charts: update to 0.2.0 (#216)

* init webhook configuration * change names of some fields and add skipValidation flag * add replicas parameter for manager and webhook pods * update changelog of charts * move remove the global section * remove skipValidation variable and wehbook objectSelector for Network/Subnet * only create init Network/Subnet once * remove exceptPodLabels and use additionalPodMatchExpressions * add enableNetworkPolicy variable * move preferInterfaces to daemon section * update changelog of charts
alibaba · Apr 12, 2022 · 469554c · 469554c
1 parent 0dbde8a
commit 469554c
Show file tree

Hide file tree

Showing 7 changed files with 67 additions and 42 deletions.
diff --git a/charts/hybridnet/Chart.yaml b/charts/hybridnet/Chart.yaml
@@ -2,7 +2,7 @@ apiVersion: v2
 name: hybridnet
 # When the version is modified, make sure the artifacthub.io/changes list is updated
 # Also update CHANGELOG.md
-version: 0.1.2
+version: 0.2.0
 appVersion: 0.4.2
 home: https://github.com/alibaba/hybridnet
 description: A container networking solution aiming at hybrid clouds.
@@ -22,4 +22,9 @@ annotations:
   artifacthub.io/prerelease: "false"
   # List of changes for the release in artifacthub.io
   artifacthub.io/changes: |
-    - "add defualtIPRetain parameter"
+    - "adjust names of some fields"
+    - "make the pod creating validation of webhook configurable, to avoid block the creation of other components"
+    - "make the init Subnet/Network be created only once while install the helm chart"
+    - "add enableNetworkPolicy variable for daemon"
+    - "add replicas parameter for manager and webhook pods"
+    - "remove badges in README"
diff --git a/charts/hybridnet/README.md b/charts/hybridnet/README.md
@@ -2,8 +2,6 @@
 
 hybridnet is an open source container networking solution designed for hybrid clouds.
 
-![Version: 0.1.1](https://img.shields.io/badge/Version-0.1.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.4.2](https://img.shields.io/badge/AppVersion-0.4.2-informational?style=flat-square)
-
 ## Prerequisites
 
 - Kubernetes v1.16+
@@ -52,7 +50,7 @@ time with these commands:
 
 ```shell
 # Change default network type to Underlay
-helm upgrade hybridnet hybridnet/hybridnet -n kube-system --set advancedSettings.defualtNetworkType=Underlay
+helm upgrade hybridnet hybridnet/hybridnet -n kube-system --set defualtNetworkType=Underlay
 ```
 
 Of course, if you want to change your container network to use Underlay as default network type, you should

diff --git a/charts/hybridnet/templates/daemonsets.yaml b/charts/hybridnet/templates/daemonsets.yaml
@@ -41,16 +41,16 @@ spec:
             - sh
             - /hybridnet/start-daemon.sh
           args:
-            {{ if (ne .Values.initNetworkConfig.preferVxlanInterfaces "") }}
-            - --prefer-vxlan-interfaces={{ .Values.initNetworkConfig.preferVxlanInterfaces }}
+            {{ if (ne .Values.daemon.preferVxlanInterfaces "") }}
+            - --prefer-vxlan-interfaces={{ .Values.daemon.preferVxlanInterfaces }}
             {{ end }}
-            {{ if ne .Values.initNetworkConfig.preferVlanInterfaces "" }}
-            - --prefer-vlan-interfaces={{ .Values.initNetworkConfig.preferVlanInterfaces }}
+            {{ if ne .Values.daemon.preferVlanInterfaces "" }}
+            - --prefer-vlan-interfaces={{ .Values.daemon.preferVlanInterfaces }}
             {{ end }}
-            {{ if ne .Values.initNetworkConfig.preferBGPInterfaces "" }}
-            - --prefer-bgp-interfaces={{ .Values.initNetworkConfig.preferBGPInterfaces }}
+            {{ if ne .Values.daemon.preferBGPInterfaces "" }}
+            - --prefer-bgp-interfaces={{ .Values.daemon.preferBGPInterfaces }}
             {{ end }}
-            - --feature-gates=MultiCluster={{ .Values.advancedSettings.multiCluster }},DualStack={{ .Values.advancedSettings.dualStack }}
+            - --feature-gates=MultiCluster={{ .Values.multiCluster }},DualStack={{ .Values.dualStack }}
           securityContext:
             runAsUser: 0
             privileged: true
@@ -93,6 +93,7 @@ spec:
               mountPropagation: HostToContainer
               name: host-docker-netns
           # TODO: add liveness probe
+        {{ if .Values.daemon.enableNetworkPolicy }}
         - name: policy
           image: "{{ .Values.images.registryURL }}/{{ .Values.images.hybridnet.image }}:{{ .Values.images.hybridnet.tag }}"
           imagePullPolicy: IfNotPresent
@@ -110,6 +111,7 @@ spec:
           securityContext:
             privileged: true
             runAsUser: 0
+        {{ end }}
       nodeSelector:
         kubernetes.io/os: "linux"
       volumes:

diff --git a/charts/hybridnet/templates/deployments.yaml b/charts/hybridnet/templates/deployments.yaml
@@ -4,7 +4,7 @@ metadata:
   name: hybridnet-manager
   namespace: kube-system
 spec:
-  replicas: 3
+  replicas: {{ .Values.manager.replicas }}
   selector:
     matchLabels:
       app: hybridnet-manager
@@ -34,11 +34,11 @@ spec:
           imagePullPolicy: IfNotPresent
           command:
             - /hybridnet/hybridnet-manager
-            - --default-ip-retain={{ .Values.advancedSettings.defualtIPRetain }}
-            - --feature-gates=MultiCluster={{ .Values.advancedSettings.multiCluster }},DualStack={{ .Values.advancedSettings.dualStack }}
+            - --default-ip-retain={{ .Values.defualtIPRetain }}
+            - --feature-gates=MultiCluster={{ .Values.multiCluster }},DualStack={{ .Values.dualStack }}
           env:
             - name: DEFAULT_NETWORK_TYPE
-              value: {{ .Values.advancedSettings.defualtNetworkType }}
+              value: {{ .Values.defualtNetworkType }}
             - name: NAMESPACE
               valueFrom:
                 fieldRef:
@@ -53,7 +53,7 @@ metadata:
   name: hybridnet-webhook
   namespace: kube-system
 spec:
-  replicas: 3
+  replicas: {{ .Values.webhook.replicas }}
   selector:
     matchLabels:
       app: hybridnet-webhook
@@ -79,13 +79,13 @@ spec:
           imagePullPolicy: IfNotPresent
           command:
             - /hybridnet/hybridnet-webhook
-            - --default-ip-retain={{ .Values.advancedSettings.defualtIPRetain }}
-            - --feature-gates=MultiCluster={{ .Values.advancedSettings.multiCluster }},DualStack={{ .Values.advancedSettings.dualStack }}
+            - --default-ip-retain={{ .Values.defualtIPRetain }}
+            - --feature-gates=MultiCluster={{ .Values.multiCluster }},DualStack={{ .Values.dualStack }}
           args:
             - --port=9898
           env:
             - name: DEFAULT_NETWORK_TYPE
-              value: {{ .Values.advancedSettings.defualtNetworkType }}
+              value: {{ .Values.defualtNetworkType }}
           ports:
             - containerPort: 9898
               name: webhook-port
diff --git a/charts/hybridnet/templates/networkinitialization.yaml b/charts/hybridnet/templates/networkinitialization.yaml
@@ -1,9 +1,10 @@
+{{ if .Release.IsInstall }}
 apiVersion: networking.alibaba.com/v1
 kind: Network
 metadata:
   name: init
 spec:
-  netID: {{ .Values.initNetworkConfig.vxlanID }}
+  netID: {{ .Values.init.vxlanID }}
   type: Overlay
 
 ---
@@ -16,6 +17,7 @@ spec:
     autoNatOutgoing: true
   network: init
   range:
-    cidr: {{ .Values.initNetworkConfig.cidr }}
-    version: "{{ .Values.initNetworkConfig.ipVersion }}"
+    cidr: {{ .Values.init.cidr }}
+    version: "{{ .Values.init.ipVersion }}"
+{{ end }}
 
diff --git a/charts/hybridnet/templates/webhookconfigurations.yaml b/charts/hybridnet/templates/webhookconfigurations.yaml
@@ -14,11 +14,6 @@ webhooks:
     failurePolicy: Fail
     matchPolicy: Equivalent
     name: hybridnet-v1.validating.hybridnet
-    objectSelector:
-      matchExpressions:
-        - key: webhook.hybridnet.io/ignore
-          operator: NotIn
-          values: ["TRUE", "true"]
     rules:
       - apiGroups: ["networking.alibaba.com"]
         apiVersions: ["v1"]
@@ -46,6 +41,7 @@ webhooks:
         - key: webhook.hybridnet.io/ignore
           operator: NotIn
           values: ["TRUE", "true"]
+        {{ toYaml .Values.webhook.additionalPodMatchExpressions | nindent 8 }}
     rules:
       - apiGroups: [""]
         apiVersions: ["v1"]
@@ -76,6 +72,7 @@ webhooks:
         - key: webhook.hybridnet.io/ignore
           operator: NotIn
           values: ["TRUE", "true"]
+        {{ toYaml .Values.webhook.additionalPodMatchExpressions | nindent 8 }}
     reinvocationPolicy: Never
     rules:
       - apiGroups: [""]

diff --git a/charts/hybridnet/values.yaml b/charts/hybridnet/values.yaml
@@ -5,8 +5,9 @@ images:
   registryURL: "docker.io"
 
 # -- It's always encouraged to use an overlay network to finish some general jobs in hybridnet. This
-# chart will always create an "init" overlay Network/Subnet to initialize the K8s cluster.
-initNetworkConfig:
+# chart will always create an "init" overlay Network/Subnet to initialize the K8s cluster. "init" Network/Subnet
+# will only be created once.
+init:
   # -- CIDR of "init" Subnet.
   cidr: 100.64.0.0/16
 
@@ -16,23 +17,43 @@ initNetworkConfig:
   # -- VNI of the default overlay vxlan Network.
   vxlanID: 4
 
-  # -- The physical interfaces on node to transmit vlan/vxlan/bgp packets, which should be confirmed
+manager:
+  # -- The number of manager pods
+  replicas: 3
+
+webhook:
+  # -- Only the pods match the additionalPodMatchExpressions will be validate by hybridnet webhook.
+  additionalPodMatchExpressions:
+    - key: app
+      operator: NotIn
+      values: [ "kube-proxy" ]
+
+  # -- The number of webhook pods
+  replicas: 3
+
+daemon:
+  # -- Whether enable the NetworkPolicy functions of hybridnet.
+  enableNetworkPolicy: true
+
+  # -- The physical interfaces on each node to transmit vlan/vxlan/bgp packets, which should be confirmed
   # before network config is actually applied, or you might have to face the risk of rebooting the machine.
-  # An interface name list string using commons as separator is valid, daemon will always use the first
-  # available interface.
+  #
+  ## Each one of them is an interface name string list, using commons as separator. Daemon will always use
+  ## the first available interface name in each list. If empty, daemon will choose interface by default route.
   preferVxlanInterfaces: ""
   preferVlanInterfaces: ""
   preferBGPInterfaces: ""
 
-advancedSettings:
-  # -- Whether pod IP of stateful workloads will be retained by default. true or false
-  defualtIPRetain: true
+# -- Whether pod IP of stateful workloads will be retained by default. true or false
+## Ref: https://github.com/alibaba/hybridnet/wiki/Static-pod-ip-addresses-for-StatefulSet
+defualtIPRetain: true
 
-  # -- The default value when pod's network type is unspecified. Overlay or Underlay
-  defualtNetworkType: Overlay
+# -- The default value when pod's network type is unspecified. Overlay or Underlay
+## Ref: https://github.com/alibaba/hybridnet/wiki/Change-default-network-type
+defualtNetworkType: Overlay
 
-  # -- Enable the MultiCluster feature. true or false
-  multiCluster: false
+# -- Enable the MultiCluster feature. true or false
+multiCluster: false
 
-  # -- Enable the DualStack feature. IPv6 is disabled when is dualStack is not enable. true or false
-  dualStack: false
+# -- Enable the DualStack feature. IPv6 is disabled when is dualStack is not enable. true or false
+dualStack: false