Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add Helm chart #11

Merged
merged 28 commits into from
Sep 22, 2021
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
28 commits
Select commit Hold shift + click to select a range
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions .cr.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
# This file is the config file for helm/chart-releaser
ymmt2005 marked this conversation as resolved.
Show resolved Hide resolved
owner: cybozu-go
git-repo: accurate
release-name-template: "{{ .Name }}-chart-v{{ .Version }}"
30 changes: 30 additions & 0 deletions .github/workflows/helm-release.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
name: Release Charts

on:
push:
branches:
- main
paths:
- 'charts/**'
- '!**.md'

jobs:
release:
runs-on: ubuntu-20.04
steps:
- name: Checkout
uses: actions/checkout@v2
with:
fetch-depth: 0

- name: Configure Git
run: |
git config user.name "$GITHUB_ACTOR"
git config user.email "[email protected]"

- name: Run chart-releaser
uses: helm/[email protected]
ymmt2005 marked this conversation as resolved.
Show resolved Hide resolved
with:
config: .cr.yaml
env:
CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
49 changes: 49 additions & 0 deletions .github/workflows/helm.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,49 @@
name: Lint and Test Charts

on:
pull_request:
paths:
- "charts/**"
ymmt2005 marked this conversation as resolved.
Show resolved Hide resolved
- '!**.md'

jobs:
lint-test:
runs-on: ubuntu-20.04

steps:
- name: Checkout
uses: actions/checkout@v2
with:
fetch-depth: 0

- uses: actions/setup-python@v2
with:
python-version: 3.7

- name: Set up chart-testing
uses: helm/[email protected]

- name: Run chart-testing (list-changed)
id: list-changed
run: |
changed=$(ct list-changed --config ct.yaml)
if [[ -n "$changed" ]]; then
echo "::set-output name=changed::true"
fi

- name: Run chart-testing (lint)
run: ct lint --config ct.yaml

- name: Create kind cluster
uses: helm/[email protected]
if: steps.list-changed.outputs.changed == 'true'
ymmt2005 marked this conversation as resolved.
Show resolved Hide resolved
with:
node_image: kindest/node:v1.21.2

- name: Apply cert-manager
run: |
kubectl apply -f https://github.com/jetstack/cert-manager/releases/latest/download/cert-manager.yaml
kubectl -n cert-manager wait --for=condition=available --timeout=180s --all deployments

- name: Run chart-testing (install)
run: ct install --config ct.yaml
3 changes: 2 additions & 1 deletion .github/workflows/mdbook.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,8 @@ jobs:
- uses: actions/checkout@v2
with:
ref: gh-pages
- run: rm -rf *
# ignore helm chart index file
- run: ls | grep -v 'index.yaml' | xargs rm -rf
- uses: actions/download-artifact@v2
with:
name: book
Expand Down
16 changes: 14 additions & 2 deletions Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@
CTRL_TOOLS_VERSION=0.6.1
CTRL_RUNTIME_VERSION := $(shell awk '/sigs.k8s.io\/controller-runtime/ {print substr($$2, 2)}' go.mod)
KUSTOMIZE_VERSION = 4.1.3
HELM_VERSION = 3.6.3
CRD_TO_MARKDOWN_VERSION = 0.0.3
MDBOOK_VERSION = 0.4.10

Expand Down Expand Up @@ -45,8 +46,10 @@ help: ## Display this help.
##@ Development

.PHONY: manifests
manifests: controller-gen ## Generate WebhookConfiguration, ClusterRole and CustomResourceDefinition objects.
manifests: kustomize controller-gen ## Generate WebhookConfiguration, ClusterRole and CustomResourceDefinition objects.
$(CONTROLLER_GEN) $(CRD_OPTIONS) rbac:roleName=manager-role webhook paths="./..." output:crd:artifacts:config=config/crd/bases
$(KUSTOMIZE) build config/kustomize-to-helm/overlays/crds > charts/accurate/crds/accurate.cybozu.com_subnamespaces.yaml
$(KUSTOMIZE) build config/kustomize-to-helm/overlays/templates > charts/accurate/templates/generated/generated.yaml
ymmt2005 marked this conversation as resolved.
Show resolved Hide resolved

.PHONY: generate
generate: controller-gen ## Generate code containing DeepCopy, DeepCopyInto, and DeepCopyObject method implementations.
Expand Down Expand Up @@ -92,7 +95,7 @@ build:
GOBIN=$(shell pwd)/bin go install ./cmd/...

.PHONY: release-build
release-build: kustomize
release-build:
rm -rf build
mkdir -p build
$(MAKE) kubectl-accurate GOOS=windows GOARCH=amd64 SUFFIX=.exe
Expand Down Expand Up @@ -129,6 +132,15 @@ $(KUSTOMIZE):
curl -fsL https://github.com/kubernetes-sigs/kustomize/releases/download/kustomize%2Fv$(KUSTOMIZE_VERSION)/kustomize_v$(KUSTOMIZE_VERSION)_linux_amd64.tar.gz | \
tar -C bin -xzf -

HELM := $(shell pwd)/bin/helm
.PHONY: helm
helm: $(HELM) ## Download helm locally if necessary.

$(HELM):
mkdir -p $(BIN_DIR)
curl -L -sS https://get.helm.sh/helm-v$(HELM_VERSION)-linux-amd64.tar.gz \
| tar xz -C $(BIN_DIR) --strip-components 1 linux-amd64/helm

CRD_TO_MARKDOWN := $(shell pwd)/bin/crd-to-markdown
.PHONY: crd-to-markdown
crd-to-markdown: ## Download crd-to-markdown locally if necessary.
Expand Down
23 changes: 23 additions & 0 deletions charts/accurate/.helmignore
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*.orig
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/
24 changes: 24 additions & 0 deletions charts/accurate/Chart.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
apiVersion: v2
name: accurate
description: Accurate is a Kubernetes controller for soft multi-tenancy environments.

# A chart can be either an 'application' or a 'library' chart.
#
# Application charts are a collection of templates that can be packaged into versioned archives
# to be deployed.
#
# Library charts provide useful utilities or functions for the chart developer. They're included as
# a dependency of application charts to inject those utilities and functions into the rendering
# pipeline. Library charts do not define any templates and therefore cannot be deployed.
type: application

# This is the chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version.
# Versions are expected to follow Semantic Versioning (https://semver.org/)
version: 0.1.0

# This is the version number of the application being deployed. This version number should be
# incremented each time you make changes to the application. Versions are not expected to
# follow Semantic Versioning. They should reflect the version the application is using.
# It is recommended to use it with quotes.
appVersion: 0.1.0
117 changes: 117 additions & 0 deletions charts/accurate/MIGRATION.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,117 @@
# Migrate from kustomize to Helm

This document describes the steps to migrate from kustomize to Helm.

## Install Helm chart

There is no significant difference between the manifests installed by kusomize and those installed by Helm.

If a resource with the same name already exists in the Cluster, Helm will not be able to create the resource.

```console
$ helm repo add accurate https://cybozu-go.github.io/accurate/
$ helm repo update
$ helm install --namespace accurate accurate accurate/accurate
Error: rendered manifests contain a resource that already exists. Unable to continue with install: ServiceAccount "accurate-controller-manager" in namespace "accurate" exists and cannot be imported into the current release: invalid ownership metadata; label validation error: missing key "app.kubernetes.io/managed-by": must be set to "Helm"; annotation validation error: missing key "meta.helm.sh/release-name": must be set to "accurate"; annotation validation error: missing key "meta.helm.sh/release-namespace": must be set to "accurate"
```

Before installing Helm chart, you need to manually delete the resources.
ymmt2005 marked this conversation as resolved.
Show resolved Hide resolved
You do not need to delete Namespace, CRD and SubNamespace custom resources at this time.

```console
$ helm template --namespace accurate accurate accurate/accurate | kubectl delete -f -
serviceaccount "accurate-controller-manager" deleted
clusterrole.rbac.authorization.k8s.io "accurate-manager-role" deleted
clusterrole.rbac.authorization.k8s.io "accurate-subnamespace-editor-role" deleted
clusterrole.rbac.authorization.k8s.io "accurate-subnamespace-viewer-role" deleted
clusterrolebinding.rbac.authorization.k8s.io "accurate-manager-admin" deleted
clusterrolebinding.rbac.authorization.k8s.io "accurate-manager-rolebinding" deleted
role.rbac.authorization.k8s.io "accurate-leader-election-role" deleted
rolebinding.rbac.authorization.k8s.io "accurate-leader-election-rolebinding" deleted
service "accurate-webhook-service" deleted
deployment.apps "accurate-controller-manager" deleted
certificate.cert-manager.io "accurate-serving-cert" deleted
issuer.cert-manager.io "accurate-selfsigned-issuer" deleted
mutatingwebhookconfiguration.admissionregistration.k8s.io "accurate-mutating-webhook-configuration" deleted
validatingwebhookconfiguration.admissionregistration.k8s.io "accurate-validating-webhook-configuration" deleted
Error from server (NotFound): error when deleting "STDIN": configmaps "accurate-config" not found # This is because the ConfigMap created by ConfigMapGeneraor will be suffixed. There is no problem to ignore it.
```

Then install Helm chart again.

```console
$ helm install --namespace accurate accurate accurate/accurate
NAME: accurate
LAST DEPLOYED: Fri Aug 20 10:12:03 2021
NAMESPACE: accurate
STATUS: deployed
REVISION: 1
TEST SUITE: None
```

## Configuration

Helm uses the values file to configure Accurate config file.
ymmt2005 marked this conversation as resolved.
Show resolved Hide resolved

```yaml
controller:
config:
# controller.config.labelKeys -- Labels to be propagated to sub-namespaces.
# It is also possible to specify a glob pattern that can be interpreted by Go's "path.Match" func.
## https://pkg.go.dev/path#Match
labelKeys: []
# - team

# controller.config.annotationKeys -- Annotations to be propagated to sub-namespaces.
# It is also possible to specify a glob pattern that can be interpreted by Go's "path.Match" func.
## https://pkg.go.dev/path#Match
annotationKeys: []
# An example to propagate an annotation for MetalLB
# https://metallb.universe.tf/usage/#requesting-specific-ips
# - metallb.universe.tf/address-pool

# controller.config.watches -- List of GVK for namespace-scoped resources that can be propagated.
# Any namespace-scoped resource is allowed.
watches:
- group: rbac.authorization.k8s.io
version: v1
kind: Role
- group: rbac.authorization.k8s.io
version: v1
kind: RoleBinding
- version: v1
kind: Secret
```

Optional: If you have customized RBAC, you can use `additionalRBAC`.

```yaml
<snip>
controller:
additionalRBAC:
# controller.additionalRBAC.rules -- Specify the RBAC rules to be added to the controller.
# ClusterRole and ClusterRoleBinding are created with the names `{{ release name }}-additional-resources`.
# The rules defined here will be used for the ClusterRole rules.
rules:
- apiGroups:
- ""
resources:
- resourcequotas
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
<snip>
```

The values file can be specified with the `-f` option when you install Helm chart.

```console
$ helm install --create-namespace --namespace accurate accurate accurate/accurate -f values.yaml
```

There are several other configurable items besides the Accurate config file. See [README.md](./README.md) for details.
79 changes: 79 additions & 0 deletions charts/accurate/README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,79 @@
# Accurate Helm Chart

## How to use Accurate Helm repository

You need to add this repository to your Helm repositories:

```console
helm repo add accurate https://cybozu-go.github.io/accurate/
helm repo update
```

## Quick start

### Installing cert-manager

```console
$ curl -fsL https://github.com/jetstack/cert-manager/releases/latest/download/cert-manager.yaml | kubectl apply -f -
```

### Installing the Chart
ymmt2005 marked this conversation as resolved.
Show resolved Hide resolved

> NOTE:
>
> This installation method requires cert-manager to be installed beforehand.

To install the chart with the release name `accurate` using a dedicated namespace(recommended):

```console
$ helm install --create-namespace --namespace accurate accurate accurate/accurate
```

Specify parameters using `--set key=value[,key=value]` argument to `helm install`.

Alternatively a YAML file that specifies the values for the parameters can be provided like this:

```console
$ helm install --create-namespace --namespace accurate accurate -f values.yaml accurate/accurate
```

## Values

| Key | Type | Default | Description |
|-----|------|---------|-------------|
| controller.additionalRBAC.rules | list | `[]` | Specify the RBAC rules to be added to the controller. ClusterRole and ClusterRoleBinding are created with the names `{{ release name }}-additional-resources`. The rules defined here will be used for the ClusterRole rules. |
| controller.config.annotationKeys | list | `[]` | Annotations to be propagated to sub-namespaces. It is also possible to specify a glob pattern that can be interpreted by Go's "path.Match" func. |
| controller.config.labelKeys | list | `[]` | Labels to be propagated to sub-namespaces. It is also possible to specify a glob pattern that can be interpreted by Go's "path.Match" func. |
| controller.config.watches | list | `[{"group":"rbac.authorization.k8s.io","kind":"Role","version":"v1"},{"group":"rbac.authorization.k8s.io","kind":"RoleBinding","version":"v1"},{"kind":"Secret","version":"v1"}]` | List of GVK for namespace-scoped resources that can be propagated. Any namespace-scoped resource is allowed. |
| controller.extraArgs | list | `[]` | Optional additional arguments. |
| controller.replicas | int | `2` | Specify the number of replicas of the controller Pod. |
| controller.resources | object | `{"requests":{"cpu":"100m","memory":"20Mi"}}` | Specify resources. |
| controller.terminationGracePeriodSeconds | int | `10` | Specify terminationGracePeriodSeconds. |
| image.pullPolicy | string | `nil` | Accurate image pullPolicy. |
| image.repository | string | `"ghcr.io/cybozu-go/accurate"` | Accurate image repository to use. |
| image.tag | string | `{{ .Chart.AppVersion }}` | Accurate image tag to use. |

## Generate Manifests

You can use the `helm template` command to render manifests.

```console
$ helm template --namespace accurate accurate accurate/accurate
```

## Upgrade CRDs

There is no support at this time for upgrading or deleting CRDs using Helm.
Users must manually upgrade the CRD if there is a change in the CRD used by Accurate.

https://helm.sh/docs/chart_best_practices/custom_resource_definitions/#install-a-crd-declaration-before-using-the-resource

## Release Chart

Accurate Helm Chart will be released independently.
This will prevent the Accurate version from going up just by modifying the Helm Chart.

You must change the version of `Chart.yaml` when making changes to the Helm Chart.
CI fails with lint error when creating a Pull Request without changing the version of `Chart.yaml`.

When a pull request with Chart changes is merged into the main branch, [helm/chart-releaser-action](https://github.com/helm/chart-releaser-action) will automatically create a GitHub release.
Loading