From ae4d52834e76033b34f0b6f285cbd3bb954e4979 Mon Sep 17 00:00:00 2001 From: Ben Jackson Date: Tue, 2 Feb 2021 10:48:32 +1100 Subject: [PATCH 1/3] add fastly-controller chart --- charts/fastly-controller/.helmignore | 23 ++++++ charts/fastly-controller/Chart.yaml | 20 ++++++ charts/fastly-controller/README.md | 3 + .../fastly-controller/ci/linter-values.yaml | 4 ++ charts/fastly-controller/templates/NOTES.txt | 1 + .../fastly-controller/templates/_helpers.tpl | 59 +++++++++++++++ .../templates/clusterrole.yaml | 67 +++++++++++++++++ .../templates/clusterrolebinding.yaml | 29 ++++++++ .../templates/deployment.yaml | 71 +++++++++++++++++++ charts/fastly-controller/templates/role.yaml | 33 +++++++++ .../templates/rolebinding.yaml | 14 ++++ .../fastly-controller/templates/service.yaml | 15 ++++ .../templates/serviceaccount.yaml | 10 +++ charts/fastly-controller/values.yaml | 53 ++++++++++++++ 14 files changed, 402 insertions(+) create mode 100644 charts/fastly-controller/.helmignore create mode 100644 charts/fastly-controller/Chart.yaml create mode 100644 charts/fastly-controller/README.md create mode 100644 charts/fastly-controller/ci/linter-values.yaml create mode 100644 charts/fastly-controller/templates/NOTES.txt create mode 100644 charts/fastly-controller/templates/_helpers.tpl create mode 100644 charts/fastly-controller/templates/clusterrole.yaml create mode 100644 charts/fastly-controller/templates/clusterrolebinding.yaml create mode 100644 charts/fastly-controller/templates/deployment.yaml create mode 100644 charts/fastly-controller/templates/role.yaml create mode 100644 charts/fastly-controller/templates/rolebinding.yaml create mode 100644 charts/fastly-controller/templates/service.yaml create mode 100644 charts/fastly-controller/templates/serviceaccount.yaml create mode 100644 charts/fastly-controller/values.yaml diff --git a/charts/fastly-controller/.helmignore b/charts/fastly-controller/.helmignore new file mode 100644 index 0000000..0e8a0eb --- /dev/null +++ b/charts/fastly-controller/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/charts/fastly-controller/Chart.yaml b/charts/fastly-controller/Chart.yaml new file mode 100644 index 0000000..98e4767 --- /dev/null +++ b/charts/fastly-controller/Chart.yaml @@ -0,0 +1,20 @@ +apiVersion: v2 +name: fastly-controller +description: + A Helm chart for Kubernetes which installs the Fastly Controller + (https://github.com/amazeeio/fastly-controller). +home: https://github.com/amazeeio/charts +icon: https://raw.githubusercontent.com/amazeeio/charts/main/icon.png +maintainers: +- name: shreddedbacon + email: ben.jackson@amazee.io + url: https://amazee.io +- name: smlx + email: scott.leggett@amazee.io + url: https://amazee.io + +type: application + +version: 0.1.0 + +appVersion: v0.0.1 diff --git a/charts/fastly-controller/README.md b/charts/fastly-controller/README.md new file mode 100644 index 0000000..acbfe5c --- /dev/null +++ b/charts/fastly-controller/README.md @@ -0,0 +1,3 @@ +# Fastly Controller Helm Chart + +This chart installs the [Fastly Controller](https://github.com/amazeeio/fastly-controller). diff --git a/charts/fastly-controller/ci/linter-values.yaml b/charts/fastly-controller/ci/linter-values.yaml new file mode 100644 index 0000000..a8f4b4d --- /dev/null +++ b/charts/fastly-controller/ci/linter-values.yaml @@ -0,0 +1,4 @@ +fastly: + apiToken: 'a8ebfff7e54ebc786' + tlsConfigID: '42cd671d142d18bba26' + clusterName: 'region1' diff --git a/charts/fastly-controller/templates/NOTES.txt b/charts/fastly-controller/templates/NOTES.txt new file mode 100644 index 0000000..ec6b46f --- /dev/null +++ b/charts/fastly-controller/templates/NOTES.txt @@ -0,0 +1 @@ +Fastly controller has been installed. diff --git a/charts/fastly-controller/templates/_helpers.tpl b/charts/fastly-controller/templates/_helpers.tpl new file mode 100644 index 0000000..ac3628f --- /dev/null +++ b/charts/fastly-controller/templates/_helpers.tpl @@ -0,0 +1,59 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "fastly-controller.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "fastly-controller.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "fastly-controller.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Common labels +*/}} +{{- define "fastly-controller.labels" -}} +helm.sh/chart: {{ include "fastly-controller.chart" . }} +{{ include "fastly-controller.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end -}} + +{{/* +Selector labels +*/}} +{{- define "fastly-controller.selectorLabels" -}} +app.kubernetes.io/name: {{ include "fastly-controller.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end -}} + +{{/* +Create the name of the service account to use +*/}} +{{- define "fastly-controller.serviceAccountName" -}} +{{ default "fastly-controller" .Values.serviceAccount.nameOverride }} +{{- end -}} \ No newline at end of file diff --git a/charts/fastly-controller/templates/clusterrole.yaml b/charts/fastly-controller/templates/clusterrole.yaml new file mode 100644 index 0000000..194b533 --- /dev/null +++ b/charts/fastly-controller/templates/clusterrole.yaml @@ -0,0 +1,67 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "fastly-controller.fullname" . }}-manager + labels: + {{- include "fastly-controller.labels" . | nindent 4 }} +rules: +- apiGroups: + - '*' + resources: + - ingress + verbs: + - get + - list + - patch + - update + - watch +- apiGroups: + - '*' + resources: + - ingress/status + verbs: + - get + - patch + - update +- apiGroups: + - '*' + resources: + - ingresses + verbs: + - get + - list + - patch + - update + - watch +- apiGroups: + - '*' + resources: + - secrets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "fastly-controller.fullname" . }}-proxy + labels: + {{- include "fastly-controller.labels" . | nindent 4 }} +rules: +- apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create +- apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create \ No newline at end of file diff --git a/charts/fastly-controller/templates/clusterrolebinding.yaml b/charts/fastly-controller/templates/clusterrolebinding.yaml new file mode 100644 index 0000000..13c91b8 --- /dev/null +++ b/charts/fastly-controller/templates/clusterrolebinding.yaml @@ -0,0 +1,29 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ include "fastly-controller.fullname" . }}-manager + labels: + {{- include "fastly-controller.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ include "fastly-controller.fullname" . }}-manager +subjects: +- kind: ServiceAccount + name: {{ include "fastly-controller.serviceAccountName" . }} + namespace: {{ .Release.Namespace | quote }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ include "fastly-controller.fullname" . }}-proxy + labels: + {{- include "fastly-controller.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ include "fastly-controller.fullname" . }}-proxy +subjects: +- kind: ServiceAccount + name: {{ include "fastly-controller.serviceAccountName" . }} + namespace: {{ .Release.Namespace | quote }} \ No newline at end of file diff --git a/charts/fastly-controller/templates/deployment.yaml b/charts/fastly-controller/templates/deployment.yaml new file mode 100644 index 0000000..84da23c --- /dev/null +++ b/charts/fastly-controller/templates/deployment.yaml @@ -0,0 +1,71 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "fastly-controller.fullname" . }} + labels: + {{- include "fastly-controller.labels" . | nindent 4 }} +spec: + replicas: {{ .Values.replicaCount }} + selector: + matchLabels: + {{- include "fastly-controller.selectorLabels" . | nindent 6 }} + template: + metadata: + labels: + {{- include "fastly-controller.selectorLabels" . | nindent 8 }} + spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "fastly-controller.serviceAccountName" . }} + securityContext: + {{- toYaml .Values.podSecurityContext | nindent 8 }} + containers: + - name: kube-rbac-proxy + securityContext: + {{- toYaml .Values.kubeRBACProxy.securityContext | nindent 10 }} + image: "{{ .Values.kubeRBACProxy.image.repository }}:{{ .Values.kubeRBACProxy.image.tag }}" + imagePullPolicy: {{ .Values.kubeRBACProxy.image.pullPolicy }} + args: + - "--secure-listen-address=0.0.0.0:8443" + - "--upstream=http://127.0.0.1:8080/" + - "--logtostderr=true" + - "--v=10" + ports: + - containerPort: 8443 + name: https + resources: + {{- toYaml .Values.kubeRBACProxy.resources | nindent 10 }} + - name: manager + securityContext: + {{- toYaml .Values.securityContext | nindent 10 }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion}}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + env: + - name: FASTLY_API_TOKEN + value: {{ .Values.fastly.apiToken }} + - name: FASTLY_PLATFORM_TLS_CONFIGURATION_ID + value: {{ .Values.fastly.tlsConfigID }} + - name: CLUSTER_NAME + value: {{ .Values.fastly.clusterName }} + command: + - /manager + {{- with .Values.extraArgs }} + args: + {{- toYaml . | nindent 8 }} + {{- end }} + resources: + {{- toYaml .Values.resources | nindent 10 }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/charts/fastly-controller/templates/role.yaml b/charts/fastly-controller/templates/role.yaml new file mode 100644 index 0000000..bebd2d8 --- /dev/null +++ b/charts/fastly-controller/templates/role.yaml @@ -0,0 +1,33 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ include "fastly-controller.fullname" . }}-leader-election + labels: + {{- include "fastly-controller.labels" . | nindent 4 }} +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - configmaps/status + verbs: + - get + - update + - patch +- apiGroups: + - "" + resources: + - events + verbs: + - create diff --git a/charts/fastly-controller/templates/rolebinding.yaml b/charts/fastly-controller/templates/rolebinding.yaml new file mode 100644 index 0000000..104938f --- /dev/null +++ b/charts/fastly-controller/templates/rolebinding.yaml @@ -0,0 +1,14 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ include "fastly-controller.fullname" . }}-leader-election + labels: + {{- include "fastly-controller.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ include "fastly-controller.fullname" . }}-leader-election +subjects: +- kind: ServiceAccount + name: {{ include "fastly-controller.serviceAccountName" . }} + namespace: {{ .Release.Namespace | quote }} \ No newline at end of file diff --git a/charts/fastly-controller/templates/service.yaml b/charts/fastly-controller/templates/service.yaml new file mode 100644 index 0000000..92386a7 --- /dev/null +++ b/charts/fastly-controller/templates/service.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "fastly-controller.fullname" . }} + labels: + {{- include "fastly-controller.labels" . | nindent 4 }} +spec: + type: {{ .Values.service.type }} + ports: + - name: https + port: {{ .Values.service.port }} + targetPort: https + protocol: TCP + selector: + {{- include "fastly-controller.selectorLabels" . | nindent 4 }} \ No newline at end of file diff --git a/charts/fastly-controller/templates/serviceaccount.yaml b/charts/fastly-controller/templates/serviceaccount.yaml new file mode 100644 index 0000000..46c244e --- /dev/null +++ b/charts/fastly-controller/templates/serviceaccount.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "fastly-controller.serviceAccountName" . }} + labels: + {{- include "fastly-controller.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} diff --git a/charts/fastly-controller/values.yaml b/charts/fastly-controller/values.yaml new file mode 100644 index 0000000..e38b2a4 --- /dev/null +++ b/charts/fastly-controller/values.yaml @@ -0,0 +1,53 @@ +fastly: + apiToken: "" + tlsConfigID: "" + clusterName: "" + +extraArgs: +- "--metrics-addr=127.0.0.1:8080" +- "--enable-leader-election=true" + +image: + repository: amazeeio/fastly-controller + pullPolicy: IfNotPresent + # Overrides the image tag whose default is the chart appVersion. + tag: "" + +imagePullSecrets: [] +nameOverride: "" + +serviceAccount: + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set, a name is generated using the fullname template + name: "" + +podAnnotations: {} + +podSecurityContext: {} + +securityContext: {} + +service: + type: ClusterIP + port: 8443 + +resources: {} + +nodeSelector: {} + +tolerations: [] + +affinity: {} + +# this sidecar runs in the same pod as fastly-controller +kubeRBACProxy: + image: + repository: gcr.io/kubebuilder/kube-rbac-proxy + pullPolicy: IfNotPresent + tag: v0.4.1 + + securityContext: {} + + resources: {} From f255c1b7856943349d0a14034aadb1c3d9f533ef Mon Sep 17 00:00:00 2001 From: Ben Jackson Date: Tue, 2 Feb 2021 10:54:25 +1100 Subject: [PATCH 2/3] no replicas --- charts/fastly-controller/templates/deployment.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/charts/fastly-controller/templates/deployment.yaml b/charts/fastly-controller/templates/deployment.yaml index 84da23c..18cc939 100644 --- a/charts/fastly-controller/templates/deployment.yaml +++ b/charts/fastly-controller/templates/deployment.yaml @@ -5,7 +5,6 @@ metadata: labels: {{- include "fastly-controller.labels" . | nindent 4 }} spec: - replicas: {{ .Values.replicaCount }} selector: matchLabels: {{- include "fastly-controller.selectorLabels" . | nindent 6 }} From 7d3911f16c5589b6f87665c694ecfd814636b999 Mon Sep 17 00:00:00 2001 From: Ben Jackson Date: Tue, 2 Feb 2021 17:41:18 +1100 Subject: [PATCH 3/3] add trailing new lines and fix ends --- charts/fastly-controller/templates/_helpers.tpl | 16 ++++++++-------- .../fastly-controller/templates/clusterrole.yaml | 2 +- .../templates/clusterrolebinding.yaml | 2 +- .../fastly-controller/templates/rolebinding.yaml | 2 +- charts/fastly-controller/templates/service.yaml | 2 +- 5 files changed, 12 insertions(+), 12 deletions(-) diff --git a/charts/fastly-controller/templates/_helpers.tpl b/charts/fastly-controller/templates/_helpers.tpl index ac3628f..7f590b4 100644 --- a/charts/fastly-controller/templates/_helpers.tpl +++ b/charts/fastly-controller/templates/_helpers.tpl @@ -4,7 +4,7 @@ Expand the name of the chart. */}} {{- define "fastly-controller.name" -}} {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} +{{- end }} {{/* Create a default fully qualified app name. @@ -20,16 +20,16 @@ If release name contains chart name it will be used as a full name. {{- .Release.Name | trunc 63 | trimSuffix "-" -}} {{- else -}} {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} +{{- end }} +{{- end }} +{{- end }} {{/* Create chart name and version as used by the chart label. */}} {{- define "fastly-controller.chart" -}} {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} +{{- end }} {{/* Common labels @@ -41,7 +41,7 @@ helm.sh/chart: {{ include "fastly-controller.chart" . }} app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} {{- end }} app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end -}} +{{- end }} {{/* Selector labels @@ -49,11 +49,11 @@ Selector labels {{- define "fastly-controller.selectorLabels" -}} app.kubernetes.io/name: {{ include "fastly-controller.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} -{{- end -}} +{{- end }} {{/* Create the name of the service account to use */}} {{- define "fastly-controller.serviceAccountName" -}} {{ default "fastly-controller" .Values.serviceAccount.nameOverride }} -{{- end -}} \ No newline at end of file +{{- end }} diff --git a/charts/fastly-controller/templates/clusterrole.yaml b/charts/fastly-controller/templates/clusterrole.yaml index 194b533..983f688 100644 --- a/charts/fastly-controller/templates/clusterrole.yaml +++ b/charts/fastly-controller/templates/clusterrole.yaml @@ -64,4 +64,4 @@ rules: resources: - subjectaccessreviews verbs: - - create \ No newline at end of file + - create diff --git a/charts/fastly-controller/templates/clusterrolebinding.yaml b/charts/fastly-controller/templates/clusterrolebinding.yaml index 13c91b8..1dc81c1 100644 --- a/charts/fastly-controller/templates/clusterrolebinding.yaml +++ b/charts/fastly-controller/templates/clusterrolebinding.yaml @@ -26,4 +26,4 @@ roleRef: subjects: - kind: ServiceAccount name: {{ include "fastly-controller.serviceAccountName" . }} - namespace: {{ .Release.Namespace | quote }} \ No newline at end of file + namespace: {{ .Release.Namespace | quote }} diff --git a/charts/fastly-controller/templates/rolebinding.yaml b/charts/fastly-controller/templates/rolebinding.yaml index 104938f..259b066 100644 --- a/charts/fastly-controller/templates/rolebinding.yaml +++ b/charts/fastly-controller/templates/rolebinding.yaml @@ -11,4 +11,4 @@ roleRef: subjects: - kind: ServiceAccount name: {{ include "fastly-controller.serviceAccountName" . }} - namespace: {{ .Release.Namespace | quote }} \ No newline at end of file + namespace: {{ .Release.Namespace | quote }} diff --git a/charts/fastly-controller/templates/service.yaml b/charts/fastly-controller/templates/service.yaml index 92386a7..0a77c10 100644 --- a/charts/fastly-controller/templates/service.yaml +++ b/charts/fastly-controller/templates/service.yaml @@ -12,4 +12,4 @@ spec: targetPort: https protocol: TCP selector: - {{- include "fastly-controller.selectorLabels" . | nindent 4 }} \ No newline at end of file + {{- include "fastly-controller.selectorLabels" . | nindent 4 }}