feat(helm): new chart design

kubeovn · Aug 24, 2024 · ddf580e · ddf580e
1 parent b197ad3
commit ddf580e
Show file tree

Hide file tree

Showing 32 changed files with 714 additions and 3,025 deletions.
diff --git a/charts/kube-ovn/Chart.yaml b/charts/kube-ovn/Chart.yaml
@@ -15,7 +15,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 1.13.0
+version: 2.0.0
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to

diff --git a/charts/kube-ovn/templates/_helpers.tpl b/charts/kube-ovn/templates/_helpers.tpl
@@ -1,3 +1,59 @@
+{/*
+Expand the name of the chart.
+*/}}
+{{- define "kubeovn.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "kubeovn.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "kubeovn.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "kubeovn.labels" -}}
+helm.sh/chart: {{ include "kubeovn.chart" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "kubeovn.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create }}
+{{- default (include "kubeovn.fullname" .) .Values.serviceAccount.name }}
+{{- else }}
+{{- default "default" .Values.serviceAccount.name }}
+{{- end }}
+{{- end }}
+
+
 {{/*
 Get IP-addresses of master nodes
 */}}

diff --git a/charts/kube-ovn/templates/agent/agent-clusterrole.yaml b/charts/kube-ovn/templates/agent/agent-clusterrole.yaml
@@ -0,0 +1,89 @@
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  annotations:
+    rbac.authorization.k8s.io/system-only: "true"
+    {{- with .Values.agent.annotations }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- with .Values.agent.labels }}
+  labels:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  name: system:kube-ovn-cni
+rules:
+  - apiGroups:
+      - "kubeovn.io"
+    resources:
+      - subnets
+      - vlans
+      - provider-networks
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - ""
+      - "kubeovn.io"
+    resources:
+      - ovn-eips
+      - ovn-eips/status
+      - nodes
+      - pods
+    verbs:
+      - get
+      - list
+      - patch
+      - watch
+  - apiGroups:
+      - "kubeovn.io"
+    resources:
+      - ips
+    verbs:
+      - get
+      - update
+  - apiGroups:
+      - ""
+    resources:
+      - events
+    verbs:
+      - create
+      - patch
+      - update
+  - apiGroups:
+      - ""
+    resources:
+      - configmaps
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - authentication.k8s.io
+    resources:
+      - tokenreviews
+    verbs:
+      - create
+  - apiGroups:
+      - authorization.k8s.io
+    resources:
+      - subjectaccessreviews
+    verbs:
+      - create
+  - apiGroups:
+      - "certificates.k8s.io"
+    resources:
+      - "certificatesigningrequests"
+    verbs:
+      - "create"
+      - "get"
+      - "list"
+      - "watch"
+      - "delete"
+  - apiGroups:
+      - ""
+    resources:
+      - "secrets"
+    verbs:
+      - "get"
diff --git a/charts/kube-ovn/templates/agent/agent-clusterrolebinding.yaml b/charts/kube-ovn/templates/agent/agent-clusterrolebinding.yaml
@@ -0,0 +1,21 @@
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: kube-ovn-cni
+  {{- with .Values.agent.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  {{- with .Values.agent.labels }}
+  labels:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+roleRef:
+  name: system:kube-ovn-cni
+  kind: ClusterRole
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: kube-ovn-cni
+    namespace: {{ .Values.namespace }}
diff --git a/charts/kube-ovn/templates/ovncni-ds.yaml → ...-ovn/templates/agent/agent-daemonset.yaml b/charts/kube-ovn/templates/ovncni-ds.yaml → ...-ovn/templates/agent/agent-daemonset.yaml
@@ -1,21 +1,33 @@
-kind: DaemonSet
 apiVersion: apps/v1
+kind: DaemonSet
 metadata:
   name: kube-ovn-cni
   namespace: {{ .Values.namespace }}
+  {{- with .Values.agent.annotations }}
   annotations:
-    kubernetes.io/description: |
-      This daemon set launches the kube-ovn cni daemon.
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  {{- with .Values.agent.labels }}
+  labels:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
 spec:
   selector:
     matchLabels:
-      app: kube-ovn-cni
+      app.kubernetes.io/name: kube-ovn-cni
+      app.kubernetes.io/part-of: kube-ovn
   template:
     metadata:
+      {{- with .Values.agent.podAnnotations }}
+      annotations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
       labels:
-        app: kube-ovn-cni
-        component: network
-        type: infra
+        app.kubernetes.io/name: kube-ovn-cni
+        app.kubernetes.io/part-of: kube-ovn
+        {{- with .Values.agent.podLabels }}
+        {{- toYaml . | nindent 8 }}
+        {{- end }}
     spec:
       tolerations:
         - effect: NoSchedule
@@ -216,13 +228,10 @@ spec:
               - --port=10665
               - --tls={{- .Values.func.SECURE_SERVING }}
           timeoutSeconds: 5
+        {{- with .Values.agent.resources }}
         resources:
-          requests:
-            cpu: {{ index .Values "kube-ovn-cni" "requests" "cpu" }}
-            memory: {{ index .Values "kube-ovn-cni" "requests" "memory" }}
-          limits:
-            cpu: {{ index .Values "kube-ovn-cni" "limits" "cpu" }}
-            memory: {{ index .Values "kube-ovn-cni" "limits" "memory" }}
+          {{- toYaml . | trim | nindent 10 }}
+        {{- end }}
       nodeSelector:
         kubernetes.io/os: "linux"
       volumes:

diff --git a/charts/kube-ovn/templates/agent/agent-rolebinding.yaml b/charts/kube-ovn/templates/agent/agent-rolebinding.yaml
@@ -0,0 +1,22 @@
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: kube-ovn-cni
+  namespace: {{ .Values.namespace }}
+  {{- with .Values.agent.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  {{- with .Values.agent.labels }}
+  labels:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: extension-apiserver-authentication-reader
+subjects:
+  - kind: ServiceAccount
+    name: kube-ovn-cni
+    namespace: {{ .Values.namespace }}
diff --git a/charts/kube-ovn/templates/agent/agent-service.yaml b/charts/kube-ovn/templates/agent/agent-service.yaml
@@ -0,0 +1,23 @@
+kind: Service
+apiVersion: v1
+metadata:
+  name: kube-ovn-cni
+  namespace: {{ .Values.namespace }}
+  {{- with .Values.agent.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  {{- with .Values.agent.labels }}
+  labels:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+spec:
+  selector:
+    app.kubernetes.io/name: kube-ovn-cni
+    app.kubernetes.io/part-of: kube-ovn
+  ports:
+    - port: {{ .Values.agent.metrics.port }}
+      name: metrics
+  {{- if eq .Values.networking.NET_STACK "dual_stack" }}
+  ipFamilyPolicy: PreferDualStack
+  {{- end }}
diff --git a/charts/kube-ovn/templates/agent/agent-serviceaccount.yaml b/charts/kube-ovn/templates/agent/agent-serviceaccount.yaml
@@ -0,0 +1,14 @@
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: kube-ovn-cni
+  namespace: {{ .Values.namespace }}
+  {{- with .Values.agent.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  {{- with .Values.agent.labels }}
+  labels:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
diff --git a/...ts/kube-ovn/templates/central-deploy.yaml → ...templates/central/central-deployment.yaml b/...ts/kube-ovn/templates/central-deploy.yaml → ...templates/central/central-deployment.yaml
@@ -2,10 +2,14 @@ kind: Deployment
 apiVersion: apps/v1
 metadata:
   name: ovn-central
-  namespace: {{ .Values.namespace }}
+  {{- with .Values.central.annotations }}
   annotations:
-    kubernetes.io/description: |
-      OVN components: northd, nb and sb.
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  {{- with .Values.central.labels }}
+  labels:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
 spec:
   replicas: {{ include "kubeovn.nodeCount" . }}
   strategy:
@@ -15,13 +19,20 @@ spec:
     type: RollingUpdate
   selector:
     matchLabels:
-      app: ovn-central
+      app.kubernetes.io/name: ovn-central
+      app.kubernetes.io/part-of: kube-ovn
   template:
     metadata:
+      {{- with .Values.central.podAnnotations }}
+      annotations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
       labels:
-        app: ovn-central
-        component: network
-        type: infra
+        app.kubernetes.io/name: ovn-central
+        app.kubernetes.io/part-of: kube-ovn
+        {{- with .Values.central.podLabels }}
+        {{- toYaml . | nindent 8 }}
+        {{- end }}
     spec:
       tolerations:
         - effect: NoSchedule
@@ -35,7 +46,7 @@ spec:
           requiredDuringSchedulingIgnoredDuringExecution:
             - labelSelector:
                 matchLabels:
-                  app: ovn-central
+                  app.kubernetes.io/name: ovn-central
               topologyKey: kubernetes.io/hostname
       priorityClassName: system-cluster-critical
       serviceAccountName: ovn-ovs
@@ -111,13 +122,10 @@ spec:
               value: "{{ .Values.networking.ENABLE_COMPACT }}"
             - name: OVN_VERSION_COMPATIBILITY
               value: '{{ include "kubeovn.ovn.versionCompatibility" . }}'
+          {{- with .Values.central.resources }}
           resources:
-            requests:
-              cpu: {{ index .Values "ovn-central" "requests" "cpu" }}
-              memory: {{ index .Values "ovn-central" "requests" "memory" }}
-            limits:
-              cpu: {{ index .Values "ovn-central" "limits" "cpu" }}
-              memory: {{ index .Values "ovn-central" "limits" "memory" }}
+            {{- toYaml . | trim | nindent 12 }}
+          {{- end }}
           volumeMounts:
             - mountPath: /var/run/ovn
               name: host-run-ovn

diff --git a/charts/kube-ovn/templates/nb-svc.yaml → ...templates/central/northbound-service.yaml b/charts/kube-ovn/templates/nb-svc.yaml → ...templates/central/northbound-service.yaml
@@ -3,6 +3,14 @@ apiVersion: v1
 metadata:
   name: ovn-nb
   namespace: {{ .Values.namespace }}
+  {{- with .Values.central.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  {{- with .Values.central.labels }}
+  labels:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
 spec:
   ports:
     - name: ovn-nb
@@ -14,6 +22,7 @@ spec:
   ipFamilyPolicy: PreferDualStack
   {{- end }}
   selector:
-    app: ovn-central
+    app.kubernetes.io/name: ovn-central
+    app.kubernetes.io/part-of: kube-ovn
     ovn-nb-leader: "true"
   sessionAffinity: None