Adds helm chart for heptio/ark (helm#3795)

* first commit * changes SA name * adds correct rbac rules * renames files; add more customizable vars * updates readme * adds notes * removes config values * changes email in chart * updates readme * test changes author * test change email * test change email * adds prerequisites in readme * fixes typo * adds AWS * updates to version 0.7 * updates version in chart * adds repo source; removes unnecessary values * moves deployment to templates * renames folder * updaates to 0.7.1 * creates ark sa in helpers; separates files according to object type * updates version in chart * adds home to chart * updates to v0.7.1 * modifies chart according to best practices * removes blank line * adds delete backup hook to solve issue crd backup not deleting * adjusts indentation, renames file with using hyphene * moves folder to stable * remove unnecessary test condition * Update to v0.8.1; Add support for Azure * Update readme * Add annotation for kube2iam * Add image for hooks. Update readme * Rename serviceaccount * Use Get instead of Glob * Remove namespace * Add PullPolicy; Modify readme * Rename Chart ark * Add standard labels to resources * Add customizable tolertion and nodeselector * Add missing labels; Use image with tag * Implement suggestion * Various updates * Add missing if block around delete hook Signed-off-by: voron <av@arilot.com>
dysnix · Sep 5, 2018 · e86a908 · e86a908
1 parent d74afef
commit e86a908
Show file tree

Hide file tree

Showing 20 changed files with 654 additions and 0 deletions.
diff --git a/stable/ark/.helmignore b/stable/ark/.helmignore
@@ -0,0 +1,21 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
diff --git a/stable/ark/Chart.yaml b/stable/ark/Chart.yaml
@@ -0,0 +1,13 @@
+apiVersion: v1
+appVersion: 0.8.2
+description: A Helm chart for ark
+name: ark
+version: 1.0.0
+home: https://heptio.com/products/#heptio-ark
+sources:
+- https://github.com/heptio/ark
+maintainers:
+  - name: domcar
+    email: d-caruso@hotmail.it
+  - name: unguiculus
+    email: unguiculus@gmail.com
diff --git a/stable/ark/README.md b/stable/ark/README.md
@@ -0,0 +1,91 @@
+# Ark-server
+
+This helm chart install ark version v0.8.1
+https://github.com/heptio/ark/tree/v0.8.1
+
+## Premise
+In general, Helm cannot install CRDs and resources based on these CRDs in the same Helm chart because CRDs need to be installed before CRD
+resources can be created and Helm cannot guarantee the correct ordering for this to work.
+
+As a workaround, the chart creates a Config resource via post-install hook.
+Since resources created by hooks are not managed by Helm, a pre-delete hook removes the Config CRD when the release is deleted.
+
+At the same time the resources created with the hook are completely transparent to Helm, that is, when you delete the
+chart those resources remain there. Hence we need a sencond hook for deleting them (see hook-delete.yaml)
+
+## ConfigMap customization
+Since we want to have a customizable chart it's important that the configmap is a template and not a static file.
+To do this we add the keyword `tpl` when reading the file
+- {{ (tpl (.Files.Glob "configuration/").AsConfig .) | indent 2 }}
+
+
+## Prerequisites
+
+### Secret for cloud provider credentials
+Ark server needs a IAM service account in order to run, if you don't have it you must create it.
+Please follow the official documentation: https://heptio.github.io/ark/v0.8.1/cloud-common
+
+Don't forget the step to create the secret
+```
+kubectl create secret generic cloud-credentials --namespace <ARK_NAMESPACE> --from-file cloud=credentials-ark
+```
+
+### Configuration
+Please change the values.yaml according to your setup
+See here for the official documentation https://heptio.github.io/ark/v0.8.1/config-definition
+
+Parameter | Description | Default | Required
+--- | --- | --- | ---
+`cloudprovider` | Cloud provider  | `nil` | yes
+`bucket` | Object storage where to store backups  | `nil` | yes
+`region` | AWS region  | `nil` | only if using AWS
+`apitimeout` | Api Timeout  | `nil` | only if using Azure
+`credentials` | Credentials  | `nil` | Yes (not required for kube2iam)
+`backupSyncPeriod` | How frequently Ark queries the object storage to make sure that the appropriate Backup resources have been created for existing backup files. | `60m` | yes
+`gcSyncPeriod` | How frequently Ark queries the object storage to delete backup files that have passed their TTL.  | `60m` | yes
+`scheduleSyncPeriod` | How frequently Ark checks its Schedule resource objects to see if a backup needs to be initiated  | `1m` | yes
+`restoreOnlyMode` | When RestoreOnly mode is on, functionality for backups, schedules, and expired backup deletion is turned off. Restores are made from existing backup files in object storage.  | `false` | yes
+`kubectl.image` | A docker image with kubectl, required by hook-deploy.yaml and hook-delete.yaml  | `docker pull claranet/gcloud-kubectl-docker` | yes
+
+Parameter | Description | Default
+--- | --- | ---
+`image.repository` | Image repository | `gcr.io/heptio-images/ark`
+`image.tag` | Image tag | `v0.8.2`
+`image.pullPolicy` | Image pull policy | `IfNotPresent`
+`kubectl.image.repository` | Image repository | `gcr.io/heptio-images/ark`
+`kubectl.image.tag` | Image tag | `v0.8.2`
+`kubectl.image.pullPolicy` | Image pull policy | `IfNotPresent`
+`podAnnotations` | Annotations for the Ark server pod | `{}`
+`rbac.create` | If true, create and use RBAC resources | `true`
+`rbac.server.serviceAccount.create` | Whether a new service account name that the server will use should be created | `true`
+`rbac.server.serviceAccount.name` | Service account to be used for the server. If not set and `rbac.server.serviceAccount.create` is `true` a name is generated using the fullname template | ``
+`rbac.hook.serviceAccount.create` | Whether a new service account name that the hook will use should be created | `true`
+`rbac.hook.serviceAccount.name` | Service account to be used for the server. If not set and `rbac.hook.serviceAccount.create` is `true` a name is generated using the fullname template | ``
+`tolerations` | List of node taints to tolerate | `[]`
+`nodeSelector` | Node labels for pod assignment | `{}`
+`configuration.persistentVolumeProvider.name` | The name of the cloud provider the cluster is using for persistent volumes, if any | `{}`
+`configuration.persistentVolumeProvider.config.region` | The cloud provider region (AWS only) | ``
+`configuration.persistentVolumeProvider.config.apiTimeout` | The API timeout (Azure only) |
+`configuration.backupStorageProvider.nam` | The name of the cloud provider that will be used to actually store the backups (`aws`, `azure`, `gcp`) | ``
+`configuration.backupStorageProvider.bucket` | The storage bucket where backups are to be uploaded | ``
+`configuration.backupStorageProvider.config.regio`n | The cloud provider region (AWS only) | ``
+`configuration.backupStorageProvider.config.s3ForcePathStyle` | Set to `true` for a local storage service like Minio | ``
+`configuration.backupStorageProvider.config.s3Url` | S3 url (primarily used for local storage services like Minio) | ``
+`configuration.backupStorageProvider.config.kmsKeyId` | KMS key for encryption (AWS only) | ``
+`configuration.backupSyncPeriod` | How frequently Ark queries the object storage to make sure that the appropriate Backup resources have been created for existing backup files | `60m`
+`configuration.gcSyncPeriod` | How frequently Ark queries the object storage to delete backup files that have passed their TTL | `60m`
+`configuration.scheduleSyncPeriod` | How frequently Ark checks its Schedule resource objects to see if a backup needs to be initiated | `1m`
+`configuration.resourcePriorities` | An ordered list that describes the order in which Kubernetes resource objects should be restored | `[]`
+`configuration.restoreOnlyMode` | When RestoreOnly mode is on, functionality for backups, schedules, and expired backup deletion is turned off. Restores are made from existing backup files in object storage | `false`
+`credentials.existingSecret` | If specified and `useSecret` is `true`, uses an existing secret with this name instead of creating one | ``
+`credentials.useSecret` | Whether a secret should be used. Set this to `false` when using `kube2iam` | `true`
+`credentials.secretContents` | Contents for the credentials secret | `{}`
+
+
+## How to
+```
+helm install --name ark --namespace heptio-ark ./ark
+```
+
+## Remove heptio/ark
+Remember that when you remove ark all backups remain untouched
diff --git a/stable/ark/templates/NOTES.txt b/stable/ark/templates/NOTES.txt
@@ -0,0 +1,9 @@
+Check that the ark is up and running:
+
+Check that the secret has been created:
+
+Once ark server is up and running you need the client before you can use it
+1. wget https://github.com/heptio/ark/releases/download/{{ .Values.image.tag }}/ark-{{ .Values.image.tag }}-darwin-amd64.tar.gz
+2. tar -xvf ark-{{ .Values.image.tag }}-darwin-amd64.tar.gz -C ark-client
+
+More info on the official site: https://github.com/heptio/ark#install-client
diff --git a/stable/ark/templates/_helpers.tpl b/stable/ark/templates/_helpers.tpl
@@ -0,0 +1,65 @@
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "ark.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "ark.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "ark.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use for creating or deleting the ark config
+*/}}
+{{- define "ark.hookServiceAccount" -}}
+{{- if .Values.serviceAccount.hook.create -}}
+    {{ default (printf "%s-%s" (include "ark.fullname" .) "hook") .Values.serviceAccount.hook.name }}
+{{- else -}}
+    {{ default "default" .Values.serviceAccount.hook.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use for creating or deleting the ark server
+*/}}
+{{- define "ark.serverServiceAccount" -}}
+{{- if .Values.serviceAccount.server.create -}}
+    {{ default (printf "%s-%s" (include "ark.fullname" .) "server") .Values.serviceAccount.server.name }}
+{{- else -}}
+    {{ default "default" .Values.serviceAccount.server.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create the name for the credentials secret.
+*/}}
+{{- define "ark.secretName" -}}
+{{- if .Values.credentials.existingSecret -}}
+  {{- .Values.credentials.existingSecret -}}
+{{- else -}}
+  {{- template "ark.fullname" . -}}
+{{- end -}}
+{{- end -}}
diff --git a/stable/ark/templates/backups.yaml b/stable/ark/templates/backups.yaml
@@ -0,0 +1,16 @@
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  name: backups.ark.heptio.com
+  labels:
+    chart: {{ template "ark.chart" . }}
+    heritage: {{ .Release.Service }}
+    release: {{ .Release.Name }}
+    app: {{ template "ark.name" . }}
+spec:
+  group: ark.heptio.com
+  version: v1
+  scope: Namespaced
+  names:
+    plural: backups
+    kind: Backup
diff --git a/stable/ark/templates/configmap.yaml b/stable/ark/templates/configmap.yaml
@@ -0,0 +1,54 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "ark.fullname" . }}
+  labels:
+    chart: {{ template "ark.chart" . }}
+    heritage: {{ .Release.Service }}
+    release: {{ .Release.Name }}
+    app: {{ template "ark.name" . }}
+data:
+  ark-config.yaml: |
+    apiVersion: ark.heptio.com/v1
+    kind: Config
+    metadata:
+      name: default
+{{ with .Values.configuration }}
+  {{- with .persistentVolumeProvider }}
+    persistentVolumeProvider:
+      name: {{ .name  }}
+    {{ with .config }}
+      config:
+      {{- with .region }}
+        region: {{ . }}
+      {{- end }}
+      {{- with .apitimeout }}
+        apiTimeout: {{ . }}
+      {{- end }}
+    {{- end }}
+  {{- end }}
+  {{- with .backupStorageProvider }}
+    backupStorageProvider:
+      name: {{ .name }}
+      bucket: {{ .bucket  }}
+    {{- with .config }}
+      config:
+      {{- with .region }}
+        region: {{ . }}
+      {{- end }}
+      {{- with .s3ForcePathStyle }}
+        s3ForcePathStyle: {{ . }}
+      {{- end }}
+      {{- with .s3Url }}
+        s3Url: {{ . }}
+      {{- end }}
+      {{- with .kmsKeyId }}
+        kmsKeyId: {{ . }}
+      {{- end }}
+    {{- end }}
+  {{- end }}
+    backupSyncPeriod: {{ .backupSyncPeriod }}
+    gcSyncPeriod: {{ .gcSyncPeriod }}
+    scheduleSyncPeriod: {{ .scheduleSyncPeriod }}
+    restoreOnlyMode: {{ .restoreOnlyMode }}
+{{- end }}
diff --git a/stable/ark/templates/configs.yaml b/stable/ark/templates/configs.yaml
@@ -0,0 +1,16 @@
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  name: configs.ark.heptio.com
+  labels:
+    chart: {{ template "ark.chart" . }}
+    heritage: {{ .Release.Service }}
+    release: {{ .Release.Name }}
+    app: {{ template "ark.name" . }}
+spec:
+  group: ark.heptio.com
+  version: v1
+  scope: Namespaced
+  names:
+    plural: configs
+    kind: Config
diff --git a/stable/ark/templates/deletebackuprequests.yaml b/stable/ark/templates/deletebackuprequests.yaml
@@ -0,0 +1,16 @@
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  name: deletebackuprequests.ark.heptio.com
+  labels:
+    chart: {{ template "ark.chart" . }}
+    heritage: {{ .Release.Service }}
+    release: {{ .Release.Name }}
+    app: {{ template "ark.name" . }}
+spec:
+  group: ark.heptio.com
+  version: v1
+  scope: Namespaced
+  names:
+    plural: deletebackuprequests
+    kind: DeleteBackupRequest
diff --git a/stable/ark/templates/deployment.yaml b/stable/ark/templates/deployment.yaml
@@ -0,0 +1,73 @@
+{{- if and .Values.configuration.backupStorageProvider.name .Values.configuration.backupStorageProvider.bucket -}}
+{{- $provider := .Values.configuration.backupStorageProvider.name -}}
+apiVersion: apps/v1beta2
+kind: Deployment
+metadata:
+  name: {{ template "ark.fullname" . }}
+  labels:
+    release: {{ .Release.Name }}
+    app: {{ template "ark.name" . }}
+    chart: {{ template "ark.chart" . }}
+    heritage: {{ .Release.Service }}
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      release: {{ .Release.Name }}
+      app: {{ template "ark.name" . }}
+  template:
+    metadata:
+      labels:
+        release: {{ .Release.Name }}
+        app: {{ template "ark.name" . }}
+    {{- with .Values.podAnnotations }}
+      annotations:
+{{ toYaml . | indent 8 }}
+    {{- end }}
+    spec:
+      restartPolicy: Always
+      serviceAccountName: {{ template "ark.serverServiceAccount" . }}
+      containers:
+        - name: ark
+          image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
+          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          command:
+            - /ark
+          args:
+            - server
+          {{- if eq $provider "azure" }}
+          envFrom:
+            - secretRef:
+                name: {{ template "ark.secretName" . }}
+          {{- end }}
+          volumeMounts:
+            - name: plugins
+              mountPath: /plugins
+        {{- if and .Values.credentials.useSecret (or (eq $provider "aws") (eq $provider "gcp")) }}
+            - name: cloud-credentials
+              mountPath: /credentials
+          env:
+          {{- if eq $provider "aws" }}
+            - name: AWS_SHARED_CREDENTIALS_FILE
+          {{- else }}
+            - name: GOOGLE_APPLICATION_CREDENTIALS
+          {{- end }}
+              value: /credentials/cloud
+        {{- end }}
+      volumes:
+        {{- if and .Values.credentials.useSecret (or (eq $provider "aws") (eq $provider "gcp")) }}
+        - name: cloud-credentials
+          secret:
+            secretName: {{ template "ark.secretName" . }}
+        {{- end }}
+        - name: plugins
+          emptyDir: {}
+    {{- with .Values.nodeSelector }}
+      nodeSelector:
+{{ toYaml . | indent 8 }}
+    {{- end }}
+    {{- with .Values.tolerations }}
+      tolerations:
+{{ toYaml . | indent 8 }}
+    {{- end }}
+{{- end -}}