From e13696e29788f80a3366d5236b523ed5d04fdcbd Mon Sep 17 00:00:00 2001 From: Denis Ryzhkov Date: Wed, 15 Jan 2025 20:21:55 +0100 Subject: [PATCH 1/2] Generate multiple sveltos `ClusterProfile`-s to distribute `external-dns-aws-credentials` to "storage" cluster only --- Makefile | 1 + charts/kof-mothership/Chart.yaml | 2 +- .../templates/kcm/sveltos/copy-template.yaml | 10 ------ .../sveltos/copy-secrets-cluster-profile.yaml | 31 ++++++++++++++----- charts/kof-mothership/values.yaml | 11 ++++--- demo/cluster/aws-storage.yaml | 1 + 6 files changed, 32 insertions(+), 24 deletions(-) delete mode 100644 charts/kof-mothership/templates/kcm/sveltos/copy-template.yaml diff --git a/Makefile b/Makefile index 380d605..5d57729 100644 --- a/Makefile +++ b/Makefile @@ -105,6 +105,7 @@ dev-storage-deploy: dev ## Deploy kof-storage helm chart to the K8s cluster spec dev-ms-deploy-aws: dev ## Deploy Mothership helm chart to the K8s cluster specified in ~/.kube/config for a remote storage cluster cp -f $(TEMPLATES_DIR)/kof-mothership/values.yaml dev/mothership-values.yaml @$(YQ) eval -i '.kcm.installTemplates = true' dev/mothership-values.yaml + @$(YQ) eval -i '.kcm.kof.clusterProfiles.kof-aws-dns-secrets = {"matchLabels": {"k0rdent.mirantis.com/kof-aws-dns-secrets": "true"}, "secrets": ["external-dns-aws-credentials"]}' dev/mothership-values.yaml @$(YQ) eval -i '.grafana.logSources = [{"name": "$(USER)-aws-storage", "url": "https://vmauth.$(STORAGE_DOMAIN)/vls", "type": "victoriametrics-logs-datasource", "auth": {"credentials_secret_name": "storage-vmuser-credentials", "username_key": "username", "password_key": "password"}}]' dev/mothership-values.yaml @$(YQ) eval -i '.promxy.config.serverGroups = [{"clusterName": "$(USER)-aws-storage", "targets": ["vmauth.$(STORAGE_DOMAIN):443"], "auth": {"credentials_secret_name": "storage-vmuser-credentials", "create_secret": true, "username_key": "username", "password_key": "password"}}]' dev/mothership-values.yaml diff --git a/charts/kof-mothership/Chart.yaml b/charts/kof-mothership/Chart.yaml index fd37018..1b49cff 100644 --- a/charts/kof-mothership/Chart.yaml +++ b/charts/kof-mothership/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 name: kof-mothership description: A Helm chart that deploys Grafana, Promxy, and VictoriaMetrics. -version: 0.1.8 +version: 0.1.9 appVersion: "1.0" dependencies: - name: grafana-operator diff --git a/charts/kof-mothership/templates/kcm/sveltos/copy-template.yaml b/charts/kof-mothership/templates/kcm/sveltos/copy-template.yaml deleted file mode 100644 index 4b66bc9..0000000 --- a/charts/kof-mothership/templates/kcm/sveltos/copy-template.yaml +++ /dev/null @@ -1,10 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: copy-resource-template - namespace: {{ $.Release.Namespace }} - annotations: - projectsveltos.io/template: "true" # add annotation to indicate Sveltos content is a template -data: - secret.yaml: | - {{` {{ copy "Resource" }} `}} diff --git a/charts/kof-mothership/templates/sveltos/copy-secrets-cluster-profile.yaml b/charts/kof-mothership/templates/sveltos/copy-secrets-cluster-profile.yaml index d7e5919..d4f13f5 100644 --- a/charts/kof-mothership/templates/sveltos/copy-secrets-cluster-profile.yaml +++ b/charts/kof-mothership/templates/sveltos/copy-secrets-cluster-profile.yaml @@ -1,24 +1,39 @@ -{{- if .Values.kcm.kof.secrets_copy.secrets }} +{{- range $name, $value := .Values.kcm.kof.clusterProfiles }} {{- /* Distributing secrets to clusters automatically*/}} --- apiVersion: config.projectsveltos.io/v1beta1 kind: ClusterProfile metadata: - name: kof-secrets + name: {{ $name }} spec: clusterSelector: - matchLabels: {{ .Values.kcm.kof.secrets_copy.matchLabels | toYaml | nindent 6 }} + matchLabels: {{ $value.matchLabels | toYaml | nindent 6 }} templateResourceRefs: -{{- range .Values.kcm.kof.secrets_copy.secrets }} - - resource: + {{- range $value.secrets }} + - identifier: secret-{{ . }} + resource: apiVersion: v1 kind: Secret name: {{ . }} namespace: {{ $.Release.Namespace }} - identifier: Resource -{{- end }} + {{- end }} policyRefs: + {{- range $value.secrets }} - kind: ConfigMap - name: copy-resource-template + name: secret-template-{{ . }} namespace: {{ $.Release.Namespace }} + {{- end }} +{{- range $value.secrets }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: secret-template-{{ . }} + namespace: {{ $.Release.Namespace }} + annotations: + projectsveltos.io/template: "true" +data: + secret.yaml: | + {{` {{ copy "`}}secret-{{ . }}{{`" }} `}} +{{- end }} {{- end }} diff --git a/charts/kof-mothership/values.yaml b/charts/kof-mothership/values.yaml index 87655e7..040ff16 100644 --- a/charts/kof-mothership/values.yaml +++ b/charts/kof-mothership/values.yaml @@ -20,11 +20,12 @@ kcm: version: 0.0.2 storage: version: 0.1.4 - secrets_copy: - matchLabels: - k0rdent.mirantis.com/kof-storage-secrets: "true" - secrets: - - storage-vmuser-credentials + clusterProfiles: + kof-storage-secrets: + matchLabels: + k0rdent.mirantis.com/kof-storage-secrets: "true" + secrets: + - storage-vmuser-credentials victoriametrics: enabled: true vmcluster: diff --git a/demo/cluster/aws-storage.yaml b/demo/cluster/aws-storage.yaml index 5ca1c12..58dfca3 100644 --- a/demo/cluster/aws-storage.yaml +++ b/demo/cluster/aws-storage.yaml @@ -21,6 +21,7 @@ spec: workersNumber: 3 clusterLabels: k0rdent.mirantis.com/kof-storage-secrets: "true" + k0rdent.mirantis.com/kof-aws-dns-secrets: "true" template: aws-standalone-cp-0-0-5 serviceSpec: priority: 100 From ea983ea9d6dbe49c21968b6af13c26021d03ec3e Mon Sep 17 00:00:00 2001 From: Denis Ryzhkov Date: Thu, 16 Jan 2025 11:45:32 +0100 Subject: [PATCH 2/2] Applied helm values naming convention --- Makefile | 2 +- charts/kof-mothership/values.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Makefile b/Makefile index 5d57729..f2badd0 100644 --- a/Makefile +++ b/Makefile @@ -105,7 +105,7 @@ dev-storage-deploy: dev ## Deploy kof-storage helm chart to the K8s cluster spec dev-ms-deploy-aws: dev ## Deploy Mothership helm chart to the K8s cluster specified in ~/.kube/config for a remote storage cluster cp -f $(TEMPLATES_DIR)/kof-mothership/values.yaml dev/mothership-values.yaml @$(YQ) eval -i '.kcm.installTemplates = true' dev/mothership-values.yaml - @$(YQ) eval -i '.kcm.kof.clusterProfiles.kof-aws-dns-secrets = {"matchLabels": {"k0rdent.mirantis.com/kof-aws-dns-secrets": "true"}, "secrets": ["external-dns-aws-credentials"]}' dev/mothership-values.yaml + @$(YQ) eval -i '.kcm.kof.clusterProfiles.kofAwsDnsSecrets = {"matchLabels": {"k0rdent.mirantis.com/kof-aws-dns-secrets": "true"}, "secrets": ["external-dns-aws-credentials"]}' dev/mothership-values.yaml @$(YQ) eval -i '.grafana.logSources = [{"name": "$(USER)-aws-storage", "url": "https://vmauth.$(STORAGE_DOMAIN)/vls", "type": "victoriametrics-logs-datasource", "auth": {"credentials_secret_name": "storage-vmuser-credentials", "username_key": "username", "password_key": "password"}}]' dev/mothership-values.yaml @$(YQ) eval -i '.promxy.config.serverGroups = [{"clusterName": "$(USER)-aws-storage", "targets": ["vmauth.$(STORAGE_DOMAIN):443"], "auth": {"credentials_secret_name": "storage-vmuser-credentials", "create_secret": true, "username_key": "username", "password_key": "password"}}]' dev/mothership-values.yaml diff --git a/charts/kof-mothership/values.yaml b/charts/kof-mothership/values.yaml index 040ff16..e3408cd 100644 --- a/charts/kof-mothership/values.yaml +++ b/charts/kof-mothership/values.yaml @@ -21,7 +21,7 @@ kcm: storage: version: 0.1.4 clusterProfiles: - kof-storage-secrets: + kofStorageSecrets: matchLabels: k0rdent.mirantis.com/kof-storage-secrets: "true" secrets: