Consolidate helm charts

CHANGES:
- Added an appVersion and icon to helm Chart.yaml
- Refactored to use `required` in chart manifests rather than
  outputting an error message in notes
- Namespaced `name` and `fullname` template partials to `vk`
- Enabled rbac apiVersion configuration
- Removed role-binding and service-account suffixes from resource
  names
- Fixed bug where virtual-kubelet service account would not be
  bound to cluster role if chart was installed outside the default
  namespace
- Removed hardcoded `azure` provider

BREAKING CHANGES:
- Virtual-Kubelet specific values previously nested under `env` are
  now declared at the top level of the values file.
- Azure provider configuration values previously nested under `env`
  are now at `providers.azure`

charts/virtual-kubelet-for-aks/Chart.yaml

@@ -1,8 +0,0 @@
-name: virtual-kubelet-for-aks
-version: 0.1.6
-description: a Helm chart to install virtual kubelet in an AKS or ACS cluster.
-sources:
-  - https://github.com/virtual-kubelet/virtual-kubelet
-maintainers:
-  - name: Robbie Zhang
-    email: junjiez@microsoft.com

charts/virtual-kubelet-for-aks/templates/NOTES.txt

@@ -1,12 +0,0 @@
-The virtual kubelet is getting deployed on your cluster.
-
-To verify that virtual kubelet has started, run:
-
-  kubectl --namespace={{ .Release.Namespace }} get pods -l "app={{ template "fullname" . }}"
-
-{{- if (not .Values.env.apiserverCert) and (not .Values.env.apiserverKey) }}
-
-Note: 
-TLS key pair not provided for VK HTTP listener. A key pair was generated for you. This generated key pair is not suitable for production use.
-
-{{- end }}

charts/virtual-kubelet-for-aks/templates/_helpers.tpl

@@ -1,16 +0,0 @@
-{{/* vim: set filetype=mustache: */}}
-{{/*
-Expand the name of the chart.
-*/}}
-{{- define "name" -}}
-{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
-{{- end -}}
-
-{{/*
-Create a default fully qualified app name.
-We truncate at 24 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
-*/}}
-{{- define "fullname" -}}
-{{- $name := default .Chart.Name .Values.nameOverride -}}
-{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
-{{- end -}}

charts/virtual-kubelet-for-aks/templates/clusterrolebinding.yaml

@@ -1,14 +0,0 @@
-{{ if .Values.rbac.install }}
-apiVersion: "rbac.authorization.k8s.io/{{ .Values.rbac.apiVersion }}"
-kind: ClusterRoleBinding
-metadata:
-  name: {{ template "fullname" . }}
-subjects:
-- kind: ServiceAccount
-  name: {{ template "fullname" . }}
-  namespace: {{ .Release.Namespace }}
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: {{ .Values.rbac.roleRef }}
-{{ end }}

charts/virtual-kubelet-for-aks/templates/deployment.yaml

@@ -1,63 +0,0 @@
-apiVersion: extensions/v1beta1
-kind: Deployment
-metadata:
-  name: {{ template "fullname" . }}
-spec:
-  replicas: 1
-  template:
-    metadata:
-      labels:
-        app: {{ template "fullname" . }}
-    spec:
-      containers:
-      - name: {{ template "fullname" . }}
-        image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
-        imagePullPolicy: {{ .Values.image.pullPolicy }}
-        env:
-        - name: KUBELET_PORT
-          value: "10250"
-        - name: ACS_CREDENTIAL_LOCATION
-          value: /etc/acs/azure.json
-        - name: AZURE_TENANT_ID
-          value: {{ .Values.env.azureTenantId }}
-        - name: AZURE_SUBSCRIPTION_ID
-          value: {{ .Values.env.azureSubscriptionId }}
-        - name: AZURE_CLIENT_ID
-          value: {{ .Values.env.azureClientId }}
-        - name: AZURE_CLIENT_SECRET
-          valueFrom:
-            secretKeyRef:
-              name: {{ template "fullname" . }}
-              key: clientSecret
-        - name: ACI_RESOURCE_GROUP
-          value: {{ .Values.env.aciResourceGroup }}
-        - name: ACI_REGION
-          value: {{ default "westus" .Values.env.aciRegion }}
-        - name: APISERVER_CERT_LOCATION
-          value: /etc/virtual-kubelet/cert.pem
-        - name: APISERVER_KEY_LOCATION
-          value: /etc/virtual-kubelet/key.pem
-        - name: VKUBELET_POD_IP
-          valueFrom:
-            fieldRef:
-              fieldPath: status.podIP
-        volumeMounts:
-        - name: credentials
-          mountPath: "/etc/virtual-kubelet"
-        - name: acs-credential
-          mountPath: "/etc/acs/azure.json"
-        command: ["virtual-kubelet"]
-        args: ["--provider", "azure", "--namespace", {{ default "" .Values.env.monitoredNamespace | quote }}, "--nodename", {{ default "virtual-kubelet" .Values.env.nodeName | quote }} , "--os", {{ default "Linux" .Values.env.nodeOsType | quote }}, "--taint", {{ default "azure.com/aci" .Values.env.nodeTaint | quote }}]
-      volumes:
-      - name: credentials
-        secret:
-          secretName: {{ template "fullname" . }}
-      - name: acs-credential
-        hostPath:
-          path: /etc/kubernetes/azure.json
-          type: File
-      {{ if .Values.rbac.install }}
-      serviceAccountName: {{ template "fullname" . }}
-      {{ end }}
-      nodeSelector:
-        beta.kubernetes.io/os: linux

charts/virtual-kubelet-for-aks/templates/secrets.yaml

@@ -1,19 +0,0 @@
-apiVersion: v1
-kind: Secret
-metadata:
-  name: {{ template "fullname" . }}
-type: Opaque
-data:
-  {{- if (not .Values.env.apiserverCert) and (not .Values.env.apiserverKey) }}
-  {{- $ca := genCA "virtual-kubelet-ca" 3650 }}
-  {{- $cn := printf "%s-virtual-kubelet-apiserver" .Release.Name }}
-  {{- $altName1 := printf "%s-virtual-kubelet-apiserver.%s" .Release.Name .Release.Namespace }}
-  {{- $altName2 := printf "%s-virtual-kubelet-apiserver.%s.svc" .Release.Name .Release.Namespace }}
-  {{- $cert := genSignedCert $cn nil (list $altName1 $altName2) 3650 $ca }}
-  cert.pem: {{ b64enc $cert.Cert }}
-  key.pem: {{ b64enc $cert.Key }}
-  {{ else }}
-  cert.pem: {{ quote .Values.env.apiserverCert }}
-  key.pem: {{ quote .Values.env.apiserverKey }}
-  {{ end}}
-  clientSecret: {{ default "" .Values.env.azureClientKey | b64enc | quote }}

charts/virtual-kubelet-for-aks/templates/serviceaccount.yaml

@@ -1,6 +0,0 @@
-{{ if .Values.rbac.install }}
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: {{ template "fullname" . }}
-{{ end }}

charts/virtual-kubelet-for-aks/values.yaml

@@ -1,25 +0,0 @@
-image:
-  repository: microsoft/virtual-kubelet
-  tag: latest
-  pullPolicy: Always
-env:
-  azureClientId: 
-  azureClientKey: 
-  azureTenantId: 
-  azureSubscriptionId: 
-  aciResourceGroup: 
-  aciRegion: 
-  nodeName: 
-  nodeTaint: 
-  nodeOsType: 
-  apiserverCert: 
-  apiserverKey: 
-  monitoredNamespace:
-
-# Install Default RBAC roles and bindings
-rbac:
-  install: true
-  ## RBAC api version
-  apiVersion: v1beta1
-  # Cluster role reference
-  roleRef: cluster-admin

charts/virtual-kubelet/Chart.yaml

@@ -1,6 +1,8 @@
 name: virtual-kubelet
-version: 0.1.3
-description: a Helm chart to install virtual kubelet inside a Kubernetes cluster.
+version: 0.2.0
+appVersion: 0.3
+description: A Helm chart to install virtual kubelet inside a Kubernetes cluster.
+icon: https://avatars2.githubusercontent.com/u/34250142
 sources:
   - https://github.com/virtual-kubelet/virtual-kubelet
 maintainers:

charts/virtual-kubelet/templates/NOTES.txt

@@ -1,28 +1,12 @@
-{{- if and .Values.env.azureClientId .Values.env.azureClientKey .Values.env.azureTenantId .Values.env.azureSubscriptionId .Values.env.aciResourceGroup -}}
-
 The virtual kubelet is getting deployed on your cluster.
 
 To verify that virtual kubelet has started, run:
 
-  kubectl --namespace={{ .Release.Namespace }} get pods -l "app={{ template "fullname" . }}"
-
-{{- else -}}
-##############################################################################
-####  ERROR: You are missing required values in the values.yaml file.     ####
-##############################################################################
-
-This deployment will be incomplete until all the required fields in the values.yaml file have been provided.
-
-To update, run:
-
-    helm upgrade {{ .Release.Name }} \
-    --set env.azureClientId=<YOUR-AZURECLIENTID-HERE>,env.azureClientKey=<YOUR-AZURECLIENTKEY-HERE>,env.azureTenantId=<YOUR-AZURETENANTID-HERE>,env.azureSubscriptionId=<YOUR-AZURESUBSCRIPTIONID-HERE>,env.aciResourceGroup=<YOUR-ACIRESOURCEGROUP-HERE>,ev.aciOsType=<Linux|Windows>,rbac.install=<false|true>
-
-{{- end }}
+  kubectl --namespace={{ .Release.Namespace }} get pods -l "app={{ template "vk.fullname" . }}"
 
 {{- if (not .Values.env.apiserverCert) and (not .Values.env.apiserverKey) }}
 
 Note: 
 TLS key pair not provided for VK HTTP listener. A key pair was generated for you. This generated key pair is not suitable for production use.
 
-{{- end }}
+{{- end }}

charts/virtual-kubelet/templates/_helpers.tpl

@@ -2,7 +2,7 @@
 {{/*
 Expand the name of the chart.
 */}}
-{{- define "name" -}}
+{{- define "vk.name" -}}
 {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
 {{- end -}}
 
@@ -10,7 +10,7 @@ Expand the name of the chart.
 Create a default fully qualified app name.
 We truncate at 24 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
 */}}
-{{- define "fullname" -}}
+{{- define "vk.fullname" -}}
 {{- $name := default .Chart.Name .Values.nameOverride -}}
 {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
 {{- end -}}

charts/virtual-kubelet/templates/clusterrolebinding.yaml

@@ -1,14 +1,14 @@
 {{ if .Values.rbac.install }}
-apiVersion: rbac.authorization.k8s.io/v1beta1
+apiVersion: "rbac.authorization.k8s.io/{{ .Values.rbac.apiVersion }}"
 kind: ClusterRoleBinding
 metadata:
-  name: {{ template "fullname" . }}-role-binding
+  name: {{ template "vk.fullname" . }}
 subjects:
 - kind: ServiceAccount
-  name: {{ template "fullname" . }}-service-account
-  namespace: default
+  name: {{ template "vk.fullname" . }}
+  namespace: {{ .Release.Namespace }}
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
   name: {{ .Values.rbac.roleRef }}
-{{ end }}
+{{ end }}

charts/virtual-kubelet/templates/deployment.yaml

@@ -1,48 +1,90 @@
 apiVersion: extensions/v1beta1
 kind: Deployment
 metadata:
-  name: {{ template "fullname" . }}
+  name: {{ template "vk.fullname" . }}
+  annotations:
+    virtual-kubelet/provider: {{ required "provider is required" .Values.provider }}
 spec:
   replicas: 1
   template:
     metadata:
       labels:
-        app: {{ template "fullname" . }}
+        app: {{ template "vk.fullname" . }}
     spec:
       containers:
-      - name: {{ template "fullname" . }}
+      - name: {{ template "vk.fullname" . }}
         image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
         imagePullPolicy: {{ .Values.image.pullPolicy }}
         env:
         - name: KUBELET_PORT
           value: "10250"
-        - name: AZURE_AUTH_LOCATION
-          value: /etc/virtual-kubelet/credentials.json
-        - name: ACI_RESOURCE_GROUP
-          value: {{ .Values.env.aciResourceGroup }}
-        - name: ACI_REGION
-          value: {{ default "westus" .Values.env.aciRegion }}
         - name: APISERVER_CERT_LOCATION
           value: /etc/virtual-kubelet/cert.pem
         - name: APISERVER_KEY_LOCATION
           value: /etc/virtual-kubelet/key.pem
-        {{ if .Values.loganalytics.enabled }}
-        - name: LOG_ANALYTICS_AUTH_LOCATION
-          value: /etc/virtual-kubelet/loganalytics.json
-        {{ end }}
         - name: VKUBELET_POD_IP
           valueFrom:
             fieldRef:
               fieldPath: status.podIP
+{{- if eq .Values.provider "azure" }}
+{{- with .Values.providers.azure }}
+        - name: ACI_RESOURCE_GROUP
+          value: {{ required "aciResourceGroup is required" .aciResourceGroup }}
+        - name: ACI_REGION
+          value: {{ required "aciRegion is required" .aciRegion }}
+{{- if .loganalytics.enabled }}
+        - name: LOG_ANALYTICS_AUTH_LOCATION
+          value: /etc/virtual-kubelet/loganalytics.json
+{{- end }}
+{{- if .targetAKS }}
+        - name: ACS_CREDENTIAL_LOCATION
+          value: /etc/acs/azure.json
+        - name: AZURE_TENANT_ID
+          value: {{ required "tenantId is required" .tenantId }}
+        - name: AZURE_SUBSCRIPTION_ID
+          value: {{ required "subscriptionId is required" .subscriptionId }}
+        - name: AZURE_CLIENT_ID
+          value: {{ required "clientId is required" .clientId }}
+        - name: AZURE_CLIENT_SECRET
+          valueFrom:
+            secretKeyRef:
+              name: {{ template "vk.fullname" $ }}
+              key: clientSecret
+{{- else }}
+        - name: AZURE_AUTH_LOCATION
+          value: /etc/virtual-kubelet/credentials.json
+{{- end }}
+{{- end }}
+{{- end }}
         volumeMounts:
         - name: credentials
           mountPath: "/etc/virtual-kubelet"
+{{- if eq .Values.provider "azure" }}
+{{- if .Values.providers.azure.targetAKS }}
+        - name: acs-credential
+          mountPath: "/etc/acs/azure.json"
+{{- end }}
+{{- end }}
         command: ["virtual-kubelet"]
-        args: ["--provider", "azure", "--namespace", {{ default "" .Values.env.monitoredNamespace | quote }}, "--nodename", {{ default "virtual-kubelet" .Values.env.nodeName | quote }} , "--os", {{ default "Linux" .Values.env.nodeOsType | quote }}, "--taint", {{ default "azure.com/aci" .Values.env.nodeTaint | quote }}]
+        args: [
+          "--provider", "{{ .Values.provider }}",
+          "--namespace", "{{ .Values.monitoredNamespace }}",
+          "--nodename", "{{ required "nodeName is required" .Values.nodeName }}",
+          "--os", "{{ .Values.nodeOsType }}",
+          "--taint", "{{ .Values.nodeTaint }}"
+        ]
       volumes:
       - name: credentials
         secret:
-          secretName: {{ template "fullname" . }}
-      serviceAccountName: {{ if .Values.rbac.install }} "{{ template "fullname" . }}-service-account" {{ end }}
+          secretName: {{ template "vk.fullname" . }}
+{{- if eq .Values.provider "azure" }}
+{{- if .Values.providers.azure.targetAKS }}
+      - name: acs-credential
+        hostPath:
+          path: /etc/kubernetes/azure.json
+          type: File
+{{- end }}
+{{- end }}
+      serviceAccountName: {{ if .Values.rbac.install }} "{{ template "vk.fullname" . }}" {{ end }}
       nodeSelector:
         beta.kubernetes.io/os: linux

charts/virtual-kubelet/templates/secret.yaml

@@ -0,0 +1,30 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ template "vk.fullname" . }}
+type: Opaque
+data:
+{{- if (not .Values.env.apiserverCert) and (not .Values.env.apiserverKey) }}
+{{- $ca := genCA "virtual-kubelet-ca" 3650 }}
+{{- $cn := printf "%s-virtual-kubelet-apiserver" .Release.Name }}
+{{- $altName1 := printf "%s-virtual-kubelet-apiserver.%s" .Release.Name .Release.Namespace }}
+{{- $altName2 := printf "%s-virtual-kubelet-apiserver.%s.svc" .Release.Name .Release.Namespace }}
+{{- $cert := genSignedCert $cn nil (list $altName1 $altName2) 3650 $ca }}
+  cert.pem: {{ b64enc $cert.Cert }}
+  key.pem: {{ b64enc $cert.Key }}
+{{- else }}
+  cert.pem: {{ quote .Values.env.apiserverCert }}
+  key.pem: {{ quote .Values.env.apiserverKey }}
+{{- end }}
+{{- if eq .Values.provider "azure" }}
+{{- with .Values.providers.azure }}
+{{- if .loganalytics.enabled }}
+  loganalytics.json: {{ printf "{\"workspaceID\": \"%s\",\"workspaceKey\": \"%s\"}" (required "workspaceID is required for loganalytics" .loganalytics.workspaceID ) (required "workspaceKey is required for loganalytics" .loganalytics.workspaceKey ) }}
+{{- end }}
+{{- if .targetAKS }}
+  clientSecret: {{ required "clientKey is required" .clientKey | b64enc | quote }}
+{{- else }}
+  credentials.json: {{ printf "{ \"clientId\": \"%s\", \"clientSecret\": \"%s\", \"subscriptionId\": \"%s\", \"tenantId\": \"%s\", \"activeDirectoryEndpointUrl\": \"https://login.microsoftonline.com/\", \"resourceManagerEndpointUrl\": \"https://management.azure.com/\", \"activeDirectoryGraphResourceId\": \"https://graph.windows.net/\", \"sqlManagementEndpointUrl\": \"database.windows.net\", \"galleryEndpointUrl\": \"https://gallery.azure.com/\", \"managementEndpointUrl\": \"https://management.core.windows.net/\" }" (default "MISSING" .clientId) (default "MISSING" .clientKey) (default "MISSING" .subscriptionId) (default "MISSING" .tenantId) | b64enc | quote }}
+{{- end }}
+{{- end }}
+{{- end }}

charts/virtual-kubelet/templates/secrets.yaml

@@ -1,22 +0,0 @@
-apiVersion: v1
-kind: Secret
-metadata:
-  name: {{ template "fullname" . }}
-type: Opaque
-data:
-  credentials.json: {{ printf "{ \"clientId\": \"%s\", \"clientSecret\": \"%s\", \"subscriptionId\": \"%s\", \"tenantId\": \"%s\", \"activeDirectoryEndpointUrl\": \"https://login.microsoftonline.com/\", \"resourceManagerEndpointUrl\": \"https://management.azure.com/\", \"activeDirectoryGraphResourceId\": \"https://graph.windows.net/\", \"sqlManagementEndpointUrl\": \"database.windows.net\", \"galleryEndpointUrl\": \"https://gallery.azure.com/\", \"managementEndpointUrl\": \"https://management.core.windows.net/\" }" (default "MISSING" .Values.env.azureClientId) (default "MISSING" .Values.env.azureClientKey) (default "MISSING" .Values.env.azureSubscriptionId) (default "MISSING" .Values.env.azureTenantId) | b64enc | quote }}
-  {{- if (not .Values.env.apiserverCert) and (not .Values.env.apiserverKey) }}
-  {{- $ca := genCA "virtual-kubelet-ca" 3650 }}
-  {{- $cn := printf "%s-virtual-kubelet-apiserver" .Release.Name }}
-  {{- $altName1 := printf "%s-virtual-kubelet-apiserver.%s" .Release.Name .Release.Namespace }}
-  {{- $altName2 := printf "%s-virtual-kubelet-apiserver.%s.svc" .Release.Name .Release.Namespace }}
-  {{- $cert := genSignedCert $cn nil (list $altName1 $altName2) 3650 $ca }}
-  cert.pem: {{ b64enc $cert.Cert }}
-  key.pem: {{ b64enc $cert.Key }}
-  {{ else }}
-  cert.pem: {{ quote .Values.env.apiserverCert }}
-  key.pem: {{ quote .Values.env.apiserverKey }}
-  {{ end}}
-  {{ if .Values.loganalytics.enabled }}
-  loganalytics.json: {{ printf "{\"workspaceID\": \"%s\",\"workspaceKey\": \"%s\"}" (required "workspaceID is required for loganalytics" .Values.loganalytics.workspaceID ) (required "workspaceKey is required for loganalytics" .Values.loganalytics.workspaceKey ) }}
-  {{ end }}

charts/virtual-kubelet/templates/serviceaccount.yaml

@@ -2,5 +2,5 @@
 apiVersion: v1
 kind: ServiceAccount
 metadata:
-  name: {{ template "fullname" . }}-service-account
-{{ end }}
+  name: {{ template "vk.fullname" . }}
+{{ end }}

charts/virtual-kubelet/values.yaml

@@ -2,29 +2,36 @@ image:
   repository: microsoft/virtual-kubelet
   tag: latest
   pullPolicy: Always
-env:
-  azureClientId: 
-  azureClientKey: 
-  azureTenantId: 
-  azureSubscriptionId: 
-  aciResourceGroup: 
-  aciRegion: 
-  nodeName: 
-  nodeTaint: 
-  nodeOsType: 
-  apiserverCert: 
-  apiserverKey: 
-  monitoredNamespace:
-loganalytics:
-  enabled: false
-  workspaceID:
-  workspaceKey:
 
-# Install Default RBAC roles and bindings
+## `provider` should be one of aws, azure, azurebatch, etc...
+provider: 
+nodeName: "virtual-kubelet"
+nodeTaint: "azure.com/aci"
+nodeOsType: "Linux"
+monitoredNamespace: ""
+apiserverCert: 
+apiserverKey: 
+
+providers:
+  azure:
+    ## Set to true if deploying to Azure Kubernetes Service (AKS), otherwise false
+    targetAKS: true
+    clientId: 
+    clientKey: 
+    tenantId: 
+    subscriptionId: 
+    aciResourceGroup: 
+    aciRegion: "westus"
+    loganalytics:
+      enabled: false
+      workspaceID: 
+      workspaceKey: 
+
+## Install Default RBAC roles and bindings
 rbac:
   install: false
   serviceAccountName: virtual-kubelet
-  # RBAC api version (currently v1beta1)
+  ## RBAC api version
   apiVersion: v1beta1
-  # Cluster role reference
+  ## Cluster role reference
   roleRef: cluster-admin

providers/azure/README.md

@@ -186,22 +186,14 @@ resources on your account on behalf of Kubernetes.
 
 You will need to enable ACI in your subscription:
 
-    ```cli
-    az provider register -n Microsoft.ContainerInstance
-    ```
+```cli
+az provider register -n Microsoft.ContainerInstance
+```
 
 ## Deployment of the ACI provider in your cluster
 
 Run these commands to deploy the virtual kubelet which connects your Kubernetes cluster to Azure Container Instances.
 
-If your cluster is an AKS cluster:
-
-```cli
-export VK_RELEASE=virtual-kubelet-for-aks-0.1.3
-````
-
-For any other type of Kubernetes cluster:
-
 ```cli
 export VK_RELEASE=virtual-kubelet-0.1.1
 ```