diff --git a/.github/workflows/helm-mariadb-operator.yaml b/.github/workflows/helm-mariadb-operator.yaml new file mode 100644 index 00000000..5290b955 --- /dev/null +++ b/.github/workflows/helm-mariadb-operator.yaml @@ -0,0 +1,46 @@ +name: Kustomize GitHub Actions for mariadb-operator + +on: + pull_request: + paths: + - base-helm-configs/mariadb-operator/** + - base-kustomize/mariadb-operator/** + - .github/workflows/helm-mariadb-operator.yaml +jobs: + helm: + strategy: + matrix: + overlays: + - base + name: Helm + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v4 + - uses: azure/setup-helm@v3 + with: + version: latest + token: "${{ secrets.GITHUB_TOKEN }}" + id: helm + - name: Kubectl Install + working-directory: /usr/local/bin/ + run: | + if [ ! -f /usr/local/bin/kubectl ]; then + curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl" + chmod +x ./kubectl + fi + - name: Run Helm Template + run: | + ${{ steps.helm.outputs.helm-path }} template mariadb-operator mariadb-operator --repo https://mariadb-operator.github.io/mariadb-operator \ + --namespace=mariadb-system \ + --create-namespace \ + --wait \ + --timeout 120m \ + -f ${{ github.workspace }}/base-helm-configs/mariadb-operator/mariadb-operator-helm-overrides.yaml \ + --post-renderer ${{ github.workspace }}/base-kustomize/kustomize.sh \ + --post-renderer-args mariadb-operator/${{ matrix.overlays }} > /tmp/rendered.yaml + - name: Return helm Build + uses: actions/upload-artifact@v4 + with: + name: helm-mariadb-operator-artifact-${{ matrix.overlays }} + path: /tmp/rendered.yaml diff --git a/.github/workflows/kustomize-mariadb-operator.yaml b/.github/workflows/kustomize-mariadb-operator.yaml deleted file mode 100644 index 88ed60ca..00000000 --- a/.github/workflows/kustomize-mariadb-operator.yaml +++ /dev/null @@ -1,33 +0,0 @@ -name: Kustomize GitHub Actions for mariadb-operator - -on: - pull_request: - paths: - - base-kustomize/mariadb-operator/** - - .github/workflows/kustomize-mariadb-operator.yaml -jobs: - kustomize: - name: Kustomize - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@v4 - - uses: azure/setup-helm@v3 - with: - version: latest - token: "${{ secrets.GITHUB_TOKEN }}" - id: helm - - name: Kustomize Install - working-directory: /usr/local/bin/ - run: | - if [ ! -f /usr/local/bin/kustomize ]; then - curl -s "https://raw.githubusercontent.com/kubernetes-sigs/kustomize/master/hack/install_kustomize.sh" | sudo bash - fi - - name: Run Kustomize Build - run: | - kustomize build base-kustomize/mariadb-operator --enable-helm --helm-command ${{ steps.helm.outputs.helm-path }} > /tmp/rendered.yaml - - name: Return Kustomize Build - uses: actions/upload-artifact@v4 - with: - name: kustomize-mariadb-operator-artifact - path: /tmp/rendered.yaml diff --git a/base-helm-configs/mariadb-operator/mariadb-operator-helm-overrides.yaml b/base-helm-configs/mariadb-operator/mariadb-operator-helm-overrides.yaml new file mode 100644 index 00000000..775a4a2b --- /dev/null +++ b/base-helm-configs/mariadb-operator/mariadb-operator-helm-overrides.yaml @@ -0,0 +1,254 @@ +nameOverride: "" +fullnameOverride: "" + +image: + repository: ghcr.io/mariadb-operator/mariadb-operator + pullPolicy: IfNotPresent + # -- Image tag to use. By default the chart appVersion is used + tag: "" +imagePullSecrets: [] + +# -- Controller log level +logLevel: INFO + +# -- Cluster DNS name +clusterName: cluster.local + +ha: + # -- Enable high availability + enabled: false + # -- Number of replicas + replicas: 3 + +metrics: + # -- Enable operator internal metrics. Prometheus must be installed in the cluster + enabled: false + serviceMonitor: + # -- Enable controller ServiceMonitor + enabled: true + # -- Labels to be added to the controller ServiceMonitor + additionalLabels: {} + # release: kube-prometheus-stack + # -- Interval to scrape metrics + interval: 30s + # -- Timeout if metrics can't be retrieved in given time interval + scrapeTimeout: 25s + +serviceAccount: + # -- Specifies whether a service account should be created + enabled: true + # -- Automounts the service account token in all containers of the Pod + automount: true + # -- Annotations to add to the service account + annotations: {} + # -- Extra Labels to add to the service account + extraLabels: {} + # -- The name of the service account to use. + # If not set and enabled is true, a name is generated using the fullname template + name: "" + +rbac: + # -- Specifies whether RBAC resources should be created + enabled: true + +# -- Extra arguments to be passed to the controller entrypoint +extrArgs: [] + +# -- Extra environment variables to be passed to the controller +extraEnv: [] + +# -- Extra volumes to pass to pod. +extraVolumes: [] + +# -- Extra volumes to mount to the container. +extraVolumeMounts: [] + +# -- Annotations to add to controller Pod +podAnnotations: {} + +# -- Security context to add to controller Pod +podSecurityContext: {} + +# -- Security context to add to controller container +securityContext: {} + +# -- Resources to add to controller container +resources: {} +# requests: +# cpu: 10m +# memory: 32Mi + +# -- Node selectors to add to controller Pod +nodeSelector: {} + +# -- Tolerations to add to controller Pod +tolerations: [] + +# -- Affinity to add to controller Pod +affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: node-role.kubernetes.io/worker + operator: In + values: + - worker + +webhook: + image: + repository: ghcr.io/mariadb-operator/mariadb-operator + pullPolicy: IfNotPresent + # -- Image tag to use. By default the chart appVersion is used + tag: "" + imagePullSecrets: [] + ha: + # -- Enable high availability + enabled: false + # -- Number of replicas + replicas: 3 + cert: + certManager: + # -- Whether to use cert-manager to issue and rotate the certificate. If set to false, mariadb-operator's cert-controller will be used instead. + enabled: true + # -- Issuer reference to be used in the Certificate resource. If not provided, a self-signed issuer will be used. + issuerRef: {} + # -- Duration to be used in the Certificate resource, + duration: "" + # -- Renew before duration to be used in the Certificate resource. + renewBefore: "" + # -- Annotatioms to be added to webhook TLS secret. + secretAnnotations: {} + # -- Labels to be added to webhook TLS secret. + secretLabels: {} + # -- Path where the CA certificate will be mounted. + caPath: /tmp/k8s-webhook-server/certificate-authority + # -- Path where the certificate will be mounted. + path: /tmp/k8s-webhook-server/serving-certs + # -- Port to be used by the webhook server + port: 9443 + # -- Expose the webhook server in the host network + hostNetwork: false + serviceMonitor: + # -- Enable webhook ServiceMonitor. Metrics must be enabled + enabled: true + # -- Labels to be added to the webhook ServiceMonitor + additionalLabels: {} + # release: kube-prometheus-stack + # -- Interval to scrape metrics + interval: 30s + # -- Timeout if metrics can't be retrieved in given time interval + scrapeTimeout: 25s + serviceAccount: + # -- Specifies whether a service account should be created + enabled: true + # -- Automounts the service account token in all containers of the Pod + automount: true + # -- Annotations to add to the service account + annotations: {} + # -- Extra Labels to add to the service account + extraLabels: {} + # -- The name of the service account to use. + # If not set and enabled is true, a name is generated using the fullname template + name: "" + # -- Annotations for webhook configurations. + annotations: {} + # -- Extra arguments to be passed to the webhook entrypoint + extrArgs: [] + # -- Extra volumes to pass to webhook Pod + extraVolumes: [] + # -- Extra volumes to mount to webhook container + extraVolumeMounts: [] + # -- Annotations to add to webhook Pod + podAnnotations: {} + # -- Security context to add to webhook Pod + podSecurityContext: {} + # -- Security context to add to webhook container + securityContext: {} + # -- Resources to add to webhook container + resources: {} + # requests: + # cpu: 10m + # memory: 32Mi + # -- Node selectors to add to controller Pod + nodeSelector: {} + # -- Tolerations to add to controller Pod + tolerations: [] + # -- Affinity to add to controller Pod + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: node-role.kubernetes.io/worker + operator: In + values: + - worker + +certController: + # -- Specifies whether the cert-controller should be created. + enabled: true + image: + repository: ghcr.io/mariadb-operator/mariadb-operator + pullPolicy: IfNotPresent + # -- Image tag to use. By default the chart appVersion is used + tag: "" + imagePullSecrets: [] + ha: + # -- Enable high availability + enabled: false + # -- Number of replicas + replicas: 3 + # -- CA certificate validity. It must be greater than certValidity. + caValidity: 35064h + # -- Certificate validity. + certValidity: 8766h + # -- Duration used to verify whether a certificate is valid or not. + lookaheadValidity: 2160h + # -- Requeue duration to ensure that certificate gets renewed. + requeueDuration: 5m + serviceMonitor: + # -- Enable cert-controller ServiceMonitor. Metrics must be enabled + enabled: true + # -- Labels to be added to the cert-controller ServiceMonitor + additionalLabels: {} + # release: kube-prometheus-stack + # -- Interval to scrape metrics + interval: 30s + # -- Timeout if metrics can't be retrieved in given time interval + scrapeTimeout: 25s + serviceAccount: + # -- Specifies whether a service account should be created + enabled: true + # -- Automounts the service account token in all containers of the Pod + automount: true + # -- Annotations to add to the service account + annotations: {} + # -- Extra Labels to add to the service account + extraLabels: {} + # -- The name of the service account to use. + # If not set and enabled is true, a name is generated using the fullname template + name: "" + # -- Extra arguments to be passed to the cert-controller entrypoint + extrArgs: [] + # -- Extra volumes to pass to cert-controller Pod + extraVolumes: [] + # -- Extra volumes to mount to cert-controller container + extraVolumeMounts: [] + # -- Annotations to add to cert-controller Pod + podAnnotations: {} + # -- Security context to add to cert-controller Pod + podSecurityContext: {} + # -- Security context to add to cert-controller container + securityContext: {} + # -- Resources to add to cert-controller container + resources: {} + # requests: + # cpu: 10m + # memory: 32Mi + # -- Node selectors to add to controller Pod + nodeSelector: {} + # -- Tolerations to add to controller Pod + tolerations: [] + # -- Affinity to add to controller Pod + affinity: {} diff --git a/base-kustomize/mariadb-operator/base/kustomization.yaml b/base-kustomize/mariadb-operator/base/kustomization.yaml new file mode 100644 index 00000000..0f7996d3 --- /dev/null +++ b/base-kustomize/mariadb-operator/base/kustomization.yaml @@ -0,0 +1,5 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - all.yaml diff --git a/base-kustomize/mariadb-operator/kustomization.yaml b/base-kustomize/mariadb-operator/kustomization.yaml deleted file mode 100644 index 6db4182a..00000000 --- a/base-kustomize/mariadb-operator/kustomization.yaml +++ /dev/null @@ -1,38 +0,0 @@ -sortOptions: - order: fifo -resources: - - ns-mariadb.yaml - -helmCharts: - - name: mariadb-operator - repo: https://mariadb-operator.github.io/mariadb-operator - releaseName: mariadb-operator - valuesInline: - clusterName: cluster.local - webhook: - cert: - certManager: - enabled: true - affinity: - nodeAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - nodeSelectorTerms: - - matchExpressions: - - key: node-role.kubernetes.io/worker - operator: In - values: - - worker - metrics: - enabled: true - affinity: - nodeAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - nodeSelectorTerms: - - matchExpressions: - - key: node-role.kubernetes.io/worker - operator: In - values: - - worker - includeCRDs: true - version: 0.28.1 - namespace: mariadb-system diff --git a/base-kustomize/mariadb-operator/ns-mariadb.yaml b/base-kustomize/mariadb-operator/ns-mariadb.yaml deleted file mode 100644 index 2e2fc0e9..00000000 --- a/base-kustomize/mariadb-operator/ns-mariadb.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - labels: - kubernetes.io/metadata.name: mariadb-system - name: mariadb-system - name: mariadb-system diff --git a/bin/install-mariadb-operator.sh b/bin/install-mariadb-operator.sh new file mode 100755 index 00000000..8d515f48 --- /dev/null +++ b/bin/install-mariadb-operator.sh @@ -0,0 +1,49 @@ +#!/bin/bash + +# Default parameter value +CLUSTER_NAME=${1:-cluster.local} + +# Directory to check for YAML files +CONFIG_DIR="/etc/genestack/helm-configs/mariadb-operator" + +# 'cluster.local' is the default value in base helm values file +if [ "${CLUSTER_NAME}" != "cluster.local" ]; then + CONFIG_FILE="$CONFIG_DIR/mariadb-operator-helm-overrides.yaml" + + mkdir -p $CONFIG_DIR + touch "$CONFIG_FILE" + + # Check if the file is empty and add/modify content accordingly + if [ ! -s "$CONFIG_FILE" ]; then + echo "clusterName: $CLUSTER_NAME" > "$CONFIG_FILE" + else + # If the clusterName line exists, modify it, otherwise add it at the end + if grep -q "^clusterName:" "$CONFIG_FILE"; then + sed -i -e "s/^clusterName: .*/clusterName: ${CLUSTER_NAME}/" "$CONFIG_FILE" + else + echo "clusterName: $CLUSTER_NAME" >> "$CONFIG_FILE" + fi + fi +fi + +# Helm command setup +HELM_CMD="helm upgrade --install mariadb-operator mariadb-operator --repo https://mariadb-operator.github.io/mariadb-operator \ + --namespace=mariadb-system \ + --create-namespace \ + --timeout 120m \ + --post-renderer /etc/genestack/kustomize/kustomize.sh \ + --post-renderer-args mariadb-operator/overlay \ + -f /opt/genestack/base-helm-configs/mariadb-operator/mariadb-operator-helm-overrides.yaml" + +# Check if YAML files exist in the specified directory +if compgen -G "${CONFIG_DIR}/*.yaml" > /dev/null; then + # Add all YAML files from the directory to the helm command + for yaml_file in "${CONFIG_DIR}"/*.yaml; do + HELM_CMD+=" -f ${yaml_file}" + done +fi + +# Run the helm command +echo "Executing Helm command:" +echo "${HELM_CMD}" +eval "${HELM_CMD}" diff --git a/bootstrap.sh b/bootstrap.sh index 3286cbc9..44da6408 100755 --- a/bootstrap.sh +++ b/bootstrap.sh @@ -116,7 +116,7 @@ for service in "$base_source_dir"/*; do fi done -# Symlink /opt/genestack/kustomize.sh to +# Symlink /opt/genestack/base-kustomize/kustomize.sh to # /etc/genestack/kustomize/kustomize.sh ln -s $base_source_dir/kustomize.sh $base_target_dir/kustomize.sh diff --git a/docs/infrastructure-mariadb.md b/docs/infrastructure-mariadb.md index 78c890eb..072d8eed 100644 --- a/docs/infrastructure-mariadb.md +++ b/docs/infrastructure-mariadb.md @@ -17,14 +17,17 @@ ``` ## Deploy the mariadb operator - -``` shell +``` cluster_name=`kubectl config view --minify -o jsonpath='{.clusters[0].name}'` -sed -i -e "s/cluster\.local/$cluster_name/" /etc/genestack/kustomize/mariadb-operator/kustomization.yaml - -test -n "$cluster_name" && kubectl kustomize --enable-helm /etc/genestack/kustomize/mariadb-operator | \ - kubectl --namespace mariadb-system apply --server-side --force-conflicts -f - +echo $cluster_name ``` +If `cluster_name` was anything other than `cluster.local` you should pass that as a parameter to the installer + +!!! example "Run the mariadb-operator deployment Script `bin/install-mariadb-operator.sh` You can include cluster_name paramater. No paramaters deploys with `cluster.local` cluster name." + + ``` shell + --8<-- "bin/install-mariadb-operator.sh" + ``` !!! info