diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index fa867e76e..1a54994f8 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -23,7 +23,7 @@ jobs: - name: Check out code into the Go module directory uses: actions/checkout@v1 - - name: Run checks + - name: Prepare Host run: | sudo apt-get -qq update || true sudo apt-get install -y bzr @@ -35,6 +35,9 @@ jobs: curl -LO https://storage.googleapis.com/kubernetes-release/release/v1.17.0/bin/linux/amd64/kubectl chmod +x ./kubectl sudo mv ./kubectl /usr/local/bin/kubectl + + - name: Run checks + run: | make ci kubernetes: @@ -43,7 +46,7 @@ jobs: needs: build strategy: matrix: - k8s: [v1.11.10, v1.12.10, v1.13.12, v1.14.10, v1.15.7, v1.16.4, v1.17.2, v1.18.0] + k8s: [v1.11.10, v1.12.10, v1.13.12, v1.14.10, v1.15.7, v1.16.4, v1.17.2, v1.18.2] steps: - name: Check out code into the Go module directory @@ -70,12 +73,6 @@ jobs: echo kubectl version echo - echo "installing local-path provisioner ..." - kubectl delete storageclass --all - kubectl apply -f https://github.com/rancher/local-path-provisioner/raw/v0.0.12/deploy/local-path-storage.yaml - kubectl wait --for=condition=Ready pods -n local-path-storage --all --timeout=5m - kubectl apply -f hack/kubernetes/storageclass/standard.yaml - echo echo "create docker-registry secret" kubectl create secret docker-registry ${REGISTRY_SECRET} --namespace=kube-system --docker-server=https://index.docker.io/v1/ --docker-username=${USERNAME} --docker-password=${DOCKER_TOKEN} diff --git a/Makefile b/Makefile index 01f87c385..26588d43d 100644 --- a/Makefile +++ b/Makefile @@ -228,8 +228,23 @@ gen-values-schema: @yq r api/crds/installer.stash.appscode.com_stashoperators.yaml spec.validation.openAPIV3Schema.properties.spec > /tmp/stash-values.openapiv3_schema.yaml @yq d /tmp/stash-values.openapiv3_schema.yaml description > charts/stash/values.openapiv3_schema.yaml +.PHONY: gen-chart-doc +gen-chart-doc: gen-chart-doc-stash + +gen-chart-doc-%: + @echo "Generate $* chart docs" + @docker run --rm \ + -u $$(id -u):$$(id -g) \ + -v /tmp:/.cache \ + -v $$(pwd):$(DOCKER_REPO_ROOT) \ + -w $(DOCKER_REPO_ROOT) \ + --env HTTP_PROXY=$(HTTP_PROXY) \ + --env HTTPS_PROXY=$(HTTPS_PROXY) \ + $(BUILD_IMAGE) \ + chart-doc-gen -d ./charts/$*/doc.yaml -v ./charts/$*/values.yaml > ./charts/$*/README.md + .PHONY: manifests -manifests: gen-crds patch-crds label-crds gen-bindata gen-values-schema +manifests: gen-crds patch-crds label-crds gen-bindata gen-values-schema gen-chart-doc .PHONY: gen gen: clientset gen-crd-protos manifests openapi diff --git a/charts/stash/README.md b/charts/stash/README.md index c6f6ea31c..8c78839f1 100644 --- a/charts/stash/README.md +++ b/charts/stash/README.md @@ -12,7 +12,7 @@ $ helm install stash-operator appscode/stash -n kube-system ## Introduction -This chart bootstraps a [Stash controller](https://github.com/stashed/stash) deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. +This chart deploys a Stash operator on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. ## Prerequisites @@ -26,7 +26,7 @@ To install the chart with the release name `stash-operator`: $ helm install stash-operator appscode/stash -n kube-system ``` -The command deploys Stash operator on the Kubernetes cluster in the default configuration. The [configuration](#configuration) section lists the parameters that can be configured during installation. +The command deploys a Stash operator on the Kubernetes cluster in the default configuration. The [configuration](#configuration) section lists the parameters that can be configured during installation. > **Tip**: List all releases using `helm list` @@ -44,51 +44,63 @@ The command removes all the Kubernetes components associated with the chart and The following table lists the configurable parameters of the Stash chart and their default values. -| Parameter | Description | Default | -| --------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------------------------------- | -| `replicaCount` | Number of stash operator replicas to create (only 1 is supported) | `1` | -| `operator.registry` | Docker registry used to pull operator image | `appscode` | -| `operator.repository` | operator container image | `stash` | -| `operator.tag` | operator container image tag | `v0.9.0-rc.6` | -| `pushgateway.registry` | Docker registry used to pull Prometheus pushgateway image | `prom` | -| `pushgateway.repository` | Prometheus pushgateway container image | `pushgateway` | -| `pushgateway.tag` | Prometheus pushgateway container image tag | `v0.5.2` | -| `cleaner.registry` | Docker registry used to pull Webhook cleaner image | `appscode` | -| `cleaner.repository` | Webhook cleaner container image | `kubectl` | -| `cleaner.tag` | Webhook cleaner container image tag | `v1.11` | -| `imagePullSecrets` | Specify image pull secrets | `[]` | -| `imagePullPolicy` | container image pull policy | `IfNotPresent` | -| `criticalAddon` | If true, installs Stash operator as critical addon | `false` | -| `logLevel` | Log level for operator | `3` | -| `affinity` | Affinity rules for pod assignment | `{}` | -| `annotations` | Annotations applied to operator deployment | `{}` | -| `podAnnotations` | Annotations applied to operator pod(s) | `{}` | -| `nodeSelector` | Node labels for pod assignment | `{}` | -| `tolerations` | Tolerations used pod assignment | `[]` | -| `serviceAccount.create` | If `true`, create a new service account | `true` | -| `serviceAccount.name` | Service account to be used. If not set and `serviceAccount.create` is `true`, a name is generated using the fullname template | `` | -| `apiserver.groupPriorityMinimum` | The minimum priority the group should have. | 10000 | -| `apiserver.versionPriority` | The ordering of this API inside of the group. | 15 | -| `apiserver.enableValidatingWebhook` | Enable validating webhooks for Stash CRDs | true | -| `apiserver.enableMutatingWebhook` | Enable mutating webhooks for Kubernetes workloads | true | -| `apiserver.ca` | CA certificate used by main Kubernetes api server | `not-ca-cert` | -| `apiserver.bypassValidatingWebhookXray` | If true, bypasses validating webhook xray checks | `false` | -| `apiserver.useKubeapiserverFqdnForAks` | If true, uses kube-apiserver FQDN for AKS cluster to workaround https://github.com/Azure/AKS/issues/522 | `true` | -| `apiserver.healthcheck.enabled` | Enable readiness and liveliness probes | `false` | -| `apiserver.servingCerts.generate` | If true, generate on install/upgrade the certs that allow the kube-apiserver (and potentially ServiceMonitor) to authenticate Stash operator pods. Otherwise specify in `apiserver.servingCerts.{caCrt, serverCrt, serverKey}`. | `true` | -| `enableAnalytics` | Send usage events to Google Analytics | `true` | -| `monitoring.agent` | Specify which monitoring agent to use for monitoring Stash. It accepts either `prometheus.io/builtin` or `prometheus.io/operator`. | `none` | -| `monitoring.backup` | Specify whether to monitor Stash backup and recovery. | `false` | -| `monitoring.operator` | Specify whether to monitor Stash operator. | `false` | -| `monitoring.prometheus.namespace` | Specify the namespace where Prometheus server is running or will be deployed. | Release namespace | -| `monitoring.serviceMonitor.labels` | Specify the labels for ServiceMonitor. Prometheus crd will select ServiceMonitor using these labels. Only usable when monitoring agent is `prometheus.io/operator`. | `app: ` and `release: ` | -| `additionalPodSecurityPolicies` | Additional psp names passed to operator | `[]` | -| `platform.openshift` | Name of platform (eg: Openshift, AKS, EKS, GKE, etc.) | `false` | +| Parameter | Description | Default | +|---------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------| +| nameOverride | Overrides name template | `""` | +| fullnameOverride | Overrides fullname template | `""` | +| replicaCount | Number of stash operator replicas to create (only 1 is supported) | `1` | +| operator.registry | Docker registry used to pull operator image | `appscode` | +| operator.repository | Name of operator container image | `stash` | +| operator.tag | Operator container image tag | `v0.9.0-rc.6` | +| operator.resources | Compute Resources required by the operator container | `{"requests":{"cpu":"100m"}}` | +| operator.securityContext | Security options the operator container should run with | `{}` | +| pushgateway.registry | Docker registry used to pull Prometheus pushgateway image | `prom` | +| pushgateway.repository | Prometheus pushgateway container image | `pushgateway` | +| pushgateway.tag | Prometheus pushgateway container image tag | `v0.5.2` | +| pushgateway.resources | Compute Resources required by the Prometheus pushgateway container | `{}` | +| pushgateway.securityContext | Security options the Prometheus pushgateway container should run with | `{}` | +| cleaner.registry | Docker registry used to pull Webhook cleaner image | `appscode` | +| cleaner.repository | Webhook cleaner container image | `kubectl` | +| cleaner.tag | Webhook cleaner container image tag | `v1.16` | +| imagePullSecrets | Specify an array of imagePullSecrets. Secrets must be manually created in the namespace. | `[]` | +| imagePullPolicy | Container image pull policy | `IfNotPresent` | +| criticalAddon | If true, installs Stash operator as critical addon | `false` | +| logLevel | Log level for operator | `3` | +| annotations | Annotations applied to operator deployment | `{}` | +| podAnnotations | Annotations passed to operator pod(s). | `{}` | +| nodeSelector | Node labels for pod assignment | `{"beta.kubernetes.io/arch":"amd64","beta.kubernetes.io/os":"linux"}` | +| tolerations | Tolerations for pod assignment | `[]` | +| affinity | Affinity rules for pod assignment | `{}` | +| podSecurityContext | Security options the operator pod should run with. | `{"fsGroup":65535}` | +| serviceAccount.create | Specifies whether a service account should be created | `true` | +| serviceAccount.annotations | Annotations to add to the service account | `{}` | +| serviceAccount.name | The name of the service account to use. If not set and create is true, a name is generated using the fullname template | `` | +| apiserver.groupPriorityMinimum | The minimum priority the webhook api group should have at least. Please see https://github.com/kubernetes/kube-aggregator/blob/release-1.9/pkg/apis/apiregistration/v1beta1/types.go#L58-L64 for more information on proper values of this field. | `10000` | +| apiserver.versionPriority | The ordering of the webhook api inside of the group. Please see https://github.com/kubernetes/kube-aggregator/blob/release-1.9/pkg/apis/apiregistration/v1beta1/types.go#L66-L70 for more information on proper values of this field | `15` | +| apiserver.enableMutatingWebhook | If true, mutating webhook is configured for Kubernetes workloads | `true` | +| apiserver.enableValidatingWebhook | If true, validating webhook is configured for Stash CRDss | `true` | +| apiserver.ca | CA certificate used by the Kubernetes api server. This field is automatically assigned by the operator. | `not-ca-cert` | +| apiserver.bypassValidatingWebhookXray | If true, bypasses checks that validating webhook is actually enabled in the Kubernetes cluster. | `false` | +| apiserver.useKubeapiserverFqdnForAks | If true, uses kube-apiserver FQDN for AKS cluster to workaround https://github.com/Azure/AKS/issues/522 (default true) | `true` | +| apiserver.healthcheck.enabled | If true, enables the readiness and liveliness probes for the operator pod. | `false` | +| apiserver.servingCerts.generate | If true, generates on install/upgrade the certs that allow the kube-apiserver (and potentially ServiceMonitor) to authenticate operators pods. Otherwise specify certs in `apiserver.servingCerts.{caCrt, serverCrt, serverKey}`. | `true` | +| apiserver.servingCerts.caCrt | CA certficate used by serving certificate of webhook server. | `""` | +| apiserver.servingCerts.serverCrt | Serving certficate used by webhook server. | `""` | +| apiserver.servingCerts.serverKey | Private key for the serving certificate used by webhook server. | `""` | +| enableAnalytics | If true, sends usage analytics | `true` | +| monitoring.agent | Name of monitoring agent (either "prometheus.io/operator" or "prometheus.io/builtin") | `"none"` | +| monitoring.backup | Specify whether to monitor Stash backup and recovery | `false` | +| monitoring.operator | Specify whether to monitor Stash operator | `false` | +| monitoring.prometheus.namespace | Specify the namespace where Prometheus server is running or will be deployed. | `""` | +| monitoring.serviceMonitor.labels | Specify the labels for ServiceMonitor. Prometheus crd will select ServiceMonitor using these labels. Only usable when monitoring agent is `prometheus.io/operator`. | `{}` | +| additionalPodSecurityPolicies | Additional psp names passed to operator | `[]` | +| platform.openshift | Set true, if installed in OpenShift | `false` | + Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example: ```console -$ helm install stash-operator appscode/stash -n kube-system --set image.tag=v0.2.1 +$ helm install stash-operator appscode/stash -n kube-system --set replicaCount=1 ``` Alternatively, a YAML file that specifies the values for the parameters can be provided while diff --git a/charts/stash/doc.yaml b/charts/stash/doc.yaml new file mode 100644 index 000000000..c9bbc50ca --- /dev/null +++ b/charts/stash/doc.yaml @@ -0,0 +1,18 @@ +project: + name: Stash by AppsCode + shortName: Stash + url: https://github.com/stashed/stash + description: Backup your Kubernetes Volumes + app: a Stash operator +repository: + url: https://charts.appscode.com/stable/ + name: appscode +chart: + name: stash + values: "-- generate from values file --" + valuesExample: "-- generate from values file --" +prerequisites: +- Kubernetes 1.11+ +release: + name: stash-operator + namespace: kube-system diff --git a/charts/stash/values.yaml b/charts/stash/values.yaml index fccb27332..95df963ba 100644 --- a/charts/stash/values.yaml +++ b/charts/stash/values.yaml @@ -2,19 +2,26 @@ # This is a YAML-formatted file. # Declare variables to be passed into your templates. +# Overrides name template nameOverride: "" +# Overrides fullname template fullnameOverride: "" +# Number of stash operator replicas to create (only 1 is supported) replicaCount: 1 -# Docker registry containing Stash images operator: + # Docker registry used to pull operator image registry: appscode + # Name of operator container image repository: stash + # Operator container image tag tag: v0.9.0-rc.6 - resources: + # Compute Resources required by the operator container + resources: # +doc-gen:break requests: cpu: "100m" + # Security options the operator container should run with securityContext: {} # capabilities: # drop: @@ -22,11 +29,17 @@ operator: # readOnlyRootFilesystem: true # runAsNonRoot: true # runAsUser: 1000 + pushgateway: + # Docker registry used to pull Prometheus pushgateway image registry: prom + # Prometheus pushgateway container image repository: pushgateway + # Prometheus pushgateway container image tag tag: v0.5.2 + # Compute Resources required by the Prometheus pushgateway container resources: {} + # Security options the Prometheus pushgateway container should run with securityContext: {} # capabilities: # drop: @@ -34,56 +47,52 @@ pushgateway: # readOnlyRootFilesystem: true # runAsNonRoot: true # runAsUser: 1000 + cleaner: + # Docker registry used to pull Webhook cleaner image registry: appscode + # Webhook cleaner container image repository: kubectl + # Webhook cleaner container image tag tag: v1.16 -## Optionally specify an array of imagePullSecrets. -## Secrets must be manually created in the namespace. -## ref: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod -## example: helm template charts/stash \ -## --set imagePullSecrets[0].name=abc,imagePullSecrets[1].name=xyz +# Specify an array of imagePullSecrets. +# Secrets must be manually created in the namespace. +# +# Example: +# helm template charts/stash \ +# --set imagePullSecrets[0].name=sec0 \ +# --set imagePullSecrets[1].name=sec1 imagePullSecrets: [] -## Specify a imagePullPolicy -## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images -## +# Container image pull policy imagePullPolicy: IfNotPresent -## Installs Stash operator as critical addon -## https://kubernetes.io/docs/tasks/administer-cluster/guaranteed-scheduling-critical-addon-pods/ +# If true, installs Stash operator as critical addon criticalAddon: false -## Log level for operator +# Log level for operator logLevel: 3 -## Annotations passed to operator deployment. -## +# Annotations applied to operator deployment annotations: {} -## Annotations passed to operator pod(s). -## +# Annotations passed to operator pod(s). podAnnotations: {} -## Node labels for pod assignment -## Ref: https://kubernetes.io/docs/user-guide/node-selection/ -## -nodeSelector: +# Node labels for pod assignment +nodeSelector: # +doc-gen:break beta.kubernetes.io/os: linux beta.kubernetes.io/arch: amd64 -## Tolerations for pod assignment -## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ -## +# Tolerations for pod assignment tolerations: [] -## Affinity for pod assignment -## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity -## +# Affinity rules for pod assignment affinity: {} -podSecurityContext: +# Security options the operator pod should run with. +podSecurityContext: # +doc-gen:break fsGroup: 65535 serviceAccount: @@ -96,57 +105,65 @@ serviceAccount: name: apiserver: - # groupPriorityMinimum is the minimum priority the group should have. Please see + # The minimum priority the webhook api group should have at least. Please see # https://github.com/kubernetes/kube-aggregator/blob/release-1.9/pkg/apis/apiregistration/v1beta1/types.go#L58-L64 # for more information on proper values of this field. groupPriorityMinimum: 10000 - # versionPriority is the ordering of this API inside of the group. Please see + # The ordering of the webhook api inside of the group. Please see # https://github.com/kubernetes/kube-aggregator/blob/release-1.9/pkg/apis/apiregistration/v1beta1/types.go#L66-L70 # for more information on proper values of this field versionPriority: 15 - # enableMutatingWebhook is used to configure mutating webhook for Kubernetes workloads + # If true, mutating webhook is configured for Kubernetes workloads enableMutatingWebhook: true - # enableValidatingWebhook is used to configure validating webhook for Stash CRDss + # If true, validating webhook is configured for Stash CRDss enableValidatingWebhook: true - # CA certificate used by main Kubernetes api server + # CA certificate used by the Kubernetes api server. This field is automatically assigned by the operator. ca: not-ca-cert - # If true, bypasses validating webhook xray checks + # If true, bypasses checks that validating webhook is actually enabled in the Kubernetes cluster. bypassValidatingWebhookXray: false # If true, uses kube-apiserver FQDN for AKS cluster to workaround https://github.com/Azure/AKS/issues/522 (default true) useKubeapiserverFqdnForAks: true - # healthcheck configures the readiness and liveliness probes for the operator pod. healthcheck: + # If true, enables the readiness and liveliness probes for the operator pod. enabled: false servingCerts: - # If true, generate on install/upgrade the certs that allow the kube-apiserver (and potentially ServiceMonitor) to authenticate vault-operator pods. - # Otherwise specify in `apiserver.servingCerts.{caCrt, serverCrt, serverKey}`. + # If true, generates on install/upgrade the certs that allow the kube-apiserver (and potentially ServiceMonitor) + # to authenticate operators pods. Otherwise specify certs in `apiserver.servingCerts.{caCrt, serverCrt, serverKey}`. generate: true + # CA certficate used by serving certificate of webhook server. caCrt: "" + # Serving certficate used by webhook server. serverCrt: "" + # Private key for the serving certificate used by webhook server. serverKey: "" -# Send usage events to Google Analytics +# If true, sends usage analytics enableAnalytics: true monitoring: - # specify monitoring agent (either "prometheus.io/builtin" or "prometheus.io/operator") + # Name of monitoring agent (either "prometheus.io/operator" or "prometheus.io/builtin") agent: "none" - # specify whether to monitor backup and recovery + # Specify whether to monitor Stash backup and recovery backup: false - # specify whether to monitor stash operator + # Specify whether to monitor Stash operator operator: false - # specify where ServiceMonitor crd will be created prometheus: + # Specify the namespace where Prometheus server is running or will be deployed. namespace: "" serviceMonitor: + # Specify the labels for ServiceMonitor. + # Prometheus crd will select ServiceMonitor using these labels. + # Only usable when monitoring agent is `prometheus.io/operator`. labels: {} # Additional psp names passed to operator -# example: helm install appscode/stash \ -# --set additionalPodSecurityPolicies[0]=abc \ -# --set additionalPodSecurityPolicies[1]=xyz +# +# Example: +# helm install appscode/stash \ +# --set additionalPodSecurityPolicies[0]=abc \ +# --set additionalPodSecurityPolicies[1]=xyz additionalPodSecurityPolicies: [] -# Name of platform (eg: Openshift, AKS, EKS, GKE, etc.) platform: + # Set true, if installed in OpenShift openshift: false