From 6c5787e7b62d815ac1e8303f77a02c7906532b2b Mon Sep 17 00:00:00 2001 From: Logan Clemons Date: Wed, 1 Nov 2023 02:58:18 -0500 Subject: [PATCH] adding helm chart (#125) Co-authored-by: loganrobertclemons --- chart/Chart.yaml | 4 ++ chart/templates/NOTES.txt | 27 ++++++++ chart/templates/_helpers.tpl | 90 +++++++++++++++++++++++++ chart/templates/clusterrole.yaml | 12 ++++ chart/templates/clusterrolebinding.yaml | 16 +++++ chart/templates/daemonset.yaml | 39 +++++++++++ chart/templates/serviceaccount.yaml | 13 ++++ chart/values.yaml | 42 ++++++++++++ 8 files changed, 243 insertions(+) create mode 100644 chart/Chart.yaml create mode 100644 chart/templates/NOTES.txt create mode 100644 chart/templates/_helpers.tpl create mode 100644 chart/templates/clusterrole.yaml create mode 100644 chart/templates/clusterrolebinding.yaml create mode 100644 chart/templates/daemonset.yaml create mode 100644 chart/templates/serviceaccount.yaml create mode 100644 chart/values.yaml diff --git a/chart/Chart.yaml b/chart/Chart.yaml new file mode 100644 index 0000000..f25d10a --- /dev/null +++ b/chart/Chart.yaml @@ -0,0 +1,4 @@ +apiVersion: v2 +name: kubeip +description: A Helm chart for KubeIP +version: 0.1.0 \ No newline at end of file diff --git a/chart/templates/NOTES.txt b/chart/templates/NOTES.txt new file mode 100644 index 0000000..4ba4388 --- /dev/null +++ b/chart/templates/NOTES.txt @@ -0,0 +1,27 @@ +{{- if .Release.IsInstall }} +🎉 KubeIP v2 Deployment Successful! 🎉 + +Thank you for installing KubeIP v2, ensuring that your Kubernetes nodes are now equipped with static public IP addresses for improved connectivity and reliability. + +Next Steps: + +1. Verify the Operation: Ensure that KubeIP is running successfully on all desired nodes. You can check the status of the DaemonSet by running: + + $ kubectl get daemonset kubeip -n kube-system + +2. Check IP Assignment: Ensure that static public IPs are assigned to your nodes. Run the following command to see the assigned IPs: + + $ kubectl get nodes -o wide + +3. Review Logs (Optional): If you want to delve deeper or troubleshoot, you can review the logs of the KubeIP pods: + + $ kubectl logs -l app=kubeip -n kube-system + +4. Update Your Firewall Rules: If you have specific firewall rules or IP whitelists, ensure they are updated to include the static IPs assigned to your nodes. + +5. Documentation and Support: For more information on configuration options, troubleshooting, and usage, please visit the [official KubeIP repository](https://github.com/doitintl/kubeip). + +6. Feedback and Contributions: Your feedback is valuable! If you encounter any issues, or if you have suggestions for improvements, please feel free to open an issue or contribute to the project on GitHub. + +Enjoy the enhanced stability and connectivity that KubeIP brings to your Kubernetes cluster! 🚀 +{{- end }} diff --git a/chart/templates/_helpers.tpl b/chart/templates/_helpers.tpl new file mode 100644 index 0000000..de9e252 --- /dev/null +++ b/chart/templates/_helpers.tpl @@ -0,0 +1,90 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "kubeip.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +*/}} +{{- define "kubeip.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "kubeip.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "kubeip.labels" -}} +helm.sh/chart: {{ include "kubeip.chart" . }} +{{ include "kubeip.selectorLabels" . }} +{{- with .Chart.AppVersion }} +app.kubernetes.io/version: {{ . | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "kubeip.selectorLabels" -}} +app.kubernetes.io/name: {{ include "kubeip.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "kubeip.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "kubeip.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} + +{{/* +Define Ingress apiVersion +*/}} +{{- define "kubeip.ingress.apiVersion" -}} +{{- printf "networking.k8s.io/v1" }} +{{- end }} + +{{/* +Define Pdb apiVersion +*/}} +{{- define "kubeip.pdb.apiVersion" -}} +{{- if $.Capabilities.APIVersions.Has "policy/v1/PodDisruptionBudget" }} +{{- printf "policy/v1" }} +{{- else }} +{{- printf "policy/v1beta1" }} +{{- end }} +{{- end }} + +{{/* +Allow overriding kubeip namespace +*/}} +{{- define "kubeip.namespace" -}} +{{- if .Values.namespaceOverride -}} +{{- .Values.namespaceOverride -}} +{{- else -}} +{{- .Release.Namespace -}} +{{- end -}} +{{- end -}} diff --git a/chart/templates/clusterrole.yaml b/chart/templates/clusterrole.yaml new file mode 100644 index 0000000..e8a3a6f --- /dev/null +++ b/chart/templates/clusterrole.yaml @@ -0,0 +1,12 @@ +{{- if .Values.rbac.create }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "kubeip.fullname" . }}-cluster-role + labels: + {{- include "kubeip.labels" . | nindent 4 }} +rules: + - apiGroups: [ "" ] + resources: [ "nodes" ] + verbs: [ "get" ] +{{- end }} diff --git a/chart/templates/clusterrolebinding.yaml b/chart/templates/clusterrolebinding.yaml new file mode 100644 index 0000000..4402591 --- /dev/null +++ b/chart/templates/clusterrolebinding.yaml @@ -0,0 +1,16 @@ +{{- if .Values.rbac.create }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ include "kubeip.fullname" . }}-cluster-role-binding + labels: + {{- include "kubeip.labels" . | nindent 4 }} +subjects: + - kind: ServiceAccount + name: {{ include "kubeip.serviceAccountName" . }} + namespace: {{ include "kubeip.namespace" . }} +roleRef: + kind: ClusterRole + name: {{ include "kubeip.fullname" . }}-cluster-role + apiGroup: rbac.authorization.k8s.io +{{- end }} diff --git a/chart/templates/daemonset.yaml b/chart/templates/daemonset.yaml new file mode 100644 index 0000000..9287b7f --- /dev/null +++ b/chart/templates/daemonset.yaml @@ -0,0 +1,39 @@ +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: {{ include "kubeip.fullname" . }} + labels: + {{- include "kubeip.labels" . | nindent 4 }} +spec: + selector: + matchLabels: + app.kubernetes.io/name: {{ include "kubeip.name" . }} + template: + metadata: + labels: + app.kubernetes.io/name: {{ include "kubeip.name" . }} + spec: + serviceAccountName: {{ include "kubeip.serviceAccountName" . | quote }} + terminationGracePeriodSeconds: {{ .Values.daemonSet.terminationGracePeriodSeconds }} + priorityClassName: {{ .Values.daemonSet.priorityClassName | quote }} + nodeSelector: +{{- if .Values.daemonSet.nodeSelector }} +{{- toYaml .Values.daemonSet.nodeSelector | nindent 8 }} +{{- end }} + containers: + - name: kubeip + image: "{{ .Values.image.repository }}" + imagePullPolicy: Always + resources: +{{- toYaml .Values.daemonSet.resources | nindent 12 }} + env: + - name: NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: FILTER + value: {{ .Values.daemonSet.env.FILTER | quote }} + - name: LOG_LEVEL + value: {{ .Values.daemonSet.env.LOG_LEVEL | quote }} + - name: LOG_JSON + value: {{ .Values.daemonSet.env.LOG_JSON | quote }} diff --git a/chart/templates/serviceaccount.yaml b/chart/templates/serviceaccount.yaml new file mode 100644 index 0000000..3fb9a4e --- /dev/null +++ b/chart/templates/serviceaccount.yaml @@ -0,0 +1,13 @@ +{{- if .Values.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "kubeip.serviceAccountName" . }} + namespace: {{ include "kubeip.namespace" . }} + annotations: + {{- if eq .Values.cloudProvider "gcp" }} + iam.gke.io/gcp-service-account: {{ required "A valid .Values.serviceAccount.annotations.gcpServiceAccountEmail entry required when cloudProvider is gcp" .Values.serviceAccount.annotations.gcpServiceAccountEmail }} + {{- else if eq .Values.cloudProvider "aws" }} + eks.amazonaws.com/role-arn: {{ required "A valid .Values.serviceAccount.annotations.awsRoleArn entry required when cloudProvider is aws" .Values.serviceAccount.annotations.awsRoleArn }} + {{- end }} +{{- end }} diff --git a/chart/values.yaml b/chart/values.yaml new file mode 100644 index 0000000..cd96d49 --- /dev/null +++ b/chart/values.yaml @@ -0,0 +1,42 @@ +# The cloud provider where your Kubernetes cluster is running. +# This value determines the appropriate annotations for the Service Account. +# Currently acceptable values are 'gcp' or 'aws'. +cloudProvider: gcp + +# The namespace where the kubeip-agent will be deployed. +namespaceOverride: kube-system + +# Configuration settings for the container image. +image: + repository: doitintl/kubeip-agent + tag: latest + +# Configuration for the Kubernetes Service Account. +serviceAccount: + create: true + name: kubeip-service-account + annotations: + gcpServiceAccountEmail: kubeip-service-account@workload-id-117715.iam.gserviceaccount.com +# annotations: +# awsRoleArn: "your-aws-role-arn" +# gcpServiceAccountEmail: "your-google-service-account-email" + + +# Role-Based Access Control (RBAC) configuration. +rbac: + create: true + +# DaemonSet configuration. +daemonSet: + terminationGracePeriodSeconds: 30 + priorityClassName: system-node-critical + nodeSelector: + nodegroup: public + kubeip: use + env: + FILTER: labels.kubeip=reserved;labels.environment=demo + LOG_LEVEL: debug + LOG_JSON: true + resources: + requests: + cpu: 100m