diff --git a/.vscode/settings.json b/.vscode/settings.json new file mode 100644 index 0000000..1d33c65 --- /dev/null +++ b/.vscode/settings.json @@ -0,0 +1,22 @@ +{ + "workbench.colorCustomizations": { + "activityBar.activeBackground": "#ff6433", + "activityBar.background": "#ff6433", + "activityBar.foreground": "#15202b", + "activityBar.inactiveForeground": "#15202b99", + "activityBarBadge.background": "#00ff3d", + "activityBarBadge.foreground": "#15202b", + "commandCenter.border": "#e7e7e799", + "sash.hoverBorder": "#ff6433", + "statusBar.background": "#ff3d00", + "statusBar.foreground": "#e7e7e7", + "statusBarItem.hoverBackground": "#ff6433", + "statusBarItem.remoteBackground": "#ff3d00", + "statusBarItem.remoteForeground": "#e7e7e7", + "titleBar.activeBackground": "#ff3d00", + "titleBar.activeForeground": "#e7e7e7", + "titleBar.inactiveBackground": "#ff3d0099", + "titleBar.inactiveForeground": "#e7e7e799" + }, + "peacock.color": "#ff3d00" +} \ No newline at end of file diff --git a/charts/ccm-hetzner-test/.helmignore b/charts/ccm-hetzner-test/.helmignore new file mode 100644 index 0000000..0e8a0eb --- /dev/null +++ b/charts/ccm-hetzner-test/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/charts/ccm-hetzner-test/Chart.yaml b/charts/ccm-hetzner-test/Chart.yaml new file mode 100644 index 0000000..4903079 --- /dev/null +++ b/charts/ccm-hetzner-test/Chart.yaml @@ -0,0 +1,11 @@ +apiVersion: v2 +name: ccm-hetzner-test +description: Helm Chart for Hcloud Cloud Controller Manager +type: application +home: https://github.com/syself/charts/tree/main/charts/ccm-hetzner-test +maintainers: + - name: Syself + email: info@syself.com + url: https://github.com/syself +appVersion: "v0.14.0-beta.3" +version: 0.0.1 diff --git a/charts/ccm-hetzner-test/templates/_helpers.tpl b/charts/ccm-hetzner-test/templates/_helpers.tpl new file mode 100644 index 0000000..0e52db0 --- /dev/null +++ b/charts/ccm-hetzner-test/templates/_helpers.tpl @@ -0,0 +1,63 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "ccm-hetzner-test.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "ccm-hetzner-test.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "ccm-hetzner-test.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "ccm-hetzner-test.labels" -}} +helm.sh/chart: {{ include "ccm-hetzner-test.chart" . }} +app: ccm +{{ include "ccm-hetzner-test.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "ccm-hetzner-test.selectorLabels" -}} +app.kubernetes.io/name: {{ include "ccm-hetzner-test.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "ccm-hetzner-test.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "ccm-hetzner-test.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} diff --git a/charts/ccm-hetzner-test/templates/deployment.yaml b/charts/ccm-hetzner-test/templates/deployment.yaml new file mode 100644 index 0000000..fd14135 --- /dev/null +++ b/charts/ccm-hetzner-test/templates/deployment.yaml @@ -0,0 +1,125 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "ccm-hetzner-test.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "ccm-hetzner-test.labels" . | nindent 4 }} +spec: + replicas: {{ .Values.replicaCount }} + revisionHistoryLimit: 5 + selector: + matchLabels: + {{- include "ccm-hetzner-test.selectorLabels" . | nindent 6 }} + template: + metadata: + {{- with .Values.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "ccm-hetzner-test.selectorLabels" . | nindent 8 }} + spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + dnsPolicy: Default + serviceAccountName: {{ include "ccm-hetzner-test.serviceAccountName" . }} + securityContext: + {{- toYaml .Values.podSecurityContext | nindent 8 }} + tolerations: + # this taint is set by all kubelets running `--cloud-provider=external` + # so we should tolerate it to schedule the cloud controller manager + - key: "node.cloudprovider.kubernetes.io/uninitialized" + value: "true" + effect: "NoSchedule" + - key: "CriticalAddonsOnly" + operator: "Exists" + # cloud controller manages should be able to run on masters + - key: "node-role.kubernetes.io/master" + effect: NoSchedule + operator: Exists + - key: "node-role.kubernetes.io/control-plane" + effect: NoSchedule + operator: Exists + - key: "node.kubernetes.io/not-ready" + effect: "NoSchedule" + {{- with .Values.tolerations }} + {{- toYaml . | nindent 8 }} + {{- end }} +{{- if .Values.privateNetwork.enabled }} + hostNetwork: true +{{- end }} + containers: + - name: {{ .Chart.Name }} + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + command: + - "/bin/hetzner-cloud-controller-manager" + - "--cloud-provider=hcloud" + - "--leader-elect={{ .Values.env.leaderElect }}" + - "--allow-untagged-cloud" +{{- if .Values.privateNetwork.enabled }} + - "--allocate-node-cidrs=true" + - "--cluster-cidr={{ .Values.privateNetwork.clusterSubnet }}" +{{- end }} + resources: + {{- toYaml .Values.resources | nindent 12 }} + env: + - name: NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: HCLOUD_TOKEN + valueFrom: + secretKeyRef: + {{- if .Values.secret.create }} + name: {{ include "ccm-hetzner-test.fullname" . }} + {{- else }} + name: {{ .Values.secret.name }} + {{- end }} + key: {{ .Values.secret.key.token }} + - name: ROBOT_USER_NAME + valueFrom: + secretKeyRef: + {{- if .Values.secret.create }} + name: {{ include "ccm-hetzner-test.fullname" . }} + {{- else }} + name: {{ .Values.secret.name }} + {{- end }} + key: {{ .Values.secret.key.robotUserName }} + - name: ROBOT_PASSWORD + valueFrom: + secretKeyRef: + {{- if .Values.secret.create }} + name: {{ include "ccm-hetzner-test.fullname" . }} + {{- else }} + name: {{ .Values.secret.name }} + {{- end }} + key: {{ .Values.secret.key.robotPassword }} + - name: HCLOUD_DEBUG + value: "{{ .Values.env.debug }}" + - name: HCLOUD_LOAD_BALANCERS_ENABLED + value: "{{ .Values.env.loadBalancers }}" + {{- if .Values.privateNetwork.enabled }} + - name: HCLOUD_NETWORK + valueFrom: + secretKeyRef: + {{- if .Values.secret.create }} + name: {{ include "ccm-hetzner-test.fullname" . }} + {{- else }} + name: {{ .Values.secret.name }} + {{- end }} + key: {{ .Values.secret.key.network }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} \ No newline at end of file diff --git a/charts/ccm-hetzner-test/templates/pdb.yaml b/charts/ccm-hetzner-test/templates/pdb.yaml new file mode 100644 index 0000000..17500b2 --- /dev/null +++ b/charts/ccm-hetzner-test/templates/pdb.yaml @@ -0,0 +1,13 @@ +{{- if .Values.pdb.enabled }} +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + name: {{ include "ccm-hetzner-test.fullname" . }} + namespace: {{ .Release.Namespace }} +spec: + minAvailable: {{ .Values.pdb.minAvailable }} + maxUnavailable: {{ .Values.pdb.maxUnavailable }} + selector: + matchLabels: + {{- include "ccm-hetzner-test.selectorLabels" . | nindent 6 }} +{{- end }} \ No newline at end of file diff --git a/charts/ccm-hetzner-test/templates/secret.yaml b/charts/ccm-hetzner-test/templates/secret.yaml new file mode 100644 index 0000000..5b9706d --- /dev/null +++ b/charts/ccm-hetzner-test/templates/secret.yaml @@ -0,0 +1,16 @@ +{{- if .Values.secret.create -}} +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "ccm-hetzner-test.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "ccm-hetzner-test.labels" . | nindent 4 }} +stringData: + {{ .Values.secret.key.token }}: {{ .Values.env.hcloudApiToken | b64enc }} + {{ .Values.secret.key.robotUserName }}: {{ .Values.env.robotUser | b64enc }} + {{ .Values.secret.key.robotPassword }}: {{ .Values.env.robotPassword | b64enc }} +{{- if .Values.privateNetwork.enabled }} + {{ .Values.secret.networkKeyName }}: {{ .Values.privateNetwork.network.id | b64enc }} +{{- end -}} +{{- end -}} diff --git a/charts/ccm-hetzner-test/templates/serviceaccount.yaml b/charts/ccm-hetzner-test/templates/serviceaccount.yaml new file mode 100644 index 0000000..cc51c61 --- /dev/null +++ b/charts/ccm-hetzner-test/templates/serviceaccount.yaml @@ -0,0 +1,29 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "ccm-hetzner-test.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "ccm-hetzner-test.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ include "ccm-hetzner-test.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "ccm-hetzner-test.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cluster-admin +subjects: + - kind: ServiceAccount + name: {{ include "ccm-hetzner-test.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} +{{- end }} \ No newline at end of file diff --git a/charts/ccm-hetzner-test/values.yaml b/charts/ccm-hetzner-test/values.yaml new file mode 100644 index 0000000..598ee53 --- /dev/null +++ b/charts/ccm-hetzner-test/values.yaml @@ -0,0 +1,77 @@ +# Default values for ccm-hetzner-test. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +replicaCount: 1 + +image: + repository: ghcr.io/syself/hetzner-cloud-controller-manager + pullPolicy: Always + # Overrides the image tag whose default is the chart appVersion. + tag: "" + +imagePullSecrets: [] +nameOverride: "" +fullnameOverride: "" + +env: + debug: false + loadBalancers: true + leaderElect: true + hcloudApiToken: # HCloud API Token, fill this only if you don't have a secret already with the token. And set secret.create=true + robotUser: # Robot User, fill this only if you don't have a secret already with the token. And set secret.create=true + robotPassword: # Robot Password, fill this only if you don't have a secret already with the token. And set secret.create=true + +privateNetwork: + enabled: false + network: + id: # If you have a secret with the key network leave it empty. If you specify it manually provide the name or ID of the Hcloud Network here. And set secret.create=true + clusterSubnet: 10.244.0.0/16 # Pod CIDR + +secret: + create: false + name: hetzner # Name of an existing secret + key: + token: hcloud # Name of an existing key for the hcloud-token in the above specified secret + robotUserName: robot-user + robotPassword: robot-password + network: network # Name of an existing key for the hcloud-network in the above specified secret + +pdb: + enabled: true + minAvailable: 1 + +serviceAccount: + # Specifies whether a service account should be created + create: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + +podAnnotations: {} + +podSecurityContext: + {} + # fsGroup: 2000 + +securityContext: + {} + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsNonRoot: true + # runAsUser: 1000 + +resources: + requests: + cpu: 100m + memory: 50Mi + +nodeSelector: {} + +tolerations: [] + +affinity: {}