diff --git a/helm/README.md b/helm/README.md new file mode 100644 index 0000000..41dbfcd --- /dev/null +++ b/helm/README.md @@ -0,0 +1,38 @@ +# cloudformation-operator + +This is the Helm chart for the [cloudformation-operator](https://github.com/linki/cloudformation-operator) + +## Prerequisites + +- Kubernetes 1.9+ + +## Installing the chart +Create AWS resources with Kubernetes +The chart can be installed by running: + +```bash +$ helm install helm/cloudformation-operator +``` + +## Configuration + +The following table lists the configurable parameters of the cloudformation-operator chart and their default values. + +| Parameter | Description | Default | +| ------------------------- | -------------------------------------- | -------------------------------------------------- | +| `image.repository` | Container image repository | `quay.io/linki/cloudformation-operator` | +| `image.tag` | Container image tag | `v0.6.0` | +| `image.pullPolicy` | Container pull policy | `IfNotPresent` | +| `affinity` | affinity settings for pod assignment | `{}` | +| `extraEnv` | Optional environment variables | `[]` | +| `extraVolumes` | Custom Volumes | `[]` | +| `extraVolumeMounts` | Custom VolumeMounts | `[]` | +| `nodeSelector` | Node labels for pod assignment | `{}` | +| `podAnnotations` | Annotations to attach to pod | `{}` | +| `rbac.create` | Create RBAC roles | `true` | +| `rbac.serviceAccountName` | Existing ServiceAccount to use | `cloudformation-operator` | +| `replicas` | Deployment replicas | `1` | +| `resources` | container resource requests and limits | `{}` | +| `tolerations` | Toleration labels for pod assignment | `[]` | +| `tags` | You may want to assign tags to your CloudFormation stacks | `[]` | +| `capability.enabled` | Enable specified capabilities for all stacks managed by the operator instance | `[]` | \ No newline at end of file diff --git a/helm/cloudformation-operator/.helmignore b/helm/cloudformation-operator/.helmignore new file mode 100644 index 0000000..f0c1319 --- /dev/null +++ b/helm/cloudformation-operator/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/helm/cloudformation-operator/Chart.yaml b/helm/cloudformation-operator/Chart.yaml new file mode 100644 index 0000000..2cea162 --- /dev/null +++ b/helm/cloudformation-operator/Chart.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +appVersion: "v0.6.0" +description: A Helm chart for Kubernetes operator for managing CloudFormation stacks +name: cloudformation-operator +version: 0.1.0 +home: https://github.com/linki/cloudformation-operator +keywords: + - AWS +sources: + - https://github.com/linki/cloudformation-operator +maintainers: + - name: mbalazs90 + email: xpbazsi@gmail.com +engine: gotpl diff --git a/helm/cloudformation-operator/templates/NOTES.txt b/helm/cloudformation-operator/templates/NOTES.txt new file mode 100644 index 0000000..2d1e79d --- /dev/null +++ b/helm/cloudformation-operator/templates/NOTES.txt @@ -0,0 +1,10 @@ +Thank you for installing the {{ .Chart.Name }} chart. + +For more information on configuring {{ .Chart.Name }}, refer to {{ .Chart.Home }} + +Your release is named {{ .Release.Name }}. + +To learn more about the release, try: + + $ helm status {{ .Release.Name }} + $ helm get {{ .Release.Name }} \ No newline at end of file diff --git a/helm/cloudformation-operator/templates/_helpers.tpl b/helm/cloudformation-operator/templates/_helpers.tpl new file mode 100644 index 0000000..bba3d51 --- /dev/null +++ b/helm/cloudformation-operator/templates/_helpers.tpl @@ -0,0 +1,61 @@ +{{/* +Helm standard labels. +*/}} +{{- define "cloudformation-operator.helmStandardLabels" -}} +app.kubernetes.io/name: {{ include "cloudformation-operator.name" . }} +helm.sh/chart: {{ include "cloudformation-operator.chart" . }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +app.kubernetes.io/instance: {{ .Release.Name }} +app.kubernetes.io/version: {{ .Chart.AppVersion }} +{{- end -}} + +{{/* +Helm pod labels. +*/}} +{{- define "cloudformation-operator.helmPodLabels" -}} +app.kubernetes.io/name: {{ include "cloudformation-operator.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "cloudformation-operator.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Expand the name of the chart. +*/}} +{{- define "cloudformation-operator.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "cloudformation-operator.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create the name of the service account to use. +*/}} +{{- define "cloudformation-operator.serviceAccountName" -}} +{{- if .Values.rbac.create -}} + {{ default (include "cloudformation-operator.fullname" .) .Values.rbac.serviceAccountName }} +{{- else -}} + {{ default "default" .Values.rbac.serviceAccountName }} +{{- end -}} +{{- end -}} \ No newline at end of file diff --git a/helm/cloudformation-operator/templates/crd.yaml b/helm/cloudformation-operator/templates/crd.yaml new file mode 100644 index 0000000..d2637bc --- /dev/null +++ b/helm/cloudformation-operator/templates/crd.yaml @@ -0,0 +1,38 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: stacks.cloudformation.linki.space +spec: + group: cloudformation.linki.space + names: + kind: Stack + listKind: StackList + plural: stacks + singular: stack + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + type: object + status: + type: object + version: v1alpha1 + versions: + - name: v1alpha1 + served: true + storage: true diff --git a/helm/cloudformation-operator/templates/deployment.yaml b/helm/cloudformation-operator/templates/deployment.yaml new file mode 100644 index 0000000..958d4c7 --- /dev/null +++ b/helm/cloudformation-operator/templates/deployment.yaml @@ -0,0 +1,80 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "cloudformation-operator.name" . }} + labels: +{{ include "cloudformation-operator.helmStandardLabels" . | indent 4 }} +spec: + replicas: {{ .Values.replicas }} + selector: + matchLabels: + name: {{ template "cloudformation-operator.name" . }} + template: + metadata: + annotations: + {{- if .Values.podAnnotations }} +{{ toYaml .Values.podAnnotations | indent 8 }} + {{- end }} + labels: + name: {{ template "cloudformation-operator.name" . }} +{{ include "cloudformation-operator.helmPodLabels" . | indent 8 }} + spec: + {{- if .Values.nodeSelector }} + nodeSelector: +{{ toYaml .Values.nodeSelector | indent 8 }} + {{ end }} + serviceAccountName: {{ if .Values.rbac.create }}{{ template "cloudformation-operator.name" . }}{{ else }}"{{ .Values.rbac.serviceAccountName }}"{{ end }} + containers: + - name: cloudformation-operator + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + command: + - cloudformation-operator + args: +{{- if .Values.operator.region }} + - --region={{ .Values.operator.region }} + {{- end }} +{{- if .Values.tags }} +{{- range $key, $value := .Values.tags }} + - --tag={{ $key }}={{ $value }} + {{- end }} + {{- end }} +{{- if .Values.capability.enabled }} + - --capability CAPABILITY_IAM + {{- end }} +{{- if .Values.affinity }} + affinity: +{{ toYaml .Values.affinity | indent 12 }} + {{- end }} + env: + - name: WATCH_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: OPERATOR_NAME + value: {{ template "cloudformation-operator.name" . }} +{{- if .Values.extraEnv}} + {{- range $key, $value := .Values.extraEnv }} + - name: {{ $key }} + value: {{ $value }} + {{- end }} + {{- end }} + {{- if .Values.resources }} + resources: +{{ toYaml .Values.resources | indent 12 }} + {{- end }} + {{- if .Values.tolerations }} + tolerations: +{{ toYaml .Values.tolerations | indent 12 }} + {{- end }} +{{- if .Values.extraVolumeMounts }} + volumeMounts: +{{ toYaml .Values.extraVolumeMounts | indent 12 }} +{{- end }} +{{- if .Values.extraVolumes }} + volumes: +{{ toYaml .Values.extraVolumes | indent 8 }} +{{- end }} diff --git a/helm/cloudformation-operator/templates/role.yaml b/helm/cloudformation-operator/templates/role.yaml new file mode 100644 index 0000000..4f809ce --- /dev/null +++ b/helm/cloudformation-operator/templates/role.yaml @@ -0,0 +1,65 @@ +{{- if .Values.rbac.create -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + creationTimestamp: null + name: {{ template "cloudformation-operator.name" . }} + labels: +{{ include "cloudformation-operator.helmStandardLabels" . | indent 4 }} +rules: +- apiGroups: + - "" + resources: + - pods + - services + - services/finalizers + - endpoints + - persistentvolumeclaims + - events + - configmaps + - secrets + verbs: + - '*' +- apiGroups: + - apps + resources: + - deployments + - daemonsets + - replicasets + - statefulsets + verbs: + - '*' +- apiGroups: + - monitoring.coreos.com + resources: + - servicemonitors + verbs: + - get + - create +- apiGroups: + - apps + resourceNames: + - {{ template "cloudformation-operator.name" . }} + resources: + - deployments/finalizers + verbs: + - update +- apiGroups: + - "" + resources: + - pods + verbs: + - get +- apiGroups: + - apps + resources: + - replicasets + verbs: + - get +- apiGroups: + - cloudformation.linki.space + resources: + - '*' + verbs: + - '*' +{{- end -}} \ No newline at end of file diff --git a/helm/cloudformation-operator/templates/rolebinding.yaml b/helm/cloudformation-operator/templates/rolebinding.yaml new file mode 100644 index 0000000..d197388 --- /dev/null +++ b/helm/cloudformation-operator/templates/rolebinding.yaml @@ -0,0 +1,15 @@ +{{- if .Values.rbac.create }} +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ template "cloudformation-operator.name" . }} + labels: +{{ include "cloudformation-operator.helmStandardLabels" . | indent 4 }} +subjects: +- kind: ServiceAccount + name: {{ template "cloudformation-operator.name" . }} +roleRef: + kind: Role + name: {{ template "cloudformation-operator.name" . }} + apiGroup: rbac.authorization.k8s.io +{{- end }} \ No newline at end of file diff --git a/helm/cloudformation-operator/templates/serviceaccount.yaml b/helm/cloudformation-operator/templates/serviceaccount.yaml new file mode 100644 index 0000000..fa9d5a1 --- /dev/null +++ b/helm/cloudformation-operator/templates/serviceaccount.yaml @@ -0,0 +1,8 @@ +{{- if .Values.rbac.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: +{{ include "cloudformation-operator.helmStandardLabels" . | indent 4 }} + name: {{ template "cloudformation-operator.name" . }} +{{- end -}} \ No newline at end of file diff --git a/helm/cloudformation-operator/values.yaml b/helm/cloudformation-operator/values.yaml new file mode 100644 index 0000000..3c495f5 --- /dev/null +++ b/helm/cloudformation-operator/values.yaml @@ -0,0 +1,70 @@ +# Default values for cloudformation-operator +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. +image: + repository: quay.io/linki/cloudformation-operator + tag: v0.6.0 + pullPolicy: IfNotPresent + +replicas: 1 + +## Pod Annotations +podAnnotations: +# iam.amazonaws.com/role: "arn:aws:iam:::role/cloudformation-operator" + +## App config +operator: + region: eu-central-1 + +#You may want to assign tags to your CloudFormation stacks. +#The tags added to a CloudFormation stack will be propagated to the managed resources. +tags: +# wambo: baz +# foo: bar + +#Enable specified capabilities for all stacks managed by the operator instance. +capability: + enabled: false + +## RBAC roles and bindings +rbac: + create: true + serviceAccountName: cloudformation-operator + +## Pod Resources +#resources: +# requests: +# memory: "64Mi" +# cpu: "250m" +# limits: +# memory: "128Mi" +# cpu: "500m" + +## Pod Affinity +affinity: {} + +## A list of additional environment variables +extraEnv: + #- name: my_env + # value: my_value + +## Additional Volumes and mounts +extraVolumes: + #- hostPath: + # path: /var/log + # name: logs +extraVolumeMounts: + #- name: logs + # mountPath: /host/var/log + # readOnly: true + +## Node Selector +nodeSelector: + #disktype: ssd + +## Pod Tolerations +tolerations: + #- key: "node.kubernetes.io/not-ready" + # operator: "Exists" + # effect: "NoExecute" + # tolerationSeconds: 6000