Merge pull request #24 from volcano-sh/bug/fix_admission_issue

Fix some chart issues

README.md

@@ -12,6 +12,46 @@ using several systems, combined with best-of-breed ideas and practices from the
 
 ![volcano](docs/images/volcano-intro.png)
 
+## Installation
+
+The easiest way to use Volcano is to use the Helm chart.
+
+
+### 1. Volcano Image
+Official images now are not available on DockerHub, however you can build them locally with command:
+```
+make docker
+``` 
+**NOTE**: You need ensure the images are correctly loaded in your kubernetes cluster, for
+example, if you are using [kind cluster](https://github.com/kubernetes-sigs/kind), 
+try command ```kind load docker-image <image-name>:<tag> ``` for each of the images.
+
+### 2. Helm charts
+First of all, clone repo to your local path
+```
+# mkdir -p $GOPATH/src/volcano.sh/
+# cd $GOPATH/src/volcano.sh/
+# git clone https://github.com/volcano-sh/volcano.git
+```
+Second, install required helm plugin and generate valid certificate, volcano uses a helm plugin **gen-admission-secret**
+to generate certificate for admission service to communicate with kubernetes API server.
+```
+#1. Install helm plugin
+helm plugin install installer/chart/volcano/plugins/gen-admission-secret
+
+#2. Generate secret within service name
+helm gen-admission-secret --service <specified-name>-admission-service --namespace <namespace>
+```
+Finally, install helm chart.
+```
+helm install installer/chart/volcano --namespace <namespace> --name <specified-name>
+```
+**NOTE**:The ```<specified-name>``` used in the two commands above should be identical.
+
+
+
+
+
 ## Community, discussion, contribution, and support
 
 You can reach the maintainers of this project at:

installer/chart/volcano/plugins/gen-admission-secret/gen-admission-secret.sh

@@ -9,15 +9,15 @@ This script uses k8s' CertificateSigningRequest API to a generate a
 certificate signed by k8s CA suitable for use with webhook
 services. This requires permissions to create and approve CSR. See
 https://kubernetes.io/docs/tasks/tls/managing-tls-in-a-cluster for
-detailed explantion and additional instructions.
+detailed explanation and additional instructions.
 The server key/cert k8s CA cert are stored in a k8s secret.
 usage: ${0} [OPTIONS]
 The following flags are required.
        --service          Service name of webhook.
        --namespace        Namespace where webhook service and secret reside.
        --secret           Secret name for CA certificate and server certificate/key pair.
 EOF
-    exit 1
+    exit 0
 }
 
 while [[ $# -gt 0 ]]; do
@@ -41,7 +41,12 @@ while [[ $# -gt 0 ]]; do
     shift
 done
 
-[ -z ${service} ] && service=volcano-admission-service
+if [ -z ${service} ]; then
+    echo "'--service' must be specified"
+    exit 1
+fi
+
+
 [ -z ${secret} ] && secret=volcano-admission-secret
 [ -z ${namespace} ] && namespace=default
 

installer/chart/volcano/plugins/gen-admission-secret/plugin.yaml

@@ -1,6 +1,6 @@
 name: "gen-admission-secret"
 version: "1.0.0"
-usage: "Integrate Keybase.io tools with Helm"
+usage: "Generate valid cert for admission server"
 description: This plugin provides signed cert to admission server.
 ignoreFlags: false
 useTunnel: false

installer/chart/volcano/templates/admission-config.yaml

@@ -9,7 +9,7 @@ webhooks:
       caBundle: ""
       service:
         name: {{ .Release.Name }}-admission-service
-        namespace: {{.Values.basic.namespace}}
+        namespace: {{ .Release.Namespace }}
         path: /jobs
     failurePolicy: Ignore
     name: validatejob.volcano.sh
@@ -36,7 +36,7 @@ webhooks:
       caBundle: ""
       service:
         name: {{ .Release.Name }}-admission-service
-        namespace: {{.Values.basic.namespace}}
+        namespace: {{ .Release.Namespace }}
         path: /mutating-jobs
     failurePolicy: Ignore
     name: mutatejob.volcano.sh

installer/chart/volcano/templates/admission.yaml

@@ -2,14 +2,13 @@ apiVersion: v1
 kind: ServiceAccount
 metadata:
   name: {{ .Release.Name }}-admission
-  namespace: {{.Values.basic.namespace}}
-
+  namespace: {{ .Release.Namespace }}
 ---
 kind: ClusterRole
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
   name: {{ .Release.Name }}-admission
-  namespace: {{.Values.basic.namespace}}
+  namespace: {{ .Release.Namespace }}
 rules:
   - apiGroups: [""]
     resources: ["configmaps"]
@@ -26,11 +25,11 @@ kind: ClusterRoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
   name: {{ .Release.Name }}-admission-role
-  namespace: {{.Values.basic.namespace}}
+  namespace: {{ .Release.Namespace }}
 subjects:
   - kind: ServiceAccount
     name: {{ .Release.Name }}-admission
-    namespace: {{.Values.basic.namespace}}
+    namespace: {{ .Release.Namespace }}
 roleRef:
   kind: ClusterRole
   name: {{ .Release.Name }}-admission
@@ -44,7 +43,7 @@ metadata:
     app: admission
     admission: "true"
   name: {{ .Release.Name }}-admission
-  namespace: {{.Values.basic.namespace}}
+  namespace: {{ .Release.Namespace }}
 spec:
   replicas: 1
   selector:
@@ -89,7 +88,7 @@ metadata:
   labels:
     test: admission
   name: {{ .Release.Name }}-admission-service
-  namespace: {{.Values.basic.namespace}}
+  namespace: {{ .Release.Namespace }}
 spec:
   ports:
     - port: 443

installer/chart/volcano-init/templates/batch_v1alpha1_job.yaml → installer/chart/volcano/templates/batch_v1alpha1_job.yaml

@@ -2,6 +2,8 @@ apiVersion: apiextensions.k8s.io/v1beta1
 kind: CustomResourceDefinition
 metadata:
   name: jobs.batch.volcano.sh
+  annotations:
+    "helm.sh/hook": crd-install
 spec:
   group: batch.volcano.sh
   names:

installer/chart/volcano-init/templates/bus_v1alpha1_command.yaml → installer/chart/volcano/templates/bus_v1alpha1_command.yaml

@@ -2,6 +2,8 @@ apiVersion: apiextensions.k8s.io/v1beta1
 kind: CustomResourceDefinition
 metadata:
   name: commands.bus.volcano.sh
+  annotations:
+    "helm.sh/hook": crd-install
 spec:
   group: bus.volcano.sh
   names:

installer/chart/volcano/templates/controllers.yaml

@@ -2,14 +2,14 @@ apiVersion: v1
 kind: ServiceAccount
 metadata:
   name: {{ .Release.Name }}-controllers
-  namespace: {{.Values.basic.namespace}}
+  namespace: {{ .Release.Namespace }}
 
 ---
 kind: ClusterRole
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
   name: {{ .Release.Name }}-controllers
-  namespace: {{.Values.basic.namespace}}
+  namespace: {{ .Release.Namespace }}
 rules:
   - apiGroups: ["apiextensions.k8s.io"]
     resources: ["customresourcedefinitions"]
@@ -47,12 +47,11 @@ kind: ClusterRoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
   name: {{ .Release.Name }}-controllers-role
-  namespace: {{.Values.basic.namespace}}
+  namespace: {{ .Release.Namespace }}
 subjects:
   - kind: ServiceAccount
     name: {{ .Release.Name }}-controllers
-    # replace with non-default namespace name
-    namespace: default
+    namespace: {{ .Release.Namespace }}
 roleRef:
   kind: ClusterRole
   name: {{ .Release.Name }}-controllers
@@ -63,7 +62,7 @@ kind: Deployment
 apiVersion: apps/v1
 metadata:
   name: {{ .Release.Name }}-controllers
-  namespace: {{.Values.basic.namespace}}
+  namespace: {{ .Release.Namespace }}
 spec:
   replicas: 1
   selector:

installer/chart/volcano/templates/scheduler.yaml

@@ -2,14 +2,13 @@ apiVersion: v1
 kind: ServiceAccount
 metadata:
   name: {{ .Release.Name }}-scheduler
-  namespace: {{.Values.basic.namespace}}
-
+  namespace: {{ .Release.Namespace }}
 ---
 kind: ClusterRole
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
   name: {{ .Release.Name }}-scheduler
-  namespace: {{.Values.basic.namespace}}
+  namespace: {{ .Release.Namespace }}
 rules:
   - apiGroups: ["apiextensions.k8s.io"]
     resources: ["customresourcedefinitions"]
@@ -62,12 +61,11 @@ kind: ClusterRoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
   name: {{ .Release.Name }}-scheduler-role
-  namespace: {{.Values.basic.namespace}}
+  namespace: {{ .Release.Namespace }}
 subjects:
   - kind: ServiceAccount
     name: {{ .Release.Name }}-scheduler
-    # replace with non-default namespace name
-    namespace: default
+    namespace: {{ .Release.Namespace }}
 roleRef:
   kind: ClusterRole
   name: {{ .Release.Name }}-scheduler
@@ -78,7 +76,7 @@ kind: Deployment
 apiVersion: apps/v1
 metadata:
   name: {{ .Release.Name }}-scheduler
-  namespace: {{.Values.basic.namespace}}
+  namespace: {{ .Release.Namespace }}
 spec:
   replicas: 1
   selector:

installer/chart/volcano-init/templates/scheduling_v1alpha1_podgroup.yaml → installer/chart/volcano/templates/scheduling_v1alpha1_podgroup.yaml

@@ -2,6 +2,8 @@ apiVersion: apiextensions.k8s.io/v1beta1
 kind: CustomResourceDefinition
 metadata:
   name: podgroups.scheduling.incubator.k8s.io
+  annotations:
+    "helm.sh/hook": crd-install
 spec:
   group: scheduling.incubator.k8s.io
   names:

installer/chart/volcano-init/templates/scheduling_v1alpha1_queue.yaml → installer/chart/volcano/templates/scheduling_v1alpha1_queue.yaml

@@ -2,6 +2,8 @@ apiVersion: apiextensions.k8s.io/v1beta1
 kind: CustomResourceDefinition
 metadata:
   name: queues.scheduling.incubator.k8s.io
+  annotations:
+    "helm.sh/hook": crd-install
 spec:
   group: scheduling.incubator.k8s.io
   names:

installer/chart/volcano/values.yaml

@@ -1,6 +1,5 @@
 basic:
   image_tag_version: "1.0"
-  namespace: default
   controller_image_name: "volcano-controllers"
   scheduler_image_name: "volcano-scheduler"
   admission_image_name: "volcano-admission"