diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000..c52e328 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,10 @@ +version: 2 +updates: + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: "daily" + - package-ecosystem: "docker" + directory: "/" + schedule: + interval: "daily" diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml new file mode 100644 index 0000000..78c858e --- /dev/null +++ b/.github/workflows/main.yml @@ -0,0 +1,459 @@ +name: Build +on: + schedule: + - cron: '0 8 * * *' + + # Allows you to run this workflow manually from the Actions tab + workflow_dispatch: + +env: + DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }} + DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }} + +jobs: + buildc-git: + runs-on: ubuntu-20.04 + steps: + - name: Checkout + uses: actions/checkout@v4.1.0 + - name: Build git container + run: ./containers/build git + buildc-curl-jq: + runs-on: ubuntu-20.04 + steps: + - name: Checkout + uses: actions/checkout@v4.1.0 + - name: Build curl-jq container + run: ./containers/build curl-jq + buildc-gitlab-runner-operator: + runs-on: ubuntu-20.04 + steps: + - name: Checkout + uses: actions/checkout@v4.1.0 + - name: Build gitlab-runner-operator container + run: ./containers/build gitlab-runner-operator + buildc-tenant-namespace-operator: + runs-on: ubuntu-20.04 + steps: + - name: Checkout + uses: actions/checkout@v4.1.0 + - name: Build tenant-namespace-operator container + run: ./containers/build tenant-namespace-operator + buildc-pixiecore: + runs-on: ubuntu-20.04 + steps: + - name: Checkout + uses: actions/checkout@v4.1.0 + - name: Build pixiecore container + run: ./containers/build pixiecore + buildc-ipmitool: + runs-on: ubuntu-20.04 + steps: + - name: Checkout + uses: actions/checkout@v4.1.0 + - name: Build ipmitool container + run: ./containers/build ipmitool + buildc-ipmi-exporter: + runs-on: ubuntu-20.04 + steps: + - name: Checkout + uses: actions/checkout@v4.1.0 + - name: Build ipmi-exporter container + run: ./containers/build ipmi-exporter + buildc-dhcpd: + runs-on: ubuntu-20.04 + steps: + - name: Checkout + uses: actions/checkout@v4.1.0 + - name: Build dhcpd container + run: ./containers/build dhcpd + buildc-inotify-tools: + runs-on: ubuntu-20.04 + steps: + - name: Checkout + uses: actions/checkout@v4.1.0 + - name: Build inotify-tools container + run: ./containers/build inotify-tools + buildc-chronyd: + runs-on: ubuntu-20.04 + steps: + - name: Checkout + uses: actions/checkout@v4.1.0 + - name: Build chronyd container + run: ./containers/build chronyd + buildc-debug-toolbox: + runs-on: ubuntu-20.04 + steps: + - name: Checkout + uses: actions/checkout@v4.1.0 + - name: Build debug-toolbox container + run: ./containers/build debug-toolbox + buildc-smartctl-exporter: + runs-on: ubuntu-20.04 + steps: + - name: Checkout + uses: actions/checkout@v4.1.0 + - name: Build smartctl-exporter container + run: ./containers/build smartctl-exporter + buildc-rpms-containerd: + runs-on: ubuntu-20.04 + needs: + - buildc-rpms-node-base + steps: + - name: Checkout + uses: actions/checkout@v4.1.0 + - name: Build rpms-containerd container + env: + RPM_GPG_KEY: ${{ secrets.RPM_GPG_KEY }} + run: | + printf "%s" "$RPM_GPG_KEY" > rpm.priv + ./containers/build rpms-containerd + printf "%s" "$RPM_GPG_KEY" > rpm.priv + ./containers/build rpms-containerd9 + rm -f rpm.priv + buildc-rpms-node-base: + runs-on: ubuntu-20.04 + steps: + - name: Checkout + uses: actions/checkout@v4.1.0 + - name: Build rpms-node-base container + env: + RPM_GPG_KEY: ${{ secrets.RPM_GPG_KEY }} + run: | + printf "%s" "$RPM_GPG_KEY" > rpm.priv + ./containers/build rpms-node-base + printf "%s" "$RPM_GPG_KEY" > rpm.priv + ./containers/build rpms-node-base9 + rm -f rpm.priv + buildc-rpms-openvswitch: + runs-on: ubuntu-20.04 + needs: + - buildc-rpms-node-base + steps: + - name: Checkout + uses: actions/checkout@v4.1.0 + - name: Build rpms-openvswitch container + env: + RPM_GPG_KEY: ${{ secrets.RPM_GPG_KEY }} + run: | + printf "%s" "$RPM_GPG_KEY" > rpm.priv + ./containers/build rpms-openvswitch + printf "%s" "$RPM_GPG_KEY" > rpm.priv + ./containers/build rpms-openvswitch9 + rm -f rpm.priv + buildc-rpms-k8s-22: + runs-on: ubuntu-20.04 + needs: + - buildc-rpms-node-base + steps: + - name: Checkout + uses: actions/checkout@v4.1.0 + - name: Build rpms-kubernetes container 1.22 + env: + RPM_GPG_KEY: ${{ secrets.RPM_GPG_KEY }} + run: | + printf "%s" "$RPM_GPG_KEY" > rpm.priv + ./containers/build rpms-kubernetes 1.22 + rm -f rpm.priv + buildc-rpms-k8s-23: + runs-on: ubuntu-20.04 + needs: + - buildc-rpms-node-base + steps: + - name: Checkout + uses: actions/checkout@v4.1.0 + - name: Build rpms-kubernetes container 1.23 + env: + RPM_GPG_KEY: ${{ secrets.RPM_GPG_KEY }} + run: | + printf "%s" "$RPM_GPG_KEY" > rpm.priv + ./containers/build rpms-kubernetes 1.23 + rm -f rpm.priv + buildc-rpms-k8s-24: + runs-on: ubuntu-20.04 + needs: + - buildc-rpms-node-base + steps: + - name: Checkout + uses: actions/checkout@v4.1.0 + - name: Build rpms-kubernetes container 1.24 + env: + RPM_GPG_KEY: ${{ secrets.RPM_GPG_KEY }} + run: | + printf "%s" "$RPM_GPG_KEY" > rpm.priv + ./containers/build rpms-kubernetes 1.24 + printf "%s" "$RPM_GPG_KEY" > rpm.priv + ./containers/build rpms-kubernetes9 1.24 + rm -f rpm.priv + buildc-rpms-k8s-25: + runs-on: ubuntu-20.04 + needs: + - buildc-rpms-node-base + steps: + - name: Checkout + uses: actions/checkout@v4.1.0 + - name: Build rpms-kubernetes container 1.25 + env: + RPM_GPG_KEY: ${{ secrets.RPM_GPG_KEY }} + run: | + printf "%s" "$RPM_GPG_KEY" > rpm.priv + ./containers/build rpms-kubernetes9 1.25 + rm -f rpm.priv + buildc-rpms-k8s-21: + runs-on: ubuntu-20.04 + needs: + - buildc-rpms-node-base + steps: + - name: Checkout + uses: actions/checkout@v4.1.0 + - name: Build rpms-kubernetes container 1.21 + env: + RPM_GPG_KEY: ${{ secrets.RPM_GPG_KEY }} + run: | + printf "%s" "$RPM_GPG_KEY" > rpm.priv + ./containers/build rpms-kubernetes 1.21 + rm -f rpm.priv + buildc-rpms-k8s-28: + runs-on: ubuntu-20.04 + needs: + - buildc-rpms-node-base + steps: + - name: Checkout + uses: actions/checkout@v4.1.0 + - name: Build rpms-kubernetes container 1.28 + env: + RPM_GPG_KEY: ${{ secrets.RPM_GPG_KEY }} + run: | + printf "%s" "$RPM_GPG_KEY" > rpm.priv + ./containers/build rpms-kubernetes9 1.28 + rm -f rpm.priv + buildc-anaconda: + runs-on: ubuntu-20.04 + steps: + - name: Checkout + uses: actions/checkout@v4.1.0 + - name: Build anaconda container + run: ./containers/build anaconda + - name: Build anaconda9 container + run: ./containers/build anaconda9 + + build-node-image-22: + runs-on: ubuntu-20.04 + needs: + - buildc-rpms-node-base + - buildc-rpms-containerd + - buildc-rpms-openvswitch + - buildc-rpms-k8s-22 + steps: + - name: Checkout + uses: actions/checkout@v4.1.0 + - name: Build full k8s node image 1.22 + env: + RPM_GPG_KEY: ${{ secrets.RPM_GPG_KEY }} + run: | + printf "%s" "$RPM_GPG_KEY" > rpm.priv + ./containers/build k8s-node-image 1.22 + rm -f rpm.priv + build-node-image-23: + runs-on: ubuntu-20.04 + needs: + - buildc-rpms-node-base + - buildc-rpms-containerd + - buildc-rpms-openvswitch + - buildc-rpms-k8s-23 + steps: + - name: Checkout + uses: actions/checkout@v4.1.0 + - name: Build full k8s node image 1.23 + env: + RPM_GPG_KEY: ${{ secrets.RPM_GPG_KEY }} + run: | + printf "%s" "$RPM_GPG_KEY" > rpm.priv + ./containers/build k8s-node-image 1.23 + rm -f rpm.priv + build-node-image-24: + runs-on: ubuntu-20.04 + needs: + - buildc-rpms-node-base + - buildc-rpms-containerd + - buildc-rpms-openvswitch + - buildc-rpms-k8s-24 + steps: + - name: Checkout + uses: actions/checkout@v4.1.0 + - name: Build full k8s node image 1.24 + env: + RPM_GPG_KEY: ${{ secrets.RPM_GPG_KEY }} + run: | + printf "%s" "$RPM_GPG_KEY" > rpm.priv + ./containers/build k8s-node-image 1.24 + printf "%s" "$RPM_GPG_KEY" > rpm.priv + ./containers/build k8s-node-image9 1.24 + rm -f rpm.priv + build-node-image-25: + runs-on: ubuntu-20.04 + needs: + - buildc-rpms-node-base + - buildc-rpms-containerd + - buildc-rpms-openvswitch + - buildc-rpms-k8s-25 + steps: + - name: Checkout + uses: actions/checkout@v4.1.0 + - name: Build full k8s node image 1.25 + env: + RPM_GPG_KEY: ${{ secrets.RPM_GPG_KEY }} + run: | + printf "%s" "$RPM_GPG_KEY" > rpm.priv + ./containers/build k8s-node-image9 1.25 + rm -f rpm.priv + build-node-image-21: + runs-on: ubuntu-20.04 + needs: + - buildc-rpms-node-base + - buildc-rpms-containerd + - buildc-rpms-openvswitch + - buildc-rpms-k8s-21 + steps: + - name: Checkout + uses: actions/checkout@v4.1.0 + - name: Build full k8s node image 1.21 + env: + RPM_GPG_KEY: ${{ secrets.RPM_GPG_KEY }} + run: | + printf "%s" "$RPM_GPG_KEY" > rpm.priv + ./containers/build k8s-node-image 1.21 + rm -f rpm.priv + build-node-image-28: + runs-on: ubuntu-20.04 + needs: + - buildc-rpms-node-base + - buildc-rpms-containerd + - buildc-rpms-openvswitch + - buildc-rpms-k8s-28 + steps: + - name: Checkout + uses: actions/checkout@v4.1.0 + - name: Build full k8s node image 1.28 + env: + RPM_GPG_KEY: ${{ secrets.RPM_GPG_KEY }} + run: | + printf "%s" "$RPM_GPG_KEY" > rpm.priv + ./containers/build k8s-node-image9 1.28 + rm -f rpm.priv + + buildc-anaconda-nginx: + runs-on: ubuntu-20.04 + needs: + - buildc-anaconda + steps: + - name: Checkout + uses: actions/checkout@v4.1.0 + - name: Build anaconda+nginx container + run: ./containers/build anaconda-nginx + - name: Build anaconda+nginx9 container + run: ./containers/build anaconda-nginx9 + build-node-image-22-nginx: + runs-on: ubuntu-20.04 + needs: + - build-node-image-22 + steps: + - name: Checkout + uses: actions/checkout@v4.1.0 + - name: Build k8s-node-image+nginx container 1.22 + run: ./containers/build k8s-node-image-nginx 1.22 + build-node-image-23-nginx: + runs-on: ubuntu-20.04 + needs: + - build-node-image-23 + steps: + - name: Checkout + uses: actions/checkout@v4.1.0 + - name: Build k8s-node-image+nginx container 1.23 + run: ./containers/build k8s-node-image-nginx 1.23 + build-node-image-24-nginx: + runs-on: ubuntu-20.04 + needs: + - build-node-image-24 + steps: + - name: Checkout + uses: actions/checkout@v4.1.0 + - name: Build k8s-node-image+nginx container 1.24 + run: ./containers/build k8s-node-image-nginx 1.24 + - name: Build k8s-node-image+nginx9 container 1.24 + run: ./containers/build k8s-node-image-nginx9 1.24 + build-node-image-25-nginx: + runs-on: ubuntu-20.04 + needs: + - build-node-image-25 + steps: + - name: Checkout + uses: actions/checkout@v4.1.0 + - name: Build k8s-node-image+nginx9 container 1.25 + run: ./containers/build k8s-node-image-nginx9 1.25 + build-node-image-21-nginx: + runs-on: ubuntu-20.04 + needs: + - build-node-image-21 + steps: + - name: Checkout + uses: actions/checkout@v4.1.0 + - name: Build k8s-node-image+nginx container 1.21 + run: ./containers/build k8s-node-image-nginx 1.21 + build-node-image-28-nginx: + runs-on: ubuntu-20.04 + needs: + - build-node-image-28 + steps: + - name: Checkout + uses: actions/checkout@v4.1.0 + - name: Build k8s-node-image+nginx9 container 1.28 + run: ./containers/build k8s-node-image-nginx9 1.28 + + build-image-library-charts: + runs-on: ubuntu-20.04 + needs: + - buildc-anaconda-nginx + - buildc-chronyd + - buildc-debug-toolbox + - buildc-dhcpd + - buildc-inotify-tools + - buildc-ipmi-exporter + - buildc-ipmitool + - build-node-image-22-nginx + - build-node-image-23-nginx + - build-node-image-24-nginx + - build-node-image-25-nginx + - build-node-image-21-nginx + - build-node-image-28-nginx + - buildc-pixiecore + - buildc-smartctl-exporter + env: + GITHUB_LIBRARY_CHARTS_TOKEN: ${{ secrets.GIT_LIBRARY_CHARTS_TOKEN }} + steps: + - name: Checkout + uses: actions/checkout@v4.1.0 + - name: Configure Git + run: | + git config --global user.name "$GITHUB_ACTOR" + git config --global user.email "$GITHUB_ACTOR@users.noreply.github.com" + - name: Build image library charts + run: ./charts/image-library-charts/buildall + + build-charts: + runs-on: ubuntu-20.04 + needs: + - build-image-library-charts + - buildc-gitlab-runner-operator + - buildc-tenant-namespace-operator + env: + GITHUB_LIBRARY_CHARTS_TOKEN: ${{ secrets.GIT_LIBRARY_CHARTS_TOKEN }} + steps: + - name: Checkout + uses: actions/checkout@v4.1.0 + - name: Configure Git + run: | + git config --global user.name "$GITHUB_ACTOR" + git config --global user.email "$GITHUB_ACTOR@users.noreply.github.com" + - name: Build charts + run: ./charts/charts/buildall diff --git a/.travis.yml b/.travis.yml index fca82ba..d4114b8 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,4 +1,183 @@ jobs: include: - - stage: build - script: ./container/build ipmitool + - stage: build + dist: xenial + language: shell + name: Build curl-jq container + script: ./containers/build curl-jq + - stage: build + dist: xenial + language: shell + name: Build gitlab-runner-operator container + script: ./containers/build gitlab-runner-operator + - stage: build + dist: xenial + language: shell + name: Build tenant-namespace-operator container + script: ./containers/build tenant-namespace-operator + - stage: build + dist: xenial + language: shell + name: Build py2lint container + script: ./containers/build py2lint + - stage: build + dist: xenial + language: shell + name: Build pixiecore container + script: ./containers/build pixiecore + - stage: build + dist: xenial + language: shell + name: Build ipmitool container + script: ./containers/build ipmitool + - stage: build + dist: xenial + language: shell + name: Build ipmi-exporter container + script: ./containers/build ipmi-exporter + - stage: build + dist: xenial + language: shell + name: Build dhcpd container + script: ./containers/build dhcpd + - stage: build + dist: xenial + language: shell + name: Build inotify-tools container + script: ./containers/build inotify-tools + - stage: build + dist: xenial + language: shell + name: Build chronyd container + script: ./containers/build chronyd + - stage: build + dist: xenial + language: shell + name: Build debug-toolbox container + script: ./containers/build debug-toolbox + - stage: build + dist: xenial + language: shell + name: Build smartctl-exporter container + script: ./containers/build smartctl-exporter + - stage: build + before_install: &upgradedocker + - curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add - + - sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" + - sudo apt-get update + - sudo apt-get -y -o Dpkg::Options::="--force-confnew" install docker-ce + - openssl aes-256-cbc -K $encrypted_94b98ec18b77_key -iv $encrypted_94b98ec18b77_iv -in rpm.priv.enc -out rpm.priv -d + dist: xenial + language: shell + name: Build rpms-containerd container + script: ./containers/build rpms-containerd + - stage: build + before_install: *upgradedocker + dist: xenial + language: shell + name: Build rpms-node-base container + script: ./containers/build rpms-node-base + - stage: build + before_install: *upgradedocker + dist: xenial + language: shell + name: Build rpms-openvswitch container + script: ./containers/build rpms-openvswitch + - stage: build + before_install: *upgradedocker + dist: xenial + language: shell + name: Build rpms-kubernetes container 1.16 + script: ./containers/build rpms-kubernetes 1.16 + - stage: build + before_install: *upgradedocker + dist: xenial + language: shell + name: Build rpms-kubernetes container 1.17 + script: ./containers/build rpms-kubernetes 1.17 + - stage: build + before_install: *upgradedocker + dist: xenial + language: shell + name: Build rpms-kubernetes container 1.18 + script: ./containers/build rpms-kubernetes 1.18 + - stage: build + before_install: *upgradedocker + dist: xenial + language: shell + name: Build rpms-kubernetes container 1.15 + script: ./containers/build rpms-kubernetes 1.15 + - stage: build + dist: xenial + language: shell + name: Build anaconda container + script: ./containers/build anaconda + - stage: build-full-image + before_install: *upgradedocker + dist: xenial + language: shell + name: Build full k8s node image 1.16 + script: ./containers/build k8s-node-image 1.16 + - stage: build-full-image + before_install: *upgradedocker + dist: xenial + language: shell + name: Build full k8s node image 1.17 + script: ./containers/build k8s-node-image 1.17 + - stage: build-full-image + before_install: *upgradedocker + dist: xenial + language: shell + name: Build full k8s node image 1.18 + script: ./containers/build k8s-node-image 1.18 + - stage: build-full-image + before_install: *upgradedocker + dist: xenial + language: shell + name: Build full k8s node image 1.15 + script: ./containers/build k8s-node-image 1.15 + - stage: build-nginx + dist: xenial + language: shell + name: Build anaconda+nginx container + script: ./containers/build anaconda-nginx + - stage: build-nginx + dist: xenial + language: shell + name: Build k8s-node-image+nginx container 1.16 + script: ./containers/build k8s-node-image-nginx 1.16 + - stage: build-nginx + dist: xenial + language: shell + name: Build k8s-node-image+nginx container 1.17 + script: ./containers/build k8s-node-image-nginx 1.17 + - stage: build-nginx + dist: xenial + language: shell + name: Build k8s-node-image+nginx container 1.18 + script: ./containers/build k8s-node-image-nginx 1.18 + - stage: build-nginx + dist: xenial + language: shell + name: Build k8s-node-image+nginx container 1.15 + script: ./containers/build k8s-node-image-nginx 1.15 + - stage: build-image-library-charts + dist: xenial + language: shell + name: Build image library charts + script: ./charts/image-library-charts/buildall + - stage: build-charts + dist: xenial + language: shell + name: Build charts + script: ./charts/charts/buildall +env: + global: + - secure: U5KTbwJ4mk5R6LQmCIeXUYJahoPsnn9IjU+zYL8Wo60bYUL0KWItmfrfbWQL09g365B61qgmx2OeJOgZ27oS4rKi+BFw3OqVvbBypZm7UCwml4uKRVA5BTMNnCYDL5o5N4Q+uFbBvdiw1TM+NjgHd2E4F32FeJWRp5teGlXK0fzzPQS7Vpv4ZvGlAyKGlozg0nzhq2XygtNyDsMFY0760WBjpeXkijvjcwD+/W+bGvISTRD4VTV8/+bRIGcWoat3CmYEumsqoT2Vj3/onWh/NWDWUeyJ9FHgLdRypcWf9XDKjFxa2bV5yqguxU7HOaGS4qWDsKF1DDRGne3HCRvzPrwS71j5tT3t+9B6XwXC9RVjjVcv3IFWUZwn1Sr1lwxiyteRDbE8j+1S7AXwsfHQc4mViM/sux/56ydJ6llm1ktnfyM+F0khdJpLU4RJTcLia9FaI+XZ61CIC1G+KhWrCpe0u+NWIVwSJL7wJHkzeYY7a671JSk9cGBl6NeJBdYv7DCuhxn5nqOv54eyqNlXM6u9WaIPweAg7sJy0wU/D2eND+3TtZ9o3qosWNNZ5lwPSKu6JCmzdIBliXwnf5PYl9jXr1QefJdDCAoXSq6MLErMznLTWAnmGQqEYc2UKKbOYned2GtFLGbOgSuoXl04EAlXo9wutIfIiTptutqxa10= + - secure: vpOauVLGBtEKoMV8k/1FKYI5xAiZYXx9WkYX9QnmPtuEHuOXiED8/vuyKj45tnTPWIjymNXlsU719x0zx6RTHXCDULTU4J8jU8iXUJibj3/mDRdIo5LI3HGIKN9KdBCfMonlSl5IHJKgNwUGjyDnagimdbCkNYbykEwjxG1CHVyWDzeSfEXNVGqmXZXtw5vYRfHyYt93LD4kgcF6+zEKV2XSkgfwkp8fIdiSDE52o+9O4jlFfpfmK0QRppUzYLIpo+YwhieoASfRLwyXtjjA7YnlbOsgGk42WqmIYZEAsEBONlAZ5xwVGJ+LY9qBfb3NDj4WBT0bSC2c6oxgOdQr69RUmd//z1hZfbO2HGl6HY6//14xll8OXexbw9SQB/N3oTaSP0g+F8ts0L8CsQ2m930KYV8XKxkiVBGoLkRjGGgzJnPcwjWD1hkm3lKDRc9p1viVVusDqMSLhi7d8IlmZ0P1p6XLEbkjqFp/LdLfGIFqpa5XR9BB/Q0cfxh1wiAP8syUbKAF6B/UzIJuHRtMTEPoLOK8X1Go4dRngtbnZ3RCf3S3GEYRNAE4N80O4YZBa0dRmvxaIThGh2xL0teBnPTQrdQte1ZZGxCJ9pbE8qZfNJm3+CWFb57gg3CfIIAEAbRlcWVyrls4BZ9qjmpidhmucn9FzAQLgfXxJi7C4xk= + - secure: Btw0mJYvC0Mju/VwRg1U9uVT/ivPviSiJs0FyqovDXquW/a5h3A1o9zQAxDN0zzLpiJsrzswLbbAHUjJ3BMT3iZtuzSTrJQMrs4WKMofZdQd6ynLClEyYju+N5jffa5rD6gfdg8JnRr4QyTsjFiZsmexPd855eRzZxG0LfCeV58XzICVwoe+RawRFN1MXu0N8lOMjnfFx7FWciSNhSQ4B4gh/PJ/zd2XK/jGISL8ZNoESTxhL1408yeQy3p37kOluW/t9CDu1GIgE2PrVK4UNb8d0ZZIsHcz57DqTdxA5kf3PDP8OBfWOlnYE3PGQH4cGB2y221HQ2L39jPHpZSunrPJ2vqzHjYAVCb/ldH37YTKqgAkcButHvO43KPeo+nj/V/dc7leKXgbLMf5DnRqjrjjeYJay7831Ga9HcIe4QzvltEFOEd81DM/C32eT/reKYA2P1xSiJRMC8FzDb3bh/oFFsA/HHiyAGRtuQ6+uvXCQIXzTFBpYncNmyJP15+TUdwNq8s6Jzi5R94HL2AvQg6Q2lOieVFatPiFbxUEmbCUq46SckQ5ezE1MjXFsXeD0Wg1nENrf0MK1i2UcDhzp6CVm/3H9KiFh4U6yQF8r++uvFgcpv9/c15+JOwGQKyD6HbQ0psDRUikH/Yyax1Du6JahGqzZ2D4GVsgXjqNv2w= + - secure: uAHTeic5vNb28s7rw9KoYoqVRBP/7b/UXTHZWK042YN4ZCb4aiUwdQiaP5QSbtSfLt2ei89ZULS/HFboWlpzH2ZvsP+PhywUPn1SXVq3b2z9lrm4ba6p1o6p4LRNlNeRfuKvNfZTMmG76HpPeg2Yi3Fy8i+xDH1ezeV/ih0Hpz0Iqvk8dKzrrgWCeEdoT+viyGqEku3hdGApABlKvJ2YXqCwZQixieaxhr7Gdo4jAWB6QAQZEIHBCCDR5kPiQBrkiaO91TaYNaimL5NiES4NCivqKZanl7kByGKj8IP9PjmgQNxBftncscOl+jJ8zJQthOncVPycpbb2NtZvRfHJF8L833cDHgrSDzpLh4chaAAkOvGKLsUqyJoDjriWbP04CFLDN3fpEwSR3w7xGzO50ZCfm8rsckYbD9Ij8QktTNTJ/+DY2wUpmBryuy9S7j5H7MnxrqNt6iC+vxzV9fRl4cnhEHjNUicjcSl7OI5vn/e9qMaOszNzI6B0+kA/zdsmXzBzgD4EnS51Ne3Y7dlMNZmC/EoehO+K91hYjaEnvTAqWKH1N7KDUjwi+yFylsqs/kp3WeDTDHDnjDaQTQTGJnOZqaOahcCrya14knYfAYzHLAkseVF6tG3gx0RNjBbzZ3v4GkQ9Ox4cEsZbXH13EFFGnR4Nh1rgGmWkbVPU6iI= + - secure: vCknjA6iPf6KLVx+bJUC2gIT/upfq1Q2bb0Qslvy7ULeoha8l1p4+Ir3rJyuyDt6I6jdum52gV2PvnuVE9w5K3yW9QUh+2Oy7rumsnKh4WO6ksDxVqaK2sVpiFxvUwvOIGOw/MfP2rhcDm+xk8mf/3xsf9fG7NlPmxy6tYreFURkqpEoaPQxUdaLaFqS9vWLyyNQLTwLhASQZ+9bUIXhwTjobZjMXB5GHxkIi3gsk5aUy5UwXpK47edFhXU7K8pSwpzI+Txf1zjPzzFDzqjATrW4BufZvpTEligSZWm/T5RF55MbGgGF7wA7C4SoTVLSMN1eovNvldSTVByFuDeyqIlYk/PDrVHHDbjHIUms9cRukN5csd3nW9LYYWoXAQr4KVWTLniOnGJqj9R6Dmb+pEbPdpwOfa89dH/zkCbGX2RZQkmIbpqjs5x0Bvqjdf8+Qakode1cWWW24SPDEpQ2A7O1AhGj4eYb6XbeQSRBLK0h9lWG8hfb7jcn0mE2GIVCv7P7gaLaJlZ8ZytjWMES5ON6bBhipf0OnbqVEh0tdMdCXhoI5/5dudtho6JyX6LqXDFFccmRHjmkI/84Fopd22gvikjn3zGdo2fkJGRIbu8roaDhgybhO3fp9Jixh62du7bIkiDiQWRu0qu/OA27xEb37D2IKZGnuO8Zk5pxPow= +notifications: + email: + - Kevin.Fox@pnnl.gov diff --git a/README.md b/README.md index 2d533f5..b7f246d 100644 --- a/README.md +++ b/README.md @@ -1 +1,5 @@ # miscscripts + +[![Build](https://github.com/pnnl-miscscripts/miscscripts/workflows/Build/badge.svg)](https://github.com/pnnl-miscscripts/miscscripts/actions?query=workflow%3ABuild) + +This repository houses a bunch of miscellaneous scripts, docker files, helm charts, etc that we have built up over time that could be useful to others. diff --git a/bin/debug-host-pod b/bin/debug-host-pod new file mode 100755 index 0000000..a7123a7 --- /dev/null +++ b/bin/debug-host-pod @@ -0,0 +1,84 @@ +#!/bin/bash + +DEBUGTOOLBOXIMAGE=${DEBUGTOOLBOXIMAGE:-pnnlmiscscripts/debug-toolbox} + +mykubectl () { +if [ "x$NAMESPACE" != "x" ]; then + kubectl -n "$NAMESPACE" "$@" +else + kubectl "$@" +fi +} + +SERVICEACCOUNT=${SERVICEACCOUNT:-default} + +if [ "x$1" == "x" ]; then + echo "Usage: $0 " + exit -1 +fi + +echo Attaching debug container to hostname "$1" + +SHORT=$(echo $1 | tr '.' '-') + +cat <" + exit -1 +fi + +echo Attaching debug container to hostname "$1" + +SHORT=$(echo $1 | tr '.' '-') + +cat < get_helm.sh + chmod 700 get_helm.sh + ./get_helm.sh + helm repo add stable https://charts.helm.sh/stable +fi + +mkdir -p charts/docs +mkdir -p charts/tags +mkdir -p charts/vers + +helm repo add pnnl-miscscripts-image-library-charts https://pnnl-miscscripts.github.io/image-library-charts/ +helm repo add pnnl-miscscripts https://pnnl-miscscripts.github.io/charts/ +helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx +helm repo update + +for ver in 1-21 1-22 1-23 1-24; do + cp -a k8s-node-image k8s-node-image-$ver + sed -i "s@k8s-node-image-nginx-1-14@k8s-node-image-nginx-$ver@g" k8s-node-image-$ver/Chart.yaml k8s-node-image-$ver/values.yaml + sed -i "s@^name:.*@name: k8s-node-image-$ver@g" k8s-node-image-$ver/Chart.yaml + pushd k8s-node-image-$ver 2>/dev/null + helm dep up --skip-refresh + popd 2>/dev/null + APPVER=$(helm inspect chart k8s-node-image-$ver/charts/k8s-node-image-nginx-*.tgz | sort | awk '{if(/^(appVersion):/){print $2}}') + sed -i "s@^appVersion:.*@appVersion: k8s-node-image-$APPVER@g" k8s-node-image-$ver/Chart.yaml + #FIXME + #IMAGETAG=$(tar -zxOf k8s-node-image-$ver/charts/k8s-node-image-nginx-*.tgz k8s-node-image-nginx/files/metadata.json | jq -r .tag ) + #sed IMAGETAG into README.md +done + +for ver in 1-24 1-25 1-28; do + cp -a k8s-node-image9 k8s-node-image9-$ver + sed -i "s@k8s-node-image-nginx9-1-24@k8s-node-image-nginx9-$ver@g" k8s-node-image9-$ver/Chart.yaml k8s-node-image9-$ver/values.yaml + sed -i "s@^name:.*@name: k8s-node-image9-$ver@g" k8s-node-image9-$ver/Chart.yaml + pushd k8s-node-image9-$ver 2>/dev/null + helm dep up --skip-refresh + popd 2>/dev/null + APPVER=$(helm inspect chart k8s-node-image9-$ver/charts/k8s-node-image-nginx9-*.tgz | sort | awk '{if(/^(appVersion):/){print $2}}') + sed -i "s@^appVersion:.*@appVersion: k8s-node-image9-$APPVER@g" k8s-node-image9-$ver/Chart.yaml + #FIXME + #IMAGETAG=$(tar -zxOf k8s-node-image-$ver/charts/k8s-node-image-nginx-*.tgz k8s-node-image-nginx/files/metadata.json | jq -r .tag ) + #sed IMAGETAG into README.md +done + +CHANGE=0 +for CHART in nginx-app console chronyd dhcpd ipmi-exporter kubeupdater k8s-node-image k8s-node-image9 tenant-namespace pixiecore pixiecore-simpleconfig gitlab-runner-operator tenant-namespace-operator smartctl-exporter grafana-misc-dashboards magic-namespace; do + RAWCHART=$CHART + case "$CHART" in + k8s-node-image) + SUBBUILDS="1-21 1-22 1-23 1-24" + ;; + k8s-node-image9) + SUBBUILDS="1-24 1-25 1-28" + ;; + *) + SUBBUILDS="latest" + ;; + esac + for SUBBUILD in $SUBBUILDS; do + if [ $SUBBUILD != "latest" ]; then + CHART=$RAWCHART-$SUBBUILD + fi + pushd "$CHART" + helm dep up --skip-refresh + FINGERPRINT=$((echo main + cat Chart.yaml | sort | awk '{if(/^(appVersion|version|name):/){print $2}}' | sed 'N;N; s/\([^\n]*\)\n\([^\n]*\)\n\([^n]*\)/\2 \3 \1/g' + echo deps + ls charts | sort | while read line; do + helm inspect chart charts/$line | sort | awk '{if(/^(appVersion|version|name):/){print $2}}' | sed 'N;N; s/\([^\n]*\)\n\([^\n]*\)\n\([^n]*\)/\2 \3 \1/g' + done) | bzip2 -c | base64 | tr '\n' '=' | sed 's/=//g') + VERSION=$(cat Chart.yaml | awk '{if(/^version:/){print $2}}') + popd + echo Version: $VERSION + echo Fingerprint: $FINGERPRINT + pushd charts + FOUND=0 + if [ -f "tags/$CHART-latest" ]; then + if [ "x$FINGERPRINT" == "x$(cat tags/$CHART-latest)" ]; then + FOUND=1 + echo $CHART already built. + fi + fi + if [ $FOUND -eq 0 ]; then + CHANGE=1 + echo $CHART building... + pushd docs/ + NEWVERSION="$VERSION" + if [ -f ../vers/$CHART-latest ]; then + echo Existing package found. Updating version. + OLDVERSION=$(cat ../vers/$CHART-latest) + MAJORVERSION=$(echo $OLDVERSION | awk -F . '{print $1}') + MINORVERSION=$(echo $OLDVERSION | awk -F . '{print $2}') + PATCHVERSION=$(echo $OLDVERSION | awk -F . '{print $3}') + NEWPATCHVERSION=$((PATCHVERSION + 1)) + NEWVERSION="$MAJORVERSION.$MINORVERSION.$NEWPATCHVERSION" + echo Old version: $OLDVERSION + echo New version: $NEWVERSION + sed -i "s/^version: .*/version: $NEWVERSION/" ../../$CHART/Chart.yaml + if [ "$SUBBUILD" == "latest" ]; then + if [ "$CHART" != "gitlab-runner-operator" -a "$CHART" != "tenant-namespace-operator" -a "$CHART" != "kubeupdater" -a "$CHART" != "grafana-misc-dashboards" -a "$CHART" != "magic-namespace" ]; then + sed -i "s/^appVersion: .*/appVersion: $NEWVERSION/" ../../$CHART/Chart.yaml + fi + fi + fi + helm package ../../$CHART + popd + echo "$FINGERPRINT" > "tags/$CHART-latest" + echo "$NEWVERSION" > "vers/$CHART-latest" + fi + popd + done +done + +pushd charts +if [ $CHANGE -eq 1 ]; then + pushd docs + helm repo index . + popd + git add --all :/ && git commit -m "Update repo" + git push https://pnnlmiscscriptsci:"$GITHUB_LIBRARY_CHARTS_TOKEN"@github.com/pnnl-miscscripts/charts +fi +popd + +popd diff --git a/charts/charts/chronyd/Chart.yaml b/charts/charts/chronyd/Chart.yaml new file mode 100644 index 0000000..e4abb7f --- /dev/null +++ b/charts/charts/chronyd/Chart.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +appVersion: "1.0" +description: Chronyd for Kubernetes +name: chronyd +version: 0.4.1 diff --git a/charts/charts/chronyd/README.md b/charts/charts/chronyd/README.md new file mode 100644 index 0000000..3bc1d86 --- /dev/null +++ b/charts/charts/chronyd/README.md @@ -0,0 +1,35 @@ +# Chronyd + +The chronyd chart launches chronyd on each node of the cluster. + + +## Install Chart + +To install the Chart into your Kubernetes cluster : + +```bash +kubectl create namespace chronyd +helm upgrade --install --namespace "chronyd" chronyd pnnl-miscscripts/chronyd -f chronyd-values.yaml +``` + +After installation succeeds, you can get a status of Chart + +```bash +helm status "chronyd" +``` + +If you want to delete your Chart, use this command: + +```bash +helm delete --purge "chronyd" +``` + +### Chronyd configuration +Set your chronyd config like: +```yaml +config: | + pool pool.ntp.org iburst maxsources 3 + rtcsync + driftfile /var/lib/chrony/drift +``` + diff --git a/charts/charts/chronyd/requirements.yaml b/charts/charts/chronyd/requirements.yaml new file mode 100644 index 0000000..1b9664f --- /dev/null +++ b/charts/charts/chronyd/requirements.yaml @@ -0,0 +1,4 @@ +dependencies: +- name: chronyd + version: 2.0.0 + repository: https://pnnl-miscscripts.github.io/image-library-charts/ diff --git a/charts/charts/chronyd/templates/_helpers.tpl b/charts/charts/chronyd/templates/_helpers.tpl new file mode 100644 index 0000000..c7b085b --- /dev/null +++ b/charts/charts/chronyd/templates/_helpers.tpl @@ -0,0 +1,32 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "pnnlmiscscripts.chronyd.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "pnnlmiscscripts.chronyd.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "pnnlmiscscripts.chronyd.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} diff --git a/charts/charts/chronyd/templates/configmap.yaml b/charts/charts/chronyd/templates/configmap.yaml new file mode 100644 index 0000000..e60a743 --- /dev/null +++ b/charts/charts/chronyd/templates/configmap.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "pnnlmiscscripts.chronyd.fullname" . }} + labels: + app: {{ template "pnnlmiscscripts.chronyd.name" . }} + chart: {{ template "pnnlmiscscripts.chronyd.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +data: + chrony.conf: | +{{ .Values.config | indent 4 }} diff --git a/charts/charts/chronyd/templates/daemonset.yaml b/charts/charts/chronyd/templates/daemonset.yaml new file mode 100644 index 0000000..8ab7987 --- /dev/null +++ b/charts/charts/chronyd/templates/daemonset.yaml @@ -0,0 +1,70 @@ +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: {{ template "pnnlmiscscripts.chronyd.fullname" . }} + labels: + app: {{ template "pnnlmiscscripts.chronyd.name" . }} + chart: {{ template "pnnlmiscscripts.chronyd.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + updateStrategy: + rollingUpdate: + maxUnavailable: 1 + type: RollingUpdate + replicas: {{ .Values.replicaCount }} + selector: + matchLabels: + app: {{ template "pnnlmiscscripts.chronyd.name" . }} + release: {{ .Release.Name }} + template: + metadata: + labels: + app: {{ template "pnnlmiscscripts.chronyd.name" . }} + release: {{ .Release.Name }} + spec: + containers: + - image: {{ dict "dot" . "section" .Values.image | include "pnnlmiscscripts.chronyd.image" }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + name: main + command: + - /bin/sh + - -xec + - | + [ -f /var/run/chronyd.pid ] && rm -f /var/run/chronyd.pid + /usr/sbin/chronyd -n + securityContext: + privileged: true + resources: +{{ toYaml .Values.resources | indent 10 }} + volumeMounts: + - mountPath: /var/lib/cronyd + name: state + - mountPath: /etc/chrony/chrony.conf + subPath: chrony.conf + name: config + dnsPolicy: ClusterFirst + hostNetwork: true + hostPID: true + hostIPC: true + restartPolicy: Always + serviceAccountName: {{ template "pnnlmiscscripts.chronyd.fullname" . }} + volumes: + - configMap: + name: {{ template "pnnlmiscscripts.chronyd.fullname" . }} + name: config + - hostPath: + path: /var/lib/chrony + name: state + {{- with .Values.nodeSelector }} + nodeSelector: +{{ toYaml . | indent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: +{{ toYaml . | indent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: +{{ toYaml . | indent 8 }} + {{- end }} diff --git a/charts/charts/chronyd/templates/rolebinding.yaml b/charts/charts/chronyd/templates/rolebinding.yaml new file mode 100644 index 0000000..4355764 --- /dev/null +++ b/charts/charts/chronyd/templates/rolebinding.yaml @@ -0,0 +1,19 @@ +{{- if .Values.rbac.create }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ template "pnnlmiscscripts.chronyd.fullname" . }} + labels: + app: {{ template "pnnlmiscscripts.chronyd.name" . }} + chart: {{ template "pnnlmiscscripts.chronyd.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ .Values.rbac.podSecurityPolicy }} +subjects: +- kind: ServiceAccount + name: {{ template "pnnlmiscscripts.chronyd.fullname" . }} + namespace: {{ .Release.Namespace }} +{{- end }} diff --git a/charts/charts/chronyd/templates/serviceaccount.yaml b/charts/charts/chronyd/templates/serviceaccount.yaml new file mode 100644 index 0000000..ef2ccf3 --- /dev/null +++ b/charts/charts/chronyd/templates/serviceaccount.yaml @@ -0,0 +1,11 @@ +{{- if .Values.rbac.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "pnnlmiscscripts.chronyd.fullname" . }} + labels: + app: {{ template "pnnlmiscscripts.chronyd.name" . }} + chart: {{ template "pnnlmiscscripts.chronyd.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +{{- end }} diff --git a/charts/charts/chronyd/values.yaml b/charts/charts/chronyd/values.yaml new file mode 100644 index 0000000..2f2713e --- /dev/null +++ b/charts/charts/chronyd/values.yaml @@ -0,0 +1,35 @@ +image: + pullPolicy: IfNotPresent + +rbac: + create: true + podSecurityPolicy: unrestricted-psp + +resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + +nodeSelector: {} + +tolerations: +- key: CriticalAddonsOnly + operator: Exists +- operator: Exists +- effect: NoSchedule + key: node-role.kubernetes.io/master + +affinity: {} + +config: | + pool pool.ntp.org iburst maxsources 3 + rtcsync + driftfile /var/lib/chrony/drift + diff --git a/charts/charts/console/.helmignore b/charts/charts/console/.helmignore new file mode 100644 index 0000000..f0c1319 --- /dev/null +++ b/charts/charts/console/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/charts/charts/console/Chart.yaml b/charts/charts/console/Chart.yaml new file mode 100644 index 0000000..1768c69 --- /dev/null +++ b/charts/charts/console/Chart.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +appVersion: 1.0.1 +version: 1.0.1 +description: Console access from Kubernetes. Adds IPMI Support. +name: console +keywords: +- console +- ipmi +sources: +- https://github.com/pnnl-miscscripts/miscscripts diff --git a/charts/charts/console/README.md b/charts/charts/console/README.md new file mode 100644 index 0000000..af5398e --- /dev/null +++ b/charts/charts/console/README.md @@ -0,0 +1,47 @@ +# Console + +The Console chart spawns a pod per console you have in your cluster. + +Currently, the only driver is ipmitool. + + +## Install Chart + +To install the Chart into your Kubernetes cluster : + +```bash +helm install --namespace "console" --name "console" pnnl-miscscripts/console +``` + +After installation succeeds, you can get a status of Chart + +```bash +helm status "console" +``` + +If you want to delete your Chart, use this command: + +```bash +helm delete --purge "console" +``` + +### Console configuration + +Add your hosts to the host list like: +```yaml +hosts: +- host: p1 + ip: 192.168.1.20 + secret: ipmi +- host: p2 + ip: 192.168.1.21 + secret: ipmi +``` + +Where host is the name for the host. Ip is the ipmi bmc's ip or hostname. Secret is a Kubernetes secret in the same namespace with key username = ipmi username and password = ipmi password. + +For example, to create a secret named ipmi that can be used with this chart: +```bash +kubectl create secret generic ipmi --namespace console --from-literal=username=ADMIN --from-literal=password=ADMIN +``` + diff --git a/charts/charts/console/requirements.yaml b/charts/charts/console/requirements.yaml new file mode 100644 index 0000000..922bc50 --- /dev/null +++ b/charts/charts/console/requirements.yaml @@ -0,0 +1,4 @@ +dependencies: +- name: ipmitool + version: 2.0.0 + repository: https://pnnl-miscscripts.github.io/image-library-charts/ diff --git a/charts/charts/console/templates/NOTES.txt b/charts/charts/console/templates/NOTES.txt new file mode 100644 index 0000000..dacebb6 --- /dev/null +++ b/charts/charts/console/templates/NOTES.txt @@ -0,0 +1,26 @@ +Load a script onto your client to attach to the console by pasting this into a terminal: + +cat > console.sh <<'EOF' +#!/bin/bash +kubectl attach -it $(kubectl get pods -l "host=$1" -o go-template='{{"{{"}}(index .items 0).metadata.name{{"}}"}}' -n "{{ .Release.Namespace }}") -n "{{ .Release.Namespace }}" +EOF +chmod +x console.sh + +cat > ipmi.sh <<'EOF' +#!/bin/bash +HOST="$1" +shift +kubectl exec -it $(kubectl get pods -l "host=$HOST" -o go-template='{{(index .items 0).metadata.name}}' -n console) -n console -- ipmitool "$@" +EOF +chmod +x ipmi.sh + +To use it to get into a console: + +./console.sh + +To ipmi manage a machine: + +./ipmi.sh power status +./ipmi.sh chassis bootdev pxe +./ipmi.sh power on +./ipmi.sh power off diff --git a/charts/charts/console/templates/_helpers.tpl b/charts/charts/console/templates/_helpers.tpl new file mode 100644 index 0000000..1ae4af7 --- /dev/null +++ b/charts/charts/console/templates/_helpers.tpl @@ -0,0 +1,32 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "console.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "console.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "console.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} diff --git a/charts/charts/console/templates/deployment.yaml b/charts/charts/console/templates/deployment.yaml new file mode 100644 index 0000000..389688f --- /dev/null +++ b/charts/charts/console/templates/deployment.yaml @@ -0,0 +1,73 @@ +{{- $global := . }} +{{- range .Values.hosts }} +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ .host }}-{{ template "console.fullname" $global }} + labels: + app: {{ template "console.name" $global }} + chart: {{ template "console.chart" $global }} + release: {{ $global.Release.Name }} + heritage: {{ $global.Release.Service }} + host: {{ .host }} + driver: ipmitool +spec: + replicas: 1 + selector: + matchLabels: + app: {{ template "console.name" $global }} + release: {{ $global.Release.Name }} + host: {{ .host }} + template: + metadata: + labels: + app: {{ template "console.name" $global }} + release: {{ $global.Release.Name }} + host: {{ .host }} + driver: ipmitool + spec: + hostNetwork: true + containers: + - name: main + image: {{ dict "dot" $global "section" $global.Values.ipmitool | include "pnnlmiscscripts.ipmitool.image" }} + imagePullPolicy: {{ $global.Values.ipmitool.pullPolicy }} + env: + - name: IPMI_USER + valueFrom: + secretKeyRef: + name: {{ .secret }} + key: username + - name: IPMI_PASSWORD + valueFrom: + secretKeyRef: + name: {{ .secret }} + key: password + - name: IPMI_HOST + value: {{ .ip }} + stdin: true + tty: true + command: + - /bin/sh + - -cex + - | + mkdir -p /usr/local/sbin/ + echo IyEvYmluL3NoCg== | base64 -d > /usr/local/sbin/ipmitool + echo 'exec /usr/sbin/ipmitool -H "$IPMI_HOST" -U "$IPMI_USER" -E -I lanplus "$@"' >> /usr/local/sbin/ipmitool + chmod +x /usr/local/sbin/ipmitool + /usr/local/sbin/ipmitool sol activate + resources: +{{ toYaml $global.Values.resources | indent 12 }} + {{- with $global.Values.nodeSelector }} + nodeSelector: +{{ toYaml . | indent 8 }} + {{- end }} + {{- with $global.Values.affinity }} + affinity: +{{ toYaml . | indent 8 }} + {{- end }} + {{- with $global.Values.tolerations }} + tolerations: +{{ toYaml . | indent 8 }} + {{- end }} +{{- end }} diff --git a/charts/charts/console/values.yaml b/charts/charts/console/values.yaml new file mode 100644 index 0000000..d13208d --- /dev/null +++ b/charts/charts/console/values.yaml @@ -0,0 +1,37 @@ +# Default values for console. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +ipmitool: + server: + prefix: + org: + repo: + tag: + pullPolicy: IfNotPresent + +resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + +nodeSelector: {} + +tolerations: [] +#- key: node-role.kubernetes.io/master +# operator: Exists +# effect: NoSchedule + +affinity: {} + +hosts: [] +#- host: +# ip: +# secret: diff --git a/charts/charts/dhcpd/Chart.yaml b/charts/charts/dhcpd/Chart.yaml new file mode 100644 index 0000000..fc972df --- /dev/null +++ b/charts/charts/dhcpd/Chart.yaml @@ -0,0 +1,8 @@ +name: dhcpd +version: 0.4.0 +description: Super simple dhcp setup +keywords: +- dhcp +- dhcpd +sources: +- https://github.com/pnnl-miscscripts/miscscripts diff --git a/charts/charts/dhcpd/README.md b/charts/charts/dhcpd/README.md new file mode 100644 index 0000000..e53ccf6 --- /dev/null +++ b/charts/charts/dhcpd/README.md @@ -0,0 +1,53 @@ +# DHCPD + +The DHCPD chart launches a simple dhcpd server for your bare metal cluster. + + +## Install Chart + +To install the Chart into your Kubernetes cluster : + +```bash +helm install --namespace "dhcpd" --name "dhcpd" pnnl-miscscripts/dhcpd -f dhcpd-values.yaml +``` + +After installation succeeds, you can get a status of Chart + +```bash +helm status "dhcpd" +``` + +If you want to delete your Chart, use this command: + +```bash +helm delete --purge "dhcpd" +``` + +### DHCPD configuration +Set your interface(s) like: +```yaml +interfaces: ['eth0'] +``` + +Add your subnets to the subnets list like: +```yaml +config: + subnets: + - start: 172.22.0.0 + netmask: 255.255.255.0 +``` + +Setup a group and add your hosts like: +```yaml +config: + groups: + - domainName: example.com + domainNameServers: [172.22.0.1] + routers: [172.22.0.1] + subnetMask: 255.255.255.0 + hosts: + - name: c1 + mac: 00:01:02:aa:bb:cc + ip: 172.22.0.3 +``` + diff --git a/charts/charts/dhcpd/requirements.yaml b/charts/charts/dhcpd/requirements.yaml new file mode 100644 index 0000000..2f9f8d3 --- /dev/null +++ b/charts/charts/dhcpd/requirements.yaml @@ -0,0 +1,4 @@ +dependencies: +- name: dhcpd + version: 2.0.0 + repository: https://pnnl-miscscripts.github.io/image-library-charts/ diff --git a/charts/charts/dhcpd/templates/_helpers.tpl b/charts/charts/dhcpd/templates/_helpers.tpl new file mode 100644 index 0000000..0444c30 --- /dev/null +++ b/charts/charts/dhcpd/templates/_helpers.tpl @@ -0,0 +1,32 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "pnnlmiscscripts.dhcp-full.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "pnnlmiscscripts.dhcp-full.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "pnnlmiscscripts.dhcp-full.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} diff --git a/charts/charts/dhcpd/templates/configmap.yaml b/charts/charts/dhcpd/templates/configmap.yaml new file mode 100644 index 0000000..c4c9de1 --- /dev/null +++ b/charts/charts/dhcpd/templates/configmap.yaml @@ -0,0 +1,40 @@ +{{- if .Values.config.manage }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "pnnlmiscscripts.dhcp-full.fullname" . }} + labels: + heritage: {{ .Release.Service | quote }} + release: {{ .Release.Name | quote }} + chart: {{ template "pnnlmiscscripts.dhcp-full.chart" . }} + app: {{ template "pnnlmiscscripts.dhcp-full.name" . }} +data: + dhcpd.conf: | + default-lease-time {{ .Values.config.defaultLeaseTime }}; + max-lease-time {{ .Values.config.maxLeaseTime }}; + + ddns-update-style {{ .Values.config.ddnsUpdateStyle }}; + +{{- range .Values.config.subnets }} + subnet {{ .start }} netmask {{ .netmask }} { +{{- if hasKey . "rangeStart" }} + range {{ .rangeStart }} {{ .rangeEnd }}; +{{- end }} + } +{{- end }} + +{{- range .Values.config.groups }} + group { + option routers {{ join ", " .routers }}; + option domain-name "{{ .domainName }}"; + option domain-name-servers {{ join ", " .domainNameServers }}; + option subnet-mask {{ join ", " .subnetMask }}; +{{- range .hosts }} + host {{ .name }} { + hardware ethernet {{ .mac }}; + fixed-address {{ .ip }}; + } +{{- end }} + } +{{- end }} +{{- end }} diff --git a/charts/charts/dhcpd/templates/daemonset.yaml b/charts/charts/dhcpd/templates/daemonset.yaml new file mode 100644 index 0000000..3ad7bf5 --- /dev/null +++ b/charts/charts/dhcpd/templates/daemonset.yaml @@ -0,0 +1,68 @@ +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: {{ template "pnnlmiscscripts.dhcp-full.fullname" . }} + labels: + heritage: {{ .Release.Service | quote }} + release: {{ .Release.Name | quote }} + chart: {{ template "pnnlmiscscripts.dhcp-full.chart" . }} + app: {{ template "pnnlmiscscripts.dhcp-full.name" . }} +spec: + selector: + matchLabels: + release: {{ .Release.Name | quote }} + app: {{ template "pnnlmiscscripts.dhcp-full.name" . }} + updateStrategy: + type: RollingUpdate + template: + metadata: + labels: + release: {{ .Release.Name | quote }} + app: {{ template "pnnlmiscscripts.dhcp-full.name" . }} + annotations: + checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum | quote }} + spec: + hostNetwork: true + containers: + - name: main + image: {{ dict "dot" . "section" .Values.dhcpd | include "pnnlmiscscripts.dhcpd.image" }} + imagePullPolicy: {{ .Values.dhcpd.imagePullPolicy }} + securityContext: + capabilities: + add: ["NET_ADMIN"] + command: + - /bin/sh + - -ec + - | + touch /var/lib/dhcp/dhcpd.leases + chown daemon.daemon /var/lib/dhcp/dhcpd.leases + chown daemon.daemon /var/lib/dhcp + chown daemon.daemon /var/run/dhcp + dhcpd -cf /etc/dhcp/dhcpd.conf -d -user daemon -group daemon {{ join " " .Values.interfaces }} + resources: +{{ toYaml .Values.resources | indent 10 }} +#FIXME this and pixiecore block each other.... +# ports: +# - containerPort: 67 +# name: dhcp +# protocol: UDP + volumeMounts: + - name: config + mountPath: /etc/dhcp + volumes: + - name: config + configMap: + name: {{ template "pnnlmiscscripts.dhcp-full.fullname" . }} + + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/charts/charts/dhcpd/values.yaml b/charts/charts/dhcpd/values.yaml new file mode 100644 index 0000000..66820fe --- /dev/null +++ b/charts/charts/dhcpd/values.yaml @@ -0,0 +1,37 @@ +dhcpd: + imagePullPolicy: IfNotPresent + +resources: {} +interfaces: [] + +config: + manage: true + + defaultLeaseTime: 600 + maxLeaseTime: 7200 + ddnsUpdateStyle: none + + subnets: + - start: 172.22.0.0 + netmask: 255.255.255.0 +#FIXME rangeStart/End should not be used until pv support is added. +# rangeStart: 192.168.0.100 +# rangeEnd: 192.168.0.254 + groups: + - domainName: example.com + domainNameServers: [172.22.0.1] + routers: [172.22.0.1] + subnetMask: 255.255.255.0 + hosts: + - name: c1 + mac: 00:01:02:aa:bb:cc + ip: 172.22.0.3 + +nodeSelector: {} + +tolerations: [] +#- key: node-role.kubernetes.io/master +# operator: Exists +# effect: NoSchedule + +affinity: {} diff --git a/charts/charts/gitlab-runner-operator/.helmignore b/charts/charts/gitlab-runner-operator/.helmignore new file mode 100644 index 0000000..0e8a0eb --- /dev/null +++ b/charts/charts/gitlab-runner-operator/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/charts/charts/gitlab-runner-operator/Chart.yaml b/charts/charts/gitlab-runner-operator/Chart.yaml new file mode 100644 index 0000000..9d96c7d --- /dev/null +++ b/charts/charts/gitlab-runner-operator/Chart.yaml @@ -0,0 +1,27 @@ +apiVersion: v2 +name: gitlab-runner-operator +description: A Helm chart for Kubernetes + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +version: 0.1.5 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. +appVersion: 0.1.3-1 + +keywords: +- gitlab +- gitlab-runner +- runner +- gitlab-runner-operator diff --git a/charts/charts/gitlab-runner-operator/README.md b/charts/charts/gitlab-runner-operator/README.md new file mode 100644 index 0000000..d4b81fb --- /dev/null +++ b/charts/charts/gitlab-runner-operator/README.md @@ -0,0 +1,72 @@ +# gitlab-runner-operator + +The gitlab-runner-operator chart launches an instance of the gitlab-runner-operator allowing you to quickly deploy gitlab-runners in a Kubernetes native way. + + +## Install Chart + +Apply the CRD's if not already done so: +```bash +kubectl apply -f https://raw.githubusercontent.com/pnnl-miscscripts/miscscripts/master/containers/gitlab-runner-operator/deploy/crds/miscscripts.pnnl.gov_clustergitlabrunnerflavors_crd.yaml +kubectl apply -f https://raw.githubusercontent.com/pnnl-miscscripts/miscscripts/master/containers/gitlab-runner-operator/deploy/crds/miscscripts.pnnl.gov_gitlabrunners_crd.yaml +``` + +To install the Chart into your Kubernetes cluster (Helm 3 only) : + +```bash +kubectl create namespace gitlab-runner-operator +helm upgrade --install gitlab-runner-operator --namespace "gitlab-runner-operator" pnnl-miscscripts/gitlab-runner-operator +``` + +After installation succeeds, you can get a status of Chart + +```bash +helm status "gitlab-runner-operator" --namespace "gitlab-runner-operator" +``` + +If you want to delete your Chart, use this command: + +```bash +helm delete "gitlab-runner-operator" +``` + +### Usage +You can create a cluster wide gitlab flavor like: +```yaml +apiVersion: miscscripts.pnnl.gov/v1beta1 +kind: ClusterGitlabRunnerFlavor +metadata: + name: example +spec: + gitlabUrl: http://localhost:8080 + unregisterRunners: true +``` + +To deploy a runner, you may do so like: +```yaml +apiVersion: miscscripts.pnnl.gov/v1beta1 +kind: GitlabRunner +metadata: + name: example +spec: + flavorRef: + name: example + kind: ClusterGitlabRunnerFlavor + group: miscscripts.pnnl.gov + runners: + tags: foo,bar + secret: example +``` + +When a flavorRef is specified, settings in the flavor are added to the Runner. The Runner config overrides the flavor config. + +The content of the spec in both ClusterGitlabRunnerFlavor and GitlabRunner is values as specified here: +``` +https://gitlab.com/gitlab-org/charts/gitlab-runner/blob/master/values.yaml +``` + +It is highly recommended that you don't include the gitlab runner token in the CR but upload it as its own secret and specify it to the GitlabRunner CR as above. +Upload the secret like: +```bash +kubectl create secret generic example --from-literal=runner-registration-token= --from-literal=runner-token="" +``` diff --git a/charts/charts/gitlab-runner-operator/templates/_helpers.tpl b/charts/charts/gitlab-runner-operator/templates/_helpers.tpl new file mode 100644 index 0000000..1398293 --- /dev/null +++ b/charts/charts/gitlab-runner-operator/templates/_helpers.tpl @@ -0,0 +1,62 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "gitlab-runner-operator.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "gitlab-runner-operator.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "gitlab-runner-operator.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "gitlab-runner-operator.labels" -}} +helm.sh/chart: {{ include "gitlab-runner-operator.chart" . }} +{{ include "gitlab-runner-operator.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "gitlab-runner-operator.selectorLabels" -}} +app.kubernetes.io/name: {{ include "gitlab-runner-operator.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "gitlab-runner-operator.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "gitlab-runner-operator.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} diff --git a/charts/charts/gitlab-runner-operator/templates/clusterrole.yaml b/charts/charts/gitlab-runner-operator/templates/clusterrole.yaml new file mode 100644 index 0000000..6b69fdd --- /dev/null +++ b/charts/charts/gitlab-runner-operator/templates/clusterrole.yaml @@ -0,0 +1,15 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "gitlab-runner-operator.fullname" . }}-fl + labels: +{{ include "gitlab-runner-operator.labels" . | nindent 4 }} +rules: +- apiGroups: + - miscscripts.pnnl.gov + resources: + - 'clustergitlabrunnerflavors' + verbs: + - get + - list + - watch diff --git a/charts/charts/gitlab-runner-operator/templates/clusterrolebinding.yaml b/charts/charts/gitlab-runner-operator/templates/clusterrolebinding.yaml new file mode 100644 index 0000000..d79603a --- /dev/null +++ b/charts/charts/gitlab-runner-operator/templates/clusterrolebinding.yaml @@ -0,0 +1,14 @@ +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ include "gitlab-runner-operator.fullname" . }}-fl + labels: +{{ include "gitlab-runner-operator.labels" . | nindent 4 }} +subjects: +- kind: ServiceAccount + name: {{ include "gitlab-runner-operator.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} +roleRef: + kind: ClusterRole + name: {{ include "gitlab-runner-operator.fullname" . }}-fl + apiGroup: rbac.authorization.k8s.io diff --git a/charts/charts/gitlab-runner-operator/templates/deployment.yaml b/charts/charts/gitlab-runner-operator/templates/deployment.yaml new file mode 100644 index 0000000..4d77ee2 --- /dev/null +++ b/charts/charts/gitlab-runner-operator/templates/deployment.yaml @@ -0,0 +1,70 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "gitlab-runner-operator.fullname" . }} + labels: + {{- include "gitlab-runner-operator.labels" . | nindent 4 }} +spec: + replicas: {{ .Values.replicaCount }} + selector: + matchLabels: + {{- include "gitlab-runner-operator.selectorLabels" . | nindent 6 }} + template: + metadata: + {{- with .Values.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "gitlab-runner-operator.selectorLabels" . | nindent 8 }} + spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "gitlab-runner-operator.serviceAccountName" . }} + securityContext: + {{- toYaml .Values.podSecurityContext | nindent 8 }} + containers: + - name: main + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + volumeMounts: + - mountPath: /tmp/ansible-operator/runner + name: runner + resources: + {{- toYaml .Values.resources | nindent 12 }} + env: + - name: WATCH_NAMESPACE +{{- if eq .Values.mode "cluster" }} + value: "" +{{- else if ne .Values.mode "cluster" }} + valueFrom: + fieldRef: + fieldPath: metadata.namespace +{{- end }} + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: OPERATOR_NAME + value: "gitlab-runner-operator" + - name: ANSIBLE_GATHERING + value: explicit + volumes: + - name: runner + emptyDir: {} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/charts/charts/gitlab-runner-operator/templates/flavor-clusterrole.yaml b/charts/charts/gitlab-runner-operator/templates/flavor-clusterrole.yaml new file mode 100644 index 0000000..d084711 --- /dev/null +++ b/charts/charts/gitlab-runner-operator/templates/flavor-clusterrole.yaml @@ -0,0 +1,17 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: clustergitlabrunnerflavors-edit +rules: +- apiGroups: + - miscscripts.pnnl.gov + resources: + - clustergitlabrunnerflavors + verbs: + - get + - list + - watch + - create + - update + - patch + - delete diff --git a/charts/charts/gitlab-runner-operator/templates/role.yaml b/charts/charts/gitlab-runner-operator/templates/role.yaml new file mode 100644 index 0000000..6963d7b --- /dev/null +++ b/charts/charts/gitlab-runner-operator/templates/role.yaml @@ -0,0 +1,81 @@ +apiVersion: rbac.authorization.k8s.io/v1 +{{- if eq .Values.mode "cluster" }} +kind: ClusterRole +{{- else if eq .Values.mode "cluster" }} +kind: Role +{{- end }} +metadata: + name: {{ include "gitlab-runner-operator.fullname" . }} + labels: +{{ include "gitlab-runner-operator.labels" . | nindent 4 }} +rules: +- apiGroups: + - "" + resources: + - pods + - services + - services/finalizers + - endpoints + - events + - configmaps + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - apps + resources: + - deployments + - replicasets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - monitoring.coreos.com + resources: + - servicemonitors + verbs: + - get + - create +- apiGroups: + - apps + resourceNames: + - gitlab-runner-operator + resources: + - deployments/finalizers + verbs: + - update +- apiGroups: + - "" + resources: + - pods + verbs: + - get +- apiGroups: + - apps + resources: + - replicasets + - deployments + verbs: + - get +- apiGroups: + - miscscripts.pnnl.gov + resources: + - '*' + verbs: + - create + - delete + - get + - list + - patch + - update + - watch diff --git a/charts/charts/gitlab-runner-operator/templates/rolebinding.yaml b/charts/charts/gitlab-runner-operator/templates/rolebinding.yaml new file mode 100644 index 0000000..b09eb9b --- /dev/null +++ b/charts/charts/gitlab-runner-operator/templates/rolebinding.yaml @@ -0,0 +1,24 @@ +apiVersion: rbac.authorization.k8s.io/v1 +{{- if eq .Values.mode "cluster" }} +kind: ClusterRoleBinding +{{- else if eq .Values.mode "cluster" }} +kind: RoleBinding +{{- end }} +metadata: + name: {{ include "gitlab-runner-operator.fullname" . }} + labels: +{{ include "gitlab-runner-operator.labels" . | nindent 4 }} +subjects: +- kind: ServiceAccount + name: {{ include "gitlab-runner-operator.serviceAccountName" . }} +{{- if eq .Values.mode "cluster" }} + namespace: {{ .Release.Namespace }} +{{- end }} +roleRef: +{{- if eq .Values.mode "cluster" }} + kind: ClusterRole +{{- else if eq .Values.mode "cluster" }} + kind: Role +{{- end}} + name: {{ include "gitlab-runner-operator.fullname" . }} + apiGroup: rbac.authorization.k8s.io diff --git a/charts/charts/gitlab-runner-operator/templates/runner-clusterrole.yaml b/charts/charts/gitlab-runner-operator/templates/runner-clusterrole.yaml new file mode 100644 index 0000000..54bd37c --- /dev/null +++ b/charts/charts/gitlab-runner-operator/templates/runner-clusterrole.yaml @@ -0,0 +1,23 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: gitlabrunner-edit + labels: +{{- if .Values.rbac.aggregate }} + # Add these permissions to the "admin" and "edit" default roles. + rbac.authorization.k8s.io/aggregate-to-admin: "true" + rbac.authorization.k8s.io/aggregate-to-edit: "true" +{{- end }} +rules: +- apiGroups: + - miscscripts.pnnl.gov + resources: + - gitlabrunners + verbs: + - get + - list + - watch + - create + - update + - patch + - delete diff --git a/charts/charts/gitlab-runner-operator/templates/serviceaccount.yaml b/charts/charts/gitlab-runner-operator/templates/serviceaccount.yaml new file mode 100644 index 0000000..113c638 --- /dev/null +++ b/charts/charts/gitlab-runner-operator/templates/serviceaccount.yaml @@ -0,0 +1,12 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "gitlab-runner-operator.serviceAccountName" . }} + labels: + {{- include "gitlab-runner-operator.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/charts/charts/gitlab-runner-operator/values.yaml b/charts/charts/gitlab-runner-operator/values.yaml new file mode 100644 index 0000000..549c0ba --- /dev/null +++ b/charts/charts/gitlab-runner-operator/values.yaml @@ -0,0 +1,61 @@ +# Default values for gitlab-runner-operator. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +mode: cluster # or namespaced. Note, only cluster is currently been tested. + +rbac: + # Allow admin/edit roles to create runners without extra bindings. + aggregate: true + +replicaCount: 1 + +image: + repository: pnnlmiscscripts/gitlab-runner-operator + pullPolicy: IfNotPresent + # Overrides the image tag whose default is the chart appVersion. + tag: "" + +imagePullSecrets: [] +nameOverride: "" +fullnameOverride: "" + +serviceAccount: + # Specifies whether a service account should be created + create: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + +podAnnotations: {} + +podSecurityContext: {} + # fsGroup: 2000 + +securityContext: {} + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsNonRoot: true + # runAsUser: 1000 + +resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + +nodeSelector: {} + +tolerations: [] + +affinity: {} diff --git a/charts/charts/grafana-misc-dashboards/Chart.yaml b/charts/charts/grafana-misc-dashboards/Chart.yaml new file mode 100644 index 0000000..22759bb --- /dev/null +++ b/charts/charts/grafana-misc-dashboards/Chart.yaml @@ -0,0 +1,21 @@ +apiVersion: v2 +name: grafana-misc-dashboards +description: A Helm chart for Kubernetes + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +version: 0.3.0 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. +appVersion: 0.3.0 diff --git a/charts/charts/grafana-misc-dashboards/files/ipmi.json b/charts/charts/grafana-misc-dashboards/files/ipmi.json new file mode 100644 index 0000000..dcba663 --- /dev/null +++ b/charts/charts/grafana-misc-dashboards/files/ipmi.json @@ -0,0 +1,669 @@ +{ + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": "-- Grafana --", + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "type": "dashboard" + } + ] + }, + "editable": true, + "gnetId": null, + "graphTooltip": 0, + "id": 26, + "links": [], + "panels": [ + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 8, + "w": 12, + "x": 0, + "y": 0 + }, + "hiddenSeries": false, + "id": 2, + "interval": "", + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "options": { + "dataLinks": [] + }, + "percentage": false, + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "{__name__=~\"ipmi_.*_state\", type != \"Entity Presence\", name != \"TPM Presence\"} == 2", + "hide": false, + "legendFormat": "{{ instance }} {{ __name__ }}", + "refId": "A" + }, + { + "expr": "{__name__=~\"ipmi_.*_state\", __name__ != \"ipmi_chassis_power_state\"} == 1", + "hide": false, + "legendFormat": "{{ instance }}", + "refId": "B" + }, + { + "expr": "up{job=\"ipmi-exporter\"} < 1", + "legendFormat": "{{ instance }}", + "refId": "C" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "IPMI Problems", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "cacheTimeout": null, + "columns": [], + "datasource": null, + "fontSize": "100%", + "gridPos": { + "h": 8, + "w": 12, + "x": 12, + "y": 0 + }, + "id": 10, + "links": [], + "options": {}, + "pageSize": null, + "pluginVersion": "6.5.2", + "showHeader": true, + "sort": { + "col": 0, + "desc": true + }, + "styles": [ + { + "alias": "Time", + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "pattern": "Time", + "type": "date" + }, + { + "alias": "", + "colorMode": null, + "colors": [ + "rgba(245, 54, 54, 0.9)", + "rgba(237, 129, 40, 0.89)", + "rgba(50, 172, 45, 0.97)" + ], + "decimals": 2, + "pattern": "/.*/", + "thresholds": [], + "type": "number", + "unit": "short" + } + ], + "targets": [ + { + "expr": "ipmi_up != 1", + "instant": false, + "legendFormat": "{{ collector }}: {{ instance }}", + "refId": "A" + } + ], + "timeFrom": null, + "timeShift": null, + "title": "Collectors not collecting", + "transform": "timeseries_aggregations", + "type": "table" + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 8, + "w": 12, + "x": 0, + "y": 8 + }, + "hiddenSeries": false, + "id": 12, + "interval": "", + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "options": { + "dataLinks": [] + }, + "percentage": false, + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "rate(node_edac_uncorrectable_errors_total[1m])", + "legendFormat": "Uncorrectable: {{ instance }}", + "refId": "A" + }, + { + "expr": "rate(node_edac_correctable_errors_total[1m])", + "legendFormat": "Correctable: {{ instance }}", + "refId": "B" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Memory ECC Errors", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 8, + "w": 12, + "x": 12, + "y": 8 + }, + "hiddenSeries": false, + "id": 14, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "options": { + "dataLinks": [] + }, + "percentage": false, + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + {} + ], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "(ipmi_temperature_celsius * 9/5) + 32", + "hide": false, + "legendFormat": "{{ instance }} - {{ name }}", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Temperature", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "fahrenheit", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 8, + "w": 12, + "x": 0, + "y": 16 + }, + "hiddenSeries": false, + "id": 6, + "interval": "", + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "options": { + "dataLinks": [] + }, + "percentage": false, + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + { + "alias": "/SLOW.*/", + "color": "#C4162A", + "zindex": 3 + } + ], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "avg without(pod)(ipmi_fan_speed_rpm) > 1500", + "hide": false, + "legendFormat": "{{ instance }} {{ name }}", + "refId": "A" + }, + { + "expr": "avg without(pod)(ipmi_fan_speed_rpm) <= 1500", + "legendFormat": "SLOW {{ instance}} {{name}}", + "refId": "B" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Fan Speeds", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": null, + "format": "short", + "label": "RPM", + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 8, + "w": 12, + "x": 12, + "y": 16 + }, + "hiddenSeries": false, + "id": 4, + "interval": "", + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "options": { + "dataLinks": [] + }, + "percentage": false, + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "avg without(pod)(ipmi_dcmi_power_consumption_watts)", + "legendFormat": "{{ instance }}", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Power in Watts", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": null, + "format": "watt", + "label": null, + "logBase": 1, + "max": null, + "min": "0", + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 8, + "w": 12, + "x": 0, + "y": 24 + }, + "hiddenSeries": false, + "id": 8, + "interval": "", + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "options": { + "dataLinks": [] + }, + "percentage": false, + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "avg without(pod) (ipmi_sel_free_space_bytes)", + "legendFormat": "{{ instance }}", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "SEL Log free space", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": null, + "format": "decbytes", + "label": "", + "logBase": 1, + "max": null, + "min": "0", + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + } + ], + "schemaVersion": 21, + "style": "dark", + "tags": [], + "templating": { + "list": [] + }, + "time": { + "from": "now-24h", + "to": "now" + }, + "timepicker": { + "refresh_intervals": [ + "5s", + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ] + }, + "timezone": "", + "title": "Hardware", + "uid": "mlHx1iWGk", + "version": 7 +} diff --git a/charts/charts/grafana-misc-dashboards/files/pvc-usage.json b/charts/charts/grafana-misc-dashboards/files/pvc-usage.json new file mode 100644 index 0000000..47bb7a8 --- /dev/null +++ b/charts/charts/grafana-misc-dashboards/files/pvc-usage.json @@ -0,0 +1,167 @@ +{ + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": "-- Grafana --", + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "type": "dashboard" + } + ] + }, + "editable": true, + "gnetId": null, + "graphTooltip": 0, + "id": 33, + "iteration": 1595539648117, + "links": [], + "panels": [ + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 14, + "w": 24, + "x": 0, + "y": 0 + }, + "hiddenSeries": false, + "id": 2, + "interval": "", + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "options": { + "dataLinks": [] + }, + "percentage": false, + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "((kubelet_volume_stats_capacity_bytes{job=\"kubelet\",metrics_path=\"/metrics\",namespace=\"$namespace\"} - kubelet_volume_stats_available_bytes{job=\"kubelet\",metrics_path=\"/metrics\",namespace=\"$namespace\"})\n / kubelet_volume_stats_capacity_bytes{job=\"kubelet\",metrics_path=\"/metrics\",namespace=\"$namespace\"})", + "legendFormat": "{{ namespace }} - {{ persistentvolumeclaim }}", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Percent of Persistent Volume Used", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": null, + "format": "percentunit", + "label": null, + "logBase": 1, + "max": "1", + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + } + ], + "refresh": false, + "schemaVersion": 21, + "style": "dark", + "tags": [], + "templating": { + "list": [ + { + "allValue": null, + "current": { + "text": "default", + "value": "default" + }, + "datasource": "Prometheus", + "definition": "label_values(kubelet_volume_stats_available_bytes, namespace)", + "hide": 0, + "includeAll": false, + "label": "Namespace", + "multi": false, + "name": "namespace", + "options": [], + "query": "label_values(kubelet_volume_stats_available_bytes, namespace)", + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "sort": 1, + "tagValuesQuery": "", + "tags": [], + "tagsQuery": "", + "type": "query", + "useTags": false + } + ] + }, + "time": { + "from": "now-7d", + "to": "now" + }, + "timepicker": { + "refresh_intervals": [ + "5s", + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ] + }, + "timezone": "", + "title": "Kubernetes / Persistent Volume Utilization (Namespace)", + "uid": "CRQi1zVMk", + "version": 2 +} diff --git a/charts/charts/grafana-misc-dashboards/files/utilization.json b/charts/charts/grafana-misc-dashboards/files/utilization.json new file mode 100644 index 0000000..bea91a1 --- /dev/null +++ b/charts/charts/grafana-misc-dashboards/files/utilization.json @@ -0,0 +1,1053 @@ +{ + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": "-- Grafana --", + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "type": "dashboard" + } + ] + }, + "editable": true, + "gnetId": null, + "graphTooltip": 0, + "id": 31, + "iteration": 1593558747484, + "links": [], + "panels": [ + { + "cacheTimeout": null, + "columns": [ + { + "text": "Max", + "value": "max" + } + ], + "datasource": null, + "fontSize": "100%", + "gridPos": { + "h": 8, + "w": 12, + "x": 0, + "y": 0 + }, + "id": 19, + "interval": "", + "links": [], + "options": {}, + "pageSize": null, + "pluginVersion": "6.5.2", + "showHeader": true, + "sort": { + "col": 0, + "desc": true + }, + "styles": [ + { + "alias": "Time", + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "pattern": "Time", + "type": "date" + }, + { + "alias": "", + "colorMode": null, + "colors": [ + "rgba(245, 54, 54, 0.9)", + "rgba(237, 129, 40, 0.89)", + "rgba(50, 172, 45, 0.97)" + ], + "decimals": 3, + "pattern": "/.*/", + "thresholds": [], + "type": "number", + "unit": "short" + } + ], + "targets": [ + { + "expr": "max(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\", namespace=\"$namespace\", container!=\"\"}\n * on(namespace,pod)\n group_left(workload, workload_type) mixin_pod_workload{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}) by (container)", + "legendFormat": "{{ container }}", + "refId": "A" + } + ], + "timeFrom": null, + "timeShift": null, + "title": "MAX CPU Utilization In Cores", + "transform": "timeseries_aggregations", + "type": "table" + }, + { + "cacheTimeout": null, + "columns": [ + { + "text": "Max", + "value": "max" + } + ], + "datasource": null, + "fontSize": "100%", + "gridPos": { + "h": 8, + "w": 12, + "x": 12, + "y": 0 + }, + "id": 21, + "links": [], + "options": {}, + "pageSize": null, + "pluginVersion": "6.5.2", + "showHeader": true, + "sort": { + "col": 0, + "desc": true + }, + "styles": [ + { + "alias": "Time", + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "pattern": "Time", + "type": "date" + }, + { + "alias": "", + "colorMode": null, + "colors": [ + "rgba(245, 54, 54, 0.9)", + "rgba(237, 129, 40, 0.89)", + "rgba(50, 172, 45, 0.97)" + ], + "decimals": 2, + "pattern": "/.*/", + "thresholds": [], + "type": "number", + "unit": "decbytes" + } + ], + "targets": [ + { + "expr": "max(container_memory_working_set_bytes{cluster=\"$cluster\", namespace=\"$namespace\", container!=\"\"}\n * on(namespace,pod)\n group_left(workload, workload_type) mixin_pod_workload{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}) by (container)", + "legendFormat": "{{container}}", + "refId": "A" + } + ], + "timeFrom": null, + "timeShift": null, + "title": "MAX Memory Utilization", + "transform": "timeseries_aggregations", + "type": "table" + }, + { + "collapsed": false, + "datasource": null, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 8 + }, + "id": 14, + "panels": [], + "repeat": null, + "title": "CPU Usage", + "type": "row" + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 24, + "x": 0, + "y": 9 + }, + "hiddenSeries": false, + "id": 1, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "null as zero", + "options": { + "dataLinks": [] + }, + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(\n node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\", namespace=\"$namespace\"}\n * on(namespace,pod)\n group_left(workload, workload_type) mixin_pod_workload{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{pod}}", + "legendLink": null, + "refId": "A", + "step": 10 + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "CPU Usage", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "collapsed": false, + "datasource": null, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 16 + }, + "id": 15, + "panels": [], + "repeat": null, + "title": "CPU Quota", + "type": "row" + }, + { + "aliasColors": {}, + "bars": false, + "columns": [], + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fontSize": "100%", + "gridPos": { + "h": 7, + "w": 24, + "x": 0, + "y": 17 + }, + "id": 2, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "null as zero", + "options": {}, + "pageSize": null, + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "showHeader": true, + "sort": { + "col": 2, + "desc": true + }, + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "styles": [ + { + "alias": "Time", + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "pattern": "Time", + "type": "hidden" + }, + { + "alias": "CPU Usage", + "colorMode": null, + "colors": [], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #A", + "thresholds": [], + "type": "number", + "unit": "short" + }, + { + "alias": "CPU Requests", + "colorMode": null, + "colors": [], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #B", + "thresholds": [], + "type": "number", + "unit": "short" + }, + { + "alias": "CPU Requests %", + "colorMode": null, + "colors": [], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #C", + "thresholds": [], + "type": "number", + "unit": "percentunit" + }, + { + "alias": "CPU Limits", + "colorMode": null, + "colors": [], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #D", + "thresholds": [], + "type": "number", + "unit": "short" + }, + { + "alias": "CPU Limits %", + "colorMode": null, + "colors": [], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #E", + "thresholds": [], + "type": "number", + "unit": "percentunit" + }, + { + "alias": "Pod", + "colorMode": null, + "colors": [], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": true, + "linkTooltip": "Drill down", + "linkUrl": "./d/6581e46e4e5c7ba40a07646395ef7b23/k8s-resources-pod?var-datasource=$datasource&var-cluster=$cluster&var-namespace=$namespace&var-pod=$__cell", + "pattern": "pod", + "thresholds": [], + "type": "number", + "unit": "short" + }, + { + "alias": "", + "colorMode": null, + "colors": [], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "pattern": "/.*/", + "thresholds": [], + "type": "string", + "unit": "short" + } + ], + "targets": [ + { + "expr": "sum(\n node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\", namespace=\"$namespace\"}\n * on(namespace,pod)\n group_left(workload, workload_type) mixin_pod_workload{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "A", + "step": 10 + }, + { + "expr": "sum(\n kube_pod_container_resource_requests_cpu_cores{cluster=\"$cluster\", namespace=\"$namespace\"}\n * on(namespace,pod)\n group_left(workload, workload_type) mixin_pod_workload{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "B", + "step": 10 + }, + { + "expr": "sum(\n node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\", namespace=\"$namespace\"}\n * on(namespace,pod)\n group_left(workload, workload_type) mixin_pod_workload{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n/sum(\n kube_pod_container_resource_requests_cpu_cores{cluster=\"$cluster\", namespace=\"$namespace\"}\n * on(namespace,pod)\n group_left(workload, workload_type) mixin_pod_workload{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "C", + "step": 10 + }, + { + "expr": "sum(\n kube_pod_container_resource_limits_cpu_cores{cluster=\"$cluster\", namespace=\"$namespace\"}\n * on(namespace,pod)\n group_left(workload, workload_type) mixin_pod_workload{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "D", + "step": 10 + }, + { + "expr": "sum(\n node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\", namespace=\"$namespace\"}\n * on(namespace,pod)\n group_left(workload, workload_type) mixin_pod_workload{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n/sum(\n kube_pod_container_resource_limits_cpu_cores{cluster=\"$cluster\", namespace=\"$namespace\"}\n * on(namespace,pod)\n group_left(workload, workload_type) mixin_pod_workload{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "E", + "step": 10 + } + ], + "thresholds": [], + "timeFrom": null, + "timeShift": null, + "title": "CPU Quota", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "transform": "table", + "type": "table", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + }, + { + "collapsed": false, + "datasource": null, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 24 + }, + "id": 16, + "panels": [], + "repeat": null, + "title": "Memory Usage", + "type": "row" + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 24, + "x": 0, + "y": 25 + }, + "hiddenSeries": false, + "id": 3, + "interval": "", + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "null as zero", + "options": { + "dataLinks": [] + }, + "percentage": false, + "pluginVersion": "6.5.2", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": " container_memory_working_set_bytes{cluster=\"$cluster\", namespace=\"$namespace\", container!=\"\"}\n * on(namespace,pod)\n group_left(workload, workload_type) mixin_pod_workload{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}", + "format": "time_series", + "hide": false, + "intervalFactor": 2, + "legendFormat": "{{pod}} {{container}}", + "legendLink": null, + "refId": "A", + "step": 10 + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Memory Usage", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "bytes", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "collapsed": false, + "datasource": null, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 32 + }, + "id": 17, + "panels": [], + "repeat": null, + "title": "Memory Quota", + "type": "row" + }, + { + "aliasColors": {}, + "bars": false, + "columns": [], + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fontSize": "100%", + "gridPos": { + "h": 7, + "w": 24, + "x": 0, + "y": 33 + }, + "id": 4, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "null as zero", + "options": {}, + "pageSize": null, + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "showHeader": true, + "sort": { + "col": 0, + "desc": true + }, + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "styles": [ + { + "alias": "Time", + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "pattern": "Time", + "type": "hidden" + }, + { + "alias": "Memory Usage", + "colorMode": null, + "colors": [], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #A", + "thresholds": [], + "type": "number", + "unit": "bytes" + }, + { + "alias": "Memory Requests", + "colorMode": null, + "colors": [], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #B", + "thresholds": [], + "type": "number", + "unit": "bytes" + }, + { + "alias": "Memory Requests %", + "colorMode": null, + "colors": [], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #C", + "thresholds": [], + "type": "number", + "unit": "percentunit" + }, + { + "alias": "Memory Limits", + "colorMode": null, + "colors": [], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #D", + "thresholds": [], + "type": "number", + "unit": "bytes" + }, + { + "alias": "Memory Limits %", + "colorMode": null, + "colors": [], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #E", + "thresholds": [], + "type": "number", + "unit": "percentunit" + }, + { + "alias": "Pod", + "colorMode": null, + "colors": [], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": true, + "linkTooltip": "Drill down", + "linkUrl": "./d/6581e46e4e5c7ba40a07646395ef7b23/k8s-resources-pod?var-datasource=$datasource&var-cluster=$cluster&var-namespace=$namespace&var-pod=$__cell", + "pattern": "pod", + "thresholds": [], + "type": "number", + "unit": "short" + }, + { + "alias": "", + "colorMode": null, + "colors": [], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "pattern": "/.*/", + "thresholds": [], + "type": "string", + "unit": "short" + } + ], + "targets": [ + { + "expr": "sum(\n container_memory_working_set_bytes{cluster=\"$cluster\", namespace=\"$namespace\", container!=\"\"}\n * on(namespace,pod)\n group_left(workload, workload_type) mixin_pod_workload{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "A", + "step": 10 + }, + { + "expr": "sum(\n kube_pod_container_resource_requests_memory_bytes{cluster=\"$cluster\", namespace=\"$namespace\"}\n * on(namespace,pod)\n group_left(workload, workload_type) mixin_pod_workload{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "B", + "step": 10 + }, + { + "expr": "sum(\n container_memory_working_set_bytes{cluster=\"$cluster\", namespace=\"$namespace\", container!=\"\"}\n * on(namespace,pod)\n group_left(workload, workload_type) mixin_pod_workload{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n/sum(\n kube_pod_container_resource_requests_memory_bytes{cluster=\"$cluster\", namespace=\"$namespace\"}\n * on(namespace,pod)\n group_left(workload, workload_type) mixin_pod_workload{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "C", + "step": 10 + }, + { + "expr": "sum(\n kube_pod_container_resource_limits_memory_bytes{cluster=\"$cluster\", namespace=\"$namespace\"}\n * on(namespace,pod)\n group_left(workload, workload_type) mixin_pod_workload{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "D", + "step": 10 + }, + { + "expr": "sum(\n container_memory_working_set_bytes{cluster=\"$cluster\", namespace=\"$namespace\", container!=\"\"}\n * on(namespace,pod)\n group_left(workload, workload_type) mixin_pod_workload{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n/sum(\n kube_pod_container_resource_limits_memory_bytes{cluster=\"$cluster\", namespace=\"$namespace\"}\n * on(namespace,pod)\n group_left(workload, workload_type) mixin_pod_workload{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "E", + "step": 10 + } + ], + "thresholds": [], + "timeFrom": null, + "timeShift": null, + "title": "Instantaneous Memory Quota", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "transform": "table", + "type": "table", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "refresh": "", + "schemaVersion": 21, + "style": "dark", + "tags": [], + "templating": { + "list": [ + { + "current": { + "selected": true, + "tags": [], + "text": "Prometheus", + "value": "Prometheus" + }, + "hide": 0, + "includeAll": false, + "label": null, + "multi": false, + "name": "datasource", + "options": [], + "query": "prometheus", + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "type": "datasource" + }, + { + "allValue": null, + "current": { + "isNone": true, + "selected": false, + "text": "None", + "value": "" + }, + "datasource": "$datasource", + "definition": "", + "hide": 2, + "includeAll": false, + "label": "cluster", + "multi": false, + "name": "cluster", + "options": [], + "query": "label_values(kube_pod_info, cluster)", + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "sort": 2, + "tagValuesQuery": "", + "tags": [], + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "allValue": null, + "current": { + "tags": [], + "text": "kube-system", + "value": "kube-system" + }, + "datasource": "$datasource", + "definition": "", + "hide": 0, + "includeAll": false, + "label": "namespace", + "multi": false, + "name": "namespace", + "options": [], + "query": "label_values(kube_pod_info{cluster=\"$cluster\"}, namespace)", + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "sort": 2, + "tagValuesQuery": "", + "tags": [], + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "allValue": null, + "current": { + "tags": [], + "text": "canal", + "value": "canal" + }, + "datasource": "$datasource", + "definition": "", + "hide": 0, + "includeAll": false, + "label": "workload", + "multi": false, + "name": "workload", + "options": [], + "query": "label_values(mixin_pod_workload{cluster=\"$cluster\", namespace=\"$namespace\"}, workload)", + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "sort": 2, + "tagValuesQuery": "", + "tags": [], + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "allValue": null, + "current": { + "text": "daemonset", + "value": "daemonset" + }, + "datasource": "$datasource", + "definition": "", + "hide": 0, + "includeAll": false, + "label": "type", + "multi": false, + "name": "type", + "options": [], + "query": "label_values(mixin_pod_workload{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\"}, workload_type)", + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "sort": 2, + "tagValuesQuery": "", + "tags": [], + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "allValue": null, + "auto": false, + "auto_count": 30, + "auto_min": "10s", + "current": { + "selected": true, + "text": "4h", + "value": "4h" + }, + "datasource": "$datasource", + "hide": 2, + "includeAll": false, + "label": null, + "multi": false, + "name": "interval", + "options": [ + { + "selected": true, + "text": "4h", + "value": "4h" + } + ], + "query": "4h", + "refresh": 2, + "regex": "", + "skipUrlSync": false, + "sort": 1, + "tagValuesQuery": "", + "tags": [], + "tagsQuery": "", + "type": "interval", + "useTags": false + } + ] + }, + "time": { + "from": "now-3h", + "to": "now" + }, + "timepicker": { + "refresh_intervals": [ + "5s", + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ], + "time_options": [ + "5m", + "15m", + "1h", + "6h", + "12h", + "24h", + "2d", + "7d", + "30d" + ] + }, + "timezone": "", + "title": "Kubernetes / Compute Resources / Utilization (Namespaced)", + "uid": "6LDZmMGMz", + "version": 4 +} diff --git a/charts/charts/grafana-misc-dashboards/templates/_helpers.tpl b/charts/charts/grafana-misc-dashboards/templates/_helpers.tpl new file mode 100644 index 0000000..8b0a6fd --- /dev/null +++ b/charts/charts/grafana-misc-dashboards/templates/_helpers.tpl @@ -0,0 +1,52 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "grafana-misc-dashboards.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "grafana-misc-dashboards.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "grafana-misc-dashboards.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Common labels +*/}} +{{- define "grafana-misc-dashboards.labels" -}} +helm.sh/chart: {{ include "grafana-misc-dashboards.chart" . }} +{{ include "grafana-misc-dashboards.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end -}} + +{{/* +Selector labels +*/}} +{{- define "grafana-misc-dashboards.selectorLabels" -}} +app.kubernetes.io/name: {{ include "grafana-misc-dashboards.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end -}} diff --git a/charts/charts/grafana-misc-dashboards/templates/ipmi-configmap.yaml b/charts/charts/grafana-misc-dashboards/templates/ipmi-configmap.yaml new file mode 100644 index 0000000..735bb8d --- /dev/null +++ b/charts/charts/grafana-misc-dashboards/templates/ipmi-configmap.yaml @@ -0,0 +1,19 @@ +{{- if .Values.ipmi.enabled -}} +{{- $fullName := include "grafana-misc-dashboards.fullname" . -}} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "grafana-misc-dashboards.fullname" . }}-ipmi + labels: + {{- include "grafana-misc-dashboards.labels" . | nindent 4 }} + {{- with .Values.extraLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.extraAnnotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +data: + {{ include "grafana-misc-dashboards.fullname" . }}-ipmi.json: |- + {{- .Files.Get "files/ipmi.json" | nindent 4 }} +{{- end }} diff --git a/charts/charts/grafana-misc-dashboards/templates/pvc-usage-configmap.yaml b/charts/charts/grafana-misc-dashboards/templates/pvc-usage-configmap.yaml new file mode 100644 index 0000000..a1d45b1 --- /dev/null +++ b/charts/charts/grafana-misc-dashboards/templates/pvc-usage-configmap.yaml @@ -0,0 +1,19 @@ +{{- if .Values.pvcUsage.enabled -}} +{{- $fullName := include "grafana-misc-dashboards.fullname" . -}} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "grafana-misc-dashboards.fullname" . }}-pvc-usage + labels: + {{- include "grafana-misc-dashboards.labels" . | nindent 4 }} + {{- with .Values.extraLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.extraAnnotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +data: + {{ include "grafana-misc-dashboards.fullname" . }}-pvc-usage.json: |- + {{- .Files.Get "files/pvc-usage.json" | nindent 4 }} +{{- end }} diff --git a/charts/charts/grafana-misc-dashboards/templates/utilization-configmap.yaml b/charts/charts/grafana-misc-dashboards/templates/utilization-configmap.yaml new file mode 100644 index 0000000..fb839a9 --- /dev/null +++ b/charts/charts/grafana-misc-dashboards/templates/utilization-configmap.yaml @@ -0,0 +1,19 @@ +{{- if .Values.utilization.enabled -}} +{{- $fullName := include "grafana-misc-dashboards.fullname" . -}} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "grafana-misc-dashboards.fullname" . }}-utilization + labels: + {{- include "grafana-misc-dashboards.labels" . | nindent 4 }} + {{- with .Values.extraLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.extraAnnotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +data: + {{ include "grafana-misc-dashboards.fullname" . }}-utilization.json: |- + {{- .Files.Get "files/utilization.json" | nindent 4 }} +{{- end }} diff --git a/charts/charts/grafana-misc-dashboards/values.yaml b/charts/charts/grafana-misc-dashboards/values.yaml new file mode 100644 index 0000000..756e2d0 --- /dev/null +++ b/charts/charts/grafana-misc-dashboards/values.yaml @@ -0,0 +1,17 @@ +# Default values for grafana-misc-dashboards. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +utilization: + enabled: false +pvcUsage: + enabled: false +ipmi: + enabled: false + +nameOverride: "" +fullnameOverride: "" + +extraLabels: {} +# grafana_dashboard: "1" +extraAnnotations: {} diff --git a/charts/charts/ipmi-exporter/.helmignore b/charts/charts/ipmi-exporter/.helmignore new file mode 100644 index 0000000..0e8a0eb --- /dev/null +++ b/charts/charts/ipmi-exporter/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/charts/charts/ipmi-exporter/Chart.yaml b/charts/charts/ipmi-exporter/Chart.yaml new file mode 100644 index 0000000..12d75d3 --- /dev/null +++ b/charts/charts/ipmi-exporter/Chart.yaml @@ -0,0 +1,21 @@ +apiVersion: v1 +name: ipmi-exporter +description: A Helm chart for Kubernetes + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +version: 0.1.1 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. +appVersion: 0.1.1 diff --git a/charts/charts/ipmi-exporter/README.md b/charts/charts/ipmi-exporter/README.md new file mode 100644 index 0000000..0f7d76a --- /dev/null +++ b/charts/charts/ipmi-exporter/README.md @@ -0,0 +1,31 @@ +# ipmi-exporter chart + +This chart allows you to deploy the ipmi exporter. + +## Install Chart + +To install the Chart into your Kubernetes cluster: + +```bash +helm install --namespace prometheus --name "ipmi-exporter" pnnl-miscscripts/ipmi-exporter" +``` + +After installation succeeds, you can get a status of Chart + +```bash +helm status "ipmi-exporter" +``` + +If you want to delete your Chart, use this command: + +```bash +helm delete "ipmi-expoerter" +``` + +## Configuration +set the value config: with any configuration as described here: +https://github.com/soundcloud/ipmi_exporter#configuration + +An example is provided here: +https://github.com/soundcloud/ipmi_exporter/blob/master/ipmi_remote.yml + diff --git a/charts/charts/ipmi-exporter/requirements.yaml b/charts/charts/ipmi-exporter/requirements.yaml new file mode 100644 index 0000000..70219ae --- /dev/null +++ b/charts/charts/ipmi-exporter/requirements.yaml @@ -0,0 +1,4 @@ +dependencies: +- name: ipmi-exporter + version: 2.0.0 + repository: https://pnnl-miscscripts.github.io/image-library-charts/ diff --git a/charts/charts/ipmi-exporter/templates/NOTES.txt b/charts/charts/ipmi-exporter/templates/NOTES.txt new file mode 100644 index 0000000..f2e0dd2 --- /dev/null +++ b/charts/charts/ipmi-exporter/templates/NOTES.txt @@ -0,0 +1,21 @@ +1. Get the application URL by running these commands: +{{- if .Values.ingress.enabled }} +{{- range $host := .Values.ingress.hosts }} + {{- range .paths }} + http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ . }} + {{- end }} +{{- end }} +{{- else if contains "NodePort" .Values.service.type }} + export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "pnnlmiscscripts.ipmi-exporter-full.fullname" . }}) + export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") + echo http://$NODE_IP:$NODE_PORT +{{- else if contains "LoadBalancer" .Values.service.type }} + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "pnnlmiscscripts.ipmi-exporter-full.fullname" . }}' + export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "pnnlmiscscripts.ipmi-exporter-full.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") + echo http://$SERVICE_IP:{{ .Values.service.port }} +{{- else if contains "ClusterIP" .Values.service.type }} + export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "pnnlmiscscripts.ipmi-exporter-full.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") + echo "Visit http://127.0.0.1:8080 to use your application" + kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:9290 +{{- end }} diff --git a/charts/charts/ipmi-exporter/templates/_helpers.tpl b/charts/charts/ipmi-exporter/templates/_helpers.tpl new file mode 100644 index 0000000..8202808 --- /dev/null +++ b/charts/charts/ipmi-exporter/templates/_helpers.tpl @@ -0,0 +1,63 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "pnnlmiscscripts.ipmi-exporter-full.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "pnnlmiscscripts.ipmi-exporter-full.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "pnnlmiscscripts.ipmi-exporter-full.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Common labels +*/}} +{{- define "pnnlmiscscripts.ipmi-exporter-full.labels" -}} +helm.sh/chart: {{ include "pnnlmiscscripts.ipmi-exporter-full.chart" . }} +{{ include "pnnlmiscscripts.ipmi-exporter-full.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end -}} + +{{/* +Selector labels +*/}} +{{- define "pnnlmiscscripts.ipmi-exporter-full.selectorLabels" -}} +app.kubernetes.io/name: {{ include "pnnlmiscscripts.ipmi-exporter-full.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end -}} + +{{/* +Create the name of the service account to use +*/}} +{{- define "pnnlmiscscripts.ipmi-exporter-full.serviceAccountName" -}} +{{- if .Values.serviceAccount.create -}} + {{ default (include "pnnlmiscscripts.ipmi-exporter-full.fullname" .) .Values.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.serviceAccount.name }} +{{- end -}} +{{- end -}} diff --git a/charts/charts/ipmi-exporter/templates/deployment.yaml b/charts/charts/ipmi-exporter/templates/deployment.yaml new file mode 100644 index 0000000..886ffdf --- /dev/null +++ b/charts/charts/ipmi-exporter/templates/deployment.yaml @@ -0,0 +1,68 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "pnnlmiscscripts.ipmi-exporter-full.fullname" . }} + labels: + {{- include "pnnlmiscscripts.ipmi-exporter-full.labels" . | nindent 4 }} +spec: + replicas: {{ .Values.replicaCount }} + selector: + matchLabels: + {{- include "pnnlmiscscripts.ipmi-exporter-full.selectorLabels" . | nindent 6 }} + template: + metadata: + annotations: + checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum | quote }} + labels: + {{- include "pnnlmiscscripts.ipmi-exporter-full.selectorLabels" . | nindent 8 }} + spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "pnnlmiscscripts.ipmi-exporter-full.serviceAccountName" . }} + securityContext: + {{- toYaml .Values.podSecurityContext | nindent 8 }} + containers: + - name: {{ .Chart.Name }} + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + image: {{ dict "dot" . "section" .Values.ipmiExporter | include "pnnlmiscscripts.ipmi-exporter.image" }} + imagePullPolicy: {{ .Values.ipmiExporter.imagePullPolicy }} + command: + - /usr/bin/ipmi_exporter + - --config.file + - /etc/ipmi-exporter/ipmi.yaml + ports: + - name: http + containerPort: 9290 + protocol: TCP + livenessProbe: + httpGet: + path: / + port: http + readinessProbe: + httpGet: + path: / + port: http + resources: + {{- toYaml .Values.resources | nindent 12 }} + volumeMounts: + - name: config + mountPath: /etc/ipmi-exporter + volumes: + - name: config + secret: + secretName: {{ template "pnnlmiscscripts.ipmi-exporter-full.fullname" . }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/charts/charts/ipmi-exporter/templates/ingress.yaml b/charts/charts/ipmi-exporter/templates/ingress.yaml new file mode 100644 index 0000000..74e884a --- /dev/null +++ b/charts/charts/ipmi-exporter/templates/ingress.yaml @@ -0,0 +1,43 @@ +{{- if .Values.ingress.enabled -}} +{{- $fullName := include "pnnlmiscscripts.ipmi-exporter-full.fullname" . -}} +{{- $svcPort := .Values.service.port -}} +{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1 +{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1beta1 +{{- else -}} +apiVersion: extensions/v1beta1 +{{- end }} +kind: Ingress +metadata: + name: {{ $fullName }} + labels: + {{- include "pnnlmiscscripts.ipmi-exporter-full.labels" . | nindent 4 }} + {{- with .Values.ingress.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: +{{- if .Values.ingress.tls }} + tls: + {{- range .Values.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ . | quote }} + {{- end }} + secretName: {{ .secretName }} + {{- end }} +{{- end }} + rules: + {{- range .Values.ingress.hosts }} + - host: {{ .host | quote }} + http: + paths: + {{- range .paths }} + - path: {{ . }} + backend: + serviceName: {{ $fullName }} + servicePort: {{ $svcPort }} + {{- end }} + {{- end }} +{{- end }} diff --git a/charts/charts/ipmi-exporter/templates/secret.yaml b/charts/charts/ipmi-exporter/templates/secret.yaml new file mode 100644 index 0000000..c8beffb --- /dev/null +++ b/charts/charts/ipmi-exporter/templates/secret.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "pnnlmiscscripts.ipmi-exporter-full.fullname" . }} + labels: + {{- include "pnnlmiscscripts.ipmi-exporter-full.labels" . | nindent 4 }} +data: + ipmi.yaml: {{ toYaml .Values.config | b64enc }} diff --git a/charts/charts/ipmi-exporter/templates/service.yaml b/charts/charts/ipmi-exporter/templates/service.yaml new file mode 100644 index 0000000..67db487 --- /dev/null +++ b/charts/charts/ipmi-exporter/templates/service.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "pnnlmiscscripts.ipmi-exporter-full.fullname" . }} + labels: + {{- include "pnnlmiscscripts.ipmi-exporter-full.labels" . | nindent 4 }} +spec: + type: {{ .Values.service.type }} + ports: + - port: {{ .Values.service.port }} + targetPort: http + protocol: TCP + name: http + selector: + {{- include "pnnlmiscscripts.ipmi-exporter-full.selectorLabels" . | nindent 4 }} diff --git a/charts/charts/ipmi-exporter/templates/serviceaccount.yaml b/charts/charts/ipmi-exporter/templates/serviceaccount.yaml new file mode 100644 index 0000000..1b15309 --- /dev/null +++ b/charts/charts/ipmi-exporter/templates/serviceaccount.yaml @@ -0,0 +1,12 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "pnnlmiscscripts.ipmi-exporter-full.serviceAccountName" . }} + labels: + {{- include "pnnlmiscscripts.ipmi-exporter-full.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end -}} diff --git a/charts/charts/ipmi-exporter/values.yaml b/charts/charts/ipmi-exporter/values.yaml new file mode 100644 index 0000000..2df54da --- /dev/null +++ b/charts/charts/ipmi-exporter/values.yaml @@ -0,0 +1,85 @@ +# Default values for ipmi-exporter. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +replicaCount: 1 + +ipmiExporter: + imagePullPolicy: IfNotPresent + +config: + modules: + default: + user: "default_user" + pass: "example_pw" + driver: "LAN_2_0" + privilege: "user" + # The session timeout is in milliseconds. Note that a scrape can take up + # to (session-timeout * #-of-collectors) milliseconds, so set the scrape + # timeout in Prometheus accordingly. + timeout: 10000 + collectors: + - bmc + - ipmi + - chassis + - dcmi + - sel + +imagePullSecrets: [] +nameOverride: "" +fullnameOverride: "" + +serviceAccount: + # Specifies whether a service account should be created + create: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: + +podSecurityContext: {} + # fsGroup: 2000 + +securityContext: {} + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsNonRoot: true + # runAsUser: 1000 + +service: + type: ClusterIP + port: 80 + +ingress: + enabled: false + annotations: {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + hosts: + - host: chart-example.local + paths: [/] + tls: [] + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + +resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + +nodeSelector: {} + +tolerations: [] + +affinity: {} diff --git a/charts/charts/k8s-node-image/.helmignore b/charts/charts/k8s-node-image/.helmignore new file mode 100644 index 0000000..0e8a0eb --- /dev/null +++ b/charts/charts/k8s-node-image/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/charts/charts/k8s-node-image/Chart.yaml b/charts/charts/k8s-node-image/Chart.yaml new file mode 100644 index 0000000..3c6e2f7 --- /dev/null +++ b/charts/charts/k8s-node-image/Chart.yaml @@ -0,0 +1,13 @@ +apiVersion: v2 +appVersion: "1.0" +description: A Helm chart for Kubernetes +type: application +name: k8s-node-image +version: 0.2.0 +dependencies: +- name: k8s-node-image-nginx-1-14 + version: 2.0.0 + repository: https://pnnl-miscscripts.github.io/image-library-charts/ +- name: anaconda-nginx + version: 2.0.0 + repository: https://pnnl-miscscripts.github.io/image-library-charts/ diff --git a/charts/charts/k8s-node-image/README.md b/charts/charts/k8s-node-image/README.md new file mode 100644 index 0000000..ed51668 --- /dev/null +++ b/charts/charts/k8s-node-image/README.md @@ -0,0 +1,35 @@ +# K8S Node Image + +The k8s-node-image chart provides a a standalone image useful for installing +bare metal nodes that can form a k8s cluster. + +This can be used in conjunction with pixiecore and dhcpd. + +## Dependencies + +This chart requires nginx-ingress 0.22.0 or higher in the default config. To +support older nginx-ingress, set ingress.regex=false. + +For other ingress controllers, you will need to annotate as needed to get +rewriting to happen appropriately for your ingress controller. + +## Install Chart + +To install the Chart into your Kubernetes cluster : + +```bash +helm install --namespace "k8s-node-image" pnnl-miscscripts/k8s-node-image +``` + +After installation succeeds, you can get a status of Chart + +```bash +helm status +``` + +If you want to delete your Chart, use this command: + +```bash +helm delete --purge +``` + diff --git a/charts/charts/k8s-node-image/templates/NOTES.txt b/charts/charts/k8s-node-image/templates/NOTES.txt new file mode 100644 index 0000000..ad29a5a --- /dev/null +++ b/charts/charts/k8s-node-image/templates/NOTES.txt @@ -0,0 +1,21 @@ +{{- $dot := . }} +{{- $prefix := include "pnnlmiscscripts.k8s-node-image-full.ingress.prefix" . }} +Contact information + +{{- range .Values.ingress.hosts }} +{{- if . }} +Repo: +http://{{ . }}{{ $prefix }} +Kernel: +http://{{ . }}{{ $prefix }}/vmlinuz +Initrd: +http://{{ . }}{{ $prefix }}/initrd.img +{{- else }} +Repo: +http://xx.xx.xx.xx{{ $prefix }} +Kernel: +http://xx.xx.xx.xx{{ $prefix }}/vmlinuz +Initrd: +http://xx.xx.xx.xx{{ $prefix }}/initrd.img +{{- end }} +{{- end }} diff --git a/charts/charts/k8s-node-image/templates/_helpers.tpl b/charts/charts/k8s-node-image/templates/_helpers.tpl new file mode 100644 index 0000000..3287edb --- /dev/null +++ b/charts/charts/k8s-node-image/templates/_helpers.tpl @@ -0,0 +1,102 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "pnnlmiscscripts.k8s-node-image-full.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "pnnlmiscscripts.k8s-node-image-full.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "pnnlmiscscripts.k8s-node-image-full.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{- define "pnnlmiscscripts.k8s-node-image-full.anaconda.fullname" -}} +{{- $f := include "pnnlmiscscripts.k8s-node-image-full.fullname" . }} +{{- $f | trunc 59 | trimSuffix "-" -}}-ana +{{- end -}} + +{{- define "pnnlmiscscripts.k8s-node-image-full.k8s-node.fullname" -}} +{{- $f := include "pnnlmiscscripts.k8s-node-image-full.fullname" . }} +{{- $f | trunc 58 | trimSuffix "-" -}}-node +{{- end -}} + +{{- define "pnnlmiscscripts.k8s-node-image-full.ingress.regex" -}} +{{- if gt (len .suffix) 0 }} + {{- if eq .type "d" }} + {{- printf "%s/(%s$|%s/.*)" .prefix .suffix .suffix }} + {{- else }} + {{- printf "%s/(%s$)" .prefix .suffix }} + {{- end }} +{{- else }} + {{- printf "%s/?(.*)$" .prefix }} +{{- end }} +{{- end -}} + +{{- define "pnnlmiscscripts.k8s-node-image-full.ingress.noregex" -}} +{{- if gt (len .suffix) 0 }} + {{- printf "%s/%s" .prefix .suffix }} +{{- else }} + {{- printf "%s/" .prefix }} +{{- end }} +{{- end -}} + +{{- define "pnnlmiscscripts.k8s-node-image-full.ingress.prefix" -}} +{{- if .Values.ingress.enableVersionPrefix -}} +{{- $tag := dict "dot" . "section" .Values.k8sNode.image | include (printf "%s.tag" .Values.k8sNode.prefix) -}} +{{- printf "%s/%s" .Values.ingress.prefix $tag -}} +{{- else }} +{{- .Values.ingress.prefix -}} +{{- end }} +{{- end }} + +{{/* +takes dot, prefix, suffix, and type. type can be either f or d. +*/}} +{{- define "pnnlmiscscripts.k8s-node-image-full.ingress" -}} +{{- if .dot.Values.ingress.regex }} +{{- include "pnnlmiscscripts.k8s-node-image-full.ingress.regex" . }} +{{- else }} +{{- include "pnnlmiscscripts.k8s-node-image-full.ingress.noregex" . }} +{{- end }} +{{- end -}} + +{{/* +Common labels +*/}} +{{- define "pnnlmiscscripts.k8s-node-image-full.labels" -}} +helm.sh/chart: {{ include "pnnlmiscscripts.k8s-node-image-full.chart" . }} +{{ include "pnnlmiscscripts.k8s-node-image-full.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "pnnlmiscscripts.k8s-node-image-full.selectorLabels" -}} +app.kubernetes.io/name: {{ include "pnnlmiscscripts.k8s-node-image-full.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} \ No newline at end of file diff --git a/charts/charts/k8s-node-image/templates/anaconda-deployment.yaml b/charts/charts/k8s-node-image/templates/anaconda-deployment.yaml new file mode 100644 index 0000000..5d9daea --- /dev/null +++ b/charts/charts/k8s-node-image/templates/anaconda-deployment.yaml @@ -0,0 +1,66 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "pnnlmiscscripts.k8s-node-image-full.anaconda.fullname" . }} + labels: + {{- include "pnnlmiscscripts.k8s-node-image-full.labels" . | nindent 4 }} + app.kubernetes.io/component: anaconda + svc: anaconda +spec: + replicas: {{ .Values.replicaCount }} + selector: + matchLabels: + {{- include "pnnlmiscscripts.k8s-node-image-full.selectorLabels" . | nindent 6 }} + svc: anaconda + template: + metadata: + {{- with .Values.anaconda.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "pnnlmiscscripts.k8s-node-image-full.selectorLabels" . | nindent 8 }} + svc: anaconda + spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + containers: + - name: main + command: ["nginx", "-g", "daemon off;"] + image: {{ dict "dot" . "section" (index .Values "anaconda").image | include "pnnlmiscscripts.anaconda-nginx.image" }} + imagePullPolicy: {{ .Values.anaconda.image.pullPolicy }} + ports: + - name: http + containerPort: 80 + protocol: TCP + lifecycle: + preStop: + exec: + command: + - /bin/sh + - -c + - nginx -s quit + livenessProbe: + httpGet: + path: / + port: http + readinessProbe: + httpGet: + path: / + port: http + resources: + {{- toYaml .Values.resources | nindent 12 }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/charts/charts/k8s-node-image/templates/anaconda-pdb.yaml b/charts/charts/k8s-node-image/templates/anaconda-pdb.yaml new file mode 100644 index 0000000..1d898a6 --- /dev/null +++ b/charts/charts/k8s-node-image/templates/anaconda-pdb.yaml @@ -0,0 +1,17 @@ +{{- if (gt (.Values.replicaCount | int) 1) }} +apiVersion: {{ ternary "policy/v1" "policy/v1beta1" (semverCompare ">=1.21.0-0" .Capabilities.KubeVersion.Version) }} +kind: PodDisruptionBudget +metadata: + labels: + {{- include "pnnlmiscscripts.k8s-node-image-full.labels" . | nindent 4 }} + app.kubernetes.io/component: anaconda + svc: anaconda + name: {{ include "pnnlmiscscripts.k8s-node-image-full.anaconda.fullname" . }} + namespace: {{ .Release.Namespace }} +spec: + selector: + matchLabels: + {{- include "pnnlmiscscripts.k8s-node-image-full.selectorLabels" . | nindent 6 }} + svc: anaconda + minAvailable: {{ .Values.minAvailable }} +{{- end }} \ No newline at end of file diff --git a/charts/charts/k8s-node-image/templates/anaconda-service.yaml b/charts/charts/k8s-node-image/templates/anaconda-service.yaml new file mode 100644 index 0000000..c52e554 --- /dev/null +++ b/charts/charts/k8s-node-image/templates/anaconda-service.yaml @@ -0,0 +1,18 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "pnnlmiscscripts.k8s-node-image-full.anaconda.fullname" . }} + labels: + {{- include "pnnlmiscscripts.k8s-node-image-full.labels" . | nindent 4 }} + app.kubernetes.io/component: anaconda + svc: anaconda +spec: + type: {{ .Values.anaconda.service.type }} + ports: + - port: {{ .Values.anaconda.service.port }} + targetPort: http + protocol: TCP + name: http + selector: + {{- include "pnnlmiscscripts.k8s-node-image-full.selectorLabels" . | nindent 4 }} + svc: anaconda diff --git a/charts/charts/k8s-node-image/templates/ingress.yaml b/charts/charts/k8s-node-image/templates/ingress.yaml new file mode 100644 index 0000000..77c7f6c --- /dev/null +++ b/charts/charts/k8s-node-image/templates/ingress.yaml @@ -0,0 +1,154 @@ +{{- if .Values.ingress.enabled -}} +{{- $dot := . }} +{{- $prefix := include "pnnlmiscscripts.k8s-node-image-full.ingress.prefix" . }} +{{- $pxeprefix := printf "%s/images/pxeboot" $prefix }} +{{- $aFullName := include "pnnlmiscscripts.k8s-node-image-full.anaconda.fullname" . -}} +{{- $nFullName := include "pnnlmiscscripts.k8s-node-image-full.k8s-node.fullname" . -}} +{{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }} + {{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }} + {{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.className}} + {{- end }} +{{- end }} +{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1 +{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1beta1 +{{- else -}} +apiVersion: extensions/v1beta1 +{{- end }} +kind: Ingress +metadata: + name: {{ include "pnnlmiscscripts.k8s-node-image-full.fullname" . }} + labels: + {{- include "pnnlmiscscripts.k8s-node-image-full.labels" . | nindent 4 }} + annotations: +{{- if .Values.ingress.regex }} + nginx.ingress.kubernetes.io/rewrite-target: /$1 +{{- end }} +{{- if eq (len .Values.ingress.tls) 0 }} + nginx.ingress.kubernetes.io/ssl-redirect: "false" +{{- end }} + {{- with .Values.ingress.annotations }} + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + {{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }} + ingressClassName: {{ .Values.ingress.className }} + {{- end }} + {{- if .Values.ingress.tls }} + tls: + {{- range .Values.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ . | quote }} + {{- end }} + secretName: {{ .secretName }} + {{- end }} + {{- end }} + rules: + {{- range .Values.ingress.hosts }} + - http: + paths: + - path: {{ dict "dot" $dot "prefix" $prefix "suffix" "" "type" "d" | include "pnnlmiscscripts.k8s-node-image-full.ingress" }} + {{- if semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion }} + pathType: Prefix + {{- end }} + backend: + {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} + service: + name: {{ $nFullName }} + port: + name: http + {{- else }} + serviceName: {{ $nFullName }} + servicePort: http + {{- end }} + - path: {{ dict "dot" $dot "prefix" $prefix "suffix" "vmlinuz" "type" "f" | include "pnnlmiscscripts.k8s-node-image-full.ingress" }} + {{- if semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion }} + pathType: Prefix + {{- end }} + backend: + {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} + service: + name: {{ $aFullName }} + port: + name: http + {{- else }} + serviceName: {{ $aFullName }} + servicePort: http + {{- end }} + - path: {{ dict "dot" $dot "prefix" $prefix "suffix" "initrd.img" "type" "f" | include "pnnlmiscscripts.k8s-node-image-full.ingress" }} + {{- if semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion }} + pathType: Prefix + {{- end }} + backend: + {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} + service: + name: {{ $aFullName }} + port: + name: http + {{- else }} + serviceName: {{ $aFullName }} + servicePort: http + {{- end }} + - path: {{ dict "dot" $dot "prefix" $pxeprefix "suffix" "vmlinuz" "type" "f" | include "pnnlmiscscripts.k8s-node-image-full.ingress" }} + {{- if semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion }} + pathType: Prefix + {{- end }} + backend: + {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} + service: + name: {{ $aFullName }} + port: + name: http + {{- else }} + serviceName: {{ $aFullName }} + servicePort: http + {{- end }} + - path: {{ dict "dot" $dot "prefix" $pxeprefix "suffix" "initrd.img" "type" "f" | include "pnnlmiscscripts.k8s-node-image-full.ingress" }} + {{- if semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion }} + pathType: Prefix + {{- end }} + backend: + {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} + service: + name: {{ $aFullName }} + port: + name: http + {{- else }} + serviceName: {{ $aFullName }} + servicePort: http + {{- end }} + - path: {{ dict "dot" $dot "prefix" $prefix "suffix" "LiveOS" "type" "d" | include "pnnlmiscscripts.k8s-node-image-full.ingress" }} + {{- if semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion }} + pathType: Prefix + {{- end }} + backend: + {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} + service: + name: {{ $aFullName }} + port: + name: http + {{- else }} + serviceName: {{ $aFullName }} + servicePort: http + {{- end }} + - path: {{ dict "dot" $dot "prefix" $prefix "suffix" ".treeinfo" "type" "f" | include "pnnlmiscscripts.k8s-node-image-full.ingress" }} + {{- if semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion }} + pathType: Prefix + {{- end }} + backend: + {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} + service: + name: {{ $aFullName }} + port: + name: http + {{- else }} + serviceName: {{ $aFullName }} + servicePort: http + {{- end }} + {{- if . }} + host: {{ . | quote }} + {{- end }} + {{- end }} +{{- end }} diff --git a/charts/charts/k8s-node-image/templates/k8s-node-deployment.yaml b/charts/charts/k8s-node-image/templates/k8s-node-deployment.yaml new file mode 100644 index 0000000..9fe4ed7 --- /dev/null +++ b/charts/charts/k8s-node-image/templates/k8s-node-deployment.yaml @@ -0,0 +1,66 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "pnnlmiscscripts.k8s-node-image-full.k8s-node.fullname" . }} + labels: + {{- include "pnnlmiscscripts.k8s-node-image-full.labels" . | nindent 4 }} + app.kubernetes.io/component: k8s-node + svc: k8s-node +spec: + replicas: {{ .Values.replicaCount }} + selector: + matchLabels: + {{- include "pnnlmiscscripts.k8s-node-image-full.selectorLabels" . | nindent 6 }} + svc: k8s-node + template: + metadata: + {{- with .Values.k8sNode.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "pnnlmiscscripts.k8s-node-image-full.selectorLabels" . | nindent 8 }} + svc: k8s-node + spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + containers: + - name: main + command: ["nginx", "-g", "daemon off;"] + image: {{ dict "dot" . "section" (index .Values "k8sNode").image | include (printf "%s.image" .Values.k8sNode.prefix) }} + imagePullPolicy: {{ .Values.k8sNode.image.pullPolicy }} + ports: + - name: http + containerPort: 80 + protocol: TCP + lifecycle: + preStop: + exec: + command: + - /bin/sh + - -c + - nginx -s quit + livenessProbe: + httpGet: + path: / + port: http + readinessProbe: + httpGet: + path: / + port: http + resources: + {{- toYaml .Values.resources | nindent 12 }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/charts/charts/k8s-node-image/templates/k8s-node-pdb.yaml b/charts/charts/k8s-node-image/templates/k8s-node-pdb.yaml new file mode 100644 index 0000000..8f657ab --- /dev/null +++ b/charts/charts/k8s-node-image/templates/k8s-node-pdb.yaml @@ -0,0 +1,17 @@ +{{- if (gt (.Values.replicaCount | int) 1) }} +apiVersion: {{ ternary "policy/v1" "policy/v1beta1" (semverCompare ">=1.21.0-0" .Capabilities.KubeVersion.Version) }} +kind: PodDisruptionBudget +metadata: + labels: + {{- include "pnnlmiscscripts.k8s-node-image-full.labels" . | nindent 4 }} + app.kubernetes.io/component: k8s-node + svc: k8s-node + name: {{ include "pnnlmiscscripts.k8s-node-image-full.k8s-node.fullname" . }} + namespace: {{ .Release.Namespace }} +spec: + selector: + matchLabels: + {{- include "pnnlmiscscripts.k8s-node-image-full.selectorLabels" . | nindent 6 }} + svc: k8s-node + minAvailable: {{ .Values.minAvailable }} +{{- end }} \ No newline at end of file diff --git a/charts/charts/k8s-node-image/templates/k8s-node-service.yaml b/charts/charts/k8s-node-image/templates/k8s-node-service.yaml new file mode 100644 index 0000000..d9ab405 --- /dev/null +++ b/charts/charts/k8s-node-image/templates/k8s-node-service.yaml @@ -0,0 +1,18 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "pnnlmiscscripts.k8s-node-image-full.k8s-node.fullname" . }} + labels: + {{- include "pnnlmiscscripts.k8s-node-image-full.labels" . | nindent 4 }} + app.kubernetes.io/component: k8s-node + svc: k8s-node +spec: + type: {{ .Values.k8sNode.service.type }} + ports: + - port: {{ .Values.k8sNode.service.port }} + targetPort: http + protocol: TCP + name: http + selector: + {{- include "pnnlmiscscripts.k8s-node-image-full.selectorLabels" . | nindent 4 }} + svc: k8s-node diff --git a/charts/charts/k8s-node-image/values.yaml b/charts/charts/k8s-node-image/values.yaml new file mode 100644 index 0000000..5d874d9 --- /dev/null +++ b/charts/charts/k8s-node-image/values.yaml @@ -0,0 +1,66 @@ +# Default values for k8s-node-image. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +replicaCount: 2 +minAvailable: 1 + +imagePullSecrets: [] +nameOverride: "" +fullnameOverride: "" + +anaconda: + image: + pullPolicy: IfNotPresent + + service: + type: ClusterIP + port: 80 + + podAnnotations: {} + +k8sNode: + prefix: "pnnlmiscscripts.k8s-node-image-nginx-1-14" + image: + pullPolicy: IfNotPresent + + service: + type: ClusterIP + port: 80 + + podAnnotations: {} + +ingress: + enabled: true + enableVersionPrefix: true + regex: true + prefix: "" + # className: "" + annotations: {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + hosts: [null] + #- chart-example.local + + tls: [] + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + +resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + +nodeSelector: {} + +tolerations: [] + +affinity: {} diff --git a/charts/charts/k8s-node-image9/.helmignore b/charts/charts/k8s-node-image9/.helmignore new file mode 100644 index 0000000..0e8a0eb --- /dev/null +++ b/charts/charts/k8s-node-image9/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/charts/charts/k8s-node-image9/Chart.yaml b/charts/charts/k8s-node-image9/Chart.yaml new file mode 100644 index 0000000..abae29a --- /dev/null +++ b/charts/charts/k8s-node-image9/Chart.yaml @@ -0,0 +1,13 @@ +apiVersion: v2 +appVersion: "1.0" +description: A Helm chart for Kubernetes +type: application +name: k8s-node-image9 +version: 0.2.0 +dependencies: +- name: k8s-node-image-nginx9-1-24 + version: 2.0.0 + repository: https://pnnl-miscscripts.github.io/image-library-charts/ +- name: anaconda-nginx9 + version: 2.0.0 + repository: https://pnnl-miscscripts.github.io/image-library-charts/ diff --git a/charts/charts/k8s-node-image9/README.md b/charts/charts/k8s-node-image9/README.md new file mode 100644 index 0000000..ed51668 --- /dev/null +++ b/charts/charts/k8s-node-image9/README.md @@ -0,0 +1,35 @@ +# K8S Node Image + +The k8s-node-image chart provides a a standalone image useful for installing +bare metal nodes that can form a k8s cluster. + +This can be used in conjunction with pixiecore and dhcpd. + +## Dependencies + +This chart requires nginx-ingress 0.22.0 or higher in the default config. To +support older nginx-ingress, set ingress.regex=false. + +For other ingress controllers, you will need to annotate as needed to get +rewriting to happen appropriately for your ingress controller. + +## Install Chart + +To install the Chart into your Kubernetes cluster : + +```bash +helm install --namespace "k8s-node-image" pnnl-miscscripts/k8s-node-image +``` + +After installation succeeds, you can get a status of Chart + +```bash +helm status +``` + +If you want to delete your Chart, use this command: + +```bash +helm delete --purge +``` + diff --git a/charts/charts/k8s-node-image9/templates/NOTES.txt b/charts/charts/k8s-node-image9/templates/NOTES.txt new file mode 100644 index 0000000..ad29a5a --- /dev/null +++ b/charts/charts/k8s-node-image9/templates/NOTES.txt @@ -0,0 +1,21 @@ +{{- $dot := . }} +{{- $prefix := include "pnnlmiscscripts.k8s-node-image-full.ingress.prefix" . }} +Contact information + +{{- range .Values.ingress.hosts }} +{{- if . }} +Repo: +http://{{ . }}{{ $prefix }} +Kernel: +http://{{ . }}{{ $prefix }}/vmlinuz +Initrd: +http://{{ . }}{{ $prefix }}/initrd.img +{{- else }} +Repo: +http://xx.xx.xx.xx{{ $prefix }} +Kernel: +http://xx.xx.xx.xx{{ $prefix }}/vmlinuz +Initrd: +http://xx.xx.xx.xx{{ $prefix }}/initrd.img +{{- end }} +{{- end }} diff --git a/charts/charts/k8s-node-image9/templates/_helpers.tpl b/charts/charts/k8s-node-image9/templates/_helpers.tpl new file mode 100644 index 0000000..f96e06f --- /dev/null +++ b/charts/charts/k8s-node-image9/templates/_helpers.tpl @@ -0,0 +1,102 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "pnnlmiscscripts.k8s-node-image-full.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "pnnlmiscscripts.k8s-node-image-full.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "pnnlmiscscripts.k8s-node-image-full.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{- define "pnnlmiscscripts.k8s-node-image-full.anaconda.fullname" -}} +{{- $f := include "pnnlmiscscripts.k8s-node-image-full.fullname" . }} +{{- $f | trunc 59 | trimSuffix "-" -}}-ana +{{- end -}} + +{{- define "pnnlmiscscripts.k8s-node-image-full.k8s-node.fullname" -}} +{{- $f := include "pnnlmiscscripts.k8s-node-image-full.fullname" . }} +{{- $f | trunc 58 | trimSuffix "-" -}}-node +{{- end -}} + +{{- define "pnnlmiscscripts.k8s-node-image-full.ingress.regex" -}} +{{- if gt (len .suffix) 0 }} + {{- if eq .type "d" }} + {{- printf "%s/(%s$|%s/.*)" .prefix .suffix .suffix }} + {{- else }} + {{- printf "%s/(%s$)" .prefix .suffix }} + {{- end }} +{{- else }} + {{- printf "%s/?(.*)$" .prefix }} +{{- end }} +{{- end -}} + +{{- define "pnnlmiscscripts.k8s-node-image-full.ingress.noregex" -}} +{{- if gt (len .suffix) 0 }} + {{- printf "%s/%s" .prefix .suffix }} +{{- else }} + {{- printf "%s/" .prefix }} +{{- end }} +{{- end -}} + +{{- define "pnnlmiscscripts.k8s-node-image-full.ingress.prefix" -}} +{{- if .Values.ingress.enableVersionPrefix -}} +{{- $tag := dict "dot" . "section" .Values.k8sNode.image | include (printf "%s.tag" .Values.k8sNode.prefix) -}} +{{- printf "%s/9-%s" .Values.ingress.prefix $tag -}} +{{- else }} +{{- .Values.ingress.prefix -}} +{{- end }} +{{- end }} + +{{/* +takes dot, prefix, suffix, and type. type can be either f or d. +*/}} +{{- define "pnnlmiscscripts.k8s-node-image-full.ingress" -}} +{{- if .dot.Values.ingress.regex }} +{{- include "pnnlmiscscripts.k8s-node-image-full.ingress.regex" . }} +{{- else }} +{{- include "pnnlmiscscripts.k8s-node-image-full.ingress.noregex" . }} +{{- end }} +{{- end -}} + +{{/* +Common labels +*/}} +{{- define "pnnlmiscscripts.k8s-node-image-full.labels" -}} +helm.sh/chart: {{ include "pnnlmiscscripts.k8s-node-image-full.chart" . }} +{{ include "pnnlmiscscripts.k8s-node-image-full.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "pnnlmiscscripts.k8s-node-image-full.selectorLabels" -}} +app.kubernetes.io/name: {{ include "pnnlmiscscripts.k8s-node-image-full.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} diff --git a/charts/charts/k8s-node-image9/templates/anaconda-deployment.yaml b/charts/charts/k8s-node-image9/templates/anaconda-deployment.yaml new file mode 100644 index 0000000..646a20a --- /dev/null +++ b/charts/charts/k8s-node-image9/templates/anaconda-deployment.yaml @@ -0,0 +1,66 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "pnnlmiscscripts.k8s-node-image-full.anaconda.fullname" . }} + labels: + {{- include "pnnlmiscscripts.k8s-node-image-full.labels" . | nindent 4 }} + app.kubernetes.io/component: anaconda + svc: anaconda +spec: + replicas: {{ .Values.replicaCount }} + selector: + matchLabels: + {{- include "pnnlmiscscripts.k8s-node-image-full.selectorLabels" . | nindent 6 }} + svc: anaconda + template: + metadata: + {{- with .Values.anaconda.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "pnnlmiscscripts.k8s-node-image-full.selectorLabels" . | nindent 8 }} + svc: anaconda + spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + containers: + - name: main + command: ["nginx", "-g", "daemon off;"] + image: {{ dict "dot" . "section" (index .Values "anaconda").image | include "pnnlmiscscripts.anaconda-nginx9.image" }} + imagePullPolicy: {{ .Values.anaconda.image.pullPolicy }} + ports: + - name: http + containerPort: 80 + protocol: TCP + lifecycle: + preStop: + exec: + command: + - /bin/sh + - -c + - nginx -s quit + livenessProbe: + httpGet: + path: / + port: http + readinessProbe: + httpGet: + path: / + port: http + resources: + {{- toYaml .Values.resources | nindent 12 }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/charts/charts/k8s-node-image9/templates/anaconda-pdb.yaml b/charts/charts/k8s-node-image9/templates/anaconda-pdb.yaml new file mode 100644 index 0000000..1d898a6 --- /dev/null +++ b/charts/charts/k8s-node-image9/templates/anaconda-pdb.yaml @@ -0,0 +1,17 @@ +{{- if (gt (.Values.replicaCount | int) 1) }} +apiVersion: {{ ternary "policy/v1" "policy/v1beta1" (semverCompare ">=1.21.0-0" .Capabilities.KubeVersion.Version) }} +kind: PodDisruptionBudget +metadata: + labels: + {{- include "pnnlmiscscripts.k8s-node-image-full.labels" . | nindent 4 }} + app.kubernetes.io/component: anaconda + svc: anaconda + name: {{ include "pnnlmiscscripts.k8s-node-image-full.anaconda.fullname" . }} + namespace: {{ .Release.Namespace }} +spec: + selector: + matchLabels: + {{- include "pnnlmiscscripts.k8s-node-image-full.selectorLabels" . | nindent 6 }} + svc: anaconda + minAvailable: {{ .Values.minAvailable }} +{{- end }} \ No newline at end of file diff --git a/charts/charts/k8s-node-image9/templates/anaconda-service.yaml b/charts/charts/k8s-node-image9/templates/anaconda-service.yaml new file mode 100644 index 0000000..c52e554 --- /dev/null +++ b/charts/charts/k8s-node-image9/templates/anaconda-service.yaml @@ -0,0 +1,18 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "pnnlmiscscripts.k8s-node-image-full.anaconda.fullname" . }} + labels: + {{- include "pnnlmiscscripts.k8s-node-image-full.labels" . | nindent 4 }} + app.kubernetes.io/component: anaconda + svc: anaconda +spec: + type: {{ .Values.anaconda.service.type }} + ports: + - port: {{ .Values.anaconda.service.port }} + targetPort: http + protocol: TCP + name: http + selector: + {{- include "pnnlmiscscripts.k8s-node-image-full.selectorLabels" . | nindent 4 }} + svc: anaconda diff --git a/charts/charts/k8s-node-image9/templates/ingress.yaml b/charts/charts/k8s-node-image9/templates/ingress.yaml new file mode 100644 index 0000000..86f3e1a --- /dev/null +++ b/charts/charts/k8s-node-image9/templates/ingress.yaml @@ -0,0 +1,82 @@ +{{- if .Values.ingress.enabled -}} +{{- $dot := . }} +{{- $prefix := include "pnnlmiscscripts.k8s-node-image-full.ingress.prefix" . }} +{{- $aFullName := include "pnnlmiscscripts.k8s-node-image-full.anaconda.fullname" . -}} +{{- $nFullName := include "pnnlmiscscripts.k8s-node-image-full.k8s-node.fullname" . -}} +{{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }} + {{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }} + {{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.className}} + {{- end }} +{{- end }} +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: {{ include "pnnlmiscscripts.k8s-node-image-full.fullname" . }} + labels: + {{- include "pnnlmiscscripts.k8s-node-image-full.labels" . | nindent 4 }} + annotations: +{{- if .Values.ingress.regex }} + nginx.ingress.kubernetes.io/rewrite-target: /$1 +{{- end }} +{{- if eq (len .Values.ingress.tls) 0 }} + nginx.ingress.kubernetes.io/ssl-redirect: "false" +{{- end }} + {{- with .Values.ingress.annotations }} + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + ingressClassName: {{ .Values.ingress.className }} + {{- if .Values.ingress.tls }} + tls: + {{- range .Values.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ . | quote }} + {{- end }} + secretName: {{ .secretName }} + {{- end }} + {{- end }} + rules: + {{- range .Values.ingress.hosts }} + - http: + paths: + - path: {{ dict "dot" $dot "prefix" $prefix "suffix" "" "type" "d" | include "pnnlmiscscripts.k8s-node-image-full.ingress" }} + pathType: Prefix + backend: + service: + name: {{ $nFullName }} + port: + name: http + - path: {{ dict "dot" $dot "prefix" $prefix "suffix" "images" "type" "d" | include "pnnlmiscscripts.k8s-node-image-full.ingress" }} + pathType: Prefix + backend: + service: + name: {{ $aFullName }} + port: + name: http + - path: {{ dict "dot" $dot "prefix" $prefix "suffix" ".treeinfo" "type" "f" | include "pnnlmiscscripts.k8s-node-image-full.ingress" }} + pathType: Prefix + backend: + service: + name: {{ $aFullName }} + port: + name: http + - path: {{ dict "dot" $dot "prefix" $prefix "suffix" "LICENSE" "type" "f" | include "pnnlmiscscripts.k8s-node-image-full.ingress" }} + pathType: Prefix + backend: + service: + name: {{ $aFullName }} + port: + name: http + - path: {{ dict "dot" $dot "prefix" $prefix "suffix" "RockyLinux_BuildTag" "type" "f" | include "pnnlmiscscripts.k8s-node-image-full.ingress" }} + pathType: Prefix + backend: + service: + name: {{ $aFullName }} + port: + name: http + {{- if . }} + host: {{ . | quote }} + {{- end }} + {{- end }} +{{- end }} diff --git a/charts/charts/k8s-node-image9/templates/k8s-node-deployment.yaml b/charts/charts/k8s-node-image9/templates/k8s-node-deployment.yaml new file mode 100644 index 0000000..9fe4ed7 --- /dev/null +++ b/charts/charts/k8s-node-image9/templates/k8s-node-deployment.yaml @@ -0,0 +1,66 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "pnnlmiscscripts.k8s-node-image-full.k8s-node.fullname" . }} + labels: + {{- include "pnnlmiscscripts.k8s-node-image-full.labels" . | nindent 4 }} + app.kubernetes.io/component: k8s-node + svc: k8s-node +spec: + replicas: {{ .Values.replicaCount }} + selector: + matchLabels: + {{- include "pnnlmiscscripts.k8s-node-image-full.selectorLabels" . | nindent 6 }} + svc: k8s-node + template: + metadata: + {{- with .Values.k8sNode.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "pnnlmiscscripts.k8s-node-image-full.selectorLabels" . | nindent 8 }} + svc: k8s-node + spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + containers: + - name: main + command: ["nginx", "-g", "daemon off;"] + image: {{ dict "dot" . "section" (index .Values "k8sNode").image | include (printf "%s.image" .Values.k8sNode.prefix) }} + imagePullPolicy: {{ .Values.k8sNode.image.pullPolicy }} + ports: + - name: http + containerPort: 80 + protocol: TCP + lifecycle: + preStop: + exec: + command: + - /bin/sh + - -c + - nginx -s quit + livenessProbe: + httpGet: + path: / + port: http + readinessProbe: + httpGet: + path: / + port: http + resources: + {{- toYaml .Values.resources | nindent 12 }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/charts/charts/k8s-node-image9/templates/k8s-node-pdb.yaml b/charts/charts/k8s-node-image9/templates/k8s-node-pdb.yaml new file mode 100644 index 0000000..8f657ab --- /dev/null +++ b/charts/charts/k8s-node-image9/templates/k8s-node-pdb.yaml @@ -0,0 +1,17 @@ +{{- if (gt (.Values.replicaCount | int) 1) }} +apiVersion: {{ ternary "policy/v1" "policy/v1beta1" (semverCompare ">=1.21.0-0" .Capabilities.KubeVersion.Version) }} +kind: PodDisruptionBudget +metadata: + labels: + {{- include "pnnlmiscscripts.k8s-node-image-full.labels" . | nindent 4 }} + app.kubernetes.io/component: k8s-node + svc: k8s-node + name: {{ include "pnnlmiscscripts.k8s-node-image-full.k8s-node.fullname" . }} + namespace: {{ .Release.Namespace }} +spec: + selector: + matchLabels: + {{- include "pnnlmiscscripts.k8s-node-image-full.selectorLabels" . | nindent 6 }} + svc: k8s-node + minAvailable: {{ .Values.minAvailable }} +{{- end }} \ No newline at end of file diff --git a/charts/charts/k8s-node-image9/templates/k8s-node-service.yaml b/charts/charts/k8s-node-image9/templates/k8s-node-service.yaml new file mode 100644 index 0000000..d9ab405 --- /dev/null +++ b/charts/charts/k8s-node-image9/templates/k8s-node-service.yaml @@ -0,0 +1,18 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "pnnlmiscscripts.k8s-node-image-full.k8s-node.fullname" . }} + labels: + {{- include "pnnlmiscscripts.k8s-node-image-full.labels" . | nindent 4 }} + app.kubernetes.io/component: k8s-node + svc: k8s-node +spec: + type: {{ .Values.k8sNode.service.type }} + ports: + - port: {{ .Values.k8sNode.service.port }} + targetPort: http + protocol: TCP + name: http + selector: + {{- include "pnnlmiscscripts.k8s-node-image-full.selectorLabels" . | nindent 4 }} + svc: k8s-node diff --git a/charts/charts/k8s-node-image9/values.yaml b/charts/charts/k8s-node-image9/values.yaml new file mode 100644 index 0000000..767642c --- /dev/null +++ b/charts/charts/k8s-node-image9/values.yaml @@ -0,0 +1,66 @@ +# Default values for k8s-node-image. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +replicaCount: 2 +minAvailable: 1 + +imagePullSecrets: [] +nameOverride: "" +fullnameOverride: "" + +anaconda: + image: + pullPolicy: IfNotPresent + + service: + type: ClusterIP + port: 80 + + podAnnotations: {} + +k8sNode: + prefix: "pnnlmiscscripts.k8s-node-image-nginx9-1-24" + image: + pullPolicy: IfNotPresent + + service: + type: ClusterIP + port: 80 + + podAnnotations: {} + +ingress: + enabled: true + enableVersionPrefix: true + regex: true + prefix: "" + # className: "" + annotations: {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + hosts: [null] + #- chart-example.local + + tls: [] + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + +resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + +nodeSelector: {} + +tolerations: [] + +affinity: {} diff --git a/charts/charts/kubeupdater/.helmignore b/charts/charts/kubeupdater/.helmignore new file mode 100644 index 0000000..0e8a0eb --- /dev/null +++ b/charts/charts/kubeupdater/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/charts/charts/kubeupdater/Chart.yaml b/charts/charts/kubeupdater/Chart.yaml new file mode 100644 index 0000000..10c8b19 --- /dev/null +++ b/charts/charts/kubeupdater/Chart.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +appVersion: "1.0" +description: A Helm chart for Kubernetes +name: kubeupdater +version: 0.9.0 diff --git a/charts/charts/kubeupdater/bin/kubeupdater b/charts/charts/kubeupdater/bin/kubeupdater new file mode 100755 index 0000000..d09b1bf --- /dev/null +++ b/charts/charts/kubeupdater/bin/kubeupdater @@ -0,0 +1,120 @@ +#!/bin/bash + +flag=$1 + +HOSTNAME=$(hostname) +export KUBECONFIG=/etc/kubernetes/kubelet.conf + +[ -f /etc/sysconfig/kubeupdater ] && . /etc/sysconfig/kubeupdater + +if [ "x$flag" == "x-b" ]; then + for x in `seq 1 5`; do + kubectl label node $HOSTNAME miscscripts.pnnl.gov/upgrade- && break + echo Failed to unlabel. Waiting and trying again. + sleep $x + done +fi + +if [ "x$flag" == "x-u" ]; then + while true; do + UPGRADE=0 + while read upgrade; do + if [ "x$upgrade" == "xtrue" ]; then + UPGRADE=1 + break + fi + done < <(kubectl get nodes $HOSTNAME -ogo-template='{{printf "%s\n" (index .metadata.labels "miscscripts.pnnl.gov/upgrade")}}' --watch) + if [ $UPGRADE -eq 1 ]; then + UPGRADE=0 + echo "Doing upgrade" + systemctl stop kubeupdater-checker + systemctl stop kubelet + yum install kubeadm -y + kubeadm upgrade node + pre_upgrade + yum upgrade -y + post_upgrade + kubectl label node $HOSTNAME miscscripts.pnnl.gov/upgrade-needed- + finish_upgrade + fi + done + sleep 1 +fi + +if [ "x$flag" == "x-c" ]; then + while true; do + while read line; do + while true; do + kubectl get configmap -n kube-system kubeupdater -o go-template='{{index .data "everything.repo"}}' > /etc/yum.repos.d/everything.repo.new + mv /etc/yum.repos.d/everything.repo.new /etc/yum.repos.d/everything.repo + echo Upgrade checking + yum check-update -y + res=$? + [ $res -eq 0 ] && break + if [ $res -eq 100 ]; then + echo Upgrade found. Informing the orchestrator. + kubectl label node $HOSTNAME miscscripts.pnnl.gov/upgrade-needed=true + break + fi + echo Failed to upgrade check. Retrying in 10 seconds. + sleep 10 + done + done < <(kubectl get configmap -n kube-system kubeupdater --watch -ogo-template='{{printf "\n"}}') + sleep 1 + done +fi + +if [ "x$flag" == "x-i" ]; then + cat > /etc/systemd/system/kubeupdater-checker.service < /etc/systemd/system/kubeupdater-updater.service < /etc/systemd/system/kubeupdater-boot.service < /host-bin/kubeupdater + chmod +x /host-bin/kubeupdater + nsenter -m/proc/1/ns/mnt -- /usr/bin/kubeupdater -i + while true; do sleep 10000; done + name: main + securityContext: + privileged: true + runAsUser: 0 + volumeMounts: + - mountPath: /host-bin + name: host-bin + - mountPath: /config + name: config + resources: + {{- toYaml .Values.resources | nindent 10 }} + serviceAccountName: {{ template "kubeupdater.serviceAccountName" . }} + hostNetwork: true + hostPID: true + hostIPC: true + volumes: + - hostPath: + path: /usr/bin + name: host-bin + - configMap: + name: {{ template "kubeupdater.fullname" . }} + name: config + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/charts/charts/kubeupdater/templates/node-role.yaml b/charts/charts/kubeupdater/templates/node-role.yaml new file mode 100644 index 0000000..514872d --- /dev/null +++ b/charts/charts/kubeupdater/templates/node-role.yaml @@ -0,0 +1,19 @@ +{{- if .Values.rbac.create }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ template "kubeupdater.fullname" . }}-node + namespace: kube-system + labels: + {{- include "kubeupdater.labels" . | nindent 4 }} +rules: +- apiGroups: + - "" + resources: + - configmaps + resourceNames: + - kubeupdater + verbs: + - get + - watch +{{- end }} diff --git a/charts/charts/kubeupdater/templates/node-rolebinding.yaml b/charts/charts/kubeupdater/templates/node-rolebinding.yaml new file mode 100644 index 0000000..65cc764 --- /dev/null +++ b/charts/charts/kubeupdater/templates/node-rolebinding.yaml @@ -0,0 +1,17 @@ +{{- if .Values.rbac.create }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ template "kubeupdater.fullname" . }}-node + namespace: kube-system + labels: + {{- include "kubeupdater.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ template "kubeupdater.fullname" . }}-node +subjects: +- apiGroup: rbac.authorization.k8s.io + kind: Group + name: system:nodes +{{- end }} diff --git a/charts/charts/kubeupdater/templates/psp.yaml b/charts/charts/kubeupdater/templates/psp.yaml new file mode 100644 index 0000000..87dbad1 --- /dev/null +++ b/charts/charts/kubeupdater/templates/psp.yaml @@ -0,0 +1,33 @@ +{{- if .Values.podSecurityPolicy.enabled }} +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ template "kubeupdater.fullname" . }} + labels: + {{- include "kubeupdater.labels" . | nindent 4 }} + annotations: + seccomp.security.alpha.kubernetes.io/allowedProfileNames: '*' +spec: + privileged: true + allowPrivilegeEscalation: true + allowedCapabilities: + - '*' + allowedHostPaths: + - pathPrefix: '/usr/bin' + readOnly: false + volumes: + - 'configMap' + - 'hostPath' + - 'secret' + hostNetwork: true + hostIPC: true + hostPID: true + runAsUser: + rule: 'RunAsAny' + seLinux: + rule: 'RunAsAny' + supplementalGroups: + rule: 'RunAsAny' + fsGroup: + rule: 'RunAsAny' +{{- end }} diff --git a/charts/charts/kubeupdater/templates/repo-configmap.yaml b/charts/charts/kubeupdater/templates/repo-configmap.yaml new file mode 100644 index 0000000..426754e --- /dev/null +++ b/charts/charts/kubeupdater/templates/repo-configmap.yaml @@ -0,0 +1,22 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: kubeupdater + namespace: kube-system + labels: + {{- include "kubeupdater.labels" . | nindent 4 }} +data: + everything.repo: | +{{- if hasKey .Values "rawConfig" }} +{{ .Values.rawConfig | indent 4}} +{{- else }} + [everything] + name=everything + enabled=1 + baseurl={{ .Values.base }}{{ .Values.version }} + gpgkey = file:///etc/pki/rpm-gpg/{{ .Values.localGPGFileName }} + {{ .Values.base }}{{ .Values.version }}/repodata/RPM-GPG-KEY + gpgcheck = 1 + repo_gpgcheck = 1 + keepcache = 0 +{{- end }} diff --git a/charts/charts/kubeupdater/templates/role.yaml b/charts/charts/kubeupdater/templates/role.yaml new file mode 100644 index 0000000..0a37818 --- /dev/null +++ b/charts/charts/kubeupdater/templates/role.yaml @@ -0,0 +1,14 @@ +{{- if and .Values.rbac.create .Values.podSecurityPolicy.enabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ template "kubeupdater.fullname" . }} + labels: + {{- include "kubeupdater.labels" . | nindent 4 }} +rules: +- apiGroups: ['policy'] + resources: ['podsecuritypolicies'] + verbs: ['use'] + resourceNames: + - {{ template "kubeupdater.fullname" . }} +{{- end }} diff --git a/charts/charts/kubeupdater/templates/rolebinding.yaml b/charts/charts/kubeupdater/templates/rolebinding.yaml new file mode 100644 index 0000000..bdc4bb6 --- /dev/null +++ b/charts/charts/kubeupdater/templates/rolebinding.yaml @@ -0,0 +1,16 @@ +{{- if and .Values.rbac.create .Values.podSecurityPolicy.enabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ template "kubeupdater.fullname" . }} + labels: + {{- include "kubeupdater.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ template "kubeupdater.fullname" . }} +subjects: +- kind: ServiceAccount + name: {{ template "kubeupdater.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} +{{- end }} diff --git a/charts/charts/kubeupdater/templates/serviceaccount.yaml b/charts/charts/kubeupdater/templates/serviceaccount.yaml new file mode 100644 index 0000000..885c57c --- /dev/null +++ b/charts/charts/kubeupdater/templates/serviceaccount.yaml @@ -0,0 +1,12 @@ +{{- if .Values.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "kubeupdater.serviceAccountName" . }} + labels: + {{- include "kubeupdater.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/charts/charts/kubeupdater/values.yaml b/charts/charts/kubeupdater/values.yaml new file mode 100644 index 0000000..250a926 --- /dev/null +++ b/charts/charts/kubeupdater/values.yaml @@ -0,0 +1,61 @@ +# Default values for kubeupdater. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +#rawConfig: | +# [yourrepohere] +# etcetc + +base: https://changeme/ +version: 1.16.8-nginx-2 +localGPGFileName: RPM-GPG-KEY-Rocky-9 + +image: + repository: alpine + tag: 3.11 + pullPolicy: IfNotPresent + +imagePullSecrets: [] +nameOverride: "" +fullnameOverride: "" + +serviceAccount: + # Specifies whether a service account should be created + create: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + +rbac: + create: true + +podSecurityPolicy: + enabled: true + +resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + +nodeSelector: {} + +tolerations: [] + +affinity: {} + +extraPreUpgradeScript: | + echo "About to upgrade everything" +extraPostUpgradeScript: | + echo "Done upgrading" + +finishUpgradeScript: | + reboot diff --git a/charts/charts/magic-namespace/Chart.yaml b/charts/charts/magic-namespace/Chart.yaml new file mode 100755 index 0000000..41cf298 --- /dev/null +++ b/charts/charts/magic-namespace/Chart.yaml @@ -0,0 +1,12 @@ +# Copied from helm stable repo. Maintainer switched. +apiVersion: v1 +appVersion: 2.8.2 +description: Manage resources per namespace using Helm +home: https://github.com/kubernetes/charts/tree/master/stable/magic-namespace +maintainers: +- email: kevin.fox@pnnl.gov + name: kfox1111 +#- email: kent.rancourt@microsoft.com +# name: krancour +name: magic-namespace +version: 0.5.4 diff --git a/charts/charts/magic-namespace/LICENSE b/charts/charts/magic-namespace/LICENSE new file mode 100644 index 0000000..393b7a3 --- /dev/null +++ b/charts/charts/magic-namespace/LICENSE @@ -0,0 +1,202 @@ + + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright The Helm Authors. + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/charts/charts/magic-namespace/README.md b/charts/charts/magic-namespace/README.md new file mode 100755 index 0000000..7f62a3d --- /dev/null +++ b/charts/charts/magic-namespace/README.md @@ -0,0 +1,113 @@ +# Magic Namespace + +**Magic Namespace** provides an easy, comprehensive option for cluster operators +to manage namespaces and observe good security practices in _multi-tenant, +RBAC-enabled_ Kubernetes clusters. + +## Introduction + +So you've got a multi-tenant cluster? Let's assume your cluster is RBAC-enabled. +If it isn't, _go fix that first_. You're playing with fire. Until you fix that, +you don't need Magic Namespace. Go fix it. We'll wait... + +In a multi-tenant cluster, a cluster operator (someone with full, unrestricted +privileges across the entire cluster), will manage users, groups, service +accounts, roles, and user/group bindings to roles-- all to either permit or +prevent subjects from performing certain actions in different namespaces. + +A common paradigm that has emerged is that _teams_ are given their own namespace +and some degree of latitude to administer that namespace, whilst not being +permitted to perform actions on _other teams'_ namespaces. + +Magic Namespace takes the pain out of this setup. It offers cluster operators an +easy, comprehensive avenue for using helm to manage namespaces, service +accounts, and role bindings for their consituent teams. Magic Namespace permits +cluster operators to manage all of this using familiar Helm-based workflows. + +## How it Works + +Magic Namespace offers cluster operators to define additional service accounts +and role bindings for use within the namespace. _Typically, it would be a good +idea to define at least one role binding that grants a user or group +administrative privileges in the namespace. + +## Prerequisites + +- A Kubernetes cluster with RBAC enabled + +## Installing the Chart + +To install the chart to create the `foo` namespace (if it doesn't already exist) +and useful resources (Tiller, service accounts, etc.) within that namespace: + +```bash +$ helm install stable/magic-namespace --name foo --namespace foo +``` + +Typically, you will want to bind at least one user or group to the `admin` role +in this namespace. Here are steps to follow: + +First, make a copy of the default `values.yaml`: + +```bash +$ helm inspect values stable/magic-namespace > ~/my-values.yaml +``` + +Edit `~/my-values.yaml` accordingly. Here is a sample role binding: + +``` +... + +roleBindings: +- name: admin-group-admin + role: + ## Valid values are "Role" or "ClusterRole" + kind: ClusterRole + name: admin + subject: + ## Valid values are "User", "Group", or "ServiceAccount" + kind: Group + name: + +... +``` + +Deploy as follows: + +```bash +$ helm install stable/magic-namespace \ + --name foo \ + --namespace foo \ + --values ~/my-values.yaml +``` + +## Uninstalling the Chart + +Deleting a release of a Magic Namespace will _not_ delete the namespace, +unless you have used the optional ```namespace``` setting. It will +only delete service accounts, role bindings, etc. from that +namespace. This is actually desirable behavior, as anything the team has +deployed within that namespace is likely to be unaffected, though further +deployments to and management of that namespace will not be possible by anyone +other than the cluster operator. + +If you have used the ```namespace``` setting, deleting the release will cleanup +the namespace. + +## Configuration + +The following table lists the most common, useful, and interesting configuration +parameters of the Magic Namespace chart and their default values. Please +reference the default `values.yaml` to understand further options. + +| Parameter | Description | Default | +|-----------|-------------|---------| +| `serviceAccounts` | An optional array of names of additional service account to create | `nil` | +| `roleBindings` | An optional array of objects that define role bindings | `nil` | +| `roleBindings[n].role.kind` | Identify the kind of role (`Role` or `ClusterRole`) to be used in the role binding | | +| `roleBindings[n].role.name` | Identify the name of the role to be used in the role binding | | +| `roleBindings[n].subject.kind` | Identify the kind of subject (`User`, `Group`, or `ServiceAccount` ) to be used in the role binding | | +| `roleBindings[n].subject.name` | Identify the name of the subject to be used in the role binding | | +| `namespace` | Specify a namespace to be created and used, overriding the one on the command line | | +| `namespaceAttributes.annotations` | Specify annotations to be attached to the namespace | | +| `namespaceAttributes.lables` | Specify labels to be attached to the namespace | | diff --git a/charts/charts/magic-namespace/templates/NOTES.txt b/charts/charts/magic-namespace/templates/NOTES.txt new file mode 100755 index 0000000..9fec53c --- /dev/null +++ b/charts/charts/magic-namespace/templates/NOTES.txt @@ -0,0 +1,15 @@ + +The namespace "{{ .Release.Namespace }}" has been created if it didn't already exist. + +{{ if .Values.serviceAccounts -}} +The following service accounts have been created in the namespace: +{{- range .Values.serviceAccounts }} + - {{ . }} +{{- end }} +{{ end }} +{{ if .Values.roleBindings -}} +The following role bindings have been created in the namespace: +{{- range .Values.roleBindings }} + - {{ .subject.kind }}[{{ .subject.name }}] --> {{ .role.kind }}[{{ .role.name }}] +{{- end }} +{{ end }} diff --git a/charts/charts/magic-namespace/templates/_helpers.tpl b/charts/charts/magic-namespace/templates/_helpers.tpl new file mode 100755 index 0000000..481470b --- /dev/null +++ b/charts/charts/magic-namespace/templates/_helpers.tpl @@ -0,0 +1,32 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "magic-namespace.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "magic-namespace.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "magic-namespace.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} diff --git a/charts/charts/magic-namespace/templates/namespace.yaml b/charts/charts/magic-namespace/templates/namespace.yaml new file mode 100755 index 0000000..01ba6ab --- /dev/null +++ b/charts/charts/magic-namespace/templates/namespace.yaml @@ -0,0 +1,9 @@ +{{- if hasKey .Values "namespace" }} +apiVersion: v1 +kind: Namespace +metadata: + name: {{ .Values.namespace }} + {{- if hasKey .Values "namespaceAttributes" }} +{{ toYaml .Values.namespaceAttributes | indent 2 }} + {{ end -}} +{{- end }} diff --git a/charts/charts/magic-namespace/templates/rolebindings.yaml b/charts/charts/magic-namespace/templates/rolebindings.yaml new file mode 100755 index 0000000..8e9524a --- /dev/null +++ b/charts/charts/magic-namespace/templates/rolebindings.yaml @@ -0,0 +1,22 @@ +{{- $values := .Values }} +{{- range .Values.roleBindings }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ .name }} + {{- if hasKey $values "namespace" }} + namespace: {{ $values.namespace }} + {{- end }} + labels: + chart: {{ template "magic-namespace.chart" $ }} + release: {{ $.Release.Name }} + heritage: {{ $.Release.Service }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: {{ .role.kind }} + name: {{ .role.name }} +subjects: +- kind: {{ .subject.kind }} + name: {{ .subject.name }} +{{- end }} diff --git a/charts/charts/magic-namespace/templates/serviceaccounts.yaml b/charts/charts/magic-namespace/templates/serviceaccounts.yaml new file mode 100755 index 0000000..ba6b3e6 --- /dev/null +++ b/charts/charts/magic-namespace/templates/serviceaccounts.yaml @@ -0,0 +1,15 @@ +{{- $values := .Values }} +{{- range .Values.serviceAccounts }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ . }} + {{- if hasKey $values "namespace" }} + namespace: {{ $values.namespace }} + {{- end }} + labels: + chart: {{ template "magic-namespace.chart" $ }} + release: {{ $.Release.Name }} + heritage: {{ $.Release.Service }} +{{- end }} diff --git a/charts/charts/magic-namespace/values.yaml b/charts/charts/magic-namespace/values.yaml new file mode 100755 index 0000000..06beaff --- /dev/null +++ b/charts/charts/magic-namespace/values.yaml @@ -0,0 +1,30 @@ +## Default values for magic-namespace + +# Uncomment and set to override the namespace that will be created. +# namespace: default + +# Extra namespace attributes +# namespaceAttributes: + # Labels to be added to the namespace definition + # labels: {} + + # Annotations to be added to the namespace definition + # annotations: {} + +## Optional additional ServiceAccounts +serviceAccounts: [] +# - some-service-account +# - another-service-account + +## Optional additional RoleBindings. It is a good idea to specify at least one +## to grant administrative permissions to a user or group. +# roleBindings: +# - name: admin-group-admin +# role: +# ## Valid values are "Role" or "ClusterRole" +# kind: ClusterRole +# name: admin +# subject: +# ## Valid values are "User", "Group", or "ServiceAccount" +# kind: Group +# name: diff --git a/charts/charts/nginx-app/.helmignore b/charts/charts/nginx-app/.helmignore new file mode 100644 index 0000000..9651f65 --- /dev/null +++ b/charts/charts/nginx-app/.helmignore @@ -0,0 +1,22 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +charts/ diff --git a/charts/charts/nginx-app/Chart.yaml b/charts/charts/nginx-app/Chart.yaml new file mode 100644 index 0000000..d086bba --- /dev/null +++ b/charts/charts/nginx-app/Chart.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +appVersion: "1.0" +description: A Simple Web service Chart +name: nginx-app +version: 0.1.2 diff --git a/charts/charts/nginx-app/DISCLAIMER b/charts/charts/nginx-app/DISCLAIMER new file mode 100644 index 0000000..7be185c --- /dev/null +++ b/charts/charts/nginx-app/DISCLAIMER @@ -0,0 +1,8 @@ +This material was prepared as an account of work sponsored by an agency of the United States Government. Neither the United States Government nor the United States Department of Energy, nor Battelle, nor any of their employees, nor any jurisdiction or organization that has cooperated in the development of these materials, makes any warranty, express or implied, or assumes any legal liability or responsibility for the accuracy, completeness, or usefulness or any information, apparatus, product, software, or process disclosed, or represents that its use would not infringe privately owned rights. +Reference herein to any specific commercial product, process, or service by trade name, trademark, manufacturer, or otherwise does not necessarily constitute or imply its endorsement, recommendation, or favoring by the United States Government or any agency thereof, or Battelle Memorial Institute. The views and opinions of authors expressed herein do not necessarily state or reflect those of the United States Government or any agency thereof. +PACIFIC NORTHWEST NATIONAL LABORATORY +operated by +BATTELLE +for the +UNITED STATES DEPARTMENT OF ENERGY +under Contract DE-AC05-76RL01830 \ No newline at end of file diff --git a/charts/charts/nginx-app/LICENSE b/charts/charts/nginx-app/LICENSE new file mode 100644 index 0000000..e085f4d --- /dev/null +++ b/charts/charts/nginx-app/LICENSE @@ -0,0 +1,7 @@ +Copyright © 2019, Battelle Memorial Institute +All rights reserved. +1. Battelle Memorial Institute (hereinafter Battelle) hereby grants permission to any person or entity lawfully obtaining a copy of this software and associated documentation files (hereinafter "the Software") to redistribute and use the Software in source and binary forms, with or without modification. Such person or entity may use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and may permit others to do so, subject to the following conditions: +* Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimers. +* Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. +* Other than as used herein, neither the name Battelle Memorial Institute or Battelle may be used in any form whatsoever without the express written consent of Battelle. +2. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL BATTELLE OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. diff --git a/charts/charts/nginx-app/README.md b/charts/charts/nginx-app/README.md new file mode 100644 index 0000000..b3ee033 --- /dev/null +++ b/charts/charts/nginx-app/README.md @@ -0,0 +1,26 @@ +# NGINX App chart + +This chart allows you to deploy a simple web application container running nginx, and provides a service and ingress to the application + + +## Install Chart + +To install the Chart into your Kubernetes cluster : + +```bash +helm install --name "mywebapp" pnnl-miscscripts/chronyd --set image.repository=nginx +``` + +After installation succeeds, you can get a status of Chart + +```bash +helm status "mywebapp" +``` + +If you want to delete your Chart, use this command: + +```bash +helm delete --purge "mywebapp" +``` + + diff --git a/charts/charts/nginx-app/templates/NOTES.txt b/charts/charts/nginx-app/templates/NOTES.txt new file mode 100644 index 0000000..4c29ffe --- /dev/null +++ b/charts/charts/nginx-app/templates/NOTES.txt @@ -0,0 +1,19 @@ +1. Get the application URL by running these commands: +{{- if .Values.ingress.enabled }} +{{- range .Values.ingress.hosts }} + http{{ if $.Values.ingress.tls }}s{{ end }}://{{ . }}{{ $.Values.ingress.path }} +{{- end }} +{{- else if contains "NodePort" .Values.service.type }} + export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "nginx-app.fullname" . }}) + export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") + echo http://$NODE_IP:$NODE_PORT +{{- else if contains "LoadBalancer" .Values.service.type }} + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + You can watch the status of by running 'kubectl get svc -w {{ template "nginx-app.fullname" . }}' + export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "nginx-app.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') + echo http://$SERVICE_IP:{{ .Values.service.port }} +{{- else if contains "ClusterIP" .Values.service.type }} + export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app={{ template "nginx-app.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") + echo "Visit http://127.0.0.1:8080 to use your application" + kubectl port-forward $POD_NAME 8080:80 +{{- end }} diff --git a/charts/charts/nginx-app/templates/_helpers.tpl b/charts/charts/nginx-app/templates/_helpers.tpl new file mode 100644 index 0000000..4cea259 --- /dev/null +++ b/charts/charts/nginx-app/templates/_helpers.tpl @@ -0,0 +1,32 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "pnnlmiscscripts.nginx-app.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "pnnlmiscscripts.nginx-app.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "pnnlmiscscripts.nginx-app.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} diff --git a/charts/charts/nginx-app/templates/deployment.yaml b/charts/charts/nginx-app/templates/deployment.yaml new file mode 100644 index 0000000..17a5549 --- /dev/null +++ b/charts/charts/nginx-app/templates/deployment.yaml @@ -0,0 +1,51 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "pnnlmiscscripts.nginx-app.fullname" . }} + labels: + app: {{ template "pnnlmiscscripts.nginx-app.name" . }} + chart: {{ template "pnnlmiscscripts.nginx-app.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + replicas: {{ .Values.replicaCount }} + selector: + matchLabels: + app: {{ template "pnnlmiscscripts.nginx-app.name" . }} + release: {{ .Release.Name }} + template: + metadata: + labels: + app: {{ template "pnnlmiscscripts.nginx-app.name" . }} + release: {{ .Release.Name }} + spec: + containers: + - name: {{ .Chart.Name }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + ports: + - name: http + containerPort: 80 + protocol: TCP + livenessProbe: + httpGet: + path: / + port: http + readinessProbe: + httpGet: + path: / + port: http + resources: +{{ toYaml .Values.resources | indent 12 }} + {{- with .Values.nodeSelector }} + nodeSelector: +{{ toYaml . | indent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: +{{ toYaml . | indent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: +{{ toYaml . | indent 8 }} + {{- end }} diff --git a/charts/charts/nginx-app/templates/ingress.yaml b/charts/charts/nginx-app/templates/ingress.yaml new file mode 100644 index 0000000..406c2cf --- /dev/null +++ b/charts/charts/nginx-app/templates/ingress.yaml @@ -0,0 +1,38 @@ +{{- if .Values.ingress.enabled -}} +{{- $fullName := include "pnnlmiscscripts.nginx-app.fullname" . -}} +{{- $ingressPath := .Values.ingress.path -}} +apiVersion: extensions/v1beta1 +kind: Ingress +metadata: + name: {{ $fullName }} + labels: + app: {{ template "pnnlmiscscripts.nginx-app.name" . }} + chart: {{ template "pnnlmiscscripts.nginx-app.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +{{- with .Values.ingress.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} +spec: +{{- if .Values.ingress.tls }} + tls: + {{- range .Values.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ . }} + {{- end }} + secretName: {{ .secretName }} + {{- end }} +{{- end }} + rules: + {{- range .Values.ingress.hosts }} + - host: {{ . }} + http: + paths: + - path: {{ $ingressPath }} + backend: + serviceName: {{ $fullName }} + servicePort: http + {{- end }} +{{- end }} diff --git a/charts/charts/nginx-app/templates/service.yaml b/charts/charts/nginx-app/templates/service.yaml new file mode 100644 index 0000000..54212e7 --- /dev/null +++ b/charts/charts/nginx-app/templates/service.yaml @@ -0,0 +1,19 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ template "pnnlmiscscripts.nginx-app.fullname" . }} + labels: + app: {{ template "pnnlmiscscripts.nginx-app.name" . }} + chart: {{ template "pnnlmiscscripts.nginx-app.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + type: {{ .Values.service.type }} + ports: + - port: {{ .Values.service.port }} + targetPort: http + protocol: TCP + name: http + selector: + app: {{ template "pnnlmiscscripts.nginx-app.name" . }} + release: {{ .Release.Name }} diff --git a/charts/charts/nginx-app/values.yaml b/charts/charts/nginx-app/values.yaml new file mode 100644 index 0000000..0e5b1e6 --- /dev/null +++ b/charts/charts/nginx-app/values.yaml @@ -0,0 +1,44 @@ +# Default values for nginx-app. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +replicaCount: 1 + +image: + repository: nginx + tag: latest + pullPolicy: Always + +service: + type: ClusterIP + port: 80 + +ingress: + enabled: true + annotations: + kubernetes.io/ingress.class: nginx + path: / + hosts: + - nginx-app.example.com +# tls: +# - secretName: example-com-tls +# hosts: +# - nginx-app.example.com + +resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + +nodeSelector: {} + +tolerations: [] + +affinity: {} diff --git a/charts/charts/pixiecore-simpleconfig/.helmignore b/charts/charts/pixiecore-simpleconfig/.helmignore new file mode 100644 index 0000000..f0c1319 --- /dev/null +++ b/charts/charts/pixiecore-simpleconfig/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/charts/charts/pixiecore-simpleconfig/Chart.yaml b/charts/charts/pixiecore-simpleconfig/Chart.yaml new file mode 100644 index 0000000..b2535b3 --- /dev/null +++ b/charts/charts/pixiecore-simpleconfig/Chart.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +appVersion: "1.0" +description: Helm chart for simple config of pixiecore +name: pixiecore-simpleconfig +version: 0.6.0 diff --git a/charts/charts/pixiecore-simpleconfig/README.md b/charts/charts/pixiecore-simpleconfig/README.md new file mode 100644 index 0000000..f5274c5 --- /dev/null +++ b/charts/charts/pixiecore-simpleconfig/README.md @@ -0,0 +1,27 @@ +pixiecore-simpleconfig is a chart that lets you quickly setup a backend for pixiecore + +You can put the pixiecore json files directly into config, keyed by mac address. + +For example, to pxe boot 00:11:22:33, use values file: +```yaml +config: + "00:11:22:33": | + { + "kernel": "http://xxx.xxx.xxx.xxx:9090/vmlinuz", + "initrd": ["http://xxx.xxx.xxx.xxx:9090/initrd.img"], + "cmdline": "ks=http://xxx.xxx.xxx.xxx:9091/v1/boot/ks.cfg ksdevice=ens1 console=ttyS1,115200" + } +``` + +Install like: +```console +helm install pnnlmiscscripts/pixiecore-simpleconfig \ + --name pixiecore-simpleconfig \ + --namespace provision \ + -f pixiecore-simpleconfig-values.yaml +``` + +Then point your pixiecore at the pixiecore-simpleconfig. + +The config value gets mapped directly to a configmap, so its possible to put other things in there such as kickstart files if that simplifies your setup. + diff --git a/charts/charts/pixiecore-simpleconfig/templates/_helpers.tpl b/charts/charts/pixiecore-simpleconfig/templates/_helpers.tpl new file mode 100644 index 0000000..c707d3f --- /dev/null +++ b/charts/charts/pixiecore-simpleconfig/templates/_helpers.tpl @@ -0,0 +1,32 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "pnnlmiscscripts.pixiecore.simpleconfig.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "pnnlmiscscripts.pixiecore.simpleconfig.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "pnnlmiscscripts.pixiecore.simpleconfig.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} diff --git a/charts/charts/pixiecore-simpleconfig/templates/configmap.yaml b/charts/charts/pixiecore-simpleconfig/templates/configmap.yaml new file mode 100644 index 0000000..3573bbe --- /dev/null +++ b/charts/charts/pixiecore-simpleconfig/templates/configmap.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "pnnlmiscscripts.pixiecore.simpleconfig.fullname" . }} + labels: + app: {{ template "pnnlmiscscripts.pixiecore.simpleconfig.name" . }} + chart: {{ template "pnnlmiscscripts.pixiecore.simpleconfig.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +data: +{{- range $key, $value := .Values.config }} + {{ $key | replace ":" "" | quote }}: | +{{ $value | indent 4 }} +{{- end }} diff --git a/charts/charts/pixiecore-simpleconfig/templates/deployment.yaml b/charts/charts/pixiecore-simpleconfig/templates/deployment.yaml new file mode 100644 index 0000000..68ef207 --- /dev/null +++ b/charts/charts/pixiecore-simpleconfig/templates/deployment.yaml @@ -0,0 +1,65 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "pnnlmiscscripts.pixiecore.simpleconfig.fullname" . }} + labels: + app: {{ template "pnnlmiscscripts.pixiecore.simpleconfig.name" . }} + chart: {{ template "pnnlmiscscripts.pixiecore.simpleconfig.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + replicas: {{ .Values.replicaCount }} + selector: + matchLabels: + app: {{ template "pnnlmiscscripts.pixiecore.simpleconfig.name" . }} + release: {{ .Release.Name }} + template: + metadata: + labels: + app: {{ template "pnnlmiscscripts.pixiecore.simpleconfig.name" . }} + release: {{ .Release.Name }} + annotations: + checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum | quote }} + spec: + containers: + - name: {{ .Chart.Name }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + ports: + - name: http + containerPort: 80 + protocol: TCP + livenessProbe: + httpGet: + path: / + port: http + readinessProbe: + httpGet: + path: / + port: http + resources: +{{ toYaml .Values.resources | indent 12 }} + volumeMounts: + - name: config + mountPath: /usr/share/nginx/html/v1/boot + {{- with .Values.nodeSelector }} + nodeSelector: +{{ toYaml . | indent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: +{{ toYaml . | indent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: +{{ toYaml . | indent 8 }} + {{- end }} + volumes: + - name: config + configMap: + name: {{ template "pnnlmiscscripts.pixiecore.simpleconfig.fullname" . }} + items: +{{- range $key, $value := .Values.config }} + - key: {{ $key | replace ":" "" | quote }} + path: {{ $key | quote }} +{{- end }} diff --git a/charts/charts/pixiecore-simpleconfig/templates/ingress.yaml b/charts/charts/pixiecore-simpleconfig/templates/ingress.yaml new file mode 100644 index 0000000..b45146f --- /dev/null +++ b/charts/charts/pixiecore-simpleconfig/templates/ingress.yaml @@ -0,0 +1,30 @@ +{{- if .Values.ingress.enabled -}} +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: {{ include "pnnlmiscscripts.pixiecore.simpleconfig.fullname" . }} + labels: + app.kubernetes.io/name: {{ include "pnnlmiscscripts.pixiecore.simpleconfig.name" . }} + helm.sh/chart: {{ include "pnnlmiscscripts.pixiecore.simpleconfig.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + annotations: +{{- toYaml .Values.ingress.annotations | nindent 4 }} +spec: + {{- if .Values.ingress.className }} + ingressClassName: {{ .Values.ingress.className }} + {{- end }} + rules: + - http: + paths: + - path: {{ .Values.ingress.path }} + pathType: Prefix + backend: + service: + name: {{ .Values.service.name }} + port: + name: http +{{- if .Values.ingress.host }} + host: {{ .Values.ingress.host | quote }} +{{- end }} +{{- end }} diff --git a/charts/charts/pixiecore-simpleconfig/templates/service.yaml b/charts/charts/pixiecore-simpleconfig/templates/service.yaml new file mode 100644 index 0000000..2c244f4 --- /dev/null +++ b/charts/charts/pixiecore-simpleconfig/templates/service.yaml @@ -0,0 +1,21 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ .Values.service.name }} + labels: + app: {{ template "pnnlmiscscripts.pixiecore.simpleconfig.name" . }} + chart: {{ template "pnnlmiscscripts.pixiecore.simpleconfig.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + type: {{ .Values.service.type }} + ports: + - port: {{ .Values.service.port }} + targetPort: http + protocol: TCP + name: http + externalIPs: +{{ toYaml .Values.service.externalIPs | indent 4 }} + selector: + app: {{ template "pnnlmiscscripts.pixiecore.simpleconfig.name" . }} + release: {{ .Release.Name }} diff --git a/charts/charts/pixiecore-simpleconfig/values.yaml b/charts/charts/pixiecore-simpleconfig/values.yaml new file mode 100644 index 0000000..17c3d8c --- /dev/null +++ b/charts/charts/pixiecore-simpleconfig/values.yaml @@ -0,0 +1,52 @@ +# Default values for pixiecore-simpleconfig. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +replicaCount: 1 + +image: + repository: nginx + tag: stable + pullPolicy: IfNotPresent + +service: + #externalIPs: [] + type: ClusterIP + name: pixiecore + port: 80 + +resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + +nodeSelector: {} + +tolerations: [] + +affinity: {} + +ingress: + enabled: false + #className: "" + annotations: {} + path: /v1/boot +# host: example.com + +config: {} +# "00:11:22:33": | +# {pixiecore config here} +# For example: +# { +# "kernel": "http://xxx.xxx.xxx.xxx:9090/vmlinuz", +# "initrd": ["http://xxx.xxx.xxx.xxx:9090/initrd.img"], +# "cmdline": "ks=http://xxx.xxx.xxx.xxx:9091/v1/boot/ks.cfg ksdevice=ens1 console=ttyS1,115200" +# } + diff --git a/charts/charts/pixiecore/Chart.yaml b/charts/charts/pixiecore/Chart.yaml new file mode 100755 index 0000000..13239d4 --- /dev/null +++ b/charts/charts/pixiecore/Chart.yaml @@ -0,0 +1,6 @@ +name: pixiecore +version: 0.3.0 +description: pixiecore +maintainers: +- name: Kevin Fox + email: Kevin.Fox@pnnl.gov diff --git a/charts/charts/pixiecore/requirements.yaml b/charts/charts/pixiecore/requirements.yaml new file mode 100644 index 0000000..7a35eca --- /dev/null +++ b/charts/charts/pixiecore/requirements.yaml @@ -0,0 +1,4 @@ +dependencies: +- name: pixiecore + version: 2.0.0 + repository: https://pnnl-miscscripts.github.io/image-library-charts/ diff --git a/charts/charts/pixiecore/templates/_helpers.tpl b/charts/charts/pixiecore/templates/_helpers.tpl new file mode 100644 index 0000000..88f0a91 --- /dev/null +++ b/charts/charts/pixiecore/templates/_helpers.tpl @@ -0,0 +1,32 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "pnnlmiscscripts.pixiecore-full.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "pnnlmiscscripts.pixiecore-full.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "pnnlmiscscripts.pixiecore-full.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} diff --git a/charts/charts/pixiecore/templates/daemonset.yaml b/charts/charts/pixiecore/templates/daemonset.yaml new file mode 100644 index 0000000..130bae6 --- /dev/null +++ b/charts/charts/pixiecore/templates/daemonset.yaml @@ -0,0 +1,48 @@ +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: {{ template "pnnlmiscscripts.pixiecore-full.fullname" . }} + labels: + heritage: {{ .Release.Service | quote }} + release: {{ .Release.Name | quote }} + chart: {{ template "pnnlmiscscripts.pixiecore-full.chart" . }} + app: {{ template "pnnlmiscscripts.pixiecore-full.name" . }} +spec: + selector: + matchLabels: + app: {{ template "pnnlmiscscripts.pixiecore-full.name" . }} + updateStrategy: + type: RollingUpdate + template: + metadata: + labels: + app: {{ template "pnnlmiscscripts.pixiecore-full.name" . }} + spec: + dnsPolicy: ClusterFirstWithHostNet + hostNetwork: True + nodeSelector: +{{ toYaml .Values.nodeSelector | indent 8 }} + containers: + - name: main + image: {{ dict "dot" . "section" .Values.pixiecore | include "pnnlmiscscripts.pixiecore.image" }} + imagePullPolicy: {{ .Values.pixiecore.imagePullPolicy }} + securityContext: + capabilities: + add: ["NET_ADMIN"] + command: + - /bin/sh + - -ec + - | +{{- if .Values.listen.interface }} + LISTENARG=-l; + LISTENIP=$(ip a show dev {{ .Values.listen.interface }} | awk '{if($1 == "inet"){print $2}}' | sed 's@/.*@@'); +{{- else if .Values.listen.ip }} + LISTENARG=-l; + LISTENIP={{ .Values.listen.ip }}; +{{- else }} + LISTENARG=""; + LISTENIP=""; +{{- end }} + exec pixiecore api --dhcp-no-bind $LISTENARG $LISTENIP --port {{ .Values.port | quote }} {{ .Values.extraArgs | join " " }} {{ .Values.upstreamURL | quote }} + resources: +{{ toYaml .Values.resources | indent 10 }} diff --git a/charts/charts/pixiecore/values.yaml b/charts/charts/pixiecore/values.yaml new file mode 100644 index 0000000..7a4133d --- /dev/null +++ b/charts/charts/pixiecore/values.yaml @@ -0,0 +1,9 @@ +pixiecore: + imagePullPolicy: IfNotPresent +upstreamURL: http://pixiecore +port: 9200 +nodeSelector: {} +listen: + interface: "" + ip: "" +extraArgs: [] diff --git a/charts/charts/smartctl-exporter/Chart.yaml b/charts/charts/smartctl-exporter/Chart.yaml new file mode 100644 index 0000000..09dc0a3 --- /dev/null +++ b/charts/charts/smartctl-exporter/Chart.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +appVersion: "0.1.4" +description: SmartCTL Exporter for Kubernetes +name: smartctl-exporter +version: 0.1.4 diff --git a/charts/charts/smartctl-exporter/README.md b/charts/charts/smartctl-exporter/README.md new file mode 100644 index 0000000..328fe05 --- /dev/null +++ b/charts/charts/smartctl-exporter/README.md @@ -0,0 +1,35 @@ +# smartctl-exporter + +The smartctl-exporter chart launches smartctl-exporter on each node of the cluster. + + +## Install Chart + +To install the Chart into your Kubernetes cluster: + +```bash +kubectl create namespace smartctl-exporter +helm upgrade --install --namespace "smartctl-exporter" smartctl-exporter pnnl-miscscripts/smartctl-exporter -f smartctl-exporter-values.yaml +``` + +After installation succeeds, you can get a status of Chart + +```bash +helm status "smartctl-exporter" +``` + +If you want to delete your Chart, use this command: + +```bash +helm delete "smartctl-exporter" +``` + +### Chronyd configuration +Set your smartctl-exporter config like: +```yaml +config: + devices: + - /dev/sda + - /dev/sdb +``` + diff --git a/charts/charts/smartctl-exporter/requirements.yaml b/charts/charts/smartctl-exporter/requirements.yaml new file mode 100644 index 0000000..21278be --- /dev/null +++ b/charts/charts/smartctl-exporter/requirements.yaml @@ -0,0 +1,4 @@ +dependencies: +- name: smartctl-exporter + version: 2.0.0 + repository: https://pnnl-miscscripts.github.io/image-library-charts/ diff --git a/charts/charts/smartctl-exporter/rules/rules.txt b/charts/charts/smartctl-exporter/rules/rules.txt new file mode 100644 index 0000000..faf8905 --- /dev/null +++ b/charts/charts/smartctl-exporter/rules/rules.txt @@ -0,0 +1,36 @@ +rules: +- alert: SmartCTLDeviceMediaErrors + expr: smartctl_device_media_errors != 0 + annotations: + message: Device {{ $labels.device }} on instance {{ $labels.instance }} has media errors + for: 1m + labels: + severity: error +- alert: SmartCTLDeviceCriticalWarning + expr: smartctl_device_critical_warning != 0 + annotations: + message: Device {{ $labels.device }} on instance {{ $labels.instance }} has media errors + for: 1m + labels: + severity: warning +- alert: SmartCTLDeviceAvailableSpareUnderThreadhold + expr: smartctl_device_available_spare_threshold > smartctl_device_available_spare + annotations: + message: Device {{ $labels.device }} on instance {{ $labels.instance }} is under available spare threashold. + for: 1m + labels: + severity: warning +- alert: SmartCTLDeviceStatus + expr: smartctl_device_status != 1 + annotations: + message: Device {{ $labels.device }} on instance {{ $labels.instance }} has a bad status + for: 1m + labels: + severity: error +- alert: SmartCTLDInterfaceSlow + expr: smartctl_device_interface_speed{speed_type="current"} != on(device, instance, namespace, pod) smartctl_device_interface_speed{speed_type="max"} + annotations: + message: Device {{ $labels.device }} on instance {{ $labels.instance }} interface is slower then it should be + for: 1m + labels: + severity: warning diff --git a/charts/charts/smartctl-exporter/templates/_helpers.tpl b/charts/charts/smartctl-exporter/templates/_helpers.tpl new file mode 100644 index 0000000..040de78 --- /dev/null +++ b/charts/charts/smartctl-exporter/templates/_helpers.tpl @@ -0,0 +1,32 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "pnnlmiscscripts.smartctl-exporter.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "pnnlmiscscripts.smartctl-exporter.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "pnnlmiscscripts.smartctl-exporter.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} diff --git a/charts/charts/smartctl-exporter/templates/configmap.yaml b/charts/charts/smartctl-exporter/templates/configmap.yaml new file mode 100644 index 0000000..fd5e46f --- /dev/null +++ b/charts/charts/smartctl-exporter/templates/configmap.yaml @@ -0,0 +1,26 @@ +{{- if hasKey . "config" }} +{{ toYaml .config }} +{{- else }} + +{{- $global := . }} +{{- $base := dict "config" .Values.config }} +{{- $items := prepend .Values.extraInstances $base }} +{{- range $idx, $item := $items }} +{{- $config := mergeOverwrite $item.config $global.Values.common.config }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "pnnlmiscscripts.smartctl-exporter.fullname" $global }}-{{ $idx }} + labels: + app: {{ template "pnnlmiscscripts.smartctl-exporter.name" $global }} + chart: {{ template "pnnlmiscscripts.smartctl-exporter.chart" $global }} + release: {{ $global.Release.Name }} + heritage: {{ $global.Release.Service }} + idx: i{{ $idx }} +data: + smartctl_exporter.yaml: | + smartctl_exporter: +{{ toYaml $config | indent 6 }} +{{- end }} +{{- end }} diff --git a/charts/charts/smartctl-exporter/templates/daemonset.yaml b/charts/charts/smartctl-exporter/templates/daemonset.yaml new file mode 100644 index 0000000..c94c068 --- /dev/null +++ b/charts/charts/smartctl-exporter/templates/daemonset.yaml @@ -0,0 +1,78 @@ +{{- $global := . }} +{{- $base := dict "resources" .Values.resources "nodeSelector" .Values.nodeSelector "affinity" .Values.affinity "tolerations" .Values.tolerations "config" .Values.config }} +{{- $items := prepend .Values.extraInstances $base }} +{{- range $idx, $item := $items }} +{{- $config := mergeOverwrite $item.config $global.Values.common.config }} +{{- $res := set $item "config" $config }} +--- +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: {{ template "pnnlmiscscripts.smartctl-exporter.fullname" $global }}-{{ $idx }} + labels: + app: {{ template "pnnlmiscscripts.smartctl-exporter.name" $global }} + chart: {{ template "pnnlmiscscripts.smartctl-exporter.chart" $global }} + release: {{ $global.Release.Name }} + heritage: {{ $global.Release.Service }} + idx: i{{ $idx }} +spec: + updateStrategy: + rollingUpdate: + maxUnavailable: 1 + type: RollingUpdate + selector: + matchLabels: + app: {{ template "pnnlmiscscripts.smartctl-exporter.name" $global }} + release: {{ $global.Release.Name }} + idx: i{{ $idx }} + template: + metadata: + labels: + app: {{ template "pnnlmiscscripts.smartctl-exporter.name" $global }} + release: {{ $global.Release.Name }} + idx: i{{ $idx }} + annotations: + checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum | quote }} + spec: + containers: + - image: {{ dict "dot" . "section" $global.Values.image | include "pnnlmiscscripts.smartctl-exporter.image" }} + imagePullPolicy: {{ $global.Values.image.pullPolicy }} + name: main + securityContext: + privileged: true + ports: + - name: http + containerPort: 9633 + protocol: TCP + resources: +{{ toYaml $item.resources | indent 10 }} + volumeMounts: + - mountPath: /hostdev + name: dev + - mountPath: /etc/smartctl_exporter.yaml + subPath: smartctl_exporter.yaml + name: config + dnsPolicy: ClusterFirst + hostNetwork: true + restartPolicy: Always + serviceAccountName: {{ template "pnnlmiscscripts.smartctl-exporter.fullname" $global }} + volumes: + - configMap: + name: {{ template "pnnlmiscscripts.smartctl-exporter.fullname" $global }}-{{ $idx }} + name: config + - hostPath: + path: /dev + name: dev + {{- with $item.nodeSelector }} + nodeSelector: +{{ toYaml . | indent 8 }} + {{- end }} + {{- with $item.affinity }} + affinity: +{{ toYaml . | indent 8 }} + {{- end }} + {{- with $item.tolerations }} + tolerations: +{{ toYaml . | indent 8 }} + {{- end }} +{{- end }} diff --git a/charts/charts/smartctl-exporter/templates/prometheusrule.yaml b/charts/charts/smartctl-exporter/templates/prometheusrule.yaml new file mode 100644 index 0000000..4143cdc --- /dev/null +++ b/charts/charts/smartctl-exporter/templates/prometheusrule.yaml @@ -0,0 +1,22 @@ +{{- if .Values.prometheusRules.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: {{ template "pnnlmiscscripts.smartctl-exporter.fullname" . }}.rules + labels: + app.kubernetes.io/name: {{ include "pnnlmiscscripts.smartctl-exporter.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + chart: {{ template "pnnlmiscscripts.smartctl-exporter.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +{{- if ne (len .Values.prometheusRules.extraLabels) 0 }} +{{ toYaml .Values.prometheusRules.extraLabels | indent 4 }} +{{- end }} +{{- if hasKey .Values.prometheusRules "namespace" }} + namespace: {{ .Values.prometheusRules.namespace }} +{{- end }} +spec: + groups: + - name: smartctl-exporter.rules +{{ .Files.Get "rules/rules.txt" | indent 4 }} +{{- end }} diff --git a/charts/charts/smartctl-exporter/templates/rolebinding.yaml b/charts/charts/smartctl-exporter/templates/rolebinding.yaml new file mode 100644 index 0000000..7ac5265 --- /dev/null +++ b/charts/charts/smartctl-exporter/templates/rolebinding.yaml @@ -0,0 +1,19 @@ +{{- if .Values.rbac.create }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ template "pnnlmiscscripts.smartctl-exporter.fullname" . }} + labels: + app: {{ template "pnnlmiscscripts.smartctl-exporter.name" . }} + chart: {{ template "pnnlmiscscripts.smartctl-exporter.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ .Values.rbac.podSecurityPolicy }} +subjects: +- kind: ServiceAccount + name: {{ template "pnnlmiscscripts.smartctl-exporter.fullname" . }} + namespace: {{ .Release.Namespace }} +{{- end }} diff --git a/charts/charts/smartctl-exporter/templates/service.yaml b/charts/charts/smartctl-exporter/templates/service.yaml new file mode 100644 index 0000000..5de666a --- /dev/null +++ b/charts/charts/smartctl-exporter/templates/service.yaml @@ -0,0 +1,21 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ template "pnnlmiscscripts.smartctl-exporter.fullname" . }} + labels: + app: {{ template "pnnlmiscscripts.smartctl-exporter.name" . }} + chart: {{ template "pnnlmiscscripts.smartctl-exporter.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + type: {{ .Values.service.type }} + ports: + - port: {{ .Values.service.port }} + targetPort: http + protocol: TCP + name: http + externalIPs: +{{ toYaml .Values.service.externalIPs | indent 4 }} + selector: + app: {{ template "pnnlmiscscripts.smartctl-exporter.name" . }} + release: {{ .Release.Name }} diff --git a/charts/charts/smartctl-exporter/templates/serviceaccount.yaml b/charts/charts/smartctl-exporter/templates/serviceaccount.yaml new file mode 100644 index 0000000..f849d2e --- /dev/null +++ b/charts/charts/smartctl-exporter/templates/serviceaccount.yaml @@ -0,0 +1,11 @@ +{{- if .Values.rbac.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "pnnlmiscscripts.smartctl-exporter.fullname" . }} + labels: + app: {{ template "pnnlmiscscripts.smartctl-exporter.name" . }} + chart: {{ template "pnnlmiscscripts.smartctl-exporter.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +{{- end }} diff --git a/charts/charts/smartctl-exporter/templates/servicemonitor.yaml b/charts/charts/smartctl-exporter/templates/servicemonitor.yaml new file mode 100644 index 0000000..846051c --- /dev/null +++ b/charts/charts/smartctl-exporter/templates/servicemonitor.yaml @@ -0,0 +1,31 @@ +{{- if .Values.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "pnnlmiscscripts.smartctl-exporter.fullname" . }} + labels: + app: {{ template "pnnlmiscscripts.smartctl-exporter.name" . }} + chart: {{ template "pnnlmiscscripts.smartctl-exporter.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +{{- if ne (len .Values.serviceMonitor.extraLabels) 0 }} +{{ toYaml .Values.serviceMonitor.extraLabels | indent 4 }} +{{- end }} +{{- if hasKey .Values.serviceMonitor "namespace" }} + namespace: {{ .Values.serviceMonitor.namespace }} +{{- end }} +spec: + endpoints: + - interval: 60s + path: /metrics + port: http + scheme: http + scrapeTimeout: 30s + namespaceSelector: + matchNames: + - {{ .Release.Namespace }} + selector: + matchLabels: + app: {{ template "pnnlmiscscripts.smartctl-exporter.name" . }} + release: {{ .Release.Name }} +{{- end }} diff --git a/charts/charts/smartctl-exporter/values.yaml b/charts/charts/smartctl-exporter/values.yaml new file mode 100644 index 0000000..0e21deb --- /dev/null +++ b/charts/charts/smartctl-exporter/values.yaml @@ -0,0 +1,67 @@ +config: + devices: + - /dev/sda + +extraInstances: [] +#- config: +# devices: +# - /dev/nvme0n1 +# nodeSelector: +# type: other + +common: + config: + bind_to: "0.0.0.0:9633" + url_path: "/metrics" + smartctl_location: /usr/sbin/smartctl + collect_not_more_than_period: 120s + +serviceMonitor: + enabled: false + # Specify namespace to load the monitor if not in the same namespace + # namespace: prometheus-operator + # Add Extra labels if needed. Prometeus operator may need them to find it. + extraLabels: {} + # release: prometheus-operator + +prometheusRules: + enabled: false + # Specify namespace to load the monitor if not in the same namespace + # namespace: prometheus-operator + # Add Extra labels if needed. Prometeus operator may need them to find it. + extraLabels: {} + # release: prometheus-operator + +image: + pullPolicy: IfNotPresent + +rbac: + create: true + podSecurityPolicy: unrestricted-psp + +resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + +nodeSelector: {} + +tolerations: +- key: CriticalAddonsOnly + operator: Exists +- operator: Exists +- effect: NoSchedule + key: node-role.kubernetes.io/master + +affinity: {} + +service: + type: ClusterIP + port: 80 diff --git a/charts/charts/tenant-namespace-operator/.helmignore b/charts/charts/tenant-namespace-operator/.helmignore new file mode 100644 index 0000000..50af031 --- /dev/null +++ b/charts/charts/tenant-namespace-operator/.helmignore @@ -0,0 +1,22 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/charts/charts/tenant-namespace-operator/Chart.yaml b/charts/charts/tenant-namespace-operator/Chart.yaml new file mode 100644 index 0000000..e77da39 --- /dev/null +++ b/charts/charts/tenant-namespace-operator/Chart.yaml @@ -0,0 +1,21 @@ +apiVersion: v2 +name: tenant-namespace-operator +description: A Helm chart for Kubernetes + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +version: 0.1.19 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. +appVersion: 0.1.16-1 diff --git a/charts/charts/tenant-namespace-operator/README.md b/charts/charts/tenant-namespace-operator/README.md new file mode 100644 index 0000000..4c0e2e8 --- /dev/null +++ b/charts/charts/tenant-namespace-operator/README.md @@ -0,0 +1,61 @@ +# tenant-namespace-operator + +The tenant-namespace-operator chart launches an instance of the tenant-namespace-operator allowing you to quickly deploy tenant-namespaces in a Kubernetes native way. + + +## Install Chart + +Apply the CRD's if not already done so: +```bash +kubectl apply -f https://raw.githubusercontent.com/pnnl-miscscripts/miscscripts/master/containers/tenant-namespace-operator/config/crd/bases/miscscripts.pnnl.gov_tenantnamespaceflavors.yaml +kubectl apply -f https://raw.githubusercontent.com/pnnl-miscscripts/miscscripts/master/containers/tenant-namespace-operator/config/crd/bases/miscscripts.pnnl.gov_tenantnamespaces.yaml +``` + +To install the Chart into your Kubernetes cluster (Helm 3 only) : + +```bash +kubectl create namespace tenant-namespace-operator +helm upgrade --install tenant-namespace-operator --namespace "tenant-namespace-operator" pnnl-miscscripts/tenant-namespace-operator +``` + +After installation succeeds, you can get a status of Chart + +```bash +helm status "tenant-namespace-operator" --namespace "tenant-namespace-operator" +``` + +If you want to delete your Chart, use this command: + +```bash +helm delete "tenant-namespace-operator" +``` + +### Usage +You can create a cluster wide tenantnamespace flavor like: +```yaml +apiVersion: miscscripts.pnnl.gov/v1beta1 +kind: TenantNamespaceFlavor +metadata: + name: example +spec: {} +``` + +To deploy a tenant namespace named example, you may do so like: +```yaml +apiVersion: miscscripts.pnnl.gov/v1beta1 +kind: TenantNamespace +metadata: + name: example +spec: + flavorRef: + name: example + kind: TenantNamespaceFlavor + group: miscscripts.pnnl.gov +``` + +When a flavorRef is specified, settings in the flavor are added to the TenantNamespace. The TenantNamespace config overrides the flavor config. + +The content of the spec in both TenantNamespaceFlavor and TenantNamespace are values as specified here: +``` +https://gitlab.com/gitlab-org/charts/tenant-namespace/blob/master/values.yaml +``` diff --git a/charts/charts/tenant-namespace-operator/templates/_helpers.tpl b/charts/charts/tenant-namespace-operator/templates/_helpers.tpl new file mode 100644 index 0000000..7028968 --- /dev/null +++ b/charts/charts/tenant-namespace-operator/templates/_helpers.tpl @@ -0,0 +1,63 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "tenant-namespace-operator.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "tenant-namespace-operator.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "tenant-namespace-operator.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Common labels +*/}} +{{- define "tenant-namespace-operator.labels" -}} +helm.sh/chart: {{ include "tenant-namespace-operator.chart" . }} +{{ include "tenant-namespace-operator.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end -}} + +{{/* +Selector labels +*/}} +{{- define "tenant-namespace-operator.selectorLabels" -}} +app.kubernetes.io/name: {{ include "tenant-namespace-operator.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end -}} + +{{/* +Create the name of the service account to use +*/}} +{{- define "tenant-namespace-operator.serviceAccountName" -}} +{{- if .Values.serviceAccount.create -}} + {{ default (include "tenant-namespace-operator.fullname" .) .Values.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.serviceAccount.name }} +{{- end -}} +{{- end -}} diff --git a/charts/charts/tenant-namespace-operator/templates/clusterrole.yaml b/charts/charts/tenant-namespace-operator/templates/clusterrole.yaml new file mode 100644 index 0000000..a2dc509 --- /dev/null +++ b/charts/charts/tenant-namespace-operator/templates/clusterrole.yaml @@ -0,0 +1,59 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "tenant-namespace-operator.fullname" . }}-fl + labels: +{{ include "tenant-namespace-operator.labels" . | nindent 4 }} +rules: +- apiGroups: + - miscscripts.pnnl.gov + resources: + - tenantnamespaceflavors + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - namespaces + - resourcequotas + - limitranges + verbs: + - "*" +- apiGroups: + - rbac.authorization.k8s.io + resources: + - rolebindings + - clusterroles + - clusterrolebindings + verbs: + - "*" +- apiGroups: + - networking.k8s.io + resources: + - networkpolicies + verbs: + - "*" +- apiGroups: + - extensions + - "networking.k8s.io" # k8s 1.14+ + resources: + - ingresses/status + verbs: + - update +- apiGroups: + - networking.k8s.io + resources: + - ingressclasses + verbs: + - get + - list + - watch +- apiGroups: + - operators.coreos.com + resources: + - operatorgroups + - subscriptions + verbs: + - "*" diff --git a/charts/charts/tenant-namespace-operator/templates/clusterrolebinding.yaml b/charts/charts/tenant-namespace-operator/templates/clusterrolebinding.yaml new file mode 100644 index 0000000..8d3e982 --- /dev/null +++ b/charts/charts/tenant-namespace-operator/templates/clusterrolebinding.yaml @@ -0,0 +1,32 @@ +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ include "tenant-namespace-operator.fullname" . }}-fl + labels: +{{ include "tenant-namespace-operator.labels" . | nindent 4 }} +subjects: +- kind: ServiceAccount + name: {{ include "tenant-namespace-operator.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} +roleRef: + kind: ClusterRole + name: {{ include "tenant-namespace-operator.fullname" . }}-fl + apiGroup: rbac.authorization.k8s.io + +--- +#This is needed so that it can give out admin access to things it creates +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ include "tenant-namespace-operator.fullname" . }}-adm + labels: +{{ include "tenant-namespace-operator.labels" . | nindent 4 }} +subjects: +- kind: ServiceAccount + name: {{ include "tenant-namespace-operator.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} +roleRef: + kind: ClusterRole + name: admin + apiGroup: rbac.authorization.k8s.io diff --git a/charts/charts/tenant-namespace-operator/templates/deployment.yaml b/charts/charts/tenant-namespace-operator/templates/deployment.yaml new file mode 100644 index 0000000..fd45255 --- /dev/null +++ b/charts/charts/tenant-namespace-operator/templates/deployment.yaml @@ -0,0 +1,85 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "tenant-namespace-operator.fullname" . }} + labels: + {{- include "tenant-namespace-operator.labels" . | nindent 4 }} +spec: + replicas: {{ .Values.replicaCount }} + selector: + matchLabels: + {{- include "tenant-namespace-operator.selectorLabels" . | nindent 6 }} + template: + metadata: + labels: + {{- include "tenant-namespace-operator.selectorLabels" . | nindent 8 }} + spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "tenant-namespace-operator.serviceAccountName" . }} + securityContext: + {{- toYaml .Values.podSecurityContext | nindent 8 }} + containers: + - name: {{ include "tenant-namespace-operator.fullname" . }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + volumeMounts: + - mountPath: /tmp/ansible-operator/runner + name: runner + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + resources: + {{- toYaml .Values.resources | nindent 12 }} + livenessProbe: + httpGet: + path: /healthz + port: 6789 + initialDelaySeconds: 15 + periodSeconds: 20 + readinessProbe: + httpGet: + path: /readyz + port: 6789 + initialDelaySeconds: 5 + periodSeconds: 10 + args: + - "--leader-elect" + - "--leader-election-id=tenant-namespace-operator" + env: + - name: ANSIBLE_GATHERING + value: explicit + - name: WATCH_NAMESPACE +{{- if eq .Values.mode "cluster" }} + value: "" +{{- else if ne .Values.mode "cluster" }} + valueFrom: + fieldRef: + fieldPath: metadata.namespace +{{- end }} + - name: SERVICE_ACCOUNT_NAME + value: {{ include "tenant-namespace-operator.serviceAccountName" . }} + - name: NAMESPACE + value: {{ .Release.Namespace }} +{{- if .Values.dryrun }} + - name: DRYRUN + value: "yes" +{{- end }} + - name: INGRESS_CLUSTERROLE + value: {{ include "tenant-namespace-operator.fullname" . }}-ic + volumes: + - name: runner + emptyDir: {} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/charts/charts/tenant-namespace-operator/templates/flavor-clusterrole.yaml b/charts/charts/tenant-namespace-operator/templates/flavor-clusterrole.yaml new file mode 100644 index 0000000..714b98e --- /dev/null +++ b/charts/charts/tenant-namespace-operator/templates/flavor-clusterrole.yaml @@ -0,0 +1,18 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: tenantnamespaceflavors-edit +rules: +- apiGroups: + - miscscripts.pnnl.gov + resources: + - tenantnamespaceflavors + verbs: + - get + - list + - watch + - create + - update + - patch + - delete diff --git a/charts/charts/tenant-namespace-operator/templates/ic-clusterrole.yaml b/charts/charts/tenant-namespace-operator/templates/ic-clusterrole.yaml new file mode 100644 index 0000000..e280d0b --- /dev/null +++ b/charts/charts/tenant-namespace-operator/templates/ic-clusterrole.yaml @@ -0,0 +1,15 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "tenant-namespace-operator.fullname" . }}-ic + labels: +{{ include "tenant-namespace-operator.labels" . | nindent 4 }} +rules: + - apiGroups: + - networking.k8s.io + resources: + - ingressclasses + verbs: + - get + - list + - watch diff --git a/charts/charts/tenant-namespace-operator/templates/ingressclass.yaml b/charts/charts/tenant-namespace-operator/templates/ingressclass.yaml new file mode 100644 index 0000000..44458c3 --- /dev/null +++ b/charts/charts/tenant-namespace-operator/templates/ingressclass.yaml @@ -0,0 +1,10 @@ +{{- if .Values.ingressClass.enabled }} +apiVersion: networking.k8s.io/v1 +kind: IngressClass +metadata: + name: {{ .Values.ingressClass.name }} + labels: + {{- include "tenant-namespace-operator.labels" . | nindent 4 }} +spec: + controller: k8s.io/ingress-nginx +{{- end }} diff --git a/charts/charts/tenant-namespace-operator/templates/leader-election-role-binding.yaml b/charts/charts/tenant-namespace-operator/templates/leader-election-role-binding.yaml new file mode 100644 index 0000000..a5406b6 --- /dev/null +++ b/charts/charts/tenant-namespace-operator/templates/leader-election-role-binding.yaml @@ -0,0 +1,15 @@ +--- +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ include "tenant-namespace-operator.fullname" . }}-le + labels: +{{ include "tenant-namespace-operator.labels" . | nindent 4 }} +subjects: +- kind: ServiceAccount + name: {{ include "tenant-namespace-operator.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} +roleRef: + kind: Role + name: {{ include "tenant-namespace-operator.fullname" . }}-le + apiGroup: rbac.authorization.k8s.io diff --git a/charts/charts/tenant-namespace-operator/templates/leader-election-role.yaml b/charts/charts/tenant-namespace-operator/templates/leader-election-role.yaml new file mode 100644 index 0000000..f7fa8dd --- /dev/null +++ b/charts/charts/tenant-namespace-operator/templates/leader-election-role.yaml @@ -0,0 +1,20 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ include "tenant-namespace-operator.fullname" . }}-le + labels: +{{ include "tenant-namespace-operator.labels" . | nindent 4 }} +rules: +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete diff --git a/charts/charts/tenant-namespace-operator/templates/role.yaml b/charts/charts/tenant-namespace-operator/templates/role.yaml new file mode 100644 index 0000000..c32fb7c --- /dev/null +++ b/charts/charts/tenant-namespace-operator/templates/role.yaml @@ -0,0 +1,100 @@ +apiVersion: rbac.authorization.k8s.io/v1 +{{- if eq .Values.mode "cluster" }} +kind: ClusterRole +{{- else if eq .Values.mode "cluster" }} +kind: Role +{{- end }} +metadata: + name: {{ include "tenant-namespace-operator.fullname" . }} + labels: +{{ include "tenant-namespace-operator.labels" . | nindent 4 }} +rules: +- apiGroups: + - "" + resources: + - pods + - services + - services/finalizers + - endpoints + - events + - configmaps + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - apps + resources: + - deployments + - replicasets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +# needed for ingress leader election pre 1.24 +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - monitoring.coreos.com + resources: + - servicemonitors + - prometheusrules + verbs: + - get + - create + - list + - delete + - patch + - update + - watch +- apiGroups: + - apps + resourceNames: + - tenant-namespace-operator + resources: + - deployments/finalizers + verbs: + - update +- apiGroups: + - "" + resources: + - pods + verbs: + - get +- apiGroups: + - apps + resources: + - replicasets + - deployments + verbs: + - get +- apiGroups: + - miscscripts.pnnl.gov + resources: + - '*' + verbs: + - create + - delete + - get + - list + - patch + - update + - watch diff --git a/charts/charts/tenant-namespace-operator/templates/rolebinding.yaml b/charts/charts/tenant-namespace-operator/templates/rolebinding.yaml new file mode 100644 index 0000000..7abfe2d --- /dev/null +++ b/charts/charts/tenant-namespace-operator/templates/rolebinding.yaml @@ -0,0 +1,24 @@ +apiVersion: rbac.authorization.k8s.io/v1 +{{- if eq .Values.mode "cluster" }} +kind: ClusterRoleBinding +{{- else if eq .Values.mode "cluster" }} +kind: RoleBinding +{{- end }} +metadata: + name: {{ include "tenant-namespace-operator.fullname" . }} + labels: +{{ include "tenant-namespace-operator.labels" . | nindent 4 }} +subjects: +- kind: ServiceAccount + name: {{ include "tenant-namespace-operator.serviceAccountName" . }} +{{- if eq .Values.mode "cluster" }} + namespace: {{ .Release.Namespace }} +{{- end }} +roleRef: +{{- if eq .Values.mode "cluster" }} + kind: ClusterRole +{{- else if eq .Values.mode "cluster" }} + kind: Role +{{- end}} + name: {{ include "tenant-namespace-operator.fullname" . }} + apiGroup: rbac.authorization.k8s.io diff --git a/charts/charts/tenant-namespace-operator/templates/runner-clusterrole.yaml b/charts/charts/tenant-namespace-operator/templates/runner-clusterrole.yaml new file mode 100644 index 0000000..761ad3e --- /dev/null +++ b/charts/charts/tenant-namespace-operator/templates/runner-clusterrole.yaml @@ -0,0 +1,23 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: tenantnamespace-edit + labels: +{{- if .Values.rbac.aggregate }} + # Add these permissions to the "admin" and "edit" default roles. + rbac.authorization.k8s.io/aggregate-to-admin: "true" + rbac.authorization.k8s.io/aggregate-to-edit: "true" +{{- end }} +rules: +- apiGroups: + - miscscripts.pnnl.gov + resources: + - tenantnamespaces + verbs: + - get + - list + - watch + - create + - update + - patch + - delete diff --git a/charts/charts/tenant-namespace-operator/templates/serviceaccount.yaml b/charts/charts/tenant-namespace-operator/templates/serviceaccount.yaml new file mode 100644 index 0000000..b4785f6 --- /dev/null +++ b/charts/charts/tenant-namespace-operator/templates/serviceaccount.yaml @@ -0,0 +1,8 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "tenant-namespace-operator.serviceAccountName" . }} + labels: +{{ include "tenant-namespace-operator.labels" . | nindent 4 }} +{{- end -}} diff --git a/charts/charts/tenant-namespace-operator/values.yaml b/charts/charts/tenant-namespace-operator/values.yaml new file mode 100644 index 0000000..e236cf7 --- /dev/null +++ b/charts/charts/tenant-namespace-operator/values.yaml @@ -0,0 +1,77 @@ +# Default values for tenant-namespace-operator. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +mode: cluster # or namespaced. Note, only cluster is currently been tested. + +rbac: + # Allow admin/edit roles to create runners without extra bindings. + aggregate: false + +replicaCount: 1 + +# Set if the operator will only dryrun actions +dryrun: false + +image: + repository: pnnlmiscscripts/tenant-namespace-operator + pullPolicy: IfNotPresent + +imagePullSecrets: [] +nameOverride: "" +fullnameOverride: "" + +serviceAccount: + # Specifies whether a service account should be created + create: true + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: + +podSecurityContext: + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + # fsGroup: 2000 + +securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + # readOnlyRootFilesystem: true + # runAsUser: 1000 + +resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + +nodeSelector: {} + +tolerations: [] + +affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: kubernetes.io/arch + operator: In + values: + - amd64 + - key: kubernetes.io/os + operator: In + values: + - linux + +ingressClass: + enabled: true + name: public diff --git a/charts/charts/tenant-namespace/Chart.yaml b/charts/charts/tenant-namespace/Chart.yaml new file mode 100644 index 0000000..fea5ea7 --- /dev/null +++ b/charts/charts/tenant-namespace/Chart.yaml @@ -0,0 +1,21 @@ +apiVersion: v2 +type: application +description: Chart for setting up a tenants namespace with all the goodies +name: tenant-namespace +version: 0.7.12 +appVersion: "1.0" +dependencies: +- name: magic-namespace + alias: adminmagicnamespace + version: "0.5.4" + repository: "https://pnnl-miscscripts.github.io/charts" + condition: adminmagicnamespace.enabled +- name: magic-namespace + alias: magicnamespace + version: "0.5.4" + repository: "https://pnnl-miscscripts.github.io/charts" +- name: ingress-nginx + alias: ingress + version: "4.2.3" + repository: "https://kubernetes.github.io/ingress-nginx" + condition: ingress.nginx.enabled diff --git a/charts/charts/tenant-namespace/README.md b/charts/charts/tenant-namespace/README.md new file mode 100644 index 0000000..f274e91 --- /dev/null +++ b/charts/charts/tenant-namespace/README.md @@ -0,0 +1,21 @@ +tenant-namespace is a chart that lets you quickly provision a namespace for a +tenant + +TL;DR; + +First, put whatever cluster specific default values into +mycluster-tenant-namespace-values.yaml + +```console +read -p 'Enter Tenant name: ' tenant +helm install namespace --name $tenant --namespace ${tenant}-admin \ + -f mycluster-tenant-namespace-values.yaml \ + --set magicnamespace.namespace=$tenant \ + --set ingress.controller.scope.namespace=$tenant +``` + +To get the ci secret to put into your ci system, you can do something like: +```console +kubectl get secret -n $tenant $(kubectl get serviceaccount -n $tenant ci -o go-template='{{ (index .secrets 0).name }}') -o go-template='{{ .data.token | base64decode }}{{ printf "\n" }}' +``` + diff --git a/charts/charts/tenant-namespace/templates/NOTES.txt b/charts/charts/tenant-namespace/templates/NOTES.txt new file mode 100644 index 0000000..fab3c30 --- /dev/null +++ b/charts/charts/tenant-namespace/templates/NOTES.txt @@ -0,0 +1,27 @@ +{{ $nks := lookup "v1" "Namespace" "" "kube-system" }} +{{ if gt (len $nks) 0 }} +{{ if $nks.metadata.labels }} +{{ if not (index $nks.metadata.labels "kubernetes.io/metadata.name") }} +{{ fail "You must first run: kubectl label namespace kube-system kubernetes.io/metadata.name=kube-system"}} +{{ end }} +{{ end }} +{{ end }} + +{{ $nks := lookup "v1" "Namespace" "" .Values.magicnamespace.namespace }} +{{ if gt (len $nks) 0 }} +{{ if $nks.metadata.labels }} +{{ if not (index $nks.metadata.labels "kubernetes.io/metadata.name") }} +{{ fail (printf "You must first run: kubectl label namespace %s kubernetes.io/metadata.name=%s" .Values.magicnamespace.namespace .Values.magicnamespace.namespace) }} +{{ end }} +{{ end }} +{{ end }} + +{{ if not .Values.ingress.clusterRole }} +You need to ensure there is a ClusterRoleBinding that lets ingress-nginx read ingress classes globally bound to: +``` +subjects: +- kind: ServiceAccount + name: {{ .Release.Name }}-ingress + namespace: {{ .Release.Namespace }} +``` +{{ end }} diff --git a/charts/charts/tenant-namespace/templates/_helpers.tpl b/charts/charts/tenant-namespace/templates/_helpers.tpl new file mode 100644 index 0000000..b926275 --- /dev/null +++ b/charts/charts/tenant-namespace/templates/_helpers.tpl @@ -0,0 +1,52 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "namespace.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "namespace.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "namespace.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "namespace.labels" -}} +helm.sh/chart: {{ include "namespace.chart" . }} +{{ include "namespace.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "namespace.selectorLabels" -}} +app.kubernetes.io/name: {{ include "namespace.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} diff --git a/charts/charts/tenant-namespace/templates/certificate.yaml b/charts/charts/tenant-namespace/templates/certificate.yaml new file mode 100644 index 0000000..be4430d --- /dev/null +++ b/charts/charts/tenant-namespace/templates/certificate.yaml @@ -0,0 +1,18 @@ +{{- if .Values.letsencrypt.enabled }} +{{- $name := .Values.magicnamespace.namespace }} +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: default-tls + namespace: {{ .Release.Namespace }} + labels: + {{- include "namespace.labels" . | nindent 4 }} +spec: + secretName: default-tls + dnsNames: + - {{ $name }}.{{ .Values.subdomain }} + - "*.{{ $name }}.{{ .Values.subdomain }}" + issuerRef: + name: letsencrypt-production + kind: Issuer +{{- end }} diff --git a/charts/charts/tenant-namespace/templates/gitlabrunner.yaml b/charts/charts/tenant-namespace/templates/gitlabrunner.yaml new file mode 100644 index 0000000..58723f9 --- /dev/null +++ b/charts/charts/tenant-namespace/templates/gitlabrunner.yaml @@ -0,0 +1,11 @@ +{{- if .Values.gitlabRunner.enabled }} +apiVersion: miscscripts.pnnl.gov/v1beta1 +kind: GitlabRunner +metadata: + name: {{ .Values.gitlabRunner.name }} + namespace: {{ .Values.magicnamespace.namespace }} + labels: + {{- include "namespace.labels" . | nindent 4 }} +spec: +{{ toYaml .Values.gitlabRunner.spec | indent 2 }} +{{- end }} diff --git a/charts/charts/tenant-namespace/templates/ingress-nginx-clusterrolebinding.yaml b/charts/charts/tenant-namespace/templates/ingress-nginx-clusterrolebinding.yaml new file mode 100644 index 0000000..2aa6430 --- /dev/null +++ b/charts/charts/tenant-namespace/templates/ingress-nginx-clusterrolebinding.yaml @@ -0,0 +1,16 @@ +{{ if .Values.ingress.nginx.clusterRole }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: pmstn-{{ .Values.magicnamespace.namespace }}-ic + labels: + {{- include "namespace.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ .Values.ingress.nginx.clusterRole }} +subjects: +- kind: ServiceAccount + name: {{ .Release.Name }}-ingress + namespace: {{ .Release.Namespace | quote }} +{{ end }} diff --git a/charts/charts/tenant-namespace/templates/issuer.yaml b/charts/charts/tenant-namespace/templates/issuer.yaml new file mode 100644 index 0000000..b4af516 --- /dev/null +++ b/charts/charts/tenant-namespace/templates/issuer.yaml @@ -0,0 +1,19 @@ +{{- if .Values.letsencrypt.enabled }} +apiVersion: cert-manager.io/v1 +kind: Issuer +metadata: + name: letsencrypt-production + namespace: {{ .Release.Namespace }} + labels: + {{- include "namespace.labels" . | nindent 4 }} +spec: + acme: + server: https://acme-v02.api.letsencrypt.org/directory + email: {{ .Values.contact }} + + privateKeySecretRef: + name: letsencrypt-production + + solvers: +{{ toYaml .Values.letsencrypt.solvers | indent 6 }} +{{- end }} diff --git a/charts/charts/tenant-namespace/templates/limitrange.yaml b/charts/charts/tenant-namespace/templates/limitrange.yaml new file mode 100644 index 0000000..d2bb48d --- /dev/null +++ b/charts/charts/tenant-namespace/templates/limitrange.yaml @@ -0,0 +1,12 @@ +{{- if .Values.limitRange.enabled }} +apiVersion: v1 +kind: LimitRange +metadata: + name: {{ .Release.Name }} + namespace: {{ .Values.magicnamespace.namespace }} + labels: + {{- include "namespace.labels" . | nindent 4 }} +spec: + limits: +{{ toYaml .Values.limitRange.limits | indent 4 }} +{{- end }} diff --git a/charts/charts/tenant-namespace/templates/nginx-ingress-role.yaml b/charts/charts/tenant-namespace/templates/nginx-ingress-role.yaml new file mode 100644 index 0000000..53ee6a1 --- /dev/null +++ b/charts/charts/tenant-namespace/templates/nginx-ingress-role.yaml @@ -0,0 +1,64 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ template "namespace.fullname" . }} + namespace: {{ .Values.magicnamespace.namespace }} + labels: + {{- include "namespace.labels" . | nindent 4 }} +rules: +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get +- apiGroups: + - "" + resources: + - configmaps + - pods + - secrets + - endpoints + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - services + verbs: + - get + - list + - watch +- apiGroups: + - extensions + - "networking.k8s.io" # k8s 1.14+ + resources: + - ingresses + verbs: + - get + - list + - watch +- apiGroups: + - extensions + - "networking.k8s.io" # k8s 1.14+ + resources: + - ingresses/status + verbs: + - update +- apiGroups: + - "networking.k8s.io" # k8s 1.14+ + resources: + - ingressclasses + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch diff --git a/charts/charts/tenant-namespace/templates/nginx-ingress-rolebinding.yaml b/charts/charts/tenant-namespace/templates/nginx-ingress-rolebinding.yaml new file mode 100644 index 0000000..a353bc7 --- /dev/null +++ b/charts/charts/tenant-namespace/templates/nginx-ingress-rolebinding.yaml @@ -0,0 +1,15 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ template "namespace.fullname" . }} + namespace: {{ .Values.magicnamespace.namespace }} + labels: + {{- include "namespace.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ template "namespace.fullname" . }} +subjects: +- kind: ServiceAccount + name: {{ .Release.Name }}-ingress + namespace: {{ .Release.Namespace | quote }} diff --git a/charts/charts/tenant-namespace/templates/operatorgroup.yaml b/charts/charts/tenant-namespace/templates/operatorgroup.yaml new file mode 100644 index 0000000..6cb01a2 --- /dev/null +++ b/charts/charts/tenant-namespace/templates/operatorgroup.yaml @@ -0,0 +1,12 @@ +{{- if .Values.operatorGroup.enabled }} +apiVersion: operators.coreos.com/v1 +kind: OperatorGroup +metadata: + name: {{ .Values.magicnamespace.namespace }} + namespace: {{ .Values.magicnamespace.namespace }} + labels: + {{- include "namespace.labels" . | nindent 4 }} +spec: + targetNamespaces: + - {{ .Values.magicnamespace.namespace }} +{{- end }} diff --git a/charts/charts/tenant-namespace/templates/rbac-admin-group-rolebinding.yaml b/charts/charts/tenant-namespace/templates/rbac-admin-group-rolebinding.yaml new file mode 100644 index 0000000..40a7089 --- /dev/null +++ b/charts/charts/tenant-namespace/templates/rbac-admin-group-rolebinding.yaml @@ -0,0 +1,14 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: rbac-admin-group + namespace: {{ .Values.magicnamespace.namespace }} + labels: + {{- include "namespace.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: admin +subjects: +- kind: Group + name: {{ .Values.roleBindings.groupPrefix }}{{ .Values.magicnamespace.namespace }}.admin diff --git a/charts/charts/tenant-namespace/templates/resourcequota.yaml b/charts/charts/tenant-namespace/templates/resourcequota.yaml new file mode 100644 index 0000000..a7e7f20 --- /dev/null +++ b/charts/charts/tenant-namespace/templates/resourcequota.yaml @@ -0,0 +1,19 @@ +{{- if .Values.quota.enabled }} +apiVersion: v1 +kind: ResourceQuota +metadata: + name: {{ .Release.Name }} + namespace: {{ .Values.magicnamespace.namespace }} + labels: + {{- include "namespace.labels" . | nindent 4 }} +spec: + hard: + pods: {{ .Values.quota.pods }} + requests.cpu: {{ .Values.quota.requests.cpu }} + requests.memory: {{ .Values.quota.requests.memory }} + limits.cpu: {{ .Values.quota.limits.cpu }} + limits.memory: {{ .Values.quota.limits.memory }} + {{- range $key, $val := .Values.quota.extraQuota }} + {{ $key }}: {{ $val | quote }} + {{- end }} +{{- end }} diff --git a/charts/charts/tenant-namespace/templates/simple-restricted-networkpolicy.yaml b/charts/charts/tenant-namespace/templates/simple-restricted-networkpolicy.yaml new file mode 100644 index 0000000..c2402ad --- /dev/null +++ b/charts/charts/tenant-namespace/templates/simple-restricted-networkpolicy.yaml @@ -0,0 +1,52 @@ +{{- if and .Values.networkPolicy.enabled (eq .Values.networkPolicy.type "simple-restricted") }} +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: default + namespace: {{ .Values.magicnamespace.namespace }} + labels: + {{- include "namespace.labels" . | nindent 4 }} +spec: + podSelector: {} + policyTypes: + - Ingress + - Egress + ingress: + - from: +# Allow non pod traffic +{{- range .Values.networkPolicy.ingress.ipBlocks }} + - ipBlock: +{{ toYaml . | indent 8 }} +{{- end }} +# Allow admin namespace to access this namespace + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: {{ .Release.Namespace }} + podSelector: {} +# Allow access to the kube-system namespace for service discovery + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: kube-system + podSelector: {} +# Allow this namespace to access itself + - podSelector: {} + egress: + - to: +# Allow non pod traffic +{{- range .Values.networkPolicy.ingress.ipBlocks }} + - ipBlock: +{{ toYaml . | indent 8 }} +{{- end }} +# Allow admin namespace to access this namespace + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: {{ .Release.Namespace }} + podSelector: {} +# Allow access to the kube-system namespace for service discovery + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: kube-system + podSelector: {} +# Allow this namespace to access itself + - podSelector: {} +{{- end }} diff --git a/charts/charts/tenant-namespace/values.yaml b/charts/charts/tenant-namespace/values.yaml new file mode 100644 index 0000000..cb1be2e --- /dev/null +++ b/charts/charts/tenant-namespace/values.yaml @@ -0,0 +1,123 @@ +contact: some@email.addr +subdomain: tenants.subdomain.addr # Tenant foo at foo.tenants.subdomain.addr + +adminmagicnamespace: + enabled: false + #namespace: project-admin + tiller: + image: + tag: v2.11.0 + role: + type: ClusterRole + name: admin + +#NOTE, letsencrypt support isn't fully baked yet. It works, but nginx-ingress +# cant use it yet, as nginx-ingress can't watch two namespaces at once. +letsencrypt: + enabled: false + solvers: [] #List of solvers in a cert-manager issuer + +# Provides tenant namespace isolation. Tested with Canal. At time of release +# Known not to work with Weave except for the unrelased trunk version. +networkPolicy: + enabled: true + type: simple-restricted + ingress: +# These are default settings for kubeadm with canal. + ipBlocks: + - cidr: 0.0.0.0/0 + except: + - 10.244.0.0/16 # Pod network + - 10.96.0.0/12 # Service network + egress: + ipBlocks: + - cidr: 0.0.0.0/0 + except: + - 10.244.0.0/16 # Pod network + - 10.96.0.0/12 # Service network + +magicnamespace: + namespace: project + tiller: + role: + type: ClusterRole + name: admin + resources: + limits: + cpu: 100m + memory: 128Mi + requests: + cpu: 100m + memory: 128Mi + serviceAccounts: +# Service account users can use to drive via ci. + - ci + roleBindings: + - name: ci-admin + role: + kind: ClusterRole + name: admin + subject: + kind: ServiceAccount + name: ci + +roleBindings: +# Used to manage rbac rules. User's group prefix to use for assigning +# permissions. Group foo.tenantname.admin is role bound to the admin +# role of the tenants namespace. + groupPrefix: foo. + +ingress: + nginx: + enabled: true + controller: + ingressClass: public + extraArgs: {} + ## default-ssl-certificate: "/" + scope: + enabled: true + namespace: "" + metrics: + enabled: true + publishService: + enabled: true + admissionWebhooks: + enabled: false + ingressClassResource: + enabled: false + rbac: + scope: true + +quota: + enabled: true + pods: 10 + limits: + cpu: 10 + memory: 8Gi + requests: + cpu: 5 + memory: 4Gi + extraQuota: {} +# requests.storage: 5Gi +# persistentvolumeclaims: 5 +# foobar.storageclass.storage.k8s.io/requests.storage: 5Gi +# foobar.storageclass.storage.k8s.io/persistentvolumeclaims: 5 + +limitRange: + enabled: true + limits: + - default: + cpu: 1000m + memory: 2Gi + defaultRequest: + cpu: 100m + memory: 256Mi + type: Container + +operatorGroup: + enabled: false + +gitlabRunner: + enabled: false + name: default + spec: {} diff --git a/charts/image-library-charts/Chart.yaml b/charts/image-library-charts/Chart.yaml new file mode 100644 index 0000000..f53d5df --- /dev/null +++ b/charts/image-library-charts/Chart.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +appVersion: "1.8.18-1" +description: A Helm chart for Kubernetes +name: +version: 1.0.0 diff --git a/charts/image-library-charts/build b/charts/image-library-charts/build new file mode 100755 index 0000000..ebeef88 --- /dev/null +++ b/charts/image-library-charts/build @@ -0,0 +1,107 @@ +#!/bin/bash -e + +RAWCONTAINER="$1" +SUBBUILD="$2" +if [ "x$SUBBUILD" == "x" -o "x$SUBBUILD" == "xlatest" ]; then + CONTAINER="$RAWCONTAINER" + SUBBUILD=latest +else + CONTAINER="$RAWCONTAINER-$(echo $SUBBUILD | tr '.' '-')" +fi + +if [ "x$REVISION" == "x" ]; then + echo REVISION is not set. + exit -1 +fi + +mkdir -p $(dirname "$0")/"$CONTAINER" + +pushd $(dirname "$0")/"$CONTAINER" + + +export DOCKER_TAG="$SUBBUILD" +export CPREFIX="pnnlmiscscripts" + +[ -f buildenv ] && . ../../../containers/"$RAWCONTAINER"/buildenv + +if [ "x$IMAGE_NAME" == "x" ]; then + export IMAGE_NAME="${DOCKER_REPO}:${DOCKER_TAG}" +fi + +SUBREPO="$RAWCONTAINER" +if [ "x$DOCKER_REPO" != "x" ]; then + SUBREPO=$(echo "$DOCKER_REPO" | sed "s@$CPREFIX/@@g") +fi + +cat > Chart.yaml < templates/_helpers.tpl < files/metadata.json < /dev/null +helm package "../../$CONTAINER" +popd diff --git a/charts/image-library-charts/buildall b/charts/image-library-charts/buildall new file mode 100755 index 0000000..66b1548 --- /dev/null +++ b/charts/image-library-charts/buildall @@ -0,0 +1,75 @@ +#!/bin/bash + +set -e + +#fetch helm in a way build can use... + +pushd $(dirname "$0") +[ ! -d image-library-charts ] && git clone https://github.com/pnnl-miscscripts/image-library-charts +[ ! -d hubbuildtools ] && git clone https://github.com/kfox1111/hubbuildtools + +if [ "x$TRAVIS" != "x" -o "x$GITHUB_ACTION" != "x" ]; then + curl https://raw.githubusercontent.com/helm/helm/master/scripts/get-helm-3 > get_helm.sh + chmod 700 get_helm.sh + ./get_helm.sh + helm repo add stable https://charts.helm.sh/stable +fi + +cd image-library-charts + +mkdir -p tags + +CHANGE=0 +for CONTAINER in ipmitool ipmi-exporter dhcpd inotify-tools chronyd debug-toolbox anaconda-nginx anaconda-nginx9 k8s-node-image-nginx k8s-node-image-nginx9 pixiecore smartctl-exporter; do + case "$CONTAINER" in + k8s-node-image-nginx) + SUBBUILDS="1.21 1.22 1.23 1.24" + ;; + k8s-node-image-nginx9) + SUBBUILDS="1.24 1.25 1.28" + ;; + *) + SUBBUILDS="latest" + ;; + esac + for SUBBUILD in $SUBBUILDS; do + unset DOCKER_REPO + export DOCKER_REPO=$( + [ -f ../../../containers/"$CONTAINER"/buildenv ] && . ../../../containers/"$CONTAINER"/buildenv + [ "x$DOCKER_REPO" != "x" ] && echo "$DOCKER_REPO" || \ + echo "pnnlmiscscripts/$CONTAINER" + ) + unset DOCKER_TAG + export DOCKER_TAG=$( + [ -f ../../../containers/"$CONTAINER"/buildenv ] && . ../../../containers/"$CONTAINER"/buildenv + [ "x$DOCKER_TAG" != "x" ] && echo "$DOCKER_TAG" || \ + echo "$SUBBUILD" + ) + export REVISION=$(../hubbuildtools/hubcurlrevision.sh "$DOCKER_REPO" "$DOCKER_TAG") + echo Revision: $REVISION + if [ "$REVISION" == "null" ]; then + echo BAD REVISION + exit 1 + fi + FOUND=0 + if [ -f "tags/$CONTAINER-$SUBBUILD" ]; then + if [ "x2 $REVISION" == "x$(cat tags/$CONTAINER-$SUBBUILD)" ]; then + FOUND=1 + echo $CONTAINER $SUBBUILD already built. + fi + fi + if [ $FOUND -eq 0 ]; then + CHANGE=1 + echo $CONTAINER building... + ../build "$CONTAINER" "$SUBBUILD" + echo "2 $REVISION" > "tags/$CONTAINER-$SUBBUILD" + fi + done +done +if [ $CHANGE -eq 1 ]; then + pushd docs + helm repo index . + popd + git add --all :/ && git commit -m "Update repo" + git push https://pnnlmiscscriptsci:"$GITHUB_LIBRARY_CHARTS_TOKEN"@github.com/pnnl-miscscripts/image-library-charts +fi diff --git a/containers/anaconda-nginx/Dockerfile b/containers/anaconda-nginx/Dockerfile new file mode 100644 index 0000000..1e6755f --- /dev/null +++ b/containers/anaconda-nginx/Dockerfile @@ -0,0 +1,5 @@ +FROM nginx:stable-alpine + +FROM pnnlmiscscripts/anaconda:latest +COPY --from=0 / / +RUN echo "server {autoindex off; server_name localhost; location ~ ^/$ {return 200;} location ~ ^.*/$ {return 404;} location / { root /data; default_type application/octet-stream; add_header Content-Disposition 'attachment'; types {}}}" > /etc/nginx/conf.d/default.conf diff --git a/containers/anaconda-nginx/buildenv b/containers/anaconda-nginx/buildenv new file mode 100644 index 0000000..7adaf3b --- /dev/null +++ b/containers/anaconda-nginx/buildenv @@ -0,0 +1,5 @@ +export AUTO_PREFIX=filecontent +export AUTO_PREFIX_FILE=/data/CentOS_BuildTag +export AUTO_PREFIX_FILTER='sed "s/$/-nginx/g"' +export DOCKER_REPO=pnnlmiscscripts/anaconda +export DOCKER_TAG=latest-nginx diff --git a/containers/anaconda-nginx9/Dockerfile b/containers/anaconda-nginx9/Dockerfile new file mode 100644 index 0000000..87bde30 --- /dev/null +++ b/containers/anaconda-nginx9/Dockerfile @@ -0,0 +1,5 @@ +FROM nginx:stable-alpine + +FROM pnnlmiscscripts/anaconda9:latest +COPY --from=0 / / +RUN echo "server {autoindex off; server_name localhost; location ~ ^/$ {return 200;} location ~ ^.*/$ {return 404;} location / { root /data; default_type application/octet-stream; add_header Content-Disposition 'attachment'; types {}}}" > /etc/nginx/conf.d/default.conf diff --git a/containers/anaconda-nginx9/buildenv b/containers/anaconda-nginx9/buildenv new file mode 100644 index 0000000..235f224 --- /dev/null +++ b/containers/anaconda-nginx9/buildenv @@ -0,0 +1,5 @@ +export AUTO_PREFIX=filecontent +export AUTO_PREFIX_FILE=/data/RockyLinux_BuildTag +export AUTO_PREFIX_FILTER='sed "s/$/-nginx/g"' +export DOCKER_REPO=pnnlmiscscripts/anaconda9 +export DOCKER_TAG=latest-nginx diff --git a/containers/anaconda/Dockerfile b/containers/anaconda/Dockerfile new file mode 100644 index 0000000..467c403 --- /dev/null +++ b/containers/anaconda/Dockerfile @@ -0,0 +1,13 @@ +FROM centos:centos7 +RUN \ + mkdir -p /data/LiveOS && \ + curl http://mirror.centos.org/centos-7/7/os/x86_64/CentOS_BuildTag -o /data/CentOS_BuildTag && \ + curl http://mirror.centos.org/centos-7/7/os/x86_64/images/pxeboot/initrd.img -o /data/initrd.img && \ + curl http://mirror.centos.org/centos-7/7/os/x86_64/images/pxeboot/vmlinuz -o /data/vmlinuz && \ + curl http://mirror.centos.org/centos-7/7/os/x86_64/.treeinfo -o /data/.treeinfo && \ + curl http://mirror.centos.org/centos-7/7/os/x86_64/LiveOS/squashfs.img -o /data/LiveOS/squashfs.img && \ + cat /data/CentOS_BuildTag > /.extrafingerprints + +FROM scratch +COPY --from=0 /data /data +COPY --from=0 /.extrafingerprints /.extrafingerprints diff --git a/containers/anaconda/buildenv b/containers/anaconda/buildenv new file mode 100644 index 0000000..669af48 --- /dev/null +++ b/containers/anaconda/buildenv @@ -0,0 +1,2 @@ +export AUTO_PREFIX=filecontent +export AUTO_PREFIX_FILE=/data/CentOS_BuildTag diff --git a/containers/anaconda9/Dockerfile b/containers/anaconda9/Dockerfile new file mode 100644 index 0000000..d2a60db --- /dev/null +++ b/containers/anaconda9/Dockerfile @@ -0,0 +1,17 @@ +FROM rockylinux:9 + +RUN \ + mkdir -p /data/images/pxeboot/ && \ + curl https://dl.rockylinux.org/pub/rocky/9/BaseOS/x86_64/os/.treeinfo > /data/.treeinfo && \ + curl https://dl.rockylinux.org/pub/rocky/9/BaseOS/x86_64/os/images/pxeboot/vmlinuz -o /data/images/pxeboot/vmlinuz && \ + curl https://dl.rockylinux.org/pub/rocky/9/BaseOS/x86_64/os/images/pxeboot/initrd.img -o /data/images/pxeboot/initrd.img && \ + curl https://dl.rockylinux.org/pub/rocky/9/BaseOS/x86_64/os/images/efiboot.img -o /data/images/efiboot.img && \ + curl https://dl.rockylinux.org/pub/rocky/9/BaseOS/x86_64/os/images/install.img -o /data/images/install.img && \ + curl http://dl.rockylinux.org/pub/rocky/9/BaseOS/x86_64/os/LICENSE -o /data/LICENSE && \ + sed -i 's/AppStream,BaseOS/BaseOS/' /data/.treeinfo && \ + curl -s http://download.rockylinux.org/pub/rocky/9/BaseOS/x86_64/os/media.repo | grep mediaid | awk -F= '{print $2}' > /data/RockyLinux_BuildTag && \ + cat /data/RockyLinux_BuildTag | tee /.extrafingerprints + +FROM scratch +COPY --from=0 /data /data +COPY --from=0 /.extrafingerprints /.extrafingerprints diff --git a/containers/anaconda9/buildenv b/containers/anaconda9/buildenv new file mode 100644 index 0000000..dda82a5 --- /dev/null +++ b/containers/anaconda9/buildenv @@ -0,0 +1,2 @@ +export AUTO_PREFIX=filecontent +export AUTO_PREFIX_FILE=/data/RockyLinux_BuildTag diff --git a/containers/build b/containers/build index adf4f21..0aff5fc 100755 --- a/containers/build +++ b/containers/build @@ -1,3 +1,67 @@ #!/bin/bash CONTAINER="$1" -docker build -t pnnl-miscscripts/$CONTAINER:latest $CONTAINER +[ "x$2" != "x" ] && export SUBBUILD="$2" +pushd $(dirname "$0")/"$CONTAINER" + +[ ! -d hubbuildtools ] && git clone https://github.com/kfox1111/hubbuildtools + +export DOCKER_REPO=pnnlmiscscripts/"$CONTAINER" +export DOCKER_TAG=latest + +[ -f buildenv ] && . buildenv + +function cleanup () { + if [ "x$CI" != "x" ]; then + docker rmi "$DOCKER_REPO:$REVISION" + docker rmi "$IMAGE_NAME" + docker image prune -f + fi +} + +if [ "x$IMAGE_NAME" == "x" ]; then + export IMAGE_NAME="${DOCKER_REPO}:${DOCKER_TAG}" +fi + +if [ "x$GPGSIGN" != "x" ]; then + [ ! -f rpm.pub ] && cp -a ../../rpm.pub . + [ ! -f rpmmacros ] && cp -a ../rpmmacros . + export GPGKEY=$(pwd)/../../rpm.priv +fi + +#Workaround https://github.com/moby/moby/issues/39120 +if [ "x$DOCKER_BUILDKIT" != "x" ]; then + sudo cat /etc/docker/daemon.json + echo '{"mtu": 1460}' | sudo dd of=/etc/docker/daemon.json + sudo systemctl restart docker + docker ps -a +fi + +hubbuildtools/hubhookhelpers/build +RES=$? + +if [ "x$GPGSIGN" != "x" ]; then +rm -f "$GPGKEY" || true +fi + +if [ $RES -eq 42 ]; then + echo Nothing changed. Skipping. + cleanup + exit 0 +fi +if [ $RES != 0 ]; then + echo Something went wrong. Failing. + exit $RES +fi + +REVISION=$(hubbuildtools/fetchlocalrevision.sh "$IMAGE_NAME") + +docker tag "$IMAGE_NAME" "$DOCKER_REPO:$REVISION" + +echo "$DOCKER_PASSWORD" | docker login -u "$DOCKER_USERNAME" --password-stdin + +docker push "$DOCKER_REPO:$REVISION" +docker push "$IMAGE_NAME" + +cleanup + +popd diff --git a/containers/chronyd/Dockerfile b/containers/chronyd/Dockerfile new file mode 100644 index 0000000..42eace4 --- /dev/null +++ b/containers/chronyd/Dockerfile @@ -0,0 +1,5 @@ +FROM alpine:3.9 + +RUN \ + apk add --no-cache --update chrony + diff --git a/containers/chronyd/buildenv b/containers/chronyd/buildenv new file mode 100644 index 0000000..a98defc --- /dev/null +++ b/containers/chronyd/buildenv @@ -0,0 +1,2 @@ +export AUTO_PREFIX=apk-version +export AUTO_PREFIX_PACKAGE=chrony diff --git a/containers/curl-jq/Dockerfile b/containers/curl-jq/Dockerfile new file mode 100644 index 0000000..cb789f1 --- /dev/null +++ b/containers/curl-jq/Dockerfile @@ -0,0 +1,7 @@ +FROM alpine:3.12 +MAINTAINER Kevin Fox + +RUN \ + apk add --no-cache --update curl jq bash + +ENTRYPOINT /bin/bash diff --git a/containers/curl-jq/buildenv b/containers/curl-jq/buildenv new file mode 100644 index 0000000..c77c6ad --- /dev/null +++ b/containers/curl-jq/buildenv @@ -0,0 +1,2 @@ +export AUTO_PREFIX=apk-version +export AUTO_PREFIX_PACKAGE=jq diff --git a/containers/debug-toolbox/Dockerfile b/containers/debug-toolbox/Dockerfile new file mode 100644 index 0000000..3018618 --- /dev/null +++ b/containers/debug-toolbox/Dockerfile @@ -0,0 +1,28 @@ +FROM alpine:3.19 + +RUN \ + apk add --no-cache \ + iputils \ + tcpdump \ + strace \ + iperf3 \ + bind-tools \ + git \ + ltrace \ + iptraf-ng \ + wget \ + curl \ + netcat-openbsd \ + openldap-clients \ + nmap \ + iftop \ + bash \ + iptables \ + conntrack-tools \ + procps \ + iotop \ + ipvsadm \ + openssl \ + nvme-cli \ + smartmontools \ + dmidecode diff --git a/containers/debug-toolbox/buildenv b/containers/debug-toolbox/buildenv new file mode 100644 index 0000000..80651d6 --- /dev/null +++ b/containers/debug-toolbox/buildenv @@ -0,0 +1 @@ +export PREFIX=1.0.0 diff --git a/containers/dhcpd/Dockerfile b/containers/dhcpd/Dockerfile new file mode 100644 index 0000000..cc1afc3 --- /dev/null +++ b/containers/dhcpd/Dockerfile @@ -0,0 +1,5 @@ +FROM alpine:3.9 +MAINTAINER Kevin Fox + +RUN \ + apk add --no-cache --update dhcp diff --git a/containers/dhcpd/buildenv b/containers/dhcpd/buildenv new file mode 100644 index 0000000..f44e6ee --- /dev/null +++ b/containers/dhcpd/buildenv @@ -0,0 +1,2 @@ +export AUTO_PREFIX=apk-version +export AUTO_PREFIX_PACKAGE=dhcp diff --git a/containers/git/Dockerfile b/containers/git/Dockerfile new file mode 100644 index 0000000..60e089a --- /dev/null +++ b/containers/git/Dockerfile @@ -0,0 +1,10 @@ +FROM alpine:3.13 +MAINTAINER Kevin Fox + +RUN \ + apk add --no-cache --update ca-certificates openssl git && \ + rm -f /etc/apk/repositories + +ENTRYPOINT ["git"] + +CMD ["--help"] diff --git a/containers/git/buildenv b/containers/git/buildenv new file mode 100644 index 0000000..e895712 --- /dev/null +++ b/containers/git/buildenv @@ -0,0 +1,2 @@ +export AUTO_PREFIX=apk-version +export AUTO_PREFIX_PACKAGE=git diff --git a/containers/gitlab-runner-operator/Dockerfile b/containers/gitlab-runner-operator/Dockerfile new file mode 100644 index 0000000..47e861c --- /dev/null +++ b/containers/gitlab-runner-operator/Dockerfile @@ -0,0 +1,37 @@ +FROM quay.io/operator-framework/ansible-operator:v0.16.0 + +USER 0 + +COPY volume.patch /volume.patch +COPY watches.yaml ${HOME}/watches.yaml +COPY requirements.yml ${HOME}/requirements.yml +COPY roles/ ${HOME}/roles/ + +RUN \ + set -e && \ + yum clean all && \ + yum install -y git patch && \ + yum clean all && \ + curl -o /helm.tar.gz https://get.helm.sh/helm-v3.2.4-linux-amd64.tar.gz && \ + tar -zxvf /helm.tar.gz && \ + mv /linux-amd64/helm /usr/bin/helm && \ + rm -f /helm.tar.gz && \ + ansible-galaxy collection install -r ${HOME}/requirements.yml && \ + chmod -R ug+rwx ${HOME}/.ansible && \ + helm plugin install https://github.com/databus23/helm-diff --version master && \ + helm repo add gitlab https://charts.gitlab.io && \ + helm repo update && \ + helm pull gitlab/gitlab-runner --untar && \ + cd gitlab-runner && \ + awk -F: '{if($1 == "version"){print $2}}' Chart.yaml | sed 's/ //g' && \ + echo Skipping volume.patch && \ + echo patch -p1 /volume.patch && \ + cd .. && \ + yum remove -y patch git && \ + cd ${HOME} && \ + find roles/ -type f -exec md5sum {} \; > /.extrafingerprints && \ + echo 0.1.4 >> /.extrafingerprints && \ + awk -F: '{if($1 == "version"){print $2}}' /gitlab-runner/Chart.yaml | sed 's/ //g' >> /.extrafingerprints && \ + md5sum watches.yaml >> /.extrafingerprints + +USER 1001 diff --git a/containers/gitlab-runner-operator/LICENSE b/containers/gitlab-runner-operator/LICENSE new file mode 100644 index 0000000..d645695 --- /dev/null +++ b/containers/gitlab-runner-operator/LICENSE @@ -0,0 +1,202 @@ + + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright [yyyy] [name of copyright owner] + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/containers/gitlab-runner-operator/buildenv b/containers/gitlab-runner-operator/buildenv new file mode 100644 index 0000000..295463b --- /dev/null +++ b/containers/gitlab-runner-operator/buildenv @@ -0,0 +1 @@ +export PREFIX=0.1.3 diff --git a/containers/gitlab-runner-operator/deploy/crds/miscscripts.pnnl.gov_clustergitlabrunnerflavors_crd.yaml b/containers/gitlab-runner-operator/deploy/crds/miscscripts.pnnl.gov_clustergitlabrunnerflavors_crd.yaml new file mode 100644 index 0000000..0eed10d --- /dev/null +++ b/containers/gitlab-runner-operator/deploy/crds/miscscripts.pnnl.gov_clustergitlabrunnerflavors_crd.yaml @@ -0,0 +1,45 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: clustergitlabrunnerflavors.miscscripts.pnnl.gov +spec: + group: miscscripts.pnnl.gov + names: + kind: ClusterGitlabRunnerFlavor + listKind: ClusterGitlabRunnerFlavorList + plural: clustergitlabrunnerflavors + singular: clustergitlabrunnerflavor + scope: Cluster + preserveUnknownFields: false + versions: + - name: v1beta1 + schema: + openAPIV3Schema: + description: ClusterGitlabRunnerFlavor is the Schema for the clustergitlabrunnerflavors API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec defines the desired state of ClusterGitlabRunnerFlavor + type: object + x-kubernetes-preserve-unknown-fields: true + status: + description: Status defines the observed state of ClusterGitlabRunnerFlavor + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true + subresources: + status: {} diff --git a/containers/gitlab-runner-operator/deploy/crds/miscscripts.pnnl.gov_gitlabrunners_crd.yaml b/containers/gitlab-runner-operator/deploy/crds/miscscripts.pnnl.gov_gitlabrunners_crd.yaml new file mode 100644 index 0000000..19321ff --- /dev/null +++ b/containers/gitlab-runner-operator/deploy/crds/miscscripts.pnnl.gov_gitlabrunners_crd.yaml @@ -0,0 +1,45 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: gitlabrunners.miscscripts.pnnl.gov +spec: + group: miscscripts.pnnl.gov + names: + kind: GitlabRunner + listKind: GitlabRunnerList + plural: gitlabrunners + singular: gitlabrunner + scope: Namespaced + preserveUnknownFields: false + versions: + - name: v1beta1 + schema: + openAPIV3Schema: + description: GitlabRunner is the Schema for the gitlabrunners API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec defines the desired state of GitlabRunner + type: object + x-kubernetes-preserve-unknown-fields: true + status: + description: Status defines the observed state of GitlabRunner + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true + subresources: + status: {} diff --git a/containers/gitlab-runner-operator/examples/miscscripts.pnnl.gov_v1beta1_clustergitlabrunnerflavor_cr.yaml b/containers/gitlab-runner-operator/examples/miscscripts.pnnl.gov_v1beta1_clustergitlabrunnerflavor_cr.yaml new file mode 100644 index 0000000..c8080db --- /dev/null +++ b/containers/gitlab-runner-operator/examples/miscscripts.pnnl.gov_v1beta1_clustergitlabrunnerflavor_cr.yaml @@ -0,0 +1,7 @@ +apiVersion: miscscripts.pnnl.gov/v1beta1 +kind: ClusterGitlabRunnerFlavor +metadata: + name: example +spec: + gitlabUrl: http://localhost:8080 + unregisterRunners: true diff --git a/containers/gitlab-runner-operator/examples/miscscripts.pnnl.gov_v1beta1_gitlabrunner_cr.yaml b/containers/gitlab-runner-operator/examples/miscscripts.pnnl.gov_v1beta1_gitlabrunner_cr.yaml new file mode 100644 index 0000000..023c4e1 --- /dev/null +++ b/containers/gitlab-runner-operator/examples/miscscripts.pnnl.gov_v1beta1_gitlabrunner_cr.yaml @@ -0,0 +1,12 @@ +apiVersion: miscscripts.pnnl.gov/v1beta1 +kind: GitlabRunner +metadata: + name: example +spec: + flavorRef: + name: example + kind: ClusterGitlabRunnerFlavor + group: miscscripts.pnnl.gov + runners: + tags: foo,bar + secret: example diff --git a/containers/gitlab-runner-operator/requirements.yml b/containers/gitlab-runner-operator/requirements.yml new file mode 100644 index 0000000..d2af8e2 --- /dev/null +++ b/containers/gitlab-runner-operator/requirements.yml @@ -0,0 +1,3 @@ +collections: + - community.kubernetes + - operator_sdk.util diff --git a/containers/gitlab-runner-operator/roles/gitlabrunner/README.md b/containers/gitlab-runner-operator/roles/gitlabrunner/README.md new file mode 100644 index 0000000..3ebede3 --- /dev/null +++ b/containers/gitlab-runner-operator/roles/gitlabrunner/README.md @@ -0,0 +1,38 @@ +Role Name +========= + +A brief description of the role goes here. + +Requirements +------------ + +Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required. + +Role Variables +-------------- + +A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well. + +Dependencies +------------ + +A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles. + +Example Playbook +---------------- + +Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too: + + - hosts: servers + roles: + - { role: username.rolename, x: 42 } + +License +------- + +Apache + +Author Information +------------------ + +An optional section for the role authors to include contact information, or a website (HTML is not allowed). diff --git a/containers/gitlab-runner-operator/roles/gitlabrunner/defaults/main.yml b/containers/gitlab-runner-operator/roles/gitlabrunner/defaults/main.yml new file mode 100644 index 0000000..a6feae0 --- /dev/null +++ b/containers/gitlab-runner-operator/roles/gitlabrunner/defaults/main.yml @@ -0,0 +1,2 @@ +--- +# defaults file for gitlabrunner diff --git a/containers/gitlab-runner-operator/roles/gitlabrunner/handlers/main.yml b/containers/gitlab-runner-operator/roles/gitlabrunner/handlers/main.yml new file mode 100644 index 0000000..b9adc54 --- /dev/null +++ b/containers/gitlab-runner-operator/roles/gitlabrunner/handlers/main.yml @@ -0,0 +1,2 @@ +--- +# handlers file for gitlabrunner diff --git a/containers/gitlab-runner-operator/roles/gitlabrunner/meta/main.yml b/containers/gitlab-runner-operator/roles/gitlabrunner/meta/main.yml new file mode 100644 index 0000000..6d87e5b --- /dev/null +++ b/containers/gitlab-runner-operator/roles/gitlabrunner/meta/main.yml @@ -0,0 +1,60 @@ +galaxy_info: + author: your name + description: your description + company: your company (optional) + + # If the issue tracker for your role is not on github, uncomment the + # next line and provide a value + # issue_tracker_url: http://example.com/issue/tracker + + # Some suggested licenses: + # - BSD (default) + # - MIT + # - GPLv2 + # - GPLv3 + # - Apache + # - CC-BY + license: license (GPLv2, CC-BY, etc) + + min_ansible_version: 2.6 + + # If this a Container Enabled role, provide the minimum Ansible Container version. + # min_ansible_container_version: + + # Optionally specify the branch Galaxy will use when accessing the GitHub + # repo for this role. During role install, if no tags are available, + # Galaxy will use this branch. During import Galaxy will access files on + # this branch. If Travis integration is configured, only notifications for this + # branch will be accepted. Otherwise, in all cases, the repo's default branch + # (usually master) will be used. + #github_branch: + + # + # Provide a list of supported platforms, and for each platform a list of versions. + # If you don't wish to enumerate all versions for a particular platform, use 'all'. + # To view available platforms and versions (or releases), visit: + # https://galaxy.ansible.com/api/v1/platforms/ + # + # platforms: + # - name: Fedora + # versions: + # - all + # - 25 + # - name: SomePlatform + # versions: + # - all + # - 1.0 + # - 7 + # - 99.99 + + galaxy_tags: [] + # List tags for your role here, one per line. A tag is a keyword that describes + # and categorizes the role. Users find roles by searching for tags. Be sure to + # remove the '[]' above, if you add tags to this list. + # + # NOTE: A tag is limited to a single word comprised of alphanumeric characters. + # Maximum 20 tags per role. + +dependencies: [] + # List your role dependencies here, one per line. Be sure to remove the '[]' above, + # if you add dependencies to this list. \ No newline at end of file diff --git a/containers/gitlab-runner-operator/roles/gitlabrunner/tasks/main.yml b/containers/gitlab-runner-operator/roles/gitlabrunner/tasks/main.yml new file mode 100644 index 0000000..0fb50f0 --- /dev/null +++ b/containers/gitlab-runner-operator/roles/gitlabrunner/tasks/main.yml @@ -0,0 +1,84 @@ +--- +# tasks file for gitlabrunner +- tempfile: + state: file + suffix: .yaml + register: temp_filename + +- block: + - name: Set initial defaults. They be overridden. + set_fact: + merged_values: {} + + - name: Load in Flavor values if referenced + block: + - name: Fetch referenced flavor + k8s_info: + api_version: miscscripts.pnnl.gov/v1beta1 + kind: ClusterGitlabRunnerFlavor + name: "{{ flavor_ref.name }}" + register: flavor + # Failures immediately trigger another reconciliation + failed_when: + - flavor.resources | length == 0 + - name: Merge in flavor values + set_fact: + merged_values: "{{ merged_values | combine(flavor.resources[0].spec, recursive=True) }}" + when: + - flavor_ref is defined + - flavor_ref.kind == "ClusterGitlabRunnerFlavor" + - flavor_ref.group == "miscscripts.pnnl.gov" + + - name: Set values from CR + set_fact: + merged_values: "{{ merged_values | combine(_miscscripts_pnnl_gov_gitlabrunner_spec, recursive=True) }}" + + - name: Set value for forced settings + set_fact: + overrides: {} + + - name: Compat setting for older CRD + set_fact: + unregister_overrides: + unregisterRunners: true + + - name: Compat with older CRD + set_fact: + overrides: "{{ overrides | combine(unregister_overrides, recursive=True) }}" + when: + - merged_values.unregisterRunnersWhenSecret is defined + - merged_values.unregisterRunnersWhenSecret == true + + - debug: + msg: unregisterRunnersWhenSecret is defined but deprecated. Please switch to unregisterRunners. + when: + - merged_values.unregisterRunnersWhenSecret is defined + + - name: Force overrides. + set_fact: + merged_values: "{{ merged_values | combine(overrides, recursive=True) }}" + + - copy: + content: "{{ merged_values | to_yaml }}" + dest: "{{ temp_filename.path }}" + no_log: True + + - shell: "helm template --namespace {{ meta.namespace }} {{ meta.name }} /gitlab-runner/ -f {{ temp_filename.path }}" + register: objs + no_log: True + + - copy: + content: "{{ objs.stdout }}" + dest: "{{ temp_filename.path }}" + no_log: True + + - k8s: + namespace: "{{ meta.namespace }}" + src: "{{ temp_filename.path }}" + state: present + no_log: True + + always: + - file: + path: "{{ temp_filename.path }}" + state: absent diff --git a/containers/gitlab-runner-operator/roles/gitlabrunner/vars/main.yml b/containers/gitlab-runner-operator/roles/gitlabrunner/vars/main.yml new file mode 100644 index 0000000..93fb64a --- /dev/null +++ b/containers/gitlab-runner-operator/roles/gitlabrunner/vars/main.yml @@ -0,0 +1,2 @@ +--- +# vars file for gitlabrunner diff --git a/containers/gitlab-runner-operator/volume.patch b/containers/gitlab-runner-operator/volume.patch new file mode 100644 index 0000000..4ed600a --- /dev/null +++ b/containers/gitlab-runner-operator/volume.patch @@ -0,0 +1,65 @@ +#Origionally from https://gitlab.com/gitlab-org/charts/gitlab-runner/-/merge_requests/191/diffs.patch +#Added extraVolumeMounts for init container too. + +From 2d1c08c08f48fd31ddda05ce3dfe15cf465a4a56 Mon Sep 17 00:00:00 2001 +From: Valdis Rigdon +Date: Mon, 22 Jul 2019 11:22:54 -0400 +Subject: [PATCH] Adds templating for extra containers, volumes, and + volumeMounts + +This gives the chart the ability to run extra containers as part of the +Deployment which can generate files to be shared into the gitlab-runner +container. +--- + templates/deployment.yaml | 9 +++++++++ + values.yaml | 9 +++++++++ + 2 files changed, 18 insertions(+) + +diff --git a/templates/deployment.yaml b/templates/deployment.yaml +index b3512a99..04dedf81 100644 +--- a/templates/deployment.yaml ++++ b/templates/deployment.yaml +@@ -100,8 +100,14 @@ + readOnly: true + mountPath: /home/gitlab-runner/.gitlab-runner/certs/ + {{- end }} ++ {{- if .Values.extraVolumeMounts }} ++{{ toYaml .Values.extraVolumeMounts | indent 8 }} ++ {{- end }} + resources: + {{ toYaml .Values.resources | indent 10 }} ++ {{- if .Values.extraContainers }} ++{{ toYaml .Values.extraContainers | indent 6 }} ++ {{- end }} + volumes: + - name: runner-secrets + emptyDir: +@@ -151,6 +157,9 @@ + - name: configmaps + configMap: + name: {{ include "gitlab-runner.fullname" . }} ++ {{- if .Values.extraVolumes }} ++{{ toYaml .Values.extraVolumes | indent 6 }} ++ {{- end }} + {{- if .Values.imagePullSecrets }} + imagePullSecrets: + {{ toYaml .Values.imagePullSecrets | indent 8 }} +diff --git a/values.yaml b/values.yaml +index 7ece3544..efc2335f 100644 +--- a/values.yaml ++++ b/values.yaml +@@ -363,3 +363,12 @@ podLabels: {} + ## See https://gitlab.com/gitlab-org/charts/gitlab-runner/-/blob/master/templates/configmap.yaml + ## for a current list. + configMaps: {} ++ ++## extra containers to run ++extraContainers: {} ++ ++## extra volume mounts for the gitlab-runner container ++extraVolumeMounts: {} ++ ++## extra volumes ++extraVolumes: {} +-- +2.24.1 diff --git a/containers/gitlab-runner-operator/watches.yaml b/containers/gitlab-runner-operator/watches.yaml new file mode 100644 index 0000000..cfc9971 --- /dev/null +++ b/containers/gitlab-runner-operator/watches.yaml @@ -0,0 +1,5 @@ +--- +- version: v1beta1 + group: miscscripts.pnnl.gov + kind: GitlabRunner + role: /opt/ansible/roles/gitlabrunner diff --git a/containers/inotify-tools/Dockerfile b/containers/inotify-tools/Dockerfile new file mode 100644 index 0000000..2139b73 --- /dev/null +++ b/containers/inotify-tools/Dockerfile @@ -0,0 +1,5 @@ +FROM alpine:3.9 +MAINTAINER Kevin Fox + +RUN \ + apk add --no-cache --update inotify-tools diff --git a/containers/inotify-tools/buildenv b/containers/inotify-tools/buildenv new file mode 100644 index 0000000..b6a0799 --- /dev/null +++ b/containers/inotify-tools/buildenv @@ -0,0 +1,2 @@ +export AUTO_PREFIX=apk-version +export AUTO_PREFIX_PACKAGE=inotify-tools diff --git a/containers/ipmi-exporter/Dockerfile b/containers/ipmi-exporter/Dockerfile new file mode 100644 index 0000000..3e17313 --- /dev/null +++ b/containers/ipmi-exporter/Dockerfile @@ -0,0 +1,14 @@ +FROM rockylinux:8 +MAINTAINER Kevin Fox + +RUN \ + yum install -y freeipmi && \ + curl -o ipmi_exporter.tgz https://github.com/soundcloud/ipmi_exporter/releases/download/v1.2.0/ipmi_exporter-v1.2.0.linux-amd64.tar.gz -L && \ + tar -xvf ipmi_exporter.tgz && \ + mv ipmi_exporter-v*/ipmi_exporter /usr/bin/ && \ + rm -rf ipmi_exporter-v* && \ + echo 1.2.0 >> /.extrafingerprints + +ENTRYPOINT ["ipmi_exporter"] + +CMD ["--help"] diff --git a/containers/ipmi-exporter/buildenv b/containers/ipmi-exporter/buildenv new file mode 100644 index 0000000..418c6f8 --- /dev/null +++ b/containers/ipmi-exporter/buildenv @@ -0,0 +1 @@ +export PREFIX=1.2.0 diff --git a/containers/ipmitool/buildenv b/containers/ipmitool/buildenv new file mode 100644 index 0000000..6198118 --- /dev/null +++ b/containers/ipmitool/buildenv @@ -0,0 +1,2 @@ +export AUTO_PREFIX=apk-version +export AUTO_PREFIX_PACKAGE=ipmitool diff --git a/containers/k8s-node-image-nginx/Dockerfile b/containers/k8s-node-image-nginx/Dockerfile new file mode 100644 index 0000000..6c4c5cf --- /dev/null +++ b/containers/k8s-node-image-nginx/Dockerfile @@ -0,0 +1,6 @@ +ARG SUBBUILD=1.13 +FROM nginx:stable-alpine + +FROM pnnlmiscscripts/k8s-node-image:$SUBBUILD +COPY --from=0 / / +RUN echo "server {autoindex off; server_name localhost; location ~ ^/$ {return 200;} location ~ ^.*/$ {return 404;} location / { root /data; default_type application/octet-stream; add_header Content-Disposition 'attachment'; types {}}}" > /etc/nginx/conf.d/default.conf diff --git a/containers/k8s-node-image-nginx/buildenv b/containers/k8s-node-image-nginx/buildenv new file mode 100644 index 0000000..720d1a9 --- /dev/null +++ b/containers/k8s-node-image-nginx/buildenv @@ -0,0 +1,5 @@ +export AUTO_PREFIX=rpmrepo-version +export AUTO_PREFIX_PACKAGE=kubelet +export AUTO_PREFIX_FILTER='sed "s/$/-nginx/g"' +export DOCKER_REPO=pnnlmiscscripts/k8s-node-image +export DOCKER_TAG="$SUBBUILD-nginx" diff --git a/containers/k8s-node-image-nginx9/Dockerfile b/containers/k8s-node-image-nginx9/Dockerfile new file mode 100644 index 0000000..b9efa2f --- /dev/null +++ b/containers/k8s-node-image-nginx9/Dockerfile @@ -0,0 +1,7 @@ +ARG SUBBUILD=1.13 +FROM nginx:stable-alpine + +FROM pnnlmiscscripts/k8s-node-image9:$SUBBUILD +COPY --from=0 / / +RUN echo "server {autoindex off; server_name localhost; location ~ ^/$ {return 200;} location ~ ^.*/$ {return 404;} location / { root /data; default_type application/octet-stream; add_header Content-Disposition 'attachment'; types {}}}" > /etc/nginx/conf.d/default.conf + diff --git a/containers/k8s-node-image-nginx9/buildenv b/containers/k8s-node-image-nginx9/buildenv new file mode 100644 index 0000000..ce8cbd3 --- /dev/null +++ b/containers/k8s-node-image-nginx9/buildenv @@ -0,0 +1,5 @@ +export AUTO_PREFIX=rpmrepo-version +export AUTO_PREFIX_PACKAGE=kubelet +export AUTO_PREFIX_FILTER='sed "s/$/-nginx/g"' +export DOCKER_REPO=pnnlmiscscripts/k8s-node-image9 +export DOCKER_TAG="$SUBBUILD-nginx" diff --git a/containers/k8s-node-image/Dockerfile b/containers/k8s-node-image/Dockerfile new file mode 100644 index 0000000..e334074 --- /dev/null +++ b/containers/k8s-node-image/Dockerfile @@ -0,0 +1,31 @@ +# syntax = docker/dockerfile:1.0-experimental +ARG SUBBUILD=1.13 +FROM pnnlmiscscripts/rpms-node-base:latest as base +FROM pnnlmiscscripts/rpms-containerd:latest as containerd +FROM pnnlmiscscripts/rpms-openvswitch:latest as openvswitch +FROM pnnlmiscscripts/rpms-kubernetes:$SUBBUILD as kubernetes + +FROM centos:centos7 as repobuild +COPY --from=base /data /rpmdata +COPY --from=containerd /data /data/containerd +COPY --from=openvswitch /data /data/openvswitch +COPY --from=kubernetes /data /data/kubernetes +ADD rpm.pub /root/rpm.pub +RUN --mount=type=secret,id=gpg \ + yum install -y createrepo yum-utils gnupg2 && \ + mkdir -p /data/repodata && \ + zcat /rpmdata/repodata/*comps.xml.gz > /data/repodata/comps.xml && \ + cp -a /rpmdata/*.rpm /data && \ + createrepo -g /data/repodata/comps.xml /data && \ + gpg --import /run/secrets/gpg && \ + gpg --import /root/rpm.pub && \ + gpg --detach-sign --armor /data/repodata/repomd.xml && \ + rm -rf ~/.gnupg && \ + echo Done building repo. + +FROM pnnlmiscscripts/rpms-node-base:latest +COPY --from=openvswitch /data /data/openvswitch +COPY --from=containerd /data /data/containerd +COPY --from=kubernetes /data /data/kubernetes +COPY --from=repobuild /data/repodata /data/repodata + diff --git a/containers/k8s-node-image/buildenv b/containers/k8s-node-image/buildenv new file mode 100644 index 0000000..40b9679 --- /dev/null +++ b/containers/k8s-node-image/buildenv @@ -0,0 +1,5 @@ +export AUTO_PREFIX=rpmrepo-version +export AUTO_PREFIX_PACKAGE=kubelet +export DOCKER_TAG=$SUBBUILD +export DOCKER_BUILDKIT=1 +export GPGSIGN=1 diff --git a/containers/k8s-node-image9/Dockerfile b/containers/k8s-node-image9/Dockerfile new file mode 100644 index 0000000..360d51d --- /dev/null +++ b/containers/k8s-node-image9/Dockerfile @@ -0,0 +1,31 @@ +# syntax = docker/dockerfile:1.0-experimental +ARG SUBBUILD=1.13 +FROM pnnlmiscscripts/rpms-node-base9:latest as base +FROM pnnlmiscscripts/rpms-containerd9:latest as containerd +FROM pnnlmiscscripts/rpms-openvswitch9:latest as openvswitch +FROM pnnlmiscscripts/rpms-kubernetes9:$SUBBUILD as kubernetes + +FROM rockylinux:9 as repobuild +COPY --from=base /data /rpmdata +COPY --from=containerd /data /data/containerd +COPY --from=openvswitch /data /data/openvswitch +COPY --from=kubernetes /data /data/kubernetes +ADD rpm.pub /root/rpm.pub +RUN --mount=type=secret,id=gpg \ + yum install -y createrepo yum-utils gnupg2 && \ + mkdir -p /data/repodata && \ + zcat /rpmdata/repodata/*comps.xml.gz > /data/repodata/comps.xml && \ + cp -a /rpmdata/*.rpm /data && \ + createrepo -g /data/repodata/comps.xml /data && \ + gpg --import /run/secrets/gpg && \ + gpg --import /root/rpm.pub && \ + gpg --detach-sign --armor /data/repodata/repomd.xml && \ + rm -rf ~/.gnupg && \ + echo Done building repo. + +FROM pnnlmiscscripts/rpms-node-base9:latest +COPY --from=openvswitch /data /data/openvswitch +COPY --from=containerd /data /data/containerd +COPY --from=kubernetes /data /data/kubernetes +COPY --from=repobuild /data/repodata /data/repodata + diff --git a/containers/k8s-node-image9/buildenv b/containers/k8s-node-image9/buildenv new file mode 100644 index 0000000..40b9679 --- /dev/null +++ b/containers/k8s-node-image9/buildenv @@ -0,0 +1,5 @@ +export AUTO_PREFIX=rpmrepo-version +export AUTO_PREFIX_PACKAGE=kubelet +export DOCKER_TAG=$SUBBUILD +export DOCKER_BUILDKIT=1 +export GPGSIGN=1 diff --git a/containers/pixiecore/Dockerfile b/containers/pixiecore/Dockerfile new file mode 100644 index 0000000..3337480 --- /dev/null +++ b/containers/pixiecore/Dockerfile @@ -0,0 +1,9 @@ +FROM golang + +RUN \ + CGO_ENABLED=0 go install go.universe.tf/netboot/cmd/pixiecore@latest + +FROM alpine:3.15 +COPY --from=0 /go/bin/pixiecore /bin/pixiecore +RUN echo 1.0.2 > /.extrafingerprints && cd / && wget http://boot.ipxe.org/ipxe.efi +ENTRYPOINT ["/bin/pixiecore"] diff --git a/containers/pixiecore/buildenv b/containers/pixiecore/buildenv new file mode 100644 index 0000000..c08389c --- /dev/null +++ b/containers/pixiecore/buildenv @@ -0,0 +1 @@ +export PREFIX=1.0.1 diff --git a/containers/py2lint/Dockerfile b/containers/py2lint/Dockerfile new file mode 100644 index 0000000..8991e32 --- /dev/null +++ b/containers/py2lint/Dockerfile @@ -0,0 +1,6 @@ +FROM alpine:3.9 +MAINTAINER Kevin Fox + +RUN \ + apk add --no-cache --update py2-pip && \ + pip install pylint diff --git a/containers/py2lint/buildenv b/containers/py2lint/buildenv new file mode 100644 index 0000000..b1ab701 --- /dev/null +++ b/containers/py2lint/buildenv @@ -0,0 +1,2 @@ +export AUTO_PREFIX=pip-version +export AUTO_PREFIX_PACKAGE=pylint diff --git a/containers/rpmmacros b/containers/rpmmacros new file mode 100644 index 0000000..c41474f --- /dev/null +++ b/containers/rpmmacros @@ -0,0 +1,3 @@ +%_signature gpg +%_gpg_name MISCSCRIPTS Packages +%_gpgbin /usr/bin/gpg diff --git a/containers/rpms-containerd/Dockerfile b/containers/rpms-containerd/Dockerfile new file mode 100644 index 0000000..96df959 --- /dev/null +++ b/containers/rpms-containerd/Dockerfile @@ -0,0 +1,23 @@ +# syntax = docker/dockerfile:1.0-experimental +FROM centos:centos7 + +ADD rpm.pub /root/rpm.pub +ADD rpmmacros /root/.rpmmacros + +ADD docker-ce.repo /etc/yum.repos.d/ +RUN --mount=type=secret,id=gpg \ + cd / && \ + set -e && \ + yum install -y createrepo gnupg2 rpm-sign && \ + mkdir -p rpms/ && \ + yumdownloader --resolv --destdir rpms containerd.io && \ + gpg --import /run/secrets/gpg && \ + gpg --import /root/rpm.pub && \ + rpm --addsign $(find rpms -type f -name '*.rpm') && \ + createrepo rpms && \ + gpg --detach-sign --armor rpms/repodata/repomd.xml && \ + rm -rf ~/.gnupg && \ + cp /root/rpm.pub /rpms/repodata/RPM-GPG-KEY + +FROM scratch +COPY --from=0 /rpms /data diff --git a/containers/rpms-containerd/buildenv b/containers/rpms-containerd/buildenv new file mode 100644 index 0000000..7db55e9 --- /dev/null +++ b/containers/rpms-containerd/buildenv @@ -0,0 +1,4 @@ +export AUTO_PREFIX=rpmrepo-version +export AUTO_PREFIX_PACKAGE=containerd.io +export DOCKER_BUILDKIT=1 +export GPGSIGN=1 diff --git a/containers/rpms-containerd/docker-ce.repo b/containers/rpms-containerd/docker-ce.repo new file mode 100644 index 0000000..2605574 --- /dev/null +++ b/containers/rpms-containerd/docker-ce.repo @@ -0,0 +1,6 @@ +[docker-ce-stable] +name=Docker CE Stable - $basearch +baseurl=https://download.docker.com/linux/centos/$releasever/$basearch/stable +enabled=1 +gpgcheck=1 +gpgkey=https://download.docker.com/linux/centos/gpg diff --git a/containers/rpms-containerd9/Dockerfile b/containers/rpms-containerd9/Dockerfile new file mode 100644 index 0000000..dfafd9d --- /dev/null +++ b/containers/rpms-containerd9/Dockerfile @@ -0,0 +1,32 @@ +# syntax = docker/dockerfile:1.0-experimental + +FROM pnnlmiscscripts/rpms-node-base9:latest + +FROM rockylinux:9 + +COPY --from=0 /data /rpms-base + +ADD rpm.pub /root/rpm.pub +ADD rpmmacros /root/.rpmmacros + +ADD docker-ce.repo /etc/yum.repos.d/ +RUN --mount=type=secret,id=gpg \ + cd / && \ + set -e && \ + yum install -y 'dnf-command(download)' createrepo gnupg2 rpm-sign findutils && \ + mkdir -p rpms/ && \ + cd /rpms && \ + cp -a /rpms-base/*.rpm . && \ + dnf download --resolve --destdir /rpms containerd.io && \ + find /rpms-base -maxdepth 1 -type f -name '*.rpm' -printf '%f\n' | while read line; do rm -f $line; done && \ + gpg --import /run/secrets/gpg && \ + gpg --import /root/rpm.pub && \ + rpm --addsign $(find . -type f -name '*.rpm') && \ + createrepo /rpms && \ + gpg --detach-sign --armor /rpms/repodata/repomd.xml && \ + rm -rf ~/.gnupg && \ + cp /root/rpm.pub /rpms/repodata/RPM-GPG-KEY && \ + ls -l /rpms + +FROM scratch +COPY --from=1 /rpms /data diff --git a/containers/rpms-containerd9/buildenv b/containers/rpms-containerd9/buildenv new file mode 100644 index 0000000..7db55e9 --- /dev/null +++ b/containers/rpms-containerd9/buildenv @@ -0,0 +1,4 @@ +export AUTO_PREFIX=rpmrepo-version +export AUTO_PREFIX_PACKAGE=containerd.io +export DOCKER_BUILDKIT=1 +export GPGSIGN=1 diff --git a/containers/rpms-containerd9/docker-ce.repo b/containers/rpms-containerd9/docker-ce.repo new file mode 100644 index 0000000..2605574 --- /dev/null +++ b/containers/rpms-containerd9/docker-ce.repo @@ -0,0 +1,6 @@ +[docker-ce-stable] +name=Docker CE Stable - $basearch +baseurl=https://download.docker.com/linux/centos/$releasever/$basearch/stable +enabled=1 +gpgcheck=1 +gpgkey=https://download.docker.com/linux/centos/gpg diff --git a/containers/rpms-kubernetes/Dockerfile b/containers/rpms-kubernetes/Dockerfile new file mode 100644 index 0000000..29cd01c --- /dev/null +++ b/containers/rpms-kubernetes/Dockerfile @@ -0,0 +1,30 @@ +# syntax = docker/dockerfile:1.0-experimental +FROM centos:centos7 +ARG BACK=1 +ARG SUBBUILD=1.13 + +ADD rpm.pub /root/rpm.pub +ADD rpmmacros /root/.rpmmacros + +ADD kubernetes.repo /etc/yum.repos.d/ +RUN --mount=type=secret,id=gpg \ + yum install -y createrepo gnupg2 rpm-sign && \ + mkdir -p rpms/ && \ + VERSION=$(yum --showduplicates list kubelet -q | grep -vi packages | grep -vi rc | grep -vi alpha | grep -vi beta | awk '{print $2}' | awk -F. '{print $2}' | sort -nu | tail -n $BACK | head -n 1) && \ + VERSION="$(echo $SUBBUILD | awk -F. '{print $2}')" && \ + SUBVERSION=$(yum --showduplicates list kubelet -q | grep -vi packages | awk '{print $2}' | grep "^1\.$VERSION\."| awk -F. '{print $3}' | awk -F- '{print $1}' | sort -nu | tail -n 1) && \ + REVISION=$(yum --showduplicates list kubelet -q | grep -vi packages | awk '{print $2}' | grep "^1\.$VERSION\.$SUBVERSION-" | awk -F- '{print $2}' | sort -nu | tail -n 1) && \ + FULLVERSION="1.$VERSION.$SUBVERSION-$REVISION" && \ + echo "Picked $FULLVERSION" && \ + mkdir -p rpms/ && \ + yumdownloader --resolv --destdir rpms "kubelet-$FULLVERSION" "kubeadm-$FULLVERSION" "kubectl-$FULLVERSION" && \ + gpg --import /run/secrets/gpg && \ + gpg --import /root/rpm.pub && \ + rpm --addsign $(find rpms -type f -name '*.rpm') && \ + createrepo rpms && \ + gpg --detach-sign --armor rpms/repodata/repomd.xml && \ + rm -rf ~/.gnupg && \ + cp /root/rpm.pub /rpms/repodata/RPM-GPG-KEY + +FROM scratch +COPY --from=0 /rpms /data diff --git a/containers/rpms-kubernetes/buildenv b/containers/rpms-kubernetes/buildenv new file mode 100644 index 0000000..40b9679 --- /dev/null +++ b/containers/rpms-kubernetes/buildenv @@ -0,0 +1,5 @@ +export AUTO_PREFIX=rpmrepo-version +export AUTO_PREFIX_PACKAGE=kubelet +export DOCKER_TAG=$SUBBUILD +export DOCKER_BUILDKIT=1 +export GPGSIGN=1 diff --git a/containers/rpms-kubernetes/kubernetes.repo b/containers/rpms-kubernetes/kubernetes.repo new file mode 100644 index 0000000..8f754aa --- /dev/null +++ b/containers/rpms-kubernetes/kubernetes.repo @@ -0,0 +1,8 @@ +[kubernetes] +name=Kubernetes +baseurl=https://packages.cloud.google.com/yum/repos/kubernetes-el7-x86_64 +enabled=1 +gpgcheck=1 +# See issue https://github.com/kubernetes/release/issues/1982 +repo_gpgcheck=0 +gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg https://packages.cloud.google.com/yum/doc/apt-key.gpg diff --git a/containers/rpms-kubernetes9/Dockerfile b/containers/rpms-kubernetes9/Dockerfile new file mode 100644 index 0000000..e4f3da7 --- /dev/null +++ b/containers/rpms-kubernetes9/Dockerfile @@ -0,0 +1,34 @@ +# syntax = docker/dockerfile:1.2 + +FROM pnnlmiscscripts/rpms-node-base9:latest + +FROM rockylinux:9 +ARG BACK=1 +ARG SUBBUILD=1.13 + +COPY --from=0 /data /rpms-base + +ADD rpm.pub /root/rpm.pub +ADD rpmmacros /root/.rpmmacros + +ADD kubernetes.repo /etc/yum.repos.d/ +RUN --mount=type=secret,id=gpg \ + sed -i "s/KUBE_VERSION/${SUBBUILD}/" /etc/yum.repos.d/kubernetes.repo && \ + yum install -y 'dnf-command(download)' createrepo gnupg2 rpm-sign findutils && \ + mkdir -p rpms/ && \ + mkdir -p rpms/ && \ + cd /rpms && \ + cp -a /rpms-base/*.rpm . && \ + dnf install -y --downloadonly --destdir /rpms kubelet kubeadm kubectl && \ + find /rpms-base -maxdepth 1 -type f -name '*.rpm' -printf '%f\n' | while read line; do rm -f $line; done && \ + gpg --import /run/secrets/gpg && \ + gpg --import /root/rpm.pub && \ + rpm --addsign $(find . -type f -name '*.rpm') && \ + createrepo /rpms && \ + gpg --detach-sign --armor /rpms/repodata/repomd.xml && \ + rm -rf ~/.gnupg && \ + cp /root/rpm.pub /rpms/repodata/RPM-GPG-KEY && \ + ls -l /rpms/ + +FROM scratch +COPY --from=1 /rpms /data diff --git a/containers/rpms-kubernetes9/buildenv b/containers/rpms-kubernetes9/buildenv new file mode 100644 index 0000000..40b9679 --- /dev/null +++ b/containers/rpms-kubernetes9/buildenv @@ -0,0 +1,5 @@ +export AUTO_PREFIX=rpmrepo-version +export AUTO_PREFIX_PACKAGE=kubelet +export DOCKER_TAG=$SUBBUILD +export DOCKER_BUILDKIT=1 +export GPGSIGN=1 diff --git a/containers/rpms-kubernetes9/kubernetes.repo b/containers/rpms-kubernetes9/kubernetes.repo new file mode 100644 index 0000000..bb5eab6 --- /dev/null +++ b/containers/rpms-kubernetes9/kubernetes.repo @@ -0,0 +1,6 @@ +[kubernetes] +name=Kubernetes +baseurl=https://pkgs.k8s.io/core:/stable:/vKUBE_VERSION/rpm/ +enabled=1 +gpgcheck=1 +gpgkey=https://pkgs.k8s.io/core:/stable:/vKUBE_VERSION/rpm/repodata/repomd.xml.key diff --git a/containers/rpms-node-base/Dockerfile b/containers/rpms-node-base/Dockerfile new file mode 100644 index 0000000..617f135 --- /dev/null +++ b/containers/rpms-node-base/Dockerfile @@ -0,0 +1,30 @@ +# syntax = docker/dockerfile:1.0-experimental +FROM centos:centos7 +MAINTAINER Kevin Fox + +ADD rpm.pub /root/rpm.pub +ADD rpmmacros /root/.rpmmacros + +RUN --mount=type=secret,id=gpg \ + cd / && \ + set -e && \ + yum install -y createrepo yum-utils gnupg2 rpm-sign && \ + mkdir -p rpms/ && \ + yumdownloader --resolv --installroot=/tmp/root --releasever=/ \ + --destdir rpms --setopt cachedir=/tmp/cache \ + @Base @Core @anaconda-tools grub2-efi-x64 kernel grub2 docker e2fsprogs \ + container-selinux nspr nss-util openssh-server openssh iptables-services \ + nfs-utils authconfig psmisc libibverbs qemu-guest-agent && \ + gpg --import /run/secrets/gpg && \ + gpg --import /root/rpm.pub && \ + rpm --addsign $(find rpms -type f -name '*.rpm') && \ + reposync --gpgcheck -l --repoid=base --downloadcomps -u > /dev/null && \ + mkdir -p rpms/repodata && \ + mv base/comps.xml rpms/repodata && \ + createrepo -g `pwd`/rpms/repodata/comps.xml rpms && \ + gpg --detach-sign --armor rpms/repodata/repomd.xml && \ + rm -rf ~/.gnupg && \ + cp /root/rpm.pub /rpms/repodata/RPM-GPG-KEY + +FROM scratch +COPY --from=0 /rpms /data diff --git a/containers/rpms-node-base/buildenv b/containers/rpms-node-base/buildenv new file mode 100644 index 0000000..81c5be6 --- /dev/null +++ b/containers/rpms-node-base/buildenv @@ -0,0 +1,5 @@ +export AUTO_PREFIX=rpmrepo-version-release +export AUTO_PREFIX_PACKAGE=centos-release +export AUTO_PREFIX_FILTER='cut -d . -f 1 | tr '-' .' +export DOCKER_BUILDKIT=1 +export GPGSIGN=1 diff --git a/containers/rpms-node-base9/Dockerfile b/containers/rpms-node-base9/Dockerfile new file mode 100644 index 0000000..a67116e --- /dev/null +++ b/containers/rpms-node-base9/Dockerfile @@ -0,0 +1,30 @@ +# syntax = docker/dockerfile:1.2 +FROM rockylinux:9 +MAINTAINER Kevin Fox + +ADD rpm.pub /root/rpm.pub +ADD rpmmacros /root/.rpmmacros + +RUN --mount=type=secret,id=gpg \ + cd / && \ + set -e && \ + yum install -y createrepo yum-utils gnupg2 rpm-sign && \ + mkdir -p rpms/ && \ + dnf install --installroot=/tmp/root --releasever=/ --downloadonly \ + --destdir rpms -y @core grub2-efi-x64 kernel grub2 e2fsprogs nspr nss-util \ + openssh-server openssh iptables-services nfs-utils authconfig psmisc \ + libibverbs qemu-guest-agent libsss_sudo bzip2 chrony dosfstools efibootmgr \ + langpacks-en mdadm shim-x64 glibc-minimal-langpack tar lvm2 fuse-overlayfs && \ + gpg --import /run/secrets/gpg && \ + gpg --import /root/rpm.pub && \ + rpm --addsign $(find rpms -type f -name '*.rpm') && \ + mkdir -p rpms/repodata && \ + curl -o rpms/repodata/comps.xml $(reposync --gpgcheck --repoid=baseos --downloadcomps -u | grep -- -GROUPS.xml) && \ + createrepo -g `pwd`/rpms/repodata/comps.xml rpms && \ + gpg --detach-sign --armor rpms/repodata/repomd.xml && \ + rm -rf ~/.gnupg && \ + cp /root/rpm.pub /rpms/repodata/RPM-GPG-KEY && \ + ls -l /rpms + +FROM scratch +COPY --from=0 /rpms /data diff --git a/containers/rpms-node-base9/buildenv b/containers/rpms-node-base9/buildenv new file mode 100644 index 0000000..bee6e99 --- /dev/null +++ b/containers/rpms-node-base9/buildenv @@ -0,0 +1,5 @@ +export AUTO_PREFIX=rpmrepo-version-release +export AUTO_PREFIX_PACKAGE=rocky-release +export AUTO_PREFIX_FILTER='cut -d . -f 1 | tr '-' .' +export DOCKER_BUILDKIT=1 +export GPGSIGN=1 diff --git a/containers/rpms-openvswitch/Dockerfile b/containers/rpms-openvswitch/Dockerfile new file mode 100644 index 0000000..bd0b1aa --- /dev/null +++ b/containers/rpms-openvswitch/Dockerfile @@ -0,0 +1,24 @@ +# syntax = docker/dockerfile:1.0-experimental +FROM centos:centos7 +MAINTAINER Kevin Fox + +ADD rpm.pub /root/rpm.pub +ADD rpmmacros /root/.rpmmacros + +RUN --mount=type=secret,id=gpg \ + cd / && \ + set -e && \ + yum install -y createrepo createrepo gnupg2 rpm-sign && \ + mkdir -p rpms/ && \ + yum install -y centos-release-openstack-train createrepo && \ + yumdownloader --resolv --destdir rpms openvswitch && \ + gpg --import /run/secrets/gpg && \ + gpg --import /root/rpm.pub && \ + rpm --addsign $(find rpms -type f -name '*.rpm') && \ + createrepo rpms && \ + gpg --detach-sign --armor rpms/repodata/repomd.xml && \ + rm -rf ~/.gnupg && \ + cp /root/rpm.pub /rpms/repodata/RPM-GPG-KEY + +FROM scratch +COPY --from=0 /rpms /data diff --git a/containers/rpms-openvswitch/buildenv b/containers/rpms-openvswitch/buildenv new file mode 100644 index 0000000..3d4b6ce --- /dev/null +++ b/containers/rpms-openvswitch/buildenv @@ -0,0 +1,4 @@ +export AUTO_PREFIX=rpmrepo-version +export AUTO_PREFIX_PACKAGE=openvswitch +export DOCKER_BUILDKIT=1 +export GPGSIGN=1 diff --git a/containers/rpms-openvswitch9/Dockerfile b/containers/rpms-openvswitch9/Dockerfile new file mode 100644 index 0000000..029c879 --- /dev/null +++ b/containers/rpms-openvswitch9/Dockerfile @@ -0,0 +1,33 @@ +# syntax = docker/dockerfile:1.0-experimental + +FROM pnnlmiscscripts/rpms-node-base9:latest + +FROM rockylinux:9 +MAINTAINER Kevin Fox + +COPY --from=0 /data /rpms-base + +ADD rpm.pub /root/rpm.pub +ADD rpmmacros /root/.rpmmacros + +RUN --mount=type=secret,id=gpg \ + cd / && \ + set -e && \ + yum install -y 'dnf-command(download)' createrepo gnupg2 rpm-sign findutils && \ + yum install -y https://repos.fedorapeople.org/repos/openstack/openstack-zed/rdo-release-zed-1.el9s.noarch.rpm && \ + mkdir -p /rpms && \ + cd /rpms && \ + cp -a /rpms-base/*.rpm . && \ + dnf download --resolve --destdir /rpms openvswitch2.17 NetworkManager-ovs && \ + find /rpms-base -maxdepth 1 -type f -name '*.rpm' -printf '%f\n' | while read line; do rm -f $line; done && \ + gpg --import /run/secrets/gpg && \ + gpg --import /root/rpm.pub && \ + rpm --addsign $(find . -type f -name '*.rpm') && \ + createrepo /rpms && \ + gpg --detach-sign --armor /rpms/repodata/repomd.xml && \ + rm -rf ~/.gnupg && \ + cp /root/rpm.pub /rpms/repodata/RPM-GPG-KEY && \ + ls -l /rpms + +FROM scratch +COPY --from=1 /rpms /data diff --git a/containers/rpms-openvswitch9/buildenv b/containers/rpms-openvswitch9/buildenv new file mode 100644 index 0000000..88c5aab --- /dev/null +++ b/containers/rpms-openvswitch9/buildenv @@ -0,0 +1,4 @@ +export AUTO_PREFIX=rpmrepo-version +export AUTO_PREFIX_PACKAGE=openvswitch2.17 +export DOCKER_BUILDKIT=1 +export GPGSIGN=1 diff --git a/containers/smartctl-exporter/Dockerfile b/containers/smartctl-exporter/Dockerfile new file mode 100644 index 0000000..7686266 --- /dev/null +++ b/containers/smartctl-exporter/Dockerfile @@ -0,0 +1,11 @@ +FROM alpine +RUN \ + wget -O exporter.tar.gz https://github.com/prometheus-community/smartctl_exporter/releases/download/v0.7.0/smartctl_exporter-0.7.0.linux-amd64.tar.gz && \ + tar -zxvf exporter.tar.gz && \ + mv smartctl_exporter*/smartctl_exporter /bin/ && \ + rm -rf smartctl_exporter* && \ + apk add --no-cache --update smartmontools + +COPY smartctl_exporter.yaml /etc/smartctl_exporter.yaml + +CMD ["/bin/smartctl_exporter"] diff --git a/containers/smartctl-exporter/buildenv b/containers/smartctl-exporter/buildenv new file mode 100644 index 0000000..845acfb --- /dev/null +++ b/containers/smartctl-exporter/buildenv @@ -0,0 +1 @@ +export PREFIX=0.7 diff --git a/containers/smartctl-exporter/smartctl_exporter.yaml b/containers/smartctl-exporter/smartctl_exporter.yaml new file mode 100644 index 0000000..e989e24 --- /dev/null +++ b/containers/smartctl-exporter/smartctl_exporter.yaml @@ -0,0 +1,7 @@ +smartctl_exporter: + bind_to: "localhost:9633" + url_path: "/metrics" + smartctl_location: /usr/sbin/smartctl + collect_not_more_than_period: 120s + devices: + - /dev/vda diff --git a/containers/tenant-namespace-operator/.gitignore b/containers/tenant-namespace-operator/.gitignore new file mode 100644 index 0000000..b434200 --- /dev/null +++ b/containers/tenant-namespace-operator/.gitignore @@ -0,0 +1,17 @@ + +# Binaries for programs and plugins +*.exe +*.exe~ +*.dll +*.so +*.dylib +bin + +# editor and IDE paraphernalia +.idea +*.swp +*.swo +*~ + +bundle/ +bundle.Dockerfile diff --git a/containers/tenant-namespace-operator/Dockerfile b/containers/tenant-namespace-operator/Dockerfile new file mode 100644 index 0000000..30bca69 --- /dev/null +++ b/containers/tenant-namespace-operator/Dockerfile @@ -0,0 +1,36 @@ +FROM quay.io/operator-framework/ansible-operator:v1.32.0 + +ARG helm_version=v3.5.2 +USER 0 +RUN \ + dnf clean all && \ + dnf install -y git patch && \ + dnf clean all && \ + ARCH=$(uname -m | sed 's/x86_64/amd64/' | sed 's/aarch64/arm64/') && \ + curl -o helm.tar.gz https://get.helm.sh/helm-${helm_version}-linux-${ARCH}.tar.gz && \ + tar -zxvf helm.tar.gz && \ + mv linux-${ARCH}/helm /usr/local/bin/helm && \ + rm -f helm.tar.gz && \ + rm -rf linux-${ARCH} && \ + touch /.extrafingerprints && \ + chown ${USER_UID}:0 /.extrafingerprints + +USER 1001 +WORKDIR ${HOME} + +COPY configmap.patch watches.yaml requirements.yml ${HOME}/ +COPY roles/ ${HOME}/roles/ + +#FIXME forcing ingress newer to work on newer k8s clusters. Fix upstream chart. +RUN \ + ansible-galaxy install -r ${HOME}/requirements.yml && \ + chmod -R ug+rwx ${HOME}/.ansible && \ + helm plugin install https://github.com/databus23/helm-diff --version master && \ + helm pull --repo https://pnnl-miscscripts.github.io/charts tenant-namespace --version 0.6.13 --untar && \ + cd tenant-namespace/charts/ingress-nginx/ && \ + cd - && \ + find roles/ -type f -exec md5sum {} \; > /.extrafingerprints && \ + echo 0.1.13 >> /.extrafingerprints && \ + md5sum watches.yaml >> /.extrafingerprints + +ENTRYPOINT ["/tini", "--", "/usr/local/bin/ansible-operator", "run", "--watches-file=./watches.yaml", "--inject-owner-ref=false"] diff --git a/containers/tenant-namespace-operator/LICENSE b/containers/tenant-namespace-operator/LICENSE new file mode 100644 index 0000000..d645695 --- /dev/null +++ b/containers/tenant-namespace-operator/LICENSE @@ -0,0 +1,202 @@ + + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright [yyyy] [name of copyright owner] + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/containers/tenant-namespace-operator/Makefile b/containers/tenant-namespace-operator/Makefile new file mode 100644 index 0000000..047ef55 --- /dev/null +++ b/containers/tenant-namespace-operator/Makefile @@ -0,0 +1,231 @@ +# VERSION defines the project version for the bundle. +# Update this value when you upgrade the version of your project. +# To re-generate a bundle for another specific version without changing the standard setup, you can: +# - use the VERSION as arg of the bundle target (e.g make bundle VERSION=0.0.2) +# - use environment variables to overwrite this value (e.g export VERSION=0.0.2) +VERSION ?= 0.0.1 + +# CHANNELS define the bundle channels used in the bundle. +# Add a new line here if you would like to change its default config. (E.g CHANNELS = "candidate,fast,stable") +# To re-generate a bundle for other specific channels without changing the standard setup, you can: +# - use the CHANNELS as arg of the bundle target (e.g make bundle CHANNELS=candidate,fast,stable) +# - use environment variables to overwrite this value (e.g export CHANNELS="candidate,fast,stable") +ifneq ($(origin CHANNELS), undefined) +BUNDLE_CHANNELS := --channels=$(CHANNELS) +endif + +# DEFAULT_CHANNEL defines the default channel used in the bundle. +# Add a new line here if you would like to change its default config. (E.g DEFAULT_CHANNEL = "stable") +# To re-generate a bundle for any other default channel without changing the default setup, you can: +# - use the DEFAULT_CHANNEL as arg of the bundle target (e.g make bundle DEFAULT_CHANNEL=stable) +# - use environment variables to overwrite this value (e.g export DEFAULT_CHANNEL="stable") +ifneq ($(origin DEFAULT_CHANNEL), undefined) +BUNDLE_DEFAULT_CHANNEL := --default-channel=$(DEFAULT_CHANNEL) +endif +BUNDLE_METADATA_OPTS ?= $(BUNDLE_CHANNELS) $(BUNDLE_DEFAULT_CHANNEL) + +# IMAGE_TAG_BASE defines the docker.io namespace and part of the image name for remote images. +# This variable is used to construct full image tags for bundle and catalog images. +# +# For example, running 'make bundle-build bundle-push catalog-build catalog-push' will build and push both +# pnnl.gov/tenant-namespace-operator-bundle:$VERSION and pnnl.gov/tenant-namespace-operator-catalog:$VERSION. +IMAGE_TAG_BASE ?= pnnlmiscscripts/tenant-namespace-operator + +# BUNDLE_IMG defines the image:tag used for the bundle. +# You can use it as an arg. (E.g make bundle-build BUNDLE_IMG=/:) +BUNDLE_IMG ?= $(IMAGE_TAG_BASE)-bundle:v$(VERSION) + +# BUNDLE_GEN_FLAGS are the flags passed to the operator-sdk generate bundle command +BUNDLE_GEN_FLAGS ?= -q --overwrite --version $(VERSION) $(BUNDLE_METADATA_OPTS) + +# USE_IMAGE_DIGESTS defines if images are resolved via tags or digests +# You can enable this value if you would like to use SHA Based Digests +# To enable set flag to true +USE_IMAGE_DIGESTS ?= false +ifeq ($(USE_IMAGE_DIGESTS), true) + BUNDLE_GEN_FLAGS += --use-image-digests +endif + +# Set the Operator SDK version to use. By default, what is installed on the system is used. +# This is useful for CI or a project to utilize a specific version of the operator-sdk toolkit. +OPERATOR_SDK_VERSION ?= v1.32.0 + +# Image URL to use all building/pushing image targets +IMG ?= $(IMAGE_TAG_BASE):$(VERSION) + +.PHONY: all +all: docker-build + +##@ General + +# The help target prints out all targets with their descriptions organized +# beneath their categories. The categories are represented by '##@' and the +# target descriptions by '##'. The awk commands is responsible for reading the +# entire set of makefiles included in this invocation, looking for lines of the +# file as xyz: ## something, and then pretty-format the target and help. Then, +# if there's a line with ##@ something, that gets pretty-printed as a category. +# More info on the usage of ANSI control characters for terminal formatting: +# https://en.wikipedia.org/wiki/ANSI_escape_code#SGR_parameters +# More info on the awk command: +# http://linuxcommand.org/lc3_adv_awk.php + +.PHONY: help +help: ## Display this help. + @awk 'BEGIN {FS = ":.*##"; printf "\nUsage:\n make \033[36m\033[0m\n"} /^[a-zA-Z_0-9-]+:.*?##/ { printf " \033[36m%-15s\033[0m %s\n", $$1, $$2 } /^##@/ { printf "\n\033[1m%s\033[0m\n", substr($$0, 5) } ' $(MAKEFILE_LIST) + +##@ Build + +.PHONY: run +ANSIBLE_ROLES_PATH?="$(shell pwd)/roles" +run: ansible-operator ## Run against the configured Kubernetes cluster in ~/.kube/config + $(ANSIBLE_OPERATOR) run + +.PHONY: docker-build +docker-build: ## Build docker image with the manager. + docker build -t ${IMG} . + +.PHONY: docker-push +docker-push: ## Push docker image with the manager. + docker push ${IMG} + +# PLATFORMS defines the target platforms for the manager image be build to provide support to multiple +# architectures. (i.e. make docker-buildx IMG=myregistry/mypoperator:0.0.1). To use this option you need to: +# - able to use docker buildx . More info: https://docs.docker.com/build/buildx/ +# - have enable BuildKit, More info: https://docs.docker.com/develop/develop-images/build_enhancements/ +# - be able to push the image for your registry (i.e. if you do not inform a valid value via IMG=> than the export will fail) +# To properly provided solutions that supports more than one platform you should use this option. +PLATFORMS ?= linux/arm64,linux/amd64 +.PHONY: docker-buildx +docker-buildx: test ## Build and push docker image for the manager for cross-platform support + # copy existing Dockerfile and insert --platform=${BUILDPLATFORM} into Dockerfile.cross, and preserve the original Dockerfile + sed -e '1 s/\(^FROM\)/FROM --platform=\$$\{BUILDPLATFORM\}/; t' -e ' 1,// s//FROM --platform=\$$\{BUILDPLATFORM\}/' Dockerfile > Dockerfile.cross + - docker buildx create --name project-v3-builder + docker buildx use project-v3-builder + - docker buildx build --push --platform=$(PLATFORMS) --tag ${IMG} -f Dockerfile.cross . + - docker buildx rm project-v3-builder + rm Dockerfile.cross + +##@ Deployment + +.PHONY: install +install: kustomize ## Install CRDs into the K8s cluster specified in ~/.kube/config. + $(KUSTOMIZE) build config/crd | kubectl apply -f - + +.PHONY: uninstall +uninstall: kustomize ## Uninstall CRDs from the K8s cluster specified in ~/.kube/config. + $(KUSTOMIZE) build config/crd | kubectl delete -f - + +.PHONY: deploy +deploy: kustomize ## Deploy controller to the K8s cluster specified in ~/.kube/config. + cd config/manager && $(KUSTOMIZE) edit set image controller=${IMG} + $(KUSTOMIZE) build config/default | kubectl apply -f - + +.PHONY: undeploy +undeploy: ## Undeploy controller from the K8s cluster specified in ~/.kube/config. + $(KUSTOMIZE) build config/default | kubectl delete -f - + +OS := $(shell uname -s | tr '[:upper:]' '[:lower:]') +ARCH := $(shell uname -m | sed 's/x86_64/amd64/' | sed 's/aarch64/arm64/') + +.PHONY: kustomize +KUSTOMIZE = $(shell pwd)/bin/kustomize +kustomize: ## Download kustomize locally if necessary. +ifeq (,$(wildcard $(KUSTOMIZE))) +ifeq (,$(shell which kustomize 2>/dev/null)) + @{ \ + set -e ;\ + mkdir -p $(dir $(KUSTOMIZE)) ;\ + curl -sSLo - https://github.com/kubernetes-sigs/kustomize/releases/download/kustomize/v4.5.7/kustomize_v4.5.7_$(OS)_$(ARCH).tar.gz | \ + tar xzf - -C bin/ ;\ + } +else +KUSTOMIZE = $(shell which kustomize) +endif +endif + +.PHONY: ansible-operator +ANSIBLE_OPERATOR = $(shell pwd)/bin/ansible-operator +ansible-operator: ## Download ansible-operator locally if necessary, preferring the $(pwd)/bin path over global if both exist. +ifeq (,$(wildcard $(ANSIBLE_OPERATOR))) +ifeq (,$(shell which ansible-operator 2>/dev/null)) + @{ \ + set -e ;\ + mkdir -p $(dir $(ANSIBLE_OPERATOR)) ;\ + curl -sSLo $(ANSIBLE_OPERATOR) https://github.com/operator-framework/ansible-operator-plugins/releases/download/v1.32.0/ansible-operator_$(OS)_$(ARCH) ;\ + chmod +x $(ANSIBLE_OPERATOR) ;\ + } +else +ANSIBLE_OPERATOR = $(shell which ansible-operator) +endif +endif + +.PHONY: operator-sdk +OPERATOR_SDK ?= ./bin/operator-sdk +operator-sdk: ## Download operator-sdk locally if necessary. +ifeq (,$(wildcard $(OPERATOR_SDK))) +ifeq (, $(shell which operator-sdk 2>/dev/null)) + @{ \ + set -e ;\ + mkdir -p $(dir $(OPERATOR_SDK)) ;\ + curl -sSLo $(OPERATOR_SDK) https://github.com/operator-framework/operator-sdk/releases/download/$(OPERATOR_SDK_VERSION)/operator-sdk_$(OS)_$(ARCH) ;\ + chmod +x $(OPERATOR_SDK) ;\ + } +else +OPERATOR_SDK = $(shell which operator-sdk) +endif +endif + +.PHONY: bundle +bundle: kustomize operator-sdk ## Generate bundle manifests and metadata, then validate generated files. + $(OPERATOR_SDK) generate kustomize manifests -q + cd config/manager && $(KUSTOMIZE) edit set image controller=$(IMG) + $(KUSTOMIZE) build config/manifests | $(OPERATOR_SDK) generate bundle $(BUNDLE_GEN_FLAGS) + $(OPERATOR_SDK) bundle validate ./bundle + +.PHONY: bundle-build +bundle-build: ## Build the bundle image. + docker build -f bundle.Dockerfile -t $(BUNDLE_IMG) . + +.PHONY: bundle-push +bundle-push: ## Push the bundle image. + $(MAKE) docker-push IMG=$(BUNDLE_IMG) + +.PHONY: opm +OPM = ./bin/opm +opm: ## Download opm locally if necessary. +ifeq (,$(wildcard $(OPM))) +ifeq (,$(shell which opm 2>/dev/null)) + @{ \ + set -e ;\ + mkdir -p $(dir $(OPM)) ;\ + curl -sSLo $(OPM) https://github.com/operator-framework/operator-registry/releases/download/v1.23.0/$(OS)-$(ARCH)-opm ;\ + chmod +x $(OPM) ;\ + } +else +OPM = $(shell which opm) +endif +endif + +# A comma-separated list of bundle images (e.g. make catalog-build BUNDLE_IMGS=example.com/operator-bundle:v0.1.0,example.com/operator-bundle:v0.2.0). +# These images MUST exist in a registry and be pull-able. +BUNDLE_IMGS ?= $(BUNDLE_IMG) + +# The image tag given to the resulting catalog image (e.g. make catalog-build CATALOG_IMG=example.com/operator-catalog:v0.2.0). +CATALOG_IMG ?= $(IMAGE_TAG_BASE)-catalog:v$(VERSION) + +# Set CATALOG_BASE_IMG to an existing catalog image tag to add $BUNDLE_IMGS to that image. +ifneq ($(origin CATALOG_BASE_IMG), undefined) +FROM_INDEX_OPT := --from-index $(CATALOG_BASE_IMG) +endif + +# Build a catalog image by adding bundle images to an empty catalog using the operator package manager tool, 'opm'. +# This recipe invokes 'opm' in 'semver' bundle add mode. For more information on add modes, see: +# https://github.com/operator-framework/community-operators/blob/7f1438c/docs/packaging-operator.md#updating-your-existing-operator +.PHONY: catalog-build +catalog-build: opm ## Build a catalog image. + $(OPM) index add --container-tool docker --mode semver --tag $(CATALOG_IMG) --bundles $(BUNDLE_IMGS) $(FROM_INDEX_OPT) + +# Push the catalog image. +.PHONY: catalog-push +catalog-push: ## Push a catalog image. + $(MAKE) docker-push IMG=$(CATALOG_IMG) diff --git a/containers/tenant-namespace-operator/PROJECT b/containers/tenant-namespace-operator/PROJECT new file mode 100644 index 0000000..7195632 --- /dev/null +++ b/containers/tenant-namespace-operator/PROJECT @@ -0,0 +1,27 @@ +# Code generated by tool. DO NOT EDIT. +# This file is used to track the info used to scaffold your project +# and allow the plugins properly work. +# More info: https://book.kubebuilder.io/reference/project-config.html +domain: pnnl.gov +layout: +- ansible.sdk.operatorframework.io/v1 +plugins: + manifests.sdk.operatorframework.io/v2: {} + scorecard.sdk.operatorframework.io/v2: {} +projectName: tenant-namespace-operator +resources: +- api: + crdVersion: v1 + namespaced: false + domain: pnnl.gov + group: miscscripts + kind: TenantNamespace + version: v1beta1 +- api: + crdVersion: v1 + namespaced: false + domain: pnnl.gov + group: miscscripts + kind: TenantNamespaceFlavor + version: v1beta1 +version: "3" diff --git a/containers/tenant-namespace-operator/buildenv b/containers/tenant-namespace-operator/buildenv new file mode 100644 index 0000000..7a2edf6 --- /dev/null +++ b/containers/tenant-namespace-operator/buildenv @@ -0,0 +1 @@ +export PREFIX=0.1.16 diff --git a/containers/tenant-namespace-operator/config/crd/bases/miscscripts.pnnl.gov_tenantnamespaceflavors.yaml b/containers/tenant-namespace-operator/config/crd/bases/miscscripts.pnnl.gov_tenantnamespaceflavors.yaml new file mode 100644 index 0000000..7cf4630 --- /dev/null +++ b/containers/tenant-namespace-operator/config/crd/bases/miscscripts.pnnl.gov_tenantnamespaceflavors.yaml @@ -0,0 +1,45 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: tenantnamespaceflavors.miscscripts.pnnl.gov +spec: + group: miscscripts.pnnl.gov + names: + kind: TenantNamespaceFlavor + listKind: TenantNamespaceFlavorList + plural: tenantnamespaceflavors + singular: tenantnamespaceflavor + scope: Cluster + preserveUnknownFields: false + versions: + - name: v1beta1 + schema: + openAPIV3Schema: + description: TenantNamespaceFlavor is the Schema for the tenantnamespaceflavors API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec defines the desired state of TenantNamespaceFlavor + type: object + x-kubernetes-preserve-unknown-fields: true + status: + description: Status defines the observed state of TenantNamespaceFlavor + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true + subresources: + status: {} diff --git a/containers/tenant-namespace-operator/config/crd/bases/miscscripts.pnnl.gov_tenantnamespaces.yaml b/containers/tenant-namespace-operator/config/crd/bases/miscscripts.pnnl.gov_tenantnamespaces.yaml new file mode 100644 index 0000000..8330f6f --- /dev/null +++ b/containers/tenant-namespace-operator/config/crd/bases/miscscripts.pnnl.gov_tenantnamespaces.yaml @@ -0,0 +1,45 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: tenantnamespaces.miscscripts.pnnl.gov +spec: + group: miscscripts.pnnl.gov + names: + kind: TenantNamespace + listKind: TenantNamespaceList + plural: tenantnamespaces + singular: tenantnamespace + scope: Cluster + preserveUnknownFields: false + versions: + - name: v1beta1 + schema: + openAPIV3Schema: + description: TenantNamespace is the Schema for the tenantnamespaces API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec defines the desired state of TenantNamespace + type: object + x-kubernetes-preserve-unknown-fields: true + status: + description: Status defines the observed state of TenantNamespace + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true + subresources: + status: {} diff --git a/containers/tenant-namespace-operator/config/crd/kustomization.yaml b/containers/tenant-namespace-operator/config/crd/kustomization.yaml new file mode 100644 index 0000000..30206ac --- /dev/null +++ b/containers/tenant-namespace-operator/config/crd/kustomization.yaml @@ -0,0 +1,7 @@ +# This kustomization.yaml is not intended to be run by itself, +# since it depends on service name and namespace that are out of this kustomize package. +# It should be run by config/default +resources: +- bases/miscscripts.pnnl.gov_tenantnamespaces.yaml +- bases/miscscripts.pnnl.gov_tenantnamespaceflavors.yaml +#+kubebuilder:scaffold:crdkustomizeresource diff --git a/containers/tenant-namespace-operator/config/default/kustomization.yaml b/containers/tenant-namespace-operator/config/default/kustomization.yaml new file mode 100644 index 0000000..bfb2076 --- /dev/null +++ b/containers/tenant-namespace-operator/config/default/kustomization.yaml @@ -0,0 +1,30 @@ +# Adds namespace to all resources. +namespace: tenant-namespace-operator + +# Value of this field is prepended to the +# names of all resources, e.g. a deployment named +# "wordpress" becomes "alices-wordpress". +# Note that it should also match with the prefix (text before '-') of the namespace +# field above. +namePrefix: tenant-namespace-operator- + +# Labels to add to all resources and selectors. +#labels: +#- includeSelectors: true +# pairs: +# someName: someValue + +resources: +- ../crd +- ../rbac +- ../manager +# [PROMETHEUS] To enable prometheus monitor, uncomment all sections with 'PROMETHEUS'. +#- ../prometheus + +patchesStrategicMerge: +# Protect the /metrics endpoint by putting it behind auth. +# If you want your controller-manager to expose the /metrics +# endpoint w/o any authn/z, please comment the following line. +- manager_auth_proxy_patch.yaml + + diff --git a/containers/tenant-namespace-operator/config/default/manager_auth_proxy_patch.yaml b/containers/tenant-namespace-operator/config/default/manager_auth_proxy_patch.yaml new file mode 100644 index 0000000..9e1fc82 --- /dev/null +++ b/containers/tenant-namespace-operator/config/default/manager_auth_proxy_patch.yaml @@ -0,0 +1,56 @@ +# This patch inject a sidecar container which is a HTTP proxy for the +# controller manager, it performs RBAC authorization against the Kubernetes API using SubjectAccessReviews. +apiVersion: apps/v1 +kind: Deployment +metadata: + name: controller-manager + namespace: system +spec: + template: + spec: + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: kubernetes.io/arch + operator: In + values: + - amd64 + - arm64 + - ppc64le + - s390x + - key: kubernetes.io/os + operator: In + values: + - linux + containers: + - name: kube-rbac-proxy + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - "ALL" + image: gcr.io/kubebuilder/kube-rbac-proxy:v0.13.1 + args: + - "--secure-listen-address=0.0.0.0:8443" + - "--upstream=http://127.0.0.1:8080/" + - "--logtostderr=true" + - "--v=0" + ports: + - containerPort: 8443 + protocol: TCP + name: https + resources: + limits: + cpu: 500m + memory: 128Mi + requests: + cpu: 5m + memory: 64Mi + - name: manager + args: + - "--health-probe-bind-address=:6789" + - "--metrics-bind-address=127.0.0.1:8080" + - "--leader-elect" + - "--leader-election-id=tenant-namespace-operator" diff --git a/containers/tenant-namespace-operator/config/default/manager_config_patch.yaml b/containers/tenant-namespace-operator/config/default/manager_config_patch.yaml new file mode 100644 index 0000000..f6f5891 --- /dev/null +++ b/containers/tenant-namespace-operator/config/default/manager_config_patch.yaml @@ -0,0 +1,10 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: controller-manager + namespace: system +spec: + template: + spec: + containers: + - name: manager diff --git a/containers/tenant-namespace-operator/config/manager/kustomization.yaml b/containers/tenant-namespace-operator/config/manager/kustomization.yaml new file mode 100644 index 0000000..5c5f0b8 --- /dev/null +++ b/containers/tenant-namespace-operator/config/manager/kustomization.yaml @@ -0,0 +1,2 @@ +resources: +- manager.yaml diff --git a/containers/tenant-namespace-operator/config/manager/manager.yaml b/containers/tenant-namespace-operator/config/manager/manager.yaml new file mode 100644 index 0000000..4710fb7 --- /dev/null +++ b/containers/tenant-namespace-operator/config/manager/manager.yaml @@ -0,0 +1,81 @@ +apiVersion: v1 +kind: Namespace +metadata: + labels: + control-plane: controller-manager + name: system +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: controller-manager + namespace: system + labels: + control-plane: controller-manager +spec: + selector: + matchLabels: + control-plane: controller-manager + replicas: 1 + template: + metadata: + annotations: + kubectl.kubernetes.io/default-container: manager + labels: + control-plane: controller-manager + spec: + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: kubernetes.io/arch + operator: In + values: + - amd64 + - arm64 + - key: kubernetes.io/os + operator: In + values: + - linux + securityContext: + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + containers: + - args: + - --leader-elect + - --leader-election-id=tenant-namespace-operator + image: controller:latest + name: manager + env: + - name: ANSIBLE_GATHERING + value: explicit + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - "ALL" + livenessProbe: + httpGet: + path: /healthz + port: 6789 + initialDelaySeconds: 15 + periodSeconds: 20 + readinessProbe: + httpGet: + path: /readyz + port: 6789 + initialDelaySeconds: 5 + periodSeconds: 10 + # TODO(user): Configure the resources accordingly based on the project requirements. + # More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + resources: + limits: + cpu: 500m + memory: 768Mi + requests: + cpu: 10m + memory: 256Mi + serviceAccountName: controller-manager + terminationGracePeriodSeconds: 10 diff --git a/containers/tenant-namespace-operator/config/manifests/kustomization.yaml b/containers/tenant-namespace-operator/config/manifests/kustomization.yaml new file mode 100644 index 0000000..6063a99 --- /dev/null +++ b/containers/tenant-namespace-operator/config/manifests/kustomization.yaml @@ -0,0 +1,7 @@ +# These resources constitute the fully configured set of manifests +# used to generate the 'manifests/' directory in a bundle. +resources: +- bases/tenant-namespace-operator.clusterserviceversion.yaml +- ../default +- ../samples +- ../scorecard diff --git a/containers/tenant-namespace-operator/config/prometheus/kustomization.yaml b/containers/tenant-namespace-operator/config/prometheus/kustomization.yaml new file mode 100644 index 0000000..ed13716 --- /dev/null +++ b/containers/tenant-namespace-operator/config/prometheus/kustomization.yaml @@ -0,0 +1,2 @@ +resources: +- monitor.yaml diff --git a/containers/tenant-namespace-operator/config/prometheus/monitor.yaml b/containers/tenant-namespace-operator/config/prometheus/monitor.yaml new file mode 100644 index 0000000..d19136a --- /dev/null +++ b/containers/tenant-namespace-operator/config/prometheus/monitor.yaml @@ -0,0 +1,20 @@ + +# Prometheus Monitor Service (Metrics) +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + labels: + control-plane: controller-manager + name: controller-manager-metrics-monitor + namespace: system +spec: + endpoints: + - path: /metrics + port: https + scheme: https + bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token + tlsConfig: + insecureSkipVerify: true + selector: + matchLabels: + control-plane: controller-manager diff --git a/containers/tenant-namespace-operator/config/rbac/auth_proxy_client_clusterrole.yaml b/containers/tenant-namespace-operator/config/rbac/auth_proxy_client_clusterrole.yaml new file mode 100644 index 0000000..51a75db --- /dev/null +++ b/containers/tenant-namespace-operator/config/rbac/auth_proxy_client_clusterrole.yaml @@ -0,0 +1,9 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: metrics-reader +rules: +- nonResourceURLs: + - "/metrics" + verbs: + - get diff --git a/containers/tenant-namespace-operator/config/rbac/auth_proxy_role.yaml b/containers/tenant-namespace-operator/config/rbac/auth_proxy_role.yaml new file mode 100644 index 0000000..80e1857 --- /dev/null +++ b/containers/tenant-namespace-operator/config/rbac/auth_proxy_role.yaml @@ -0,0 +1,17 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: proxy-role +rules: +- apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create +- apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create diff --git a/containers/tenant-namespace-operator/config/rbac/auth_proxy_role_binding.yaml b/containers/tenant-namespace-operator/config/rbac/auth_proxy_role_binding.yaml new file mode 100644 index 0000000..ec7acc0 --- /dev/null +++ b/containers/tenant-namespace-operator/config/rbac/auth_proxy_role_binding.yaml @@ -0,0 +1,12 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: proxy-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: proxy-role +subjects: +- kind: ServiceAccount + name: controller-manager + namespace: system diff --git a/containers/tenant-namespace-operator/config/rbac/auth_proxy_service.yaml b/containers/tenant-namespace-operator/config/rbac/auth_proxy_service.yaml new file mode 100644 index 0000000..71f1797 --- /dev/null +++ b/containers/tenant-namespace-operator/config/rbac/auth_proxy_service.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + control-plane: controller-manager + name: controller-manager-metrics-service + namespace: system +spec: + ports: + - name: https + port: 8443 + protocol: TCP + targetPort: https + selector: + control-plane: controller-manager diff --git a/containers/tenant-namespace-operator/config/rbac/kustomization.yaml b/containers/tenant-namespace-operator/config/rbac/kustomization.yaml new file mode 100644 index 0000000..731832a --- /dev/null +++ b/containers/tenant-namespace-operator/config/rbac/kustomization.yaml @@ -0,0 +1,18 @@ +resources: +# All RBAC will be applied under this service account in +# the deployment namespace. You may comment out this resource +# if your manager will use a service account that exists at +# runtime. Be sure to update RoleBinding and ClusterRoleBinding +# subjects if changing service account names. +- service_account.yaml +- role.yaml +- role_binding.yaml +- leader_election_role.yaml +- leader_election_role_binding.yaml +# Comment the following 4 lines if you want to disable +# the auth proxy (https://github.com/brancz/kube-rbac-proxy) +# which protects your /metrics endpoint. +- auth_proxy_service.yaml +- auth_proxy_role.yaml +- auth_proxy_role_binding.yaml +- auth_proxy_client_clusterrole.yaml diff --git a/containers/tenant-namespace-operator/config/rbac/leader_election_role.yaml b/containers/tenant-namespace-operator/config/rbac/leader_election_role.yaml new file mode 100644 index 0000000..4190ec8 --- /dev/null +++ b/containers/tenant-namespace-operator/config/rbac/leader_election_role.yaml @@ -0,0 +1,37 @@ +# permissions to do leader election. +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: leader-election-role +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch diff --git a/containers/tenant-namespace-operator/config/rbac/leader_election_role_binding.yaml b/containers/tenant-namespace-operator/config/rbac/leader_election_role_binding.yaml new file mode 100644 index 0000000..1d1321e --- /dev/null +++ b/containers/tenant-namespace-operator/config/rbac/leader_election_role_binding.yaml @@ -0,0 +1,12 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: leader-election-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: leader-election-role +subjects: +- kind: ServiceAccount + name: controller-manager + namespace: system diff --git a/containers/tenant-namespace-operator/config/rbac/role.yaml b/containers/tenant-namespace-operator/config/rbac/role.yaml new file mode 100644 index 0000000..bee268b --- /dev/null +++ b/containers/tenant-namespace-operator/config/rbac/role.yaml @@ -0,0 +1,138 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: manager-role +rules: + - apiGroups: + - "" + resources: + - pods + - services + - services/finalizers + - endpoints + - events + - configmaps + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + # needed for ingress leader election pre 1.24 + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - apps + resources: + - deployments + - replicasets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - monitoring.coreos.com + resources: + - servicemonitors + - prometheusrules + verbs: + - get + - create + - list + - delete + - patch + - update + - watch + - apiGroups: + - apps + resourceNames: + - tenant-namespace-operator + resources: + - deployments/finalizers + verbs: + - update + ## + ## Base operator rules + ## + - apiGroups: + - "" + resources: + - namespaces + - resourcequotas + - limitranges + verbs: + - "*" + - apiGroups: + - rbac.authorization.k8s.io + resources: + - rolebindings + - clusterroles + - clusterrolebindings + verbs: + - "*" + - apiGroups: + - networking.k8s.io + resources: + - networkpolicies + verbs: + - "*" + - apiGroups: + - extensions + - networking.k8s.io + resources: + - ingresses/status + verbs: + - update + - apiGroups: + - operators.coreos.com + resources: + - operatorgroups + - subscriptions + verbs: + - "*" + ## + ## Rules for miscscripts.pnnl.gov/v1beta1, Kind: TenantNamespace + ## + - apiGroups: + - miscscripts.pnnl.gov + resources: + - tenantnamespaces + - tenantnamespaces/status + - tenantnamespaces/finalizers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + ## + ## Rules for miscscripts.pnnl.gov/v1beta1, Kind: TenantNamespaceFlavor + ## + - apiGroups: + - miscscripts.pnnl.gov + resources: + - tenantnamespaceflavors + verbs: + - get + - list + - watch +#+kubebuilder:scaffold:rules diff --git a/containers/tenant-namespace-operator/config/rbac/role_binding.yaml b/containers/tenant-namespace-operator/config/rbac/role_binding.yaml new file mode 100644 index 0000000..2070ede --- /dev/null +++ b/containers/tenant-namespace-operator/config/rbac/role_binding.yaml @@ -0,0 +1,12 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: manager-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: manager-role +subjects: +- kind: ServiceAccount + name: controller-manager + namespace: system diff --git a/containers/tenant-namespace-operator/config/rbac/service_account.yaml b/containers/tenant-namespace-operator/config/rbac/service_account.yaml new file mode 100644 index 0000000..7cd6025 --- /dev/null +++ b/containers/tenant-namespace-operator/config/rbac/service_account.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: controller-manager + namespace: system diff --git a/containers/tenant-namespace-operator/config/rbac/tenantnamespace_editor_role.yaml b/containers/tenant-namespace-operator/config/rbac/tenantnamespace_editor_role.yaml new file mode 100644 index 0000000..dac1a0e --- /dev/null +++ b/containers/tenant-namespace-operator/config/rbac/tenantnamespace_editor_role.yaml @@ -0,0 +1,24 @@ +# permissions for end users to edit tenantnamespaces. +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: tenantnamespace-editor-role +rules: +- apiGroups: + - miscscripts.pnnl.gov + resources: + - tenantnamespaces + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - miscscripts.pnnl.gov + resources: + - tenantnamespaces/status + verbs: + - get diff --git a/containers/tenant-namespace-operator/config/rbac/tenantnamespace_viewer_role.yaml b/containers/tenant-namespace-operator/config/rbac/tenantnamespace_viewer_role.yaml new file mode 100644 index 0000000..d070c80 --- /dev/null +++ b/containers/tenant-namespace-operator/config/rbac/tenantnamespace_viewer_role.yaml @@ -0,0 +1,20 @@ +# permissions for end users to view tenantnamespaces. +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: tenantnamespace-viewer-role +rules: +- apiGroups: + - miscscripts.pnnl.gov + resources: + - tenantnamespaces + verbs: + - get + - list + - watch +- apiGroups: + - miscscripts.pnnl.gov + resources: + - tenantnamespaces/status + verbs: + - get diff --git a/containers/tenant-namespace-operator/config/rbac/tenantnamespaceflavor_editor_role.yaml b/containers/tenant-namespace-operator/config/rbac/tenantnamespaceflavor_editor_role.yaml new file mode 100644 index 0000000..e6470de --- /dev/null +++ b/containers/tenant-namespace-operator/config/rbac/tenantnamespaceflavor_editor_role.yaml @@ -0,0 +1,24 @@ +# permissions for end users to edit tenantnamespaceflavors. +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: tenantnamespaceflavor-editor-role +rules: +- apiGroups: + - miscscripts.pnnl.gov + resources: + - tenantnamespaceflavors + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - miscscripts.pnnl.gov + resources: + - tenantnamespaceflavors/status + verbs: + - get diff --git a/containers/tenant-namespace-operator/config/rbac/tenantnamespaceflavor_viewer_role.yaml b/containers/tenant-namespace-operator/config/rbac/tenantnamespaceflavor_viewer_role.yaml new file mode 100644 index 0000000..84d6f17 --- /dev/null +++ b/containers/tenant-namespace-operator/config/rbac/tenantnamespaceflavor_viewer_role.yaml @@ -0,0 +1,20 @@ +# permissions for end users to view tenantnamespaceflavors. +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: tenantnamespaceflavor-viewer-role +rules: +- apiGroups: + - miscscripts.pnnl.gov + resources: + - tenantnamespaceflavors + verbs: + - get + - list + - watch +- apiGroups: + - miscscripts.pnnl.gov + resources: + - tenantnamespaceflavors/status + verbs: + - get diff --git a/containers/tenant-namespace-operator/config/samples/kustomization.yaml b/containers/tenant-namespace-operator/config/samples/kustomization.yaml new file mode 100644 index 0000000..ea2ca2e --- /dev/null +++ b/containers/tenant-namespace-operator/config/samples/kustomization.yaml @@ -0,0 +1,5 @@ +## Append samples of your project ## +resources: +- miscscripts_v1beta1_tenantnamespace.yaml +- miscscripts_v1beta1_tenantnamespaceflavor.yaml +#+kubebuilder:scaffold:manifestskustomizesamples diff --git a/containers/tenant-namespace-operator/config/samples/miscscripts_v1beta1_tenantnamespace.yaml b/containers/tenant-namespace-operator/config/samples/miscscripts_v1beta1_tenantnamespace.yaml new file mode 100644 index 0000000..6385134 --- /dev/null +++ b/containers/tenant-namespace-operator/config/samples/miscscripts_v1beta1_tenantnamespace.yaml @@ -0,0 +1,12 @@ +apiVersion: miscscripts.pnnl.gov/v1beta1 +kind: TenantNamespace +metadata: + name: example +spec: + flavorRef: + name: example + kind: TenantNamespaceFlavor + group: miscscripts.pnnl.gov +# ingress: +# nginx: +# enabled: false diff --git a/containers/tenant-namespace-operator/config/samples/miscscripts_v1beta1_tenantnamespaceflavor.yaml b/containers/tenant-namespace-operator/config/samples/miscscripts_v1beta1_tenantnamespaceflavor.yaml new file mode 100644 index 0000000..5c345b0 --- /dev/null +++ b/containers/tenant-namespace-operator/config/samples/miscscripts_v1beta1_tenantnamespaceflavor.yaml @@ -0,0 +1,5 @@ +apiVersion: miscscripts.pnnl.gov/v1beta1 +kind: TenantNamespaceFlavor +metadata: + name: example +spec: {} diff --git a/containers/tenant-namespace-operator/config/scorecard/bases/config.yaml b/containers/tenant-namespace-operator/config/scorecard/bases/config.yaml new file mode 100644 index 0000000..c770478 --- /dev/null +++ b/containers/tenant-namespace-operator/config/scorecard/bases/config.yaml @@ -0,0 +1,7 @@ +apiVersion: scorecard.operatorframework.io/v1alpha3 +kind: Configuration +metadata: + name: config +stages: +- parallel: true + tests: [] diff --git a/containers/tenant-namespace-operator/config/scorecard/kustomization.yaml b/containers/tenant-namespace-operator/config/scorecard/kustomization.yaml new file mode 100644 index 0000000..50cd2d0 --- /dev/null +++ b/containers/tenant-namespace-operator/config/scorecard/kustomization.yaml @@ -0,0 +1,16 @@ +resources: +- bases/config.yaml +patchesJson6902: +- path: patches/basic.config.yaml + target: + group: scorecard.operatorframework.io + version: v1alpha3 + kind: Configuration + name: config +- path: patches/olm.config.yaml + target: + group: scorecard.operatorframework.io + version: v1alpha3 + kind: Configuration + name: config +#+kubebuilder:scaffold:patchesJson6902 diff --git a/containers/tenant-namespace-operator/config/scorecard/patches/basic.config.yaml b/containers/tenant-namespace-operator/config/scorecard/patches/basic.config.yaml new file mode 100644 index 0000000..472a988 --- /dev/null +++ b/containers/tenant-namespace-operator/config/scorecard/patches/basic.config.yaml @@ -0,0 +1,10 @@ +- op: add + path: /stages/0/tests/- + value: + entrypoint: + - scorecard-test + - basic-check-spec + image: quay.io/operator-framework/scorecard-test:v1.32.0 + labels: + suite: basic + test: basic-check-spec-test diff --git a/containers/tenant-namespace-operator/config/scorecard/patches/olm.config.yaml b/containers/tenant-namespace-operator/config/scorecard/patches/olm.config.yaml new file mode 100644 index 0000000..343c6d8 --- /dev/null +++ b/containers/tenant-namespace-operator/config/scorecard/patches/olm.config.yaml @@ -0,0 +1,50 @@ +- op: add + path: /stages/0/tests/- + value: + entrypoint: + - scorecard-test + - olm-bundle-validation + image: quay.io/operator-framework/scorecard-test:v1.32.0 + labels: + suite: olm + test: olm-bundle-validation-test +- op: add + path: /stages/0/tests/- + value: + entrypoint: + - scorecard-test + - olm-crds-have-validation + image: quay.io/operator-framework/scorecard-test:v1.32.0 + labels: + suite: olm + test: olm-crds-have-validation-test +- op: add + path: /stages/0/tests/- + value: + entrypoint: + - scorecard-test + - olm-crds-have-resources + image: quay.io/operator-framework/scorecard-test:v1.32.0 + labels: + suite: olm + test: olm-crds-have-resources-test +- op: add + path: /stages/0/tests/- + value: + entrypoint: + - scorecard-test + - olm-spec-descriptors + image: quay.io/operator-framework/scorecard-test:v1.32.0 + labels: + suite: olm + test: olm-spec-descriptors-test +- op: add + path: /stages/0/tests/- + value: + entrypoint: + - scorecard-test + - olm-status-descriptors + image: quay.io/operator-framework/scorecard-test:v1.32.0 + labels: + suite: olm + test: olm-status-descriptors-test diff --git a/containers/tenant-namespace-operator/configmap.patch b/containers/tenant-namespace-operator/configmap.patch new file mode 100644 index 0000000..9c11185 --- /dev/null +++ b/containers/tenant-namespace-operator/configmap.patch @@ -0,0 +1,75 @@ +diff --git a/charts/ingress-nginx/templates/controller-daemonset.yaml b/charts/ingress-nginx/templates/controller-daemonset.yaml +index 991dc4f3653..b20ada1f434 100644 +--- a/charts/ingress-nginx/templates/controller-daemonset.yaml ++++ b/charts/ingress-nginx/templates/controller-daemonset.yaml +@@ -80,15 +80,15 @@ spec: + {{- end }} + - --election-id={{ .Values.controller.electionID }} + - --ingress-class={{ .Values.controller.ingressClass }} +- - --configmap={{ .Release.Namespace }}/{{ include "ingress-nginx.controller.fullname" . }} ++ - --configmap={{ default "$(POD_NAMESPACE)" .Values.controller.configMapNamespace }}/{{ include "ingress-nginx.controller.fullname" . }} + {{- if .Values.tcp }} +- - --tcp-services-configmap={{ .Release.Namespace }}/{{ include "ingress-nginx.fullname" . }}-tcp ++ - --tcp-services-configmap={{ default "$(POD_NAMESPACE)" .Values.controller.tcp.configMapNamespace }}/{{ include "ingress-nginx.fullname" . }}-tcp + {{- end }} + {{- if .Values.udp }} +- - --udp-services-configmap={{ .Release.Namespace }}/{{ include "ingress-nginx.fullname" . }}-udp ++ - --udp-services-configmap={{ default "$(POD_NAMESPACE)" .Values.controller.udp.configMapNamespace }}/{{ include "ingress-nginx.fullname" . }}-udp + {{- end }} + {{- if .Values.controller.scope.enabled }} +- - --watch-namespace={{ default .Release.Namespace .Values.controller.scope.namespace }} ++ - --watch-namespace={{ default "$(POD_NAMESPACE)" .Values.controller.scope.namespace }} + {{- end }} + {{- if and .Values.controller.reportNodeInternalIp .Values.controller.hostNetwork }} + - --report-node-internal-ip-address={{ .Values.controller.reportNodeInternalIp }} +diff --git a/charts/ingress-nginx/templates/controller-deployment.yaml b/charts/ingress-nginx/templates/controller-deployment.yaml +index fe3b56a73ce..97dc7251557 100644 +--- a/charts/ingress-nginx/templates/controller-deployment.yaml ++++ b/charts/ingress-nginx/templates/controller-deployment.yaml +@@ -84,12 +84,12 @@ spec: + {{- end }} + - --election-id={{ .Values.controller.electionID }} + - --ingress-class={{ .Values.controller.ingressClass }} +- - --configmap=$(POD_NAMESPACE)/{{ include "ingress-nginx.controller.fullname" . }} ++ - --configmap={{ default "$(POD_NAMESPACE)" .Values.controller.configMapNamespace }}/{{ include "ingress-nginx.controller.fullname" . }} + {{- if .Values.tcp }} +- - --tcp-services-configmap=$(POD_NAMESPACE)/{{ include "ingress-nginx.fullname" . }}-tcp ++ - --tcp-services-configmap={{ default "$(POD_NAMESPACE)" .Values.controller.tcp.configMapNamespace }}/{{ include "ingress-nginx.fullname" . }}-tcp + {{- end }} + {{- if .Values.udp }} +- - --udp-services-configmap=$(POD_NAMESPACE)/{{ include "ingress-nginx.fullname" . }}-udp ++ - --udp-services-configmap={{ default "$(POD_NAMESPACE)" .Values.controller.udp.configMapNamespace }}/{{ include "ingress-nginx.fullname" . }}-udp + {{- end }} + {{- if .Values.controller.scope.enabled }} + - --watch-namespace={{ default "$(POD_NAMESPACE)" .Values.controller.scope.namespace }} +diff --git a/charts/ingress-nginx/values.yaml b/charts/ingress-nginx/values.yaml +index 0f66c48ef47..944d00ab704 100644 +--- a/charts/ingress-nginx/values.yaml ++++ b/charts/ingress-nginx/values.yaml +@@ -109,23 +109,23 @@ controller: + ## + scope: + enabled: false +- namespace: "" # defaults to .Release.Namespace ++ namespace: "" # defaults to $(POD_NAMESPACE) + + ## Allows customization of the configmap / nginx-configmap namespace + ## +- configMapNamespace: "" # defaults to .Release.Namespace ++ configMapNamespace: "" # defaults to $(POD_NAMESPACE) + + ## Allows customization of the tcp-services-configmap + ## + tcp: +- configMapNamespace: "" # defaults to .Release.Namespace ++ configMapNamespace: "" # defaults to $(POD_NAMESPACE) + ## Annotations to be added to the tcp config configmap + annotations: {} + + ## Allows customization of the udp-services-configmap + ## + udp: +- configMapNamespace: "" # defaults to .Release.Namespace ++ configMapNamespace: "" # defaults to $(POD_NAMESPACE) + ## Annotations to be added to the udp config configmap + annotations: {} diff --git a/containers/tenant-namespace-operator/requirements.yml b/containers/tenant-namespace-operator/requirements.yml new file mode 100644 index 0000000..8baf919 --- /dev/null +++ b/containers/tenant-namespace-operator/requirements.yml @@ -0,0 +1,10 @@ +--- +collections: + - name: operator_sdk.util + version: "0.5.0" + - name: kubernetes.core + version: "2.4.0" + - name: cloud.common + version: "2.1.1" + - name: community.docker + version: "3.4.0" diff --git a/containers/tenant-namespace-operator/roles/tenantnamespace/README.md b/containers/tenant-namespace-operator/roles/tenantnamespace/README.md new file mode 100644 index 0000000..c88a8ca --- /dev/null +++ b/containers/tenant-namespace-operator/roles/tenantnamespace/README.md @@ -0,0 +1,43 @@ +Role Name +========= + +A brief description of the role goes here. + +Requirements +------------ + +Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, +if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required. + +Role Variables +-------------- + +A description of the settable variables for this role should go here, including any variables that are in +defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables +that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well. + +Dependencies +------------ + +A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set +for other roles, or variables that are used from other roles. + +Example Playbook +---------------- + +Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for +users too: + + - hosts: servers + roles: + - { role: username.rolename, x: 42 } + +License +------- + +Apache + +Author Information +------------------ + +An optional section for the role authors to include contact information, or a website (HTML is not allowed). diff --git a/containers/tenant-namespace-operator/roles/tenantnamespace/defaults/main.yml b/containers/tenant-namespace-operator/roles/tenantnamespace/defaults/main.yml new file mode 100644 index 0000000..ef917c4 --- /dev/null +++ b/containers/tenant-namespace-operator/roles/tenantnamespace/defaults/main.yml @@ -0,0 +1,2 @@ +--- +# defaults file for TenantNamespace diff --git a/containers/tenant-namespace-operator/roles/tenantnamespace/handlers/main.yml b/containers/tenant-namespace-operator/roles/tenantnamespace/handlers/main.yml new file mode 100644 index 0000000..66f94e3 --- /dev/null +++ b/containers/tenant-namespace-operator/roles/tenantnamespace/handlers/main.yml @@ -0,0 +1,2 @@ +--- +# handlers file for TenantNamespace diff --git a/containers/tenant-namespace-operator/roles/tenantnamespace/meta/main.yml b/containers/tenant-namespace-operator/roles/tenantnamespace/meta/main.yml new file mode 100644 index 0000000..e496738 --- /dev/null +++ b/containers/tenant-namespace-operator/roles/tenantnamespace/meta/main.yml @@ -0,0 +1,64 @@ +--- +galaxy_info: + author: your name + description: your description + company: your company (optional) + + # If the issue tracker for your role is not on github, uncomment the + # next line and provide a value + # issue_tracker_url: http://example.com/issue/tracker + + # Some suggested licenses: + # - BSD (default) + # - MIT + # - GPLv2 + # - GPLv3 + # - Apache + # - CC-BY + license: license (GPLv2, CC-BY, etc) + + min_ansible_version: "2.9" + + # If this a Container Enabled role, provide the minimum Ansible Container version. + # min_ansible_container_version: + + # Optionally specify the branch Galaxy will use when accessing the GitHub + # repo for this role. During role install, if no tags are available, + # Galaxy will use this branch. During import Galaxy will access files on + # this branch. If Travis integration is configured, only notifications for this + # branch will be accepted. Otherwise, in all cases, the repo's default branch + # (usually master) will be used. + #github_branch: + + # + # Provide a list of supported platforms, and for each platform a list of versions. + # If you don't wish to enumerate all versions for a particular platform, use 'all'. + # To view available platforms and versions (or releases), visit: + # https://galaxy.ansible.com/api/v1/platforms/ + # + # platforms: + # - name: Fedora + # versions: + # - all + # - 25 + # - name: SomePlatform + # versions: + # - all + # - 1.0 + # - 7 + # - 99.99 + + galaxy_tags: [] + # List tags for your role here, one per line. A tag is a keyword that describes + # and categorizes the role. Users find roles by searching for tags. Be sure to + # remove the '[]' above, if you add tags to this list. + # + # NOTE: A tag is limited to a single word comprised of alphanumeric characters. + # Maximum 20 tags per role. + +dependencies: [] + # List your role dependencies here, one per line. Be sure to remove the '[]' above, + # if you add dependencies to this list. +collections: + - operator_sdk.util + - kubernetes.core diff --git a/containers/tenant-namespace-operator/roles/tenantnamespace/tasks/main.yml b/containers/tenant-namespace-operator/roles/tenantnamespace/tasks/main.yml new file mode 100644 index 0000000..b9cff64 --- /dev/null +++ b/containers/tenant-namespace-operator/roles/tenantnamespace/tasks/main.yml @@ -0,0 +1,210 @@ +--- +# tasks file for TenantNamespace + +- name: Set dryrun value + ansible.builtin.set_fact: + _dryrun: "{{ lookup('env', 'DRYRUN') | default('False') | bool }}" + +# required until markUnsafe applies to the full fact from the sdk +- name: Fetch cr content safely + kubernetes.core.k8s_info: + api_version: miscscripts.pnnl.gov/v1beta1 + kind: TenantNamespace + name: "{{ ansible_operator_meta.name }}" + register: _cr_response + failed_when: + - _cr_response.resources | length == 0 + +- name: Set cr var + ansible.builtin.set_fact: + _safe_cr: "{{ _cr_response.resources[0] }}" + +- name: Set admin labels + ansible.builtin.set_fact: + _adminlabels: "{{ _safe_cr.spec.extraNamespaceLabels | default({}) | combine({'name': ansible_operator_meta.name + '-admin', 'miscscripts.pnnl.gov/namespace-type': 'admin'}, recursive=True) }}" + +- name: Create the k8s admin namespace + kubernetes.core.k8s: + state: present + definition: + apiVersion: v1 + kind: Namespace + metadata: + name: "{{ ansible_operator_meta.name }}-admin" + labels: "{{ _adminlabels }}" + annotations: "{{ _safe_cr.spec.extraNamespaceAnnotations | default({}) }}" + check_mode: "{{ _dryrun }}" + +- name: Set initial defaults. They be overridden. + ansible.builtin.set_fact: + _merged_values: + magicnamespace: + tiller: + enabled: false + gitlabRunner: + autoSetNamespaceAndTags: true + spec: + runners: {} + ingress: + nginx: + enabled: true + +- name: Load in Flavor values if referenced + when: + - _safe_cr.spec.flavorRef is defined + - _safe_cr.spec.flavorRef.kind == "TenantNamespaceFlavor" + - _safe_cr.spec.flavorRef.group == "miscscripts.pnnl.gov" + block: + - name: Fetch referenced flavor + kubernetes.core.k8s_info: + api_version: miscscripts.pnnl.gov/v1beta1 + kind: TenantNamespaceFlavor + name: "{{ _safe_cr.spec.flavorRef.name }}" + register: _flavor + # Failures immediately trigger another reconciliation + failed_when: + - _flavor.resources | length == 0 + - name: Merge in flavor values + ansible.builtin.set_fact: + _merged_values: "{{ _merged_values | combine(_flavor.resources[0].spec, recursive=True) }}" + +- name: Set values from CR + ansible.builtin.set_fact: + _merged_values: "{{ _merged_values | combine(_safe_cr.spec, recursive=True) }}" + +- name: Setup gitlabRunner if needed + ansible.builtin.set_fact: + _gitlabrunnerconfig: + gitlabRunner: + spec: + runners: + namespace: "{{ ansible_operator_meta.name }}" + tags: "{{ (_merged_values.gitlabRunner.spec.runners.tags.split(',') + [ansible_operator_meta.name]) | unique | list | join(',') }}" + when: + - _merged_values.gitlabRunner.spec.runners.tags is defined +- name: Setup gitlabRunner if needed + ansible.builtin.set_fact: + _gitlabrunnerconfig: + gitlabRunner: + spec: + runners: + namespace: "{{ ansible_operator_meta.name }}" + tags: "{{ ansible_operator_meta.name }}" + when: + - _merged_values.gitlabRunner.spec.runners.tags is not defined + +- name: Merge gitlabRunner values + ansible.builtin.set_fact: + _merged_values: "{{ _merged_values | combine(_gitlabrunnerconfig, recursive=True) }}" + when: + - _merged_values.gitlabRunner.autoSetNamespaceAndTags + +- name: Set value for forced settings + ansible.builtin.set_fact: + _overrides: + namespace: "{{ ansible_operator_meta.name }}" + magicnamespace: + namespace: "{{ ansible_operator_meta.name }}" + ingress: + nginx: + clusterRole: "{{ lookup('env', 'INGRESS_CLUSTERROLE') | default('tenant-namespace-operator-ingress-controller') }}" + controller: + scope: + namespace: "{{ ansible_operator_meta.name }}" + +- name: Force namespace settings. Can not be overridden. + ansible.builtin.set_fact: + _merged_values: "{{ _merged_values | combine(_overrides, recursive=True) }}" + +- name: Set ingress ip if known + ansible.builtin.set_fact: + _load_balancer_ip: "{{ _safe_cr.status.loadBalancerIP }}" + when: + - _safe_cr.status.loadBalancerIP is defined + +- name: Fetch ingress service + kubernetes.core.k8s_info: + api_version: v1 + kind: Service + name: "{{ ansible_operator_meta.name }}-ingress-controller" + namespace: "{{ ansible_operator_meta.name }}-admin" + register: _ingress_service + when: > + _merged_values.ingress.nginx.enabled and + _load_balancer_ip is not defined + +# each task inherits the when conditions, rely on not fetching ingress when it is set in status +- name: Merge in existing ingress ip if exists + when: + - _merged_values.ingress.controller.service.loadBalancerIP is not defined + - _ingress_service.resources[0].status.loadBalancer.ingress[0].ip is defined + block: + - name: Set ingress ip. + ansible.builtin.set_fact: + _load_balancer_ip: "{{ _ingress_service.resources[0].status.loadBalancer.ingress[0].ip }}" + - name: Set ingress ip in CR status + operator_sdk.util.k8s_status: + api_version: miscscripts.pnnl.gov/v1beta1 + kind: TenantNamespace + name: "{{ ansible_operator_meta.name }}" + namespace: "{{ ansible_operator_meta.namespace }}" + status: + loadBalancerIP: "{{ _load_balancer_ip }}" + +- name: Set ingress ip if specified + ansible.builtin.set_fact: + _load_balancer_ip: "{{ _merged_values.ingress.controller.service.loadBalancerIP }}" + when: + - _load_balancer_ip is not defined + - _merged_values.ingress.controller.service.loadBalancerIP is defined + +- name: Force loadBalancerIP address setting + ansible.builtin.set_fact: + _load_balancer_ip_overrides: + ingress: + controller: + service: + loadBalancerIP: "{{ _load_balancer_ip }}" + when: + - _load_balancer_ip is defined +- name: Force loadBalancerIP. Can not be overridden. + ansible.builtin.set_fact: + _merged_values: "{{ _merged_values | combine(_load_balancer_ip_overrides, recursive=True) }}" + when: + - _load_balancer_ip is defined + +# FIXME Consider making a service account specifically for this so it can't cross namespaces as far as it can today +- name: Run Helm + kubernetes.core.helm: + name: "{{ ansible_operator_meta.name }}" + namespace: "{{ ansible_operator_meta.name }}-admin" + chart_ref: ${HOME}/tenant-namespace + values: "{{ _merged_values }}" + register: _objs + check_mode: "{{ _dryrun }}" + diff: "{{ _dryrun }}" + +- name: Set diff output on status + operator_sdk.util.k8s_status: + api_version: miscscripts.pnnl.gov/v1beta1 + kind: TenantNamespace + name: "{{ ansible_operator_meta.name }}" + namespace: "{{ ansible_operator_meta.namespace }}" + status: + diff: "{{ ((_objs.diff.prepared | default('')) + '\n') | b64encode }}" + +- name: Set user labels + ansible.builtin.set_fact: + _userlabels: "{{ _safe_cr.spec.extraNamespaceLabels | default({}) | combine({'name': ansible_operator_meta.name, 'miscscripts.pnnl.gov/namespace-type': 'user'}, recursive=True) }}" + +- name: Create the k8s user namespace + kubernetes.core.k8s: + state: present + definition: + apiVersion: v1 + kind: Namespace + metadata: + name: "{{ ansible_operator_meta.name }}" + labels: "{{ _userlabels }}" + annotations: "{{ _safe_cr.spec.extraNamespaceAnnotations | default({}) }}" + check_mode: "{{ _dryrun }}" diff --git a/containers/tenant-namespace-operator/roles/tenantnamespace/vars/main.yml b/containers/tenant-namespace-operator/roles/tenantnamespace/vars/main.yml new file mode 100644 index 0000000..901daba --- /dev/null +++ b/containers/tenant-namespace-operator/roles/tenantnamespace/vars/main.yml @@ -0,0 +1,2 @@ +--- +# vars file for TenantNamespace diff --git a/containers/tenant-namespace-operator/roles/tenantnamespacefin/README.md b/containers/tenant-namespace-operator/roles/tenantnamespacefin/README.md new file mode 100644 index 0000000..3ebede3 --- /dev/null +++ b/containers/tenant-namespace-operator/roles/tenantnamespacefin/README.md @@ -0,0 +1,38 @@ +Role Name +========= + +A brief description of the role goes here. + +Requirements +------------ + +Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required. + +Role Variables +-------------- + +A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well. + +Dependencies +------------ + +A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles. + +Example Playbook +---------------- + +Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too: + + - hosts: servers + roles: + - { role: username.rolename, x: 42 } + +License +------- + +Apache + +Author Information +------------------ + +An optional section for the role authors to include contact information, or a website (HTML is not allowed). diff --git a/containers/tenant-namespace-operator/roles/tenantnamespacefin/defaults/main.yml b/containers/tenant-namespace-operator/roles/tenantnamespacefin/defaults/main.yml new file mode 100644 index 0000000..e3bc486 --- /dev/null +++ b/containers/tenant-namespace-operator/roles/tenantnamespacefin/defaults/main.yml @@ -0,0 +1,2 @@ +--- +# defaults file for tenantnamespace diff --git a/containers/tenant-namespace-operator/roles/tenantnamespacefin/handlers/main.yml b/containers/tenant-namespace-operator/roles/tenantnamespacefin/handlers/main.yml new file mode 100644 index 0000000..b9adc54 --- /dev/null +++ b/containers/tenant-namespace-operator/roles/tenantnamespacefin/handlers/main.yml @@ -0,0 +1,2 @@ +--- +# handlers file for gitlabrunner diff --git a/containers/tenant-namespace-operator/roles/tenantnamespacefin/meta/main.yml b/containers/tenant-namespace-operator/roles/tenantnamespacefin/meta/main.yml new file mode 100644 index 0000000..e496738 --- /dev/null +++ b/containers/tenant-namespace-operator/roles/tenantnamespacefin/meta/main.yml @@ -0,0 +1,64 @@ +--- +galaxy_info: + author: your name + description: your description + company: your company (optional) + + # If the issue tracker for your role is not on github, uncomment the + # next line and provide a value + # issue_tracker_url: http://example.com/issue/tracker + + # Some suggested licenses: + # - BSD (default) + # - MIT + # - GPLv2 + # - GPLv3 + # - Apache + # - CC-BY + license: license (GPLv2, CC-BY, etc) + + min_ansible_version: "2.9" + + # If this a Container Enabled role, provide the minimum Ansible Container version. + # min_ansible_container_version: + + # Optionally specify the branch Galaxy will use when accessing the GitHub + # repo for this role. During role install, if no tags are available, + # Galaxy will use this branch. During import Galaxy will access files on + # this branch. If Travis integration is configured, only notifications for this + # branch will be accepted. Otherwise, in all cases, the repo's default branch + # (usually master) will be used. + #github_branch: + + # + # Provide a list of supported platforms, and for each platform a list of versions. + # If you don't wish to enumerate all versions for a particular platform, use 'all'. + # To view available platforms and versions (or releases), visit: + # https://galaxy.ansible.com/api/v1/platforms/ + # + # platforms: + # - name: Fedora + # versions: + # - all + # - 25 + # - name: SomePlatform + # versions: + # - all + # - 1.0 + # - 7 + # - 99.99 + + galaxy_tags: [] + # List tags for your role here, one per line. A tag is a keyword that describes + # and categorizes the role. Users find roles by searching for tags. Be sure to + # remove the '[]' above, if you add tags to this list. + # + # NOTE: A tag is limited to a single word comprised of alphanumeric characters. + # Maximum 20 tags per role. + +dependencies: [] + # List your role dependencies here, one per line. Be sure to remove the '[]' above, + # if you add dependencies to this list. +collections: + - operator_sdk.util + - kubernetes.core diff --git a/containers/tenant-namespace-operator/roles/tenantnamespacefin/tasks/main.yml b/containers/tenant-namespace-operator/roles/tenantnamespacefin/tasks/main.yml new file mode 100644 index 0000000..c790c7d --- /dev/null +++ b/containers/tenant-namespace-operator/roles/tenantnamespacefin/tasks/main.yml @@ -0,0 +1,28 @@ +--- +# tasks file for tenantnamespace + +# Check to see release exists. If it doesnt continue on. If it does, delete it. +- name: Delete the helm release + kubernetes.core.helm: + name: "{{ ansible_operator_meta.name }}" + namespace: "{{ ansible_operator_meta.name }}-admin" + state: absent + register: _objs + +- name: Delete the k8s user namespace + kubernetes.core.k8s: + state: absent + definition: + apiVersion: v1 + kind: Namespace + metadata: + name: "{{ ansible_operator_meta.name }}" + +- name: Delete the k8s admin namespace + kubernetes.core.k8s: + state: absent + definition: + apiVersion: v1 + kind: Namespace + metadata: + name: "{{ ansible_operator_meta.name }}-admin" diff --git a/containers/tenant-namespace-operator/roles/tenantnamespacefin/vars/main.yml b/containers/tenant-namespace-operator/roles/tenantnamespacefin/vars/main.yml new file mode 100644 index 0000000..b2e5b69 --- /dev/null +++ b/containers/tenant-namespace-operator/roles/tenantnamespacefin/vars/main.yml @@ -0,0 +1,2 @@ +--- +# vars file for tenantnamespace diff --git a/containers/tenant-namespace-operator/watches.yaml b/containers/tenant-namespace-operator/watches.yaml new file mode 100644 index 0000000..5744636 --- /dev/null +++ b/containers/tenant-namespace-operator/watches.yaml @@ -0,0 +1,12 @@ +--- +# Use the 'create api' subcommand to add watches to this file. +- version: v1beta1 + group: miscscripts.pnnl.gov + kind: TenantNamespace + role: tenantnamespace + reconcilePeriod: "60s" + markUnsafe: true + finalizer: + name: finalizer.tenantnamespace.miscscripts.pnnl.gov + role: tenantnamespacefin +#+kubebuilder:scaffold:watch diff --git a/rpm.priv.enc b/rpm.priv.enc new file mode 100644 index 0000000..7b82bb6 Binary files /dev/null and b/rpm.priv.enc differ diff --git a/rpm.pub b/rpm.pub new file mode 100644 index 0000000..a8e6299 --- /dev/null +++ b/rpm.pub @@ -0,0 +1,19 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: GnuPG v2.0.22 (GNU/Linux) + +mQENBFynegoBCAC/rgmquYjaCh9KtQOP7CJu1jtr0VtH5CTZhK4WBrXviDbo4aTO +Htxh7brq7NqyGEg1y+3j8y3kN9OsbEvj9hwj26MYWWfkgYKwil6VbNK5n/UpjI9/ +Uit8xkdpjUqnTGCTxGdG5dQMpY0gWoLJiYSl2inO+Zd5koCqL7riwZbkgddXm09V +5t1sSYXpmTHFcc8Q5Ilz3WkmZ/YcoJsTbbdeYXlVzbN0MJAx0anuvQbLLgZELB8i +hK0zouUg+lziFzaBdNbMVZbdpaqtgzATQlhhlA/i5p9omQFgg42hAeiq8TZ7Y2Ky +M3hM6ivIgPviJ2fL7d3oyWsKD0GY8aDnmrQ3ABEBAAG0H01JU0NTQ1JJUFRTIFBh +Y2thZ2VzIDxuYUBuYS5uYT6JAT8EEwECACkFAlynegoCGy8FCThkCQAHCwkIBwMC +AQYVCAIJCgsEFgIDAQIeAQIXgAAKCRCvvxWjAdnBTpJnB/0aR8StiOjTsd8uz1Tx +pWH20YigZ9g7JBN4ZUj6UaBWN9CNjaUDfeefjL6GmNTIOq7YCnc9kVKNblpMkxZ7 +JnXiy3ITEs3JOUv4wLlsovqEHHJh2K7OSOnJFmgZ3Qs5A8pqZ5eBwHHwqDxT/JYD +BWg3Ezuho02SKyyiYrkZxn5O3PN0ETwzEFBX5wBQg/BOFFgRELhf+TcZOcZcflYq +X7ey1V1gtcaavnG2JAwPLI+/jlXs4qLf6IFhohabpDYjF1Yd0z1++HB90vb83xOd +rJ8F9RaPU5bvAW2k8Lz17/j+Yys4K0NXJUBHVthaxrzCq9NdHrJqAXWjMkCza7pX +aSlL +=Ev+I +-----END PGP PUBLIC KEY BLOCK-----