feat(yurthub): added helm chart with apiserver lookup

Signed-off-by: Armin Schlegel <armin.schlegel@gmx.de>
edgefarm · Oct 11, 2023 · 3fdfe00 · 3fdfe00
1 parent 5d344a6
commit 3fdfe00
Show file tree

Hide file tree

Showing 8 changed files with 371 additions and 1 deletion.
diff --git a/.releaserc.json b/.releaserc.json
@@ -52,6 +52,14 @@
         "onlyUpdateVersion": true
       }
     ],
+    [
+      "semantic-release-helm3",
+      {
+        "chartPath": "./charts/yurthub",
+        "registry": "ghcr.io/edgefarm/helm-charts",
+        "onlyUpdateVersion": true
+      }
+    ],
     [
       "@semantic-release/git",
       {
@@ -61,7 +69,8 @@
           "charts/headscale/Chart.yaml",
           "charts/tailscale/Chart.yaml",
           "charts/kube-flannel/Chart.yaml",
-          "charts/coredns/Chart.yaml"
+          "charts/coredns/Chart.yaml",
+          "charts/yurthub/Chart.yaml"
         ],
         "message": "chore(release): ${nextRelease.version} [skip ci]\n\n${nextRelease.notes}"
       }

diff --git a/charts/yurthub/.helmignore b/charts/yurthub/.helmignore
@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
diff --git a/charts/yurthub/Chart.yaml b/charts/yurthub/Chart.yaml
@@ -0,0 +1,6 @@
+apiVersion: v2
+name: yurthub
+description: A Helm chart for OpenYurt YurtHub Component
+type: application
+version: 1.3.0
+appVersion: "1.3.4"
diff --git a/charts/yurthub/templates/_helpers.tpl b/charts/yurthub/templates/_helpers.tpl
@@ -0,0 +1,50 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "yurthub.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "yurthub.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "yurthub.labels" -}}
+helm.sh/chart: {{ include "yurthub.chart" . }}
+{{ include "yurthub.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "yurthub.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "yurthub.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{/* Define a custom template function to get the server address */}}
+{{- define "yurthub.getServerAddress" -}}
+{{- if and .Values.kuberneteServerAddr.manual.enabled .Values.kuberneteServerAddr.lookup.enabled }}
+  {{- fail "kuberneteServerAddr.manual.enabled and kuberneteServerAddr.lookup.enabled cannot be true at the same time" }}
+{{- else if .Values.kuberneteServerAddr.manual.enabled }}
+  {{- $host := .Values.kuberneteServerAddr.manual.host }}
+  {{- $port := .Values.kuberneteServerAddr.manual.port }}
+  {{- printf "https://%s:%s" $host ($port | toString) }}
+{{- else if .Values.kuberneteServerAddr.lookup.enabled }}
+  {{- $secretObj := (lookup "v1" "Secret" .Values.kuberneteServerAddr.lookup.secretRef.namespace .Values.kuberneteServerAddr.lookup.secretRef.name ) | default dict }}
+  {{- $secretData := (get $secretObj "data") | default dict }}
+  {{- $host := (get $secretData .Values.kuberneteServerAddr.lookup.secretRef.keys.host ) | b64dec }}
+  {{- $port := (get $secretData .Values.kuberneteServerAddr.lookup.secretRef.keys.port ) | b64dec }}
+  {{- printf "https://%s:%s" $host $port }}
+{{- end -}}
+{{- end -}}
diff --git a/charts/yurthub/templates/yurthub-cfg.yaml b/charts/yurthub/templates/yurthub-cfg.yaml
@@ -0,0 +1,110 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: yurt-hub
+rules:
+  - apiGroups:
+      - ""
+    resources:
+      - events
+    verbs:
+      - get
+  - apiGroups:
+      - apps.openyurt.io
+    resources:
+      - nodepools
+    verbs:
+      - list
+      - watch
+  - apiGroups:
+      - ""
+    resources:
+      - configmaps
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - ""
+    resources:
+      - secrets
+    resourceNames:
+      - pool-coordinator-yurthub-certs
+    verbs:
+      - list
+      - watch
+  - apiGroups:
+      - "coordination.k8s.io"
+    resources:
+      - leases
+    verbs:
+      - get
+      - update
+  - apiGroups:
+      - "discovery.k8s.io"
+    resources: 
+      - "endpointslices"
+    verbs:
+      - list
+      - watch
+  - apiGroups:
+      - ""
+    resources:
+      - "endpoints"
+    verbs:
+      - list
+      - watch
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: yurt-hub
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: yurt-hub
+subjects:
+  - apiGroup: rbac.authorization.k8s.io
+    kind: Group
+    name: system:nodes
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: yurt-hub-yurt-static-set-role
+rules:
+  - apiGroups:
+      - ""
+    resources:
+      - configmaps
+    resourceNames:
+      - yurt-static-set-yurt-hub
+      - yurt-static-set-yurt-hub-cloud
+    verbs:
+      - get
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: bootstrap-static-pod
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: yurt-hub-yurt-static-set-role
+subjects:
+  - apiGroup: rbac.authorization.k8s.io
+    kind: Group
+    name: system:bootstrappers
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: yurt-hub-cfg
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "yurthub.labels" . | nindent 4 }}
+data:
+  cache_agents: {{ .Values.cacheAgents | quote }}
+  servicetopology: ""
+  discardcloudservice: ""
+  masterservice: ""
diff --git a/charts/yurthub/templates/yurthub-cloud-yurtstaticset.yaml b/charts/yurthub/templates/yurthub-cloud-yurtstaticset.yaml
@@ -0,0 +1,71 @@
+apiVersion: apps.openyurt.io/v1alpha1
+kind: YurtStaticSet
+metadata:
+  name: yurt-hub-cloud
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "yurthub.labels" . | nindent 4 }}
+spec:
+  staticPodManifest: yurthub
+  template:
+    metadata:
+      labels:
+        k8s-app: yurt-hub-cloud
+    spec:
+      volumes:
+        - name: hub-dir
+          hostPath:
+            path: /var/lib/yurthub
+            type: DirectoryOrCreate
+        - name: kubernetes
+          hostPath:
+            path: /etc/kubernetes
+            type: Directory
+      containers:
+        - name: yurt-hub
+          image: {{ .Values.image.registry }}/{{ .Values.image.repository }}:{{ .Values.image.tag }}
+          imagePullPolicy: IfNotPresent
+          volumeMounts:
+            - name: hub-dir
+              mountPath: /var/lib/yurthub
+            - name: kubernetes
+              mountPath: /etc/kubernetes
+          command:
+            - yurthub
+            - --v=2
+            - --bind-address={{ .Values.yurthubBindingAddr }}
+            - --server-addr={{ include "yurthub.getServerAddress" . }}
+            - --node-name=$(NODE_NAME)
+            - --bootstrap-file={{ .Values.bootstrapFile }}
+            - --working-mode=cloud
+            - --namespace={{ .Release.Namespace }}
+            {{- if .Values.organizations }}
+            - --hub-cert-organizations={{ .Values.organizations }}
+            {{- end }}
+          livenessProbe:
+            httpGet:
+              host: {{ .Values.yurthubBindingAddr }}
+              path: /v1/healthz
+              port: 10267
+            initialDelaySeconds: 300
+            periodSeconds: 5
+            failureThreshold: 3
+          resources:
+            requests:
+              cpu: 150m
+              memory: 150Mi
+            limits:
+              memory: 300Mi
+          securityContext:
+            capabilities:
+              add: [ "NET_ADMIN", "NET_RAW" ]
+          env:
+            - name: NODE_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: spec.nodeName
+      hostNetwork: true
+      priorityClassName: system-node-critical
+      priority: 2000001000
+
+
diff --git a/charts/yurthub/templates/yurthub-yurtstaticset.yaml b/charts/yurthub/templates/yurthub-yurtstaticset.yaml
@@ -0,0 +1,71 @@
+apiVersion: apps.openyurt.io/v1alpha1
+kind: YurtStaticSet
+metadata:
+  name: yurt-hub
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "yurthub.labels" . | nindent 4 }}
+spec:
+  staticPodManifest: yurthub
+  template:
+    metadata:
+      labels:
+        k8s-app: yurt-hub
+    spec:
+      volumes:
+        - name: hub-dir
+          hostPath:
+            path: /var/lib/yurthub
+            type: DirectoryOrCreate
+        - name: kubernetes
+          hostPath:
+            path: /etc/kubernetes
+            type: Directory
+      containers:
+        - name: yurt-hub
+          image: {{ .Values.image.registry }}/{{ .Values.image.repository }}:{{ .Values.image.tag }}
+          imagePullPolicy: IfNotPresent
+          volumeMounts:
+            - name: hub-dir
+              mountPath: /var/lib/yurthub
+            - name: kubernetes
+              mountPath: /etc/kubernetes
+          command:
+            - yurthub
+            - --v=2
+            - --bind-address={{ .Values.yurthubBindingAddr }}
+            - --server-addr={{ include "yurthub.getServerAddress" . }}
+            - --node-name=$(NODE_NAME)
+            - --bootstrap-file={{ .Values.bootstrapFile }}
+            - --working-mode=edge
+            - --namespace={{ .Release.Namespace }}
+            {{- if .Values.organizations }}
+            - --hub-cert-organizations={{ .Values.organizations }}
+            {{- end }}
+          livenessProbe:
+            httpGet:
+              host: {{ .Values.yurthubBindingAddr }}
+              path: /v1/healthz
+              port: 10267
+            initialDelaySeconds: 300
+            periodSeconds: 5
+            failureThreshold: 3
+          resources:
+            requests:
+              cpu: 150m
+              memory: 150Mi
+            limits:
+              memory: 300Mi
+          securityContext:
+            capabilities:
+              add: [ "NET_ADMIN", "NET_RAW" ]
+          env:
+            - name: NODE_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: spec.nodeName
+      hostNetwork: true
+      priorityClassName: system-node-critical
+      priority: 2000001000
+
+
diff --git a/charts/yurthub/values.yaml b/charts/yurthub/values.yaml
@@ -0,0 +1,30 @@
+# Default values for yurthub.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+
+nameOverride: ""
+
+cacheAgents: ""
+
+yurthubBindingAddr: 127.0.0.1
+kuberneteServerAddr:
+  manual:
+    enabled: false
+    host: 127.0.0.1
+    port: 6443
+  lookup:
+    enabled: true
+    secretRef:
+      name: hetzner
+      namespace: kube-system
+      keys:
+        host: apiserver-host
+        port: apiserver-port
+
+bootstrapFile: "/var/lib/yurthub/bootstrap-hub.conf"
+organizations: ""
+
+image:
+  registry: openyurt
+  repository: yurthub
+  tag: v1.3.4