Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Various fixes to installer #435

Merged
merged 3 commits into from
Mar 7, 2019
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 7 additions & 0 deletions chart/searchlight/templates/_helpers.tpl
Original file line number Diff line number Diff line change
Expand Up @@ -29,3 +29,10 @@ Create the name of the service account to use
{{ default "default" .Values.serviceAccount.name }}
{{- end -}}
{{- end -}}

{{- define "searchlight.labels" -}}
chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
app: "{{ template "searchlight.name" . }}"
release: {{ .Release.Name | quote}}
heritage: "{{ .Release.Service }}"
{{- end -}}
29 changes: 7 additions & 22 deletions chart/searchlight/templates/apiregistration.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -8,10 +8,7 @@ kind: APIService
metadata:
name: v1alpha1.admission.monitoring.appscode.com
labels:
chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
app: "{{ template "searchlight.name" . }}"
heritage: "{{ .Release.Service }}"
release: "{{ .Release.Name }}"
{{- include "searchlight.labels" . | nindent 4 }}
spec:
group: admission.monitoring.appscode.com
version: v1alpha1
Expand All @@ -27,10 +24,7 @@ kind: APIService
metadata:
name: v1alpha1.incidents.monitoring.appscode.com
labels:
chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
app: "{{ template "searchlight.name" . }}"
heritage: "{{ .Release.Service }}"
release: "{{ .Release.Name }}"
{{- include "searchlight.labels" . | nindent 4 }}
spec:
group: incidents.monitoring.appscode.com
version: v1alpha1
Expand All @@ -47,10 +41,7 @@ metadata:
name: {{ template "searchlight.fullname" . }}-apiserver-cert
namespace: {{ .Release.Namespace }}
labels:
chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
app: "{{ template "searchlight.name" . }}"
heritage: "{{ .Release.Service }}"
release: "{{ .Release.Name }}"
{{- include "searchlight.labels" . | nindent 4 }}
type: Opaque
data:
tls.crt: {{ b64enc $cert.Cert }}
Expand All @@ -61,13 +52,10 @@ data:
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: {{ template "searchlight.fullname" . }}-apiserver-extension-server-authentication-reader
name: {{ template "searchlight.fullname" . }}-extension-server-authentication-reader
namespace: kube-system
labels:
chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
app: "{{ template "searchlight.name" . }}"
heritage: "{{ .Release.Service }}"
release: "{{ .Release.Name }}"
{{- include "searchlight.labels" . | nindent 4 }}
roleRef:
kind: Role
apiGroup: rbac.authorization.k8s.io
Expand All @@ -81,12 +69,9 @@ subjects:
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: {{ template "searchlight.fullname" . }}-apiserver-auth-delegator
name: {{ template "searchlight.fullname" . }}-auth-delegator
labels:
chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
app: "{{ template "searchlight.name" . }}"
heritage: "{{ .Release.Service }}"
release: "{{ .Release.Name }}"
{{- include "searchlight.labels" . | nindent 4 }}
roleRef:
kind: ClusterRole
apiGroup: rbac.authorization.k8s.io
Expand Down
9 changes: 3 additions & 6 deletions chart/searchlight/templates/cleaner.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -3,10 +3,7 @@ kind: Job
metadata:
name: {{ .Release.Name }}-cleaner
labels:
chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
app: "{{ template "searchlight.name" . }}"
heritage: "{{ .Release.Service }}"
release: "{{ .Release.Name }}"
{{- include "searchlight.labels" . | nindent 4 }}
annotations:
"helm.sh/hook": pre-delete
"helm.sh/hook-delete-policy": hook-succeeded,hook-failed
Expand All @@ -22,10 +19,10 @@ spec:
{{- end }}
containers:
- name: busybox
image: appscode/kubectl:v1.11
image: {{ .Values.cleaner.registry }}/{{ .Values.cleaner.repository }}:{{ .Values.cleaner.tag }}
command:
- sh
- -c
- "sleep 2; kubectl delete validatingwebhookconfigurations admission.monitoring.appscode.com || true"
imagePullPolicy: IfNotPresent
imagePullPolicy: {{ .Values.imagePullPolicy }}
restartPolicy: Never
5 changes: 1 addition & 4 deletions chart/searchlight/templates/cluster-role-binding.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -4,10 +4,7 @@ kind: ClusterRoleBinding
metadata:
name: {{ template "searchlight.fullname" . }}
labels:
chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
app: "{{ template "searchlight.name" . }}"
heritage: "{{ .Release.Service }}"
release: "{{ .Release.Name }}"
{{- include "searchlight.labels" . | nindent 4 }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
Expand Down
15 changes: 11 additions & 4 deletions chart/searchlight/templates/cluster-role.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -4,16 +4,18 @@ kind: ClusterRole
metadata:
name: {{ template "searchlight.fullname" . }}
labels:
chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
app: "{{ template "searchlight.name" . }}"
heritage: "{{ .Release.Service }}"
release: "{{ .Release.Name }}"
{{- include "searchlight.labels" . | nindent 4 }}
rules:
- apiGroups:
- apiextensions.k8s.io
resources:
- customresourcedefinitions
verbs: ["*"]
- apiGroups:
- apiregistration.k8s.io
resources:
- apiservices
verbs: ["get", "patch"]
- apiGroups:
- admissionregistration.k8s.io
resources:
Expand Down Expand Up @@ -54,4 +56,9 @@ rules:
resources:
- events
verbs: ["create", "list"]
- apiGroups:
- ""
resources:
- services
verbs: ["get"]
{{ end }}
15 changes: 8 additions & 7 deletions chart/searchlight/templates/deployment.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -7,10 +7,7 @@ metadata:
name: {{ template "searchlight.fullname" . }}
namespace: {{ .Release.Namespace }}
labels:
chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
app: "{{ template "searchlight.name" . }}"
heritage: "{{ .Release.Service }}"
release: "{{ .Release.Name }}"
{{- include "searchlight.labels" . | nindent 4 }}
{{- if .Values.annotations }}
annotations:
{{ toYaml .Values.annotations | indent 4 }}
Expand All @@ -24,11 +21,15 @@ spec:
template:
metadata:
labels:
app: "{{ template "searchlight.name" . }}"
release: "{{ .Release.Name }}"
{{- if and .Values.criticalAddon (eq .Release.Namespace "kube-system") }}
{{- include "searchlight.labels" . | nindent 8 }}
{{- if or .Values.annotations (and .Values.criticalAddon (eq .Release.Namespace "kube-system")) }}
annotations:
{{- if and .Values.criticalAddon (eq .Release.Namespace "kube-system") }}
scheduler.alpha.kubernetes.io/critical-pod: ''
{{- end }}
{{- if .Values.annotations }}
{{ toYaml .Values.annotations | indent 8 }}
{{- end }}
{{- end }}
spec:
serviceAccountName: {{ template "searchlight.serviceAccountName" . }}
Expand Down
5 changes: 1 addition & 4 deletions chart/searchlight/templates/service-account.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -5,8 +5,5 @@ metadata:
name: {{ template "searchlight.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
labels:
chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
app: "{{ template "searchlight.name" . }}"
heritage: "{{ .Release.Service }}"
release: "{{ .Release.Name }}"
{{- include "searchlight.labels" . | nindent 4 }}
{{ end }}
5 changes: 5 additions & 0 deletions chart/searchlight/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,11 @@ icinga:
repository: icinga
tag: 7.0.0-k8s

cleaner:
registry: appscode
repository: kubectl
tag: v1.12

## Optionally specify an array of imagePullSecrets.
## Secrets must be manually created in the namespace.
## ref: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod
Expand Down
2 changes: 1 addition & 1 deletion hack/deploy/operator.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -100,7 +100,7 @@ spec:
tolerations:
- key: CriticalAddonsOnly
operator: Exists
priorityClassName: system-cluster-critical
priorityClassName: ${SEARCHLIGHT_PRIORITY_CLASS}
---
# kube lacks the service serving cert signer, so provide a manual secret for it
apiVersion: v1
Expand Down
5 changes: 5 additions & 0 deletions hack/deploy/searchlight.sh
Original file line number Diff line number Diff line change
Expand Up @@ -121,6 +121,7 @@ export SEARCHLIGHT_ENABLE_ANALYTICS=true
export SEARCHLIGHT_UNINSTALL=0
export SEARCHLIGHT_PURGE=0
export SEARCHLIGHT_ENABLE_STATUS_SUBRESOURCE=false
export SEARCHLIGHT_PRIORITY_CLASS=system-cluster-critical

export SCRIPT_LOCATION="curl -fsSL https://raw.githubusercontent.com/appscode/searchlight/7.0.0/"
if [[ "$APPSCODE_ENV" == "dev" ]]; then
Expand Down Expand Up @@ -238,6 +239,10 @@ while test $# -gt 0; do
esac
done

if [ "$SEARCHLIGHT_NAMESPACE" != "kube-system" ]; then
export SEARCHLIGHT_PRIORITY_CLASS=""
fi

if [ "$SEARCHLIGHT_UNINSTALL" -eq 1 ]; then
# delete webhooks and apiservices
kubectl delete validatingwebhookconfiguration -l app=searchlight || true
Expand Down