From f1fc385765847da17707b9ac7a1e5cd81dfd4f34 Mon Sep 17 00:00:00 2001 From: Arko Dasgupta Date: Wed, 19 Apr 2023 10:56:50 -0700 Subject: [PATCH] Add the namespace resource within helm templates This is unfortunate workaround due the difference in UX between `helm template` and `helm install` The project recommends `helm install` as a way to install EG which supports a `--create-namespace` flag to create a namespace However we also generate a static YAML using `helm template` as part of the release artficat so a user can install the YAML directly using `kubectl` instead of `helm` . The issue here is `helm template` does not support `--create-namespace`, so instead this commit adds a knob called `createNamespace` to the Helm chart which is `false` by default, but turned on during `make generate-manifests` Fixes: https://github.com/envoyproxy/gateway/issues/1307 Signed-off-by: Arko Dasgupta --- charts/gateway-helm/templates/certgen-rbac.yaml | 3 +++ charts/gateway-helm/templates/certgen.yaml | 1 + charts/gateway-helm/templates/envoy-gateway-config.yaml | 1 + charts/gateway-helm/templates/envoy-gateway-deployment.yaml | 2 ++ .../templates/envoy-gateway-metrics-service.yaml | 1 + charts/gateway-helm/templates/envoy-gateway-service.yaml | 1 + charts/gateway-helm/templates/infra-manager-rbac.yaml | 2 ++ charts/gateway-helm/templates/leader-election-rbac.yaml | 2 ++ charts/gateway-helm/templates/metrics-reader-rbac.yaml | 1 + charts/gateway-helm/templates/namespace.yaml | 6 ++++++ charts/gateway-helm/values.tmpl.yaml | 1 + tools/make/kube.mk | 2 +- 12 files changed, 22 insertions(+), 1 deletion(-) create mode 100644 charts/gateway-helm/templates/namespace.yaml diff --git a/charts/gateway-helm/templates/certgen-rbac.yaml b/charts/gateway-helm/templates/certgen-rbac.yaml index f78c36709b6..ff805dad3db 100644 --- a/charts/gateway-helm/templates/certgen-rbac.yaml +++ b/charts/gateway-helm/templates/certgen-rbac.yaml @@ -2,6 +2,7 @@ apiVersion: v1 kind: ServiceAccount metadata: name: {{ include "eg.fullname" . }}-certgen + namespace: '{{ .Release.Namespace }}' labels: {{- include "eg.labels" . | nindent 4 }} annotations: @@ -11,6 +12,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: {{ include "eg.fullname" . }}-certgen + namespace: '{{ .Release.Namespace }}' labels: {{- include "eg.labels" . | nindent 4 }} annotations: @@ -29,6 +31,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: {{ include "eg.fullname" . }}-certgen + namespace: '{{ .Release.Namespace }}' labels: {{- include "eg.labels" . | nindent 4 }} annotations: diff --git a/charts/gateway-helm/templates/certgen.yaml b/charts/gateway-helm/templates/certgen.yaml index 2b40f599eeb..25f65196da6 100644 --- a/charts/gateway-helm/templates/certgen.yaml +++ b/charts/gateway-helm/templates/certgen.yaml @@ -2,6 +2,7 @@ apiVersion: batch/v1 kind: Job metadata: name: {{ include "eg.fullname" . }}-certgen + namespace: '{{ .Release.Namespace }}' labels: {{- include "eg.labels" . | nindent 4 }} annotations: diff --git a/charts/gateway-helm/templates/envoy-gateway-config.yaml b/charts/gateway-helm/templates/envoy-gateway-config.yaml index 255030c9ee7..c969f60454f 100644 --- a/charts/gateway-helm/templates/envoy-gateway-config.yaml +++ b/charts/gateway-helm/templates/envoy-gateway-config.yaml @@ -2,6 +2,7 @@ apiVersion: v1 kind: ConfigMap metadata: name: envoy-gateway-config + namespace: '{{ .Release.Namespace }}' labels: {{- include "eg.labels" . | nindent 4 }} data: diff --git a/charts/gateway-helm/templates/envoy-gateway-deployment.yaml b/charts/gateway-helm/templates/envoy-gateway-deployment.yaml index bc4c6224845..e2cc40b9a24 100644 --- a/charts/gateway-helm/templates/envoy-gateway-deployment.yaml +++ b/charts/gateway-helm/templates/envoy-gateway-deployment.yaml @@ -2,6 +2,7 @@ apiVersion: v1 kind: ServiceAccount metadata: name: envoy-gateway + namespace: '{{ .Release.Namespace }}' labels: {{- include "eg.labels" . | nindent 4 }} --- @@ -9,6 +10,7 @@ apiVersion: apps/v1 kind: Deployment metadata: name: envoy-gateway + namespace: '{{ .Release.Namespace }}' labels: control-plane: envoy-gateway {{- include "eg.labels" . | nindent 4 }} diff --git a/charts/gateway-helm/templates/envoy-gateway-metrics-service.yaml b/charts/gateway-helm/templates/envoy-gateway-metrics-service.yaml index b19069eec0c..bd5f1c6b8e2 100644 --- a/charts/gateway-helm/templates/envoy-gateway-metrics-service.yaml +++ b/charts/gateway-helm/templates/envoy-gateway-metrics-service.yaml @@ -2,6 +2,7 @@ apiVersion: v1 kind: Service metadata: name: envoy-gateway-metrics-service + namespace: '{{ .Release.Namespace }}' labels: control-plane: envoy-gateway {{- include "eg.labels" . | nindent 4 }} diff --git a/charts/gateway-helm/templates/envoy-gateway-service.yaml b/charts/gateway-helm/templates/envoy-gateway-service.yaml index 1b1a0c283a4..b9dd4cd5f22 100644 --- a/charts/gateway-helm/templates/envoy-gateway-service.yaml +++ b/charts/gateway-helm/templates/envoy-gateway-service.yaml @@ -2,6 +2,7 @@ apiVersion: v1 kind: Service metadata: name: envoy-gateway + namespace: '{{ .Release.Namespace }}' labels: control-plane: envoy-gateway {{- include "eg.labels" . | nindent 4 }} diff --git a/charts/gateway-helm/templates/infra-manager-rbac.yaml b/charts/gateway-helm/templates/infra-manager-rbac.yaml index 95b8669bc31..6f3e5a4677f 100644 --- a/charts/gateway-helm/templates/infra-manager-rbac.yaml +++ b/charts/gateway-helm/templates/infra-manager-rbac.yaml @@ -2,6 +2,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: {{ include "eg.fullname" . }}-infra-manager + namespace: '{{ .Release.Namespace }}' labels: {{- include "eg.labels" . | nindent 4 }} rules: @@ -29,6 +30,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: {{ include "eg.fullname" . }}-infra-manager + namespace: '{{ .Release.Namespace }}' labels: {{- include "eg.labels" . | nindent 4 }} roleRef: diff --git a/charts/gateway-helm/templates/leader-election-rbac.yaml b/charts/gateway-helm/templates/leader-election-rbac.yaml index ffd849f4272..5b59f34c7ca 100644 --- a/charts/gateway-helm/templates/leader-election-rbac.yaml +++ b/charts/gateway-helm/templates/leader-election-rbac.yaml @@ -2,6 +2,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: {{ include "eg.fullname" . }}-leader-election-role + namespace: '{{ .Release.Namespace }}' labels: {{- include "eg.labels" . | nindent 4 }} rules: @@ -41,6 +42,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: {{ include "eg.fullname" . }}-leader-election-rolebinding + namespace: '{{ .Release.Namespace }}' labels: {{- include "eg.labels" . | nindent 4 }} roleRef: diff --git a/charts/gateway-helm/templates/metrics-reader-rbac.yaml b/charts/gateway-helm/templates/metrics-reader-rbac.yaml index b3bec93b99b..3b77e714185 100644 --- a/charts/gateway-helm/templates/metrics-reader-rbac.yaml +++ b/charts/gateway-helm/templates/metrics-reader-rbac.yaml @@ -2,6 +2,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: {{ include "eg.fullname" . }}-metrics-reader + namespace: '{{ .Release.Namespace }}' labels: {{- include "eg.labels" . | nindent 4 }} rules: diff --git a/charts/gateway-helm/templates/namespace.yaml b/charts/gateway-helm/templates/namespace.yaml new file mode 100644 index 00000000000..0361b229daa --- /dev/null +++ b/charts/gateway-helm/templates/namespace.yaml @@ -0,0 +1,6 @@ +{{ if .Values.createNamespace }} +apiVersion: v1 +kind: Namespace +metadata: + name: '{{ .Release.Namespace }}' +{{ end }} diff --git a/charts/gateway-helm/values.tmpl.yaml b/charts/gateway-helm/values.tmpl.yaml index 94bbd583d27..d1fdd1979d9 100644 --- a/charts/gateway-helm/values.tmpl.yaml +++ b/charts/gateway-helm/values.tmpl.yaml @@ -42,3 +42,4 @@ envoyGatewayMetricsService: protocol: TCP targetPort: https +createNamespace: false diff --git a/tools/make/kube.mk b/tools/make/kube.mk index 77e1e9e7026..759cb596d34 100644 --- a/tools/make/kube.mk +++ b/tools/make/kube.mk @@ -125,7 +125,7 @@ generate-manifests: helm-generate ## Generate Kubernetes release manifests. @$(LOG_TARGET) @$(call log, "Generating kubernetes manifests") mkdir -p $(OUTPUT_DIR)/ - helm template eg charts/gateway-helm --include-crds --set deployment.envoyGateway.imagePullPolicy=$(IMAGE_PULL_POLICY) > $(OUTPUT_DIR)/install.yaml + helm template --set createNamespace=true eg charts/gateway-helm --include-crds --set deployment.envoyGateway.imagePullPolicy=$(IMAGE_PULL_POLICY) --namespace envoy-gateway-system > $(OUTPUT_DIR)/install.yaml @$(call log, "Added: $(OUTPUT_DIR)/install.yaml") cp examples/kubernetes/quickstart.yaml $(OUTPUT_DIR)/quickstart.yaml @$(call log, "Added: $(OUTPUT_DIR)/quickstart.yaml")