Skip to content

Latest commit

 

History

History
368 lines (309 loc) · 9.4 KB

README.md

File metadata and controls

368 lines (309 loc) · 9.4 KB

BOSH Release for Helm and Kubectl

Purpose

The purpose of this bosh release is to offer a bosh deployment for Helm chart and Kubectl product You can declare in your deployment helm repositories and helm charts, a default storage class and ingress rules. This bosh release should be use as an errand to apply charts. It uses Helm V3.

Usage

see web site: https://orange-cloudfoundry.github.io/helm-kubectl-boshrelease/ These bosh release is composed by 1 jobs

  • action
    • it creates namespace
    • it applies kubectl command
    • it adds helm repository
    • it creates helm chart instance, or any helm command
    • it creates secret
    • it creates basic auth secret
    • it can execute any shell

During undeploy of the bosh release every thing created by action will be deleted.

Upload the last release

To use this bosh release, first upload it to your bosh: Note: change the index the helm-kubectl-[index].yml to the last version of the bosh release

bosh target BOSH_HOST
git clone https://github.com/orange-cloudfoundry/helm-kubectl-boshrelease
cd helm-kubectl-boshrelease
bosh upload release releases/helm-kubectl/helm-kubectl-1.yml

Base deployment

#Deployment Identification
name: cfcr-addon

#Features Block

#Releases Block
releases:
- name: helm-kubectl
  version: latest

#Stemcells Block
stemcells:
- alias: default
  os: ubuntu-xenial
  version: latest

#Update Block
update:
  canaries: 1
  max_in_flight: 2
  canary_watch_time: 15000-30000
  update_watch_time: 15000-300000

#Instance Groups Block
instance_groups:
- name: cfcr-helm-addons
  vm_type: small
  stemcell: default
  networks:
  - name: ((network))
  azs: [z1]
  instances: 1
  jobs:
  - name: action
    release: helm-kubectl
    properties:
      kubernetes:
        host: ((kubernetes.host))
        port: ((kubernetes.port))
        cluster_ca_certificate: ((kubernetes.cluster_ca_certificate))
        password: ((kubernetes-password))
        default_storageclass: ((default_storageclass))
      proxy:
        https: ((https_proxy))
        http: ((http_proxy))
        noproxy: ((no_proxy))
      repository_mirror:
        enabled: true
        url: https://((helm_mirror_url))
      actions:
      - type: helm_repo
        name: stable
        url: https://kubernetes-charts.storage.googleapis.com/
      - type: helm_repo
        name: incubator
        url: https://kubernetes-charts-incubator.storage.googleapis.com/

Action job

Action job provide an array of action. They are apply during bosh errand usage or on each deploy in case of run_on_each_deploy=true How it works internally: Each action will be converted into kubectl or helm command

add namespace

As helm_V3 doesn't create namespace, you can create namespace by using this kind of operator.

basic example:

 - type: replace
   path: /instance_groups/name=cfcr-helm-addons/jobs/name=action/properties/actions/-
   value:
     type: namespace
     name: my-namespace    

example with annotations and labels:

 - type: replace
   path: /instance_groups/name=cfcr-helm-addons/jobs/name=action/properties/actions/-
   value:
     type: namespace
     name: my-namespace
     annotations:
     - name: myannotation
       value: hello
     labels:
     - name: mylabel
       value: hello
         

Caution: During bosh delete-deployment the created namespace will be deleted. So be careful do not create kube-system namespace with this kind of operator.

add helm repository

Some time the chart need to be loaded from a specific helm repository. You can do that with this operator.

- type: replace
  path: /instance_groups/name=cfcr-helm-addons/jobs/name=action/properties/actions/-
  value:
    type: helm_repo
    name: gitlab
    url: https://charts.gitlab.io                          

add helm chart

Helm chart deployment can be customize by properties or by value file

- type: replace
  path: /instance_groups/name=cfcr-helm-addons/jobs/name=action/properties/actions/-
  value:
    type: helm_chart
    name: gitlab
    chart:  gitlab/gitlab
    namespace: gitlab
    version: ((gitlab-version))
    properties:
    - name: gitlab.unicorn.ingress.tls.secretName
      value: release-gitlab-tls
    - name: unicorn.ingress.enabled
      value: false

    values_file_content:
      global:
        ## GitLab operator is Alpha. Not for production use.
        operator:
          enabled: false
        ## doc/installation/deployment.md#deploy-the-community-edition
        edition: ce

        ## doc/charts/globals.md#gitlab-version
        # gitlabVersion: master

        ## doc/charts/globals.md#application-resource
        application:
          create: false
        ...
                          

By default the helm type will perform

Caution: During bosh delete-deployment the created instance of chart will be deleted.

Helm sample using custom command:

- type: replace
  path: /instance_groups/name=cfcr-helm-addons/jobs/name=action/properties/actions/-
  value:
    type: helm_chart
    name: gitlab
    chart:  gitlab/gitlab
    namespace: gitlab
    version: ((gitlab-version))
    cmd: test # override default helm command (ie: 'upgrade') 
    options: # override default options (ie: '--install --atomic --cleanup-on-fail') and reset it

add kubectl cmd

example of use with an apply deployment

- type: replace
  path: /instance_groups/name=cfcr-helm-addons/jobs/name=action/properties/actions/-
  value:
    type: kubectl
    name: "deploy-k8sdash"
    cmd: "apply"
    options: ""
    content:
      kind: Deployment
      apiVersion: apps/v1
      metadata:
        name: k8dash
        namespace: kube-system
      spec:
        replicas: 1
        selector:
          matchLabels:
            k8s-app: k8dash
        template:
          metadata:
            labels:
              k8s-app: k8dash
          spec:
            containers:
            - name: k8dash
              image: herbrandson/k8dash:latest
              ports:
              - containerPort: 4654
              livenessProbe:
                httpGet:
                  scheme: HTTP
                  path: /
                  port: 4654
                initialDelaySeconds: 30
                timeoutSeconds: 30
            nodeSelector:
              'beta.kubernetes.io/os': linux

example of use with direct apply on content from internet :

- type: replace
  path: /instance_groups/name=cfcr-helm-addons/jobs/name=action/properties/actions/-
  value:
    type: kubectl
    name: "crd-for-cert-manager"
    cmd: "apply"
    options: "-f https://github.com/jetstack/cert-manager/releases/download/v((cert-manager-version))/cert-manager-no-webhook.yaml"

example of use to produce a config map with very large content:

- type: replace
  path: /instance_groups/name=cfcr-helm-addons/jobs/name=kubectl/properties/commands/-
  value:
    name: "cm-grafana-k8s-master-node-exporter-dashboard"
    cmd: "replace"
    options: " --force --save-config=false "
    apply:
      apiVersion: v1
      kind: ConfigMap
      metadata:
        name: dash-k8s-all-node-exporter
        namespace: monitoring
        labels:
          grafana_dashboard: '1'
      data:
        grafana_k8d_all_node_exporter_dashboard.json: |
          {
            "annotations": {
              "list": [
                {
                  "builtIn": 1,
                  ....

add secret

This action will encode in base64 the content of value and create a K8S secret in the namespace. By default the type of the secret is generic but it can be override by secret_type

example of use:

- type: replace
  path: /instance_groups/name=cfcr-helm-addons/jobs/name=action/properties/actions/-
  value:
    type: secret
    name: cloud-credentials
    namespace: velero
    data:
    - name: cloud
      value: |
        [default]
        aws_access_key_id = backup_remote_s3_access_key_id
        aws_secret_access_key = ((backup_remote_s3_secret_access_key))

add secret for basic auth

This action will encode in base64 the content of value and create a K8S secret in the namespace.

example of use:

- type: replace
  path: /instance_groups/name=cfcr-helm-addons/jobs/name=action/properties/actions/-
  value:
    type: basic_auth_secret
    name: mybasicauth
    namespace: traefik
    user: admin
    password: ((mypassword))

add exec action

This action let user to use kubelet or helm or kustomise in shell to perform any shell script.

example:

- type: replace
  path: /instance_groups/name=k8s-helm-addons/jobs/name=action/properties/actions/-
  value:
    type: exec
    cmd: |
      cat << EOF > /tmp/coredns.yml
      ((coredns_clusterrole))
      ---
      ((coredns_clusterrolebinding))
      ---
      ((coredns_configmap))
      ---
      ((coredns_deployment))
      ---
      ((coredns_service))
      EOF
      kubectl apply -f  /tmp/coredns.yml

Development

As a developer of this release, create new releases and upload them:

bosh create release --force && bosh -n upload release

Final releases

To share final releases:

bosh create release --final

By default the version number will be bumped to the next major number. You can specify alternate versions:

bosh create release --final --version 2.1

After the first release you need to contact Dmitriy Kalinin to request your project is added to https://bosh.io/releases (as mentioned in README above).