From 64dc11c275611e32cb3cafe3d8ceb5d1d4f103ac Mon Sep 17 00:00:00 2001 From: Viktor Date: Fri, 6 Dec 2024 18:46:42 +0100 Subject: [PATCH] kanister profile chart added --- charts/kanister-profile/.helmignore | 21 +++++ charts/kanister-profile/Chart.yaml | 14 +++ charts/kanister-profile/README.md | 85 +++++++++++++++++++ charts/kanister-profile/ci/list-values.yaml | 4 + charts/kanister-profile/templates/NOTES.txt | 1 + .../kanister-profile/templates/_helpers.tpl | 42 +++++++++ .../kanister-profile/templates/profile.yaml | 52 ++++++++++++ charts/kanister-profile/values.yaml | 27 ++++++ 8 files changed, 246 insertions(+) create mode 100644 charts/kanister-profile/.helmignore create mode 100644 charts/kanister-profile/Chart.yaml create mode 100755 charts/kanister-profile/README.md create mode 100644 charts/kanister-profile/ci/list-values.yaml create mode 100644 charts/kanister-profile/templates/NOTES.txt create mode 100644 charts/kanister-profile/templates/_helpers.tpl create mode 100644 charts/kanister-profile/templates/profile.yaml create mode 100644 charts/kanister-profile/values.yaml diff --git a/charts/kanister-profile/.helmignore b/charts/kanister-profile/.helmignore new file mode 100644 index 0000000..f0c1319 --- /dev/null +++ b/charts/kanister-profile/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/charts/kanister-profile/Chart.yaml b/charts/kanister-profile/Chart.yaml new file mode 100644 index 0000000..983b78c --- /dev/null +++ b/charts/kanister-profile/Chart.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +description: A helm chart to create profile custom resource for kanister +engine: gotpl +name: kanister-profile +home: https://kanister.io/ +version: 0.112.0 +maintainers: + - email: tom@kasten.io + name: tdmanv + - email: ilya@kasten.io + name: depohmel +icon: https://kasten.io/assets/img/kanister-logo.png +appVersion: 0.1.0 +source: https://github.com/kanisterio/kanister diff --git a/charts/kanister-profile/README.md b/charts/kanister-profile/README.md new file mode 100755 index 0000000..c749680 --- /dev/null +++ b/charts/kanister-profile/README.md @@ -0,0 +1,85 @@ +# Profile CustomResource + +Profile CustomResources (CRs) are used to provide configuration information to +[Kanister](https://kanister.io), a framework that enables application-level data +management on Kubernetes. + +## TL;DR; + +```bash +# Add the Kanister helm repo +$ helm repo add kanister https://charts.kanister.io/ + +# Create a Profile with the default name in the kanister namespace and AWS credentials set +$ helm install kanister/profile --namespace kanister \ + --set defaultProfile=true \ + --set location.type='s3Compliant' \ + --set aws.accessKey="${AWS_ACCESS_KEY}" \ + --set aws.secretKey="${AWS_SECRET_KEY}" \ + --set location.bucket='my-kanister-bucket' + +# Create a Profile with GCP credentials set +$ helm install kanister/profile --namespace kanister \ + --set defaultProfile=true \ + --set location.type='gcs' \ + --set gcp.projectID="my-project-ID" \ + --set-file gcp.serviceKey='path-to-json-file-containing-google-app-credentials' \ + --set location.bucket='my-kanister-bucket' +``` + +## Overview + +This chart installs a Profile CR for [Kanister](http://kanister.io) using the +[Helm](https://helm.sh) package manager. + +Profiles provide strongly-typed configuration for Kanister. Because a Profile +is structured, the Kanister framework is able to provide support for advanced +features. Rather than relying on one-off implementations in Blueprints that +consume ConfigMaps Kanister introspect and use configuration from Profiles. + +The schema for Profiles is specified by the CustomResourceDefinition (CRD), +which can be found [here](https://github.com/kanisterio/kanister/blob/master/pkg/apis/cr/v1alpha1/types.go#L234). + +Currently Profiles can be used to configure access to object storage compatible +with the [S3 protocol](https://docs.aws.amazon.com/AmazonS3/latest/API/Welcome.html). + +## Prerequisites + +- Kubernetes 1.7+ with Beta APIs enabled or 1.9+ without Beta APIs. +- Kanister version 0.10.0 with `profiles.cr.kanister.io` CRD installed + +> **Note**: The Kanister controller will create the Profile CRD at Startup. + +## Configuration + +The following table lists the configurable PostgreSQL Kanister blueprint and +Profile CR parameters and their default values. The Profile CR parameters are +passed to the profile sub-chart. + +| Parameter | Description | Default | +| --- | --- | --- | +| `defaultProfile` | (Optional) Set to ``true`` to create a profile with name `default-profile`. | ``false`` | +| `profileName` | (Required if `! defaultProfile`) Name of the Profile CR. | `nil` | +| `aws.accessKey` | (Required if gcp creds not set) API Key for an s3 compatible object store. | `nil` | +| `aws.secretKey` | (Required if gcp creds not set) Corresponding secret for `accessKey`. | `nil` | +| `gcp.projectID` | (Required if aws creds not set) Project ID of the google application. | `nil` | +| `gcp.serviceKey` | (Required if aws creds not set) Path to json file containing google application credentials. | `nil` | +| `location.type` | (Optional) Location type: s3Compliant or gcs. | `nil` | +| `location.bucket` | (Required if location.type is set) Bucket used to store Kanister artifacts.

The bucket must already exist. | `nil` | +| `location.region` | (Optional) Region to be used for the bucket. | `nil` | +| `location.endpoint` | (Optional) The URL for an s3 compatible object store provider. Can be omitted if provider is AWS. Required for any other provider. | `nil` | +| `verifySSL` | (Optional) Set to ``false`` to disable SSL verification on the s3 endpoint. | `true` | + +Specify each parameter using the `--set key=value[,key=value]` argument to `helm +install`. For example: + +```bash +$ helm install kanister/profile my-profile-release --namespace kanister \ + --set profileName='my-profile' \ + --set location.type='s3Compliant' \ + --set location.endpoint='https://my-custom-s3-provider:9000' \ + --set aws.accessKey="${AWS_ACCESS_KEY}" \ + --set aws.secretKey="${AWS_SECRET_KEY}" \ + --set location.bucket='my-kanister-bucket' \ + --set verifySSL='true' +``` diff --git a/charts/kanister-profile/ci/list-values.yaml b/charts/kanister-profile/ci/list-values.yaml new file mode 100644 index 0000000..07c2f58 --- /dev/null +++ b/charts/kanister-profile/ci/list-values.yaml @@ -0,0 +1,4 @@ +s3: + accessKey: SomeBogusTestKey= + secretKey: SomeTestSecrest== + bucket: linttestname diff --git a/charts/kanister-profile/templates/NOTES.txt b/charts/kanister-profile/templates/NOTES.txt new file mode 100644 index 0000000..5bba90a --- /dev/null +++ b/charts/kanister-profile/templates/NOTES.txt @@ -0,0 +1 @@ +This chart created a profile with name {{ template "profile.profileName" .}} \ No newline at end of file diff --git a/charts/kanister-profile/templates/_helpers.tpl b/charts/kanister-profile/templates/_helpers.tpl new file mode 100644 index 0000000..7a4e283 --- /dev/null +++ b/charts/kanister-profile/templates/_helpers.tpl @@ -0,0 +1,42 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "profile.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Name of the profile to create +*/}} +{{- define "profile.profileName" -}} +{{- if .Values.defaultProfile -}} + {{ .Values.defaultProfileName }} +{{- else -}} + {{- required "If not creating a default profile, please provide a name for the profile by setting the parameter profileName" .Values.profileName -}} +{{- end -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "profile.fullname" -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "profile.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* Helm required labels */}} +{{- define "profile.helmLabels" -}} +heritage: {{ .Release.Service }} +release: {{ .Release.Name }} +chart: {{ template "profile.chart" . }} +app: {{ template "profile.name" . }} +{{- end -}} diff --git a/charts/kanister-profile/templates/profile.yaml b/charts/kanister-profile/templates/profile.yaml new file mode 100644 index 0000000..40d261b --- /dev/null +++ b/charts/kanister-profile/templates/profile.yaml @@ -0,0 +1,52 @@ +apiVersion: v1 +kind: Secret +metadata: + name: {{ template "profile.profileName" . }}-creds + namespace: {{ .Release.Namespace }} + labels: +{{ include "profile.helmLabels" . | indent 4 }} +type: Opaque +data: + {{- if .Values.aws.accessKey }} + aws_access_key_id: {{ .Values.aws.accessKey | b64enc | quote }} + aws_secret_access_key: {{ .Values.aws.secretKey | b64enc | quote }} + {{- else if .Values.gcp.projectID }} + project_id: {{ .Values.gcp.projectID | b64enc | quote }} + service_key: {{ .Values.gcp.serviceKey | b64enc | quote }} + {{- else if .Values.azure.storageAccount }} + storage_account: {{ .Values.azure.storageAccount | b64enc | quote }} + storage_key: {{ .Values.azure.storageKey | b64enc | quote }} + {{- end }} + +--- +apiVersion: cr.kanister.io/v1alpha1 +kind: Profile +metadata: + name: {{ template "profile.profileName" . }} + namespace: {{ .Release.Namespace }} + labels: +{{ include "profile.helmLabels" . | indent 4 }} +location: + type: {{ .Values.location.type | quote }} + bucket: {{ .Values.location.bucket | quote }} + endpoint: {{ .Values.location.endpoint }} + prefix: {{ .Values.location.prefix }} + region: {{ .Values.location.region }} +credential: + type: keyPair + keyPair: + {{- if .Values.aws.accessKey }} + idField: aws_access_key_id + secretField: aws_secret_access_key + {{- else if .Values.gcp.projectID }} + idField: project_id + secretField: service_key + {{- else if .Values.azure.storageAccount }} + idField: storage_account + secretField: storage_key + {{- end }} + secret: + apiVersion: v1 + name: {{ template "profile.profileName" . }}-creds + namespace: {{ .Release.Namespace }} +skipSSLVerify: {{ not .Values.verifySSL }} diff --git a/charts/kanister-profile/values.yaml b/charts/kanister-profile/values.yaml new file mode 100644 index 0000000..fdb208c --- /dev/null +++ b/charts/kanister-profile/values.yaml @@ -0,0 +1,27 @@ +# Default values for kanister-profile. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. +defaultProfile: true +defaultProfileName: default-profile +profileName: + +location: + type: + bucket: + endpoint: "" + prefix: "" + region: "" + +aws: + accessKey: + secretKey: + +gcp: + projectID: + serviceKey: + +azure: + storageAccount: + storageKey: + +verifySSL: true