Merge pull request #15 from kz33/add-manifests

feat(spark): add manifests
caicloud · Dec 24, 2020 · 17ec019 · 17ec019
2 parents 27c992b + 483e9d4
commit 17ec019
Show file tree

Hide file tree

Showing 13 changed files with 605 additions and 0 deletions.
diff --git a/manifests/spark-operator/.helmignore b/manifests/spark-operator/.helmignore
@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
diff --git a/manifests/spark-operator/Chart.yaml b/manifests/spark-operator/Chart.yaml
@@ -0,0 +1,5 @@
+apiVersion: v2
+name: spark-operator
+description: A Helm chart for Spark on Kubernetes operator
+version: spark-operator-chart-1.0.5
+appVersion: v3.0.0
diff --git a/manifests/spark-operator/images_extra.list b/manifests/spark-operator/images_extra.list
@@ -0,0 +1 @@
+release/spark:v3.0.0
diff --git a/manifests/spark-operator/templates/_helpers.tpl b/manifests/spark-operator/templates/_helpers.tpl
@@ -0,0 +1,76 @@
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "spark-operator.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "spark-operator.fullname" -}}
+{{- default .Chart.Name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "spark-operator.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Common labels
+*/}}
+{{- define "spark-operator.labels" -}}
+helm.sh/chart: {{ include "spark-operator.chart" . }}
+{{ include "spark-operator.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "spark-operator.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "spark-operator.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{/*
+Create the name of the service account to be used by the operator
+*/}}
+{{- define "spark-operator.serviceAccountName" -}}
+{{- if .Values.serviceAccounts.sparkoperator.create -}}
+{{ default (include "spark-operator.fullname" .) .Values.serviceAccounts.sparkoperator.name }}
+{{- else -}}
+{{ default "default" .Values.serviceAccounts.sparkoperator.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create the name of the service account to be used by spark apps
+*/}}
+{{- define "spark.serviceAccountName" -}}
+{{- if .Values.serviceAccounts.spark.create -}}
+{{- $sparkServiceaccount := printf "%s-%s" .Release.Name "spark" -}}
+    {{ default $sparkServiceaccount .Values.serviceAccounts.spark.name }}
+{{- else -}}
+    {{ default "default" .Values.serviceAccounts.spark.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return the proper image name
+{{ include "common.images.image" ( dict "context" $ "repository" .Values.platformConfig.imageRepositoryRelease "imageRoot" .Values.image ) }}
+*/}}
+{{- define "common.images.image" -}}
+{{- printf "%s/%s/%s:%s" .context.Values.platformConfig.imageRegistry .repository .imageRoot.name ( default .context.Chart.AppVersion .imageRoot.tag ) -}}
+{{- end -}}
+
diff --git a/manifests/spark-operator/templates/deployment.yaml b/manifests/spark-operator/templates/deployment.yaml
@@ -0,0 +1,105 @@
+# If the admission webhook is enabled, then a post-install step is required
+# to generate and install the secret in the operator namespace.
+
+# In the post-install hook, the token corresponding to the operator service account
+# is used to authenticate with the Kubernetes API server to install the secret bundle.
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ include "spark-operator.fullname" . }}
+  labels:
+    {{- include "spark-operator.labels" . | nindent 4 }}
+spec:
+  replicas: {{ .Values.replicaCount }}
+  selector:
+    matchLabels:
+      {{- include "spark-operator.selectorLabels" . | nindent 6 }}
+  strategy:
+    type: Recreate
+  template:
+    metadata:
+    {{- if or .Values.podAnnotations .Values.metrics.enable }}
+      annotations:
+      {{- if .Values.metrics.enable }}
+        prometheus.io/scrape: "true"
+        prometheus.io/port: "{{ .Values.metrics.port }}"
+        prometheus.io/path: {{ .Values.metrics.endpoint }}
+      {{- end }}
+      {{- if .Values.podAnnotations }}
+        {{- toYaml .Values.podAnnotations | trim | nindent 8 }}
+      {{- end }}
+    {{- end }}
+      labels:
+        {{- include "spark-operator.selectorLabels" . | nindent 8 }}
+    spec:
+      serviceAccountName: {{ include "spark-operator.serviceAccountName" . }}
+      {{- with .Values.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      securityContext:
+        {{- toYaml .Values.podSecurityContext | nindent 8 }}
+      containers:
+      - name: {{ .Chart.Name }}
+        image: {{ include "common.images.image" (dict "context" $ "repository" .Values.platformConfig.imageRepositoryRelease "imageRoot" .Values.image) | quote }}
+        imagePullPolicy: {{ default "Always" .Values.platformConfig.imagePullPolicy | quote }}
+        securityContext:
+          {{- toYaml .Values.securityContext | nindent 10 }}
+        {{- if .Values.metrics.enable }}
+        ports:
+          - name: metrics
+            containerPort: {{ .Values.metrics.port }}
+        {{ end }}
+        args:
+        - -v={{ .Values.logLevel }}
+        - -logtostderr
+        - -namespace={{ .Values.sparkJobNamespace }}
+        - -ingress-url-format={{ .Values.ingressUrlFormat }}
+        - -controller-threads={{ .Values.controllerThreads }}
+        - -resync-interval={{ .Values.resyncInterval }}
+        - -enable-batch-scheduler={{ .Values.batchScheduler.enable }}
+        {{- if .Values.metrics.enable }}
+        - -enable-metrics=true
+        - -metrics-labels=app_type
+        - -metrics-port={{ .Values.metrics.port }}
+        - -metrics-endpoint={{ .Values.metrics.endpoint }}
+        - -metrics-prefix={{ .Values.metrics.prefix }}
+        {{- end }}
+        {{- if .Values.webhook.enable }}
+        - -enable-webhook=true
+        - -webhook-svc-namespace={{ .Release.Namespace }}
+        - -webhook-port={{ .Values.webhook.port }}
+        - -webhook-svc-name={{ include "spark-operator.fullname" . }}-webhook
+        - -webhook-config-name={{ include "spark-operator.fullname" . }}-webhook-config
+        - -webhook-namespace-selector={{ .Values.webhook.namespaceSelector }}
+        {{- end }}
+        - -enable-resource-quota-enforcement={{ .Values.resourceQuotaEnforcement.enable }}
+        {{- if gt (int .Values.replicaCount) 1 }}
+        - -leader-election=true
+        - -leader-election-lock-namespace={{ default .Release.Namespace .Values.leaderElection.lockNamespace }}
+        - -leader-election-lock-name={{ .Values.leaderElection.lockName }}
+        {{- end }}
+        resources:
+          {{- toYaml .Values.resources | nindent 10 }}
+      {{- if .Values.webhook.enable }}
+        volumeMounts:
+          - name: webhook-certs
+            mountPath: /etc/webhook-certs
+      volumes:
+        - name: webhook-certs
+          secret:
+            secretName: spark-webhook-certs
+      {{- end }}
+      {{- with .Values.nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.affinity }}
+      affinity:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.tolerations }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
diff --git a/manifests/spark-operator/templates/rbac.yaml b/manifests/spark-operator/templates/rbac.yaml
@@ -0,0 +1,121 @@
+{{- if .Values.rbac.create }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ include "spark-operator.fullname" . }}
+  labels:
+    {{- include "spark-operator.labels" . | nindent 4 }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - pods
+  verbs:
+  - "*"
+- apiGroups:
+  - ""
+  resources:
+  - services
+  - configmaps
+  - secrets
+  verbs:
+  - create
+  - get
+  - delete
+  - update
+- apiGroups:
+  - extensions
+  - networking.k8s.io
+  resources:
+  - ingresses
+  verbs:
+  - create
+  - get
+  - delete
+- apiGroups:
+  - ""
+  resources:
+  - nodes
+  verbs:
+  - get
+- apiGroups:
+  - ""
+  resources:
+  - events
+  verbs:
+  - create
+  - update
+  - patch
+- apiGroups:
+  - ""
+  resources:
+  - resourcequotas
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - apiextensions.k8s.io
+  resources:
+  - customresourcedefinitions
+  verbs:
+  - create
+  - get
+  - update
+  - delete
+- apiGroups:
+  - admissionregistration.k8s.io
+  resources:
+  - mutatingwebhookconfigurations
+  - validatingwebhookconfigurations
+  verbs:
+  - create
+  - get
+  - update
+  - delete
+- apiGroups:
+  - sparkoperator.k8s.io
+  resources:
+  - sparkapplications
+  - sparkapplications/status
+  - scheduledsparkapplications
+  - scheduledsparkapplications/status
+  verbs:
+  - "*"
+  {{- if .Values.batchScheduler.enable }}
+  # required for the `volcano` batch scheduler
+- apiGroups:
+  - scheduling.incubator.k8s.io
+  - scheduling.sigs.dev
+  - scheduling.volcano.sh
+  resources:
+  - podgroups
+  verbs:
+  - "*"
+  {{- end }}
+  {{ if .Values.webhook.enable }}
+- apiGroups:
+  - batch
+  resources:
+  - jobs
+  verbs:
+  - delete
+  {{- end }}
+
+---
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ include "spark-operator.fullname" . }}
+  labels:
+    {{- include "spark-operator.labels" . | nindent 4 }}
+subjects:
+  - kind: ServiceAccount
+    name: {{ include "spark-operator.serviceAccountName" . }}
+    namespace: {{ .Release.Namespace }}
+roleRef:
+  kind: ClusterRole
+  name: {{ include "spark-operator.fullname" . }}
+  apiGroup: rbac.authorization.k8s.io
+{{- end }}
diff --git a/manifests/spark-operator/templates/serviceaccount.yaml b/manifests/spark-operator/templates/serviceaccount.yaml
@@ -0,0 +1,8 @@
+{{- if .Values.serviceAccounts.sparkoperator.create }}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ include "spark-operator.serviceAccountName" . }}
+  labels:
+    {{- include "spark-operator.labels" . | nindent 4 }}
+{{- end }}
diff --git a/manifests/spark-operator/templates/spark-rbac.yaml b/manifests/spark-operator/templates/spark-rbac.yaml
@@ -0,0 +1,40 @@
+{{- if .Values.rbac.create }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: spark-role
+  namespace: {{ default .Release.Namespace .Values.sparkJobNamespace }}
+  labels:
+    {{- include "spark-operator.labels" . | nindent 4 }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - pods
+  verbs:
+  - "*"
+- apiGroups:
+  - ""
+  resources:
+  - services
+  verbs:
+  - "*"
+
+---
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: spark
+  namespace: {{ default .Release.Namespace .Values.sparkJobNamespace }}
+  labels:
+    {{- include "spark-operator.labels" . | nindent 4 }}
+subjects:
+- kind: ServiceAccount
+  name: {{ include "spark.serviceAccountName" . }}
+  namespace: {{ default .Release.Namespace .Values.sparkJobNamespace }}
+roleRef:
+  kind: Role
+  name: spark-role
+  apiGroup: rbac.authorization.k8s.io
+{{- end }}
diff --git a/manifests/spark-operator/templates/spark-serviceaccount.yaml b/manifests/spark-operator/templates/spark-serviceaccount.yaml
@@ -0,0 +1,9 @@
+{{- if .Values.serviceAccounts.spark.create }}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ include "spark.serviceAccountName" . }}
+  namespace: {{ default .Release.Namespace .Values.sparkJobNamespace }}
+  labels:
+    {{- include "spark-operator.labels" . | nindent 4 }}
+{{- end }}