Refactor Kubernetes Proxy Chart
Refactor of the kubernetes proxy chart to align with OSH standards Change-Id: I2604eae413090ec1d5dac242eafa4d2a96ce4551
This commit is contained in:
parent
2d31f7d595
commit
98561baf80
|
@ -1,4 +1,18 @@
|
|||
# Copyright 2017 AT&T Intellectual Property. All other rights reserved.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
apiVersion: v1
|
||||
description: A chart for the Kubernetes proxy.
|
||||
name: proxy
|
||||
version: 0.1.0
|
||||
version: 0.1.0
|
|
@ -0,0 +1,4 @@
|
|||
dependencies:
|
||||
- name: helm-toolkit
|
||||
repository: http://localhost:8879/charts
|
||||
version: 0.1.0
|
|
@ -0,0 +1,46 @@
|
|||
{{/*
|
||||
Copyright 2017 AT&T Intellectual Property. All other rights reserved.
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/}}
|
||||
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: kubernetes-proxy-etc
|
||||
data:
|
||||
kubeconfig.yaml: |-
|
||||
---
|
||||
apiVersion: v1
|
||||
clusters:
|
||||
- cluster:
|
||||
server: https://{{ .Values.network.kubernetes_netloc }}
|
||||
certificate-authority: pki/cluster-ca.pem
|
||||
name: kubernetes
|
||||
contexts:
|
||||
- context:
|
||||
cluster: kubernetes
|
||||
user: proxy
|
||||
name: proxy@kubernetes
|
||||
current-context: proxy@kubernetes
|
||||
kind: Config
|
||||
preferences: {}
|
||||
users:
|
||||
- name: proxy
|
||||
user:
|
||||
client-certificate: pki/proxy.pem
|
||||
client-key: pki/proxy-key.pem
|
||||
|
||||
cluster-ca.pem: {{ .Values.secrets.tls.ca | quote }}
|
||||
proxy.pem: {{ .Values.secrets.tls.cert | quote }}
|
|
@ -1,30 +0,0 @@
|
|||
---
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: kubernetes-proxy
|
||||
data:
|
||||
kubeconfig.yaml: |-
|
||||
---
|
||||
apiVersion: v1
|
||||
clusters:
|
||||
- cluster:
|
||||
server: https://{{ .Values.network.kubernetes_netloc }}
|
||||
certificate-authority: pki/cluster-ca.pem
|
||||
name: kubernetes
|
||||
contexts:
|
||||
- context:
|
||||
cluster: kubernetes
|
||||
user: proxy
|
||||
name: proxy@kubernetes
|
||||
current-context: proxy@kubernetes
|
||||
kind: Config
|
||||
preferences: {}
|
||||
users:
|
||||
- name: proxy
|
||||
user:
|
||||
client-certificate: pki/proxy.pem
|
||||
client-key: pki/proxy-key.pem
|
||||
|
||||
cluster-ca.pem: {{ .Values.tls.ca | quote }}
|
||||
proxy.pem: {{ .Values.tls.cert | quote }}
|
|
@ -1,25 +1,39 @@
|
|||
{{/*
|
||||
Copyright 2017 AT&T Intellectual Property. All other rights reserved.
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/}}
|
||||
|
||||
{{- if .Values.manifests.daemonset_proxy }}
|
||||
{{- $envAll := . }}
|
||||
|
||||
---
|
||||
apiVersion: "extensions/v1beta1"
|
||||
kind: DaemonSet
|
||||
metadata:
|
||||
name: kubernetes-proxy
|
||||
labels:
|
||||
component: k8s-proxy
|
||||
spec:
|
||||
{{ tuple $envAll "proxy" | include "helm-toolkit.snippets.kubernetes_upgrades_daemonset" | indent 2 }}
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
tier: node
|
||||
component: k8s-proxy
|
||||
{{ tuple $envAll "kubernetes" "proxy" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
|
||||
annotations:
|
||||
scheduler.alpha.kubernetes.io/critical-pod: ''
|
||||
configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
|
||||
spec:
|
||||
hostNetwork: true
|
||||
dnsPolicy: {{ .Values.dns_policy }}
|
||||
{{- if .Values.node_selector.key }}
|
||||
nodeSelector:
|
||||
{{ .Values.node_selector.key }}: {{ .Values.node_selector.value }}
|
||||
{{- end }}
|
||||
dnsPolicy: Default
|
||||
tolerations:
|
||||
- key: node-role.kubernetes.io/master
|
||||
effect: NoSchedule
|
||||
|
@ -27,13 +41,15 @@ spec:
|
|||
operator: Exists
|
||||
containers:
|
||||
- name: proxy
|
||||
image: {{ .Values.images.proxy }}
|
||||
image: {{ .Values.images.tags.proxy }}
|
||||
imagePullPolicy: {{ .Values.images.pull_policy }}
|
||||
command:
|
||||
- {{ .Values.proxy.command }}
|
||||
- --cluster-cidr={{ .Values.network.pod_cidr }}
|
||||
- --hostname-override=$(NODE_NAME)
|
||||
- --kubeconfig=/etc/kubernetes/proxy/kubeconfig.yaml
|
||||
- --proxy-mode=iptables
|
||||
{{- range .Values.command_prefix }}
|
||||
- {{ . }}
|
||||
{{- end }}
|
||||
- --hostname-override=$(NODE_NAME)
|
||||
- --kubeconfig=/etc/kubernetes/proxy/kubeconfig.yaml
|
||||
{{ tuple $envAll $envAll.Values.pod.resources.proxy | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
||||
env:
|
||||
- name: NODE_NAME
|
||||
valueFrom:
|
||||
|
@ -60,28 +76,24 @@ spec:
|
|||
initialDelaySeconds: 15
|
||||
periodSeconds: 15
|
||||
volumeMounts:
|
||||
- name: proxy-cm
|
||||
- name: kubernetes-proxy-etc
|
||||
mountPath: /etc/kubernetes/proxy/kubeconfig.yaml
|
||||
subPath: kubeconfig.yaml
|
||||
- name: proxy-cm
|
||||
- name: kubernetes-proxy-etc
|
||||
mountPath: /etc/kubernetes/proxy/pki/proxy.pem
|
||||
subPath: proxy.pem
|
||||
- name: proxy-cm
|
||||
- name: kubernetes-proxy-etc
|
||||
mountPath: /etc/kubernetes/proxy/pki/cluster-ca.pem
|
||||
subPath: cluster-ca.pem
|
||||
- name: proxy-secret
|
||||
mountPath: /etc/kubernetes/proxy/pki/proxy-key.pem
|
||||
subPath: proxy-key.pem
|
||||
tolerations:
|
||||
- key: CriticalAddonsOnly
|
||||
operator: Exists
|
||||
- key: node-role.kubernetes.io/master
|
||||
operator: Exists
|
||||
effect: NoSchedule
|
||||
volumes:
|
||||
- name: proxy-cm
|
||||
- name: kubernetes-proxy-etc
|
||||
configMap:
|
||||
name: kubernetes-proxy
|
||||
name: kubernetes-proxy-etc
|
||||
defaultMode: 0444
|
||||
- name: proxy-secret
|
||||
secret:
|
||||
secretName: kubernetes-proxy
|
||||
{{- end }}
|
||||
|
|
|
@ -1,3 +1,15 @@
|
|||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
|
@ -5,4 +17,4 @@ metadata:
|
|||
name: kubernetes-proxy
|
||||
type: Opaque
|
||||
data:
|
||||
proxy-key.pem: {{ .Values.tls.key | b64enc }}
|
||||
proxy-key.pem: {{ .Values.secrets.tls.key | b64enc }}
|
||||
|
|
|
@ -1,19 +1,60 @@
|
|||
dns_policy: Default
|
||||
name: kubernetes-proxy
|
||||
# Copyright 2017 AT&T Intellectual Property. All other rights reserved.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
# limitations under the License.
|
||||
|
||||
tls:
|
||||
ca: placeholder
|
||||
cert: placeholder
|
||||
key: placeholder
|
||||
manifests:
|
||||
daemonset_proxy: true
|
||||
configmap_etc: true
|
||||
secret: true
|
||||
|
||||
proxy:
|
||||
command: /proxy
|
||||
pod:
|
||||
lifecycle:
|
||||
upgrades:
|
||||
daemonsets:
|
||||
pod_replacement_strategy: RollingUpdate
|
||||
proxy:
|
||||
enabled: true
|
||||
min_ready_seconds: 0
|
||||
max_unavailable: 1
|
||||
termination_grace_period:
|
||||
proxy:
|
||||
timeout: 30
|
||||
resources:
|
||||
enabled: false
|
||||
proxy:
|
||||
requests:
|
||||
memory: "128Mi"
|
||||
cpu: "100m"
|
||||
limits:
|
||||
memory: "1024Mi"
|
||||
cpu: "2000m"
|
||||
|
||||
images:
|
||||
proxy: gcr.io/google_containers/hyperkube-amd64:v1.8.0
|
||||
tags:
|
||||
proxy: gcr.io/google_containers/hyperkube-amd64:v1.8.0
|
||||
pull_policy: "IfNotPresent"
|
||||
|
||||
secrets:
|
||||
tls:
|
||||
ca: placeholder
|
||||
cert: placeholder
|
||||
key: placeholder
|
||||
|
||||
command_prefix:
|
||||
- /proxy
|
||||
- --proxy-mode=iptables
|
||||
- --cluster-cidr=10.97.0.0/16
|
||||
|
||||
network:
|
||||
kubernetes_netloc: 10.96.0.1
|
||||
pod_cidr: 10.97.0.0/16
|
||||
|
||||
node_selector: {}
|
||||
|
|
|
@ -128,21 +128,21 @@ metadata:
|
|||
name: kubernetes
|
||||
path: $
|
||||
dest:
|
||||
path: '$.values.tls.ca'
|
||||
path: '$.values.secrets.tls.ca'
|
||||
-
|
||||
src:
|
||||
schema: deckhand/Certificate/v1
|
||||
name: proxy
|
||||
path: $
|
||||
dest:
|
||||
path: '$.values.tls.cert'
|
||||
path: '$.values.secrets.tls.cert'
|
||||
-
|
||||
src:
|
||||
schema: deckhand/CertificateKey/v1
|
||||
name: proxy
|
||||
path: $
|
||||
dest:
|
||||
path: '$.values.tls.key'
|
||||
path: '$.values.secrets.tls.key'
|
||||
data:
|
||||
chart_name: proxy
|
||||
release: kubernetes-proxy
|
||||
|
@ -151,20 +151,22 @@ data:
|
|||
upgrade:
|
||||
no_hooks: true
|
||||
values:
|
||||
tls:
|
||||
ca: placeholder
|
||||
cert: placeholder
|
||||
key: placeholder
|
||||
secrets:
|
||||
tls:
|
||||
ca: placeholder
|
||||
cert: placeholder
|
||||
key: placeholder
|
||||
images:
|
||||
proxy: gcr.io/google_containers/hyperkube-amd64:v1.8.0
|
||||
tags:
|
||||
proxy: gcr.io/google_containers/hyperkube-amd64:v1.8.0
|
||||
network:
|
||||
kubernetes_netloc: apiserver.kubernetes.promenade:6443
|
||||
pod_cidr: 10.97.0.0/16
|
||||
source:
|
||||
type: local
|
||||
location: /etc/genesis/armada/assets/charts
|
||||
subpath: proxy
|
||||
dependencies: []
|
||||
dependencies:
|
||||
- helm-toolkit
|
||||
---
|
||||
schema: armada/Chart/v1
|
||||
metadata:
|
||||
|
|
|
@ -143,7 +143,8 @@ data:
|
|||
location: https://git.openstack.org/openstack/openstack-helm
|
||||
subpath: helm-toolkit
|
||||
reference: master
|
||||
dependencies: []
|
||||
dependencies:
|
||||
- helm-toolkit
|
||||
---
|
||||
schema: armada/Chart/v1
|
||||
metadata:
|
||||
|
@ -159,21 +160,21 @@ metadata:
|
|||
name: kubernetes
|
||||
path: $
|
||||
dest:
|
||||
path: '$.values.tls.ca'
|
||||
path: '$.values.secrets.tls.ca'
|
||||
-
|
||||
src:
|
||||
schema: deckhand/Certificate/v1
|
||||
name: proxy
|
||||
path: $
|
||||
dest:
|
||||
path: '$.values.tls.cert'
|
||||
path: '$.values.secrets.tls.cert'
|
||||
-
|
||||
src:
|
||||
schema: deckhand/CertificateKey/v1
|
||||
name: proxy
|
||||
path: $
|
||||
dest:
|
||||
path: '$.values.tls.key'
|
||||
path: '$.values.secrets.tls.key'
|
||||
data:
|
||||
chart_name: proxy
|
||||
release: kubernetes-proxy
|
||||
|
@ -182,15 +183,16 @@ data:
|
|||
upgrade:
|
||||
no_hooks: true
|
||||
values:
|
||||
tls:
|
||||
ca: placeholder
|
||||
cert: placeholder
|
||||
key: placeholder
|
||||
secrets:
|
||||
tls:
|
||||
ca: placeholder
|
||||
cert: placeholder
|
||||
key: placeholder
|
||||
images:
|
||||
proxy: gcr.io/google_containers/hyperkube-amd64:v1.8.0
|
||||
tags:
|
||||
proxy: gcr.io/google_containers/hyperkube-amd64:v1.8.0
|
||||
network:
|
||||
kubernetes_netloc: apiserver.kubernetes.promenade:6443
|
||||
pod_cidr: 10.97.0.0/16
|
||||
source:
|
||||
type: local
|
||||
location: /etc/genesis/armada/assets/charts
|
||||
|
|
|
@ -128,21 +128,21 @@ metadata:
|
|||
name: kubernetes
|
||||
path: $
|
||||
dest:
|
||||
path: '$.values.tls.ca'
|
||||
path: '$.values.secrets.tls.ca'
|
||||
-
|
||||
src:
|
||||
schema: deckhand/Certificate/v1
|
||||
name: proxy
|
||||
path: $
|
||||
dest:
|
||||
path: '$.values.tls.cert'
|
||||
path: '$.values.secrets.tls.cert'
|
||||
-
|
||||
src:
|
||||
schema: deckhand/CertificateKey/v1
|
||||
name: proxy
|
||||
path: $
|
||||
dest:
|
||||
path: '$.values.tls.key'
|
||||
path: '$.values.secrets.tls.key'
|
||||
data:
|
||||
chart_name: proxy
|
||||
release: kubernetes-proxy
|
||||
|
@ -151,20 +151,22 @@ data:
|
|||
upgrade:
|
||||
no_hooks: true
|
||||
values:
|
||||
tls:
|
||||
ca: placeholder
|
||||
cert: placeholder
|
||||
key: placeholder
|
||||
secrets:
|
||||
tls:
|
||||
ca: placeholder
|
||||
cert: placeholder
|
||||
key: placeholder
|
||||
images:
|
||||
proxy: ${IMAGE_HYPERKUBE}
|
||||
tags:
|
||||
proxy: ${IMAGE_HYPERKUBE}
|
||||
network:
|
||||
kubernetes_netloc: apiserver.kubernetes.promenade:6443
|
||||
pod_cidr: 10.97.0.0/16
|
||||
source:
|
||||
type: local
|
||||
location: /etc/genesis/armada/assets/charts
|
||||
subpath: proxy
|
||||
dependencies: []
|
||||
dependencies:
|
||||
- helm-toolkit
|
||||
---
|
||||
schema: armada/Chart/v1
|
||||
metadata:
|
||||
|
|
Loading…
Reference in New Issue