Merge pull request #15 from onmetal/kube_api

Added etcd helm chart and improved druid chart configuration

Makefile

@@ -9,4 +9,7 @@ start-docs: ## Start the local mkdocs based development environment.
 	docker run -p 8000:8000 -v `pwd`/:/docs $(IMAGE)
 
 clean-docs: ## Remove all local mkdocs Docker images (cleanup).
-	docker container prune --force --filter "label=project=onmetal_virtual_controlplane_documentation"
+	docker container prune --force --filter "label=project=onmetal_virtual_controlplane_documentation"
+
+helm-docs: ## Generate Helm chart documentation
+	helm-docs

charts/druid/.helmignore

@@ -21,3 +21,4 @@
 .idea/
 *.tmproj
 .vscode/
+README.md.gotmpl

charts/druid/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 description: Helm chart for etcd-druid.
 name: etcd-druid
 type: application
-version: 0.1.0
+version: 0.1.1
 appVersion: 0.6.0
 engine: gotpl
 home: https://github.com/onmetal/virtual-controlplane/

charts/druid/README.md

@@ -0,0 +1,27 @@
+# etcd-druid
+
+![Version: 0.1.0](https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.6.0](https://img.shields.io/badge/AppVersion-0.6.0-informational?style=flat-square)
+
+Helm chart for etcd-druid.
+
+**Homepage:** <https://github.com/onmetal/virtual-controlplane/>
+
+## Source Code
+
+* <https://github.com/onmetal/virtual-controlplane/charts/druid>
+
+## Values
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| druid.ignoreOperationAnnotation | bool | `true` | ignore operation annotation |
+| druid.leaderElection | bool | `true` | perform leader election |
+| druid.port | int | `9569` | container port |
+| druid.replicaCount | int | `1` | pod instance count |
+| druid.resources | object | `{}` | resource requests and limits for deployment |
+| druid.workerCount | int | `3` | number of workers |
+| image.pullPolicy | string | `"IfNotPresent"` | pull policy |
+| image.repository | string | `"eu.gcr.io/gardener-project/gardener/etcd-druid"` | image location |
+| image.tag | string | `"v0.6.0"` | image version tag |
+| imagePullSecrets | list | `[]` | image pull secrets |
+| serviceAccount | string | `"etcd-druid"` | service account to use |

charts/druid/README.md.gotmpl

@@ -0,0 +1,14 @@
+{{ template "chart.header" . }}
+{{ template "chart.deprecationWarning" . }}
+
+{{ template "chart.badgesSection" . }}
+
+{{ template "chart.description" . }}
+
+{{ template "chart.homepageLine" . }}
+
+{{ template "chart.sourcesSection" . }}
+
+{{ template "chart.requirementsSection" . }}
+
+{{ template "chart.valuesSection" . }}

charts/druid/templates/druid-clusterrole.yaml

@@ -38,7 +38,6 @@ rules:
   - watch
   - patch
   - update
-
 - apiGroups:
   - ""
   - apps
@@ -80,16 +79,22 @@ rules:
   - leases
   verbs:
   - create
+  - get
+  - update
+  - patch
+  - list
+  - watch
 - apiGroups:
-  - coordination.k8s.io
-  resourceNames:
-  - druid-leader-election
+  - batch
   resources:
-  - leases
+  - cronjobs
   verbs:
+  - create
   - get
   - update
   - patch
+  - list
+  - watch
 - apiGroups:
   - ""
   resources:

charts/druid/templates/service-account.yaml

@@ -4,4 +4,3 @@ kind: ServiceAccount
 metadata:
   name: {{ .Values.serviceAccount }}
   namespace: {{ .Release.Namespace }}
-

charts/druid/values.yaml

@@ -1,16 +1,26 @@
 image:
+  # -- image location
   repository: eu.gcr.io/gardener-project/gardener/etcd-druid
+  # -- image version tag
   tag: v0.6.0
+  # -- pull policy
   pullPolicy: IfNotPresent
 
+# -- image pull secrets
 imagePullSecrets: []
 
 druid:
+  # -- pod instance count
   replicaCount: 1
+  # -- container port
   port: 9569
+  # -- perform leader election
   leaderElection: true
+  # -- number of workers
   workerCount: 3
-  ignoreOperationAnnotation: false
+  # -- ignore operation annotation
+  ignoreOperationAnnotation: true
+  # -- resource requests and limits for deployment
   resources: {}
   # resources:
   #   limits:
@@ -20,4 +30,5 @@ druid:
   #     cpu: 50m
   #     memory: 128Mi
 
+# -- service account to use
 serviceAccount: etcd-druid

charts/etcd/.helmignore

@@ -0,0 +1,24 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
+README.md.gotmpl

charts/etcd/Chart.yaml

@@ -0,0 +1,12 @@
+apiVersion: v2
+description: Helm chart for deploying etcd through etcd druid.
+name: etcd
+type: application
+version: 0.1.0
+appVersion: 3.4.13
+engine: gotpl
+home: https://github.com/onmetal/virtual-controlplane/
+sources:
+- https://github.com/onmetal/virtual-controlplane/charts/etcd
+maintainers:
+- name: afritzler

charts/etcd/README.md

@@ -0,0 +1,38 @@
+# etcd
+
+![Version: 0.1.0](https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 3.4.13](https://img.shields.io/badge/AppVersion-3.4.13-informational?style=flat-square)
+
+Helm chart for deploying etcd through etcd druid.
+
+**Homepage:** <https://github.com/onmetal/virtual-controlplane/>
+
+## Source Code
+
+* <https://github.com/onmetal/virtual-controlplane/charts/etcd>
+
+## Values
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| backup.compression | object | `{"enabled":false,"policy":"gzip"}` | backup bucket configuration store:   secretRef:     name: etcd-backup   container: mybackupcontainer   provider: aws   prefix: etcd-test |
+| backup.compression.enabled | bool | `false` | enable/disable backup compression |
+| backup.compression.policy | string | `"gzip"` | backup compression policy |
+| backup.deltaSnapshotMemoryLimit | string | `"1Gi"` | delate snapshot memory limit |
+| backup.deltaSnapshotPeriod | string | `"300s"` | delta snapshot period |
+| backup.fullSnapshotSchedule | string | `"0 */24 * * *"` | schedule when to run the full backup |
+| backup.garbageCollectionPeriod | string | `"43200s"` | garbage collection period |
+| backup.garbageCollectionPolicy | string | `"Exponential"` | garbage collection policy |
+| backup.port | int | `8080` | port of the backup sidecar |
+| backup.resources | object | `{"limits":{"cpu":"500m","memory":"2Gi"},"requests":{"cpu":"23m","memory":"128Mi"}}` | resource requests and limits of the backup sidecar |
+| etcd.clientPort | int | `2379` | etcd client port |
+| etcd.defragmentationSchedule | string | `"0 */24 * * *"` | etcd defragmentation schedule  |
+| etcd.metrics | string | `"basic"` | etcd metrics type |
+| etcd.quota | string | `"8Gi"` | etcd server quota |
+| etcd.resources | object | `{"limits":{"cpu":"2500m","memory":"4Gi"},"requests":{"cpu":"500m","memory":"1000Mi"}}` | resource requests and limits of etcd |
+| etcd.serverPort | int | `2380` | etcd server port |
+| etcd.tls.enabled | bool | `true` | enable etcd server tls |
+| replicas | int | `1` | replica count of the etcd statefulset |
+| sharedConfig.autoCompactionMode | string | `"periodic"` | compaction mode |
+| sharedConfig.autoCompactionRetention | string | `"30m"` | compaction retention |
+| storageCapacity | string | `"1Gi"` | etcd disk size |
+| storageClass | string | `"standard"` | etcd pvc storage class |

charts/etcd/README.md.gotmpl

@@ -0,0 +1,14 @@
+{{ template "chart.header" . }}
+{{ template "chart.deprecationWarning" . }}
+
+{{ template "chart.badgesSection" . }}
+
+{{ template "chart.description" . }}
+
+{{ template "chart.homepageLine" . }}
+
+{{ template "chart.sourcesSection" . }}
+
+{{ template "chart.requirementsSection" . }}
+
+{{ template "chart.valuesSection" . }}

charts/etcd/templates/_helpers.tpl

@@ -0,0 +1,62 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "etcd.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "etcd.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "etcd.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "etcd.labels" -}}
+helm.sh/chart: {{ include "etcd.chart" . }}
+{{ include "etcd.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "etcd.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "etcd.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "etcd.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create }}
+{{- default (include "etcd.fullname" .) .Values.serviceAccount.name }}
+{{- else }}
+{{- default "default" .Values.serviceAccount.name }}
+{{- end }}
+{{- end }}

charts/etcd/templates/certificates.yaml

@@ -0,0 +1,91 @@
+{{- if .Values.etcd.tls.enabled }}
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: selfsigned-issuer
+spec:
+  selfSigned: {}
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: etcd-ca
+  namespace: {{ .Release.Namespace }}
+spec:
+  isCA: true
+  commonName: etcd
+  secretName: etcd-ca
+  privateKey:
+    algorithm: ECDSA
+    size: 256
+  issuerRef:
+    name: selfsigned-issuer
+    kind: ClusterIssuer
+    group: cert-manager.io
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: etcd-server
+  namespace: {{ .Release.Namespace }}
+spec:
+  secretName: etcd-server-tls
+  duration: 2160h # 90d
+  renewBefore: 360h # 15d
+  subject:
+    organizations:
+      - onmetal
+  commonName: etcd-server
+  isCA: false
+  privateKey:
+    algorithm: RSA
+    encoding: PKCS1
+    size: 2048
+  usages:
+    - server auth
+    - client auth
+  dnsNames:
+    - localhost
+    - etcd-local
+    - etcd-client.{{ .Release.Namespace }}.svc
+    - etcd-client.{{ .Release.Namespace }}.svc.cluster.local
+  issuerRef:
+    name: etcd-ca
+    kind: Issuer
+    group: cert-manager.io
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: etcd-client
+  namespace: {{ .Release.Namespace }}
+spec:
+  secretName: etcd-client-tls
+  duration: 2160h # 90d
+  renewBefore: 360h # 15d
+  subject:
+    organizations:
+      - onmetal
+  commonName: etcd-client
+  isCA: false
+  privateKey:
+    algorithm: RSA
+    encoding: PKCS1
+    size: 2048
+  usages:
+    - server auth
+    - client auth
+  issuerRef:
+    name: etcd-ca
+    kind: Issuer
+    group: cert-manager.io
+---
+apiVersion: cert-manager.io/v1
+kind: Issuer
+metadata:
+  name: etcd-ca
+  namespace: {{ .Release.Namespace }}
+spec:
+  ca:
+    secretName: etcd-ca
+{{- end }}