Add installer script (#165)

* Add installer script
* stash -> kubedb
* Rename files/folder stash -> kubedb
* fix apigroup
* Match init command's output
* Fix port
* Update chart
* Delete init command
* Update setup docs

chart/stable/kubedb/.helmignore

@@ -0,0 +1,21 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj

chart/stable/kubedb/Chart.yaml

@@ -0,0 +1,12 @@
+apiVersion: v1
+description: 'KubeDB by AppsCode - Making running production-grade databases easy on Kubernetes'
+name: kubedb
+version: 0.1.0
+appVersion: 0.8.0
+home: https://github.com/kubedb/cli
+icon: https://cdn.appscode.com/images/icon/kubedb.png
+sources:
+  - https://github.com/kubedb/cli
+maintainers:
+  - name: appscode
+    email: kubedb@googlegroups.com

chart/stable/kubedb/README.md

@@ -0,0 +1,93 @@
+# KubeDB
+[KubeDB by AppsCode](https://github.com/kubedb/cli) - Making running production-grade databases easy on Kubernetes
+
+## TL;DR;
+
+```console
+$ helm install stable/kubedb
+```
+
+## Introduction
+
+This chart bootstraps a [KubeDB controller](https://github.com/kubedb/cli) deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
+
+## Prerequisites
+
+- Kubernetes 1.8+
+
+## Installing the Chart
+To install the chart with the release name `my-release`:
+
+```console
+$ helm install stable/kubedb --name my-release
+```
+The command deploys KubeDB operator on the Kubernetes cluster in the default configuration. The [configuration](#configuration) section lists the parameters that can be configured during installation.
+
+> **Tip**: List all releases using `helm list`
+
+## Uninstalling the Chart
+
+To uninstall/delete the `my-release`:
+
+```console
+$ helm delete my-release
+```
+
+The command removes all the Kubernetes components associated with the chart and deletes the release.
+
+## Configuration
+
+The following tables lists the configurable parameters of the KubeDB chart and their default values.
+
+
+| Parameter                          | Description                                                        | Default            |
+| -----------------------------------| ------------------------------------------------------------------ | ------------------ |
+| `replicaCount`                     | Number of kubedb operator replicas to create (only 1 is supported) | `1`                |
+| `dockerRegistry`                   | Docker registry used to pull KubeDB related images                 | `kubedb`           |
+| `imageTags.operator`               | Tag of KubeDB operator image                                       | `0.8.0-alpha.0`    |
+| `imageTags.exporter`               | Tag of KubeDB operator image                                       | `0.8.0-alpha.0`    |
+| `imageTags.apiserver`              | Tag of HAProxy container image                                     | `0.1.0-alpha.0`    |
+| `imagePullSecrets`                 | Specify image pull secrets                                         | `nil` (does not add image pull secrets to deployed pods) |
+| `imagePullPolicy`                  | Image pull policy                                                  | `IfNotPresent`     |
+| `criticalAddon`                    | If true, installs KubeDB operator as critical addon                | `false`            |
+| `rbac.create`                      | install required rbac service account, roles and rolebindings      | `false`            |
+| `rbac.serviceAccountName`          | ServiceAccount KubeDB will use (ignored if rbac.create=true)       | `default`          |
+| `apiserver.groupPriorityMinimum`   | The minimum priority the group should have.                        | 10000              |
+| `apiserver.versionPriority`        | The ordering of this API inside of the group.                      | 15                 |
+| `apiserver.enableAdmissionWebhook` | Configure apiserver as admission webhooks for KubeDB CRDs          | false              |
+| `apiserver.ca`                     | CA certificate used by main Kubernetes api server                  | ``                 |
+
+
+Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example:
+
+```console
+$ helm install --name my-release --set image.tag=v0.2.1 stable/kubedb
+```
+
+Alternatively, a YAML file that specifies the values for the parameters can be provided while
+installing the chart. For example:
+
+```console
+$ helm install --name my-release --values values.yaml stable/kubedb
+```
+
+## RBAC
+By default the chart will not install the recommended RBAC roles and rolebindings.
+
+You need to have the flag `--authorization-mode=RBAC` on the api server. See the following document for how to enable [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/).
+
+To determine if your cluster supports RBAC, run the the following command:
+
+```console
+$ kubectl api-versions | grep rbac
+```
+
+If the output contains "beta", you may install the chart with RBAC enabled (see below).
+
+### Enable RBAC role/rolebinding creation
+
+To enable the creation of RBAC resources (On clusters with RBAC). Do the following:
+
+```console
+$ helm install --name my-release stable/kubedb --set rbac.create=true
+```

chart/stable/kubedb/templates/NOTES.txt

@@ -0,0 +1,3 @@
+To verify that KubeDB has started, run:
+
+  kubectl --namespace={{ .Release.Namespace }} get deployments -l "release={{ .Release.Name }}, app={{ template "kubedb.name" . }}"

chart/stable/kubedb/templates/_helpers.tpl

@@ -0,0 +1,20 @@
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "kubedb.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+*/}}
+{{- define "kubedb.fullname" -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}

chart/stable/kubedb/templates/apiregistration.yaml

@@ -0,0 +1,79 @@
+{{- $ca := genCA "svc-cat-ca" 3650 }}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- $cn := printf "%s-%s" $name .Release.Name | trunc 63 -}}
+{{- $altName1 := printf "%s.%s" $cn .Release.Namespace }}
+{{- $altName2 := printf "%s.%s.svc" $cn .Release.Namespace }}
+{{- $cert := genSignedCert $cn nil (list $altName1 $altName2) 3650 $ca }}
+apiVersion: apiregistration.k8s.io/v1beta1
+kind: APIService
+metadata:
+  name: v1alpha1.admission.kubedb.com
+  labels:
+    chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
+    app: "{{ template "kubedb.name" . }}"
+    heritage: "{{ .Release.Service }}"
+    release: "{{ .Release.Name }}"
+spec:
+  group: admission.kubedb.com
+  version: v1alpha1
+  service:
+    namespace: {{ .Release.Namespace }}
+    name: {{ template "kubedb.fullname" . }}
+  caBundle: {{ b64enc $ca.Cert }}
+  groupPriorityMinimum: {{ .Values.apiserver.groupPriorityMinimum }}
+  versionPriority: {{ .Values.apiserver.versionPriority }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ template "kubedb.fullname" . }}-apiserver-cert
+  labels:
+    chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
+    app: "{{ template "kubedb.name" . }}"
+    heritage: "{{ .Release.Service }}"
+    release: "{{ .Release.Name }}"
+type: Opaque
+data:
+  tls.crt: {{ b64enc $cert.Cert }}
+  tls.key: {{ b64enc $cert.Key }}
+---
+{{ if .Values.rbac.create }}
+# to read the config for terminating authentication
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: RoleBinding
+metadata:
+  name: {{ template "kubedb.fullname" . }}-apiserver-extension-server-authentication-reader
+  namespace: kube-system
+  labels:
+    chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
+    app: "{{ template "kubedb.name" . }}"
+    heritage: "{{ .Release.Service }}"
+    release: "{{ .Release.Name }}"
+roleRef:
+  kind: Role
+  apiGroup: rbac.authorization.k8s.io
+  name: extension-apiserver-authentication-reader
+subjects:
+- kind: ServiceAccount
+  name: {{ template "kubedb.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+---
+# to delegate authentication and authorization
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "kubedb.fullname" . }}-apiserver-auth-delegator
+  labels:
+    chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
+    app: "{{ template "kubedb.name" . }}"
+    heritage: "{{ .Release.Service }}"
+    release: "{{ .Release.Name }}"
+roleRef:
+  kind: ClusterRole
+  apiGroup: rbac.authorization.k8s.io
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: {{ template "kubedb.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}

chart/stable/kubedb/templates/cluster-role-binding.yaml

@@ -0,0 +1,19 @@
+{{ if .Values.rbac.create }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "kubedb.fullname" . }}
+  labels:
+    chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
+    app: "{{ template "kubedb.name" . }}"
+    heritage: "{{ .Release.Service }}"
+    release: "{{ .Release.Name }}"
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "kubedb.fullname" . }}
+subjects:
+- kind: ServiceAccount
+  name: {{ template "kubedb.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}

chart/stable/kubedb/templates/cluster-role.yaml

@@ -0,0 +1,85 @@
+{{ if .Values.rbac.create }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: ClusterRole
+metadata:
+  name: {{ template "kubedb.fullname" . }}
+  labels:
+    chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
+    app: "{{ template "kubedb.name" . }}"
+    heritage: "{{ .Release.Service }}"
+    release: "{{ .Release.Name }}"
+rules:
+- apiGroups:
+  - apiextensions.k8s.io
+  resources:
+  - customresourcedefinitions
+  verbs: ["create", "delete", "get", "list"]
+- apiGroups:
+  - rbac.authorization.k8s.io
+  resources:
+  - rolebindings
+  - roles
+  verbs: ["create", "delete", "get", "patch"]
+- apiGroups:
+  - ""
+  resources:
+  - services
+  verbs: ["create", "delete", "get", "patch"]
+- apiGroups:
+  - ""
+  resources:
+  - secrets
+  - serviceaccounts
+  verbs: ["create", "delete", "get", "patch"]
+- apiGroups:
+  - apps
+  resources:
+  - deployments
+  - statefulsets
+  verbs: ["create", "delete", "get", "patch", "update"]
+- apiGroups:
+  - batch
+  resources:
+  - jobs
+  verbs: ["create", "delete", "get", "list", "watch"]
+- apiGroups:
+  - storage.k8s.io
+  resources:
+  - storageclasses
+  verbs: ["get"]
+- apiGroups:
+  - ""
+  resources:
+  - pods
+  verbs: ["deletecollection", "get", "list", "patch", "watch"]
+- apiGroups:
+  - ""
+  resources:
+  - persistentvolumeclaims
+  verbs: ["create", "delete", "get", "list", "patch", "watch"]
+- apiGroups:
+  - ""
+  resources:
+  - configmaps
+  verbs: ["create", "delete", "get", "update"]
+- apiGroups:
+  - ""
+  resources:
+  - events
+  verbs: ["create"]
+- apiGroups:
+  - ""
+  resources:
+  - nodes
+  verbs: ["get", "list", "watch"]
+- apiGroups:
+  - kubedb.com
+  resources:
+  - '*'
+  verbs: ['*']
+- apiGroups:
+  - monitoring.coreos.com
+  resources:
+  - servicemonitors
+  verbs: ["create", "delete", "get", "list", "update"]
+{{ end }}