Skip to content

Commit

Permalink
Merge pull request #200 from FabianKramm/main
Browse files Browse the repository at this point in the history
refactor: make separate helm chart for k0s & k8s
  • Loading branch information
FabianKramm authored Nov 25, 2021
2 parents 579b6ca + 1963f49 commit 66d1728
Show file tree
Hide file tree
Showing 76 changed files with 4,876 additions and 817 deletions.
2 changes: 1 addition & 1 deletion .dockerignore
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
/.devspace
/.git
/.vscode
/chart
/charts
/api
/kubeconfig.yaml
/cmd/virtualclusterctl
Expand Down
4 changes: 3 additions & 1 deletion .github/workflows/release.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -87,7 +87,9 @@ jobs:
RELEASE_VERSION=$(echo $GITHUB_REF | sed -nE 's!refs/tags/v!!p')
helm plugin install https://github.com/chartmuseum/helm-push.git
helm repo add chartmuseum $CHART_MUSEUM_URL --username $CHART_MUSEUM_USER --password $CHART_MUSEUM_PASSWORD
helm cm-push --force --version="$RELEASE_VERSION" chart/ chartmuseum
helm cm-push --force --version="$RELEASE_VERSION" charts/k3s/ chartmuseum
helm cm-push --force --version="$RELEASE_VERSION" charts/k0s/ chartmuseum
helm cm-push --force --version="$RELEASE_VERSION" charts/k8s/ chartmuseum
env:
CHART_MUSEUM_URL: "https://charts.loft.sh/"
CHART_MUSEUM_USER: ${{ secrets.CHART_MUSEUM_USER }}
Expand Down
14 changes: 5 additions & 9 deletions Dockerfile
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
# Build the manager binary
FROM golang:1.16 as builder
FROM golang:1.17 as builder

WORKDIR /vcluster
WORKDIR /vcluster-dev
ARG TARGETOS
ARG TARGETARCH

Expand Down Expand Up @@ -31,16 +31,12 @@ ENV DEBUG true
RUN mkdir -p /.cache /.config
ENV GOCACHE=/.cache
ENV GOENV=/.config
# Ensure the default group(0) owns all files and folders in /vcluster and /.cache
# to allow sync to /vcluster with devspace and allow go to write into build cache even when run as non-root
RUN chgrp -R 0 /vcluster /.cache /.config && \
chmod -R g=u /vcluster /.cache /.config

# Set home to "/" in order to for kubectl to automatically pick up vcluster kube config
ENV HOME /

# Build cmd
RUN CGO_ENABLED=0 GOOS=${TARGETOS} GOARCH=${TARGETARCH} GO111MODULE=on go build -mod vendor -o vcluster cmd/vcluster/main.go
RUN CGO_ENABLED=0 GOOS=${TARGETOS} GOARCH=${TARGETARCH} GO111MODULE=on go build -mod vendor -o /vcluster cmd/vcluster/main.go

ENTRYPOINT ["go", "run", "-mod", "vendor", "cmd/vcluster/main.go"]

Expand All @@ -50,7 +46,7 @@ FROM alpine
# Set root path as working directory
WORKDIR /

COPY --from=builder /vcluster/vcluster .
COPY --from=builder /vcluster .
COPY manifests/ /manifests/

ENTRYPOINT ["/vcluster"]
ENTRYPOINT ["/vcluster", "start"]
19 changes: 0 additions & 19 deletions chart/templates/secret.yaml

This file was deleted.

File renamed without changes.
15 changes: 15 additions & 0 deletions charts/k0s/Chart.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
apiVersion: v2
name: vcluster-k0s
description: vcluster - Virtual Kubernetes Clusters (k0s)

# A chart can be either an 'application' or a 'library' chart.
#
# Application charts are a collection of templates that can be packaged into versioned archives
# to be deployed.
#
# Library charts provide useful utilities or functions for the chart developer. They're included as
# a dependency of application charts to inject those utilities and functions into the rendering
# pipeline. Library charts do not define any templates and therefore cannot be deployed.
type: application

version: 0.0.1 # version is auto-generated by release pipeline
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
34 changes: 34 additions & 0 deletions charts/k0s/templates/secret.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,34 @@
apiVersion: v1
kind: Secret
metadata:
name: vc-{{ .Release.Name }}-config
namespace: {{ .Release.Namespace }}
labels:
app: vcluster
chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
release: "{{ .Release.Name }}"
heritage: "{{ .Release.Service }}"
type: Opaque
stringData:
{{- if .Values.config }}
config.yaml: {{ toJson .Values.config }}
{{- else }}
config.yaml: |-
apiVersion: k0s.k0sproject.io/v1beta1
kind: Cluster
metadata:
name: k0s
spec:
api:
port: 6443
k0sApiPort: 9443
extraArgs:
enable-admission-plugins: NodeRestriction
network:
# Will be replaced automatically from the vcluster cli
serviceCIDR: {{ .Values.serviceCIDR }}
provider: custom
controllerManager:
extraArgs:
controllers: '*,-nodeipam,-nodelifecycle,-persistentvolume-binder,-attachdetach,-persistentvolume-expander,-cloud-node-lifecycle'
{{- end }}
File renamed without changes.
File renamed without changes.
File renamed without changes.
Original file line number Diff line number Diff line change
Expand Up @@ -57,6 +57,9 @@ spec:
serviceAccountName: vc-{{ .Release.Name }}
{{- end }}
volumes:
- name: k0s-config
secret:
secretName: vc-{{ .Release.Name }}-config
{{- if .Values.volumes }}
{{ toYaml .Values.volumes | indent 8 }}
{{- end }}
Expand Down
153 changes: 153 additions & 0 deletions charts/k0s/values.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,153 @@
# Make sure the service-cidr is the exact service cidr of the host cluster.
# If this does not match, you won't be able to create services within the vcluster. You can find out
# the service cidr of the host cluster by creating a service with a not allowed ClusterIP in the host cluster.
# This will yield an error message in the form of:
# The Service "faulty-service" is invalid: spec.clusterIP: Invalid value: "1.1.1.1": provided IP is not in the valid range. The range of valid IPs is 10.96.0.0/12
serviceCIDR: "10.96.0.0/12"

# Syncer configuration
syncer:
# Image to use for the syncer
# image: loftsh/vcluster
extraArgs:
- --request-header-ca-cert=/data/k0s/pki/ca.crt
- --client-ca-cert=/data/k0s/pki/ca.crt
- --server-ca-cert=/data/k0s/pki/ca.crt
- --server-ca-key=/data/k0s/pki/ca.key
- --kube-config=/data/k0s/pki/admin.conf
env: []
livenessProbe:
enabled: true
readinessProbe:
enabled: true
volumeMounts:
- mountPath: /data
name: data
readOnly: true
resources:
limits:
memory: 1Gi
requests:
cpu: 100m
memory: 128Mi

# Virtual Cluster (k0s) configuration
vcluster:
# Image to use for the virtual cluster
image: k0sproject/k0s:v1.22.4-k0s.0
command:
- k0s
baseArgs:
- controller
- --config=/etc/k0s/config.yaml
- --data-dir=/data/k0s
- --disable-components=konnectivity-server,kube-scheduler,csr-approver,default-psp,kube-proxy,coredns,network-provider,helm,metrics-server,kubelet-config
# Extra arguments for k0s.
extraArgs: []
volumeMounts:
- mountPath: /data
name: data
- mountPath: /etc/k0s
name: k0s-config
env: []
resources:
limits:
memory: 2Gi
requests:
cpu: 200m
memory: 256Mi

# Storage settings for the vcluster
storage:
# If this is disabled, vcluster will use an emptyDir instead
# of a PersistentVolumeClaim
persistence: true
# Size of the persistent volume claim
size: 5Gi
# Optional StorageClass used for the pvc
# if empty default StorageClass defined in your host cluster will be used
#className:

# Extra volumes that should be created for the StatefulSet
volumes: []

# Service account that should be used by the vcluster
serviceAccount:
create: true
# Optional name of the service account to use
# name: default

# Roles & ClusterRoles for the vcluster
rbac:
clusterRole:
# Enable this to let the vcluster sync
# real nodes, storage classes and priority classes
create: false
role:
# This is required for basic functionality of vcluster
create: true

# The amount of replicas to run the statefulset with
replicas: 1

# NodeSelector used to schedule the vcluster
nodeSelector: {}

# Affinity to apply to the vcluster statefulset
affinity: {}

# Tolerations to apply to the vcluster statefulset
tolerations: []

# Extra Labels for the stateful set
labels: {}

# Extra Annotations for the stateful set
annotations: {}

# Service configurations
service:
type: ClusterIP

# Configure the ingress resource that allows you to access the vcluster
ingress:
# Enable ingress record generation
enabled: false
# Ingress path type
pathType: ImplementationSpecific
apiVersion: networking.k8s.io/v1
ingressClassName: ""
host: vcluster.local
annotations:
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/backend-protocol: HTTPS
nginx.ingress.kubernetes.io/ssl-passthrough: "true"
nginx.ingress.kubernetes.io/ssl-redirect: "true"

# Configure SecurityContext of the containers in the VCluster pod
securityContext:
allowPrivilegeEscalation: false
# capabilities:
# drop:
# - all
# readOnlyRootFilesystem will be set to true by default at a later release
# currently leaving it undefined for backwards compatibility with older vcluster cli versions
# readOnlyRootFilesystem: true

# To run vcluster pod as non-root uncomment runAsUser and runAsNonRoot values.
# Update the runAsUser value if your cluster has limitations on user UIDs.
# For installation on OpenShift leave the runAsUser undefined (commented out).
# runAsUser: 12345
# runAsNonRoot: true

# Custom k0s to deploy
#config: |-
# apiVersion: k0s.k0sproject.io/v1beta1
# ...

# Set "enable" to true when running vcluster in an OpenShift host
# This will add an extra rule to the deployed role binding in order
# to manage service endpoints
openshift:
enable: false

21 changes: 21 additions & 0 deletions charts/k3s/.helmignore
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*~
# Various IDEs
.project
.idea/
*.tmproj
File renamed without changes.
8 changes: 8 additions & 0 deletions charts/k3s/templates/NOTES.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
Thank you for installing {{ .Chart.Name }}.

Your release is named {{ .Release.Name }}.

To learn more about the release, try:

$ helm status {{ .Release.Name }}
$ helm get all {{ .Release.Name }}
59 changes: 59 additions & 0 deletions charts/k3s/templates/_helpers.tpl
Original file line number Diff line number Diff line change
@@ -0,0 +1,59 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Expand the name of the chart.
*/}}
{{- define "vcluster.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
{{- end -}}

{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "vcluster.fullname" -}}
{{- if .Values.fullnameOverride -}}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- $name := default .Chart.Name .Values.nameOverride -}}
{{- if contains $name .Release.Name -}}
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{- end -}}

{{- define "vcluster.clusterRoleName" -}}
{{- printf "vc-%s-v-%s" .Release.Name .Release.Namespace | trunc 63 | trimSuffix "-" -}}
{{- end -}}

{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "vcluster.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
{{- end -}}

{{/*
Common labels
*/}}
{{- define "vcluster.labels" -}}
app.kubernetes.io/name: {{ include "vcluster.name" . }}
helm.sh/chart: {{ include "vcluster.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- else }}
app.kubernetes.io/version: {{ .Chart.Version | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end -}}

{{/*
Get
*/}}
{{- $}}
{{- define "vcluster.admin.accessKey" -}}
{{- now | unixEpoch | toString | trunc 8 | sha256sum -}}
{{- end -}}
Loading

0 comments on commit 66d1728

Please sign in to comment.