Merge pull request #258 from jlegrone/feature/consolidate-chart

Consolidate helm charts
2018-08-07 10:46:17 -06:00
parent a1677ce5e0 5500055558
commit 774a963508
12 changed files with 218 additions and 102 deletions
--- a/charts/virtual-kubelet-0.2.0.tgz
+++ b/charts/virtual-kubelet-0.2.0.tgz
--- a/charts/virtual-kubelet/Chart.yaml
+++ b/charts/virtual-kubelet/Chart.yaml
@@ -1,6 +1,8 @@
 name: virtual-kubelet
-version: 0.1.3
+version: 0.2.0
-description: a Helm chart to install virtual kubelet inside a Kubernetes cluster.
+appVersion: 0.3
 description: A Helm chart to install virtual kubelet inside a Kubernetes cluster.
 icon: https://avatars2.githubusercontent.com/u/34250142
 sources:
  - https://github.com/virtual-kubelet/virtual-kubelet
 maintainers:
--- a/charts/virtual-kubelet/templates/NOTES.txt
+++ b/charts/virtual-kubelet/templates/NOTES.txt
@@ -1,28 +1,12 @@
 {{- if and .Values.env.azureClientId .Values.env.azureClientKey .Values.env.azureTenantId .Values.env.azureSubscriptionId .Values.env.aciResourceGroup -}}
 The virtual kubelet is getting deployed on your cluster.
 To verify that virtual kubelet has started, run:
-  kubectl --namespace={{ .Release.Namespace }} get pods -l "app={{ template "fullname" . }}"
+  kubectl --namespace={{ .Release.Namespace }} get pods -l "app={{ template "vk.name" . }}"
 {{- else -}}
 ##############################################################################
 ####  ERROR: You are missing required values in the values.yaml file.     ####
 ##############################################################################
 This deployment will be incomplete until all the required fields in the values.yaml file have been provided.
 To update, run:
    helm upgrade {{ .Release.Name }} \
    --set env.azureClientId=<YOUR-AZURECLIENTID-HERE>,env.azureClientKey=<YOUR-AZURECLIENTKEY-HERE>,env.azureTenantId=<YOUR-AZURETENANTID-HERE>,env.azureSubscriptionId=<YOUR-AZURESUBSCRIPTIONID-HERE>,env.aciResourceGroup=<YOUR-ACIRESOURCEGROUP-HERE>,ev.aciOsType=<Linux|Windows>,rbac.install=<false|true>
 {{- end }}
 {{- if (not .Values.env.apiserverCert) and (not .Values.env.apiserverKey) }}
 Note: 
 TLS key pair not provided for VK HTTP listener. A key pair was generated for you. This generated key pair is not suitable for production use.
-{{- end }}
+{{- end }}
--- a/charts/virtual-kubelet/templates/_helpers.tpl
+++ b/charts/virtual-kubelet/templates/_helpers.tpl
@@ -2,7 +2,7 @@
 {{/*
 Expand the name of the chart.
 */}}
-{{- define "name" -}}
+{{- define "vk.name" -}}
 {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
 {{- end -}}
@@ -10,7 +10,20 @@ Expand the name of the chart.
 Create a default fully qualified app name.
 We truncate at 24 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
 */}}
-{{- define "fullname" -}}
+{{- define "vk.fullname" -}}
 {{- $name := default .Chart.Name .Values.nameOverride -}}
 {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
 {{- end -}}
 {{/*
 Standard labels for helm resources
 */}}
 {{- define "vk.labels" -}}
 labels:
  heritage: "{{ .Release.Service }}"
  release: "{{ .Release.Name }}"
  revision: "{{ .Release.Revision }}"
  chart: "{{ .Chart.Name }}"
  chartVersion: "{{ .Chart.Version }}"
  app: {{ template "vk.name" . }}
 {{- end -}}
--- a/charts/virtual-kubelet/templates/clusterrolebinding.yaml
+++ b/charts/virtual-kubelet/templates/clusterrolebinding.yaml
@@ -1,14 +1,15 @@
 {{ if .Values.rbac.install }}
-apiVersion: rbac.authorization.k8s.io/v1beta1
+apiVersion: "rbac.authorization.k8s.io/{{ .Values.rbac.apiVersion }}"
 kind: ClusterRoleBinding
 metadata:
-  name: {{ template "fullname" . }}-role-binding
+  name: {{ template "vk.fullname" . }}
 {{ include "vk.labels" . | indent 2 }}
 subjects:
 - kind: ServiceAccount
-  name: {{ template "fullname" . }}-service-account
+  name: {{ template "vk.fullname" . }}
-  namespace: default
+  namespace: {{ .Release.Namespace }}
 roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: {{ .Values.rbac.roleRef }}
-{{ end }}
+{{ end }}
--- a/charts/virtual-kubelet/templates/deployment.yaml
+++ b/charts/virtual-kubelet/templates/deployment.yaml
@@ -1,48 +1,96 @@
 apiVersion: extensions/v1beta1
 kind: Deployment
 metadata:
-  name: {{ template "fullname" . }}
+  name: {{ template "vk.fullname" . }}
 {{ include "vk.labels" . | indent 2 }}
    component: kubelet
 spec:
  replicas: 1
  template:
    metadata:
-      labels:
+{{ include "vk.labels" . | indent 6 }}
-        app: {{ template "fullname" . }}
+        component: kubelet
      annotations:
        checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }}
    spec:
      containers:
-      - name: {{ template "fullname" . }}
+      - name: {{ template "vk.fullname" . }}
        image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
        imagePullPolicy: {{ .Values.image.pullPolicy }}
        env:
        - name: KUBELET_PORT
          value: "10250"
        - name: AZURE_AUTH_LOCATION
          value: /etc/virtual-kubelet/credentials.json
        - name: ACI_RESOURCE_GROUP
          value: {{ .Values.env.aciResourceGroup }}
        - name: ACI_REGION
          value: {{ default "westus" .Values.env.aciRegion }}
        - name: APISERVER_CERT_LOCATION
          value: /etc/virtual-kubelet/cert.pem
        - name: APISERVER_KEY_LOCATION
          value: /etc/virtual-kubelet/key.pem
        {{ if .Values.loganalytics.enabled }}
        - name: LOG_ANALYTICS_AUTH_LOCATION
          value: /etc/virtual-kubelet/loganalytics.json
        {{ end }}
        - name: VKUBELET_POD_IP
          valueFrom:
            fieldRef:
              fieldPath: status.podIP
 {{- if eq .Values.provider "azure" }}
 {{- with .Values.providers.azure }}
 {{- if .loganalytics.enabled }}
        - name: LOG_ANALYTICS_AUTH_LOCATION
          value: /etc/virtual-kubelet/loganalytics.json
 {{- end }}
 {{- if .targetAKS }}
        - name: ACS_CREDENTIAL_LOCATION
          value: /etc/acs/azure.json
        - name: AZURE_TENANT_ID
          value: {{ .tenantId }}
        - name: AZURE_SUBSCRIPTION_ID
          value: {{ .subscriptionId }}
        - name: AZURE_CLIENT_ID
          value: {{ .clientId }}
        - name: AZURE_CLIENT_SECRET
          valueFrom:
            secretKeyRef:
              name: {{ template "vk.fullname" $ }}
              key: clientSecret
        - name: ACI_RESOURCE_GROUP
          value: {{ .aciResourceGroup }}
        - name: ACI_REGION
          value: {{ .aciRegion }}
 {{- else }}
        - name: AZURE_AUTH_LOCATION
          value: /etc/virtual-kubelet/credentials.json
        - name: ACI_RESOURCE_GROUP
          value: {{ required "aciResourceGroup is required" .aciResourceGroup }}
        - name: ACI_REGION
          value: {{ required "aciRegion is required" .aciRegion }}
 {{- end }}
 {{- end }}
 {{- end }}
        volumeMounts:
        - name: credentials
          mountPath: "/etc/virtual-kubelet"
 {{- if eq .Values.provider "azure" }}
 {{- if .Values.providers.azure.targetAKS }}
        - name: acs-credential
          mountPath: "/etc/acs/azure.json"
 {{- end }}
 {{- end }}
        command: ["virtual-kubelet"]
-        args: ["--provider", "azure", "--namespace", {{ default "" .Values.env.monitoredNamespace | quote }}, "--nodename", {{ default "virtual-kubelet" .Values.env.nodeName | quote }} , "--os", {{ default "Linux" .Values.env.nodeOsType | quote }}, "--taint", {{ default "azure.com/aci" .Values.env.nodeTaint | quote }}]
+        args: [
          "--provider", "{{ required "provider is required" .Values.provider }}",
          "--namespace", "{{ .Values.monitoredNamespace }}",
          "--nodename", "{{ required "nodeName is required" .Values.nodeName }}",
          "--os", "{{ .Values.nodeOsType }}",
          "--taint", "{{ .Values.nodeTaint }}"
        ]
      volumes:
      - name: credentials
        secret:
-          secretName: {{ template "fullname" . }}
+          secretName: {{ template "vk.fullname" . }}
-      serviceAccountName: {{ if .Values.rbac.install }} "{{ template "fullname" . }}-service-account" {{ end }}
+{{- if eq .Values.provider "azure" }}
 {{- if .Values.providers.azure.targetAKS }}
      - name: acs-credential
        hostPath:
          path: /etc/kubernetes/azure.json
          type: File
 {{- end }}
 {{- end }}
      serviceAccountName: {{ if .Values.rbac.install }} "{{ template "vk.fullname" . }}" {{ end }}
      nodeSelector:
        beta.kubernetes.io/os: linux
--- a/charts/virtual-kubelet/templates/secret.yaml
+++ b/charts/virtual-kubelet/templates/secret.yaml
@@ -0,0 +1,31 @@
 apiVersion: v1
 kind: Secret
 metadata:
  name: {{ template "vk.fullname" . }}
 {{ include "vk.labels" . | indent 2 }}
 type: Opaque
 data:
 {{- if (not .Values.env.apiserverCert) and (not .Values.env.apiserverKey) }}
 {{- $ca := genCA "virtual-kubelet-ca" 3650 }}
 {{- $cn := printf "%s-virtual-kubelet-apiserver" .Release.Name }}
 {{- $altName1 := printf "%s-virtual-kubelet-apiserver.%s" .Release.Name .Release.Namespace }}
 {{- $altName2 := printf "%s-virtual-kubelet-apiserver.%s.svc" .Release.Name .Release.Namespace }}
 {{- $cert := genSignedCert $cn nil (list $altName1 $altName2) 3650 $ca }}
  cert.pem: {{ b64enc $cert.Cert }}
  key.pem: {{ b64enc $cert.Key }}
 {{- else }}
  cert.pem: {{ quote .Values.env.apiserverCert }}
  key.pem: {{ quote .Values.env.apiserverKey }}
 {{- end }}
 {{- if eq .Values.provider "azure" }}
 {{- with .Values.providers.azure }}
 {{- if .loganalytics.enabled }}
  loganalytics.json: {{ printf "{\"workspaceID\": \"%s\",\"workspaceKey\": \"%s\"}" (required "workspaceID is required for loganalytics" .loganalytics.workspaceID ) (required "workspaceKey is required for loganalytics" .loganalytics.workspaceKey ) }}
 {{- end }}
 {{- if .targetAKS }}
  clientSecret: {{ default "" .clientKey | b64enc | quote }}
 {{- else }}
  credentials.json: {{ printf "{ \"clientId\": \"%s\", \"clientSecret\": \"%s\", \"subscriptionId\": \"%s\", \"tenantId\": \"%s\", \"activeDirectoryEndpointUrl\": \"https://login.microsoftonline.com/\", \"resourceManagerEndpointUrl\": \"https://management.azure.com/\", \"activeDirectoryGraphResourceId\": \"https://graph.windows.net/\", \"sqlManagementEndpointUrl\": \"database.windows.net\", \"galleryEndpointUrl\": \"https://gallery.azure.com/\", \"managementEndpointUrl\": \"https://management.core.windows.net/\" }" (default "MISSING" .clientId) (default "MISSING" .clientKey) (default "MISSING" .subscriptionId) (default "MISSING" .tenantId) | b64enc | quote }}
 {{- end }}
 {{- end }}
 {{- end }}
--- a/charts/virtual-kubelet/templates/secrets.yaml
+++ b/charts/virtual-kubelet/templates/secrets.yaml
@@ -1,22 +0,0 @@
 apiVersion: v1
 kind: Secret
 metadata:
  name: {{ template "fullname" . }}
 type: Opaque
 data:
  credentials.json: {{ printf "{ \"clientId\": \"%s\", \"clientSecret\": \"%s\", \"subscriptionId\": \"%s\", \"tenantId\": \"%s\", \"activeDirectoryEndpointUrl\": \"https://login.microsoftonline.com/\", \"resourceManagerEndpointUrl\": \"https://management.azure.com/\", \"activeDirectoryGraphResourceId\": \"https://graph.windows.net/\", \"sqlManagementEndpointUrl\": \"database.windows.net\", \"galleryEndpointUrl\": \"https://gallery.azure.com/\", \"managementEndpointUrl\": \"https://management.core.windows.net/\" }" (default "MISSING" .Values.env.azureClientId) (default "MISSING" .Values.env.azureClientKey) (default "MISSING" .Values.env.azureSubscriptionId) (default "MISSING" .Values.env.azureTenantId) | b64enc | quote }}
  {{- if (not .Values.env.apiserverCert) and (not .Values.env.apiserverKey) }}
  {{- $ca := genCA "virtual-kubelet-ca" 3650 }}
  {{- $cn := printf "%s-virtual-kubelet-apiserver" .Release.Name }}
  {{- $altName1 := printf "%s-virtual-kubelet-apiserver.%s" .Release.Name .Release.Namespace }}
  {{- $altName2 := printf "%s-virtual-kubelet-apiserver.%s.svc" .Release.Name .Release.Namespace }}
  {{- $cert := genSignedCert $cn nil (list $altName1 $altName2) 3650 $ca }}
  cert.pem: {{ b64enc $cert.Cert }}
  key.pem: {{ b64enc $cert.Key }}
  {{ else }}
  cert.pem: {{ quote .Values.env.apiserverCert }}
  key.pem: {{ quote .Values.env.apiserverKey }}
  {{ end}}
  {{ if .Values.loganalytics.enabled }}
  loganalytics.json: {{ printf "{\"workspaceID\": \"%s\",\"workspaceKey\": \"%s\"}" (required "workspaceID is required for loganalytics" .Values.loganalytics.workspaceID ) (required "workspaceKey is required for loganalytics" .Values.loganalytics.workspaceKey ) }}
  {{ end }}
--- a/charts/virtual-kubelet/templates/serviceaccount.yaml
+++ b/charts/virtual-kubelet/templates/serviceaccount.yaml
@@ -2,5 +2,6 @@
 apiVersion: v1
 kind: ServiceAccount
 metadata:
-  name: {{ template "fullname" . }}-service-account
+  name: {{ template "vk.fullname" . }}
-{{ end }}
+{{ include "vk.labels" . | indent 2 }}
 {{ end }}
--- a/charts/virtual-kubelet/templates/tests/helloworld.yaml
+++ b/charts/virtual-kubelet/templates/tests/helloworld.yaml
@@ -0,0 +1,27 @@
 apiVersion: v1
 kind: Pod
 metadata:
  name: "{{ .Release.Name }}-{{ .Release.Revision }}-test"
 {{ include "vk.labels" . | indent 2 }}
    component: test
  annotations:
    "helm.sh/hook": test-success
 spec:
  containers:
  - image: hello-world:linux
    imagePullPolicy: Always
    name: helloworld
    resources:
      requests:
        memory: "0.1G"
        cpu: 10m
      limits:
        memory: "0.1G"
        cpu: 10m
  dnsPolicy: ClusterFirst
  nodeSelector:
    kubernetes.io/hostname: "{{ .Values.nodeName }}"
  restartPolicy: Never
  tolerations:
  - key: "{{ .Values.nodeTaint }}"
    effect: NoSchedule
--- a/charts/virtual-kubelet/values.yaml
+++ b/charts/virtual-kubelet/values.yaml
@@ -2,29 +2,37 @@ image:
  repository: microsoft/virtual-kubelet
  tag: latest
  pullPolicy: Always
 env:
  azureClientId: 
  azureClientKey: 
  azureTenantId: 
  azureSubscriptionId: 
  aciResourceGroup: 
  aciRegion: 
  nodeName: 
  nodeTaint: 
  nodeOsType: 
  apiserverCert: 
  apiserverKey: 
  monitoredNamespace:
 loganalytics:
  enabled: false
  workspaceID:
  workspaceKey:
-# Install Default RBAC roles and bindings
+## `provider` should be one of aws, azure, azurebatch, etc...
 provider: 
 nodeName: "virtual-kubelet"
 nodeTaint: "azure.com/aci"
 nodeOsType: "Linux"
 monitoredNamespace: ""
 apiserverCert: 
 apiserverKey: 
 providers:
  azure:
    ## Set to true if deploying to Azure Kubernetes Service (AKS), otherwise false
    targetAKS: true
    clientId: 
    clientKey: 
    tenantId: 
    subscriptionId: 
    ## `aciResourceGroup` and `aciRegion` are required only for non-AKS deployments
    aciResourceGroup: 
    aciRegion: 
    loganalytics:
      enabled: false
      workspaceID: 
      workspaceKey: 
 ## Install Default RBAC roles and bindings
 rbac:
-  install: false
+  install: true
  serviceAccountName: virtual-kubelet
-  # RBAC api version (currently v1beta1)
+  ## RBAC api version
  apiVersion: v1beta1
-  # Cluster role reference
+  ## Cluster role reference
  roleRef: cluster-admin
--- a/providers/azure/README.md
+++ b/providers/azure/README.md
@@ -186,26 +186,19 @@ resources on your account on behalf of Kubernetes.
 You will need to enable ACI in your subscription:
-    ```cli
+```cli
-    az provider register -n Microsoft.ContainerInstance
+az provider register -n Microsoft.ContainerInstance
-    ```
+```
 ## Deployment of the ACI provider in your cluster
 Run these commands to deploy the virtual kubelet which connects your Kubernetes cluster to Azure Container Instances.
 If your cluster is an AKS cluster:
 ```cli
-export VK_RELEASE=virtual-kubelet-for-aks-0.1.3
+export VK_RELEASE=virtual-kubelet-0.2.0
 ````
 For any other type of Kubernetes cluster:
 ```cli
 export VK_RELEASE=virtual-kubelet-0.1.1
 ```
 If your cluster is an AKS cluster:
 ```cli
 RELEASE_NAME=virtual-kubelet
 NODE_NAME=virtual-kubelet
@@ -216,7 +209,37 @@ chmod +x createCertAndKey.sh
 . ./createCertAndKey.sh
 helm install "$CHART_URL" --name "$RELEASE_NAME" \
-    --set env.azureClientId="$AZURE_CLIENT_ID",env.azureClientKey="$AZURE_CLIENT_SECRET",env.azureTenantId="$AZURE_TENANT_ID",env.azureSubscriptionId="$AZURE_SUBSCRIPTION_ID",env.aciRegion="$ACI_REGION",env.aciResourceGroup="$AZURE_RG",env.nodeName="$NODE_NAME",env.nodeOsType=<Linux|Windows>,env.apiserverCert=$cert,env.apiserverKey=$key,rbac.install=false
+  --set provider=azure \
  --set providers.azure.targetAKS=true \
  --set providers.azure.tenantId=$AZURE_TENANT_ID \
  --set providers.azure.subscriptionId=$AZURE_SUBSCRIPTION_ID \
  --set providers.azure.clientId=$AZURE_CLIENT_ID \
  --set apiserverCert=$cert \
  --set apiserverKey=$key
 ```
 For any other type of Kubernetes cluster:
 ```cli
 RELEASE_NAME=virtual-kubelet
 NODE_NAME=virtual-kubelet
 CHART_URL=https://github.com/virtual-kubelet/virtual-kubelet/raw/master/charts/$VK_RELEASE.tgz
 curl https://raw.githubusercontent.com/virtual-kubelet/virtual-kubelet/master/scripts/createCertAndKey.sh > createCertAndKey.sh
 chmod +x createCertAndKey.sh
 . ./createCertAndKey.sh
 helm install "$CHART_URL" --name "$RELEASE_NAME" \
  --set provider=azure \
  --set rbac.install=true \
  --set providers.azure.targetAKS=false \
  --set providers.azure.tenantId=$AZURE_TENANT_ID \
  --set providers.azure.subscriptionId=$AZURE_SUBSCRIPTION_ID \
  --set providers.azure.clientId=$AZURE_CLIENT_ID \
  --set providers.azure.clientKey=$AZURE_CLIENT_SECRET \
  --set providers.azure.aciResourceGroup=$AZURE_RG \
  --set providers.azure.aciRegion=$ACI_REGION \
  --set apiserverCert=$cert \
  --set apiserverKey=$key
 ```
 If your cluster has RBAC enabled set ```rbac.install=true```