From 4b3748cc224733315c8a8cc517ee865732627c81 Mon Sep 17 00:00:00 2001 From: Andrei Pavlov Date: Thu, 30 May 2024 19:43:47 +0700 Subject: [PATCH 1/3] Install helmify-binary Signed-off-by: Andrei Pavlov --- Makefile | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/Makefile b/Makefile index fb9026ea6..4f132ed8f 100644 --- a/Makefile +++ b/Makefile @@ -161,6 +161,7 @@ CONTROLLER_GEN ?= $(LOCALBIN)/controller-gen-$(CONTROLLER_TOOLS_VERSION) ENVTEST ?= $(LOCALBIN)/setup-envtest-$(ENVTEST_VERSION) GOLANGCI_LINT = $(LOCALBIN)/golangci-lint-$(GOLANGCI_LINT_VERSION) HELM ?= $(LOCALBIN)/helm-$(HELM_VERSION) +HELMIFY ?= $(LOCALBIN)/helmify-$(HELMIFY_VERSION) FLUX_CHART_REPOSITORY ?= oci://ghcr.io/fluxcd-community/charts/flux2 FLUX_CHART_VERSION ?= 2.13.0 @@ -172,6 +173,7 @@ CONTROLLER_TOOLS_VERSION ?= v0.14.0 ENVTEST_VERSION ?= release-0.17 GOLANGCI_LINT_VERSION ?= v1.57.2 HELM_VERSION ?= v3.15.1 +HELMIFY_VERSION ?= v0.4.13 .PHONY: kustomize kustomize: $(KUSTOMIZE) ## Download kustomize locally if necessary. @@ -199,6 +201,11 @@ $(HELM): $(LOCALBIN) rm -f $(LOCALBIN)/helm-* curl -s $(HELM_INSTALL_SCRIPT) | USE_SUDO=false HELM_INSTALL_DIR=$(LOCALBIN) DESIRED_VERSION=$(HELM_VERSION) BINARY_NAME=helm-$(HELM_VERSION) PATH="$(LOCALBIN):$(PATH)" bash +.PHONY: helmify +helmify: $(HELMIFY) ## Download helmify locally if necessary. +$(HELMIFY): $(LOCALBIN) + $(call go-install-tool,$(HELMIFY),github.com/arttor/helmify/cmd/helmify,${HELMIFY_VERSION}) + # go-install-tool will 'go install' any package with custom target and name of binary, if it doesn't exist # $1 - target path with name of binary (ideally with version) # $2 - package url which can be installed From 25d30a1eaf71e6768003ea7b3003a20450d347d5 Mon Sep 17 00:00:00 2001 From: Andrei Pavlov Date: Thu, 30 May 2024 20:02:39 +0700 Subject: [PATCH 2/3] Generate hmc chart with helmify Signed-off-by: Andrei Pavlov --- Makefile | 5 + charts/hmc/.helmignore | 23 ++++ charts/hmc/Chart.yaml | 21 +++ charts/hmc/templates/_helpers.tpl | 62 +++++++++ charts/hmc/templates/awsprovider-crd.yaml | 61 +++++++++ .../templates/awsprovider-editor-rbac.yaml | 25 ++++ .../templates/awsprovider-viewer-rbac.yaml | 21 +++ charts/hmc/templates/deployment-crd.yaml | 84 ++++++++++++ .../hmc/templates/deployment-editor-rbac.yaml | 25 ++++ .../hmc/templates/deployment-viewer-rbac.yaml | 21 +++ charts/hmc/templates/deployment.yaml | 51 +++++++ .../hmc/templates/leader-election-rbac.yaml | 53 ++++++++ charts/hmc/templates/management-crd.yaml | 61 +++++++++ .../hmc/templates/management-editor-rbac.yaml | 25 ++++ .../hmc/templates/management-viewer-rbac.yaml | 21 +++ charts/hmc/templates/manager-rbac.yaml | 126 ++++++++++++++++++ charts/hmc/templates/metrics-service.yaml | 14 ++ charts/hmc/templates/serviceaccount.yaml | 8 ++ charts/hmc/templates/template-crd.yaml | 84 ++++++++++++ .../hmc/templates/template-editor-rbac.yaml | 25 ++++ .../hmc/templates/template-viewer-rbac.yaml | 21 +++ charts/hmc/values.yaml | 32 +++++ config/crd/kustomization.yaml | 8 +- 23 files changed, 873 insertions(+), 4 deletions(-) create mode 100644 charts/hmc/.helmignore create mode 100644 charts/hmc/Chart.yaml create mode 100644 charts/hmc/templates/_helpers.tpl create mode 100644 charts/hmc/templates/awsprovider-crd.yaml create mode 100644 charts/hmc/templates/awsprovider-editor-rbac.yaml create mode 100644 charts/hmc/templates/awsprovider-viewer-rbac.yaml create mode 100644 charts/hmc/templates/deployment-crd.yaml create mode 100644 charts/hmc/templates/deployment-editor-rbac.yaml create mode 100644 charts/hmc/templates/deployment-viewer-rbac.yaml create mode 100644 charts/hmc/templates/deployment.yaml create mode 100644 charts/hmc/templates/leader-election-rbac.yaml create mode 100644 charts/hmc/templates/management-crd.yaml create mode 100644 charts/hmc/templates/management-editor-rbac.yaml create mode 100644 charts/hmc/templates/management-viewer-rbac.yaml create mode 100644 charts/hmc/templates/manager-rbac.yaml create mode 100644 charts/hmc/templates/metrics-service.yaml create mode 100644 charts/hmc/templates/serviceaccount.yaml create mode 100644 charts/hmc/templates/template-crd.yaml create mode 100644 charts/hmc/templates/template-editor-rbac.yaml create mode 100644 charts/hmc/templates/template-viewer-rbac.yaml create mode 100644 charts/hmc/values.yaml diff --git a/Makefile b/Makefile index 4f132ed8f..c6a7c0ea5 100644 --- a/Makefile +++ b/Makefile @@ -120,6 +120,11 @@ build-installer: manifests generate kustomize ## Generate a consolidated YAML wi cd config/manager && $(KUSTOMIZE) edit set image controller=${IMG} $(KUSTOMIZE) build config/default > dist/install.yaml +.PHONY: hmc-chart-generate +hmc-chart-generate: kustomize helmify ## Generate hmc helm chart + rm -rf charts/hmc/values.yaml charts/hmc/templates/*.yaml + $(KUSTOMIZE) build config/default | $(HELMIFY) charts/hmc + ##@ Deployment ifndef ignore-not-found diff --git a/charts/hmc/.helmignore b/charts/hmc/.helmignore new file mode 100644 index 000000000..0e8a0eb36 --- /dev/null +++ b/charts/hmc/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/charts/hmc/Chart.yaml b/charts/hmc/Chart.yaml new file mode 100644 index 000000000..c599819ec --- /dev/null +++ b/charts/hmc/Chart.yaml @@ -0,0 +1,21 @@ +apiVersion: v2 +name: hmc +description: A Helm chart for Kubernetes +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.1.0 +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "0.1.0" diff --git a/charts/hmc/templates/_helpers.tpl b/charts/hmc/templates/_helpers.tpl new file mode 100644 index 000000000..36caea88a --- /dev/null +++ b/charts/hmc/templates/_helpers.tpl @@ -0,0 +1,62 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "hmc.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "hmc.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "hmc.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "hmc.labels" -}} +helm.sh/chart: {{ include "hmc.chart" . }} +{{ include "hmc.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "hmc.selectorLabels" -}} +app.kubernetes.io/name: {{ include "hmc.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "hmc.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "hmc.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} diff --git a/charts/hmc/templates/awsprovider-crd.yaml b/charts/hmc/templates/awsprovider-crd.yaml new file mode 100644 index 000000000..8e3886812 --- /dev/null +++ b/charts/hmc/templates/awsprovider-crd.yaml @@ -0,0 +1,61 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: awsproviders.hmc.mirantis.com + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + labels: + {{- include "hmc.labels" . | nindent 4 }} +spec: + group: hmc.mirantis.com + names: + kind: AWSProvider + listKind: AWSProviderList + plural: awsproviders + singular: awsprovider + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: AWSProvider is the Schema for the awsprovider API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: AWSProviderSpec defines the desired state of AWSProvider + properties: + foo: + description: Foo is an example field of AWSProvider. Edit awsprovider_types.go + to remove/update + type: string + type: object + status: + description: AWSProviderStatus defines the observed state of AWSProvider + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] \ No newline at end of file diff --git a/charts/hmc/templates/awsprovider-editor-rbac.yaml b/charts/hmc/templates/awsprovider-editor-rbac.yaml new file mode 100644 index 000000000..eaed60491 --- /dev/null +++ b/charts/hmc/templates/awsprovider-editor-rbac.yaml @@ -0,0 +1,25 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "hmc.fullname" . }}-awsprovider-editor-role + labels: + {{- include "hmc.labels" . | nindent 4 }} +rules: +- apiGroups: + - hmc.mirantis.com.hmc.mirantis.com + resources: + - awsprovider + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - hmc.mirantis.com.hmc.mirantis.com + resources: + - awsprovider/status + verbs: + - get \ No newline at end of file diff --git a/charts/hmc/templates/awsprovider-viewer-rbac.yaml b/charts/hmc/templates/awsprovider-viewer-rbac.yaml new file mode 100644 index 000000000..1329bf7ad --- /dev/null +++ b/charts/hmc/templates/awsprovider-viewer-rbac.yaml @@ -0,0 +1,21 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "hmc.fullname" . }}-awsprovider-viewer-role + labels: + {{- include "hmc.labels" . | nindent 4 }} +rules: +- apiGroups: + - hmc.mirantis.com.hmc.mirantis.com + resources: + - awsprovider + verbs: + - get + - list + - watch +- apiGroups: + - hmc.mirantis.com.hmc.mirantis.com + resources: + - awsprovider/status + verbs: + - get \ No newline at end of file diff --git a/charts/hmc/templates/deployment-crd.yaml b/charts/hmc/templates/deployment-crd.yaml new file mode 100644 index 000000000..c0acac342 --- /dev/null +++ b/charts/hmc/templates/deployment-crd.yaml @@ -0,0 +1,84 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: deployments.hmc.mirantis.com + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + labels: + {{- include "hmc.labels" . | nindent 4 }} +spec: + group: hmc.mirantis.com + names: + kind: Deployment + listKind: DeploymentList + plural: deployments + singular: deployment + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: Deployment is the Schema for the deployments API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: DeploymentSpec defines the desired state of Deployment + properties: + configuration: + description: |- + Configuration allows to provide parameters for template customization. + If no Configuration provided, the field will be populated with the default values for + the template and DryRun will be enabled. + x-kubernetes-preserve-unknown-fields: true + dryRun: + description: DryRun specifies whether the template should be applied + after validation or only validated. + type: boolean + template: + description: Template is a reference to a Template object located in + the same namespace. + type: string + required: + - template + type: object + status: + description: DeploymentStatus defines the observed state of Deployment + properties: + valid: + description: Valid indicates whether the template passed validation + or not. + type: boolean + validationError: + description: ValidationError provides information regarding issues encountered + during template validation. + type: string + required: + - valid + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] \ No newline at end of file diff --git a/charts/hmc/templates/deployment-editor-rbac.yaml b/charts/hmc/templates/deployment-editor-rbac.yaml new file mode 100644 index 000000000..88b8919e7 --- /dev/null +++ b/charts/hmc/templates/deployment-editor-rbac.yaml @@ -0,0 +1,25 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "hmc.fullname" . }}-deployment-editor-role + labels: + {{- include "hmc.labels" . | nindent 4 }} +rules: +- apiGroups: + - hmc.mirantis.com.hmc.mirantis.com + resources: + - deployments + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - hmc.mirantis.com.hmc.mirantis.com + resources: + - deployments/status + verbs: + - get \ No newline at end of file diff --git a/charts/hmc/templates/deployment-viewer-rbac.yaml b/charts/hmc/templates/deployment-viewer-rbac.yaml new file mode 100644 index 000000000..7af1a91b6 --- /dev/null +++ b/charts/hmc/templates/deployment-viewer-rbac.yaml @@ -0,0 +1,21 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "hmc.fullname" . }}-deployment-viewer-role + labels: + {{- include "hmc.labels" . | nindent 4 }} +rules: +- apiGroups: + - hmc.mirantis.com.hmc.mirantis.com + resources: + - deployments + verbs: + - get + - list + - watch +- apiGroups: + - hmc.mirantis.com.hmc.mirantis.com + resources: + - deployments/status + verbs: + - get \ No newline at end of file diff --git a/charts/hmc/templates/deployment.yaml b/charts/hmc/templates/deployment.yaml new file mode 100644 index 000000000..049f12ee1 --- /dev/null +++ b/charts/hmc/templates/deployment.yaml @@ -0,0 +1,51 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "hmc.fullname" . }}-controller-manager + labels: + control-plane: controller-manager + {{- include "hmc.labels" . | nindent 4 }} +spec: + replicas: {{ .Values.controllerManager.replicas }} + selector: + matchLabels: + control-plane: controller-manager + {{- include "hmc.selectorLabels" . | nindent 6 }} + template: + metadata: + labels: + control-plane: controller-manager + {{- include "hmc.selectorLabels" . | nindent 8 }} + annotations: + kubectl.kubernetes.io/default-container: manager + spec: + containers: + - args: {{- toYaml .Values.controllerManager.manager.args | nindent 8 }} + command: + - /manager + env: + - name: KUBERNETES_CLUSTER_DOMAIN + value: {{ quote .Values.kubernetesClusterDomain }} + image: {{ .Values.controllerManager.manager.image.repository }}:{{ .Values.controllerManager.manager.image.tag + | default .Chart.AppVersion }} + livenessProbe: + httpGet: + path: /healthz + port: 8081 + initialDelaySeconds: 15 + periodSeconds: 20 + name: manager + readinessProbe: + httpGet: + path: /readyz + port: 8081 + initialDelaySeconds: 5 + periodSeconds: 10 + resources: {{- toYaml .Values.controllerManager.manager.resources | nindent 10 + }} + securityContext: {{- toYaml .Values.controllerManager.manager.containerSecurityContext + | nindent 10 }} + securityContext: + runAsNonRoot: true + serviceAccountName: {{ include "hmc.fullname" . }}-controller-manager + terminationGracePeriodSeconds: 10 \ No newline at end of file diff --git a/charts/hmc/templates/leader-election-rbac.yaml b/charts/hmc/templates/leader-election-rbac.yaml new file mode 100644 index 000000000..16c65d425 --- /dev/null +++ b/charts/hmc/templates/leader-election-rbac.yaml @@ -0,0 +1,53 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ include "hmc.fullname" . }}-leader-election-role + labels: + {{- include "hmc.labels" . | nindent 4 }} +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ include "hmc.fullname" . }}-leader-election-rolebinding + labels: + {{- include "hmc.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: '{{ include "hmc.fullname" . }}-leader-election-role' +subjects: +- kind: ServiceAccount + name: '{{ include "hmc.fullname" . }}-controller-manager' + namespace: '{{ .Release.Namespace }}' \ No newline at end of file diff --git a/charts/hmc/templates/management-crd.yaml b/charts/hmc/templates/management-crd.yaml new file mode 100644 index 000000000..28b3017ec --- /dev/null +++ b/charts/hmc/templates/management-crd.yaml @@ -0,0 +1,61 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: managements.hmc.mirantis.com + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + labels: + {{- include "hmc.labels" . | nindent 4 }} +spec: + group: hmc.mirantis.com + names: + kind: Management + listKind: ManagementList + plural: managements + singular: management + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: Management is the Schema for the managements API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: ManagementSpec defines the desired state of Management + properties: + foo: + description: Foo is an example field of Management. Edit management_types.go + to remove/update + type: string + type: object + status: + description: ManagementStatus defines the observed state of Management + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] \ No newline at end of file diff --git a/charts/hmc/templates/management-editor-rbac.yaml b/charts/hmc/templates/management-editor-rbac.yaml new file mode 100644 index 000000000..243f40fd1 --- /dev/null +++ b/charts/hmc/templates/management-editor-rbac.yaml @@ -0,0 +1,25 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "hmc.fullname" . }}-management-editor-role + labels: + {{- include "hmc.labels" . | nindent 4 }} +rules: +- apiGroups: + - hmc.mirantis.com.hmc.mirantis.com + resources: + - managements + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - hmc.mirantis.com.hmc.mirantis.com + resources: + - managements/status + verbs: + - get \ No newline at end of file diff --git a/charts/hmc/templates/management-viewer-rbac.yaml b/charts/hmc/templates/management-viewer-rbac.yaml new file mode 100644 index 000000000..90c102bbb --- /dev/null +++ b/charts/hmc/templates/management-viewer-rbac.yaml @@ -0,0 +1,21 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "hmc.fullname" . }}-management-viewer-role + labels: + {{- include "hmc.labels" . | nindent 4 }} +rules: +- apiGroups: + - hmc.mirantis.com.hmc.mirantis.com + resources: + - managements + verbs: + - get + - list + - watch +- apiGroups: + - hmc.mirantis.com.hmc.mirantis.com + resources: + - managements/status + verbs: + - get \ No newline at end of file diff --git a/charts/hmc/templates/manager-rbac.yaml b/charts/hmc/templates/manager-rbac.yaml new file mode 100644 index 000000000..2fe5758d2 --- /dev/null +++ b/charts/hmc/templates/manager-rbac.yaml @@ -0,0 +1,126 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "hmc.fullname" . }}-manager-role + labels: + {{- include "hmc.labels" . | nindent 4 }} +rules: +- apiGroups: + - hmc.mirantis.com + resources: + - awsprovider + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - hmc.mirantis.com + resources: + - awsprovider/finalizers + verbs: + - update +- apiGroups: + - hmc.mirantis.com + resources: + - awsprovider/status + verbs: + - get + - patch + - update +- apiGroups: + - hmc.mirantis.com + resources: + - deployments + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - hmc.mirantis.com + resources: + - deployments/finalizers + verbs: + - update +- apiGroups: + - hmc.mirantis.com + resources: + - deployments/status + verbs: + - get + - patch + - update +- apiGroups: + - hmc.mirantis.com + resources: + - managements + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - hmc.mirantis.com + resources: + - managements/finalizers + verbs: + - update +- apiGroups: + - hmc.mirantis.com + resources: + - managements/status + verbs: + - get + - patch + - update +- apiGroups: + - hmc.mirantis.com + resources: + - templates + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - hmc.mirantis.com + resources: + - templates/finalizers + verbs: + - update +- apiGroups: + - hmc.mirantis.com + resources: + - templates/status + verbs: + - get + - patch + - update +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ include "hmc.fullname" . }}-manager-rolebinding + labels: + {{- include "hmc.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: '{{ include "hmc.fullname" . }}-manager-role' +subjects: +- kind: ServiceAccount + name: '{{ include "hmc.fullname" . }}-controller-manager' + namespace: '{{ .Release.Namespace }}' \ No newline at end of file diff --git a/charts/hmc/templates/metrics-service.yaml b/charts/hmc/templates/metrics-service.yaml new file mode 100644 index 000000000..43cd6f8ed --- /dev/null +++ b/charts/hmc/templates/metrics-service.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "hmc.fullname" . }}-controller-manager-metrics-service + labels: + control-plane: controller-manager + {{- include "hmc.labels" . | nindent 4 }} +spec: + type: {{ .Values.metricsService.type }} + selector: + control-plane: controller-manager + {{- include "hmc.selectorLabels" . | nindent 4 }} + ports: + {{- .Values.metricsService.ports | toYaml | nindent 2 }} \ No newline at end of file diff --git a/charts/hmc/templates/serviceaccount.yaml b/charts/hmc/templates/serviceaccount.yaml new file mode 100644 index 000000000..cd852bb26 --- /dev/null +++ b/charts/hmc/templates/serviceaccount.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "hmc.fullname" . }}-controller-manager + labels: + {{- include "hmc.labels" . | nindent 4 }} + annotations: + {{- toYaml .Values.controllerManager.serviceAccount.annotations | nindent 4 }} \ No newline at end of file diff --git a/charts/hmc/templates/template-crd.yaml b/charts/hmc/templates/template-crd.yaml new file mode 100644 index 000000000..bbec9f24e --- /dev/null +++ b/charts/hmc/templates/template-crd.yaml @@ -0,0 +1,84 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: templates.hmc.mirantis.com + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + labels: + {{- include "hmc.labels" . | nindent 4 }} +spec: + group: hmc.mirantis.com + names: + kind: Template + listKind: TemplateList + plural: templates + singular: template + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: Template is the Schema for the templates API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: TemplateSpec defines the desired state of Template + properties: + helmChartURL: + description: HelmChartURL is a URL of the helm chart representing the + template. + type: string + provider: + description: Provider specifies a CAPI provider associated with the + template. + enum: + - aws + type: string + required: + - helmChartURL + - provider + type: object + status: + description: TemplateStatus defines the observed state of Template + properties: + description: + description: Descriptions contains information about the template. + type: string + valid: + description: Valid indicates whether the template passed validation + or not. + type: boolean + validationError: + description: ValidationError provides information regarding issues encountered + during template validation. + type: string + required: + - valid + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] \ No newline at end of file diff --git a/charts/hmc/templates/template-editor-rbac.yaml b/charts/hmc/templates/template-editor-rbac.yaml new file mode 100644 index 000000000..398363f19 --- /dev/null +++ b/charts/hmc/templates/template-editor-rbac.yaml @@ -0,0 +1,25 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "hmc.fullname" . }}-template-editor-role + labels: + {{- include "hmc.labels" . | nindent 4 }} +rules: +- apiGroups: + - hmc.mirantis.com.hmc.mirantis.com + resources: + - templates + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - hmc.mirantis.com.hmc.mirantis.com + resources: + - templates/status + verbs: + - get \ No newline at end of file diff --git a/charts/hmc/templates/template-viewer-rbac.yaml b/charts/hmc/templates/template-viewer-rbac.yaml new file mode 100644 index 000000000..127ca4b29 --- /dev/null +++ b/charts/hmc/templates/template-viewer-rbac.yaml @@ -0,0 +1,21 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "hmc.fullname" . }}-template-viewer-role + labels: + {{- include "hmc.labels" . | nindent 4 }} +rules: +- apiGroups: + - hmc.mirantis.com.hmc.mirantis.com + resources: + - templates + verbs: + - get + - list + - watch +- apiGroups: + - hmc.mirantis.com.hmc.mirantis.com + resources: + - templates/status + verbs: + - get \ No newline at end of file diff --git a/charts/hmc/values.yaml b/charts/hmc/values.yaml new file mode 100644 index 000000000..60255eb9f --- /dev/null +++ b/charts/hmc/values.yaml @@ -0,0 +1,32 @@ +controllerManager: + manager: + args: + - --leader-elect + - --health-probe-bind-address=:8081 + - --metrics-bind-address=0 + containerSecurityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + image: + repository: controller + tag: latest + resources: + limits: + cpu: 500m + memory: 128Mi + requests: + cpu: 10m + memory: 64Mi + replicas: 1 + serviceAccount: + annotations: {} +kubernetesClusterDomain: cluster.local +metricsService: + ports: + - name: http + port: 8080 + protocol: TCP + targetPort: 8080 + type: ClusterIP diff --git a/config/crd/kustomization.yaml b/config/crd/kustomization.yaml index 4e4defcf4..15cf0fe2e 100644 --- a/config/crd/kustomization.yaml +++ b/config/crd/kustomization.yaml @@ -2,10 +2,10 @@ # since it depends on service name and namespace that are out of this kustomize package. # It should be run by config/default resources: -- bases/hmc.mirantis.com.hmc.mirantis.com_templates.yaml -- bases/hmc.mirantis.com.hmc.mirantis.com_deployments.yaml -- bases/hmc.mirantis.com.hmc.mirantis.com_managements.yaml -- bases/hmc.mirantis.com.hmc.mirantis.com_awsproviders.yaml +- bases/hmc.mirantis.com_templates.yaml +- bases/hmc.mirantis.com_deployments.yaml +- bases/hmc.mirantis.com_managements.yaml +- bases/hmc.mirantis.com_awsproviders.yaml #+kubebuilder:scaffold:crdkustomizeresource patches: From 18dc9f0993bbb3b0e304a671a7f234a56c470189 Mon Sep 17 00:00:00 2001 From: Andrei Pavlov Date: Thu, 30 May 2024 20:28:00 +0700 Subject: [PATCH 3/3] Verify hmc chart state on ci Signed-off-by: Andrei Pavlov --- .github/workflows/test.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 2e62f3804..6ccee9526 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -44,6 +44,8 @@ jobs: uses: golangci/golangci-lint-action@v6 with: args: --timeout 10m0s + - name: Check hmc chart + run: make hmc-chart-generate && git diff --exit-code - name: Unit tests run: | make test