Skip to content

Commit

Permalink
Merge pull request karmada-io#779 from jrkeen/support_multi_version_c…
Browse files Browse the repository at this point in the history 
…onversion

chart support multi version conversion
  • Loading branch information
@karmada-bot
karmada-bot authored Sep 30, 2021
2 parents 9126cff + a00a07b commit 8343abc
Show file tree
Hide file tree
Showing 4 changed files with 175 additions and 55 deletions.
21 changes: 21 additions & 0 deletions charts/templates/_patch_webhook_in_clusterresourcebindings.tpl
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
{{- define "karmada.crd.patch.webhook.clusterresourcebinding" -}}
{{ $name := include "karmada.name" .}}
{{ $namespace := include "karmada.namespace" .}}
---
# The following patch enables conversion webhook for CRD
# CRD conversion requires k8s 1.13 or later.
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: clusterresourcebindings.work.karmada.io
spec:
conversion:
strategy: Webhook
webhook:
clientConfig:
url: https://{{ $name }}-webhook.{{ $namespace }}.svc:443/convert
{{- include "karmada.webhook.caBundle" . | nindent 8 }}
# TODO(RainbowMango): After we update controller-runtime to v0.10+, then we can remove `v1beta1`
conversionReviewVersions: ["v1beta1", "v1"]
---
{{- end -}}
21 changes: 21 additions & 0 deletions charts/templates/_patch_webhook_in_resourcebindings.tpl
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
{{- define "karmada.crd.patch.webhook.resourcebinding" -}}
{{ $name := include "karmada.name" .}}
{{ $namespace := include "karmada.namespace" .}}
---
# The following patch enables conversion webhook for CRD
# CRD conversion requires k8s 1.13 or later.
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: resourcebindings.work.karmada.io
spec:
conversion:
strategy: Webhook
webhook:
clientConfig:
url: https://{{ $name }}-webhook.{{ $namespace }}.svc:443/convert
{{- include "karmada.webhook.caBundle" . | nindent 8 }}
# TODO(RainbowMango): After we update controller-runtime to v0.10+, then we can remove `v1beta1`
conversionReviewVersions: ["v1beta1", "v1"]
---
{{- end -}}
70 changes: 59 additions & 11 deletions charts/templates/post-install-job.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,28 +1,59 @@
{{- $name := include "karmada.name" . -}}

{{- $namespace := include "karmada.namespace" . -}}
{{- if eq .Values.installMode "host" }}
{{- if eq .Values.certs.mode "custom" }}
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ $name }}-crds
namespace: {{ include "karmada.namespace" . }}
name: {{ $name }}-static-resources
namespace: {{ $namespace }}
data:
{{- print "webhook-configuration.yaml: " | nindent 2 }} |-
{{- include "karmada.webhook.configuration" . | nindent 4 }}
{{- print "system-namespace.yaml: " | nindent 2 }} |-
{{- include "karmada.systemNamespace" . | nindent 4 }}
---
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ $name }}-crds
namespace: {{ $namespace }}
data:
{{ range $path, $bytes := .Files.Glob (printf "_crds/**")}}
{{ $name := base $path }}
{{- (printf "%s: " $name) | nindent 2 }} |-
{{- $.Files.Get $path | nindent 4 }}
{{ end }}
---
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ $name }}-crds-bases
namespace: {{ $namespace }}
data:
{{ range $path, $bytes := .Files.Glob (printf "_crds/bases/**")}}
{{ $name := base $path }}
{{- (printf "%s: " $name) | nindent 2 }} |-
{{- $.Files.Get $path | nindent 4 }}
{{ end }}
---
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ $name }}-crds-patches
namespace: {{ $namespace }}
data:
{{- print "webhook_in_clusterresourcebindings.yaml: " | nindent 2 }} |-
{{- include "karmada.crd.patch.webhook.clusterresourcebinding" . | nindent 4 }}
{{- print "webhook_in_resourcebindings.yaml: " | nindent 2 }} |-
{{- include "karmada.crd.patch.webhook.resourcebinding" . | nindent 4 }}
---
{{- end }}
apiVersion: batch/v1
kind: Job
metadata:
name: "{{ $name }}-install-crds"
name: "{{ $name }}-post-install"
namespace: {{ $namespace }}
labels:
app.kubernetes.io/managed-by: {{ .Release.Service | quote }}
app.kubernetes.io/instance: {{ $name | quote }}
Expand All @@ -47,22 +78,39 @@ spec:
spec:
restartPolicy: Never
containers:
- name: post-install-job
- name: post-install
image: bitnami/kubectl:latest
command:
- "kubectl"
- "apply"
- "-f"
- "/crds"
- "--kubeconfig"
- "/etc/kubeconfig"
- /bin/sh
- -c
- |
bash <<'EOF'
set -ex
kubectl kustomize /crds | kubectl apply --kubeconfig /etc/kubeconfig -f -
kubectl apply -f /static-resources --kubeconfig /etc/kubeconfig
EOF
volumeMounts:
- name: {{ $name }}-crds-bases
mountPath: /crds/bases
- name: {{ $name }}-crds-patches
mountPath: /crds/patches
- name: {{ $name }}-crds
mountPath: /crds
- name: {{ $name }}-static-resources
mountPath: /static-resources
{{ include "karmada.kubeconfig.volumeMount" . | nindent 10 }}
volumes:
- name: {{ $name }}-crds-bases
configMap:
name: {{ $name }}-crds-bases
- name: {{ $name }}-crds-patches
configMap:
name: {{ $name }}-crds-patches
- name: {{ $name }}-crds
configMap:
name: {{ $name }}-crds
- name: {{ $name }}-static-resources
configMap:
name: {{ $name }}-static-resources
{{ include "karmada.kubeconfig.volume" . | nindent 8 }}
{{- end }}
118 changes: 74 additions & 44 deletions charts/templates/pre-install-job.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,36 +10,6 @@ metadata:
"helm.sh/hook": pre-install
"helm.sh/hook-weight": "2"
data:
install.sh: |-
#!/bin/bash
set -ex
function join() {
local IFS=$1
shift
echo "$*"
}
kubectl apply -f $(join ',' /opt/configs/*.yaml)
generator.sh: |-
#!/bin/bash
set -ex
mkdir -p /opt/configs
mkdir -p /opt/certs
cp -r -L /opt/mount/* /opt/configs/
openssl req -x509 -sha256 -new -nodes -days 365 -newkey rsa:2048 -keyout "/opt/certs/server-ca.key" -out "/opt/certs/server-ca.crt" -subj "/C=xx/ST=x/L=x/O=x/OU=x/CN=ca/emailAddress=x/"
echo '{"signing":{"default":{"expiry":{{ printf `"%s"` .Values.certs.auto.expiry }},"usages":["signing","key encipherment","client auth","server auth"]}}}' > "/opt/certs/server-ca-config.json"
echo '{"CN":"system:admin","hosts":{{ toJson .Values.certs.auto.hosts }},"names":[{"O":"system:masters"}],"key":{"algo":"rsa","size":2048}}' | cfssl gencert -ca=/opt/certs/server-ca.crt -ca-key=/opt/certs/server-ca.key -config=/opt/certs/server-ca-config.json - | cfssljson -bare /opt/certs/karmada
karmada_ca=$(base64 /opt/certs/server-ca.crt | tr -d '\r\n')
karmada_crt=$(base64 /opt/certs/karmada.pem | tr -d '\r\n')
karmada_key=$(base64 /opt/certs/karmada-key.pem | tr -d '\r\n')
sed -i'' -e "s/{{ print "{{ ca_crt }}" }}/${karmada_ca}/g" /opt/configs/cert.yaml
sed -i'' -e "s/{{ print "{{ crt }}" }}/${karmada_crt}/g" /opt/configs/cert.yaml
sed -i'' -e "s/{{ print "{{ key }}" }}/${karmada_key}/g" /opt/configs/cert.yaml
sed -i'' -e "s/{{ print "{{ ca_crt }}" }}/${karmada_ca}/g" /opt/configs/kubeconfig.yaml
sed -i'' -e "s/{{ print "{{ crt }}" }}/${karmada_crt}/g" /opt/configs/kubeconfig.yaml
sed -i'' -e "s/{{ print "{{ key }}" }}/${karmada_key}/g" /opt/configs/kubeconfig.yaml
sed -i'' -e "s/{{ print "{{ crt }}" }}/${karmada_crt}/g" /opt/configs/webhook-cert.yaml
sed -i'' -e "s/{{ print "{{ key }}" }}/${karmada_key}/g" /opt/configs/webhook-cert.yaml
sed -i'' -e "s/{{ print "{{ ca_crt }}" }}/${karmada_ca}/g" /opt/configs/crds-configmap.yaml
cert.yaml: |-
apiVersion: v1
kind: Secret
Expand All @@ -59,7 +29,7 @@ data:
kind: Secret
metadata:
name: {{ $name }}-webhook-cert
namespace: {{ include "karmada.namespace" . }}
namespace: {{ $namespace }}
type: kubernetes.io/tls
data:
tls.crt: |-
Expand All @@ -71,7 +41,7 @@ data:
kind: Secret
metadata:
name: {{ $name }}-kubeconfig
namespace: {{ include "karmada.namespace" . }}
namespace: {{ $namespace }}
stringData:
kubeconfig: |-
apiVersion: v1
Expand All @@ -80,7 +50,7 @@ data:
- cluster:
certificate-authority-data: {{ print "{{ ca_crt }}" }}
insecure-skip-tls-verify: false
server: https://{{ $name }}-apiserver.{{ include "karmada.namespace" . }}.svc.{{ .Values.clusterDomain }}:5443
server: https://{{ $name }}-apiserver.{{ $namespace }}.svc.{{ .Values.clusterDomain }}:5443
name: {{ $name }}-apiserver
users:
- user:
Expand All @@ -93,28 +63,59 @@ data:
user: {{ $name }}-apiserver
name: {{ $name }}-apiserver
current-context: {{ $name }}-apiserver
crds-configmap.yaml: |-
static-resources-configmaps.yaml: |-
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ $name }}-crds
namespace: {{ include "karmada.namespace" . }}
name: {{ $name }}-static-resources
namespace: {{ $namespace }}
data:
{{- print "webhook-configuration.yaml: " | nindent 6 }} |-
{{- include "karmada.webhook.configuration" . | nindent 8 }}
{{- print "system-namespace.yaml: " | nindent 6 }} |-
{{- include "karmada.systemNamespace" . | nindent 8 }}
crds-configmaps.yaml: |-
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ $name }}-crds
namespace: {{ $namespace }}
data:
{{ range $path, $bytes := .Files.Glob (printf "_crds/**")}}
{{ $name := base $path }}
{{- (printf "%s: " $name) | nindent 6 }} |-
{{- $.Files.Get $path | nindent 8 }}
{{ end }}
crds-bases-configmaps.yaml: |-
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ $name }}-crds-bases
namespace: {{ $namespace }}
data:
{{ range $path, $bytes := .Files.Glob (printf "_crds/bases/**")}}
{{ $name := base $path }}
{{- (printf "%s: " $name) | nindent 6 }} |-
{{- $.Files.Get $path | nindent 8 }}
{{ end }}
crds-patches-configmaps.yaml: |-
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ $name }}-crds-patches
namespace: {{ $namespace }}
data:
{{- print "webhook_in_clusterresourcebindings.yaml: " | nindent 6 }} |-
{{- include "karmada.crd.patch.webhook.clusterresourcebinding" . | nindent 8 }}
{{- print "webhook_in_resourcebindings.yaml: " | nindent 6 }} |-
{{- include "karmada.crd.patch.webhook.resourcebinding" . | nindent 8 }}
---
apiVersion: batch/v1
kind: Job
metadata:
name: "{{ $name }}-config-generator"
name: "{{ $name }}-pre-install"
namespace: {{ $namespace }}
annotations:
# This is what defines this resource as a hook. Without this line, the
# job is considered part of the release.
Expand All @@ -135,22 +136,52 @@ spec:
serviceAccountName: {{ $name }}-pre-job
restartPolicy: Never
initContainers:
- name: generator
- name: init
image: cfssl/cfssl
workingDir: /opt/mount
command:
- "./generator.sh"
- /bin/sh
- -c
- |
bash <<'EOF'
set -ex
mkdir -p /opt/configs
mkdir -p /opt/certs
cp -r -L /opt/mount/* /opt/configs/
openssl req -x509 -sha256 -new -nodes -days 365 -newkey rsa:2048 -keyout "/opt/certs/server-ca.key" -out "/opt/certs/server-ca.crt" -subj "/C=xx/ST=x/L=x/O=x/OU=x/CN=ca/emailAddress=x/"
echo '{"signing":{"default":{"expiry":{{ printf `"%s"` .Values.certs.auto.expiry }},"usages":["signing","key encipherment","client auth","server auth"]}}}' > "/opt/certs/server-ca-config.json"
echo '{"CN":"system:admin","hosts":{{ toJson .Values.certs.auto.hosts }},"names":[{"O":"system:masters"}],"key":{"algo":"rsa","size":2048}}' | cfssl gencert -ca=/opt/certs/server-ca.crt -ca-key=/opt/certs/server-ca.key -config=/opt/certs/server-ca-config.json - | cfssljson -bare /opt/certs/karmada
karmada_ca=$(base64 /opt/certs/server-ca.crt | tr -d '\r\n')
karmada_crt=$(base64 /opt/certs/karmada.pem | tr -d '\r\n')
karmada_key=$(base64 /opt/certs/karmada-key.pem | tr -d '\r\n')
sed -i'' -e "s/{{ print "{{ ca_crt }}" }}/${karmada_ca}/g" /opt/configs/cert.yaml
sed -i'' -e "s/{{ print "{{ crt }}" }}/${karmada_crt}/g" /opt/configs/cert.yaml
sed -i'' -e "s/{{ print "{{ key }}" }}/${karmada_key}/g" /opt/configs/cert.yaml
sed -i'' -e "s/{{ print "{{ ca_crt }}" }}/${karmada_ca}/g" /opt/configs/kubeconfig.yaml
sed -i'' -e "s/{{ print "{{ crt }}" }}/${karmada_crt}/g" /opt/configs/kubeconfig.yaml
sed -i'' -e "s/{{ print "{{ key }}" }}/${karmada_key}/g" /opt/configs/kubeconfig.yaml
sed -i'' -e "s/{{ print "{{ crt }}" }}/${karmada_crt}/g" /opt/configs/webhook-cert.yaml
sed -i'' -e "s/{{ print "{{ key }}" }}/${karmada_key}/g" /opt/configs/webhook-cert.yaml
sed -i'' -e "s/{{ print "{{ ca_crt }}" }}/${karmada_ca}/g" /opt/configs/static-resources-configmaps.yaml
sed -i'' -e "s/{{ print "{{ ca_crt }}" }}/${karmada_ca}/g" /opt/configs/crds-patches-configmaps.yaml
EOF
volumeMounts:
- name: mount
mountPath: /opt/mount
- name: configs
mountPath: /opt/configs
containers:
- name: pre-install-job
- name: pre-install
image: bitnami/kubectl:latest
workingDir: /opt/mount
command:
- "./install.sh"
- /bin/sh
- -c
- |
bash <<'EOF'
set -ex
kubectl apply -f /opt/configs/
EOF
volumeMounts:
- name: mount
mountPath: /opt/mount
Expand All @@ -160,7 +191,6 @@ spec:
- name: mount
configMap:
name: {{ $name }}-config
defaultMode: 0777
- name: configs
emptyDir: {}

Expand All @@ -169,10 +199,10 @@ apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ $name }}-pre-job
namespace: {{ $namespace }}
annotations:
"helm.sh/hook": pre-install
"helm.sh/hook-weight": "1"
namespace: {{ include "karmada.namespace" . }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
Expand Down Expand Up @@ -202,6 +232,6 @@ roleRef:
subjects:
- kind: ServiceAccount
name: {{ $name }}-pre-job
namespace: {{ include "karmada.namespace" . }}
namespace: {{ $namespace }}
---
{{- end }}

0 comments on commit 8343abc

Please sign in to comment.