From c719441332cae0ff21c1da803c72f61dbec36b45 Mon Sep 17 00:00:00 2001 From: Salah Al Saleh Date: Thu, 30 May 2024 12:17:22 -0700 Subject: [PATCH] Add support for HA KOTS (#47) * Add support for HA KOTS --- scripts/build-local.sh | 2 +- scripts/build-ttl.sh | 9 +-- templates/NOTES.txt | 35 ----------- templates/abandon-resources-hook.yaml | 1 + templates/kotsadm-clusterrole.yaml | 4 +- templates/kotsadm-clusterrolebinding.yaml | 4 +- ...atefulset.yaml => kotsadm-deployment.yaml} | 35 +++-------- templates/kotsadm-role.yaml | 4 +- templates/kotsadm-rolebinding.yaml | 4 +- templates/kotsadm-service.yaml | 4 +- templates/kurl-proxy-deployment.yaml | 4 +- templates/kurl-proxy-rbac.yaml | 4 +- templates/kurl-proxy-service.yaml | 4 +- templates/migrate-pvc-hook.yaml | 63 +++++++++++++++++++ templates/migrate-s3-hook.yaml | 47 +++++--------- templates/rqlite-services.yaml | 2 - templates/rqlite-statefulset.yaml | 41 +++++++----- templates/secret-rqlite.yaml | 21 +++---- templates/tests/test-connection.yaml | 15 ----- templates/uninstall-job.yaml | 2 - values.yaml.tmpl | 2 +- 21 files changed, 143 insertions(+), 164 deletions(-) delete mode 100644 templates/NOTES.txt rename templates/{kotsadm-statefulset.yaml => kotsadm-deployment.yaml} (89%) create mode 100644 templates/migrate-pvc-hook.yaml delete mode 100644 templates/tests/test-connection.yaml diff --git a/scripts/build-local.sh b/scripts/build-local.sh index 7d5438e..2f64180 100755 --- a/scripts/build-local.sh +++ b/scripts/build-local.sh @@ -2,7 +2,7 @@ set -e -export CURRENT_USER=`id -u -n` +export CURRENT_USER=${GITHUB_USER:-$(id -u -n)} export KOTS_VERSION=$1 export KOTS_TAG=v${KOTS_VERSION} export KOTSADM_REGISTRY=kotsadm # docker.io is implicit diff --git a/scripts/build-ttl.sh b/scripts/build-ttl.sh index e2f1bcd..3143bd8 100755 --- a/scripts/build-ttl.sh +++ b/scripts/build-ttl.sh @@ -2,11 +2,12 @@ set -e -GIT_COMMIT=$1 +export GIT_COMMIT=${1:-main} +export CURRENT_USER=${GITHUB_USER:-$(id -u -n)} export CHART_VERSION=0.0.0-${GIT_COMMIT} export KOTS_VERSION=24h export KOTS_TAG=24h -export KOTSADM_REGISTRY=ttl.sh/$USER +export KOTSADM_REGISTRY=ttl.sh/$CURRENT_USER curl -O -L https://raw.githubusercontent.com/replicatedhq/kots/${GIT_COMMIT}/.image.env export $(cat .image.env | sed 's/#.*//g' | xargs) @@ -15,7 +16,7 @@ envsubst < Chart.yaml.tmpl > Chart.yaml envsubst < values.yaml.tmpl > values.yaml rm -f admin-console-*.tgz -export CHART_NAME=`helm package . | rev | cut -d/ -f1 | rev` -helm push $CHART_NAME oci://ttl.sh/$USER +export CHART_NAME=$(helm package . | rev | cut -d/ -f1 | rev) +helm push $CHART_NAME oci://ttl.sh/$CURRENT_USER rm -f Chart.yaml values.yaml .image.env diff --git a/templates/NOTES.txt b/templates/NOTES.txt deleted file mode 100644 index 21a063e..0000000 --- a/templates/NOTES.txt +++ /dev/null @@ -1,35 +0,0 @@ -1. Get the application URL by running these commands: -{{- if .Values.ingress.enabled }} -{{- range $host := .Values.ingress.hosts }} - {{- range .paths }} - http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }} - {{- end }} -{{- end }} -{{- else if .Values.service.enabled }} -{{- if contains "NodePort" .Values.service.type }} - export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "admin-console.fullname" . }}) - Create an external IP for your NodePort service. This IP should be the public IP address of your instance. Add the IP under spec.externalIPs - kubectl edit svc admin-console --namespace {{ .Release.Namespace }} - Ensure your security group allows for inbound requests on $NODE_PORT - export EXTERNAL_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "admin-console.fullname" . }} -o jsonpath="{.spec.externalIPs[0]}") - echo http://$EXTERNAL_IP:$NODE_PORT -{{- else if contains "LoadBalancer" .Values.service.type }} - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "admin-console.fullname" . }}' - export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "admin-console.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") - echo http://$SERVICE_IP:{{ .Values.service.port }} -{{- else if contains "ClusterIP" .Values.service.type }} - export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "admin-console.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") - export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}") - echo "Visit http://127.0.0.1:8080 to use your application" - kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT -{{- end }} -{{- else if .Values.kurlProxy.enabled }} - export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "admin-console.fullname" . }}) - Create an external IP for your NodePort service. This IP should be the public IP address of your instance. Add the IP under spec.externalIPs - kubectl edit svc kurl-proxy-kotsadm --namespace {{ .Release.Namespace }} - Ensure your security group allows for inbound requests on $NODE_PORT - export EXTERNAL_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "admin-console.fullname" . }} -o jsonpath="{.spec.externalIPs[0]}") - echo http://$EXTERNAL_IP:$NODE_PORT -{{- end }} -The default password is `password` and it is recommended to change this immediately after initially logging in. diff --git a/templates/abandon-resources-hook.yaml b/templates/abandon-resources-hook.yaml index dc79feb..6b6390f 100644 --- a/templates/abandon-resources-hook.yaml +++ b/templates/abandon-resources-hook.yaml @@ -6,6 +6,7 @@ metadata: annotations: helm.sh/hook: pre-upgrade helm.sh/hook-weight: "2" + helm.sh/hook-delete-policy: hook-succeeded labels: {{- include "admin-console.labels" . | nindent 4 }} spec: diff --git a/templates/kotsadm-clusterrole.yaml b/templates/kotsadm-clusterrole.yaml index 5092db4..049c53a 100644 --- a/templates/kotsadm-clusterrole.yaml +++ b/templates/kotsadm-clusterrole.yaml @@ -1,4 +1,4 @@ -{{ if not .Values.minimalRBAC }} +{{- if not .Values.minimalRBAC }} apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: @@ -12,4 +12,4 @@ rules: - '*' verbs: - '*' -{{ end }} \ No newline at end of file +{{- end }} \ No newline at end of file diff --git a/templates/kotsadm-clusterrolebinding.yaml b/templates/kotsadm-clusterrolebinding.yaml index 7fa4dfb..42666c2 100644 --- a/templates/kotsadm-clusterrolebinding.yaml +++ b/templates/kotsadm-clusterrolebinding.yaml @@ -1,4 +1,4 @@ -{{ if not .Values.minimalRBAC }} +{{- if not .Values.minimalRBAC }} apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: @@ -13,4 +13,4 @@ subjects: - kind: ServiceAccount name: kotsadm namespace: {{ .Release.Namespace }} -{{ end }} \ No newline at end of file +{{- end }} \ No newline at end of file diff --git a/templates/kotsadm-statefulset.yaml b/templates/kotsadm-deployment.yaml similarity index 89% rename from templates/kotsadm-statefulset.yaml rename to templates/kotsadm-deployment.yaml index 97da8ff..8ef923f 100644 --- a/templates/kotsadm-statefulset.yaml +++ b/templates/kotsadm-deployment.yaml @@ -1,14 +1,14 @@ apiVersion: apps/v1 -kind: StatefulSet +kind: Deployment metadata: labels: {{- include "admin-console.labels" . | nindent 4 }} name: kotsadm spec: + replicas: 1 selector: matchLabels: app: kotsadm - serviceName: kotsadm template: metadata: annotations: @@ -54,7 +54,6 @@ spec: secretKeyRef: key: key name: kotsadm-session -{{- if not .Values.isHelmManaged }} - name: RQLITE_PASSWORD valueFrom: secretKeyRef: @@ -65,11 +64,12 @@ spec: secretKeyRef: key: uri name: kotsadm-rqlite -{{- end }} - name: POD_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace + - name: POD_OWNER_KIND + value: deployment - name: API_ENCRYPTION_KEY valueFrom: secretKeyRef: @@ -87,8 +87,6 @@ spec: - name: EMBEDDED_CLUSTER_VERSION value: {{ .Values.embeddedClusterVersion | quote }} {{- end }} - - name: IS_HELM_MANAGED - value: {{ .Values.isHelmManaged | quote }} - name: DISABLE_OUTBOUND_CONNECTIONS value: {{ .Values.isAirgap | quote }} image: {{ .Values.images.kotsadm }} @@ -113,13 +111,10 @@ spec: cpu: 100m memory: 100Mi volumeMounts: - - mountPath: /kotsadmdata - name: kotsadmdata - mountPath: /backup name: backup - mountPath: /tmp name: tmp -{{ if not .Values.isHelmManaged }} initContainers: - args: - plan @@ -174,7 +169,7 @@ spec: - mountPath: /migrations name: migrations - command: - - /restore.sh + - /restore-db.sh env: - name: RQLITE_PASSWORD valueFrom: @@ -183,7 +178,7 @@ spec: name: kotsadm-rqlite image: {{ .Values.images.kotsadm }} imagePullPolicy: IfNotPresent - name: restore-data + name: restore-db resources: limits: cpu: "1" @@ -192,36 +187,20 @@ spec: cpu: 100m memory: 100Mi volumeMounts: - - mountPath: /kotsadmdata - name: kotsadmdata - mountPath: /backup name: backup - mountPath: /tmp name: tmp -{{ end }} restartPolicy: Always securityContext: fsGroup: 1001 runAsUser: 1001 serviceAccountName: kotsadm volumes: - - persistentVolumeClaim: - claimName: kotsadmdata - name: kotsadmdata - emptyDir: medium: Memory name: migrations - emptyDir: {} name: backup - emptyDir: {} - name: tmp - volumeClaimTemplates: - - metadata: - name: kotsadmdata - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 4Gi - + name: tmp \ No newline at end of file diff --git a/templates/kotsadm-role.yaml b/templates/kotsadm-role.yaml index cf926d3..96c1f1b 100644 --- a/templates/kotsadm-role.yaml +++ b/templates/kotsadm-role.yaml @@ -1,4 +1,4 @@ -{{ if .Values.minimalRBAC }} +{{- if .Values.minimalRBAC }} apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: @@ -12,4 +12,4 @@ rules: - '*' verbs: - '*' -{{ end }} \ No newline at end of file +{{- end }} \ No newline at end of file diff --git a/templates/kotsadm-rolebinding.yaml b/templates/kotsadm-rolebinding.yaml index 47ede2a..9954bde 100644 --- a/templates/kotsadm-rolebinding.yaml +++ b/templates/kotsadm-rolebinding.yaml @@ -1,4 +1,4 @@ -{{ if .Values.minimalRBAC }} +{{- if .Values.minimalRBAC }} apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: @@ -13,4 +13,4 @@ subjects: - kind: ServiceAccount name: kotsadm namespace: {{ .Release.Namespace }} -{{ end }} \ No newline at end of file +{{- end }} \ No newline at end of file diff --git a/templates/kotsadm-service.yaml b/templates/kotsadm-service.yaml index cb0b996..c8e1ac8 100644 --- a/templates/kotsadm-service.yaml +++ b/templates/kotsadm-service.yaml @@ -1,4 +1,4 @@ -{{ if .Values.service.enabled }} +{{- if .Values.service.enabled }} apiVersion: v1 kind: Service metadata: @@ -18,4 +18,4 @@ spec: type: {{ .Values.service.type }} status: loadBalancer: {} -{{ end }} +{{- end }} diff --git a/templates/kurl-proxy-deployment.yaml b/templates/kurl-proxy-deployment.yaml index d0a754b..363e973 100644 --- a/templates/kurl-proxy-deployment.yaml +++ b/templates/kurl-proxy-deployment.yaml @@ -1,4 +1,4 @@ -{{ if .Values.kurlProxy.enabled }} +{{- if .Values.kurlProxy.enabled }} apiVersion: apps/v1 kind: Deployment metadata: @@ -51,4 +51,4 @@ spec: configMap: name: kotsadm-application-metadata optional: true -{{ end }} +{{- end }} diff --git a/templates/kurl-proxy-rbac.yaml b/templates/kurl-proxy-rbac.yaml index 4bd9f25..af8b167 100644 --- a/templates/kurl-proxy-rbac.yaml +++ b/templates/kurl-proxy-rbac.yaml @@ -1,4 +1,4 @@ -{{ if .Values.kurlProxy.enabled }} +{{- if .Values.kurlProxy.enabled }} apiVersion: v1 kind: ServiceAccount metadata: @@ -34,4 +34,4 @@ subjects: - kind: ServiceAccount name: kurl-proxy namespace: {{ .Release.Namespace }} -{{ end }} +{{- end }} diff --git a/templates/kurl-proxy-service.yaml b/templates/kurl-proxy-service.yaml index 73b49d0..1aaf9a3 100644 --- a/templates/kurl-proxy-service.yaml +++ b/templates/kurl-proxy-service.yaml @@ -1,4 +1,4 @@ -{{ if .Values.kurlProxy.enabled }} +{{- if .Values.kurlProxy.enabled }} apiVersion: v1 kind: Service metadata: @@ -16,4 +16,4 @@ spec: {{- if .Values.kurlProxy.nodePort }} nodePort: {{ .Values.kurlProxy.nodePort }} {{- end}} -{{ end }} +{{- end }} diff --git a/templates/migrate-pvc-hook.yaml b/templates/migrate-pvc-hook.yaml new file mode 100644 index 0000000..8084de6 --- /dev/null +++ b/templates/migrate-pvc-hook.yaml @@ -0,0 +1,63 @@ +{{- $kotsadmSts := lookup "apps/v1" "StatefulSet" .Release.Namespace "kotsadm" }} +{{- if $kotsadmSts }} +# if kotsadm statefulset exists, we need to migrate the data to rqlite +apiVersion: batch/v1 +kind: Job +metadata: + name: kotsadm-migrate-pvc-to-rqlite + annotations: + helm.sh/hook: pre-upgrade + helm.sh/hook-weight: "1" + labels: + {{- include "admin-console.labels" . | nindent 4 }} +spec: + template: + metadata: + labels: + {{- include "admin-console.labels" . | nindent 8 }} + spec: + initContainers: + - command: + - /bin/sh + - -c + - | + kubectl scale sts/kotsadm -n {{ .Release.Namespace }} --replicas=0 + kubectl wait --for=delete pod --selector=app=kotsadm -n {{ .Release.Namespace }} --timeout=300s + image: {{ .Values.images.kotsadm }} + imagePullPolicy: IfNotPresent + name: scale-down-kotsadm + resources: + requests: + cpu: 100m + memory: 100Mi + containers: + - command: + - /kotsadm + - migrate + - pvc-to-rqlite + env: + - name: RQLITE_URI + valueFrom: + secretKeyRef: + key: uri + name: kotsadm-rqlite + image: {{ .Values.images.kotsadm }} + imagePullPolicy: IfNotPresent + name: migrate-pvc-to-rqlite + resources: + limits: + cpu: "1" + memory: 2Gi + requests: + cpu: 100m + memory: 100Mi + volumeMounts: + - mountPath: /kotsadmdata + name: kotsadmdata + restartPolicy: OnFailure + serviceAccountName: kotsadm + volumes: + - persistentVolumeClaim: + claimName: kotsadmdata-kotsadm-0 + name: kotsadmdata +{{- end }} diff --git a/templates/migrate-s3-hook.yaml b/templates/migrate-s3-hook.yaml index 8fb3cc4..e9be96e 100644 --- a/templates/migrate-s3-hook.yaml +++ b/templates/migrate-s3-hook.yaml @@ -1,11 +1,10 @@ - -{{ $kotsminio := lookup "apps/v1" "StatefulSet" .Release.Namespace "kotsadm-minio" }} -{{ if $kotsminio }} -# if minio exists, we need to migrate the data to a PVC +{{- $kotsadmMinio := lookup "apps/v1" "StatefulSet" .Release.Namespace "kotsadm-minio" }} +{{- if $kotsadmMinio }} +# if minio exists, we need to migrate the data to rqlite apiVersion: batch/v1 kind: Job metadata: - name: kotsadm-migrate-s3 + name: kotsadm-migrate-s3-to-rqlite annotations: helm.sh/hook: pre-upgrade helm.sh/hook-weight: "1" @@ -23,7 +22,7 @@ spec: - -c - | kubectl scale deploy/kotsadm -n {{ .Release.Namespace }} --replicas=0 - kubectl wait --for delete pod --selector=app=kotsadm -n {{ .Release.Namespace }} --timeout=300s + kubectl wait --for=delete pod --selector=app=kotsadm -n {{ .Release.Namespace }} --timeout=300s image: {{ .Values.images.kotsadm }} imagePullPolicy: IfNotPresent name: scale-down-kotsadm @@ -33,7 +32,9 @@ spec: memory: 100Mi containers: - command: - - /migrate-s3.sh + - /kotsadm + - migrate + - s3-to-rqlite env: - name: S3_ENDPOINT value: http://kotsadm-minio:9000 @@ -51,9 +52,14 @@ spec: name: kotsadm-minio - name: S3_BUCKET_ENDPOINT value: "true" + - name: RQLITE_URI + valueFrom: + secretKeyRef: + key: uri + name: kotsadm-rqlite image: {{ .Values.images.kotsadm }} imagePullPolicy: IfNotPresent - name: migrate-s3 + name: migrate-s3-to-rqlite resources: limits: cpu: "1" @@ -61,29 +67,6 @@ spec: requests: cpu: 100m memory: 100Mi - volumeMounts: - - mountPath: /kotsadmdata - name: kotsadmdata restartPolicy: OnFailure serviceAccountName: kotsadm - volumes: - - persistentVolumeClaim: - claimName: kotsadmdata-kotsadm-0 - name: kotsadmdata ---- -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: kotsadmdata-kotsadm-0 - annotations: - helm.sh/hook: pre-upgrade - helm.sh/hook-weight: "0" - labels: - {{- include "admin-console.immutableLabels" . | nindent 4 }} -spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 4Gi -{{ end }} +{{- end }} diff --git a/templates/rqlite-services.yaml b/templates/rqlite-services.yaml index 72a0c5d..b04bfc3 100644 --- a/templates/rqlite-services.yaml +++ b/templates/rqlite-services.yaml @@ -1,4 +1,3 @@ -{{ if not .Values.isHelmManaged }} apiVersion: v1 kind: Service metadata: @@ -31,4 +30,3 @@ spec: - protocol: TCP port: 4001 targetPort: rqlite -{{ end }} diff --git a/templates/rqlite-statefulset.yaml b/templates/rqlite-statefulset.yaml index fde3875..3dfb419 100644 --- a/templates/rqlite-statefulset.yaml +++ b/templates/rqlite-statefulset.yaml @@ -1,4 +1,8 @@ -{{ if not .Values.isHelmManaged }} +{{- $pvcSize := "5Gi" }} +{{- $rqliteSts := lookup "apps/v1" "StatefulSet" .Release.Namespace "kotsadm-rqlite" }} +{{- if $rqliteSts }} +{{- $pvcSize = (index $rqliteSts.spec.volumeClaimTemplates 0).spec.resources.requests.storage }} +{{- end }} apiVersion: apps/v1 kind: StatefulSet metadata: @@ -6,7 +10,7 @@ metadata: labels: {{- include "admin-console.labels" . | nindent 4 }} spec: - replicas: 1 + replicas: {{ .Values.isHA | ternary 3 1 }} serviceName: kotsadm-rqlite-headless podManagementPolicy: "Parallel" selector: @@ -22,7 +26,7 @@ spec: - "ReadWriteOnce" resources: requests: - storage: 1Gi + storage: {{ $pvcSize }} template: metadata: labels: @@ -49,15 +53,24 @@ spec: values: - kotsadm-rqlite topologyKey: "kubernetes.io/hostname" + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: node-role.kubernetes.io/control-plane + operator: Exists containers: - image: {{ .Values.images.rqlite }} name: rqlite args: - -disco-mode=dns - -disco-config={"name":"kotsadm-rqlite-headless"} - - -bootstrap-expect=1 + - -bootstrap-expect={{ .Values.isHA | ternary 3 1 }} - -auth=/auth/config.json - -join-as=kotsadm + env: + - name: GOGC + value: "10" ports: - name: rqlite containerPort: 4001 @@ -72,24 +85,24 @@ spec: livenessProbe: httpGet: scheme: HTTP - path: /readyz + path: /readyz?noleader port: rqlite - initialDelaySeconds: 30 + initialDelaySeconds: 10 timeoutSeconds: 5 - failureThreshold: 3 + periodSeconds: 30 + failureThreshold: 10 readinessProbe: httpGet: scheme: HTTP path: /readyz port: rqlite - initialDelaySeconds: 1 - timeoutSeconds: 1 - periodSeconds: 1 + initialDelaySeconds: 10 + timeoutSeconds: 5 + periodSeconds: 5 resources: limits: - cpu: 200m - memory: 1Gi + cpu: "1" + memory: 2Gi requests: cpu: 100m - memory: 100Mi -{{ end }} + memory: 256Mi diff --git a/templates/secret-rqlite.yaml b/templates/secret-rqlite.yaml index 3549e51..0fb499f 100644 --- a/templates/secret-rqlite.yaml +++ b/templates/secret-rqlite.yaml @@ -1,16 +1,10 @@ -{{ if not .Values.isHelmManaged }} {{- $rqlitePassword := uuidv4 }} -{{- $rqliteUri := printf "http://kotsadm:%s@kotsadm-rqlite:4001?level=strong&timeout=10" $rqlitePassword }} -{{- $rqliteAuthConfig := printf "[{\"username\": \"kotsadm\", \"password\": \"%s\", \"perms\": [\"all\"]}, {\"username\": \"*\", \"perms\": [\"status\", \"ready\"]}]" $rqlitePassword }} -{{- $rqlitePasswordb64 := $rqlitePassword | b64enc | quote }} -{{- $rqliteUrib64 := $rqliteUri | b64enc | quote }} -{{- $rqliteAuthConfigb64 := $rqliteAuthConfig | b64enc | quote }} {{- $secret := (lookup "v1" "Secret" .Release.Namespace "kotsadm-rqlite") }} {{- if $secret }} -{{- $rqlitePasswordb64 = index $secret.data "password" }} -{{- $rqliteUrib64 = index $secret.data "uri" }} -{{- $rqliteAuthConfigb64 = index $secret.data "authconfig.json" }} +{{- $rqlitePassword = index $secret.data "password" | b64dec }} {{- end -}} +{{- $rqliteUri := printf "http://kotsadm:%s@kotsadm-rqlite:4001?timeout=120&disableClusterDiscovery=true" $rqlitePassword }} +{{- $rqliteAuthConfig := printf `[{"username": "kotsadm", "password": "%s", "perms": ["all"]}, {"username": "*", "perms": ["status", "ready"]}]` $rqlitePassword }} apiVersion: v1 kind: Secret metadata: @@ -19,8 +13,7 @@ metadata: {{- include "admin-console.labels" . | nindent 4 }} annotations: "helm.sh/resource-policy": "keep" -data: - uri: {{ $rqliteUrib64 }} - password: {{ $rqlitePasswordb64 }} - authconfig.json: {{ $rqliteAuthConfigb64 }} -{{ end }} +stringData: + uri: {{ $rqliteUri | quote }} + password: {{ $rqlitePassword | quote }} + authconfig.json: {{ $rqliteAuthConfig | quote }} diff --git a/templates/tests/test-connection.yaml b/templates/tests/test-connection.yaml deleted file mode 100644 index 5f5206f..0000000 --- a/templates/tests/test-connection.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: v1 -kind: Pod -metadata: - name: "{{ include "admin-console.fullname" . }}-test-connection" - labels: - {{- include "admin-console.labels" . | nindent 4 }} - annotations: - "helm.sh/hook": test -spec: - containers: - - name: wget - image: busybox - command: ['wget'] - args: ['kotsadm-nodeport:{{ .Values.service.port }}'] - restartPolicy: Never diff --git a/templates/uninstall-job.yaml b/templates/uninstall-job.yaml index 4d9d40a..2c4b8d2 100644 --- a/templates/uninstall-job.yaml +++ b/templates/uninstall-job.yaml @@ -1,4 +1,3 @@ -{{ if .Values.isHelmManaged }} apiVersion: batch/v1 kind: Job metadata: @@ -37,4 +36,3 @@ spec: - "/bin/sh" - "-ec" - "kubectl -n $NAMESPACE delete secrets -l kots.io/kotsadm=true" -{{ end }} \ No newline at end of file diff --git a/values.yaml.tmpl b/values.yaml.tmpl index aee47da..7f50808 100644 --- a/values.yaml.tmpl +++ b/values.yaml.tmpl @@ -10,10 +10,10 @@ images: password: "" passwordSecretRef: {} minimalRBAC: true -isHelmManaged: true embeddedClusterID: "" embeddedClusterVersion: "" isAirgap: false +isHA: false imagePullSecrets: [] nameOverride: ""