Merge "[#177] Add Flux Helm Operator manifests"
This commit is contained in:
commit
81fb7de6e1
@ -0,0 +1,417 @@
|
|||||||
|
apiVersion: apiextensions.k8s.io/v1beta1
|
||||||
|
kind: CustomResourceDefinition
|
||||||
|
metadata:
|
||||||
|
name: helmreleases.helm.fluxcd.io
|
||||||
|
spec:
|
||||||
|
additionalPrinterColumns:
|
||||||
|
- JSONPath: .status.releaseName
|
||||||
|
name: Release
|
||||||
|
type: string
|
||||||
|
description: ReleaseName is the name of the Helm release managed by the HelmRelease,
|
||||||
|
as given by Helm.
|
||||||
|
- JSONPath: .status.phase
|
||||||
|
name: Phase
|
||||||
|
type: string
|
||||||
|
description: Phase is the current release phase being performed for the HelmRelease.
|
||||||
|
- JSONPath: .status.releaseStatus
|
||||||
|
name: Status
|
||||||
|
type: string
|
||||||
|
description: ReleaseStatus is the status of the Helm release managed by the HelmRelease,
|
||||||
|
as given by Helm.
|
||||||
|
- JSONPath: .status.conditions[?(@.type=="Released")].message
|
||||||
|
name: Message
|
||||||
|
type: string
|
||||||
|
- JSONPath: .metadata.creationTimestamp
|
||||||
|
description: CreationTimestamp is a timestamp representing the server time when
|
||||||
|
this object was created. It is not guaranteed to be set in happens-before order
|
||||||
|
across separate operations. Clients may not set this value. It is represented
|
||||||
|
in RFC3339 form and is in UTC.
|
||||||
|
name: Age
|
||||||
|
type: date
|
||||||
|
group: helm.fluxcd.io
|
||||||
|
names:
|
||||||
|
kind: HelmRelease
|
||||||
|
listKind: HelmReleaseList
|
||||||
|
plural: helmreleases
|
||||||
|
shortNames:
|
||||||
|
- hr
|
||||||
|
- hrs
|
||||||
|
singular: helmrelease
|
||||||
|
scope: Namespaced
|
||||||
|
subresources:
|
||||||
|
status: {}
|
||||||
|
validation:
|
||||||
|
openAPIV3Schema:
|
||||||
|
description: HelmRelease is a type to represent a Helm release.
|
||||||
|
type: object
|
||||||
|
required:
|
||||||
|
- metadata
|
||||||
|
- spec
|
||||||
|
properties:
|
||||||
|
apiVersion:
|
||||||
|
description: 'APIVersion defines the versioned schema of this representation
|
||||||
|
of an object. Servers should convert recognized schemas to the latest
|
||||||
|
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
|
||||||
|
type: string
|
||||||
|
kind:
|
||||||
|
description: 'Kind is a string value representing the REST resource this
|
||||||
|
object represents. Servers may infer this from the endpoint the client
|
||||||
|
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
||||||
|
type: string
|
||||||
|
metadata:
|
||||||
|
type: object
|
||||||
|
spec:
|
||||||
|
type: object
|
||||||
|
required:
|
||||||
|
- chart
|
||||||
|
properties:
|
||||||
|
chart:
|
||||||
|
type: object
|
||||||
|
properties:
|
||||||
|
chartPullSecret:
|
||||||
|
description: ChartPullSecret holds the reference to the authentication
|
||||||
|
secret for accessing the Helm repository using HTTPS basic auth.
|
||||||
|
NOT IMPLEMENTED!
|
||||||
|
type: object
|
||||||
|
required:
|
||||||
|
- name
|
||||||
|
properties:
|
||||||
|
name:
|
||||||
|
type: string
|
||||||
|
git:
|
||||||
|
description: Git URL is the URL of the Git repository, e.g. `git@github.com:org/repo`,
|
||||||
|
`http://github.com/org/repo`, or `ssh://git@example.com:2222/org/repo.git`.
|
||||||
|
type: string
|
||||||
|
name:
|
||||||
|
description: Name is the name of the Helm chart _without_ an alias,
|
||||||
|
e.g. redis (for `helm upgrade [flags] stable/redis`).
|
||||||
|
type: string
|
||||||
|
path:
|
||||||
|
description: Path is the path to the chart relative to the repository
|
||||||
|
root.
|
||||||
|
type: string
|
||||||
|
ref:
|
||||||
|
description: Ref is the Git branch (or other reference) to use.
|
||||||
|
Defaults to 'master', or the configured default Git ref.
|
||||||
|
type: string
|
||||||
|
repository:
|
||||||
|
description: RepoURL is the URL of the Helm repository, e.g. `https://kubernetes-charts.storage.googleapis.com`
|
||||||
|
or `https://charts.example.com`.
|
||||||
|
type: string
|
||||||
|
secretRef:
|
||||||
|
description: SecretRef holds the authentication secret for accessing
|
||||||
|
the Git repository (over HTTPS). The credentials will be added
|
||||||
|
to an HTTPS GitURL before the mirror is started.
|
||||||
|
type: object
|
||||||
|
required:
|
||||||
|
- name
|
||||||
|
properties:
|
||||||
|
name:
|
||||||
|
type: string
|
||||||
|
namespace:
|
||||||
|
type: string
|
||||||
|
skipDepUpdate:
|
||||||
|
description: SkipDepUpdate will tell the operator to skip running
|
||||||
|
'helm dep update' before installing or upgrading the chart, the
|
||||||
|
chart dependencies _must_ be present for this to succeed.
|
||||||
|
type: boolean
|
||||||
|
version:
|
||||||
|
description: Version is the targeted Helm chart version, e.g. 7.0.1.
|
||||||
|
type: string
|
||||||
|
disableOpenAPIValidation:
|
||||||
|
description: DisableOpenAPIValidation controls whether OpenAPI validation
|
||||||
|
is enforced.
|
||||||
|
type: boolean
|
||||||
|
forceUpgrade:
|
||||||
|
description: Force will mark this Helm release to `--force` upgrades.
|
||||||
|
This forces the resource updates through delete/recreate if needed.
|
||||||
|
type: boolean
|
||||||
|
helmVersion:
|
||||||
|
description: 'HelmVersion is the version of Helm to target. If not supplied,
|
||||||
|
the lowest _enabled Helm version_ will be targeted. Valid HelmVersion
|
||||||
|
values are: "v2", "v3"'
|
||||||
|
type: string
|
||||||
|
enum:
|
||||||
|
- v2
|
||||||
|
- v3
|
||||||
|
maxHistory:
|
||||||
|
description: MaxHistory is the maximum amount of revisions to keep for
|
||||||
|
the Helm release. If not supplied, it defaults to 10.
|
||||||
|
type: integer
|
||||||
|
releaseName:
|
||||||
|
description: ReleaseName is the name of the The Helm release. If not
|
||||||
|
supplied, it will be generated by affixing the namespace to the resource
|
||||||
|
name.
|
||||||
|
type: string
|
||||||
|
resetValues:
|
||||||
|
description: ResetValues will mark this Helm release to reset the values
|
||||||
|
to the defaults of the targeted chart before performing an upgrade.
|
||||||
|
Not explicitly setting this to `false` equals to `true` due to the
|
||||||
|
declarative nature of the operator.
|
||||||
|
type: boolean
|
||||||
|
rollback:
|
||||||
|
description: The rollback settings for this Helm release.
|
||||||
|
type: object
|
||||||
|
properties:
|
||||||
|
disableHooks:
|
||||||
|
description: DisableHooks will mark this Helm release to prevent
|
||||||
|
hooks from running during the rollback.
|
||||||
|
type: boolean
|
||||||
|
enable:
|
||||||
|
description: Enable will mark this Helm release for rollbacks.
|
||||||
|
type: boolean
|
||||||
|
force:
|
||||||
|
description: Force will mark this Helm release to `--force` rollbacks.
|
||||||
|
This forces the resource updates through delete/recreate if needed.
|
||||||
|
type: boolean
|
||||||
|
maxRetries:
|
||||||
|
description: MaxRetries is the maximum amount of upgrade retries
|
||||||
|
the operator should make before bailing.
|
||||||
|
type: integer
|
||||||
|
format: int64
|
||||||
|
recreate:
|
||||||
|
description: Recreate will mark this Helm release to `--recreate-pods`
|
||||||
|
for if applicable. This performs pod restarts.
|
||||||
|
type: boolean
|
||||||
|
retry:
|
||||||
|
description: Retry will mark this Helm release for upgrade retries
|
||||||
|
after a rollback.
|
||||||
|
type: boolean
|
||||||
|
timeout:
|
||||||
|
description: Timeout is the time to wait for any individual Kubernetes
|
||||||
|
operation (like Jobs for hooks) during rollback.
|
||||||
|
type: integer
|
||||||
|
format: int64
|
||||||
|
wait:
|
||||||
|
description: Wait will mark this Helm release to wait until all
|
||||||
|
Pods, PVCs, Services, and minimum number of Pods of a Deployment,
|
||||||
|
StatefulSet, or ReplicaSet are in a ready state before marking
|
||||||
|
the release as successful.
|
||||||
|
type: boolean
|
||||||
|
skipCRDs:
|
||||||
|
description: SkipCRDs will mark this Helm release to skip the creation
|
||||||
|
of CRDs during a Helm 3 installation.
|
||||||
|
type: boolean
|
||||||
|
targetNamespace:
|
||||||
|
description: TargetNamespace overrides the targeted namespace for the
|
||||||
|
Helm release. The default namespace equals to the namespace of the
|
||||||
|
HelmRelease resource.
|
||||||
|
type: string
|
||||||
|
test:
|
||||||
|
description: The test settings for this Helm release.
|
||||||
|
type: object
|
||||||
|
properties:
|
||||||
|
cleanup:
|
||||||
|
description: Cleanup, when targeting Helm 2, determines whether
|
||||||
|
to delete test pods between each test run initiated by the Helm
|
||||||
|
Operator.
|
||||||
|
type: boolean
|
||||||
|
enable:
|
||||||
|
description: Enable will mark this Helm release for tests.
|
||||||
|
type: boolean
|
||||||
|
ignoreFailures:
|
||||||
|
description: IgnoreFailures will cause a Helm release to be rolled
|
||||||
|
back if it fails otherwise it will be left in a released state
|
||||||
|
type: boolean
|
||||||
|
timeout:
|
||||||
|
description: Timeout is the time to wait for any individual Kubernetes
|
||||||
|
operation (like Jobs for hooks) during test.
|
||||||
|
type: integer
|
||||||
|
format: int64
|
||||||
|
timeout:
|
||||||
|
description: Timeout is the time to wait for any individual Kubernetes
|
||||||
|
operation (like Jobs for hooks) during installation and upgrade operations.
|
||||||
|
type: integer
|
||||||
|
format: int64
|
||||||
|
valueFileSecrets:
|
||||||
|
description: ValueFileSecrets holds the local name references to secrets.
|
||||||
|
DEPRECATED, use ValuesFrom.secretKeyRef instead.
|
||||||
|
type: array
|
||||||
|
items:
|
||||||
|
type: object
|
||||||
|
required:
|
||||||
|
- name
|
||||||
|
properties:
|
||||||
|
name:
|
||||||
|
type: string
|
||||||
|
values:
|
||||||
|
description: Values holds the values for this Helm release.
|
||||||
|
type: object
|
||||||
|
valuesFrom:
|
||||||
|
type: array
|
||||||
|
items:
|
||||||
|
type: object
|
||||||
|
properties:
|
||||||
|
chartFileRef:
|
||||||
|
description: The reference to a local chart file with release
|
||||||
|
values.
|
||||||
|
type: object
|
||||||
|
required:
|
||||||
|
- path
|
||||||
|
properties:
|
||||||
|
optional:
|
||||||
|
description: Optional will mark this ChartFileSelector as
|
||||||
|
optional. The result of this are that operations are permitted
|
||||||
|
without the source, due to it e.g. being temporarily unavailable.
|
||||||
|
type: boolean
|
||||||
|
path:
|
||||||
|
description: Path is the file path to the source relative
|
||||||
|
to the chart root.
|
||||||
|
type: string
|
||||||
|
configMapKeyRef:
|
||||||
|
description: The reference to a config map with release values.
|
||||||
|
type: object
|
||||||
|
required:
|
||||||
|
- name
|
||||||
|
properties:
|
||||||
|
key:
|
||||||
|
type: string
|
||||||
|
name:
|
||||||
|
type: string
|
||||||
|
namespace:
|
||||||
|
type: string
|
||||||
|
optional:
|
||||||
|
type: boolean
|
||||||
|
externalSourceRef:
|
||||||
|
description: The reference to an external source with release
|
||||||
|
values.
|
||||||
|
type: object
|
||||||
|
required:
|
||||||
|
- url
|
||||||
|
properties:
|
||||||
|
optional:
|
||||||
|
description: Optional will mark this ExternalSourceSelector
|
||||||
|
as optional. The result of this are that operations are
|
||||||
|
permitted without the source, due to it e.g. being temporarily
|
||||||
|
unavailable.
|
||||||
|
type: boolean
|
||||||
|
url:
|
||||||
|
description: URL is the URL of the external source.
|
||||||
|
type: string
|
||||||
|
secretKeyRef:
|
||||||
|
description: The reference to a secret with release values.
|
||||||
|
type: object
|
||||||
|
required:
|
||||||
|
- name
|
||||||
|
properties:
|
||||||
|
key:
|
||||||
|
type: string
|
||||||
|
name:
|
||||||
|
type: string
|
||||||
|
namespace:
|
||||||
|
type: string
|
||||||
|
optional:
|
||||||
|
type: boolean
|
||||||
|
wait:
|
||||||
|
description: Wait will mark this Helm release to wait until all Pods,
|
||||||
|
PVCs, Services, and minimum number of Pods of a Deployment, StatefulSet,
|
||||||
|
or ReplicaSet are in a ready state before marking the release as successful.
|
||||||
|
type: boolean
|
||||||
|
status:
|
||||||
|
description: HelmReleaseStatus contains status information about an HelmRelease.
|
||||||
|
type: object
|
||||||
|
properties:
|
||||||
|
conditions:
|
||||||
|
description: Conditions contains observations of the resource's state,
|
||||||
|
e.g., has the chart which it refers to been fetched.
|
||||||
|
type: array
|
||||||
|
items:
|
||||||
|
type: object
|
||||||
|
required:
|
||||||
|
- status
|
||||||
|
- type
|
||||||
|
properties:
|
||||||
|
lastTransitionTime:
|
||||||
|
description: LastTransitionTime is the timestamp corresponding
|
||||||
|
to the last status change of this condition.
|
||||||
|
type: string
|
||||||
|
format: date-time
|
||||||
|
lastUpdateTime:
|
||||||
|
description: LastUpdateTime is the timestamp corresponding to
|
||||||
|
the last status update of this condition.
|
||||||
|
type: string
|
||||||
|
format: date-time
|
||||||
|
message:
|
||||||
|
description: Message is a human readable description of the details
|
||||||
|
of the last transition, complementing reason.
|
||||||
|
type: string
|
||||||
|
reason:
|
||||||
|
description: Reason is a brief machine readable explanation for
|
||||||
|
the condition's last transition.
|
||||||
|
type: string
|
||||||
|
status:
|
||||||
|
description: Status of the condition, one of ('True', 'False',
|
||||||
|
'Unknown').
|
||||||
|
type: string
|
||||||
|
enum:
|
||||||
|
- "True"
|
||||||
|
- "False"
|
||||||
|
- Unknown
|
||||||
|
type:
|
||||||
|
description: Type of the condition, one of ('ChartFetched', 'Deployed',
|
||||||
|
'Released', 'RolledBack', 'Tested').
|
||||||
|
type: string
|
||||||
|
enum:
|
||||||
|
- ChartFetched
|
||||||
|
- Deployed
|
||||||
|
- Released
|
||||||
|
- RolledBack
|
||||||
|
- Tested
|
||||||
|
lastAttemptedRevision:
|
||||||
|
description: LastAttemptedRevision is the revision of the latest chart
|
||||||
|
sync, and may be of a failed release.
|
||||||
|
type: string
|
||||||
|
observedGeneration:
|
||||||
|
description: ObservedGeneration is the most recent generation observed
|
||||||
|
by the operator.
|
||||||
|
type: integer
|
||||||
|
format: int64
|
||||||
|
phase:
|
||||||
|
description: Phase the release is in, one of ('ChartFetched', 'ChartFetchFailed',
|
||||||
|
'Installing', 'Upgrading', 'Deployed', 'DeployFailed', 'Testing',
|
||||||
|
'TestFailed', 'Tested', 'Succeeded', 'RollingBack', 'RolledBack',
|
||||||
|
'RollbackFailed')
|
||||||
|
type: string
|
||||||
|
enum:
|
||||||
|
- ChartFetched
|
||||||
|
- ChartFetchFailed
|
||||||
|
- Installing
|
||||||
|
- Upgrading
|
||||||
|
- Deployed
|
||||||
|
- DeployFailed
|
||||||
|
- Testing
|
||||||
|
- TestFailed
|
||||||
|
- Tested
|
||||||
|
- Succeeded
|
||||||
|
- Failed
|
||||||
|
- RollingBack
|
||||||
|
- RolledBack
|
||||||
|
- RollbackFailed
|
||||||
|
releaseName:
|
||||||
|
description: ReleaseName is the name as either supplied or generated.
|
||||||
|
type: string
|
||||||
|
releaseStatus:
|
||||||
|
description: ReleaseStatus is the status as given by Helm for the release
|
||||||
|
managed by this resource.
|
||||||
|
type: string
|
||||||
|
revision:
|
||||||
|
description: Revision holds the Git hash or version of the chart currently
|
||||||
|
deployed.
|
||||||
|
type: string
|
||||||
|
rollbackCount:
|
||||||
|
description: RollbackCount records the amount of rollback attempts made,
|
||||||
|
it is incremented after a rollback failure and reset after a successful
|
||||||
|
upgrade or revision change.
|
||||||
|
type: integer
|
||||||
|
format: int64
|
||||||
|
version: v1
|
||||||
|
versions:
|
||||||
|
- name: v1
|
||||||
|
served: true
|
||||||
|
storage: true
|
||||||
|
status:
|
||||||
|
acceptedNames:
|
||||||
|
kind: ""
|
||||||
|
plural: ""
|
||||||
|
conditions: []
|
||||||
|
storedVersions: []
|
2
manifests/function/helm-operator/crd/kustomization.yaml
Normal file
2
manifests/function/helm-operator/crd/kustomization.yaml
Normal file
@ -0,0 +1,2 @@
|
|||||||
|
resources:
|
||||||
|
- helmreleases.helm.fluxcd.io.yaml
|
56
manifests/function/helm-operator/deployment.yaml
Normal file
56
manifests/function/helm-operator/deployment.yaml
Normal file
@ -0,0 +1,56 @@
|
|||||||
|
apiVersion: apps/v1
|
||||||
|
kind: Deployment
|
||||||
|
metadata:
|
||||||
|
name: helm-operator
|
||||||
|
namespace: flux
|
||||||
|
spec:
|
||||||
|
replicas: 1
|
||||||
|
selector:
|
||||||
|
matchLabels:
|
||||||
|
name: helm-operator
|
||||||
|
strategy:
|
||||||
|
type: Recreate
|
||||||
|
template:
|
||||||
|
metadata:
|
||||||
|
annotations:
|
||||||
|
prometheus.io/scrape: "true"
|
||||||
|
labels:
|
||||||
|
name: helm-operator
|
||||||
|
spec:
|
||||||
|
tolerations:
|
||||||
|
- key: node-role.kubernetes.io/master
|
||||||
|
effect: NoSchedule
|
||||||
|
containers:
|
||||||
|
- args:
|
||||||
|
- --enabled-helm-versions=v3
|
||||||
|
image: docker.io/fluxcd/helm-operator:1.1.0
|
||||||
|
imagePullPolicy: IfNotPresent
|
||||||
|
livenessProbe:
|
||||||
|
httpGet:
|
||||||
|
path: /healthz
|
||||||
|
port: 3030
|
||||||
|
initialDelaySeconds: 1
|
||||||
|
timeoutSeconds: 5
|
||||||
|
name: helm-operator
|
||||||
|
ports:
|
||||||
|
- containerPort: 3030
|
||||||
|
name: http
|
||||||
|
readinessProbe:
|
||||||
|
httpGet:
|
||||||
|
path: /healthz
|
||||||
|
port: 3030
|
||||||
|
initialDelaySeconds: 1
|
||||||
|
timeoutSeconds: 5
|
||||||
|
resources:
|
||||||
|
requests:
|
||||||
|
cpu: 50m
|
||||||
|
memory: 64Mi
|
||||||
|
serviceAccountName: helm-operator
|
||||||
|
# See https://github.com/fluxcd/flux/pull/2116
|
||||||
|
dnsPolicy: None
|
||||||
|
dnsConfig:
|
||||||
|
nameservers:
|
||||||
|
- 10.96.0.10
|
||||||
|
options:
|
||||||
|
- name: ndots
|
||||||
|
value: "1"
|
5
manifests/function/helm-operator/kustomization.yaml
Normal file
5
manifests/function/helm-operator/kustomization.yaml
Normal file
@ -0,0 +1,5 @@
|
|||||||
|
resources:
|
||||||
|
- namespace.yaml
|
||||||
|
- crd
|
||||||
|
- rbac
|
||||||
|
- deployment.yaml
|
4
manifests/function/helm-operator/namespace.yaml
Normal file
4
manifests/function/helm-operator/namespace.yaml
Normal file
@ -0,0 +1,4 @@
|
|||||||
|
apiVersion: v1
|
||||||
|
kind: Namespace
|
||||||
|
metadata:
|
||||||
|
name: flux
|
4
manifests/function/helm-operator/rbac/kustomization.yaml
Normal file
4
manifests/function/helm-operator/rbac/kustomization.yaml
Normal file
@ -0,0 +1,4 @@
|
|||||||
|
resources:
|
||||||
|
- serviceaccount.yaml
|
||||||
|
- role.yaml
|
||||||
|
- rolebinding.yaml
|
17
manifests/function/helm-operator/rbac/role.yaml
Normal file
17
manifests/function/helm-operator/rbac/role.yaml
Normal file
@ -0,0 +1,17 @@
|
|||||||
|
apiVersion: rbac.authorization.k8s.io/v1beta1
|
||||||
|
kind: ClusterRole
|
||||||
|
metadata:
|
||||||
|
labels:
|
||||||
|
name: helm-operator
|
||||||
|
name: helm-operator
|
||||||
|
rules:
|
||||||
|
- apiGroups:
|
||||||
|
- '*'
|
||||||
|
resources:
|
||||||
|
- '*'
|
||||||
|
verbs:
|
||||||
|
- '*'
|
||||||
|
- nonResourceURLs:
|
||||||
|
- '*'
|
||||||
|
verbs:
|
||||||
|
- '*'
|
14
manifests/function/helm-operator/rbac/rolebinding.yaml
Normal file
14
manifests/function/helm-operator/rbac/rolebinding.yaml
Normal file
@ -0,0 +1,14 @@
|
|||||||
|
apiVersion: rbac.authorization.k8s.io/v1beta1
|
||||||
|
kind: ClusterRoleBinding
|
||||||
|
metadata:
|
||||||
|
labels:
|
||||||
|
name: helm-operator
|
||||||
|
name: helm-operator
|
||||||
|
roleRef:
|
||||||
|
apiGroup: rbac.authorization.k8s.io
|
||||||
|
kind: ClusterRole
|
||||||
|
name: helm-operator
|
||||||
|
subjects:
|
||||||
|
- kind: ServiceAccount
|
||||||
|
name: helm-operator
|
||||||
|
namespace: flux
|
@ -0,0 +1,7 @@
|
|||||||
|
apiVersion: v1
|
||||||
|
kind: ServiceAccount
|
||||||
|
metadata:
|
||||||
|
labels:
|
||||||
|
name: helm-operator
|
||||||
|
name: helm-operator
|
||||||
|
namespace: flux
|
@ -1,6 +1,7 @@
|
|||||||
resources:
|
resources:
|
||||||
- ../../shared/clusterctl
|
- ../../shared/clusterctl
|
||||||
- ../../../../function/baremetal-operator
|
- ../../../../function/baremetal-operator
|
||||||
|
- ../../../../function/helm-operator
|
||||||
patchesStrategicMerge:
|
patchesStrategicMerge:
|
||||||
- patch_bmo_config.yaml
|
- patch_bmo_config.yaml
|
||||||
commonLabels:
|
commonLabels:
|
||||||
|
Loading…
Reference in New Issue
Block a user