Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Release operator 0.1.1 #94

Merged
merged 1 commit into from
Aug 5, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 4 additions & 4 deletions charts/operator/Chart.yaml
Original file line number Diff line number Diff line change
@@ -1,11 +1,11 @@
apiVersion: v2
type: application
version: 0.1.0-rc2
version: 0.1.1
# used as the default value for .Values.operator.image.tag
appVersion: 0.1.0-rc1
appVersion: 0.1.1
name: operator
description: |
TODO description
A Helm chart for the operator that instruments your k8s cluster
home: https://velocity.tech
# icon: ''
keywords: []
Expand All @@ -19,6 +19,6 @@ dependencies:
- bitnami-common
version: 2.20.3
sources:
- https://github.com/techvelocity/helm-charts/tree/main/charts/operator
- https://github.com/techvelocity/starlink/tree/main/operator
- https://github.com/techvelocity/helm-charts/tree/main/charts/operator
- https://github.com/bitnami/charts/tree/main/bitnami/common
264 changes: 68 additions & 196 deletions charts/operator/README.md
Original file line number Diff line number Diff line change
@@ -1,225 +1,97 @@
# TODO(dror): edit this readme
# Velocity Operator

<!--- app-name: velocity-operator -->
## Installation

# velocity-operator
```bash
helm repo add velocity https://helm-charts.velocity.tech
helm repo update

%%DESCRIPTION%% (check existing examples)

## TL;DR

```console
helm install my-release oci://registry-1.docker.io/bitnamicharts/velocity-operator
helm upgrade --install operator velocity/operator --version <version> \
--namespace=velocity-system \
--create-namespace
```

Looking to use velocity-operator in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the commercial edition of the Bitnami catalog.

## Introduction

%%INTRODUCTION%% (check existing examples)

## Prerequisites

- Kubernetes 1.23+
- Helm 3.8.0+
- PV provisioner support in the underlying infrastructure
- ReadWriteMany volumes for deployment scaling

## Installing the Chart

To install the chart with the release name `my-release`:

```console
helm install my-release oci://REGISTRY_NAME/REPOSITORY_NAME/velocity-operator
```

> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`.

The command deploys velocity-operator on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation.

> **Tip**: List all releases using `helm list`

## Configuration and installation details

### [Rolling VS Immutable tags](https://docs.vmware.com/en/VMware-Tanzu-Application-Catalog/services/tutorials/GUID-understand-rolling-tags-containers-index.html)

It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image.

Bitnami will release a new chart updating its containers if a new version of the main container, significant changes, or critical vulnerabilities exist.

### External database support

%%IF NEEDED%%

You may want to have velocity-operator connect to an external database rather than installing one inside your cluster. Typical reasons for this are to use a managed database service, or to share a common database server for all your applications. To achieve this, the chart allows you to specify credentials for an external database with the [`externalDatabase` parameter](#parameters). You should also disable the MariaDB installation with the `mariadb.enabled` option. Here is an example:

```console
mariadb.enabled=false
externalDatabase.host=myexternalhost
externalDatabase.user=myuser
externalDatabase.password=mypassword
externalDatabase.database=mydatabase
externalDatabase.port=3306
```

### Ingress

%%IF NEEDED%%

This chart provides support for Ingress resources. If you have an ingress controller installed on your cluster, such as [nginx-ingress-controller](https://github.com/bitnami/charts/tree/main/bitnami/nginx-ingress-controller) or [contour](https://github.com/bitnami/charts/tree/main/bitnami/contour) you can utilize the ingress controller to serve your application.To enable Ingress integration, set `ingress.enabled` to `true`.

The most common scenario is to have one host name mapped to the deployment. In this case, the `ingress.hostname` property can be used to set the host name. The `ingress.tls` parameter can be used to add the TLS configuration for this host.

However, it is also possible to have more than one host. To facilitate this, the `ingress.extraHosts` parameter (if available) can be set with the host names specified as an array. The `ingress.extraTLS` parameter (if available) can also be used to add the TLS configuration for extra hosts.

> NOTE: For each host specified in the `ingress.extraHosts` parameter, it is necessary to set a name, path, and any annotations that the Ingress controller should know about. Not all annotations are supported by all Ingress controllers, but [this annotation reference document](https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/nginx-configuration/annotations.md) lists the annotations supported by many popular Ingress controllers.

Adding the TLS parameter (where available) will cause the chart to generate HTTPS URLs, and the application will be available on port 443. The actual TLS secrets do not have to be generated by this chart. However, if TLS is enabled, the Ingress record will not work until the TLS secret exists.

[Learn more about Ingress controllers](https://kubernetes.io/docs/concepts/services-networking/ingress-controllers/).

### TLS secrets

TLS support can be enabled in the chart by specifying the `tls.` parameters while creating a release. The following parameters should be configured to properly enable the TLS support in the cluster:

- `tls.enabled`: Enable TLS support. Defaults to `false`
- `tls.existingSecret`: Name of the secret that contains the certificates. No defaults.
- `tls.certFilename`: Certificate filename. No defaults.
- `tls.certKeyFilename`: Certificate key filename. No defaults.
- `tls.certCAFilename`: CA Certificate filename. No defaults.

For example:

First, create the secret with the certificates files:

```console
kubectl create secret generic certificates-tls-secret --from-file=./cert.pem --from-file=./cert.key --from-file=./ca.pem
```

Then, use the following parameters:

```console
tls.enabled="true"
tls.existingSecret="certificates-tls-secret"
tls.certFilename="cert.pem"
tls.certKeyFilename="cert.key"
tls.certCAFilename="ca.pem"
```

### %%OTHER_SECTIONS%%

### Additional environment variables

In case you want to add extra environment variables (useful for advanced operations like custom init scripts), you can use the `extraEnvVars` property.
In order for the sidecar to work, users must create a secret with the following schema:

```yaml
velocity-operator:
extraEnvVars:
- name: LOG_LEVEL
value: error
PGHOST: "velocity-postgres.c748cme8k8yr.eu-central-1.rds.amazonaws.com"
PGPORT: "5432"
PGUSER: "postgres"
PGPASSWORD: "***"
PGSSLMODE: "require"
PGDATABASE: "postgres"
PGSCHEMA: "public"
PGAPPNAME: "telegraf-sidecar"
```

Alternatively, you can use a ConfigMap or a Secret with the environment variables. To do so, use the `extraEnvVarsCM` or the `extraEnvVarsSecret` values.
The secret name defaults to the name of the operator (when using this chart).
If you want to use a different secret name, you can set the `sidecar.secretName` value.

### Sidecars
### Configuration and Replication

If additional containers are needed in the same pod as velocity-operator (such as additional metrics or logging exporters), they can be defined using the `sidecars` parameter.
Note that the telegraf configuration and secret must be in the same namespace as the sidecar.
This means that users must recreate the secret and copy-paste the configmap to the correct namespace.
Users can use projects like [Reflector](https://github.com/emberstack/kubernetes-reflector) to automate this process.

```yaml
sidecars:
- name: your-image-name
image: your-image
imagePullPolicy: Always
ports:
- name: portname
containerPort: 1234
```
#### Manual steps

If these sidecars export extra ports, extra port definitions can be added using the `service.extraPorts` parameter (where available), as shown in the example below:
make sure to relace placholders and check all the values make sense for your setup:

```yaml
service:
extraPorts:
- name: extraPort
port: 11311
targetPort: 11311
```
> 💡💡 See [demo-customer.values.yaml](../../demo-customer.values.yaml) for the appropriate values structure.

> NOTE: This Helm chart already includes sidecar containers for the Prometheus exporters (where applicable). These can be activated by adding the `--enable-metrics=true` parameter at deployment time. The `sidecars` parameter should therefore only be used for any extra sidecar containers.
##### Creating a initial secret

If additional init containers are needed in the same pod, they can be defined using the `initContainers` parameter. Here is an example:
```bash
# we use the clipboard to avoid storing the password in the shell history or a local file
# COPY PASSWORD TO CLIPBOARD, AND THEN:
export PGPASSWORD=$(pbpaste)

```yaml
initContainers:
- name: your-image-name
image: your-image
imagePullPolicy: Always
ports:
- name: portname
containerPort: 1234
cat <<EOF | kubectl apply -f -
apiVersion: v1
kind: Secret
metadata:
name: velocity-postgres-config
namespace: velocity-system
stringData:
PGHOST: "velocity-postgres.c748cme8k8yr.eu-central-1.rds.amazonaws.com"
PGPORT: "5432"
PGUSER: "postgres"
PGPASSWORD: "$PGPASSWORD"
PGSSLMODE: "require"
PGDATABASE: "postgres"
PGSCHEMA: "public"
PGAPPNAME: "velocity-sensor"
EOF
```

Learn more about [sidecar containers](https://kubernetes.io/docs/concepts/workloads/pods/) and [init containers](https://kubernetes.io/docs/concepts/workloads/pods/init-containers/).

### Pod affinity
##### Replicate the secret

This chart allows you to set your custom affinity using the `affinity` parameter. Find more information about Pod affinity in the [kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity).

As an alternative, use one of the preset configurations for pod affinity, pod anti-affinity, and node affinity available at the [bitnami/common](https://github.com/bitnami/charts/tree/main/bitnami/common#affinities) chart. To do so, set the `podAffinityPreset`, `podAntiAffinityPreset`, or `nodeAffinityPreset` parameters.

## Persistence

The [Bitnami velocity-operator](https://github.com/bitnami/containers/tree/main/bitnami/velocity-operator) image stores the velocity-operator data and configurations at the `/bitnami` path of the container. Persistent Volume Claims are used to keep the data across deployments.

If you encounter errors when working with persistent volumes, refer to our [troubleshooting guide for persistent volumes](https://docs.bitnami.com/kubernetes/faq/troubleshooting/troubleshooting-persistence-volumes/).

## Parameters

See <https://github.com/bitnami/readme-generator-for-helm> to create the table

The above parameters map to the env variables defined in [bitnami/velocity-operator](https://github.com/bitnami/containers/tree/main/bitnami/velocity-operator). For more information please refer to the [bitnami/velocity-operator](https://github.com/bitnami/containers/tree/main/bitnami/velocity-operator) image documentation.

Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example,

```console
helm install my-release \
--set velocity-operatorUsername=admin \
--set velocity-operatorPassword=password \
--set mariadb.auth.rootPassword=secretpassword \
oci://REGISTRY_NAME/REPOSITORY_NAME/velocity-operator
```bash
export NEW_NAMESPACE=<your-namespace>
kubectl -n velocity-system get secret velocity-postgres-config -o yaml | \
sed 's/namespace: velocity-system/namespace: '$NEW_NAMESPACE'/' | \
kubectl apply -f -
```

> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`.

The above command sets the velocity-operator administrator account username and password to `admin` and `password` respectively. Additionally, it sets the MariaDB `root` user password to `secretpassword`.
##### Create an initial configmap

> NOTE: Once this chart is deployed, it is not possible to change the application's access credentials, such as usernames or passwords, using Helm. To change these application credentials after deployment, delete any persistent volumes (PVs) used by the chart and re-deploy it, or use the application's built-in administrative tools if available.
> THIS IS A WAY TO OVERRIDE THE DEFAULT CONFIGMAP. YOU CAN SKIP THIS STEP AND USE THE EXITING ONE.

Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. For example,
```bash
export PATH_TO_TELEGRAF_CONF=sidecarsensor/telegraf.conf

```console
helm install my-release -f values.yaml oci://REGISTRY_NAME/REPOSITORY_NAME/velocity-operator
# read the note in all caps above before running this command
kubectl -n velocity-system create configmap velocity-config \
--from-file="telegraf.conf=$PATH_TO_TELEGRAF_CONF"
```

> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`.
> **Tip**: You can use the default [values.yaml](https://github.com/bitnami/charts/blob/main/template/CHART_NAME/values.yaml)

## Troubleshooting

Find more information about how to deal with common errors related to Bitnami's Helm charts in [this troubleshooting guide](https://docs.bitnami.com/general/how-to/troubleshoot-helm-chart-issues).
##### Replicate the configmap

## License
```bash
export NEW_NAMESPACE=<your-namespace>

Copyright &copy; 2024 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries.

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

<http://www.apache.org/licenses/LICENSE-2.0>

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
# adjust the configmap name if you've you're using the default one from the helm installtion
kubectl -n velocity-system get configmap velocity-config -o yaml | \
sed 's/namespace: velocity-system/namespace: '$NEW_NAMESPACE'/' | \
kubectl apply -f -
```
22 changes: 22 additions & 0 deletions charts/operator/templates/_helpers.tpl
Original file line number Diff line number Diff line change
Expand Up @@ -80,4 +80,26 @@ Compile all warnings into a single message.
{{- if and .Values.operator.admissionWebhook.autoSelfSignedCertificate (not (empty .Values.operator.admissionWebhook.existingCertificateSecretName)) -}}
{{- fail "admissionWebhook.autoSelfSignedCertificate is enabled, but so does admissionWebhook.existingCertificateSecretName. Only one of them is allowed at a time" -}}
{{- end -}}
{{- end -}}

{{- define "sidecar.image" -}}
{{- if .Values.sidecar -}}
{{- .Values.sidecar.image | default "ghcr.io/techvelocity/velocity-sensor:0.1.1" -}}
{{- end -}}
{{- end -}}

{{- define "sidecar.secretName" -}}
{{- if and .Values.sidecar .Values.sidecar.secretName -}}
{{- .Values.sidecar.secretName -}}
{{- else -}}
{{ template "common.names.fullname" . }}
{{- end -}}
{{- end -}}

{{- define "sidecar.configmapName" -}}
{{- if and .Values.sidecar .Values.sidecar.configmapName -}}
{{- .Values.sidecar.configmapName -}}
{{- else -}}
{{ template "common.names.fullname" . }}
{{- end -}}
{{- end -}}
19 changes: 11 additions & 8 deletions charts/operator/templates/admissionwebhook.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -21,12 +21,15 @@ webhooks:
port: 9443
failurePolicy: Ignore
rules:
- apiGroups:
- ""
apiVersions:
- v1
operations:
- CREATE
resources:
- pods
- apiGroups:
- ""
apiVersions:
- v1
resources:
- pods
operations:
- CREATE
objectSelector: # TODO(dror): this is taken from the operator codebase, under pkg/api/labels.go. We should automate this change if it's frequent
matchLabels:
alpha.velocity.tech/mutate-pod: "enabled"
sideEffects: None
Loading
Loading