Michal.Wrobel/openbao-helm
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

setup templates for proper name prefixing

Browse source
This commit is contained in:
Mitchell Hashimoto 2018-08-18 14:38:33 -07:00
parent 323feba49c
commit 60e57f700e
No known key found for this signature in database
GPG key ID: 744E147AA52F5B0A
14 changed files with 129 additions and 42 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
.gitignore vendored
View file

@ -2,3 +2,4 @@
.terraform/
terraform.tfstate*
terraform.tfvars
values.dev.yaml

2
.helmignore Normal file
View file

@ -0,0 +1,2 @@
.git/
.terraform/

20
templates/_helpers.tpl
View file

@ -4,7 +4,10 @@ We truncate at 63 chars because some Kubernetes name fields are limited to
this (by the DNS naming spec). If release name contains chart name it will
be used as a full name.
*/}}
{{- define "consul.namePrefix" -}}
{{- define "consul.fullname" -}}
{{- if .Values.fullnameOverride -}}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- $name := default .Chart.Name .Values.nameOverride -}}
{{- if contains $name .Release.Name -}}
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
@ -12,6 +15,21 @@ be used as a full name.
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "consul.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Expand the name of the chart.
*/}}
{{- define "consul.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Compute the maximum number of unavailable replicas for the PodDisruptionBudget.

21
templates/client-daemonset.yaml
View file

@ -3,15 +3,26 @@
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: consul
name: {{ template "consul.fullname" . }}
labels:
app: {{ template "consul.name" . }}
chart: {{ template "consul.chart" . }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
spec:
selector:
matchLabels:
app: consul
app: {{ template "consul.name" . }}
chart: {{ template "consul.chart" . }}
release: {{ .Release.Name }}
component: client
template:
metadata:
labels:
app: consul
app: {{ template "consul.name" . }}
chart: {{ template "consul.chart" . }}
release: {{ .Release.Name }}
component: client
annotations:
"consul.hashicorp.com/connect-inject": "false"
spec:
@ -40,6 +51,8 @@ spec:
- "/bin/sh"
- "-ec"
- |
CONSUL_FULLNAME="{{template "consul.fullname" . }}"
exec /bin/consul agent \
-advertise="${POD_IP}" \
-bind=0.0.0.0 \
@ -53,7 +66,7 @@ spec:
{{- else }}
{{- if .Values.server.enabled }}
{{- range $index := until (.Values.server.replicas | int) }}
-retry-join=consul-server-{{ $index }}.consul-server.${NAMESPACE}.svc \
-retry-join=${CONSUL_FULLNAME}-server-{{ $index }}.${CONSUL_FULLNAME}-server.${NAMESPACE}.svc \
{{- end }}
{{- end }}
{{- end }}

21
templates/connect-inject-deployment.yaml
View file

@ -3,18 +3,27 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: consul-connect-injector-webhook-deployment
name: {{ template "consul.fullname" }}-connect-injector-webhook-deployment
labels:
app: consul-connect-injector
app: {{ template "consul.name" . }}
chart: {{ template "consul.chart" . }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
spec:
replicas: 1
selector:
matchLabels:
app: consul-connect-injector
app: {{ template "consul.name" . }}
chart: {{ template "consul.chart" . }}
release: {{ .Release.Name }}
component: connect-injector
template:
metadata:
labels:
app: consul-connect-injector
app: {{ template "consul.name" . }}
chart: {{ template "consul.chart" . }}
release: {{ .Release.Name }}
component: connect-injector
spec:
containers:
- name: sidecar-injector
@ -28,6 +37,8 @@ spec:
- "/bin/sh"
- "-ec"
- |
CONSUL_FULLNAME="{{template "consul.fullname" . }}"
consul-k8s inject \
-default-inject={{ .Values.connectInject.default }} \
-listen=:8080 \
@ -36,7 +47,7 @@ spec:
-tls-key-file=/etc/connect-injector/certs/{{ .Values.connectInject.certs.keyName }}
{{- else }}
-tls-auto=consul-connect-injector-cfg \
-tls-auto-hosts=consul-connect-injector-svc,consul-connect-injector-svc.${NAMESPACE},consul-connect-injector-svc.${NAMESPACE}.svc
-tls-auto-hosts=${CONSUL_FULLNAME}-connect-injector-svc,${CONSUL_FULLNAME}-connect-injector-svc.${NAMESPACE},${CONSUL_FULLNAME}-connect-injector-svc.${NAMESPACE}.svc
{{- end }}
livenessProbe:
tcpSocket:

11
templates/connect-inject-mutatingwebhook.yaml
View file

@ -3,14 +3,17 @@
apiVersion: admissionregistration.k8s.io/v1beta1
kind: MutatingWebhookConfiguration
metadata:
name: consul-connect-injector-cfg
name: {{ template "consul.fullname" . }}-connect-injector-cfg
labels:
app: consul-connect-injector
app: {{ template "consul.name" . }}
chart: {{ template "consul.chart" . }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
webhooks:
- name: consul-connect-injector.consul.hashicorp.com
- name: {{ template "consul.fullname" . }}-connect-injector.consul.hashicorp.com
clientConfig:
service:
name: consul-connect-injector-svc
name: {{ template "consul.fullname" . }}-connect-injector-svc
namespace: default
path: "/mutate"
caBundle: {{ .Values.connectInject.caBundle }}

11
templates/connect-inject-service.yaml
View file

@ -3,14 +3,19 @@
apiVersion: v1
kind: Service
metadata:
name: consul-connect-injector-svc
name: {{ template "consul.fullname" . }}-connect-injector-svc
labels:
app: consul-connect-injector
app: {{ template "consul.name" . }}
chart: {{ template "consul.chart" . }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
spec:
ports:
- port: 443
targetPort: 8080
selector:
app: consul-connect-injector
app: {{ template "consul.name" . }}
release: "{{ .Release.Name }}"
component: connect-injector
{{- end }}

7
templates/server-config-configmap.yaml
View file

@ -3,7 +3,12 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: consul-server-config
name: {{ template "consul.fullname" . }}-server-config
labels:
app: {{ template "consul.name" . }}
chart: {{ template "consul.chart" . }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
data:
extra-from-values.json: |-
{{ tpl .Values.server.extraConfig . | indent 4 }}

11
templates/server-disruptionbudget.yaml
View file

@ -4,10 +4,17 @@
apiVersion: policy/v1beta1
kind: PodDisruptionBudget
metadata:
name: consul-pdb
name: {{ template "consul.fullname" . }}-server
labels:
app: {{ template "consul.name" . }}
chart: {{ template "consul.chart" . }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
spec:
maxUnavailable: {{ template "consul.pdb.maxUnavailable" . }}
selector:
matchLabels:
app: consul-server
app: {{ template "consul.name" . }}
release: "{{ .Release.Name }}"
component: server
{{- end }}

11
templates/server-service.yaml
View file

@ -7,9 +7,12 @@
apiVersion: v1
kind: Service
metadata:
name: consul-server
name: {{ template "consul.fullname" . }}-server
labels:
name: consul-server
app: {{ template "consul.name" . }}
chart: {{ template "consul.chart" . }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
annotations:
# This must be set in addition to publishNotReadyAddresses due
# to an open issue where it may not work:
@ -47,5 +50,7 @@ spec:
port: 8600
targetPort: 8600
selector:
app: consul-server
app: {{ template "consul.name" . }}
release: "{{ .Release.Name }}"
component: server
{{- end }}

38
templates/server-statefulset.yaml
View file

@ -3,12 +3,14 @@
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: consul-server
name: {{ template "consul.fullname" . }}-server
labels:
app: {{ template "consul.name" . }}
chart: {{ template "consul.chart" . }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
spec:
selector:
matchLabels:
app: consul-server
serviceName: consul-server
serviceName: {{ template "consul.fullname" . }}-server
podManagementPolicy: Parallel
replicas: {{ .Values.server.replicas }}
{{- if (gt (int .Values.server.updatePartition) 0) }}
@ -17,10 +19,19 @@ spec:
rollingUpdate:
partition: {{ .Values.server.updatePartition }}
{{- end }}
selector:
matchLabels:
app: {{ template "consul.name" . }}
chart: {{ template "consul.chart" . }}
release: {{ .Release.Name }}
component: server
template:
metadata:
labels:
app: consul-server
app: {{ template "consul.name" . }}
chart: {{ template "consul.chart" . }}
release: {{ .Release.Name }}
component: server
annotations:
"consul.hashicorp.com/connect-inject": "false"
spec:
@ -28,11 +39,10 @@ spec:
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchExpressions:
- key: app
operator: In
values:
- consul-server
matchLabels:
app: {{ template "consul.name" . }}
release: "{{ .Release.Name }}"
component: server
topologyKey: kubernetes.io/hostname
terminationGracePeriodSeconds: 10
securityContext:
@ -40,7 +50,7 @@ spec:
volumes:
- name: config
configMap:
name: consul-server-config
name: {{ template "consul.fullname" . }}-server-config
containers:
- name: consul
image: "{{ .Values.server.image }}"
@ -57,6 +67,8 @@ spec:
- "/bin/sh"
- "-ec"
- |
CONSUL_FULLNAME="{{template "consul.fullname" . }}"
exec /bin/consul agent \
-advertise="${POD_IP}" \
-bind=0.0.0.0 \
@ -73,7 +85,7 @@ spec:
-ui \
{{- end }}
{{- range $index := until (.Values.server.replicas | int) }}
-retry-join=consul-server-{{ $index }}.consul-server.${NAMESPACE}.svc \
-retry-join=${CONSUL_FULLNAME}-server-{{ $index }}.${CONSUL_FULLNAME}-server.${NAMESPACE}.svc \
{{- end }}
-server
volumeMounts:

4
templates/tests/test-config.yaml
View file

@ -1,9 +1,9 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ template "consul.namePrefix" . }}-tests
name: {{ template "consul.fullname" . }}-tests
data:
run.sh: |-
@test "Testing Consul cluster has quorum" {
[ `kubectl exec {{ template "consul.namePrefix" . }}-server-0 consul members --namespace={{ .Release.Namespace }} | grep server | wc -l` -ge "3" ]
[ `kubectl exec {{ template "consul.fullname" . }}-server-0 consul members --namespace={{ .Release.Namespace }} | grep server | wc -l` -ge "3" ]
}

2
templates/tests/test-runner.yaml
View file

@ -31,7 +31,7 @@ spec:
volumes:
- name: tests
configMap:
name: {{ template "consul.namePrefix" . }}-tests
name: {{ template "consul.fullname" . }}-tests
- name: tools
emptyDir: {}
restartPolicy: Never

11
templates/ui-service.yaml
View file

@ -7,12 +7,17 @@
apiVersion: v1
kind: Service
metadata:
name: consul-ui
name: {{ template "consul.fullname" . }}-ui
labels:
name: consul-ui
app: {{ template "consul.name" . }}
chart: {{ template "consul.chart" . }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
spec:
selector:
app: consul-server
app: {{ template "consul.name" . }}
release: "{{ .Release.Name }}"
component: server
ports:
- name: http
port: 80