From 850906d6e4ee3397c015c5cf4c1d18ac84d0ca44 Mon Sep 17 00:00:00 2001 From: mzeevi Date: Sun, 18 Aug 2024 16:57:47 +0000 Subject: [PATCH] ci: add helm chart to repo with release workflow Signed-off-by: mzeevi --- .github/workflows/post-release.yaml | 37 ---- .github/workflows/release.yaml | 95 ++++++++++ Makefile | 43 +++-- README.md | 6 + charts/rcs-ocm-addons/.helmignore | 23 +++ charts/rcs-ocm-addons/Chart.yaml | 24 +++ charts/rcs-ocm-addons/README.md | 44 +++++ charts/rcs-ocm-addons/templates/_helpers.tpl | 62 +++++++ .../score-addon/addon-clusterrole.yaml | 166 ++++++++++++++++++ .../score-addon/addon-clusterrolebinding.yaml | 14 ++ .../score-addon/addon-deploymentconfig.yaml | 11 ++ .../score-addon/cluster-management-addon.yaml | 15 ++ .../templates/score-addon/deployment.yaml | 52 ++++++ .../templates/score-addon/serviceaccount.yaml | 6 + .../status-addon/addon-clusterrole.yaml | 149 ++++++++++++++++ .../addon-clusterrolebinding.yaml | 14 ++ .../cluster-management-addon.yaml | 15 ++ .../templates/status-addon/deployment.yaml | 52 ++++++ .../status-addon/serviceaccount.yaml | 6 + charts/rcs-ocm-addons/values.yaml | 101 +++++++++++ 20 files changed, 888 insertions(+), 47 deletions(-) delete mode 100644 .github/workflows/post-release.yaml create mode 100644 .github/workflows/release.yaml create mode 100644 charts/rcs-ocm-addons/.helmignore create mode 100644 charts/rcs-ocm-addons/Chart.yaml create mode 100644 charts/rcs-ocm-addons/README.md create mode 100644 charts/rcs-ocm-addons/templates/_helpers.tpl create mode 100644 charts/rcs-ocm-addons/templates/score-addon/addon-clusterrole.yaml create mode 100644 charts/rcs-ocm-addons/templates/score-addon/addon-clusterrolebinding.yaml create mode 100644 charts/rcs-ocm-addons/templates/score-addon/addon-deploymentconfig.yaml create mode 100644 charts/rcs-ocm-addons/templates/score-addon/cluster-management-addon.yaml create mode 100644 charts/rcs-ocm-addons/templates/score-addon/deployment.yaml create mode 100644 charts/rcs-ocm-addons/templates/score-addon/serviceaccount.yaml create mode 100644 charts/rcs-ocm-addons/templates/status-addon/addon-clusterrole.yaml create mode 100644 charts/rcs-ocm-addons/templates/status-addon/addon-clusterrolebinding.yaml create mode 100644 charts/rcs-ocm-addons/templates/status-addon/cluster-management-addon.yaml create mode 100644 charts/rcs-ocm-addons/templates/status-addon/deployment.yaml create mode 100644 charts/rcs-ocm-addons/templates/status-addon/serviceaccount.yaml create mode 100644 charts/rcs-ocm-addons/values.yaml diff --git a/.github/workflows/post-release.yaml b/.github/workflows/post-release.yaml deleted file mode 100644 index a47c97d..0000000 --- a/.github/workflows/post-release.yaml +++ /dev/null @@ -1,37 +0,0 @@ -name: post-release -on: - release: - types: [published] -env: - REGISTRY: ghcr.io - REPOSITORY_NAME: ${{ github.repository }} - DANA_ORG: dana-team - -jobs: - build-and-push-image: - name: Build and push image - runs-on: ubuntu-latest - permissions: - contents: write - packages: write - steps: - - name: Checkout - uses: actions/checkout@v4 - - - name: Log in to the Container registry - uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 - with: - registry: ${{ env.REGISTRY }} - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - - - name: Build and push image - run: make docker-build docker-push IMG=${{ env.REGISTRY }}/${{ env.REPOSITORY_NAME }}:${GITHUB_REF##*/} - - - name: Create install.yaml file - run: make build/install.yaml IMG=${{ env.REGISTRY }}/${{ env.REPOSITORY_NAME }}:${GITHUB_REF##*/} - - - name: Upload install.yaml file - uses: softprops/action-gh-release@v2 - with: - files: ./build/install.yaml \ No newline at end of file diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml new file mode 100644 index 0000000..61c08db --- /dev/null +++ b/.github/workflows/release.yaml @@ -0,0 +1,95 @@ +name: release +on: + release: + types: [published] +env: + REGISTRY: ghcr.io + REPOSITORY_NAME: ${{ github.repository }} + DANA_ORG: dana-team + +jobs: + build-and-push-image: + name: Build and push image + runs-on: ubuntu-latest + permissions: + contents: write + packages: write + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Log in to the Container registry + uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 + with: + registry: ${{ env.REGISTRY }} + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Build and push image + run: make docker-build docker-push IMG=${{ env.REGISTRY }}/${{ env.REPOSITORY_NAME }}:${GITHUB_REF##*/} + + - name: Create install.yaml file + run: make build-installer IMG=${{ env.REGISTRY }}/${{ env.REPOSITORY_NAME }}:${GITHUB_REF##*/} + + - name: Upload install.yaml file + uses: softprops/action-gh-release@v2 + with: + files: dist/install.yaml + + build-and-push-helm-chart: + runs-on: ubuntu-latest + permissions: + contents: read + packages: write + id-token: write + + steps: + - name: Checkout repository + uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 + + - name: Set up Helm + uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 + with: + version: v3.12.0 + + - name: Set chart name + id: chart-name + run: echo "value=${{ github.event.repository.name }}" >> "$GITHUB_OUTPUT" + + - name: Set OCI registry name + id: oci-registry-name + run: echo "value=ghcr.io/${{ github.repository_owner }}/helm-charts" >> "$GITHUB_OUTPUT" + + - name: Set OCI chart name + id: oci-chart-name + run: echo "value=${{ steps.oci-registry-name.outputs.value }}/${{ steps.chart-name.outputs.value }}" >> "$GITHUB_OUTPUT" + + - name: Helm lint + run: helm lint charts/${{ steps.chart-name.outputs.value }} + + - name: Trim prefix from version + id: version + run: echo "value=$(echo ${{ github.ref_name }} | sed 's/release-//')" >> "$GITHUB_OUTPUT" + + - name: Helm package + id: build + run: | + helm package charts/${{ steps.chart-name.outputs.value }} --version ${{ steps.version.outputs.value }} --app-version ${{ steps.version.outputs.value }} + echo "package=${{ steps.chart-name.outputs.value }}-${{ steps.version.outputs.value }}.tgz" >> "$GITHUB_OUTPUT" + - name: Upload chart as artifact + uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 + with: + name: "[${{ github.job }}] Helm chart" + path: ${{ steps.build.outputs.package }} + + - name: Log in to the Container registry + uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 + with: + registry: ${{ env.REGISTRY }} + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Helm push + run: helm push ${{ steps.build.outputs.package }} oci://${{ steps.oci-registry-name.outputs.value }} + env: + HELM_REGISTRY_CONFIG: ~/.docker/config.json \ No newline at end of file diff --git a/Makefile b/Makefile index fdc0dc8..5752644 100644 --- a/Makefile +++ b/Makefile @@ -145,16 +145,9 @@ deploy-addons: deploy-score-addon deploy-status-addon .PHONY: undeploy-addons undeploy-addons: undeploy-score-addon undeploy-status-addon -.PHONY: build/install.yaml -build/install.yaml: kustomize - mkdir -p $(dir $@) && \ - rm -rf build/kustomize && \ - mkdir -p build/kustomize && \ - cd build/kustomize && \ - $(KUSTOMIZE) create --resources ../../score/deploy/resources/default,../../status/deploy/resources/default && \ - $(KUSTOMIZE) edit set image controller=${IMG} && \ - cd ${CURDIR} && \ - $(KUSTOMIZE) build build/kustomize > $@ +.PHONY: doc-chart +doc-chart: helm-docs helm helm-plugins + $(HELM_DOCS) charts/ ##@ Dependencies @@ -169,12 +162,16 @@ KUSTOMIZE ?= $(LOCALBIN)/kustomize-$(KUSTOMIZE_VERSION) CONTROLLER_GEN ?= $(LOCALBIN)/controller-gen-$(CONTROLLER_TOOLS_VERSION) ENVTEST ?= $(LOCALBIN)/setup-envtest-$(ENVTEST_VERSION) GOLANGCI_LINT = $(LOCALBIN)/golangci-lint-$(GOLANGCI_LINT_VERSION) +HELM_DOCS ?= $(LOCALBIN)/helm-docs-$(HELM_DOCS_VERSION) + +HELM_URL ?= https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 ## Tool Versions KUSTOMIZE_VERSION ?= v5.3.0 CONTROLLER_TOOLS_VERSION ?= v0.14.0 ENVTEST_VERSION ?= release-0.17 GOLANGCI_LINT_VERSION ?= v1.54.2 +HELM_DOCS_VERSION ?= v1.14.2 .PHONY: kustomize kustomize: $(KUSTOMIZE) ## Download kustomize locally if necessary. @@ -196,6 +193,32 @@ golangci-lint: $(GOLANGCI_LINT) ## Download golangci-lint locally if necessary. $(GOLANGCI_LINT): $(LOCALBIN) $(call go-install-tool,$(GOLANGCI_LINT),github.com/golangci/golangci-lint/cmd/golangci-lint,${GOLANGCI_LINT_VERSION}) +.PHONY: helm +helm: ## Install helm on the local machine + wget -O $(LOCALBIN)/get-helm.sh $(HELM_URL) + chmod 700 $(LOCALBIN)/get-helm.sh + $(LOCALBIN)/get-helm.sh + +.PHONY: helm-plugins +helm-plugins: ## Install helm plugins on the local machine + @if ! helm plugin list | grep -q 'diff'; then \ + helm plugin install https://github.com/databus23/helm-diff; \ + fi + @if ! helm plugin list | grep -q 'git'; then \ + helm plugin install https://github.com/aslafy-z/helm-git; \ + fi + @if ! helm plugin list | grep -q 's3'; then \ + helm plugin install https://github.com/hypnoglow/helm-s3; \ + fi + @if ! helm plugin list | grep -q 'secrets'; then \ + helm plugin install https://github.com/jkroepke/helm-secrets; \ + fi + +.PHONY: helm-docs +helm-docs: $(HELM_DOCS) +$(HELM_DOCS): $(LOCALBIN) + $(call go-install-tool,$(HELM_DOCS),github.com/norwoodj/helm-docs/cmd/helm-docs,$(HELM_DOCS_VERSION)) + # go-install-tool will 'go install' any package with custom target and name of binary, if it doesn't exist # $1 - target path with name of binary (ideally with version) # $2 - package url which can be installed diff --git a/README.md b/README.md index f6317c8..3d8ccad 100644 --- a/README.md +++ b/README.md @@ -16,6 +16,12 @@ Based on the [resource-usage-collect-addon](https://github.com/open-cluster-mana Check the guide on the `rcs-ocm-deployer` [repo](https://github.com/mzeevi/rcs-ocm-deployer/tree/main?tab=readme-ov-file#deploy-the-add-ons) for information about deploying the `AddOns` on an `OCM` cluster. +Deploy using the Helm chart located at `charts/rcs-ocm-addons`: + +```bash +$ helm upgrade --install rcs-ocm-addons --namespace open-cluster-management --create-namespace oci://ghcr.io/dana-team/helm-charts/rcs-ocm-addons --version +``` + ### Build your own image ```bash diff --git a/charts/rcs-ocm-addons/.helmignore b/charts/rcs-ocm-addons/.helmignore new file mode 100644 index 0000000..0e8a0eb --- /dev/null +++ b/charts/rcs-ocm-addons/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/charts/rcs-ocm-addons/Chart.yaml b/charts/rcs-ocm-addons/Chart.yaml new file mode 100644 index 0000000..82a7e80 --- /dev/null +++ b/charts/rcs-ocm-addons/Chart.yaml @@ -0,0 +1,24 @@ +apiVersion: v2 +name: rcs-ocm-addons +description: A Helm chart for the rcs-score-addon + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.0.0 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "latest" \ No newline at end of file diff --git a/charts/rcs-ocm-addons/README.md b/charts/rcs-ocm-addons/README.md new file mode 100644 index 0000000..d12e857 --- /dev/null +++ b/charts/rcs-ocm-addons/README.md @@ -0,0 +1,44 @@ +# rcs-ocm-addons + +![Version: 0.0.0](https://img.shields.io/badge/Version-0.0.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: latest](https://img.shields.io/badge/AppVersion-latest-informational?style=flat-square) + +A Helm chart for the rcs-score-addon + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| affinity | object | `{}` | Node affinity rules for scheduling pods. Allows you to specify advanced node selection constraints. | +| deploymentConfig | object | `{"agentInstallNamespace":"open-cluster-management-agent-addon","customizedVariables":[{"name":"MAX_CPU_COUNT","value":"1"},{"name":"MIN_CPU_COUNT","value":"0"},{"name":"MAX_MEMORY_BYTES","value":"104857"},{"name":"MIN_MEMORY_BYTES","value":"0"}],"name":"rcs-score-deploy-config","namespace":"open-cluster-management-hub"}` | Configurations for the AddonDeploymentConfig object | +| deploymentConfig.agentInstallNamespace | string | `"open-cluster-management-agent-addon"` | Namespace where the agent addon is installed | +| deploymentConfig.customizedVariables | list | `[{"name":"MAX_CPU_COUNT","value":"1"},{"name":"MIN_CPU_COUNT","value":"0"},{"name":"MAX_MEMORY_BYTES","value":"104857"},{"name":"MIN_MEMORY_BYTES","value":"0"}]` | Customzied variables for the addon | +| deploymentConfig.name | string | `"rcs-score-deploy-config"` | Name of the AddonDeploymentConfig | +| deploymentConfig.namespace | string | `"open-cluster-management-hub"` | Namespace of the AddonDeploymentConfig | +| fullnameOverride | string | `""` | | +| image.pullPolicy | string | `"IfNotPresent"` | The pull policy for the image. | +| image.repository | string | `"ghcr.io/dana-team/rcs-ocm-addons"` | The repository of the manager container image. | +| image.tag | string | `""` | The tag of the manager container image. | +| installStrategy.score.placements[0].configs[0].group | string | `"addon.open-cluster-management.io"` | | +| installStrategy.score.placements[0].configs[0].name | string | `"rcs-score-deploy-config"` | | +| installStrategy.score.placements[0].configs[0].namespace | string | `"open-cluster-management-hu"` | | +| installStrategy.score.placements[0].configs[0].resource | string | `"addondeploymentconfigs"` | | +| installStrategy.score.placements[0].name | string | `"all-clusters"` | | +| installStrategy.score.placements[0].namespace | string | `"test"` | | +| installStrategy.score.placements[0].rolloutStrategy.type | string | `"All"` | | +| installStrategy.score.type | string | `"Placements"` | | +| installStrategy.status.placements[0].name | string | `"all-clusters"` | | +| installStrategy.status.placements[0].namespace | string | `"test"` | | +| installStrategy.status.placements[0].rolloutStrategy.type | string | `"All"` | | +| installStrategy.status.type | string | `"Placements"` | | +| manager | object | `{"resources":{"limits":{"cpu":"500m","memory":"128Mi"},"requests":{"cpu":"10m","memory":"64Mi"}},"score":{"args":["manager"],"command":["/score-addon"]},"securityContext":{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]}},"status":{"args":["manager"],"command":["/status-addon"]}}` | Configuration for the manager container. | +| manager.resources | object | `{"limits":{"cpu":"500m","memory":"128Mi"},"requests":{"cpu":"10m","memory":"64Mi"}}` | Resource requests and limits for the manager container. | +| manager.score.args | list | `["manager"]` | Command-line arguments passed to the score-addon manager container. | +| manager.score.command | list | `["/score-addon"]` | Command-line commands passed to the score-addon manager container. | +| manager.securityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]}}` | Security settings for the manager container. | +| manager.status.args | list | `["manager"]` | Command-line arguments passed to the status-adon manager container. | +| manager.status.command | list | `["/status-addon"]` | Command-line commands passed to the status-addon manager container. | +| nameOverride | string | `""` | | +| nodeSelector | object | `{}` | Node selector for scheduling pods. Allows you to specify node labels for pod assignment. | +| replicaCount | int | `1` | The number of replicas for the deployment. | +| tolerations | list | `[]` | Node tolerations for scheduling pods. Allows the pods to be scheduled on nodes with matching taints. | + diff --git a/charts/rcs-ocm-addons/templates/_helpers.tpl b/charts/rcs-ocm-addons/templates/_helpers.tpl new file mode 100644 index 0000000..27b8ea5 --- /dev/null +++ b/charts/rcs-ocm-addons/templates/_helpers.tpl @@ -0,0 +1,62 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "rcs-ocm-addons.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "rcs-ocm-addons.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "rcs-ocm-addons.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "rcs-ocm-addons.labels" -}} +helm.sh/chart: {{ include "rcs-ocm-addons.chart" . }} +{{ include "rcs-ocm-addons.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "rcs-ocm-addons.selectorLabels" -}} +app.kubernetes.io/name: {{ include "rcs-ocm-addons.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "rcs-ocm-addons.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "rcs-ocm-addons.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} diff --git a/charts/rcs-ocm-addons/templates/score-addon/addon-clusterrole.yaml b/charts/rcs-ocm-addons/templates/score-addon/addon-clusterrole.yaml new file mode 100644 index 0000000..980a12c --- /dev/null +++ b/charts/rcs-ocm-addons/templates/score-addon/addon-clusterrole.yaml @@ -0,0 +1,166 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "rcs-ocm-addons.fullname" . }}-addon + labels: + {{- include "rcs-ocm-addons.labels" . | nindent 4 }} +rules: +- apiGroups: + - "" + resources: + - nodes + - configmaps + - pods + - events + verbs: + - get + - list + - watch + - create + - update + - delete + - deletecollection + - patch +- apiGroups: + - rbac.authorization.k8s.io + resources: + - roles + - rolebindings + verbs: + - get + - list + - watch + - create + - update + - delete +- apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - get + - create +- apiGroups: + - certificates.k8s.io + resources: + - certificatesigningrequests + - certificatesigningrequests/approval + verbs: + - get + - list + - watch + - create + - update +- apiGroups: + - certificates.k8s.io + resources: + - signers + verbs: + - approve +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - get + - list + - update + - watch + - patch +- apiGroups: + - cluster.open-cluster-management.io + resources: + - managedclusters + verbs: + - get + - list + - watch +- apiGroups: + - work.open-cluster-management.io + resources: + - manifestworks + verbs: + - create + - update + - get + - list + - watch + - delete + - deletecollection + - patch +- apiGroups: + - addon.open-cluster-management.io + resources: + - clustermanagementaddons + verbs: + - get + - list + - watch + - patch +- apiGroups: + - addon.open-cluster-management.io + resources: + - clustermanagementaddons/status + verbs: + - get + - list + - watch + - patch +- apiGroups: + - addon.open-cluster-management.io + resources: + - managedclusteraddons + verbs: + - get + - list + - watch + - create + - update +- apiGroups: + - addon.open-cluster-management.io + resources: + - managedclusteraddons/finalizers + verbs: + - update +- apiGroups: + - addon.open-cluster-management.io + resources: + - managedclusteraddons/status + verbs: + - update + - patch +- apiGroups: + - cluster.open-cluster-management.io + resources: + - addonplacementscores + verbs: + - get + - list + - watch + - create + - update + - delete + - deletecollection + - patch +- apiGroups: + - cluster.open-cluster-management.io + resources: + - addonplacementscores/status + verbs: + - get + - list + - watch + - create + - update + - delete + - deletecollection + - patch +- apiGroups: + - addon.open-cluster-management.io + resources: + - addondeploymentconfigs + verbs: + - get + - list + - watch \ No newline at end of file diff --git a/charts/rcs-ocm-addons/templates/score-addon/addon-clusterrolebinding.yaml b/charts/rcs-ocm-addons/templates/score-addon/addon-clusterrolebinding.yaml new file mode 100644 index 0000000..144bcb3 --- /dev/null +++ b/charts/rcs-ocm-addons/templates/score-addon/addon-clusterrolebinding.yaml @@ -0,0 +1,14 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ include "rcs-ocm-addons.fullname" . }}-addon + labels: + {{- include "rcs-ocm-addons.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ include "rcs-ocm-addons.fullname" . }}-addon +subjects: +- kind: ServiceAccount + name: {{ include "rcs-ocm-addons.fullname" . }}-addon-sa + namespace: {{ .Release.Namespace }} \ No newline at end of file diff --git a/charts/rcs-ocm-addons/templates/score-addon/addon-deploymentconfig.yaml b/charts/rcs-ocm-addons/templates/score-addon/addon-deploymentconfig.yaml new file mode 100644 index 0000000..f810bd4 --- /dev/null +++ b/charts/rcs-ocm-addons/templates/score-addon/addon-deploymentconfig.yaml @@ -0,0 +1,11 @@ +apiVersion: addon.open-cluster-management.io/v1alpha1 +kind: AddOnDeploymentConfig +metadata: + name: {{ .Values.deploymentConfig.name }} + namespace: {{ .Values.deploymentConfig.namespace }} + labels: + {{- include "rcs-ocm-addons.labels" . | nindent 4 }} +spec: + agentInstallNamespace: {{ .Values.deploymentConfig.agentInstallNamespace }} + customizedVariables: + {{- toYaml .Values.deploymentConfig.customizedVariables | nindent 4 }} \ No newline at end of file diff --git a/charts/rcs-ocm-addons/templates/score-addon/cluster-management-addon.yaml b/charts/rcs-ocm-addons/templates/score-addon/cluster-management-addon.yaml new file mode 100644 index 0000000..d94c4a8 --- /dev/null +++ b/charts/rcs-ocm-addons/templates/score-addon/cluster-management-addon.yaml @@ -0,0 +1,15 @@ +apiVersion: addon.open-cluster-management.io/v1alpha1 +kind: ClusterManagementAddOn +metadata: + name: {{ include "rcs-ocm-addons.fullname" . }}-rcs-score + labels: + {{- include "rcs-ocm-addons.labels" . | nindent 4 }} + annotations: + addon.open-cluster-management.io/lifecycle: addon-manager +spec: + addOnMeta: + description: rcs-score-addon is an example addon that generate addonplacementscore + for each managed cluster + displayName: Resource Usage Collect Addon + installStrategy: + {{- toYaml .Values.installStrategy.score | nindent 4 }} \ No newline at end of file diff --git a/charts/rcs-ocm-addons/templates/score-addon/deployment.yaml b/charts/rcs-ocm-addons/templates/score-addon/deployment.yaml new file mode 100644 index 0000000..4472ed0 --- /dev/null +++ b/charts/rcs-ocm-addons/templates/score-addon/deployment.yaml @@ -0,0 +1,52 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "rcs-ocm-addons.fullname" . }}-score-addon-manager + labels: + app: rcs-score-addon-manager + {{- include "rcs-ocm-addons.labels" . | nindent 4 }} +spec: + replicas: {{ .Values.replicaCount }} + selector: + matchLabels: + app: rcs-score-addon-manager + {{- include "rcs-ocm-addons.selectorLabels" . | nindent 6 }} + template: + metadata: + labels: + app: rcs-score-addon-manager + {{- include "rcs-ocm-addons.selectorLabels" . | nindent 8 }} + spec: + securityContext: + {{- toYaml .Values.securityContext | nindent 8 }} + nodeSelector: + {{- toYaml .Values.nodeSelector | nindent 8 }} + tolerations: + {{- toYaml .Values.tolerations | nindent 8 }} + affinity: + {{- toYaml .Values.affinity | nindent 8 }} + containers: + - name: rcs-score-addon-manager + image: {{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + command: + {{- range .Values.manager.score.command }} + - {{ . | quote }} + {{- end }} + args: + {{- range .Values.manager.score.args }} + - {{ . | quote }} + {{- end }} + securityContext: + {{- toYaml .Values.manager.securityContext | nindent 12 }} + resources: + limits: + cpu: {{ .Values.manager.resources.limits.cpu }} + memory: {{ .Values.manager.resources.limits.memory }} + requests: + cpu: {{ .Values.manager.resources.requests.cpu }} + memory: {{ .Values.manager.resources.requests.memory }} + env: + - name: ADDON_IMAGE + value: {{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }} + serviceAccountName: {{ include "rcs-ocm-addons.fullname" . }}-addon-sa \ No newline at end of file diff --git a/charts/rcs-ocm-addons/templates/score-addon/serviceaccount.yaml b/charts/rcs-ocm-addons/templates/score-addon/serviceaccount.yaml new file mode 100644 index 0000000..aa63753 --- /dev/null +++ b/charts/rcs-ocm-addons/templates/score-addon/serviceaccount.yaml @@ -0,0 +1,6 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "rcs-ocm-addons.fullname" . }}-addon-sa + labels: + {{- include "rcs-ocm-addons.labels" . | nindent 4 }} \ No newline at end of file diff --git a/charts/rcs-ocm-addons/templates/status-addon/addon-clusterrole.yaml b/charts/rcs-ocm-addons/templates/status-addon/addon-clusterrole.yaml new file mode 100644 index 0000000..afd7e29 --- /dev/null +++ b/charts/rcs-ocm-addons/templates/status-addon/addon-clusterrole.yaml @@ -0,0 +1,149 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "rcs-ocm-addons.fullname" . }}-capp-status-addon + labels: + {{- include "rcs-ocm-addons.labels" . | nindent 4 }} +rules: + - apiGroups: + - "" + resources: + - configmaps + - events + verbs: + - get + - list + - watch + - create + - update + - delete + - deletecollection + - patch + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - apiGroups: + - rbac.authorization.k8s.io + resources: + - roles + - rolebindings + - clusterroles + - clusterrolebindings + verbs: + - get + - list + - watch + - create + - update + - delete + - apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - get + - create + - apiGroups: + - certificates.k8s.io + resources: + - certificatesigningrequests + - certificatesigningrequests/approval + verbs: + - get + - list + - watch + - create + - update + - apiGroups: + - certificates.k8s.io + resources: + - signers + verbs: + - approve + - apiGroups: + - cluster.open-cluster-management.io + resources: + - managedclusters + verbs: + - get + - list + - watch + - apiGroups: + - work.open-cluster-management.io + resources: + - manifestworks + verbs: + - create + - update + - get + - list + - watch + - delete + - deletecollection + - patch + - apiGroups: + - addon.open-cluster-management.io + resources: + - managedclusteraddons/finalizers + verbs: + - update + - apiGroups: + - addon.open-cluster-management.io + resources: + - clustermanagementaddons/finalizers + verbs: + - update + - apiGroups: + - addon.open-cluster-management.io + resources: + - clustermanagementaddons + verbs: + - get + - list + - watch + - apiGroups: + - addon.open-cluster-management.io + resources: + - managedclusteraddons + verbs: + - get + - list + - watch + - create + - update + - delete + - apiGroups: + - addon.open-cluster-management.io + resources: + - managedclusteraddons/status + verbs: + - update + - patch + - apiGroups: + - rcs.dana.io + resources: + - capps + verbs: + - create + - get + - list + - watch + - update + - patch + - delete + - apiGroups: + - rcs.dana.io + resources: + - capps/status + verbs: + - get + - patch + - update \ No newline at end of file diff --git a/charts/rcs-ocm-addons/templates/status-addon/addon-clusterrolebinding.yaml b/charts/rcs-ocm-addons/templates/status-addon/addon-clusterrolebinding.yaml new file mode 100644 index 0000000..04c4dac --- /dev/null +++ b/charts/rcs-ocm-addons/templates/status-addon/addon-clusterrolebinding.yaml @@ -0,0 +1,14 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ include "rcs-ocm-addons.fullname" . }}-capp-status-addon + labels: + {{- include "rcs-ocm-addons.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ include "rcs-ocm-addons.fullname" . }}-capp-status-addon +subjects: + - kind: ServiceAccount + name: {{ include "rcs-ocm-addons.fullname" . }}-sa + namespace: {{ .Release.Namespace }} \ No newline at end of file diff --git a/charts/rcs-ocm-addons/templates/status-addon/cluster-management-addon.yaml b/charts/rcs-ocm-addons/templates/status-addon/cluster-management-addon.yaml new file mode 100644 index 0000000..5e5b4ce --- /dev/null +++ b/charts/rcs-ocm-addons/templates/status-addon/cluster-management-addon.yaml @@ -0,0 +1,15 @@ +apiVersion: addon.open-cluster-management.io/v1alpha1 +kind: ClusterManagementAddOn +metadata: + name: {{ include "rcs-ocm-addons.fullname" . }}-capp-status-addon + labels: + {{- include "rcs-ocm-addons.labels" . | nindent 4 }} + annotations: + addon.open-cluster-management.io/lifecycle: addon-manager +spec: + addOnMeta: + description: Capp Status Addon is an OCM add-on that copies the Capp status from + the spoke clusters to the hub cluster. + displayName: CappStatusAddon + installStrategy: + {{- toYaml .Values.installStrategy.status | nindent 4 }} \ No newline at end of file diff --git a/charts/rcs-ocm-addons/templates/status-addon/deployment.yaml b/charts/rcs-ocm-addons/templates/status-addon/deployment.yaml new file mode 100644 index 0000000..50f5ed8 --- /dev/null +++ b/charts/rcs-ocm-addons/templates/status-addon/deployment.yaml @@ -0,0 +1,52 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "rcs-ocm-addons.fullname" . }}-status-addon-manager + labels: + app: rcs-score-addon-manager + {{- include "rcs-ocm-addons.labels" . | nindent 4 }} +spec: + replicas: {{ .Values.replicaCount }} + selector: + matchLabels: + app: rcs-score-addon-manager + {{- include "rcs-ocm-addons.selectorLabels" . | nindent 6 }} + template: + metadata: + labels: + app: rcs-score-addon-manager + {{- include "rcs-ocm-addons.selectorLabels" . | nindent 8 }} + spec: + securityContext: + {{- toYaml .Values.securityContext | nindent 8 }} + nodeSelector: + {{- toYaml .Values.nodeSelector | nindent 8 }} + tolerations: + {{- toYaml .Values.tolerations | nindent 8 }} + affinity: + {{- toYaml .Values.affinity | nindent 8 }} + containers: + - name: rcs-score-addon-manager + image: {{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + command: + {{- range .Values.manager.score.command }} + - {{ . | quote }} + {{- end }} + args: + {{- range .Values.manager.score.args }} + - {{ . | quote }} + {{- end }} + securityContext: + {{- toYaml .Values.manager.securityContext | nindent 12 }} + resources: + limits: + cpu: {{ .Values.manager.resources.limits.cpu }} + memory: {{ .Values.manager.resources.limits.memory }} + requests: + cpu: {{ .Values.manager.resources.requests.cpu }} + memory: {{ .Values.manager.resources.requests.memory }} + env: + - name: ADDON_IMAGE + value: {{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }} + serviceAccountName: {{ include "rcs-ocm-addons.fullname" . }}-addon-sa \ No newline at end of file diff --git a/charts/rcs-ocm-addons/templates/status-addon/serviceaccount.yaml b/charts/rcs-ocm-addons/templates/status-addon/serviceaccount.yaml new file mode 100644 index 0000000..6380ab2 --- /dev/null +++ b/charts/rcs-ocm-addons/templates/status-addon/serviceaccount.yaml @@ -0,0 +1,6 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "rcs-ocm-addons.fullname" . }}-sa + labels: + {{- include "rcs-ocm-addons.labels" . | nindent 4 }} \ No newline at end of file diff --git a/charts/rcs-ocm-addons/values.yaml b/charts/rcs-ocm-addons/values.yaml new file mode 100644 index 0000000..2b26aa1 --- /dev/null +++ b/charts/rcs-ocm-addons/values.yaml @@ -0,0 +1,101 @@ +# Default values for rcs-ocm-addons. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +image: + # -- The repository of the manager container image. + repository: ghcr.io/dana-team/rcs-ocm-addons + # -- The tag of the manager container image. + tag: "" + # -- The pull policy for the image. + pullPolicy: IfNotPresent + +# Override the name of the deployment +nameOverride: "" + +# Override the full name of the deployment +fullnameOverride: "" + +# -- The number of replicas for the deployment. +replicaCount: 1 + +# -- Node selector for scheduling pods. Allows you to specify node labels for pod assignment. +nodeSelector: {} + +# -- Node tolerations for scheduling pods. Allows the pods to be scheduled on nodes with matching taints. +tolerations: [] + +# -- Node affinity rules for scheduling pods. Allows you to specify advanced node selection constraints. +affinity: {} + +# -- Configuration for the manager container. +manager: + score: + # -- Command-line commands passed to the score-addon manager container. + command: + - /score-addon + # -- Command-line arguments passed to the score-addon manager container. + args: + - "manager" + status: + # -- Command-line commands passed to the status-addon manager container. + command: + - /status-addon + # -- Command-line arguments passed to the status-adon manager container. + args: + - "manager" + # -- Security settings for the manager container. + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - "ALL" + # -- Resource requests and limits for the manager container. + resources: + limits: + cpu: 500m + memory: 128Mi + requests: + cpu: 10m + memory: 64Mi + +#-- Configurations for the InstallStrategy of the AddOns. +installStrategy: + score: + type: Placements + placements: + - configs: + - group: addon.open-cluster-management.io + name: rcs-score-deploy-config + namespace: open-cluster-management-hu + resource: addondeploymentconfigs + name: all-clusters + namespace: test + rolloutStrategy: + type: All + status: + type: Placements + placements: + - name: all-clusters + namespace: test + rolloutStrategy: + type: All + +# -- Configurations for the AddonDeploymentConfig object +deploymentConfig: + # -- Name of the AddonDeploymentConfig + name: rcs-score-deploy-config + # -- Namespace of the AddonDeploymentConfig + namespace: open-cluster-management-hub + # -- Namespace where the agent addon is installed + agentInstallNamespace: open-cluster-management-agent-addon + # -- Customzied variables for the addon + customizedVariables: + - name: MAX_CPU_COUNT + value: "1" + - name: MIN_CPU_COUNT + value: "0" + - name: MAX_MEMORY_BYTES + value: "104857" + - name: MIN_MEMORY_BYTES + value: "0" \ No newline at end of file