install: rename files and resource names

This commit changes a couple of things. 1. The file names have been changed to just what they represent, as the context defining prefixes that used to be there no longer serve a real purpose now that the Helm operator has a dedicated repository. 2. The names of the deployment and other resources have been simplified, the 'Flux branding' adds little to the resources and takes longer to type. 3. Some boilerplating for the Tiller certificates has been removed, `eksctl` is the sole user of this package and has dropped Helm 2. 4. References to the files have been changed in both `hack/` and documentation files.
fluxcd · Mar 2, 2020 · 1baacd6 · 1baacd6
1 parent 8b99349
commit 1baacd6
Showing 18 changed files with 131 additions and 157 deletions.
diff --git a/chart/helm-operator/README.md b/chart/helm-operator/README.md
@@ -18,7 +18,7 @@ helm repo add fluxcd https://charts.fluxcd.io
 Install the HelmRelease CRD:
 
 ```sh
-kubectl apply -f https://raw.githubusercontent.com/fluxcd/helm-operator/master/deploy/flux-helm-release-crd.yaml
+kubectl apply -f https://raw.githubusercontent.com/fluxcd/helm-operator/master/deploy/crds.yaml
 ```
 
 Install Helm Operator for Tiller in the fluxcd namespace:

diff --git a/deploy/helm-operator-crds.yaml → deploy/crds.yaml b/deploy/helm-operator-crds.yaml → deploy/crds.yaml
diff --git a/deploy/helm-operator-deployment.yaml → deploy/deployment.yaml b/deploy/helm-operator-deployment.yaml → deploy/deployment.yaml
@@ -2,22 +2,23 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
-  name: flux-helm-operator
+  name: helm-operator
+  namespace: flux
 spec:
   replicas: 1
   selector:
     matchLabels:
-      name: flux-helm-operator
+      name: helm-operator
   strategy:
     type: Recreate
   template:
     metadata:
       labels:
-        name: flux-helm-operator
+        name: helm-operator
       annotations:
         prometheus.io/scrape: "true"
     spec:
-      serviceAccountName: flux-helm-operator
+      serviceAccountName: helm-operator
       volumes:
       #
       # You will need these two volumes if you want to establish validated TLS
@@ -30,7 +31,7 @@ spec:
       # Secret type kubernetes.io/tls
       # - name: flux-helm-tls-cert
       #   secret:
-      #     secretName: flux-helm-tls-cert
+      #     secretName: tiller-tls-cert
       #     defaultMode: 0400
       #
       # The following volume is for using a customised known_hosts file,
@@ -72,7 +73,7 @@ spec:
       #   emptyDir: {}
 
       containers:
-      - name: flux-helm-operator
+      - name: helm-operator
         # There are no ":latest" images for helm-operator. Find the most recent
         # release or image version at https://hub.docker.com/r/weaveworks/helm-operator/tags
         # and replace the tag here.
@@ -126,4 +127,3 @@ spec:
         # - --tiller-tls-verify=true
         # - --tiller-tls-ca-cert-path=/etc/fluxd/helm-ca/ca.crt
 
-
diff --git a/deploy/kustomization.yaml b/deploy/kustomization.yaml
@@ -1,4 +1,5 @@
 resources:
-  - flux-helm-operator-account.yaml
-  - helm-operator-crds.yaml
-  - helm-operator-deployment.yaml
+  - namespace.yaml
+  - crds.yaml
+  - rbac.yaml
+  - deployment.yaml
diff --git a/deploy/namespace.yaml b/deploy/namespace.yaml
@@ -0,0 +1,5 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: flux
diff --git a/deploy/flux-helm-operator-account.yaml → deploy/rbac.yaml b/deploy/flux-helm-operator-account.yaml → deploy/rbac.yaml
@@ -1,19 +1,18 @@
 ---
-# The service account, cluster roles, and cluster role binding are
-# only needed for Kubernetes with role-based access control (RBAC).
 apiVersion: v1
 kind: ServiceAccount
 metadata:
   labels:
-    name: flux-helm-operator
-  name: flux-helm-operator
+    name: helm-operator
+  name: helm-operator
+  namespace: flux
 ---
 apiVersion: rbac.authorization.k8s.io/v1beta1
 kind: ClusterRole
 metadata:
   labels:
-    name: flux-helm-operator
-  name: flux-helm-operator
+    name: helm-operator
+  name: helm-operator
 rules:
   - apiGroups: ['*']
     resources: ['*']
@@ -25,13 +24,13 @@ apiVersion: rbac.authorization.k8s.io/v1beta1
 kind: ClusterRoleBinding
 metadata:
   labels:
-    name: flux-helm-operator
-  name: flux-helm-operator
+    name: helm-operator
+  name: helm-operator
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
-  name: flux-helm-operator
+  name: helm-operator
 subjects:
   - kind: ServiceAccount
-    name: flux-helm-operator
-    namespace: default
+    name: helm-operator
+    namespace: flux
diff --git a/...weave-cloud-helm-operator-deployment.yaml → deploy/weave-cloud-deployment.yaml b/...weave-cloud-helm-operator-deployment.yaml → deploy/weave-cloud-deployment.yaml
@@ -1,23 +1,23 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
-  name: flux-helm-operator
+  name: helm-operator
   namespace: weave
   labels:
-    app: flux-helm-operator
+    app: helm-operator
     weave-cloud-component: helm-operator
 spec:
   strategy:
     type: Recreate
   selector:
     matchLabels:
-      app: flux-helm-operator
+      app: helm-operator
   template:
     metadata:
       annotations:
         prometheus.io/scrape: "false"
       labels:
-        app: flux-helm-operator
+        app: helm-operator
     spec:
       serviceAccountName: weave-flux
       volumes:
@@ -26,7 +26,7 @@ spec:
             defaultMode: 256
             secretName: flux-git-deploy
       containers:
-        - name: flux-helm-operator
+        - name: helm-operator
           image: docker.io/fluxcd/helm-operator:1.0.0-rc9
           imagePullPolicy: IfNotPresent
           args:

diff --git a/docs/references/helmrelease-custom-resource.md b/docs/references/helmrelease-custom-resource.md
@@ -2,7 +2,7 @@
 
 Each release of a chart is declared by a `HelmRelease`
 resource. The schema for these resources is given in [the custom
-resource definition](https://github.com/fluxcd/helm-operator/blob/master/deploy/flux-helm-release-crd.yaml). They
+resource definition](https://github.com/fluxcd/helm-operator/blob/master/deploy/crds.yaml). They
 look like this:
 
 ```yaml

diff --git a/hack/update/generate-crds.sh b/hack/update/generate-crds.sh
@@ -55,7 +55,7 @@ bin/controller-gen \
   paths=./pkg/apis/...
 
 echo "Forging CRD template for \`pkg/install\` from generated chart CRDs"
-out="./pkg/install/templates/helm-operator-crds.yaml.tmpl"
+out="./pkg/install/templates/crds.yaml.tmpl"
 rm "$out" || true
 touch "$out"
 for file in $(find "${CRD_DIR}" -type f | sort -V); do

diff --git a/pkg/install/generate.go b/pkg/install/generate.go
@@ -37,7 +37,7 @@ func main() {
 			log.Fatalln(err)
 		}
 	case "deploy":
-		manifests, err := install.FillInTemplates(install.TemplateParameters{})
+		manifests, err := install.FillInTemplates(install.TemplateParameters{Namespace: "flux"})
 		if err != nil {
 			fmt.Fprintf(os.Stderr, "error: failed to fill in templates: %s\n", err)
 			os.Exit(1)

diff --git a/pkg/install/generated_templates.gogen.go b/pkg/install/generated_templates.gogen.go
diff --git a/pkg/install/install.go b/pkg/install/install.go
@@ -12,18 +12,28 @@ import (
 	"github.com/shurcooL/httpfs/vfsutil"
 )
 
+const (
+	defaultNamespace       = "default"
+	defaultTillerNamespace = "kube-system"
+)
+
 type TemplateParameters struct {
-	Namespace               string
-	TillerNamespace         string
-	SSHSecretName           string
-	EnableTillerTLS         bool
-	TillerTLSCACertContent  string
-	TillerTLSCertSecretName string
-	HelmVersions            string
-	AdditionalArgs          []string
+	Namespace       string
+	TillerNamespace string
+	SSHSecretName   string
+	HelmVersions    string
+	AdditionalArgs  []string
 }
 
 func FillInTemplates(params TemplateParameters) (map[string][]byte, error) {
+	if params.Namespace == "" {
+		// Set the default namespace
+		params.Namespace = defaultNamespace
+	}
+	if params.TillerNamespace == "" {
+		// Set the default Tiller namespace
+		params.TillerNamespace = defaultTillerNamespace
+	}
 	result := map[string][]byte{}
 	err := vfsutil.WalkFiles(templates, "/", func(path string, info os.FileInfo, rs io.ReadSeeker, err error) error {
 		if err != nil {

diff --git a/pkg/install/install_test.go b/pkg/install/install_test.go
@@ -37,10 +37,7 @@ func TestFillInTemplates(t *testing.T) {
 		Namespace:               "flux",
 		TillerNamespace:         "tiller",
 		SSHSecretName:           "mysshsecretname",
-		EnableTillerTLS:         true,
-		TillerTLSCACertContent:  "foo\nbar\n",
-		TillerTLSCertSecretName: "mytlssecretname",
-	}, 4)
+	}, 3)
 }
 
 func TestFillInTemplatesEmpty(t *testing.T) {

diff --git a/...ll/templates/helm-operator-crds.yaml.tmpl → pkg/install/templates/crds.yaml.tmpl b/...ll/templates/helm-operator-crds.yaml.tmpl → pkg/install/templates/crds.yaml.tmpl
diff --git a/...plates/helm-operator-deployment.yaml.tmpl → pkg/install/templates/deployment.yaml.tmpl b/...plates/helm-operator-deployment.yaml.tmpl → pkg/install/templates/deployment.yaml.tmpl
@@ -2,32 +2,26 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
-  name: flux-helm-operator{{ if .Namespace }}
-  namespace: {{ .Namespace }}{{ end }}
+  name: helm-operator
+{{- if .Namespace }}
+  namespace: {{ .Namespace }}
+{{- end }}
 spec:
   replicas: 1
   selector:
     matchLabels:
-      name: flux-helm-operator
+      name: helm-operator
   strategy:
     type: Recreate
   template:
     metadata:
       labels:
-        name: flux-helm-operator
+        name: helm-operator
       annotations:
         prometheus.io/scrape: "true"
     spec:
-      serviceAccountName: flux-helm-operator
-      volumes:{{ if .EnableTillerTLS }}
-        - name: helm-tls-ca
-          configMap:
-            name: flux-helm-tls-ca-config
-            defaultMode: 0600
-        - name: helm-tls-certs
-          secret:
-            secretName: {{ if .TillerTLSCertSecretName }}{{ .TillerTLSCertSecretName }}{{ else }}flux-helm-tls-cert{{ end }}
-            defaultMode: 0400{{ else }}
+      serviceAccountName: helm-operator
+      volumes:
       #
       # You will need these two volumes if you want to establish validated TLS
       # connections against Tiller
@@ -39,9 +33,9 @@ spec:
       # Secret type kubernetes.io/tls
       # - name: flux-helm-tls-cert
       #   secret:
-      #     secretName: {{ if .TillerTLSCertSecretName }}{{ .TillerTLSCertSecretName }}{{ else }}flux-helm-tls-cert{{ end }}
+      #     secretName: tiller-tls-cert
       #     defaultMode: 0400
-      #{{end}}
+      #
       # The following volume is for using a customised known_hosts file,
       # which you will need to do if you host your own git repo rather
       # than using github or the like. You'll also need to mount it
@@ -55,14 +49,14 @@ spec:
       # - name: sshdir
       #   configMap:
       #     name: flux-ssh-config
-      #     defaultMode: 0400{{ if .SSHSecretName }}
-
+      #     defaultMode: 0400
+{{- if .SSHSecretName }}
       # SSH key to access the Git repository
         - name: git-key
           secret:
             secretName: {{ .SSHSecretName }}
             defaultMode: 0400 # when mounted read-only, we won't be able to chmod
-{{ else }}
+{{- else }}
       #
       # You will need this volume if you're using a git repo that
       # needs an SSH key for access; e.g., a GitHub deploy key. If
@@ -76,7 +70,8 @@ spec:
       #   secret:
       #     secretName: flux-git-deploy
       #     defaultMode: 0400 # when mounted read-only, we won't be able to chmod
-      #{{end}}
+      #
+{{- end}}
       # These two volumes are for mounting a repositories.yaml file,
       # and providing a cache directory. The latter is needed because
       # mounting the former will make the cache/ directory read-only.
@@ -88,7 +83,7 @@ spec:
       #   emptyDir: {}
 
       containers:
-      - name: flux-helm-operator
+      - name: helm-operator
         # There are no ":latest" images for helm-operator. Find the most recent
         # release or image version at https://hub.docker.com/r/weaveworks/helm-operator/tags
         # and replace the tag here.
@@ -118,52 +113,38 @@ spec:
         # file; you'll also need the volume declared above.
         # - name: sshdir
         #   mountPath: /root/.ssh
-        #   readOnly: true{{ if .SSHSecretName }}
-
+        #   readOnly: true
+{{- if .SSHSecretName }}
           - name: git-key
             mountPath: /etc/fluxd/ssh
-{{ else }}
+{{- else }}
         # - name: git-key
-        #   mountPath: /etc/fluxd/ssh{{ end }}
+        #   mountPath: /etc/fluxd/ssh
+{{- end }}
         # - name: repositories-yaml
         #   mountPath: /var/fluxd/helm/repository
         # - name: repositories-cache
-        #   mountPath: /var/fluxd/helm/repository/cache{{ if .EnableTillerTLS }}
-
-          - name: helm-tls-certs
-            mountPath: /etc/fluxd/helm
-            readOnly: true
-          - name: helm-tls-ca
-            mountPath: /etc/fluxd/helm-ca
-            readOnly: true
-{{ else }}
+        #   mountPath: /var/fluxd/helm/repository/cache
         # - name: helm-tls-certs
         #   mountPath: /etc/fluxd/helm
         #   readOnly: true
         # - name: helm-tls-ca
         #   mountPath: /etc/fluxd/helm-ca
-        #   readOnly: true{{ end }}
+        #   readOnly: true
         args:
         # How to find Tiller
-        - --tiller-namespace={{ if .TillerNamespace }}{{ .TillerNamespace }}{{ else }}kube-system{{ end }}{{ if .EnableTillerTLS }}
-        # TLS configuration
-        - --tiller-tls-ca-cert-path=/etc/fluxd/helm-ca/ca.crt
-        - --tiller-tls-enable=true
-        - --tiller-tls-key-path=/etc/fluxd/helm/tls.key
-        - --tiller-tls-cert-path=/etc/fluxd/helm/tls.crt
-        - --tiller-tls-verify=true
-        - --tiller-tls-ca-cert-path=/etc/fluxd/helm-ca/ca.crt{{ else }}
+        - --tiller-namespace={{ .TillerNamespace }}
         # Comment out to to establish validated TLS connections against Tiller
         # - --tiller-tls-ca-cert-path=/etc/fluxd/helm-ca/ca.crt
         # - --tiller-tls-enable=true
         # - --tiller-tls-key-path=/etc/fluxd/helm/tls.key
         # - --tiller-tls-cert-path=/etc/fluxd/helm/tls.crt
         # - --tiller-tls-verify=true
-        # - --tiller-tls-ca-cert-path=/etc/fluxd/helm-ca/ca.crt{{ end }}
+        # - --tiller-tls-ca-cert-path=/etc/fluxd/helm-ca/ca.crt
 {{ if .HelmVersions }}
         - --enabled-helm-versions={{ .HelmVersions }}
-{{ end }}
-{{ if .AdditionalArgs }}
+{{- end }}
+{{- if .AdditionalArgs }}
         # Additional arguments{{ range .AdditionalArgs }}
         - {{ . }}{{ end }}
-{{ end }}
+{{- end }}
diff --git a/pkg/install/templates/flux-helm-operator-account.yaml.tmpl b/pkg/install/templates/flux-helm-operator-account.yaml.tmpl
diff --git a/pkg/install/templates/rbac.yaml.tmpl b/pkg/install/templates/rbac.yaml.tmpl
@@ -0,0 +1,36 @@
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  labels:
+    name: helm-operator
+  name: helm-operator
+  namespace: {{ .Namespace }}
+---
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: ClusterRole
+metadata:
+  labels:
+    name: helm-operator
+  name: helm-operator
+rules:
+  - apiGroups: ['*']
+    resources: ['*']
+    verbs: ['*']
+  - nonResourceURLs: ['*']
+    verbs: ['*']
+---
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: ClusterRoleBinding
+metadata:
+  labels:
+    name: helm-operator
+  name: helm-operator
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: helm-operator
+subjects:
+  - kind: ServiceAccount
+    name: helm-operator
+    namespace: {{ .Namespace }}
diff --git a/pkg/install/templates/tiller-ca-cert-configmap.yaml.tmpl b/pkg/install/templates/tiller-ca-cert-configmap.yaml.tmpl