airship/airshipctl
Code Issues Proposed changes

[#177] Add Flux Helm Operator manifests

Browse Source 
The Flux Helm Operator is included in the target cluster initinfra phase.

Change-Id: Ia0b7b2badde0914504f309e9ea9e02055dd0f2cf
This commit is contained in:
Sean Eagan 2020-07-07 14:37:04 -05:00
parent 52153fc65d
commit 4e7a5a3ce5
10 changed files with 527 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

417
manifests/function/helm-operator/crd/helmreleases.helm.fluxcd.io.yaml Normal file
View File

@ -0,0 +1,417 @@
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: helmreleases.helm.fluxcd.io
spec:
additionalPrinterColumns:
- JSONPath: .status.releaseName
name: Release
type: string
description: ReleaseName is the name of the Helm release managed by the HelmRelease,
as given by Helm.
- JSONPath: .status.phase
name: Phase
type: string
description: Phase is the current release phase being performed for the HelmRelease.
- JSONPath: .status.releaseStatus
name: Status
type: string
description: ReleaseStatus is the status of the Helm release managed by the HelmRelease,
as given by Helm.
- JSONPath: .status.conditions[?(@.type=="Released")].message
name: Message
type: string
- JSONPath: .metadata.creationTimestamp
description: CreationTimestamp is a timestamp representing the server time when
this object was created. It is not guaranteed to be set in happens-before order
across separate operations. Clients may not set this value. It is represented
in RFC3339 form and is in UTC.
name: Age
type: date
group: helm.fluxcd.io
names:
kind: HelmRelease
listKind: HelmReleaseList
plural: helmreleases
shortNames:
- hr
- hrs
singular: helmrelease
scope: Namespaced
subresources:
status: {}
validation:
openAPIV3Schema:
description: HelmRelease is a type to represent a Helm release.
type: object
required:
- metadata
- spec
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
type: object
required:
- chart
properties:
chart:
type: object
properties:
chartPullSecret:
description: ChartPullSecret holds the reference to the authentication
secret for accessing the Helm repository using HTTPS basic auth.
NOT IMPLEMENTED!
type: object
required:
- name
properties:
name:
type: string
git:
description: Git URL is the URL of the Git repository, e.g. `git@github.com:org/repo`,
`http://github.com/org/repo`, or `ssh://git@example.com:2222/org/repo.git`.
type: string
name:
description: Name is the name of the Helm chart _without_ an alias,
e.g. redis (for `helm upgrade [flags] stable/redis`).
type: string
path:
description: Path is the path to the chart relative to the repository
root.
type: string
ref:
description: Ref is the Git branch (or other reference) to use.
Defaults to 'master', or the configured default Git ref.
type: string
repository:
description: RepoURL is the URL of the Helm repository, e.g. `https://kubernetes-charts.storage.googleapis.com`
or `https://charts.example.com`.
type: string
secretRef:
description: SecretRef holds the authentication secret for accessing
the Git repository (over HTTPS). The credentials will be added
to an HTTPS GitURL before the mirror is started.
type: object
required:
- name
properties:
name:
type: string
namespace:
type: string
skipDepUpdate:
description: SkipDepUpdate will tell the operator to skip running
'helm dep update' before installing or upgrading the chart, the
chart dependencies _must_ be present for this to succeed.
type: boolean
version:
description: Version is the targeted Helm chart version, e.g. 7.0.1.
type: string
disableOpenAPIValidation:
description: DisableOpenAPIValidation controls whether OpenAPI validation
is enforced.
type: boolean
forceUpgrade:
description: Force will mark this Helm release to `--force` upgrades.
This forces the resource updates through delete/recreate if needed.
type: boolean
helmVersion:
description: 'HelmVersion is the version of Helm to target. If not supplied,
the lowest _enabled Helm version_ will be targeted. Valid HelmVersion
values are: "v2", "v3"'
type: string
enum:
- v2
- v3
maxHistory:
description: MaxHistory is the maximum amount of revisions to keep for
the Helm release. If not supplied, it defaults to 10.
type: integer
releaseName:
description: ReleaseName is the name of the The Helm release. If not
supplied, it will be generated by affixing the namespace to the resource
name.
type: string
resetValues:
description: ResetValues will mark this Helm release to reset the values
to the defaults of the targeted chart before performing an upgrade.
Not explicitly setting this to `false` equals to `true` due to the
declarative nature of the operator.
type: boolean
rollback:
description: The rollback settings for this Helm release.
type: object
properties:
disableHooks:
description: DisableHooks will mark this Helm release to prevent
hooks from running during the rollback.
type: boolean
enable:
description: Enable will mark this Helm release for rollbacks.
type: boolean
force:
description: Force will mark this Helm release to `--force` rollbacks.
This forces the resource updates through delete/recreate if needed.
type: boolean
maxRetries:
description: MaxRetries is the maximum amount of upgrade retries
the operator should make before bailing.
type: integer
format: int64
recreate:
description: Recreate will mark this Helm release to `--recreate-pods`
for if applicable. This performs pod restarts.
type: boolean
retry:
description: Retry will mark this Helm release for upgrade retries
after a rollback.
type: boolean
timeout:
description: Timeout is the time to wait for any individual Kubernetes
operation (like Jobs for hooks) during rollback.
type: integer
format: int64
wait:
description: Wait will mark this Helm release to wait until all
Pods, PVCs, Services, and minimum number of Pods of a Deployment,
StatefulSet, or ReplicaSet are in a ready state before marking
the release as successful.
type: boolean
skipCRDs:
description: SkipCRDs will mark this Helm release to skip the creation
of CRDs during a Helm 3 installation.
type: boolean
targetNamespace:
description: TargetNamespace overrides the targeted namespace for the
Helm release. The default namespace equals to the namespace of the
HelmRelease resource.
type: string
test:
description: The test settings for this Helm release.
type: object
properties:
cleanup:
description: Cleanup, when targeting Helm 2, determines whether
to delete test pods between each test run initiated by the Helm
Operator.
type: boolean
enable:
description: Enable will mark this Helm release for tests.
type: boolean
ignoreFailures:
description: IgnoreFailures will cause a Helm release to be rolled
back if it fails otherwise it will be left in a released state
type: boolean
timeout:
description: Timeout is the time to wait for any individual Kubernetes
operation (like Jobs for hooks) during test.
type: integer
format: int64
timeout:
description: Timeout is the time to wait for any individual Kubernetes
operation (like Jobs for hooks) during installation and upgrade operations.
type: integer
format: int64
valueFileSecrets:
description: ValueFileSecrets holds the local name references to secrets.
DEPRECATED, use ValuesFrom.secretKeyRef instead.
type: array
items:
type: object
required:
- name
properties:
name:
type: string
values:
description: Values holds the values for this Helm release.
type: object
valuesFrom:
type: array
items:
type: object
properties:
chartFileRef:
description: The reference to a local chart file with release
values.
type: object
required:
- path
properties:
optional:
description: Optional will mark this ChartFileSelector as
optional. The result of this are that operations are permitted
without the source, due to it e.g. being temporarily unavailable.
type: boolean
path:
description: Path is the file path to the source relative
to the chart root.
type: string
configMapKeyRef:
description: The reference to a config map with release values.
type: object
required:
- name
properties:
key:
type: string
name:
type: string
namespace:
type: string
optional:
type: boolean
externalSourceRef:
description: The reference to an external source with release
values.
type: object
required:
- url
properties:
optional:
description: Optional will mark this ExternalSourceSelector
as optional. The result of this are that operations are
permitted without the source, due to it e.g. being temporarily
unavailable.
type: boolean
url:
description: URL is the URL of the external source.
type: string
secretKeyRef:
description: The reference to a secret with release values.
type: object
required:
- name
properties:
key:
type: string
name:
type: string
namespace:
type: string
optional:
type: boolean
wait:
description: Wait will mark this Helm release to wait until all Pods,
PVCs, Services, and minimum number of Pods of a Deployment, StatefulSet,
or ReplicaSet are in a ready state before marking the release as successful.
type: boolean
status:
description: HelmReleaseStatus contains status information about an HelmRelease.
type: object
properties:
conditions:
description: Conditions contains observations of the resource's state,
e.g., has the chart which it refers to been fetched.
type: array
items:
type: object
required:
- status
- type
properties:
lastTransitionTime:
description: LastTransitionTime is the timestamp corresponding
to the last status change of this condition.
type: string
format: date-time
lastUpdateTime:
description: LastUpdateTime is the timestamp corresponding to
the last status update of this condition.
type: string
format: date-time
message:
description: Message is a human readable description of the details
of the last transition, complementing reason.
type: string
reason:
description: Reason is a brief machine readable explanation for
the condition's last transition.
type: string
status:
description: Status of the condition, one of ('True', 'False',
'Unknown').
type: string
enum:
- "True"
- "False"
- Unknown
type:
description: Type of the condition, one of ('ChartFetched', 'Deployed',
'Released', 'RolledBack', 'Tested').
type: string
enum:
- ChartFetched
- Deployed
- Released
- RolledBack
- Tested
lastAttemptedRevision:
description: LastAttemptedRevision is the revision of the latest chart
sync, and may be of a failed release.
type: string
observedGeneration:
description: ObservedGeneration is the most recent generation observed
by the operator.
type: integer
format: int64
phase:
description: Phase the release is in, one of ('ChartFetched', 'ChartFetchFailed',
'Installing', 'Upgrading', 'Deployed', 'DeployFailed', 'Testing',
'TestFailed', 'Tested', 'Succeeded', 'RollingBack', 'RolledBack',
'RollbackFailed')
type: string
enum:
- ChartFetched
- ChartFetchFailed
- Installing
- Upgrading
- Deployed
- DeployFailed
- Testing
- TestFailed
- Tested
- Succeeded
- Failed
- RollingBack
- RolledBack
- RollbackFailed
releaseName:
description: ReleaseName is the name as either supplied or generated.
type: string
releaseStatus:
description: ReleaseStatus is the status as given by Helm for the release
managed by this resource.
type: string
revision:
description: Revision holds the Git hash or version of the chart currently
deployed.
type: string
rollbackCount:
description: RollbackCount records the amount of rollback attempts made,
it is incremented after a rollback failure and reset after a successful
upgrade or revision change.
type: integer
format: int64
version: v1
versions:
- name: v1
served: true
storage: true
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []

2
manifests/function/helm-operator/crd/kustomization.yaml Normal file
View File

@ -0,0 +1,2 @@
resources:
- helmreleases.helm.fluxcd.io.yaml

56
manifests/function/helm-operator/deployment.yaml Normal file
View File

@ -0,0 +1,56 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: helm-operator
namespace: flux
spec:
replicas: 1
selector:
matchLabels:
name: helm-operator
strategy:
type: Recreate
template:
metadata:
annotations:
prometheus.io/scrape: "true"
labels:
name: helm-operator
spec:
tolerations:
- key: node-role.kubernetes.io/master
effect: NoSchedule
containers:
- args:
- --enabled-helm-versions=v3
image: docker.io/fluxcd/helm-operator:1.1.0
imagePullPolicy: IfNotPresent
livenessProbe:
httpGet:
path: /healthz
port: 3030
initialDelaySeconds: 1
timeoutSeconds: 5
name: helm-operator
ports:
- containerPort: 3030
name: http
readinessProbe:
httpGet:
path: /healthz
port: 3030
initialDelaySeconds: 1
timeoutSeconds: 5
resources:
requests:
cpu: 50m
memory: 64Mi
serviceAccountName: helm-operator
# See https://github.com/fluxcd/flux/pull/2116
dnsPolicy: None
dnsConfig:
nameservers:
- 10.96.0.10
options:
- name: ndots
value: "1"

5
manifests/function/helm-operator/kustomization.yaml Normal file
View File

@ -0,0 +1,5 @@
resources:
- namespace.yaml
- crd
- rbac
- deployment.yaml

4
manifests/function/helm-operator/namespace.yaml Normal file
View File

@ -0,0 +1,4 @@
apiVersion: v1
kind: Namespace
metadata:
name: flux

4
manifests/function/helm-operator/rbac/kustomization.yaml Normal file
View File

@ -0,0 +1,4 @@
resources:
- serviceaccount.yaml
- role.yaml
- rolebinding.yaml

17
manifests/function/helm-operator/rbac/role.yaml Normal file
View File

@ -0,0 +1,17 @@
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
labels:
name: helm-operator
name: helm-operator
rules:
- apiGroups:
- '*'
resources:
- '*'
verbs:
- '*'
- nonResourceURLs:
- '*'
verbs:
- '*'

14
manifests/function/helm-operator/rbac/rolebinding.yaml Normal file
View File

@ -0,0 +1,14 @@
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
labels:
name: helm-operator
name: helm-operator
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: helm-operator
subjects:
- kind: ServiceAccount
name: helm-operator
namespace: flux

7
manifests/function/helm-operator/rbac/serviceaccount.yaml Normal file
View File

@ -0,0 +1,7 @@
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
name: helm-operator
name: helm-operator
namespace: flux

1
manifests/site/test-site/target/initinfra/kustomization.yaml
View File

@ -1,6 +1,7 @@
resources:
- ../../shared/clusterctl
- ../../../../function/baremetal-operator
- ../../../../function/helm-operator
patchesStrategicMerge:
- patch_bmo_config.yaml
commonLabels: