Michal.Wrobel/openbao-helm
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

setup templates for proper name prefixing

Browse source
This commit is contained in:
Mitchell Hashimoto 2018-08-18 14:38:33 -07:00
parent 323feba49c
commit 60e57f700e
No known key found for this signature in database
GPG key ID: 744E147AA52F5B0A
14 changed files with 129 additions and 42 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
.gitignore vendored
View file

@ -2,3 +2,4 @@
.terraform/ .terraform/
terraform.tfstate* terraform.tfstate*
terraform.tfvars terraform.tfvars
values.dev.yaml

2
.helmignore Normal file
View file

@ -0,0 +1,2 @@
.git/
.terraform/

20
templates/_helpers.tpl
View file

@ -4,7 +4,10 @@ We truncate at 63 chars because some Kubernetes name fields are limited to
this (by the DNS naming spec). If release name contains chart name it will this (by the DNS naming spec). If release name contains chart name it will
be used as a full name. be used as a full name.
*/}} */}}
{{- define "consul.namePrefix" -}} {{- define "consul.fullname" -}}
{{- if .Values.fullnameOverride -}}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- $name := default .Chart.Name .Values.nameOverride -}} {{- $name := default .Chart.Name .Values.nameOverride -}}
{{- if contains $name .Release.Name -}} {{- if contains $name .Release.Name -}}
{{- .Release.Name | trunc 63 | trimSuffix "-" -}} {{- .Release.Name | trunc 63 | trimSuffix "-" -}}
@ -12,6 +15,21 @@ be used as a full name.
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
{{- end -}} {{- end -}}
{{- end -}} {{- end -}}
{{- end -}}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "consul.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Expand the name of the chart.
*/}}
{{- define "consul.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/* {{/*
Compute the maximum number of unavailable replicas for the PodDisruptionBudget. Compute the maximum number of unavailable replicas for the PodDisruptionBudget.

21
templates/client-daemonset.yaml
View file

@ -3,15 +3,26 @@
apiVersion: apps/v1 apiVersion: apps/v1
kind: DaemonSet kind: DaemonSet
metadata: metadata:
name: consul name: {{ template "consul.fullname" . }}
labels:
app: {{ template "consul.name" . }}
chart: {{ template "consul.chart" . }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
spec: spec:
selector: selector:
matchLabels: matchLabels:
app: consul app: {{ template "consul.name" . }}
chart: {{ template "consul.chart" . }}
release: {{ .Release.Name }}
component: client
template: template:
metadata: metadata:
labels: labels:
app: consul app: {{ template "consul.name" . }}
chart: {{ template "consul.chart" . }}
release: {{ .Release.Name }}
component: client
annotations: annotations:
"consul.hashicorp.com/connect-inject": "false" "consul.hashicorp.com/connect-inject": "false"
spec: spec:
@ -40,6 +51,8 @@ spec:
- "/bin/sh" - "/bin/sh"
- "-ec" - "-ec"
- | - |
CONSUL_FULLNAME="{{template "consul.fullname" . }}"
exec /bin/consul agent \ exec /bin/consul agent \
-advertise="${POD_IP}" \ -advertise="${POD_IP}" \
-bind=0.0.0.0 \ -bind=0.0.0.0 \
@ -53,7 +66,7 @@ spec:
{{- else }} {{- else }}
{{- if .Values.server.enabled }} {{- if .Values.server.enabled }}
{{- range $index := until (.Values.server.replicas | int) }} {{- range $index := until (.Values.server.replicas | int) }}
-retry-join=consul-server-{{ $index }}.consul-server.${NAMESPACE}.svc \ -retry-join=${CONSUL_FULLNAME}-server-{{ $index }}.${CONSUL_FULLNAME}-server.${NAMESPACE}.svc \
{{- end }} {{- end }}
{{- end }} {{- end }}
{{- end }} {{- end }}

21
templates/connect-inject-deployment.yaml
View file

@ -3,18 +3,27 @@
apiVersion: apps/v1 apiVersion: apps/v1
kind: Deployment kind: Deployment
metadata: metadata:
name: consul-connect-injector-webhook-deployment name: {{ template "consul.fullname" }}-connect-injector-webhook-deployment
labels: labels:
app: consul-connect-injector app: {{ template "consul.name" . }}
chart: {{ template "consul.chart" . }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
spec: spec:
replicas: 1 replicas: 1
selector: selector:
matchLabels: matchLabels:
app: consul-connect-injector app: {{ template "consul.name" . }}
chart: {{ template "consul.chart" . }}
release: {{ .Release.Name }}
component: connect-injector
template: template:
metadata: metadata:
labels: labels:
app: consul-connect-injector app: {{ template "consul.name" . }}
chart: {{ template "consul.chart" . }}
release: {{ .Release.Name }}
component: connect-injector
spec: spec:
containers: containers:
- name: sidecar-injector - name: sidecar-injector
@ -28,6 +37,8 @@ spec:
- "/bin/sh" - "/bin/sh"
- "-ec" - "-ec"
- | - |
CONSUL_FULLNAME="{{template "consul.fullname" . }}"
consul-k8s inject \ consul-k8s inject \
-default-inject={{ .Values.connectInject.default }} \ -default-inject={{ .Values.connectInject.default }} \
-listen=:8080 \ -listen=:8080 \
@ -36,7 +47,7 @@ spec:
-tls-key-file=/etc/connect-injector/certs/{{ .Values.connectInject.certs.keyName }} -tls-key-file=/etc/connect-injector/certs/{{ .Values.connectInject.certs.keyName }}
{{- else }} {{- else }}
-tls-auto=consul-connect-injector-cfg \ -tls-auto=consul-connect-injector-cfg \
-tls-auto-hosts=consul-connect-injector-svc,consul-connect-injector-svc.${NAMESPACE},consul-connect-injector-svc.${NAMESPACE}.svc -tls-auto-hosts=${CONSUL_FULLNAME}-connect-injector-svc,${CONSUL_FULLNAME}-connect-injector-svc.${NAMESPACE},${CONSUL_FULLNAME}-connect-injector-svc.${NAMESPACE}.svc
{{- end }} {{- end }}
livenessProbe: livenessProbe:
tcpSocket: tcpSocket:

11
templates/connect-inject-mutatingwebhook.yaml
View file

@ -3,14 +3,17 @@
apiVersion: admissionregistration.k8s.io/v1beta1 apiVersion: admissionregistration.k8s.io/v1beta1
kind: MutatingWebhookConfiguration kind: MutatingWebhookConfiguration
metadata: metadata:
name: consul-connect-injector-cfg name: {{ template "consul.fullname" . }}-connect-injector-cfg
labels: labels:
app: consul-connect-injector app: {{ template "consul.name" . }}
chart: {{ template "consul.chart" . }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
webhooks: webhooks:
- name: consul-connect-injector.consul.hashicorp.com - name: {{ template "consul.fullname" . }}-connect-injector.consul.hashicorp.com
clientConfig: clientConfig:
service: service:
name: consul-connect-injector-svc name: {{ template "consul.fullname" . }}-connect-injector-svc
namespace: default namespace: default
path: "/mutate" path: "/mutate"
caBundle: {{ .Values.connectInject.caBundle }} caBundle: {{ .Values.connectInject.caBundle }}

11
templates/connect-inject-service.yaml
View file

@ -3,14 +3,19 @@
apiVersion: v1 apiVersion: v1
kind: Service kind: Service
metadata: metadata:
name: consul-connect-injector-svc name: {{ template "consul.fullname" . }}-connect-injector-svc
labels: labels:
app: consul-connect-injector app: {{ template "consul.name" . }}
chart: {{ template "consul.chart" . }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
spec: spec:
ports: ports:
- port: 443 - port: 443
targetPort: 8080 targetPort: 8080
selector: selector:
app: consul-connect-injector app: {{ template "consul.name" . }}
release: "{{ .Release.Name }}"
component: connect-injector
{{- end }} {{- end }}

7
templates/server-config-configmap.yaml
View file

@ -3,7 +3,12 @@
apiVersion: v1 apiVersion: v1
kind: ConfigMap kind: ConfigMap
metadata: metadata:
name: consul-server-config name: {{ template "consul.fullname" . }}-server-config
labels:
app: {{ template "consul.name" . }}
chart: {{ template "consul.chart" . }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
data: data:
extra-from-values.json: |- extra-from-values.json: |-
{{ tpl .Values.server.extraConfig . | indent 4 }} {{ tpl .Values.server.extraConfig . | indent 4 }}

11
templates/server-disruptionbudget.yaml
View file

@ -4,10 +4,17 @@
apiVersion: policy/v1beta1 apiVersion: policy/v1beta1
kind: PodDisruptionBudget kind: PodDisruptionBudget
metadata: metadata:
name: consul-pdb name: {{ template "consul.fullname" . }}-server
labels:
app: {{ template "consul.name" . }}
chart: {{ template "consul.chart" . }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
spec: spec:
maxUnavailable: {{ template "consul.pdb.maxUnavailable" . }} maxUnavailable: {{ template "consul.pdb.maxUnavailable" . }}
selector: selector:
matchLabels: matchLabels:
app: consul-server app: {{ template "consul.name" . }}
release: "{{ .Release.Name }}"
component: server
{{- end }} {{- end }}

11
templates/server-service.yaml
View file

@ -7,9 +7,12 @@
apiVersion: v1 apiVersion: v1
kind: Service kind: Service
metadata: metadata:
name: consul-server name: {{ template "consul.fullname" . }}-server
labels: labels:
name: consul-server app: {{ template "consul.name" . }}
chart: {{ template "consul.chart" . }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
annotations: annotations:
# This must be set in addition to publishNotReadyAddresses due # This must be set in addition to publishNotReadyAddresses due
# to an open issue where it may not work: # to an open issue where it may not work:
@ -47,5 +50,7 @@ spec:
port: 8600 port: 8600
targetPort: 8600 targetPort: 8600
selector: selector:
app: consul-server app: {{ template "consul.name" . }}
release: "{{ .Release.Name }}"
component: server
{{- end }} {{- end }}

38
templates/server-statefulset.yaml
View file

@ -3,12 +3,14 @@
apiVersion: apps/v1 apiVersion: apps/v1
kind: StatefulSet kind: StatefulSet
metadata: metadata:
name: consul-server name: {{ template "consul.fullname" . }}-server
labels:
app: {{ template "consul.name" . }}
chart: {{ template "consul.chart" . }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
spec: spec:
selector: serviceName: {{ template "consul.fullname" . }}-server
matchLabels:
app: consul-server
serviceName: consul-server
podManagementPolicy: Parallel podManagementPolicy: Parallel
replicas: {{ .Values.server.replicas }} replicas: {{ .Values.server.replicas }}
{{- if (gt (int .Values.server.updatePartition) 0) }} {{- if (gt (int .Values.server.updatePartition) 0) }}
@ -17,10 +19,19 @@ spec:
rollingUpdate: rollingUpdate:
partition: {{ .Values.server.updatePartition }} partition: {{ .Values.server.updatePartition }}
{{- end }} {{- end }}
selector:
matchLabels:
app: {{ template "consul.name" . }}
chart: {{ template "consul.chart" . }}
release: {{ .Release.Name }}
component: server
template: template:
metadata: metadata:
labels: labels:
app: consul-server app: {{ template "consul.name" . }}
chart: {{ template "consul.chart" . }}
release: {{ .Release.Name }}
component: server
annotations: annotations:
"consul.hashicorp.com/connect-inject": "false" "consul.hashicorp.com/connect-inject": "false"
spec: spec:
@ -28,11 +39,10 @@ spec:
podAntiAffinity: podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution: requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector: - labelSelector:
matchExpressions: matchLabels:
- key: app app: {{ template "consul.name" . }}
operator: In release: "{{ .Release.Name }}"
values: component: server
- consul-server
topologyKey: kubernetes.io/hostname topologyKey: kubernetes.io/hostname
terminationGracePeriodSeconds: 10 terminationGracePeriodSeconds: 10
securityContext: securityContext:
@ -40,7 +50,7 @@ spec:
volumes: volumes:
- name: config - name: config
configMap: configMap:
name: consul-server-config name: {{ template "consul.fullname" . }}-server-config
containers: containers:
- name: consul - name: consul
image: "{{ .Values.server.image }}" image: "{{ .Values.server.image }}"
@ -57,6 +67,8 @@ spec:
- "/bin/sh" - "/bin/sh"
- "-ec" - "-ec"
- | - |
CONSUL_FULLNAME="{{template "consul.fullname" . }}"
exec /bin/consul agent \ exec /bin/consul agent \
-advertise="${POD_IP}" \ -advertise="${POD_IP}" \
-bind=0.0.0.0 \ -bind=0.0.0.0 \
@ -73,7 +85,7 @@ spec:
-ui \ -ui \
{{- end }} {{- end }}
{{- range $index := until (.Values.server.replicas | int) }} {{- range $index := until (.Values.server.replicas | int) }}
-retry-join=consul-server-{{ $index }}.consul-server.${NAMESPACE}.svc \ -retry-join=${CONSUL_FULLNAME}-server-{{ $index }}.${CONSUL_FULLNAME}-server.${NAMESPACE}.svc \
{{- end }} {{- end }}
-server -server
volumeMounts: volumeMounts:

4
templates/tests/test-config.yaml
View file

@ -1,9 +1,9 @@
apiVersion: v1 apiVersion: v1
kind: ConfigMap kind: ConfigMap
metadata: metadata:
name: {{ template "consul.namePrefix" . }}-tests name: {{ template "consul.fullname" . }}-tests
data: data:
run.sh: |- run.sh: |-
@test "Testing Consul cluster has quorum" { @test "Testing Consul cluster has quorum" {
[ `kubectl exec {{ template "consul.namePrefix" . }}-server-0 consul members --namespace={{ .Release.Namespace }} | grep server | wc -l` -ge "3" ] [ `kubectl exec {{ template "consul.fullname" . }}-server-0 consul members --namespace={{ .Release.Namespace }} | grep server | wc -l` -ge "3" ]
} }

2
templates/tests/test-runner.yaml
View file

@ -31,7 +31,7 @@ spec:
volumes: volumes:
- name: tests - name: tests
configMap: configMap:
name: {{ template "consul.namePrefix" . }}-tests name: {{ template "consul.fullname" . }}-tests
- name: tools - name: tools
emptyDir: {} emptyDir: {}
restartPolicy: Never restartPolicy: Never

11
templates/ui-service.yaml
View file

@ -7,12 +7,17 @@
apiVersion: v1 apiVersion: v1
kind: Service kind: Service
metadata: metadata:
name: consul-ui name: {{ template "consul.fullname" . }}-ui
labels: labels:
name: consul-ui app: {{ template "consul.name" . }}
chart: {{ template "consul.chart" . }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
spec: spec:
selector: selector:
app: consul-server app: {{ template "consul.name" . }}
release: "{{ .Release.Name }}"
component: server
ports: ports:
- name: http - name: http
port: 80 port: 80