diff --git a/manifests/function/helm-operator/crd/helmreleases.helm.fluxcd.io.yaml b/manifests/function/helm-operator/crd/helmreleases.helm.fluxcd.io.yaml new file mode 100644 index 000000000..7e0a8045b --- /dev/null +++ b/manifests/function/helm-operator/crd/helmreleases.helm.fluxcd.io.yaml @@ -0,0 +1,417 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: helmreleases.helm.fluxcd.io +spec: + additionalPrinterColumns: + - JSONPath: .status.releaseName + name: Release + type: string + description: ReleaseName is the name of the Helm release managed by the HelmRelease, + as given by Helm. + - JSONPath: .status.phase + name: Phase + type: string + description: Phase is the current release phase being performed for the HelmRelease. + - JSONPath: .status.releaseStatus + name: Status + type: string + description: ReleaseStatus is the status of the Helm release managed by the HelmRelease, + as given by Helm. + - JSONPath: .status.conditions[?(@.type=="Released")].message + name: Message + type: string + - JSONPath: .metadata.creationTimestamp + description: CreationTimestamp is a timestamp representing the server time when + this object was created. It is not guaranteed to be set in happens-before order + across separate operations. Clients may not set this value. It is represented + in RFC3339 form and is in UTC. + name: Age + type: date + group: helm.fluxcd.io + names: + kind: HelmRelease + listKind: HelmReleaseList + plural: helmreleases + shortNames: + - hr + - hrs + singular: helmrelease + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + description: HelmRelease is a type to represent a Helm release. + type: object + required: + - metadata + - spec + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + type: object + required: + - chart + properties: + chart: + type: object + properties: + chartPullSecret: + description: ChartPullSecret holds the reference to the authentication + secret for accessing the Helm repository using HTTPS basic auth. + NOT IMPLEMENTED! + type: object + required: + - name + properties: + name: + type: string + git: + description: Git URL is the URL of the Git repository, e.g. `git@github.com:org/repo`, + `http://github.com/org/repo`, or `ssh://git@example.com:2222/org/repo.git`. + type: string + name: + description: Name is the name of the Helm chart _without_ an alias, + e.g. redis (for `helm upgrade [flags] stable/redis`). + type: string + path: + description: Path is the path to the chart relative to the repository + root. + type: string + ref: + description: Ref is the Git branch (or other reference) to use. + Defaults to 'master', or the configured default Git ref. + type: string + repository: + description: RepoURL is the URL of the Helm repository, e.g. `https://kubernetes-charts.storage.googleapis.com` + or `https://charts.example.com`. + type: string + secretRef: + description: SecretRef holds the authentication secret for accessing + the Git repository (over HTTPS). The credentials will be added + to an HTTPS GitURL before the mirror is started. + type: object + required: + - name + properties: + name: + type: string + namespace: + type: string + skipDepUpdate: + description: SkipDepUpdate will tell the operator to skip running + 'helm dep update' before installing or upgrading the chart, the + chart dependencies _must_ be present for this to succeed. + type: boolean + version: + description: Version is the targeted Helm chart version, e.g. 7.0.1. + type: string + disableOpenAPIValidation: + description: DisableOpenAPIValidation controls whether OpenAPI validation + is enforced. + type: boolean + forceUpgrade: + description: Force will mark this Helm release to `--force` upgrades. + This forces the resource updates through delete/recreate if needed. + type: boolean + helmVersion: + description: 'HelmVersion is the version of Helm to target. If not supplied, + the lowest _enabled Helm version_ will be targeted. Valid HelmVersion + values are: "v2", "v3"' + type: string + enum: + - v2 + - v3 + maxHistory: + description: MaxHistory is the maximum amount of revisions to keep for + the Helm release. If not supplied, it defaults to 10. + type: integer + releaseName: + description: ReleaseName is the name of the The Helm release. If not + supplied, it will be generated by affixing the namespace to the resource + name. + type: string + resetValues: + description: ResetValues will mark this Helm release to reset the values + to the defaults of the targeted chart before performing an upgrade. + Not explicitly setting this to `false` equals to `true` due to the + declarative nature of the operator. + type: boolean + rollback: + description: The rollback settings for this Helm release. + type: object + properties: + disableHooks: + description: DisableHooks will mark this Helm release to prevent + hooks from running during the rollback. + type: boolean + enable: + description: Enable will mark this Helm release for rollbacks. + type: boolean + force: + description: Force will mark this Helm release to `--force` rollbacks. + This forces the resource updates through delete/recreate if needed. + type: boolean + maxRetries: + description: MaxRetries is the maximum amount of upgrade retries + the operator should make before bailing. + type: integer + format: int64 + recreate: + description: Recreate will mark this Helm release to `--recreate-pods` + for if applicable. This performs pod restarts. + type: boolean + retry: + description: Retry will mark this Helm release for upgrade retries + after a rollback. + type: boolean + timeout: + description: Timeout is the time to wait for any individual Kubernetes + operation (like Jobs for hooks) during rollback. + type: integer + format: int64 + wait: + description: Wait will mark this Helm release to wait until all + Pods, PVCs, Services, and minimum number of Pods of a Deployment, + StatefulSet, or ReplicaSet are in a ready state before marking + the release as successful. + type: boolean + skipCRDs: + description: SkipCRDs will mark this Helm release to skip the creation + of CRDs during a Helm 3 installation. + type: boolean + targetNamespace: + description: TargetNamespace overrides the targeted namespace for the + Helm release. The default namespace equals to the namespace of the + HelmRelease resource. + type: string + test: + description: The test settings for this Helm release. + type: object + properties: + cleanup: + description: Cleanup, when targeting Helm 2, determines whether + to delete test pods between each test run initiated by the Helm + Operator. + type: boolean + enable: + description: Enable will mark this Helm release for tests. + type: boolean + ignoreFailures: + description: IgnoreFailures will cause a Helm release to be rolled + back if it fails otherwise it will be left in a released state + type: boolean + timeout: + description: Timeout is the time to wait for any individual Kubernetes + operation (like Jobs for hooks) during test. + type: integer + format: int64 + timeout: + description: Timeout is the time to wait for any individual Kubernetes + operation (like Jobs for hooks) during installation and upgrade operations. + type: integer + format: int64 + valueFileSecrets: + description: ValueFileSecrets holds the local name references to secrets. + DEPRECATED, use ValuesFrom.secretKeyRef instead. + type: array + items: + type: object + required: + - name + properties: + name: + type: string + values: + description: Values holds the values for this Helm release. + type: object + valuesFrom: + type: array + items: + type: object + properties: + chartFileRef: + description: The reference to a local chart file with release + values. + type: object + required: + - path + properties: + optional: + description: Optional will mark this ChartFileSelector as + optional. The result of this are that operations are permitted + without the source, due to it e.g. being temporarily unavailable. + type: boolean + path: + description: Path is the file path to the source relative + to the chart root. + type: string + configMapKeyRef: + description: The reference to a config map with release values. + type: object + required: + - name + properties: + key: + type: string + name: + type: string + namespace: + type: string + optional: + type: boolean + externalSourceRef: + description: The reference to an external source with release + values. + type: object + required: + - url + properties: + optional: + description: Optional will mark this ExternalSourceSelector + as optional. The result of this are that operations are + permitted without the source, due to it e.g. being temporarily + unavailable. + type: boolean + url: + description: URL is the URL of the external source. + type: string + secretKeyRef: + description: The reference to a secret with release values. + type: object + required: + - name + properties: + key: + type: string + name: + type: string + namespace: + type: string + optional: + type: boolean + wait: + description: Wait will mark this Helm release to wait until all Pods, + PVCs, Services, and minimum number of Pods of a Deployment, StatefulSet, + or ReplicaSet are in a ready state before marking the release as successful. + type: boolean + status: + description: HelmReleaseStatus contains status information about an HelmRelease. + type: object + properties: + conditions: + description: Conditions contains observations of the resource's state, + e.g., has the chart which it refers to been fetched. + type: array + items: + type: object + required: + - status + - type + properties: + lastTransitionTime: + description: LastTransitionTime is the timestamp corresponding + to the last status change of this condition. + type: string + format: date-time + lastUpdateTime: + description: LastUpdateTime is the timestamp corresponding to + the last status update of this condition. + type: string + format: date-time + message: + description: Message is a human readable description of the details + of the last transition, complementing reason. + type: string + reason: + description: Reason is a brief machine readable explanation for + the condition's last transition. + type: string + status: + description: Status of the condition, one of ('True', 'False', + 'Unknown'). + type: string + enum: + - "True" + - "False" + - Unknown + type: + description: Type of the condition, one of ('ChartFetched', 'Deployed', + 'Released', 'RolledBack', 'Tested'). + type: string + enum: + - ChartFetched + - Deployed + - Released + - RolledBack + - Tested + lastAttemptedRevision: + description: LastAttemptedRevision is the revision of the latest chart + sync, and may be of a failed release. + type: string + observedGeneration: + description: ObservedGeneration is the most recent generation observed + by the operator. + type: integer + format: int64 + phase: + description: Phase the release is in, one of ('ChartFetched', 'ChartFetchFailed', + 'Installing', 'Upgrading', 'Deployed', 'DeployFailed', 'Testing', + 'TestFailed', 'Tested', 'Succeeded', 'RollingBack', 'RolledBack', + 'RollbackFailed') + type: string + enum: + - ChartFetched + - ChartFetchFailed + - Installing + - Upgrading + - Deployed + - DeployFailed + - Testing + - TestFailed + - Tested + - Succeeded + - Failed + - RollingBack + - RolledBack + - RollbackFailed + releaseName: + description: ReleaseName is the name as either supplied or generated. + type: string + releaseStatus: + description: ReleaseStatus is the status as given by Helm for the release + managed by this resource. + type: string + revision: + description: Revision holds the Git hash or version of the chart currently + deployed. + type: string + rollbackCount: + description: RollbackCount records the amount of rollback attempts made, + it is incremented after a rollback failure and reset after a successful + upgrade or revision change. + type: integer + format: int64 + version: v1 + versions: + - name: v1 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/manifests/function/helm-operator/crd/kustomization.yaml b/manifests/function/helm-operator/crd/kustomization.yaml new file mode 100644 index 000000000..2b5286634 --- /dev/null +++ b/manifests/function/helm-operator/crd/kustomization.yaml @@ -0,0 +1,2 @@ +resources: + - helmreleases.helm.fluxcd.io.yaml diff --git a/manifests/function/helm-operator/deployment.yaml b/manifests/function/helm-operator/deployment.yaml new file mode 100644 index 000000000..cdb73d347 --- /dev/null +++ b/manifests/function/helm-operator/deployment.yaml @@ -0,0 +1,56 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: helm-operator + namespace: flux +spec: + replicas: 1 + selector: + matchLabels: + name: helm-operator + strategy: + type: Recreate + template: + metadata: + annotations: + prometheus.io/scrape: "true" + labels: + name: helm-operator + spec: + tolerations: + - key: node-role.kubernetes.io/master + effect: NoSchedule + containers: + - args: + - --enabled-helm-versions=v3 + image: docker.io/fluxcd/helm-operator:1.1.0 + imagePullPolicy: IfNotPresent + livenessProbe: + httpGet: + path: /healthz + port: 3030 + initialDelaySeconds: 1 + timeoutSeconds: 5 + name: helm-operator + ports: + - containerPort: 3030 + name: http + readinessProbe: + httpGet: + path: /healthz + port: 3030 + initialDelaySeconds: 1 + timeoutSeconds: 5 + resources: + requests: + cpu: 50m + memory: 64Mi + serviceAccountName: helm-operator + # See https://github.com/fluxcd/flux/pull/2116 + dnsPolicy: None + dnsConfig: + nameservers: + - 10.96.0.10 + options: + - name: ndots + value: "1" diff --git a/manifests/function/helm-operator/kustomization.yaml b/manifests/function/helm-operator/kustomization.yaml new file mode 100644 index 000000000..14dbcd9ad --- /dev/null +++ b/manifests/function/helm-operator/kustomization.yaml @@ -0,0 +1,5 @@ +resources: + - namespace.yaml + - crd + - rbac + - deployment.yaml diff --git a/manifests/function/helm-operator/namespace.yaml b/manifests/function/helm-operator/namespace.yaml new file mode 100644 index 000000000..30853a70d --- /dev/null +++ b/manifests/function/helm-operator/namespace.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: flux diff --git a/manifests/function/helm-operator/rbac/kustomization.yaml b/manifests/function/helm-operator/rbac/kustomization.yaml new file mode 100644 index 000000000..d6e426871 --- /dev/null +++ b/manifests/function/helm-operator/rbac/kustomization.yaml @@ -0,0 +1,4 @@ +resources: + - serviceaccount.yaml + - role.yaml + - rolebinding.yaml diff --git a/manifests/function/helm-operator/rbac/role.yaml b/manifests/function/helm-operator/rbac/role.yaml new file mode 100644 index 000000000..e5c6c5765 --- /dev/null +++ b/manifests/function/helm-operator/rbac/role.yaml @@ -0,0 +1,17 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRole +metadata: + labels: + name: helm-operator + name: helm-operator +rules: +- apiGroups: + - '*' + resources: + - '*' + verbs: + - '*' +- nonResourceURLs: + - '*' + verbs: + - '*' diff --git a/manifests/function/helm-operator/rbac/rolebinding.yaml b/manifests/function/helm-operator/rbac/rolebinding.yaml new file mode 100644 index 000000000..15db242f6 --- /dev/null +++ b/manifests/function/helm-operator/rbac/rolebinding.yaml @@ -0,0 +1,14 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + labels: + name: helm-operator + name: helm-operator +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: helm-operator +subjects: +- kind: ServiceAccount + name: helm-operator + namespace: flux diff --git a/manifests/function/helm-operator/rbac/serviceaccount.yaml b/manifests/function/helm-operator/rbac/serviceaccount.yaml new file mode 100644 index 000000000..c2994bd46 --- /dev/null +++ b/manifests/function/helm-operator/rbac/serviceaccount.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + name: helm-operator + name: helm-operator + namespace: flux diff --git a/manifests/site/test-site/target/initinfra/kustomization.yaml b/manifests/site/test-site/target/initinfra/kustomization.yaml index 7493021a0..55a3d8f11 100644 --- a/manifests/site/test-site/target/initinfra/kustomization.yaml +++ b/manifests/site/test-site/target/initinfra/kustomization.yaml @@ -1,6 +1,7 @@ resources: - ../../shared/clusterctl - ../../../../function/baremetal-operator + - ../../../../function/helm-operator patchesStrategicMerge: - patch_bmo_config.yaml commonLabels: