d8dfun/virtual-kubelet
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity

Merge pull request #258 from jlegrone/feature/consolidate-chart

Browse Source 
Consolidate helm charts
This commit is contained in:
Jeremy Rickard
2018-08-07 10:46:17 -06:00
committed by GitHub
parent a1677ce5e0 5500055558
commit 774a963508
12 changed files with 218 additions and 102 deletions
Download Patch File Download Diff File Expand all files Collapse all files

BIN
charts/virtual-kubelet-0.2.0.tgz Normal file
View File

Binary file not shown.

6
charts/virtual-kubelet/Chart.yaml
View File

@@ -1,6 +1,8 @@
name: virtual-kubelet
version: 0.1.3
description: a Helm chart to install virtual kubelet inside a Kubernetes cluster.
version: 0.2.0
appVersion: 0.3
description: A Helm chart to install virtual kubelet inside a Kubernetes cluster.
icon: https://avatars2.githubusercontent.com/u/34250142
sources:
- https://github.com/virtual-kubelet/virtual-kubelet
maintainers:

18
charts/virtual-kubelet/templates/NOTES.txt
View File

@@ -1,24 +1,8 @@
{{- if and .Values.env.azureClientId .Values.env.azureClientKey .Values.env.azureTenantId .Values.env.azureSubscriptionId .Values.env.aciResourceGroup -}}
The virtual kubelet is getting deployed on your cluster.
To verify that virtual kubelet has started, run:
kubectl --namespace={{ .Release.Namespace }} get pods -l "app={{ template "fullname" . }}"
{{- else -}}
##############################################################################
#### ERROR: You are missing required values in the values.yaml file. ####
##############################################################################
This deployment will be incomplete until all the required fields in the values.yaml file have been provided.
To update, run:
helm upgrade {{ .Release.Name }} \
--set env.azureClientId=<YOUR-AZURECLIENTID-HERE>,env.azureClientKey=<YOUR-AZURECLIENTKEY-HERE>,env.azureTenantId=<YOUR-AZURETENANTID-HERE>,env.azureSubscriptionId=<YOUR-AZURESUBSCRIPTIONID-HERE>,env.aciResourceGroup=<YOUR-ACIRESOURCEGROUP-HERE>,ev.aciOsType=<Linux|Windows>,rbac.install=<false|true>
{{- end }}
kubectl --namespace={{ .Release.Namespace }} get pods -l "app={{ template "vk.name" . }}"
{{- if (not .Values.env.apiserverCert) and (not .Values.env.apiserverKey) }}

17
charts/virtual-kubelet/templates/_helpers.tpl
View File

@@ -2,7 +2,7 @@
{{/*
Expand the name of the chart.
*/}}
{{- define "name" -}}
{{- define "vk.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
{{- end -}}
@@ -10,7 +10,20 @@ Expand the name of the chart.
Create a default fully qualified app name.
We truncate at 24 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
*/}}
{{- define "fullname" -}}
{{- define "vk.fullname" -}}
{{- $name := default .Chart.Name .Values.nameOverride -}}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Standard labels for helm resources
*/}}
{{- define "vk.labels" -}}
labels:
heritage: "{{ .Release.Service }}"
release: "{{ .Release.Name }}"
revision: "{{ .Release.Revision }}"
chart: "{{ .Chart.Name }}"
chartVersion: "{{ .Chart.Version }}"
app: {{ template "vk.name" . }}
{{- end -}}

9
charts/virtual-kubelet/templates/clusterrolebinding.yaml
View File

@@ -1,12 +1,13 @@
{{ if .Values.rbac.install }}
apiVersion: rbac.authorization.k8s.io/v1beta1
apiVersion: "rbac.authorization.k8s.io/{{ .Values.rbac.apiVersion }}"
kind: ClusterRoleBinding
metadata:
name: {{ template "fullname" . }}-role-binding
name: {{ template "vk.fullname" . }}
{{ include "vk.labels" . | indent 2 }}
subjects:
- kind: ServiceAccount
name: {{ template "fullname" . }}-service-account
namespace: default
name: {{ template "vk.fullname" . }}
namespace: {{ .Release.Namespace }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole

82
charts/virtual-kubelet/templates/deployment.yaml
View File

@@ -1,48 +1,96 @@
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: {{ template "fullname" . }}
name: {{ template "vk.fullname" . }}
{{ include "vk.labels" . | indent 2 }}
component: kubelet
spec:
replicas: 1
template:
metadata:
labels:
app: {{ template "fullname" . }}
{{ include "vk.labels" . | indent 6 }}
component: kubelet
annotations:
checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }}
spec:
containers:
- name: {{ template "fullname" . }}
- name: {{ template "vk.fullname" . }}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
env:
- name: KUBELET_PORT
value: "10250"
- name: AZURE_AUTH_LOCATION
value: /etc/virtual-kubelet/credentials.json
- name: ACI_RESOURCE_GROUP
value: {{ .Values.env.aciResourceGroup }}
- name: ACI_REGION
value: {{ default "westus" .Values.env.aciRegion }}
- name: APISERVER_CERT_LOCATION
value: /etc/virtual-kubelet/cert.pem
- name: APISERVER_KEY_LOCATION
value: /etc/virtual-kubelet/key.pem
{{ if .Values.loganalytics.enabled }}
- name: LOG_ANALYTICS_AUTH_LOCATION
value: /etc/virtual-kubelet/loganalytics.json
{{ end }}
- name: VKUBELET_POD_IP
valueFrom:
fieldRef:
fieldPath: status.podIP
{{- if eq .Values.provider "azure" }}
{{- with .Values.providers.azure }}
{{- if .loganalytics.enabled }}
- name: LOG_ANALYTICS_AUTH_LOCATION
value: /etc/virtual-kubelet/loganalytics.json
{{- end }}
{{- if .targetAKS }}
- name: ACS_CREDENTIAL_LOCATION
value: /etc/acs/azure.json
- name: AZURE_TENANT_ID
value: {{ .tenantId }}
- name: AZURE_SUBSCRIPTION_ID
value: {{ .subscriptionId }}
- name: AZURE_CLIENT_ID
value: {{ .clientId }}
- name: AZURE_CLIENT_SECRET
valueFrom:
secretKeyRef:
name: {{ template "vk.fullname" $ }}
key: clientSecret
- name: ACI_RESOURCE_GROUP
value: {{ .aciResourceGroup }}
- name: ACI_REGION
value: {{ .aciRegion }}
{{- else }}
- name: AZURE_AUTH_LOCATION
value: /etc/virtual-kubelet/credentials.json
- name: ACI_RESOURCE_GROUP
value: {{ required "aciResourceGroup is required" .aciResourceGroup }}
- name: ACI_REGION
value: {{ required "aciRegion is required" .aciRegion }}
{{- end }}
{{- end }}
{{- end }}
volumeMounts:
- name: credentials
mountPath: "/etc/virtual-kubelet"
{{- if eq .Values.provider "azure" }}
{{- if .Values.providers.azure.targetAKS }}
- name: acs-credential
mountPath: "/etc/acs/azure.json"
{{- end }}
{{- end }}
command: ["virtual-kubelet"]
args: ["--provider", "azure", "--namespace", {{ default "" .Values.env.monitoredNamespace | quote }}, "--nodename", {{ default "virtual-kubelet" .Values.env.nodeName | quote }} , "--os", {{ default "Linux" .Values.env.nodeOsType | quote }}, "--taint", {{ default "azure.com/aci" .Values.env.nodeTaint | quote }}]
args: [
"--provider", "{{ required "provider is required" .Values.provider }}",
"--namespace", "{{ .Values.monitoredNamespace }}",
"--nodename", "{{ required "nodeName is required" .Values.nodeName }}",
"--os", "{{ .Values.nodeOsType }}",
"--taint", "{{ .Values.nodeTaint }}"
]
volumes:
- name: credentials
secret:
secretName: {{ template "fullname" . }}
serviceAccountName: {{ if .Values.rbac.install }} "{{ template "fullname" . }}-service-account" {{ end }}
secretName: {{ template "vk.fullname" . }}
{{- if eq .Values.provider "azure" }}
{{- if .Values.providers.azure.targetAKS }}
- name: acs-credential
hostPath:
path: /etc/kubernetes/azure.json
type: File
{{- end }}
{{- end }}
serviceAccountName: {{ if .Values.rbac.install }} "{{ template "vk.fullname" . }}" {{ end }}
nodeSelector:
beta.kubernetes.io/os: linux

31
charts/virtual-kubelet/templates/secret.yaml Normal file
View File

@@ -0,0 +1,31 @@
apiVersion: v1
kind: Secret
metadata:
name: {{ template "vk.fullname" . }}
{{ include "vk.labels" . | indent 2 }}
type: Opaque
data:
{{- if (not .Values.env.apiserverCert) and (not .Values.env.apiserverKey) }}
{{- $ca := genCA "virtual-kubelet-ca" 3650 }}
{{- $cn := printf "%s-virtual-kubelet-apiserver" .Release.Name }}
{{- $altName1 := printf "%s-virtual-kubelet-apiserver.%s" .Release.Name .Release.Namespace }}
{{- $altName2 := printf "%s-virtual-kubelet-apiserver.%s.svc" .Release.Name .Release.Namespace }}
{{- $cert := genSignedCert $cn nil (list $altName1 $altName2) 3650 $ca }}
cert.pem: {{ b64enc $cert.Cert }}
key.pem: {{ b64enc $cert.Key }}
{{- else }}
cert.pem: {{ quote .Values.env.apiserverCert }}
key.pem: {{ quote .Values.env.apiserverKey }}
{{- end }}
{{- if eq .Values.provider "azure" }}
{{- with .Values.providers.azure }}
{{- if .loganalytics.enabled }}
loganalytics.json: {{ printf "{\"workspaceID\": \"%s\",\"workspaceKey\": \"%s\"}" (required "workspaceID is required for loganalytics" .loganalytics.workspaceID ) (required "workspaceKey is required for loganalytics" .loganalytics.workspaceKey ) }}
{{- end }}
{{- if .targetAKS }}
clientSecret: {{ default "" .clientKey | b64enc | quote }}
{{- else }}
credentials.json: {{ printf "{ \"clientId\": \"%s\", \"clientSecret\": \"%s\", \"subscriptionId\": \"%s\", \"tenantId\": \"%s\", \"activeDirectoryEndpointUrl\": \"https://login.microsoftonline.com/\", \"resourceManagerEndpointUrl\": \"https://management.azure.com/\", \"activeDirectoryGraphResourceId\": \"https://graph.windows.net/\", \"sqlManagementEndpointUrl\": \"database.windows.net\", \"galleryEndpointUrl\": \"https://gallery.azure.com/\", \"managementEndpointUrl\": \"https://management.core.windows.net/\" }" (default "MISSING" .clientId) (default "MISSING" .clientKey) (default "MISSING" .subscriptionId) (default "MISSING" .tenantId) | b64enc | quote }}
{{- end }}
{{- end }}
{{- end }}

22
charts/virtual-kubelet/templates/secrets.yaml
View File

@@ -1,22 +0,0 @@
apiVersion: v1
kind: Secret
metadata:
name: {{ template "fullname" . }}
type: Opaque
data:
credentials.json: {{ printf "{ \"clientId\": \"%s\", \"clientSecret\": \"%s\", \"subscriptionId\": \"%s\", \"tenantId\": \"%s\", \"activeDirectoryEndpointUrl\": \"https://login.microsoftonline.com/\", \"resourceManagerEndpointUrl\": \"https://management.azure.com/\", \"activeDirectoryGraphResourceId\": \"https://graph.windows.net/\", \"sqlManagementEndpointUrl\": \"database.windows.net\", \"galleryEndpointUrl\": \"https://gallery.azure.com/\", \"managementEndpointUrl\": \"https://management.core.windows.net/\" }" (default "MISSING" .Values.env.azureClientId) (default "MISSING" .Values.env.azureClientKey) (default "MISSING" .Values.env.azureSubscriptionId) (default "MISSING" .Values.env.azureTenantId) | b64enc | quote }}
{{- if (not .Values.env.apiserverCert) and (not .Values.env.apiserverKey) }}
{{- $ca := genCA "virtual-kubelet-ca" 3650 }}
{{- $cn := printf "%s-virtual-kubelet-apiserver" .Release.Name }}
{{- $altName1 := printf "%s-virtual-kubelet-apiserver.%s" .Release.Name .Release.Namespace }}
{{- $altName2 := printf "%s-virtual-kubelet-apiserver.%s.svc" .Release.Name .Release.Namespace }}
{{- $cert := genSignedCert $cn nil (list $altName1 $altName2) 3650 $ca }}
cert.pem: {{ b64enc $cert.Cert }}
key.pem: {{ b64enc $cert.Key }}
{{ else }}
cert.pem: {{ quote .Values.env.apiserverCert }}
key.pem: {{ quote .Values.env.apiserverKey }}
{{ end}}
{{ if .Values.loganalytics.enabled }}
loganalytics.json: {{ printf "{\"workspaceID\": \"%s\",\"workspaceKey\": \"%s\"}" (required "workspaceID is required for loganalytics" .Values.loganalytics.workspaceID ) (required "workspaceKey is required for loganalytics" .Values.loganalytics.workspaceKey ) }}
{{ end }}

3
charts/virtual-kubelet/templates/serviceaccount.yaml
View File

@@ -2,5 +2,6 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ template "fullname" . }}-service-account
name: {{ template "vk.fullname" . }}
{{ include "vk.labels" . | indent 2 }}
{{ end }}

27
charts/virtual-kubelet/templates/tests/helloworld.yaml Normal file
View File

@@ -0,0 +1,27 @@
apiVersion: v1
kind: Pod
metadata:
name: "{{ .Release.Name }}-{{ .Release.Revision }}-test"
{{ include "vk.labels" . | indent 2 }}
component: test
annotations:
"helm.sh/hook": test-success
spec:
containers:
- image: hello-world:linux
imagePullPolicy: Always
name: helloworld
resources:
requests:
memory: "0.1G"
cpu: 10m
limits:
memory: "0.1G"
cpu: 10m
dnsPolicy: ClusterFirst
nodeSelector:
kubernetes.io/hostname: "{{ .Values.nodeName }}"
restartPolicy: Never
tolerations:
- key: "{{ .Values.nodeTaint }}"
effect: NoSchedule

38
charts/virtual-kubelet/values.yaml
View File

@@ -2,29 +2,37 @@ image:
repository: microsoft/virtual-kubelet
tag: latest
pullPolicy: Always
env:
azureClientId:
azureClientKey:
azureTenantId:
azureSubscriptionId:
aciResourceGroup:
aciRegion:
nodeName:
nodeTaint:
nodeOsType:
## `provider` should be one of aws, azure, azurebatch, etc...
provider:
nodeName: "virtual-kubelet"
nodeTaint: "azure.com/aci"
nodeOsType: "Linux"
monitoredNamespace: ""
apiserverCert:
apiserverKey:
monitoredNamespace:
providers:
azure:
## Set to true if deploying to Azure Kubernetes Service (AKS), otherwise false
targetAKS: true
clientId:
clientKey:
tenantId:
subscriptionId:
## `aciResourceGroup` and `aciRegion` are required only for non-AKS deployments
aciResourceGroup:
aciRegion:
loganalytics:
enabled: false
workspaceID:
workspaceKey:
# Install Default RBAC roles and bindings
## Install Default RBAC roles and bindings
rbac:
install: false
install: true
serviceAccountName: virtual-kubelet
# RBAC api version (currently v1beta1)
## RBAC api version
apiVersion: v1beta1
# Cluster role reference
## Cluster role reference
roleRef: cluster-admin

43
providers/azure/README.md
View File

@@ -194,18 +194,11 @@ You will need to enable ACI in your subscription:
Run these commands to deploy the virtual kubelet which connects your Kubernetes cluster to Azure Container Instances.
If your cluster is an AKS cluster:
```cli
export VK_RELEASE=virtual-kubelet-for-aks-0.1.3
````
For any other type of Kubernetes cluster:
```cli
export VK_RELEASE=virtual-kubelet-0.1.1
export VK_RELEASE=virtual-kubelet-0.2.0
```
If your cluster is an AKS cluster:
```cli
RELEASE_NAME=virtual-kubelet
NODE_NAME=virtual-kubelet
@@ -216,7 +209,37 @@ chmod +x createCertAndKey.sh
. ./createCertAndKey.sh
helm install "$CHART_URL" --name "$RELEASE_NAME" \
--set env.azureClientId="$AZURE_CLIENT_ID",env.azureClientKey="$AZURE_CLIENT_SECRET",env.azureTenantId="$AZURE_TENANT_ID",env.azureSubscriptionId="$AZURE_SUBSCRIPTION_ID",env.aciRegion="$ACI_REGION",env.aciResourceGroup="$AZURE_RG",env.nodeName="$NODE_NAME",env.nodeOsType=<Linux|Windows>,env.apiserverCert=$cert,env.apiserverKey=$key,rbac.install=false
--set provider=azure \
--set providers.azure.targetAKS=true \
--set providers.azure.tenantId=$AZURE_TENANT_ID \
--set providers.azure.subscriptionId=$AZURE_SUBSCRIPTION_ID \
--set providers.azure.clientId=$AZURE_CLIENT_ID \
--set apiserverCert=$cert \
--set apiserverKey=$key
```
For any other type of Kubernetes cluster:
```cli
RELEASE_NAME=virtual-kubelet
NODE_NAME=virtual-kubelet
CHART_URL=https://github.com/virtual-kubelet/virtual-kubelet/raw/master/charts/$VK_RELEASE.tgz
curl https://raw.githubusercontent.com/virtual-kubelet/virtual-kubelet/master/scripts/createCertAndKey.sh > createCertAndKey.sh
chmod +x createCertAndKey.sh
. ./createCertAndKey.sh
helm install "$CHART_URL" --name "$RELEASE_NAME" \
--set provider=azure \
--set rbac.install=true \
--set providers.azure.targetAKS=false \
--set providers.azure.tenantId=$AZURE_TENANT_ID \
--set providers.azure.subscriptionId=$AZURE_SUBSCRIPTION_ID \
--set providers.azure.clientId=$AZURE_CLIENT_ID \
--set providers.azure.clientKey=$AZURE_CLIENT_SECRET \
--set providers.azure.aciResourceGroup=$AZURE_RG \
--set providers.azure.aciRegion=$ACI_REGION \
--set apiserverCert=$cert \
--set apiserverKey=$key
```
If your cluster has RBAC enabled set ```rbac.install=true```