Add osbuilder chart

charts/c3os-crds/Chart.yaml

@@ -7,4 +7,4 @@ home: https://docs.c3os.io/
 maintainers:
 - name: Ettore Di Giacinto
   email: mudler@c3os.io
-version: 0.0.1
+version: 0.0.2

charts/osbuilder/Chart.yaml

@@ -0,0 +1,10 @@
+apiVersion: v2
+name: osbuilder
+description: A Helm chart for osbuilder
+icon: 
+type: application
+home: https://docs.c3os.io/
+maintainers:
+- name: Ettore Di Giacinto
+  email: mudler@c3os.io
+version: 0.0.1

charts/osbuilder/templates/_helpers.tpl

@@ -0,0 +1,58 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "helm-chart.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "helm-chart.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "helm-chart.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "helm-chart.labels" -}}
+helm.sh/chart: {{ include "helm-chart.chart" . }}
+{{ include "helm-chart.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "helm-chart.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "helm-chart.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "helm-chart.serviceAccountName" -}}
+{{- include "helm-chart.fullname" . }}
+{{- end }}

charts/osbuilder/templates/configmap.yaml

@@ -0,0 +1,19 @@
+apiVersion: v1
+data:
+    controller_manager_config.yaml: "apiVersion: controller-runtime.sigs.k8s.io/v1alpha1\nkind:
+        ControllerManagerConfig\nhealth:\n  healthProbeBindAddress: :8081\nmetrics:\n
+        \ bindAddress: 127.0.0.1:8080\nwebhook:\n  port: 9443\nleaderElection:\n  leaderElect:
+        true\n  resourceName: 98ca89ca.c3os-x.io\n#   leaderElectionReleaseOnCancel
+        defines if the leader should step down volume \n#   when the Manager ends.
+        This requires the binary to immediately end when the\n#   Manager is stopped,
+        otherwise, this setting is unsafe. Setting this significantly\n#   speeds
+        up voluntary leader transitions as the new leader don't have to wait\n#   LeaseDuration
+        time first.\n#   In the default scaffold provided, the program ends immediately
+        after \n#   the manager stops, so would be fine to enable this option. However,
+        \n#   if you are doing or is intended to do any operation such as perform
+        cleanups \n#   after the manager stops then its usage might be unsafe.\n#
+        \  leaderElectionReleaseOnCancel: true\n"
+kind: ConfigMap
+metadata:
+    name: osartifactbuilder-operator-manager-config
+    namespace: '{{.Release.Namespace}}'

charts/osbuilder/templates/deployment.yaml

@@ -0,0 +1,89 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+    name: '{{ include "helm-chart.fullname" . }}'
+    namespace: '{{.Release.Namespace}}'
+    labels:
+      {{- include "helm-chart.labels" . | nindent 8 }}
+spec:
+    replicas: 1
+    selector:
+        matchLabels:
+            {{- include "helm-chart.selectorLabels" . | nindent 10 }}
+    template:
+        metadata:
+            annotations:
+                {{- range keys .Values.podAnnotations }}
+                {{ . | quote }}: {{ get $.Values.podAnnotations . | quote}}
+                {{- end }}
+            labels:
+                {{- include "helm-chart.selectorLabels" . | nindent 14}}
+        spec:
+            {{- with .Values.imagePullSecrets }}
+            imagePullSecrets:
+            {{- toYaml . | nindent 6 }}
+            {{- end }}
+            containers:
+              - args:
+                  - --secure-listen-address=0.0.0.0:8443
+                  - --upstream=http://127.0.0.1:8080/
+                  - --logtostderr=true
+                  - --v=0
+                image: gcr.io/kubebuilder/kube-rbac-proxy:v0.11.0
+                name: kube-rbac-proxy
+                ports:
+                  - containerPort: 8443
+                    name: https
+                    protocol: TCP
+                resources:
+                    limits:
+                        cpu: 500m
+                        memory: 128Mi
+                    requests:
+                        cpu: 5m
+                        memory: 64Mi
+                securityContext:
+                    allowPrivilegeEscalation: false
+              - args:
+                  - --health-probe-bind-address=:8081
+                  - --metrics-bind-address=127.0.0.1:8080
+                  - --leader-elect
+                command:
+                  - /manager
+                image: '{{ .Values.image.repository | default "quay.io/c3os/osbuilder" }}:{{ .Values.image.tag | default .Chart.AppVersion
+                  }}'
+                livenessProbe:
+                    httpGet:
+                        path: /healthz
+                        port: 8081
+                    initialDelaySeconds: 15
+                    periodSeconds: 20
+                name: manager
+                readinessProbe:
+                    httpGet:
+                        path: /readyz
+                        port: 8081
+                    initialDelaySeconds: 5
+                    periodSeconds: 10
+                {{- if and .Values.resources .Values.resources.controller }}
+                resources:
+{{ toYaml .Values.resources.controller | indent 20 }}
+                {{- end }}
+                securityContext:
+                    allowPrivilegeEscalation: false
+            securityContext:
+                runAsNonRoot: true
+            serviceAccountName: '{{ include "helm-chart.serviceAccountName" . }}'
+            terminationGracePeriodSeconds: 10
+            {{- with .Values.nodeSelector }}
+            nodeSelector:
+            {{- toYaml . | nindent 8 }}
+            {{- end }}
+            {{- with .Values.affinity }}
+            affinity:
+            {{- toYaml . | nindent 8 }}
+            {{- end }}
+            {{- with .Values.tolerations }}
+            tolerations:
+            {{- toYaml . | nindent 8 }}
+            {{- end }}

charts/osbuilder/templates/rbac.yaml

@@ -0,0 +1,160 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+    name: osartifactbuilder-operator-leader-election-role
+    namespace: '{{.Release.Namespace}}'
+rules:
+  - apiGroups:
+      - ""
+    resources:
+      - configmaps
+    verbs:
+      - get
+      - list
+      - watch
+      - create
+      - update
+      - patch
+      - delete
+  - apiGroups:
+      - coordination.k8s.io
+    resources:
+      - leases
+    verbs:
+      - get
+      - list
+      - watch
+      - create
+      - update
+      - patch
+      - delete
+  - apiGroups:
+      - ""
+    resources:
+      - events
+    verbs:
+      - create
+      - patch
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+    name: osartifactbuilder-operator-manager-role
+rules:
+  - apiGroups:
+      - build.c3os-x.io
+    resources:
+      - osartifacts
+    verbs:
+      - create
+      - delete
+      - get
+      - list
+      - patch
+      - update
+      - watch
+  - apiGroups:
+      - build.c3os-x.io
+    resources:
+      - osartifacts/finalizers
+    verbs:
+      - update
+  - apiGroups:
+      - build.c3os-x.io
+    resources:
+      - osartifacts/status
+    verbs:
+      - get
+      - patch
+      - update
+  - apiGroups:
+      - build.c3os-x.io
+    resources:
+      - osartifacts/finalizers
+    verbs:
+      - update
+  - apiGroups:
+      - ""
+    resources:
+      - services
+      - configmaps
+    verbs:
+      - get
+      - create
+      - update
+  - apiGroups:
+      - apps
+    resources:
+      - deployments
+    verbs:
+      - get
+      - create
+      - update
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+    name: osartifactbuilder-operator-metrics-reader
+rules:
+  - nonResourceURLs:
+      - /metrics
+    verbs:
+      - get
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+    name: osartifactbuilder-operator-proxy-role
+rules:
+  - apiGroups:
+      - authentication.k8s.io
+    resources:
+      - tokenreviews
+    verbs:
+      - create
+  - apiGroups:
+      - authorization.k8s.io
+    resources:
+      - subjectaccessreviews
+    verbs:
+      - create
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+    name: osartifactbuilder-operator-leader-election-rolebinding
+    namespace: '{{.Release.Namespace}}'
+roleRef:
+    apiGroup: rbac.authorization.k8s.io
+    kind: Role
+    name: osartifactbuilder-operator-leader-election-role
+subjects:
+  - kind: ServiceAccount
+    name: '{{ include "helm-chart.serviceAccountName" . }}'
+    namespace: '{{.Release.Namespace}}'
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+    name: osartifactbuilder-operator-manager-rolebinding
+roleRef:
+    apiGroup: rbac.authorization.k8s.io
+    kind: ClusterRole
+    name: osartifactbuilder-operator-manager-role
+subjects:
+  - kind: ServiceAccount
+    name: '{{ include "helm-chart.serviceAccountName" . }}'
+    namespace: '{{.Release.Namespace}}'
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+    name: osartifactbuilder-operator-proxy-rolebinding
+roleRef:
+    apiGroup: rbac.authorization.k8s.io
+    kind: ClusterRole
+    name: osartifactbuilder-operator-proxy-role
+subjects:
+  - kind: ServiceAccount
+    name: '{{ include "helm-chart.serviceAccountName" . }}'
+    namespace: '{{.Release.Namespace}}'

charts/osbuilder/templates/service.yaml

@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: Service
+metadata:
+    labels:
+        control-plane: controller-manager
+    name: '{{ include "helm-chart.fullname" . }}-metrics-service'
+    namespace: '{{.Release.Namespace}}'
+spec:
+    ports:
+      - name: https
+        port: 8443
+        protocol: TCP
+        targetPort: https
+    selector:
+        {{- include "helm-chart.selectorLabels" . | nindent 6 }}

charts/osbuilder/templates/serviceaccount.yaml

@@ -0,0 +1,5 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+    name: '{{ include "helm-chart.serviceAccountName" . }}'
+    namespace: '{{.Release.Namespace}}'

charts/osbuilder/values.yaml

@@ -0,0 +1,45 @@
+
+# Settings for the chart.
+
+# nameOverride Replaces the release name of the chart in Chart.yaml file when
+# this is used to construct Kubernetes object names
+nameOverride: ""
+# fullnameOverride completely replaces the generated release name
+fullnameOverride: ""
+
+# Secrets to pull container images from private registries
+imagePullSecrets: []
+
+image:
+  # controller image to be used. Leave empty to use
+  repository: ""
+  # image tag, leave empty to use chart's AppVersion
+  tag: "latest"
+
+podAnnotations: {}
+nodeSelector: {}
+tolerations: []
+affinity: {}
+
+tls:
+  # source options:
+  # - "cert-manager-self-signed": Scaffold cert-manager integration, and create
+  #   a self-signed certificate with a cert-manager self-signed Issuer. Depends
+  #   on cert-manager. (default)
+  # - "cert-manager": Scafffold cert-manager integration. User configures their
+  #   own Issuer. Depends on cert-manager. Set tls.certManagerIssuerName to the
+  #   desired Issuer.
+  source: cert-manager-self-signed
+  # "cert-manager"-only options:
+  certManagerIssuerName: ""
+
+## Resource limits & requests
+## Ref: https://kubernetes.io/docs/user-guide/compute-resources/
+resources:
+  controller:
+    limits:
+      cpu: 500m
+      memory: 50Mi
+    requests:
+      cpu: 250m
+      memory: 50Mi