From ebab12089594c251a2cab0914e05bd61afa1d4eb Mon Sep 17 00:00:00 2001 From: Tamal Saha Date: Thu, 25 Jan 2024 23:00:15 -0800 Subject: [PATCH] Ensure crd-manager runs first Signed-off-by: Tamal Saha --- .../v1alpha1/kubedb_crd_manager_types.go | 8 ++++--- .../v1alpha1/zz_generated.deepcopy.go | 1 + charts/kubedb-crd-manager/README.md | 4 ++++ .../kubedb-crd-manager/templates/_helpers.tpl | 7 +++++++ .../templates/cluster-role-binding.yaml | 4 ++++ .../templates/cluster-role.yaml | 4 ++++ charts/kubedb-crd-manager/templates/job.yaml | 21 ++++++++++++++++++- .../templates/serviceaccount.yaml | 5 ++++- .../values.openapiv3_schema.yaml | 17 +++++++++++++++ charts/kubedb-crd-manager/values.yaml | 9 ++++++++ charts/kubedb/templates/_helpers.tpl | 7 +++++++ charts/kubedb/values.openapiv3_schema.yaml | 17 +++++++++++++++ 12 files changed, 99 insertions(+), 5 deletions(-) diff --git a/apis/installer/v1alpha1/kubedb_crd_manager_types.go b/apis/installer/v1alpha1/kubedb_crd_manager_types.go index 86e03b4cd..c6d7c4702 100644 --- a/apis/installer/v1alpha1/kubedb_crd_manager_types.go +++ b/apis/installer/v1alpha1/kubedb_crd_manager_types.go @@ -51,6 +51,7 @@ type KubedbCrdManagerSpec struct { //+optional RegistryFQDN string `json:"registryFQDN"` Image ImageRef `json:"image"` + Cleaner ImageRef `json:"cleaner"` ImagePullPolicy string `json:"imagePullPolicy"` //+optional ImagePullSecrets []string `json:"imagePullSecrets"` @@ -71,9 +72,10 @@ type KubedbCrdManagerSpec struct { Tolerations []core.Toleration `json:"tolerations"` // If specified, the pod's scheduling constraints // +optional - Affinity *core.Affinity `json:"affinity"` - ServiceAccount ServiceAccountSpec `json:"serviceAccount"` - FeatureGates map[string]bool `json:"featureGates"` + Affinity *core.Affinity `json:"affinity"` + ServiceAccount ServiceAccountSpec `json:"serviceAccount"` + FeatureGates map[string]bool `json:"featureGates"` + RemoveUnusedCRDs bool `json:"removeUnusedCRDs"` } // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object diff --git a/apis/installer/v1alpha1/zz_generated.deepcopy.go b/apis/installer/v1alpha1/zz_generated.deepcopy.go index a05fa494f..244979b52 100644 --- a/apis/installer/v1alpha1/zz_generated.deepcopy.go +++ b/apis/installer/v1alpha1/zz_generated.deepcopy.go @@ -648,6 +648,7 @@ func (in *KubedbCrdManagerList) DeepCopyObject() runtime.Object { func (in *KubedbCrdManagerSpec) DeepCopyInto(out *KubedbCrdManagerSpec) { *out = *in out.Image = in.Image + out.Cleaner = in.Cleaner if in.ImagePullSecrets != nil { in, out := &in.ImagePullSecrets, &out.ImagePullSecrets *out = make([]string, len(*in)) diff --git a/charts/kubedb-crd-manager/README.md b/charts/kubedb-crd-manager/README.md index 8705473d1..e901aa71f 100644 --- a/charts/kubedb-crd-manager/README.md +++ b/charts/kubedb-crd-manager/README.md @@ -51,6 +51,9 @@ The following table lists the configurable parameters of the `kubedb-crd-manager | image.registry | Docker registry used to pull app container image | kubedb | | image.repository | App container image | kubedb-crd-manager | | image.tag | Overrides the image tag whose default is the chart appVersion. | "" | +| cleaner.registry | Docker registry used to pull Webhook cleaner image | appscode | +| cleaner.repository | Webhook cleaner container image | kubectl-nonroot | +| cleaner.tag | Webhook cleaner container image tag | v1.25 | | imagePullSecrets | Specify an array of imagePullSecrets. Secrets must be manually created in the namespace.
Example:
`helm template charts/kubedb-ops-manager \`
`--set imagePullSecrets[0].name=sec0 \`
`--set imagePullSecrets[1].name=sec1` | [] | | imagePullPolicy | Container image pull policy | IfNotPresent | | nameOverride | | "" | @@ -84,6 +87,7 @@ The following table lists the configurable parameters of the `kubedb-crd-manager | featureGates.Singlestore | | false | | featureGates.Solr | | false | | featureGates.ZooKeeper | | false | +| removeUnusedCRDs | | false | Specify each parameter using the `--set key=value[,key=value]` argument to `helm upgrade -i`. For example: diff --git a/charts/kubedb-crd-manager/templates/_helpers.tpl b/charts/kubedb-crd-manager/templates/_helpers.tpl index c57241380..9ec706683 100644 --- a/charts/kubedb-crd-manager/templates/_helpers.tpl +++ b/charts/kubedb-crd-manager/templates/_helpers.tpl @@ -87,6 +87,13 @@ Returns the registry used for image docker image {{- list .Values.registryFQDN .Values.image.registry | compact | join "/" }} {{- end }} +{{/* +Returns the registry used for cleaner docker image +*/}} +{{- define "cleaner.registry" -}} +{{- list .Values.registryFQDN .Values.cleaner.registry | compact | join "/" }} +{{- end }} + {{- define "docker.imagePullSecrets" -}} {{- with .Values.imagePullSecrets -}} imagePullSecrets: diff --git a/charts/kubedb-crd-manager/templates/cluster-role-binding.yaml b/charts/kubedb-crd-manager/templates/cluster-role-binding.yaml index f20420ff3..64bd5aba9 100644 --- a/charts/kubedb-crd-manager/templates/cluster-role-binding.yaml +++ b/charts/kubedb-crd-manager/templates/cluster-role-binding.yaml @@ -4,6 +4,10 @@ metadata: name: {{ include "kubedb-crd-manager.fullname" . }} labels: {{- include "kubedb-crd-manager.labels" . | nindent 4 }} + annotations: + "helm.sh/hook-weight": "2" + "helm.sh/hook": pre-install,pre-upgrade,pre-rollback + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded,hook-failed roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole diff --git a/charts/kubedb-crd-manager/templates/cluster-role.yaml b/charts/kubedb-crd-manager/templates/cluster-role.yaml index f838c9a27..15e072226 100644 --- a/charts/kubedb-crd-manager/templates/cluster-role.yaml +++ b/charts/kubedb-crd-manager/templates/cluster-role.yaml @@ -4,6 +4,10 @@ metadata: name: {{ include "kubedb-crd-manager.fullname" . }} labels: {{- include "kubedb-crd-manager.labels" . | nindent 4 }} + annotations: + "helm.sh/hook-weight": "1" + "helm.sh/hook": pre-install,pre-upgrade,pre-rollback + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded,hook-failed rules: - apiGroups: - apiextensions.k8s.io diff --git a/charts/kubedb-crd-manager/templates/job.yaml b/charts/kubedb-crd-manager/templates/job.yaml index 0ab522e77..4b5763197 100644 --- a/charts/kubedb-crd-manager/templates/job.yaml +++ b/charts/kubedb-crd-manager/templates/job.yaml @@ -10,6 +10,10 @@ metadata: namespace: {{ .Release.Namespace }} labels: {{- include "kubedb-crd-manager.labels" . | nindent 4 }} + annotations: + "helm.sh/hook-weight": "3" + "helm.sh/hook": pre-install,pre-upgrade,pre-rollback + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded,hook-failed spec: backoffLimit: 3 ttlSecondsAfterFinished: 300 @@ -24,7 +28,7 @@ spec: securityContext: {{- toYaml .Values.podSecurityContext | nindent 8 }} serviceAccountName: {{ include "kubedb-crd-manager.serviceAccountName" . }} - containers: + initContainers: - name: {{ .Chart.Name }} securityContext: {{- toYaml .Values.securityContext | nindent 12 }} @@ -38,6 +42,21 @@ spec: {{- end }} resources: {{- toYaml .Values.resources | nindent 12 }} + containers: + - name: checker + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + image: "{{ include "cleaner.registry" . }}/{{ .Values.cleaner.repository }}:{{ .Values.cleaner.tag }}" + imagePullPolicy: {{ .Values.imagePullPolicy }} + args: + - sh + - -c + - | + sleep 2; \ + kubectl wait --for=condition=Established crds -l app.kubernetes.io/name=kubedb --timeout=5m; \ + kubectl wait --for=condition=NamesAccepted crds -l app.kubernetes.io/name=kubedb --timeout=5m + resources: + {{- toYaml .Values.resources | nindent 12 }} {{- with .Values.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} diff --git a/charts/kubedb-crd-manager/templates/serviceaccount.yaml b/charts/kubedb-crd-manager/templates/serviceaccount.yaml index 97e57066f..5ff1b3f5c 100644 --- a/charts/kubedb-crd-manager/templates/serviceaccount.yaml +++ b/charts/kubedb-crd-manager/templates/serviceaccount.yaml @@ -5,8 +5,11 @@ metadata: name: {{ include "kubedb-crd-manager.serviceAccountName" . }} labels: {{- include "kubedb-crd-manager.labels" . | nindent 4 }} - {{- with .Values.serviceAccount.annotations }} annotations: + "helm.sh/hook-weight": "0" + "helm.sh/hook": pre-install,pre-upgrade,pre-rollback + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded,hook-failed + {{- with .Values.serviceAccount.annotations }} {{- toYaml . | nindent 4 }} {{- end }} automountServiceAccountToken: {{ .Values.serviceAccount.automount }} diff --git a/charts/kubedb-crd-manager/values.openapiv3_schema.yaml b/charts/kubedb-crd-manager/values.openapiv3_schema.yaml index 9e885e670..99a7fa9e2 100644 --- a/charts/kubedb-crd-manager/values.openapiv3_schema.yaml +++ b/charts/kubedb-crd-manager/values.openapiv3_schema.yaml @@ -884,6 +884,19 @@ properties: type: array type: object type: object + cleaner: + properties: + registry: + type: string + repository: + type: string + tag: + type: string + required: + - registry + - repository + - tag + type: object featureGates: additionalProperties: type: boolean @@ -1072,6 +1085,8 @@ properties: type: object registryFQDN: type: string + removeUnusedCRDs: + type: boolean resources: description: ResourceRequirements describes the compute resource requirements. properties: @@ -1312,8 +1327,10 @@ properties: type: object type: array required: +- cleaner - featureGates - image - imagePullPolicy +- removeUnusedCRDs - serviceAccount type: object diff --git a/charts/kubedb-crd-manager/values.yaml b/charts/kubedb-crd-manager/values.yaml index a50964b73..713177e25 100644 --- a/charts/kubedb-crd-manager/values.yaml +++ b/charts/kubedb-crd-manager/values.yaml @@ -10,6 +10,13 @@ image: repository: kubedb-crd-manager # Overrides the image tag whose default is the chart appVersion. tag: "" +cleaner: + # Docker registry used to pull Webhook cleaner image + registry: appscode + # Webhook cleaner container image + repository: kubectl-nonroot + # Webhook cleaner container image tag + tag: v1.25 # Specify an array of imagePullSecrets. # Secrets must be manually created in the namespace. @@ -88,3 +95,5 @@ featureGates: Singlestore: false Solr: false ZooKeeper: false + +removeUnusedCRDs: false diff --git a/charts/kubedb/templates/_helpers.tpl b/charts/kubedb/templates/_helpers.tpl index 316edc6ac..15913a557 100644 --- a/charts/kubedb/templates/_helpers.tpl +++ b/charts/kubedb/templates/_helpers.tpl @@ -95,6 +95,13 @@ Returns the registry used for webhook server docker image {{- list (default .Values.registryFQDN .Values.global.registryFQDN) (default .Values.server.registry .Values.global.registry) | compact | join "/" }} {{- end }} +{{/* +Returns the registry used for cleaner docker image +*/}} +{{- define "cleaner.registry" -}} +{{- list (default .Values.registryFQDN .Values.global.registryFQDN) (default .Values.cleaner.registry .Values.global.registry) | compact | join "/" }} +{{- end }} + {{/* Returns the appscode image pull secrets */}} diff --git a/charts/kubedb/values.openapiv3_schema.yaml b/charts/kubedb/values.openapiv3_schema.yaml index 02ffb5063..e967baf1c 100644 --- a/charts/kubedb/values.openapiv3_schema.yaml +++ b/charts/kubedb/values.openapiv3_schema.yaml @@ -2584,6 +2584,19 @@ properties: type: array type: object type: object + cleaner: + properties: + registry: + type: string + repository: + type: string + tag: + type: string + required: + - registry + - repository + - tag + type: object enabled: type: boolean featureGates: @@ -2779,6 +2792,8 @@ properties: type: object registryFQDN: type: string + removeUnusedCRDs: + type: boolean resources: description: ResourceRequirements describes the compute resource requirements. properties: @@ -3025,10 +3040,12 @@ properties: type: object type: array required: + - cleaner - enabled - featureGates - image - imagePullPolicy + - removeUnusedCRDs - serviceAccount type: object kubedb-kubestash-catalog: