add helm chart (#5)

quortex · Oct 8, 2021 · 7582da8 · 7582da8
1 parent 0658259
commit 7582da8
Show file tree

Hide file tree

Showing 16 changed files with 985 additions and 1 deletion.
diff --git a/.github/workflows/helm-release.yaml b/.github/workflows/helm-release.yaml
@@ -0,0 +1,37 @@
+name: Release Charts
+
+on:
+  push:
+    branches:
+      - main
+
+jobs:
+  release:
+    runs-on: ubuntu-latest
+    steps:
+      # This step uses Github's checkout-action: https://github.com/actions/checkout
+      - name: Checkout
+        uses: actions/checkout@v2
+        with:
+          fetch-depth: 0
+
+      # Configure Git for release.
+      - name: Configure Git
+        run: |
+          git config user.name "$GITHUB_ACTOR"
+          git config user.email "$GITHUB_ACTOR@users.noreply.github.com"
+
+      # Install Helm.
+      - name: Install Helm
+        uses: azure/setup-helm@v1
+        with:
+          version: v3.4.0
+
+      # Run chart-releaser action (https://github.com/helm/chart-releaser-action).
+      - name: Run chart-releaser
+        uses: helm/chart-releaser-action@v1.2.1
+        with:
+          charts_dir: helm
+        env:
+          CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
+          CR_RELEASE_NAME_TEMPLATE: "{{ .Name }}-chart-{{ .Version }}"
diff --git a/Makefile b/Makefile
@@ -65,6 +65,16 @@ doc: crd-ref-docs ## Build api documentation.
 					--templates-dir=hack/doc-generation/templates/asciidoctor \
 					--output-path=docs/api-docs.asciidoc
 
+charts: yq kustomize ## Generate helm chart crds, rbac from kustomize files and doc from helm values.
+	@TMPFILE=$$(mktemp) && \
+	${YQ} -y '.metadata.name = ("PREFIX-" + .metadata.name)' config/rbac/role.yaml | \
+		sed "s/PREFIX/{{ include \"kubestatic.fullname\" . }}/" > helm/kubestatic/templates/manager_role.yaml && \
+	${KUSTOMIZE} build config/default/ > $${TMPFILE} && \
+	${YQ} -y 'select(.kind=="CustomResourceDefinition")' $${TMPFILE} > helm/kubestatic/crds/crds.yaml && \
+	rm -rf $${TMPFILE}
+	@docker run --rm --volume "$$(pwd)/helm/kubestatic:/helm-docs" jnorwood/helm-docs:latest -s file
+
+
 ##@ Build
 
 build: generate fmt vet ## Build manager binary.
@@ -111,6 +121,12 @@ KUSTOMIZE = $(shell pwd)/bin/kustomize
 kustomize: ## Download kustomize locally if necessary.
 	$(call go-get-tool,$(KUSTOMIZE),sigs.k8s.io/kustomize/kustomize/v3@v3.8.7)
 
+yq: ## Download yq if necessary.
+ifeq (, $(shell which yq))
+	@pip3 install yq
+endif
+YQ=$(shell which yq)
+
 # go-get-tool will 'go get' any package $2 and install it to $1.
 PROJECT_DIR := $(shell dirname $(abspath $(lastword $(MAKEFILE_LIST))))
 define go-get-tool

diff --git a/README.md b/README.md
@@ -1,2 +1,95 @@
+[![Quortex][logo]](https://quortex.io)
+
 # kubestatic
-A Kubernetes operator to handle public static IP assignment to nodes.
+An operator to manage the lifecycle of public cloud providers resources needed to expose endpoints on public nodes.
+
+The standard use case for this tool is to provision external IPs on public nodes as well as firewall rules allowing to determine access permissions on these nodes.
+
+## Prerequisites
+
+### Kubernetes
+A Kubernetes cluster of version v1.11.3+ is required. If you are just starting out with Kubestatic, it is highly recommended to use the latest version.
+
+### AWS
+To be used with AWS and interact with EC2 resources, an AWS account with the following permissions is required:
+```json
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Sid": "AllObjectActions",
+            "Effect": "Allow",
+            "Action": [
+                "ec2:DescribeSecurityGroups",
+                "ec2:CreateSecurityGroup",
+                "ec2:DeleteSecurityGroup",
+                "ec2:AuthorizeSecurityGroupIngress",
+                "ec2:RevokeSecurityGroupIngress",
+                "ec2:AuthorizeSecurityGroupEgress",
+                "ec2:RevokeSecurityGroupEgress",
+                "ec2:DescribeAddresses",
+                "ec2:AllocateAddress",
+                "ec2:ReleaseAddress",
+                "ec2:AssociateAddress",
+                "ec2:DisassociateAddress",
+                "ec2:DescribeInstances",
+                "ec2:ModifyInstanceAttribute",
+                "ec2:DescribeNetworkInterfaces",
+                "ec2:ModifyNetworkInterfaceAttribute",
+                "ec2:CreateTags"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
+```
+
+## Installation
+
+### Helm
+
+Follow Kubestatic documentation for Helm deployment [here](./helm/kubestatic).
+
+
+## Usage
+You can create resources via the CRDs documented below or by automatically assign external IPs to your nodes.
+
+### CustomResourceDefinitions
+
+Kubestatic acts on the following [custom resource definitions (CRDs)](https://kubernetes.io/docs/tasks/extend-kubernetes/custom-resources/custom-resource-definitions/):
+
+**`ExternalIP`** An External IP will allow you to provision and attach an external IP to a node (only AWS ElasticIP supported at the moment). :warning: The nodes must be deployed on a public subnet.
+
+**`FirewallRule`** A FirewallRule will allow you to configure inbound / outbound firewall rules and attach them to your nodes (only AWS EC2 Security Groups supported at the moment).
+
+You can find examples of CRDs defined by Kubestatic [here](./config/samples).
+
+Full API documentation is available [here](./docs/api-docs.asciidoc).
+
+### ExternalIP auto assign
+If you want to automatically attach an external IP to certain nodes of your cluster, simply add the following label to the nodes concerned `kubestatic.quortex.io/externalip-auto-assign: true`, Kubestatic will deploy an `ExternalIP` automatically for each of these nodes.
+
+
+## Configuration
+
+### Optional args
+The kubestatic container takes as argument the parameters below.
+| Key                       | Description                                                                                                           | Default |
+| ------------------------- | --------------------------------------------------------------------------------------------------------------------- | ------- |
+| cloud-provider            | Which cloud provider to deploy to. Available values: aws                                                              | ""      |
+| metrics-bind-address      | The address the metric endpoint binds to.                                                                             | :8080   |
+| health-probe-bind-address | The address the probe endpoint binds to.                                                                              | :8081   |
+| leader-elect              | Enable leader election for controller manager. Enabling this will ensure there is only one active controller manager. | `false` |
+
+
+## License
+Distributed under the Apache 2.0 License. See `LICENSE` for more information.
+
+## Versioning
+We use [SemVer](http://semver.org/) for versioning.
+
+## Help
+Got a question?
+File a GitHub [issue](https://github.com/quortex/kubestatic/issues).
+
+[logo]: https://storage.googleapis.com/quortex-assets/logo.webp
diff --git a/api/v1alpha1/zz_generated.deepcopy.go b/api/v1alpha1/zz_generated.deepcopy.go
diff --git a/helm/kubestatic/.helmignore b/helm/kubestatic/.helmignore
@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
diff --git a/helm/kubestatic/Chart.yaml b/helm/kubestatic/Chart.yaml
@@ -0,0 +1,24 @@
+apiVersion: v2
+name: kubestatic
+description: An operator to manage the lifecycle of public cloud providers resources needed to expose endpoints on public nodes.
+
+# A chart can be either an 'application' or a 'library' chart.
+#
+# Application charts are a collection of templates that can be packaged into versioned archives
+# to be deployed.
+#
+# Library charts provide useful utilities or functions for the chart developer. They're included as
+# a dependency of application charts to inject those utilities and functions into the rendering
+# pipeline. Library charts do not define any templates and therefore cannot be deployed.
+type: application
+
+# This is the chart version. This version number should be incremented each time you make changes
+# to the chart and its templates, including the app version.
+# Versions are expected to follow Semantic Versioning (https://semver.org/)
+version: 0.1.0
+
+# This is the version number of the application being deployed. This version number should be
+# incremented each time you make changes to the application. Versions are not expected to
+# follow Semantic Versioning. They should reflect the version the application is using.
+# It is recommended to use it with quotes.
+appVersion: 0.1.0
diff --git a/helm/kubestatic/README.md b/helm/kubestatic/README.md
@@ -0,0 +1,90 @@
+# kubestatic
+
+![Version: 0.1.0](https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.1.0](https://img.shields.io/badge/AppVersion-0.1.0-informational?style=flat-square)
+
+An operator to manage the lifecycle of public cloud providers resources needed to expose endpoints on public nodes.
+
+## Overview
+This project is an operator that allows Kubernetes to automatically manage the lifecycle of public cloud providers resources needed to expose endpoints on public nodes.
+
+The standard use case for this tool is to provision external IPs on public nodes as well as firewall rules allowing to determine access permissions on these nodes.
+
+## Prerequisites
+
+### <a id="Prerequisites_AWS"></a>AWS
+To be used with AWS and interact with EC2 resources, an AWS account with the following permissions is required:
+```json
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Sid": "AllObjectActions",
+            "Effect": "Allow",
+            "Action": [
+                "ec2:DescribeSecurityGroups",
+                "ec2:CreateSecurityGroup",
+                "ec2:DeleteSecurityGroup",
+                "ec2:AuthorizeSecurityGroupIngress",
+                "ec2:RevokeSecurityGroupIngress",
+                "ec2:AuthorizeSecurityGroupEgress",
+                "ec2:RevokeSecurityGroupEgress",
+                "ec2:DescribeAddresses",
+                "ec2:AllocateAddress",
+                "ec2:ReleaseAddress",
+                "ec2:AssociateAddress",
+                "ec2:DisassociateAddress",
+                "ec2:DescribeInstances",
+                "ec2:ModifyInstanceAttribute",
+                "ec2:DescribeNetworkInterfaces",
+                "ec2:ModifyNetworkInterfaceAttribute",
+                "ec2:CreateTags"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
+```
+
+## Installation
+
+1. Add kubestatic helm repository
+
+```sh
+helm repo add kubestatic https://quortex.github.io/kubestatic
+```
+
+2. Deploy the appropriate release in desired namespace.
+
+```sh
+helm create namesapce kubestatic-system
+helm install kubestatic kubestatic/kubestatic -n kubestatic-system
+```
+
+## Values
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| cloudProvider | string | `"aws"` | The desired cloud provider (only AWS at the moment). |
+| aws.region | string | `""` | the region in which the cluster resides. |
+| aws.accessKeyID | string | `""` | the access key id of a user with necessary permissions. |
+| aws.secretAccessKey | string | `""` | the secret access key of a user with necessary permissions. |
+| manager.image.repository | string | `"eu.gcr.io/quortex-registry-public/kubestatic"` | kubestatic manager image repository. |
+| manager.image.tag | string | `""` | kubestatic manager image tag. |
+| manager.image.pullPolicy | string | `"IfNotPresent"` | kubestatic manager image pull policy. |
+| manager.resources | object | `{}` | kubestatic manager container required resources. |
+| manager.securityContext | object | `{}` | kubestatic manager container security contexts |
+| kubeRBACProxy.enabled | bool | `true` |  |
+| kubeRBACProxy.image.repository | string | `"gcr.io/kubebuilder/kube-rbac-proxy"` | kube-rbac-proxy image repository. |
+| kubeRBACProxy.image.tag | string | `"v0.8.0"` | kube-rbac-proxy image tag. |
+| kubeRBACProxy.image.pullPolicy | string | `"IfNotPresent"` | kube-rbac-proxy image pull policy. |
+| kubeRBACProxy.resources | object | `{}` | kube-rbac-proxy container required resources. |
+| replicaCount | int | `1` | Number of desired pods. |
+| podSecurityContext | object | `{}` | Security contexts to set for all containers of the pod. |
+| imagePullSecrets | list | `[]` | A list of secrets used to pull containers images. |
+| nameOverride | string | `""` | Helm's name computing override. |
+| fullnameOverride | string | `""` | Helm's fullname computing override. |
+| podAnnotations | object | `{}` | Annotations to be added to pods. |
+| nodeSelector | object | `{}` | Node labels for Kubestitute pod assignment. |
+| tolerations | list | `[]` | Node tolerations for Kubestitute scheduling to nodes with taints. |
+| affinity | object | `{}` | Affinity for Kubestitute pod assignment. |
+
diff --git a/helm/kubestatic/README.md.gotmpl b/helm/kubestatic/README.md.gotmpl
@@ -0,0 +1,72 @@
+{{ template "chart.header" . }}
+{{ template "chart.deprecationWarning" . }}
+
+{{ template "chart.versionBadge" . }}{{ template "chart.typeBadge" . }}{{ template "chart.appVersionBadge" . }}
+
+{{ template "chart.description" . }}
+
+{{ template "chart.homepageLine" . }}
+
+{{ template "chart.sourcesSection" . }}
+
+{{ template "chart.requirementsSection" . }}
+
+## Overview
+This project is an operator that allows Kubernetes to automatically manage the lifecycle of public cloud providers resources needed to expose endpoints on public nodes.
+
+The standard use case for this tool is to provision external IPs on public nodes as well as firewall rules allowing to determine access permissions on these nodes.
+
+## Prerequisites
+
+### <a id="Prerequisites_AWS"></a>AWS
+To be used with AWS and interact with EC2 resources, an AWS account with the following permissions is required:
+```json
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Sid": "AllObjectActions",
+            "Effect": "Allow",
+            "Action": [
+                "ec2:DescribeSecurityGroups",
+                "ec2:CreateSecurityGroup",
+                "ec2:DeleteSecurityGroup",
+                "ec2:AuthorizeSecurityGroupIngress",
+                "ec2:RevokeSecurityGroupIngress",
+                "ec2:AuthorizeSecurityGroupEgress",
+                "ec2:RevokeSecurityGroupEgress",
+                "ec2:DescribeAddresses",
+                "ec2:AllocateAddress",
+                "ec2:ReleaseAddress",
+                "ec2:AssociateAddress",
+                "ec2:DisassociateAddress",
+                "ec2:DescribeInstances",
+                "ec2:ModifyInstanceAttribute",
+                "ec2:DescribeNetworkInterfaces",
+                "ec2:ModifyNetworkInterfaceAttribute",
+                "ec2:CreateTags"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
+```
+
+## Installation
+
+1. Add kubestatic helm repository
+
+```sh
+helm repo add kubestatic https://quortex.github.io/kubestatic
+```
+
+2. Deploy the appropriate release in desired namespace.
+
+```sh
+helm create namesapce kubestatic-system
+helm install kubestatic kubestatic/kubestatic -n kubestatic-system
+```
+
+{{ template "chart.valuesSection" . }}
+
+{{ template "chart.maintainersSection" . }}