Skip to content

Commit

Permalink
Improve installer (#212)
Browse files Browse the repository at this point in the history
  • Loading branch information
tamalsaha authored Apr 30, 2018
1 parent a9e220c commit ba6c53f
Show file tree
Hide file tree
Showing 13 changed files with 461 additions and 155 deletions.
44 changes: 23 additions & 21 deletions chart/kubedb/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,7 @@ To install the chart with the release name `my-release`:
```console
$ helm install appscode/kubedb --name my-release
```

The command deploys KubeDB operator on the Kubernetes cluster in the default configuration. The [configuration](#configuration) section lists the parameters that can be configured during installation.

> **Tip**: List all releases using `helm list`
Expand All @@ -39,26 +40,27 @@ The command removes all the Kubernetes components associated with the chart and

## Configuration

The following tables lists the configurable parameters of the KubeDB chart and their default values.


| Parameter | Description | Default |
| -----------------------------------| ------------------------------------------------------------------ | ------------------ |
| `replicaCount` | Number of kubedb operator replicas to create (only 1 is supported) | `1` |
| `dockerRegistry` | Docker registry used to pull KubeDB related images | `kubedb` |
| `imageTags.operator` | Tag of KubeDB operator image | `0.8.0-beta.2` |
| `imageTags.exporter` | Tag of KubeDB operator image | `0.8.0-beta.2` |
| `imageTags.apiserver` | Tag of KubeDB server image | `0.1.0-beta.2` |
| `imagePullSecrets` | Specify image pull secrets | `nil` (does not add image pull secrets to deployed pods) |
| `imagePullPolicy` | Image pull policy | `IfNotPresent` |
| `criticalAddon` | If true, installs KubeDB operator as critical addon | `false` |
| `rbac.create` | If `true`, create and use RBAC resources | `true` |
| `serviceAccount.create` | If `true`, create a new service account | `true` |
| `serviceAccount.name` | Service account to be used. If not set and `serviceAccount.create` is `true`, a name is generated using the fullname template | `` |
| `apiserver.groupPriorityMinimum` | The minimum priority the group should have. | 10000 |
| `apiserver.versionPriority` | The ordering of this API inside of the group. | 15 |
| `apiserver.enableAdmissionWebhook` | Configure apiserver as admission webhooks for KubeDB CRDs | false |
| `apiserver.ca` | CA certificate used by main Kubernetes api server | `` |
The following table lists the configurable parameters of the KubeDB chart and their default values.


| Parameter | Description | Default |
| ----------------------------------- | ------------------------------------------------------------------ | ------------------ |
| `replicaCount` | Number of kubedb operator replicas to create (only 1 is supported) | `1` |
| `kubedb.registry` | Docker registry used to pull Kubedb operator image | `kubedb` |
| `kubedb.repository` | Kubedb operator container image | `operator` |
| `kubedb.tag` | Kubedb operator container image tag | `0.8.0-beta.2` |
| `imagePullSecrets` | Specify image pull secrets | `nil` (does not add image pull secrets to deployed pods) |
| `imagePullPolicy` | Image pull policy | `IfNotPresent` |
| `criticalAddon` | If true, installs KubeDB operator as critical addon | `false` |
| `rbac.create` | If `true`, create and use RBAC resources | `true` |
| `serviceAccount.create` | If `true`, create a new service account | `true` |
| `serviceAccount.name` | Service account to be used. If not set and `serviceAccount.create` is `true`, a name is generated using the fullname template | `` |
| `apiserver.groupPriorityMinimum` | The minimum priority the group should have. | 10000 |
| `apiserver.versionPriority` | The ordering of this API inside of the group. | 15 |
| `apiserver.enableValidatingWebhook` | Enable validating webhooks for KubeDB CRDs | false |
| `apiserver.enableMutatingWebhook` | Enable mutating webhooks for KubeDB CRDs | false |
| `apiserver.ca` | CA certificate used by main Kubernetes api server | `` |
| `enableAnalytics` | Send usage events to Google Analytics | `true` |


Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example:
Expand All @@ -79,7 +81,7 @@ By default the chart will not install the recommended RBAC roles and rolebinding

You need to have the flag `--authorization-mode=RBAC` on the api server. See the following document for how to enable [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/).

To determine if your cluster supports RBAC, run the the following command:
To determine if your cluster supports RBAC, run the following command:

```console
$ kubectl api-versions | grep rbac
Expand Down
24 changes: 22 additions & 2 deletions chart/kubedb/templates/apiregistration.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -6,14 +6,33 @@
apiVersion: apiregistration.k8s.io/v1beta1
kind: APIService
metadata:
name: v1alpha1.admission.kubedb.com
name: v1alpha1.validators.kubedb.com
labels:
chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
app: "{{ template "kubedb.name" . }}"
heritage: "{{ .Release.Service }}"
release: "{{ .Release.Name }}"
spec:
group: admission.kubedb.com
group: validators.kubedb.com
version: v1alpha1
service:
namespace: {{ .Release.Namespace }}
name: {{ template "kubedb.fullname" . }}
caBundle: {{ b64enc $ca.Cert }}
groupPriorityMinimum: {{ .Values.apiserver.groupPriorityMinimum }}
versionPriority: {{ .Values.apiserver.versionPriority }}
---
apiVersion: apiregistration.k8s.io/v1beta1
kind: APIService
metadata:
name: v1alpha1.mutators.kubedb.com
labels:
chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
app: "{{ template "kubedb.name" . }}"
heritage: "{{ .Release.Service }}"
release: "{{ .Release.Name }}"
spec:
group: mutators.kubedb.com
version: v1alpha1
service:
namespace: {{ .Release.Namespace }}
Expand All @@ -26,6 +45,7 @@ apiVersion: v1
kind: Secret
metadata:
name: {{ template "kubedb.fullname" . }}-apiserver-cert
namespace: {{ .Release.Namespace }}
labels:
chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
app: "{{ template "kubedb.name" . }}"
Expand Down
24 changes: 9 additions & 15 deletions chart/kubedb/templates/deployment.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -2,13 +2,12 @@ apiVersion: apps/v1beta1
kind: Deployment
metadata:
name: {{ template "kubedb.fullname" . }}
namespace: {{ .Release.Namespace }}
labels:
chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
app: "{{ template "kubedb.name" . }}"
heritage: "{{ .Release.Service }}"
release: "{{ .Release.Name }}"
initializers:
pending: []
spec:
replicas: {{ .Values.replicaCount }}
selector:
Expand All @@ -32,31 +31,26 @@ spec:
{{- end }}
containers:
- name: operator
image: {{ .Values.dockerRegistry }}/operator:{{ .Values.imageTags.operator }}
image: {{ .Values.kubedb.registry }}/{{ .Values.kubedb.repository }}:{{ .Values.kubedb.tag }}
imagePullPolicy: {{ .Values.imagePullPolicy }}
args:
- run
- --v=3
- --docker-registry={{ .Values.dockerRegistry }}
- --exporter-tag={{ .Values.imageTags.exporter }}
- --docker-registry={{ .Values.kubedb.registry }}
- --exporter-tag={{ .Values.kubedb.tag }}
- --governing-service=kubedb
- --rbac={{ .Values.rbac.create }}
- --secure-port=8443
- --audit-log-path=-
- --tls-cert-file=/var/serving-cert/tls.crt
- --tls-private-key-file=/var/serving-cert/tls.key
- --enable-analytics={{ .Values.enableAnalytics }}
env:
- name: OPERATOR_NAMESPACE
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- name: server
image: {{ .Values.dockerRegistry }}/kubedb-server:{{ .Values.imageTags.apiserver }}
imagePullPolicy: {{ .Values.imagePullPolicy }}
args:
- run
- --v=3
- --secure-port=8443
- --audit-log-path=-
- --tls-cert-file=/var/serving-cert/tls.crt
- --tls-private-key-file=/var/serving-cert/tls.key
ports:
- containerPort: 8443
volumeMounts:
Expand Down
103 changes: 103 additions & 0 deletions chart/kubedb/templates/mutating-webhook.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,103 @@
{{- if .Values.apiserver.enableMutatingWebhook }}
apiVersion: admissionregistration.k8s.io/v1beta1
kind: MutatingWebhookConfiguration
metadata:
name: mutators.kubedb.com
labels:
chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
app: "{{ template "kubedb.name" . }}"
heritage: "{{ .Release.Service }}"
release: "{{ .Release.Name }}"
webhooks:
- name: elasticsearch.mutators.kubedb.com
clientConfig:
service:
namespace: default
name: kubernetes
path: /apis/mutators.kubedb.com/v1alpha1/elasticsearchs
caBundle: {{ b64enc .Values.apiserver.ca }}
rules:
- apiGroups: ["kubedb.com"]
apiVersions: ["*"]
resources: ["elasticsearches"]
operations: ["CREATE", "UPDATE", "DELETE"]
failurePolicy: Fail
- name: postgres.mutators.kubedb.com
clientConfig:
service:
namespace: default
name: kubernetes
path: /apis/mutators.kubedb.com/v1alpha1/postgress
caBundle: {{ b64enc .Values.apiserver.ca }}
rules:
- apiGroups: ["kubedb.com"]
apiVersions: ["*"]
resources: ["postgreses"]
operations: ["CREATE", "UPDATE", "DELETE"]
failurePolicy: Fail
- name: mysql.mutators.kubedb.com
clientConfig:
service:
namespace: default
name: kubernetes
path: /apis/mutators.kubedb.com/v1alpha1/mysqls
caBundle: {{ b64enc .Values.apiserver.ca }}
rules:
- apiGroups: ["kubedb.com"]
apiVersions: ["*"]
resources: ["mysqls"]
operations: ["CREATE", "UPDATE", "DELETE"]
failurePolicy: Fail
- name: mongodb.mutators.kubedb.com
clientConfig:
service:
namespace: default
name: kubernetes
path: /apis/mutators.kubedb.com/v1alpha1/mongodbs
caBundle: {{ b64enc .Values.apiserver.ca }}
rules:
- apiGroups: ["kubedb.com"]
apiVersions: ["*"]
resources: ["mongodbs"]
operations: ["CREATE", "UPDATE", "DELETE"]
failurePolicy: Fail
- name: redis.mutators.kubedb.com
clientConfig:
service:
namespace: default
name: kubernetes
path: /apis/mutators.kubedb.com/v1alpha1/rediss
caBundle: {{ b64enc .Values.apiserver.ca }}
rules:
- apiGroups: ["kubedb.com"]
apiVersions: ["*"]
resources: ["redises"]
operations: ["CREATE", "UPDATE", "DELETE"]
failurePolicy: Fail
- name: memcached.mutators.kubedb.com
clientConfig:
service:
namespace: default
name: kubernetes
path: /apis/mutators.kubedb.com/v1alpha1/memcacheds
caBundle: {{ b64enc .Values.apiserver.ca }}
rules:
- apiGroups: ["kubedb.com"]
apiVersions: ["*"]
resources: ["memcacheds"]
operations: ["CREATE", "UPDATE", "DELETE"]
failurePolicy: Fail
- name: snapshot.mutators.kubedb.com
clientConfig:
service:
namespace: default
name: kubernetes
path: /apis/mutators.kubedb.com/v1alpha1/snapshots
caBundle: {{ b64enc .Values.apiserver.ca }}
rules:
- apiGroups: ["kubedb.com"]
apiVersions: ["*"]
resources: ["snapshots"]
operations: ["CREATE", "UPDATE"]
failurePolicy: Fail
{{ end }}
1 change: 1 addition & 0 deletions chart/kubedb/templates/service-account.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@ apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ template "kubedb.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
labels:
chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
app: "{{ template "kubedb.name" . }}"
Expand Down
1 change: 1 addition & 0 deletions chart/kubedb/templates/service.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@ apiVersion: v1
kind: Service
metadata:
name: {{ template "kubedb.fullname" . }}
namespace: {{ .Release.Namespace }}
labels:
app: "{{ template "kubedb.name" . }}"
chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
Expand Down
Original file line number Diff line number Diff line change
@@ -1,98 +1,98 @@
{{- if .Values.apiserver.enableAdmissionWebhook }}
{{- if .Values.apiserver.enableValidatingWebhook }}
apiVersion: admissionregistration.k8s.io/v1beta1
kind: ValidatingWebhookConfiguration
metadata:
name: admission.kubedb.com
name: validators.kubedb.com
labels:
chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
app: "{{ template "kubedb.name" . }}"
heritage: "{{ .Release.Service }}"
release: "{{ .Release.Name }}"
webhooks:
- name: elasticsearch.admission.kubedb.com
- name: elasticsearch.validators.kubedb.com
clientConfig:
service:
namespace: default
name: kubernetes
path: /apis/admission.kubedb.com/v1alpha1/elasticsearchreviews
path: /apis/validators.kubedb.com/v1alpha1/elasticsearchs
caBundle: {{ b64enc .Values.apiserver.ca }}
rules:
- apiGroups: ["kubedb.com"]
apiVersions: ["*"]
resources: ["elasticsearches"]
operations: ["CREATE", "UPDATE", "DELETE"]
failurePolicy: Fail
- name: postgres.admission.kubedb.com
- name: postgres.validators.kubedb.com
clientConfig:
service:
namespace: default
name: kubernetes
path: /apis/admission.kubedb.com/v1alpha1/postgresreviews
path: /apis/validators.kubedb.com/v1alpha1/postgress
caBundle: {{ b64enc .Values.apiserver.ca }}
rules:
- apiGroups: ["kubedb.com"]
apiVersions: ["*"]
resources: ["postgreses"]
operations: ["CREATE", "UPDATE", "DELETE"]
failurePolicy: Fail
- name: mysql.admission.kubedb.com
- name: mysql.validators.kubedb.com
clientConfig:
service:
namespace: default
name: kubernetes
path: /apis/admission.kubedb.com/v1alpha1/mysqlreviews
path: /apis/validators.kubedb.com/v1alpha1/mysqls
caBundle: {{ b64enc .Values.apiserver.ca }}
rules:
- apiGroups: ["kubedb.com"]
apiVersions: ["*"]
resources: ["mysqls"]
operations: ["CREATE", "UPDATE", "DELETE"]
failurePolicy: Fail
- name: mongodb.admission.kubedb.com
- name: mongodb.validators.kubedb.com
clientConfig:
service:
namespace: default
name: kubernetes
path: /apis/admission.kubedb.com/v1alpha1/mongodbreviews
path: /apis/validators.kubedb.com/v1alpha1/mongodbs
caBundle: {{ b64enc .Values.apiserver.ca }}
rules:
- apiGroups: ["kubedb.com"]
apiVersions: ["*"]
resources: ["mongodbs"]
operations: ["CREATE", "UPDATE", "DELETE"]
failurePolicy: Fail
- name: redis.admission.kubedb.com
- name: redis.validators.kubedb.com
clientConfig:
service:
namespace: default
name: kubernetes
path: /apis/admission.kubedb.com/v1alpha1/redisreviews
path: /apis/validators.kubedb.com/v1alpha1/rediss
caBundle: {{ b64enc .Values.apiserver.ca }}
rules:
- apiGroups: ["kubedb.com"]
apiVersions: ["*"]
resources: ["redises"]
operations: ["CREATE", "UPDATE", "DELETE"]
failurePolicy: Fail
- name: memcached.admission.kubedb.com
- name: memcached.validators.kubedb.com
clientConfig:
service:
namespace: default
name: kubernetes
path: /apis/admission.kubedb.com/v1alpha1/memcachedreviews
path: /apis/validators.kubedb.com/v1alpha1/memcacheds
caBundle: {{ b64enc .Values.apiserver.ca }}
rules:
- apiGroups: ["kubedb.com"]
apiVersions: ["*"]
resources: ["memcacheds"]
operations: ["CREATE", "UPDATE", "DELETE"]
failurePolicy: Fail
- name: snapshot.admission.kubedb.com
- name: snapshot.validators.kubedb.com
clientConfig:
service:
namespace: default
name: kubernetes
path: /apis/admission.kubedb.com/v1alpha1/snapshotreviews
path: /apis/validators.kubedb.com/v1alpha1/snapshots
caBundle: {{ b64enc .Values.apiserver.ca }}
rules:
- apiGroups: ["kubedb.com"]
Expand Down
Loading

0 comments on commit ba6c53f

Please sign in to comment.