++ b/internal/storage/testing/testing/charts/subch/templates/_helpers.tpl @@ -0,0 +1,8 @@ +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "testing.fullname" -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} diff --git a/internal/storage/testing/testing/charts/subch/templates/cm.yaml b/internal/storage/testing/testing/charts/subch/templates/cm.yaml new file mode 100644 index 00000000..14daf7ef --- /dev/null +++ b/internal/storage/testing/testing/charts/subch/templates/cm.yaml @@ -0,0 +1,6 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "testing.fullname" . }}-subchart +data: + someKey: "someValue" diff --git a/internal/storage/testing/testing/templates/_helpers.tpl b/internal/storage/testing/testing/templates/_helpers.tpl new file mode 100644 index 00000000..461c41e9 --- /dev/null +++ b/internal/storage/testing/testing/templates/_helpers.tpl @@ -0,0 +1,8 @@ +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "testing.fullname" -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} diff --git a/internal/storage/testing/testing/templates/cm.yaml b/internal/storage/testing/testing/templates/cm.yaml new file mode 100644 index 00000000..26913afb --- /dev/null +++ b/internal/storage/testing/testing/templates/cm.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "testing.fullname" . }} +data: + planName: {{ .Values.planName | quote }} + {{- if .Values.additionalData }} + additionalData: {{ .Values.additionalData | quote }} + {{- end }} \ No newline at end of file diff --git a/internal/storage/testing/testing/values.yaml b/internal/storage/testing/testing/values.yaml new file mode 100644 index 00000000..e69de29b From 969b259ec650d530277a98265ebca38e5be681a3 Mon Sep 17 00:00:00 2001 From: "Miskiewicz, Piotr" Date: Mon, 22 Jun 2020 21:12:57 +0200 Subject: [PATCH 2/5] wip --- internal/storage/driver/etcd/entity_chart.go | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/internal/storage/driver/etcd/entity_chart.go b/internal/storage/driver/etcd/entity_chart.go index 155c7b6e..1cc98274 100644 --- a/internal/storage/driver/etcd/entity_chart.go +++ b/internal/storage/driver/etcd/entity_chart.go @@ -63,7 +63,6 @@ func (s *Chart) Upsert(namespace internal.Namespace, c *chart.Chart) (replaced b return false, nil } - // Get returns chart with given name and version from storage func (s *Chart) Get(namespace internal.Namespace, name internal.ChartName, ver semver.Version) (*chart.Chart, error) { nv, err := s.nameVersion(name, ver) @@ -156,7 +155,6 @@ func (*Chart) key(namespace internal.Namespace, nv chartNameVersion) string { return fmt.Sprintf("%s|%s", prefix, string(nv)) } - type dto struct { Main *chart.Chart `json:"main"` Deps []*dto `json:"dependencies"` @@ -167,7 +165,7 @@ func (s *Chart) toDto(c *chart.Chart) *dto { for _, d := range c.Dependencies() { deps = append(deps, s.toDto(d)) } - return &dto { + return &dto{ Main: c, Deps: deps, } From 3aa305bbaf4baaa92f24b15a76d8a1deb69165ec Mon Sep 17 00:00:00 2001 From: "Miskiewicz, Piotr" Date: Mon, 22 Jun 2020 21:23:23 +0200 Subject: [PATCH 3/5] wip --- charts/helm-broker/Chart.yaml | 2 ++ charts/helm-broker/README.md | 2 +- .../{crds => templates/crd}/addons-configuration.crd.yaml | 2 ++ .../crd}/cluster-addons-configuration.crd.yaml | 2 ++ charts/helm-broker/values.yaml | 4 ++-- 5 files changed, 9 insertions(+), 3 deletions(-) rename charts/helm-broker/{crds => templates/crd}/addons-configuration.crd.yaml (99%) rename charts/helm-broker/{crds => templates/crd}/cluster-addons-configuration.crd.yaml (99%) diff --git a/charts/helm-broker/Chart.yaml b/charts/helm-broker/Chart.yaml index 12442acf..5235719e 100644 --- a/charts/helm-broker/Chart.yaml +++ b/charts/helm-broker/Chart.yaml @@ -12,6 +12,8 @@ maintainers: url: https://github.com/pk85/ - name: piotrmiskiewicz email: piotr.miskiewicz@sap.com + - name: adamwalach + email: adam.walach@sap.com - name: jasiu001 email: piotr.jasiak@sap.com - name: polskikiel diff --git a/charts/helm-broker/README.md b/charts/helm-broker/README.md index 7c053950..ced6bbe2 100644 --- a/charts/helm-broker/README.md +++ b/charts/helm-broker/README.md @@ -2,6 +2,6 @@ ## Overview -The Helm Broker is a [Service Broker](https://kyma-project.io/docs/master/components/service-catalog/#service-brokers-overview) which exposes Helm charts as ServiceClasses in the [Service Catalog](https://kyma-project.io/docs/master/components/service-catalog/#overview-overview). To do so, the Helm Broker uses the concept of addons. An addon is an abstraction layer over a Helm chart which provides all information required to convert the chart into a ServiceClass. +The Helm Broker is a [Service Broker](https://kyma-project.io/docs/master/components/service-catalog/#service-brokers-overview) which exposes Helm charts as Service Classes in the [Service Catalog](https://kyma-project.io/docs/master/components/service-catalog/#overview-overview). To do so, the Helm Broker uses the concept of addons. An addon is an abstraction layer over a Helm chart which provides all information required to convert the chart into a Service Class. The Helm Broker implements the [Open Service Broker API](https://github.com/openservicebrokerapi/servicebroker/blob/master/spec.md). For more information about the Helm Broker, read the [documentation](https://kyma-project.io/docs/master/components/helm-broker/). diff --git a/charts/helm-broker/crds/addons-configuration.crd.yaml b/charts/helm-broker/templates/crd/addons-configuration.crd.yaml similarity index 99% rename from charts/helm-broker/crds/addons-configuration.crd.yaml rename to charts/helm-broker/templates/crd/addons-configuration.crd.yaml index cc047cd0..7ba17160 100644 --- a/charts/helm-broker/crds/addons-configuration.crd.yaml +++ b/charts/helm-broker/templates/crd/addons-configuration.crd.yaml @@ -3,6 +3,8 @@ kind: CustomResourceDefinition metadata: creationTimestamp: null name: addonsconfigurations.addons.kyma-project.io + annotations: + helm.sh/hook: crd-install spec: additionalPrinterColumns: - JSONPath: .status.phase diff --git a/charts/helm-broker/crds/cluster-addons-configuration.crd.yaml b/charts/helm-broker/templates/crd/cluster-addons-configuration.crd.yaml similarity index 99% rename from charts/helm-broker/crds/cluster-addons-configuration.crd.yaml rename to charts/helm-broker/templates/crd/cluster-addons-configuration.crd.yaml index a0d7db88..5a995a99 100644 --- a/charts/helm-broker/crds/cluster-addons-configuration.crd.yaml +++ b/charts/helm-broker/templates/crd/cluster-addons-configuration.crd.yaml @@ -3,6 +3,8 @@ kind: CustomResourceDefinition metadata: creationTimestamp: null name: clusteraddonsconfigurations.addons.kyma-project.io + annotations: + helm.sh/hook: crd-install spec: additionalPrinterColumns: - JSONPath: .status.phase diff --git a/charts/helm-broker/values.yaml b/charts/helm-broker/values.yaml index 793dd79d..a55f14d1 100644 --- a/charts/helm-broker/values.yaml +++ b/charts/helm-broker/values.yaml @@ -55,9 +55,9 @@ global: # paths to docker images helm_broker: dir: /pr/ - version: PR-97 + version: PR-80 helm_controller: dir: /pr/ - version: PR-97 + version: PR-80 # etcd port uses by helm broker etcdClientPort: 2379 From 10a855f488756910674a5742392203b607aa7d93 Mon Sep 17 00:00:00 2001 From: "Miskiewicz, Piotr" Date: Mon, 22 Jun 2020 22:10:15 +0200 Subject: [PATCH 4/5] wip --- charts_v3/helm-broker/Chart.yaml | 20 ++ charts_v3/helm-broker/README.md | 7 + .../charts/etcd-stateful/Chart.yaml | 7 + .../etcd-stateful/templates/_helpers.tpl | 9 + .../charts/etcd-stateful/templates/rbac.yaml | 31 +++ .../etcd-stateful/templates/service.yaml | 43 ++++ .../etcd-stateful/templates/statefulset.yaml | 190 ++++++++++++++++++ .../charts/etcd-stateful/values.yaml | 17 ++ charts_v3/helm-broker/ci/README.md | 5 + .../helm-broker/ci/built-image-values.yaml | 14 ++ .../crds/addons-configuration.crd.yaml | 147 ++++++++++++++ .../cluster-addons-configuration.crd.yaml | 146 ++++++++++++++ charts_v3/helm-broker/templates/_helpers.tpl | 15 ++ .../templates/default-addons-cfg.yaml | 11 + charts_v3/helm-broker/templates/deploy.yaml | 149 ++++++++++++++ .../templates/helm-broker-cfg.yaml | 22 ++ .../helm-broker/templates/helm-secret.yaml | 10 + charts_v3/helm-broker/templates/rbac.yaml | 56 ++++++ charts_v3/helm-broker/templates/ssh-cfg.yaml | 16 ++ charts_v3/helm-broker/templates/svc.yaml | 21 ++ .../helm-broker/templates/tests/rbac.yaml | 45 +++++ .../templates/tests/test-addons-serving.yaml | 24 +++ charts_v3/helm-broker/values.yaml | 63 ++++++ 23 files changed, 1068 insertions(+) create mode 100644 charts_v3/helm-broker/Chart.yaml create mode 100644 charts_v3/helm-broker/README.md create mode 100644 charts_v3/helm-broker/charts/etcd-stateful/Chart.yaml create mode 100644 charts_v3/helm-broker/charts/etcd-stateful/templates/_helpers.tpl create mode 100644 charts_v3/helm-broker/charts/etcd-stateful/templates/rbac.yaml create mode 100644 charts_v3/helm-broker/charts/etcd-stateful/templates/service.yaml create mode 100644 charts_v3/helm-broker/charts/etcd-stateful/templates/statefulset.yaml create mode 100644 charts_v3/helm-broker/charts/etcd-stateful/values.yaml create mode 100644 charts_v3/helm-broker/ci/README.md create mode 100644 charts_v3/helm-broker/ci/built-image-values.yaml create mode 100644 charts_v3/helm-broker/crds/addons-configuration.crd.yaml create mode 100644 charts_v3/helm-broker/crds/cluster-addons-configuration.crd.yaml create mode 100644 charts_v3/helm-broker/templates/_helpers.tpl create mode 100644 charts_v3/helm-broker/templates/default-addons-cfg.yaml create mode 100644 charts_v3/helm-broker/templates/deploy.yaml create mode 100644 charts_v3/helm-broker/templates/helm-broker-cfg.yaml create mode 100644 charts_v3/helm-broker/templates/helm-secret.yaml create mode 100644 charts_v3/helm-broker/templates/rbac.yaml create mode 100644 charts_v3/helm-broker/templates/ssh-cfg.yaml create mode 100644 charts_v3/helm-broker/templates/svc.yaml create mode 100644 charts_v3/helm-broker/templates/tests/rbac.yaml create mode 100644 charts_v3/helm-broker/templates/tests/test-addons-serving.yaml create mode 100644 charts_v3/helm-broker/values.yaml diff --git a/charts_v3/helm-broker/Chart.yaml b/charts_v3/helm-broker/Chart.yaml new file mode 100644 index 00000000..12442acf --- /dev/null +++ b/charts_v3/helm-broker/Chart.yaml @@ -0,0 +1,20 @@ +name: helm-broker +description: Helm broker deployment chart. +version: 0.1.0 +appVersion: 0.1.0 +home: https://github.com/kyma-project/helm-broker +maintainers: + - name: mszostok + email: mateusz.szostok@sap.com + url: https://github.com/mszostok/ + - name: pk85 + email: piotr.kopczynski@sap.com + url: https://github.com/pk85/ + - name: piotrmiskiewicz + email: piotr.miskiewicz@sap.com + - name: jasiu001 + email: piotr.jasiak@sap.com + - name: polskikiel + email: michal.kempski@sap.com + - name: ksputo + email: kamil.sputo@sap.com diff --git a/charts_v3/helm-broker/README.md b/charts_v3/helm-broker/README.md new file mode 100644 index 00000000..7c053950 --- /dev/null +++ b/charts_v3/helm-broker/README.md @@ -0,0 +1,7 @@ +# Helm Broker + +## Overview + +The Helm Broker is a [Service Broker](https://kyma-project.io/docs/master/components/service-catalog/#service-brokers-overview) which exposes Helm charts as ServiceClasses in the [Service Catalog](https://kyma-project.io/docs/master/components/service-catalog/#overview-overview). To do so, the Helm Broker uses the concept of addons. An addon is an abstraction layer over a Helm chart which provides all information required to convert the chart into a ServiceClass. + +The Helm Broker implements the [Open Service Broker API](https://github.com/openservicebrokerapi/servicebroker/blob/master/spec.md). For more information about the Helm Broker, read the [documentation](https://kyma-project.io/docs/master/components/helm-broker/). diff --git a/charts_v3/helm-broker/charts/etcd-stateful/Chart.yaml b/charts_v3/helm-broker/charts/etcd-stateful/Chart.yaml new file mode 100644 index 00000000..8885ba41 --- /dev/null +++ b/charts_v3/helm-broker/charts/etcd-stateful/Chart.yaml @@ -0,0 +1,7 @@ +name: etcd-stateful +home: https://github.com/alexandrem/ +version: 0.1.0 +description: self-hosted etcd cluster +maintainers: + - name: Alexandre Mclean + email: alexandre.mclean@gmail.com \ No newline at end of file diff --git a/charts_v3/helm-broker/charts/etcd-stateful/templates/_helpers.tpl b/charts_v3/helm-broker/charts/etcd-stateful/templates/_helpers.tpl new file mode 100644 index 00000000..cb54c1ca --- /dev/null +++ b/charts_v3/helm-broker/charts/etcd-stateful/templates/_helpers.tpl @@ -0,0 +1,9 @@ +{{/* vim: set filetype=mustache: */}} + {{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "etcd-hb-fullname" -}} +{{- printf "%s-etcd-stateful" .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- end -}} diff --git a/charts_v3/helm-broker/charts/etcd-stateful/templates/rbac.yaml b/charts_v3/helm-broker/charts/etcd-stateful/templates/rbac.yaml new file mode 100644 index 00000000..7ea5f833 --- /dev/null +++ b/charts_v3/helm-broker/charts/etcd-stateful/templates/rbac.yaml @@ -0,0 +1,31 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "etcd-hb-fullname" . }}-etcd-certs + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "etcd-hb-fullname" . }}-etcd-certs +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "etcd-hb-fullname" . }}-etcd-certs +subjects: +- kind: ServiceAccount + name: {{ template "etcd-hb-fullname" . }}-etcd-certs + namespace: {{.Release.Namespace}} + +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1beta1 +metadata: + name: {{ template "etcd-hb-fullname" . }}-etcd-certs +rules: + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "list", "patch"] + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["get", "create", "delete"] diff --git a/charts_v3/helm-broker/charts/etcd-stateful/templates/service.yaml b/charts_v3/helm-broker/charts/etcd-stateful/templates/service.yaml new file mode 100644 index 00000000..e2e09f37 --- /dev/null +++ b/charts_v3/helm-broker/charts/etcd-stateful/templates/service.yaml @@ -0,0 +1,43 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ template "etcd-hb-fullname" . }} + labels: + app: {{ template "etcd-hb-fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" + annotations: + # Create endpoints also if the related pod isn't ready + service.alpha.kubernetes.io/tolerate-unready-endpoints: "true" +spec: + ports: + - port: {{ .Values.global.etcdClientPort }} + name: client + - port: 2380 + name: peer + clusterIP: None + selector: + app: {{ template "etcd-hb-fullname" . }} + +--- +apiVersion: v1 +kind: Service +metadata: + name: "{{ template "etcd-hb-fullname" . }}-client" + labels: + app: {{ template "etcd-hb-fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" + annotations: + # Create endpoints also if the related pod isn't ready + service.alpha.kubernetes.io/tolerate-unready-endpoints: "true" +spec: + ports: + - port: {{ .Values.global.etcdClientPort }} + name: client + - port: 2381 + name: metrics + selector: + app: {{ template "etcd-hb-fullname" . }} diff --git a/charts_v3/helm-broker/charts/etcd-stateful/templates/statefulset.yaml b/charts_v3/helm-broker/charts/etcd-stateful/templates/statefulset.yaml new file mode 100644 index 00000000..9e70c606 --- /dev/null +++ b/charts_v3/helm-broker/charts/etcd-stateful/templates/statefulset.yaml @@ -0,0 +1,190 @@ +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: {{ template "etcd-hb-fullname" . }} + labels: + app: {{ template "etcd-hb-fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" +spec: + serviceName: {{ template "etcd-hb-fullname" . }} + replicas: {{ .Values.replicaCount }} + selector: + matchLabels: + app: {{ template "etcd-hb-fullname" . }} + template: + metadata: + name: {{ template "etcd-hb-fullname" . }} + annotations: + sidecar.istio.io/inject: "false" + labels: + app: {{ template "etcd-hb-fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" + spec: + terminationGracePeriodSeconds: 60 + restartPolicy: Always + containers: + - name: "{{ template "etcd-hb-fullname" . }}" + image: "{{.Values.etcd.image}}:{{.Values.etcd.imageTag}}" + ports: + - containerPort: {{ .Values.global.etcdClientPort }} + name: client + - containerPort: 2380 + name: peer + - containerPort: 2381 + name: metrics + env: + - name: CLUSTER_SIZE + value: "{{ .Values.replicaCount }}" + - name: SET_NAME + value: "{{ template "etcd-hb-fullname" . }}" + - name: ETCDCTL_API + value: "3" + - name: ETCD_TLS + value: "{{.Values.etcd.secure}}" + - name: MY_POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + volumeMounts: + - name: data + mountPath: /var/run/etcd + resources: + limits: + cpu: "{{ .Values.etcd.resources.limits.cpu }}" + memory: "{{ .Values.etcd.resources.limits.memory }}" + requests: + cpu: "{{ .Values.etcd.resources.requests.cpu }}" + memory: "{{ .Values.etcd.resources.requests.memory }}" + command: + - "/bin/sh" + - "-ecx" + - | + IP=$(hostname -i) + for i in $(seq 0 $((${CLUSTER_SIZE} - 1))); do + while true; do + echo "Waiting for ${SET_NAME}-${i}.${SET_NAME} to come up" + ping -W 1 -c 1 ${SET_NAME}-${i}.${SET_NAME} > /dev/null && break + sleep 1s + done + done + + STATE="new" + PEERS="" + CLIENT_URLS="" + # + # only needed on etcdctl if enabling authorization + # --cert=/etc/etcdctl/server/server.crt \ + # --key=/etc/etcdctl/server/server.key \ + for i in $(seq 0 $((${CLUSTER_SIZE} - 1))); do + if [ $(ETCD_TLS) = "true" ]; then + PEERS="${PEERS}${PEERS:+,}${SET_NAME}-${i}=https://${SET_NAME}-${i}.${SET_NAME}.${MY_POD_NAMESPACE}.svc.cluster.local:2380" + CLIENT_URLS="${CLIENT_URLS}${CLIENT_URLS:+,}https://${SET_NAME}-${i}.${SET_NAME}.${MY_POD_NAMESPACE}.svc.cluster.local:{{ .Values.global.etcdClientPort }}" + set +e + etcdctl \ + --endpoints=https://etcd-${i}.${SET_NAME}.${MY_POD_NAMESPACE}.svc.cluster.local:{{ .Values.global.etcdClientPort }} \ + --cacert=/etc/etcdtls/member/server-tls/server-ca.crt \ + endpoint status + ret=$? + set -e + else + PEERS="${PEERS}${PEERS:+,}${SET_NAME}-${i}=http://${SET_NAME}-${i}.${SET_NAME}.${MY_POD_NAMESPACE}.svc.cluster.local:2380" + CLIENT_URLS="${CLIENT_URLS}${CLIENT_URLS:+,}http://${SET_NAME}-${i}.${SET_NAME}.${MY_POD_NAMESPACE}.svc.cluster.local:{{ .Values.global.etcdClientPort }}" + set +e + etcdctl \ + --endpoints=https://etcd-${i}.${SET_NAME}:{{ .Values.global.etcdClientPort }} \ + endpoint status + ret=$? + set -e + fi + if [[ $ret -eq 0 ]]; then + STATE="existing" + fi + done + + # If restored backup exists than replace old data-dir with the one from backup + if [ -d /var/run/etcd/backup.etcd/ ]; then + rm -rf /var/run/etcd/default.etcd + mv /var/run/etcd/backup.etcd /var/run/etcd/default.etcd + fi + + # start etcd. If cluster is already initialized the `--initial-*` options will be ignored. + # + # This would only be needed if enabling authorization and using CN in cacert client. + # --client-cert-auth=true \ + # --trusted-ca-file=/etc/etcdtls/server/server-ca.crt \ + + if [ $(ETCD_TLS) = "true" ]; then + exec etcd --name ${HOSTNAME} \ + --listen-peer-urls https://${IP}:2380 \ + --peer-client-cert-auth=true \ + --peer-trusted-ca-file=/etc/etcdtls/member/peer-tls/peer-ca.crt \ + --peer-cert-file=/etc/etcdtls/member/peer-tls/peer.crt \ + --peer-key-file=/etc/etcdtls/member/peer-tls/peer.key \ + --client-cert-auth=true \ + --trusted-ca-file=/etc/etcdtls/member/server-tls/server-ca.crt \ + --cert-file=/etc/etcdtls/member/server-tls/server.crt \ + --key-file=/etc/etcdtls/member/server-tls/server.key \ + --listen-client-urls https://${IP}:{{ .Values.global.etcdClientPort }},https://127.0.0.1:{{ .Values.global.etcdClientPort }} \ + --advertise-client-urls ${CLIENT_URLS} \ + --initial-advertise-peer-urls https://${HOSTNAME}.${SET_NAME}.${MY_POD_NAMESPACE}.svc.cluster.local:2380 \ + --initial-cluster-token etcd-cluster-1 \ + --initial-cluster ${PEERS} \ + --initial-cluster-state ${STATE} \ + --listen-metrics-urls http://${IP}:2381 \ + --data-dir /var/run/etcd/default.etcd + else + exec etcd --name ${HOSTNAME} \ + --listen-peer-urls http://${IP}:2380 \ + --peer-client-cert-auth=false \ + --listen-client-urls http://${IP}:{{ .Values.global.etcdClientPort }},http://127.0.0.1:{{ .Values.global.etcdClientPort }} \ + --advertise-client-urls ${CLIENT_URLS} \ + --initial-advertise-peer-urls http://${HOSTNAME}.${SET_NAME}.${MY_POD_NAMESPACE}.svc.cluster.local:2380 \ + --initial-cluster-token etcd-cluster-1 \ + --initial-cluster ${PEERS} \ + --initial-cluster-state ${STATE} \ + --listen-metrics-urls http://${IP}:2381 \ + --data-dir /var/run/etcd/default.etcd + fi + + livenessProbe: + exec: + command: + - /usr/local/bin/etcdctl + {{ if .Values.etcd.secure }} + - --endpoints=https://localhost:{{ .Values.global.etcdClientPort }} + - --cert=/etc/etcdtls/operator/etcd-tls/etcd-client.crt + - --key=/etc/etcdtls/operator/etcd-tls/etcd-client.key + - --cacert=/etc/etcdtls/operator/etcd-tls/etcd-client-ca.crt + {{ else }} + - --endpoints=http://localhost:{{ .Values.global.etcdClientPort }} + {{ end }} + - get + - foo + initialDelaySeconds: 30 + periodSeconds: 15 + timeoutSeconds: 5 + failureThreshold: 3 + + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: "app" + operator: In + values: + - {{ template "etcd-hb-fullname" . }} + topologyKey: "kubernetes.io/hostname" + volumeClaimTemplates: + - metadata: + name: data + spec: + accessModes: + - "ReadWriteOnce" + resources: + requests: + storage: 4Gi diff --git a/charts_v3/helm-broker/charts/etcd-stateful/values.yaml b/charts_v3/helm-broker/charts/etcd-stateful/values.yaml new file mode 100644 index 00000000..90927099 --- /dev/null +++ b/charts_v3/helm-broker/charts/etcd-stateful/values.yaml @@ -0,0 +1,17 @@ +tlsSetup: + image: "eu.gcr.io/kyma-project/etcd-tls-setup" + imageTag: "0.3.367" + +etcd: + image: "quay.io/coreos/etcd" + imageTag: "v3.3.9" + secure: false + resources: + limits: + cpu: 200m + memory: 256Mi + requests: + cpu: 50m + memory: 64Mi + +replicaCount: 1 \ No newline at end of file diff --git a/charts_v3/helm-broker/ci/README.md b/charts_v3/helm-broker/ci/README.md new file mode 100644 index 00000000..a666ca8a --- /dev/null +++ b/charts_v3/helm-broker/ci/README.md @@ -0,0 +1,5 @@ +## Providing custom test values + +In order to enable custom test values, add any number of `-values.yaml` files to this directory. Only files with the `-values.yaml` suffix are considered. Instead of using the defaults, the chart is installed and tested separately for each of these files using the `--values` flag. + +If you want to perform testing using the default values, an empty `values.yaml` file must be present in the `ci` directory. diff --git a/charts_v3/helm-broker/ci/built-image-values.yaml b/charts_v3/helm-broker/ci/built-image-values.yaml new file mode 100644 index 00000000..5a22a37e --- /dev/null +++ b/charts_v3/helm-broker/ci/built-image-values.yaml @@ -0,0 +1,14 @@ +global: + containerRegistry: + path: "" + helm_broker: + dir: "" + version: "latest" + helm_controller: + dir: "" + version: "latest" + +tests: + image: helm-broker-tests + dir: "" + tag: "latest" diff --git a/charts_v3/helm-broker/crds/addons-configuration.crd.yaml b/charts_v3/helm-broker/crds/addons-configuration.crd.yaml new file mode 100644 index 00000000..cc047cd0 --- /dev/null +++ b/charts_v3/helm-broker/crds/addons-configuration.crd.yaml @@ -0,0 +1,147 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + creationTimestamp: null + name: addonsconfigurations.addons.kyma-project.io +spec: + additionalPrinterColumns: + - JSONPath: .status.phase + name: Phase + type: string + - JSONPath: .metadata.creationTimestamp + name: Age + type: date + group: addons.kyma-project.io + names: + categories: + - all + - addons + kind: AddonsConfiguration + listKind: AddonsConfigurationList + plural: addonsconfigurations + singular: addonsconfiguration + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + description: AddonsConfiguration is the Schema for the addonsconfigurations + API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: AddonsConfigurationSpec defines the desired state of AddonsConfiguration + properties: + repositories: + items: + description: SpecRepository define the addon repository + properties: + secretRef: + description: SecretReference represents a Secret Reference. It + has enough information to retrieve secret in any namespace + properties: + name: + description: Name is unique within a namespace to reference + a secret resource. + type: string + namespace: + description: Namespace defines the space within which the + secret name must be unique. + type: string + type: object + url: + type: string + required: + - url + type: object + type: array + reprocessRequest: + description: 'ReprocessRequest is strictly increasing, non-negative + integer counter that can be incremented by a user to manually trigger + the reprocessing action of given CR. TODO: Use validation webhook + to block negative values, explanation: https://github.com/kubernetes/community/blob/db7f270f2d04b497767ebbc59c5aea595d67ea2c/contributors/devel/sig-architecture/api-conventions.md#primitive-types' + format: int64 + type: integer + required: + - repositories + type: object + status: + description: AddonsConfigurationStatus defines the observed state of AddonsConfiguration + properties: + lastProcessedTime: + format: date-time + type: string + observedGeneration: + format: int64 + type: integer + phase: + description: AddonsConfigurationPhase defines the addons configuration + phase + type: string + repositories: + items: + description: StatusRepository define the addon repository + properties: + addons: + items: + description: Addon holds information about single addon + properties: + message: + type: string + name: + type: string + reason: + type: string + status: + description: AddonStatus define the addon status + enum: + - Ready + - Failed + type: string + version: + type: string + required: + - name + - version + type: object + type: array + message: + type: string + reason: + type: string + status: + description: RepositoryStatus define the repository status + type: string + url: + type: string + required: + - addons + - url + type: object + type: array + required: + - phase + type: object + type: object + version: v1alpha1 + versions: + - name: v1alpha1 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/charts_v3/helm-broker/crds/cluster-addons-configuration.crd.yaml b/charts_v3/helm-broker/crds/cluster-addons-configuration.crd.yaml new file mode 100644 index 00000000..a0d7db88 --- /dev/null +++ b/charts_v3/helm-broker/crds/cluster-addons-configuration.crd.yaml @@ -0,0 +1,146 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + creationTimestamp: null + name: clusteraddonsconfigurations.addons.kyma-project.io +spec: + additionalPrinterColumns: + - JSONPath: .status.phase + name: Phase + type: string + - JSONPath: .metadata.creationTimestamp + name: Age + type: date + group: addons.kyma-project.io + names: + kind: ClusterAddonsConfiguration + listKind: ClusterAddonsConfigurationList + plural: clusteraddonsconfigurations + singular: clusteraddonsconfiguration + scope: Cluster + subresources: + status: {} + validation: + openAPIV3Schema: + description: ClusterAddonsConfiguration is the Schema for the addonsconfigurations + API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ClusterAddonsConfigurationSpec defines the desired state of + ClusterAddonsConfiguration + properties: + repositories: + items: + description: SpecRepository define the addon repository + properties: + secretRef: + description: SecretReference represents a Secret Reference. It + has enough information to retrieve secret in any namespace + properties: + name: + description: Name is unique within a namespace to reference + a secret resource. + type: string + namespace: + description: Namespace defines the space within which the + secret name must be unique. + type: string + type: object + url: + type: string + required: + - url + type: object + type: array + reprocessRequest: + description: 'ReprocessRequest is strictly increasing, non-negative + integer counter that can be incremented by a user to manually trigger + the reprocessing action of given CR. TODO: Use validation webhook + to block negative values, explanation: https://github.com/kubernetes/community/blob/db7f270f2d04b497767ebbc59c5aea595d67ea2c/contributors/devel/sig-architecture/api-conventions.md#primitive-types' + format: int64 + type: integer + required: + - repositories + type: object + status: + description: ClusterAddonsConfigurationStatus defines the observed state + of ClusterAddonsConfiguration + properties: + lastProcessedTime: + format: date-time + type: string + observedGeneration: + format: int64 + type: integer + phase: + description: AddonsConfigurationPhase defines the addons configuration + phase + type: string + repositories: + items: + description: StatusRepository define the addon repository + properties: + addons: + items: + description: Addon holds information about single addon + properties: + message: + type: string + name: + type: string + reason: + type: string + status: + description: AddonStatus define the addon status + enum: + - Ready + - Failed + type: string + version: + type: string + required: + - name + - version + type: object + type: array + message: + type: string + reason: + type: string + status: + description: RepositoryStatus define the repository status + type: string + url: + type: string + required: + - addons + - url + type: object + type: array + required: + - phase + type: object + type: object + version: v1alpha1 + versions: + - name: v1alpha1 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/charts_v3/helm-broker/templates/_helpers.tpl b/charts_v3/helm-broker/templates/_helpers.tpl new file mode 100644 index 00000000..60e5524c --- /dev/null +++ b/charts_v3/helm-broker/templates/_helpers.tpl @@ -0,0 +1,15 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "name" -}} +{{- default .Chart.Name | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "fullname" -}} +{{- printf "%s" .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- end -}} diff --git a/charts_v3/helm-broker/templates/default-addons-cfg.yaml b/charts_v3/helm-broker/templates/default-addons-cfg.yaml new file mode 100644 index 00000000..bfbcc94f --- /dev/null +++ b/charts_v3/helm-broker/templates/default-addons-cfg.yaml @@ -0,0 +1,11 @@ +apiVersion: addons.kyma-project.io/v1alpha1 +kind: ClusterAddonsConfiguration +metadata: + name: "helm-repos-urls" + labels: + app: {{ template "fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + addons.kyma-project.io/managed: "true" +spec: + repositories: + - url: {{ .Values.defautlAddonsURL }} diff --git a/charts_v3/helm-broker/templates/deploy.yaml b/charts_v3/helm-broker/templates/deploy.yaml new file mode 100644 index 00000000..01761c54 --- /dev/null +++ b/charts_v3/helm-broker/templates/deploy.yaml @@ -0,0 +1,149 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "fullname" . }} + labels: + app: {{ template "name" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" +spec: + replicas: 1 + selector: + matchLabels: + app: {{ template "fullname" . }} + strategy: + type: Recreate + template: + metadata: + annotations: +{{ toYaml .Values.deploy.annotations | indent 8 }} + labels: + app: {{ template "fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" + spec: + serviceAccountName: {{ template "fullname" . }} + containers: + - name: broker + image: "{{ .Values.global.containerRegistry.path }}{{ .Values.global.helm_broker.dir }}helm-broker:{{ .Values.global.helm_broker.version }}" + imagePullPolicy: {{ .Values.global.image.pullPolicy }} + env: + - name: APP_PORT + value: "{{ .Values.broker.internalPort }}" + - name: APP_STATUS_PORT + value: "{{ .Values.broker.statusPort }}" + - name: APP_METRICS_PORT + value: "{{ .Values.broker.metricsPort }}" + - name: APP_CONFIG_FILE_NAME + value: /etc/config/helm-broker/config.yaml + - name: APP_HELM_TILLER_HOST + value: "tiller-deploy.kube-system.svc.cluster.local:44134" + - name: APP_HELM_TILLER_TLS_INSECURE + value: "{{ .Values.broker.tillerTLSInsecure }}" + - name: APP_HELM_TILLER_TLS_ENABLED + value: "{{ .Values.broker.tillerTLSEnabled }}" + resources: +{{ toYaml .Values.broker.resources | indent 10 }} + volumeMounts: + - mountPath: /tmp + name: tmp-empty-dir + - mountPath: /etc/config/helm-broker + name: config-volume +{{ if .Values.broker.tillerTLSEnabled }} + - mountPath: /etc/certs + name: helm-certs + readOnly: true +{{ end }} + ports: + - containerPort: {{ .Values.broker.internalPort }} + readinessProbe: + httpGet: + path: /ready + port: {{ .Values.broker.statusPort }} + initialDelaySeconds: 10 + periodSeconds: 10 + timeoutSeconds: 2 + livenessProbe: + httpGet: + path: /live + port: {{ .Values.broker.statusPort }} + initialDelaySeconds: 10 + periodSeconds: 15 + timeoutSeconds: 2 + + - name: ctrl + image: "{{ .Values.global.containerRegistry.path }}{{ .Values.global.helm_controller.dir }}helm-controller:{{ .Values.global.helm_controller.version }}" + imagePullPolicy: {{ .Values.global.image.pullPolicy }} + resources: +{{ toYaml .Values.ctrl.resources | indent 10 }} + env: + - name: APP_TMP_DIR + value: /tmp + - name: APP_STATUS_PORT + value: "{{ .Values.ctrl.statusPort }}" + - name: APP_NAMESPACE + value: {{ .Release.Namespace }} + - name: APP_SERVICE_NAME + value: {{ template "fullname" . }} + - name: APP_CONFIG_FILE_NAME + value: /etc/config/helm-broker/config.yaml + - name: APP_CLUSTER_SERVICE_BROKER_NAME + value: {{ template "fullname" . }} + - name: APP_DEVELOP_MODE + value: "{{ .Values.global.isDevelopMode }}" + - name: APP_DOCUMENTATION_ENABLED + value: "{{ .Values.ctrl.documentationEnabled }}" + - name: APP_UPLOAD_SERVICE_URL + value: "{{ .Values.ctrl.uploadServiceURL }}" + volumeMounts: + - mountPath: /tmp + name: tmp-empty-dir + - mountPath: /etc/config/helm-broker + name: config-volume +{{ if .Values.broker.tillerTLSEnabled }} + - mountPath: /etc/certs + name: helm-certs + readOnly: true +{{ end }} + - mountPath: /root/.ssh + name: ssh-cfg + readOnly: true + ports: + - containerPort: {{ .Values.ctrl.internalPort }} + readinessProbe: + httpGet: + path: /ready + port: {{ .Values.ctrl.statusPort }} + periodSeconds: 10 + timeoutSeconds: 2 + initialDelaySeconds: 10 + livenessProbe: + httpGet: + path: /live + port: {{ .Values.ctrl.statusPort }} + periodSeconds: 60 + timeoutSeconds: 30 + initialDelaySeconds: 10 + + volumes: + - name: tmp-empty-dir + emptyDir: + sizeLimit: "{{ .Values.ctrl.tmpDirSizeLimit }}" + - name: config-volume + configMap: + name: helm-config-map + - name: ssh-cfg + configMap: + name: ssh-cfg +{{ if .Values.broker.tillerTLSEnabled }} + - name: helm-certs + secret: + secretName: helm-secret + items: + - key: tls.crt + path: tls.crt + - key: tls.key + path: tls.key +{{ end }} \ No newline at end of file diff --git a/charts_v3/helm-broker/templates/helm-broker-cfg.yaml b/charts_v3/helm-broker/templates/helm-broker-cfg.yaml new file mode 100644 index 00000000..ac232e68 --- /dev/null +++ b/charts_v3/helm-broker/templates/helm-broker-cfg.yaml @@ -0,0 +1,22 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: helm-config-map + namespace: {{ .Release.Namespace }} + labels: + app: {{ template "fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" +data: + config.yaml: |- + tillerTLSInsecure: {{ .Values.broker.tillerTLSInsecure }} + storage: + - driver: etcd + provide: + all: ~ + + etcd: + endpoints: + - http://{{ .Release.Name }}-etcd-stateful-client.{{ .Release.Namespace }}.svc.cluster.local:{{ .Values.global.etcdClientPort }} + dialTimeout: 5s + dialKeepAliveTime: 2s + dialKeepAliveTimeout: 5s diff --git a/charts_v3/helm-broker/templates/helm-secret.yaml b/charts_v3/helm-broker/templates/helm-secret.yaml new file mode 100644 index 00000000..abce85ee --- /dev/null +++ b/charts_v3/helm-broker/templates/helm-secret.yaml @@ -0,0 +1,10 @@ +{{ if .Values.broker.tillerTLSEnabled }} +apiVersion: v1 +data: + tls.crt: {{ .Values.global.helm.tls.crt | b64enc }} + tls.key: {{ .Values.global.helm.tls.key | b64enc }} +kind: Secret +metadata: + name: helm-secret +type: Opaque +{{- end -}} \ No newline at end of file diff --git a/charts_v3/helm-broker/templates/rbac.yaml b/charts_v3/helm-broker/templates/rbac.yaml new file mode 100644 index 00000000..52e94d06 --- /dev/null +++ b/charts_v3/helm-broker/templates/rbac.yaml @@ -0,0 +1,56 @@ +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1beta1 +metadata: + name: {{ template "fullname" . }} + labels: + app: {{ template "name" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" +rules: +- apiGroups: [""] + resources: ["secrets", "configmaps", "services"] + verbs: ["get", "list", "watch"] +- apiGroups: ["servicecatalog.k8s.io"] + resources: ["servicebrokers", "clusterservicebrokers"] + verbs: ["create","delete","list","get","update", "watch"] +- apiGroups: ["servicecatalog.k8s.io"] + resources: ["serviceclasses", "clusterserviceclasses", "serviceinstances"] + verbs: ["list","get", "watch"] +- apiGroups: ["rafter.kyma-project.io"] + resources: ["clusterassetgroups", "assetgroups"] + verbs: ["get", "create", "update", "delete", "list", "watch"] +- apiGroups: ["addons.kyma-project.io"] + resources: ["addonsconfigurations", "clusteraddonsconfigurations", "addonsconfigurations/status", "clusteraddonsconfigurations/status", "addonsconfigurations/finalizers", "clusteraddonsconfigurations/finalizers"] + verbs: ["get", "list", "watch", "create", "update", "delete"] + +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + app: {{ template "name" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" + +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1beta1 +metadata: + name: {{ template "fullname" . }} + labels: + app: {{ template "name" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" +subjects: +- kind: ServiceAccount + name: {{ template "fullname" . }} + namespace: {{ .Release.Namespace }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cluster-admin diff --git a/charts_v3/helm-broker/templates/ssh-cfg.yaml b/charts_v3/helm-broker/templates/ssh-cfg.yaml new file mode 100644 index 00000000..87601088 --- /dev/null +++ b/charts_v3/helm-broker/templates/ssh-cfg.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: ssh-cfg + namespace: {{ .Release.Namespace }} + labels: + app: {{ template "fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" +data: + known_hosts: |- + # generated from the command: ssh-keyscan -t rsa github.com + github.com ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ== + bitbucket.org ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAubiN81eDcafrgMeLzaFPsw2kNvEcqTKl/VqLat/MaB33pZy0y3rJZtnqwR2qOOvbwKZYKiEO1O6VqNEBxKvJJelCq0dTXWT5pbO2gDXC6h6QDXCaHo6pOHGPUy+YBaGQRGuSusMEASYiWunYN0vCAI8QaXnWMXNMdFP3jHAJH0eDsoiGnLPBlBp4TNm6rYI74nMzgz3B9IikW4WVK+dc8KZJZWYjAuORU3jc1c/NPskD2ASinf8v3xnfXeukU0sJ5N6m5E8VLjObPEO+mN2t/FZTMZLiFqPWc/ALSqnMnnhwrNi2rbfg/rd/IpL8Le3pSBne8+seeFVBoGqzHM9yXw== + gitlab.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsj2bNKTBSpIYDEGk9KxsGh3mySTRgMtXL583qmBpzeQ+jqCMRgBqB98u3z++J1sKlXHWfM9dyhSevkMwSbhoR8XIq/U0tCNyokEi/ueaBMCvbcTHhO7FcwzY92WK4Yt0aGROY5qX2UKSeOvuP4D6TPqKF1onrSzH9bx9XUf2lEdWT/ia1NEKjunUqu1xOB/StKDHMoX4/OKyIzuS0q/T1zOATthvasJFoPrAjkohTyaDUz2LN5JoH839hViyEG82yB+MjcFV5MU3N1l1QL3cVUCh93xSaua1N85qivl+siMkPGbO5xR/En4iEY6K2XPASUEMaieWVNTRCtJ4S8H+9 + config: |- + CheckHostIP no diff --git a/charts_v3/helm-broker/templates/svc.yaml b/charts_v3/helm-broker/templates/svc.yaml new file mode 100644 index 00000000..59f1d1a3 --- /dev/null +++ b/charts_v3/helm-broker/templates/svc.yaml @@ -0,0 +1,21 @@ +kind: Service +apiVersion: v1 +metadata: + name: {{ template "fullname" . }} + annotations: +{{ toYaml .Values.service.annotations | indent 4 }} + labels: + app: {{ template "name" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" +spec: + type: {{ .Values.service.type }} + selector: + app: {{ template "fullname" . }} + release: {{ .Release.Name }} + ports: + - protocol: TCP + name: http-hb-port + port: {{ .Values.service.externalPort }} + targetPort: {{ .Values.broker.internalPort }} diff --git a/charts_v3/helm-broker/templates/tests/rbac.yaml b/charts_v3/helm-broker/templates/tests/rbac.yaml new file mode 100644 index 00000000..a4e12cf2 --- /dev/null +++ b/charts_v3/helm-broker/templates/tests/rbac.yaml @@ -0,0 +1,45 @@ +kind: ServiceAccount +apiVersion: v1 +metadata: + name: {{ .Chart.Name }}-tests + labels: + app: {{ .Chart.Name }}-tests + app.kubernetes.io/name: {{ .Chart.Name }}-tests + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1beta1 +metadata: + name: {{ .Chart.Name }}-tests + labels: + app: {{ .Chart.Name }}-tests + app.kubernetes.io/name: {{ .Chart.Name }}-tests + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} +rules: + - apiGroups: ["addons.kyma-project.io"] + resources: ["addonsconfigurations", "clusteraddonsconfigurations"] + verbs: ["create", "delete", "get", "list"] +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1beta1 +metadata: + name: {{ .Chart.Name }}-tests + labels: + app: {{ .Chart.Name }}-tests + app.kubernetes.io/name: {{ .Chart.Name }}-tests + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} +subjects: + - kind: ServiceAccount + name: {{ .Chart.Name }}-tests + namespace: {{ .Release.Namespace }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ .Chart.Name }}-tests + diff --git a/charts_v3/helm-broker/templates/tests/test-addons-serving.yaml b/charts_v3/helm-broker/templates/tests/test-addons-serving.yaml new file mode 100644 index 00000000..0a934abb --- /dev/null +++ b/charts_v3/helm-broker/templates/tests/test-addons-serving.yaml @@ -0,0 +1,24 @@ +apiVersion: v1 +kind: Pod +metadata: + name: "{{ .Release.Name }}-addon-serving-test" + annotations: + "helm.sh/hook": test-success +spec: + serviceAccountName: {{ .Chart.Name }}-tests + {{- with .Values.tests.securityContext }} + securityContext: +{{ toYaml . | indent 8 }} + {{- end }} + containers: + - name: {{ .Release.Name }}--addon-serving-test + imagePullPolicy: {{ .Values.global.image.pullPolicy }} + image: "{{ .Values.global.containerRegistry.path }}{{ .Values.tests.dir }}{{ .Values.tests.image }}:{{ .Values.tests.tag }}" + env: + - name: HELM_BROKER_URL + value: "http://{{ template "fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local/cluster" + - name: CLUSTER_ADDONS_CONFIGURATION_URL + value: "github.com/kyma-project/addons//addons/index-acc-testing.yaml?ref=2d671e3a9d840b877dd8cd5fd9e6e0147ad4caf0" + - name: EXPECTED_ADDON_ID + value: "a54abe18-0a84-22e9-ab34-d663bbce3d88" + restartPolicy: Never diff --git a/charts_v3/helm-broker/values.yaml b/charts_v3/helm-broker/values.yaml new file mode 100644 index 00000000..793dd79d --- /dev/null +++ b/charts_v3/helm-broker/values.yaml @@ -0,0 +1,63 @@ +tests: + image: helm-broker-tests + dir: /pr/ + tag: PR-97 + securityContext: + runAsUser: 2000 + +service: + type: NodePort + externalPort: 80 + annotations: {} + +deploy: + annotations: {} + +ctrl: + tmpDirSizeLimit: 1Gi + resources: + limits: + memory: 96Mi + cpu: 100m + requests: + memory: 32Mi + cpu: 80m + internalPort: 8080 + statusPort: 8081 + # enable/disable docs topics support for helm controller + documentationEnabled: false + uploadServiceURL: "not-needed-if-APP_DOCUMENTATION_ENABLED-set-to-false" + +broker: + resources: + limits: + memory: 76Mi + cpu: 60m + requests: + memory: 32Mi + cpu: 30m + tillerTLSInsecure: true + tillerTLSEnabled: false + internalPort: 8070 + statusPort: 8071 + metricsPort: 8072 + +defautlAddonsURL: "https://github.com/kyma-project/addons/releases/download/0.10.0/index.yaml" + +global: + containerRegistry: + path: eu.gcr.io/kyma-project + # develop mode allows use insecure (http) url for addons configuration + isDevelopMode: false + # image pull policy for helm broker broker/controller containers + image: + pullPolicy: IfNotPresent + # paths to docker images + helm_broker: + dir: /pr/ + version: PR-97 + helm_controller: + dir: /pr/ + version: PR-97 + # etcd port uses by helm broker + etcdClientPort: 2379 From 9c1199dc9e3464810b0568fede2d90e0c8ab869a Mon Sep 17 00:00:00 2001 From: "Miskiewicz, Piotr" Date: Tue, 23 Jun 2020 11:32:04 +0200 Subject: [PATCH 5/5] wip --- internal/storage/testing/chart_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/internal/storage/testing/chart_test.go b/internal/storage/testing/chart_test.go index 23afaeaf..2211df7e 100644 --- a/internal/storage/testing/chart_test.go +++ b/internal/storage/testing/chart_test.go @@ -106,7 +106,7 @@ func TestHappyPath(t *testing.T) { // then got, err := ts.s.Get("ns1", internal.ChartName(chrt.Name()), *semver.MustParse(chrt.Metadata.Version)) require.NoError(t, err) - assert.Equal(t, len(chrt.Dependencies()), len(got.Dependencies())) + assert.Len(t, chrt.Dependencies(), len(got.Dependencies())) }) }