Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Converting mariadb-operator to use helm #594

Merged
merged 13 commits into from
Dec 13, 2024
46 changes: 46 additions & 0 deletions .github/workflows/helm-mariadb-operator.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,46 @@
name: Kustomize GitHub Actions for mariadb-operator

on:
pull_request:
paths:
- base-helm-configs/mariadb-operator/**
- base-kustomize/mariadb-operator/**
- .github/workflows/helm-mariadb-operator.yaml
jobs:
helm:
strategy:
matrix:
overlays:
- base
name: Helm
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- uses: azure/setup-helm@v3
with:
version: latest
token: "${{ secrets.GITHUB_TOKEN }}"
id: helm
- name: Kubectl Install
working-directory: /usr/local/bin/
run: |
if [ ! -f /usr/local/bin/kubectl ]; then
curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"
chmod +x ./kubectl
fi
- name: Run Helm Template
run: |
${{ steps.helm.outputs.helm-path }} template mariadb-operator mariadb-operator --repo https://mariadb-operator.github.io/mariadb-operator \
--namespace=mariadb-system \
--create-namespace \
--wait \
--timeout 120m \
-f ${{ github.workspace }}/base-helm-configs/mariadb-operator/mariadb-operator-helm-overrides.yaml \
--post-renderer ${{ github.workspace }}/base-kustomize/kustomize.sh \
--post-renderer-args mariadb-operator/${{ matrix.overlays }} > /tmp/rendered.yaml
- name: Return helm Build
uses: actions/upload-artifact@v4
with:
name: helm-mariadb-operator-artifact-${{ matrix.overlays }}
path: /tmp/rendered.yaml
33 changes: 0 additions & 33 deletions .github/workflows/kustomize-mariadb-operator.yaml

This file was deleted.

Original file line number Diff line number Diff line change
@@ -0,0 +1,308 @@
nameOverride: ""
fullnameOverride: ""

# --- CRDs
crds:
# -- Whether the helm chart should create and update the CRDs. It is false by default, which implies that the CRDs must be
# managed independently with the mariadb-operator-crds helm chart.
# **WARNING** This should only be set to true during the initial deployment. If this chart manages the CRDs
# and is later uninstalled, all MariaDB instances will be DELETED.
enabled: false

image:
repository: docker-registry3.mariadb.com/mariadb-operator/mariadb-operator
pullPolicy: IfNotPresent
# -- Image tag to use. By default the chart appVersion is used
tag: ""
# Setting a digest will override any tag
# digest: sha256:084a927ee9f3918a5c85d283f73822ae205757df352218de0b935853a0765060
imagePullSecrets: []

# -- Controller log level
logLevel: INFO

# -- Cluster DNS name
clusterName: cluster.local

# -- Whether the operator should watch CRDs only in its own namespace or not.
currentNamespaceOnly: false

ha:
# -- Enable high availability of the controller.
# If you enable it we recommend to set `affinity` and `pdb`
enabled: false
# -- Number of replicas
replicas: 3

metrics:
# -- Enable operator internal metrics. Prometheus must be installed in the cluster
enabled: true
serviceMonitor:
# -- Enable controller ServiceMonitor
enabled: true
# -- Labels to be added to the controller ServiceMonitor
additionalLabels: {}
# release: kube-prometheus-stack
# -- Interval to scrape metrics
interval: 30s
# -- Timeout if metrics can't be retrieved in given time interval
scrapeTimeout: 25s

serviceAccount:
# -- Specifies whether a service account should be created
enabled: true
# -- Automounts the service account token in all containers of the Pod
automount: true
# -- Annotations to add to the service account
annotations: {}
# -- Extra Labels to add to the service account
extraLabels: {}
# -- The name of the service account to use.
# If not set and enabled is true, a name is generated using the fullname template
name: ""

rbac:
# -- Specifies whether RBAC resources should be created
enabled: true

aggregation:

# -- Specifies whether the cluster roles aggrate to view and edit predefinied roles
enabled: true

# -- Extra arguments to be passed to the controller entrypoint
extrArgs: []

# -- Extra environment variables to be passed to the controller
extraEnv: []

# -- Extra environment variables from preexiting ConfigMap / Secret objects used by the controller using envFrom
extraEnvFrom: []

# -- Extra volumes to pass to pod.
extraVolumes: []

# -- Extra volumes to mount to the container.
extraVolumeMounts: []

# -- Annotations to add to controller Pod
podAnnotations: {}

# -- Security context to add to controller Pod
podSecurityContext: {}

# -- Security context to add to controller container
securityContext: {}

# -- Resources to add to controller container
resources: {}
# requests:
# cpu: 10m
# memory: 32Mi

# -- Node selectors to add to controller Pod
nodeSelector: {}

# -- Tolerations to add to controller Pod
tolerations: []

# -- Affinity to add to controller Pod
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: node-role.kubernetes.io/worker
operator: In
values:
- worker
# Sample on how to create an antiAffinity rule that place
# the pods on different nodes, to be used together with `ha.enabled: true`
# podAntiAffinity:
# requiredDuringSchedulingIgnoredDuringExecution:
# - labelSelector:
# matchExpressions:
# - key: app.kubernetes.io/name
# operator: In
# values:
# - mariadb-operator
# - key: app.kubernetes.io/instance
# operator: In
# values:
# - mariadb-operator
# topologyKey: kubernetes.io/hostname

pdb:
# -- Enable PodDisruptionBudget for the controller.
enabled: false
# -- Maximum number of unavailable Pods. You may also give a percentage, like `50%`
maxUnavailable: 1

webhook:
# -- Specifies whether the webhook should be created.
enabled: true
image:
repository: docker-registry3.mariadb.com/mariadb-operator/mariadb-operator
pullPolicy: IfNotPresent
# -- Image tag to use. By default the chart appVersion is used
tag: ""
# Setting a digest will override any tag
# digest: sha256:084a927ee9f3918a5c85d283f73822ae205757df352218de0b935853a0765060
imagePullSecrets: []
ha:
# -- Enable high availability
enabled: false
# -- Number of replicas
replicas: 3
cert:
certManager:
# -- Whether to use cert-manager to issue and rotate the certificate. If set to false, mariadb-operator's cert-controller will be used instead.
enabled: true
# -- Issuer reference to be used in the Certificate resource. If not provided, a self-signed issuer will be used.
issuerRef: {}
# -- Duration to be used in the Certificate resource,
duration: ""
# -- Renew before duration to be used in the Certificate resource.
renewBefore: ""
# -- The maximum number of CertificateRequest revisions that are maintained in the Certificate’s history.
revisionHistoryLimit: 3
# -- Annotatioms to be added to webhook TLS secret.
secretAnnotations: {}
# -- Labels to be added to webhook TLS secret.
secretLabels: {}
ca:
# -- Path that contains the full CA trust chain.
path: ""
# -- File under 'ca.path' that contains the full CA trust chain.
key: ""
# -- Path where the certificate will be mounted. 'tls.crt' and 'tls.key' certificates files should be under this path.
path: /tmp/k8s-webhook-server/serving-certs
# -- Port to be used by the webhook server
port: 9443
# -- Expose the webhook server in the host network
hostNetwork: false
serviceMonitor:
# -- Enable webhook ServiceMonitor. Metrics must be enabled
enabled: true
# -- Labels to be added to the webhook ServiceMonitor
additionalLabels: {}
# release: kube-prometheus-stack
# -- Interval to scrape metrics
interval: 30s
# -- Timeout if metrics can't be retrieved in given time interval
scrapeTimeout: 25s
serviceAccount:
# -- Specifies whether a service account should be created
enabled: true
# -- Automounts the service account token in all containers of the Pod
automount: true
# -- Annotations to add to the service account
annotations: {}
# -- Extra Labels to add to the service account
extraLabels: {}
# -- The name of the service account to use.
# If not set and enabled is true, a name is generated using the fullname template
name: ""
# -- Annotations for webhook configurations.
annotations: {}
# -- Extra arguments to be passed to the webhook entrypoint
extrArgs: []
# -- Extra volumes to pass to webhook Pod
extraVolumes: []
# -- Extra volumes to mount to webhook container
extraVolumeMounts: []
# -- Annotations to add to webhook Pod
podAnnotations: {}
# -- Security context to add to webhook Pod
podSecurityContext: {}
# -- Security context to add to webhook container
securityContext: {}
# -- Resources to add to webhook container
resources: {}
# requests:
# cpu: 10m
# memory: 32Mi
# -- Node selectors to add to controller Pod
nodeSelector: {}
# -- Tolerations to add to controller Pod
tolerations: []
# -- Affinity to add to controller Pod
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: node-role.kubernetes.io/worker
operator: In
values:
- worker

certController:
# -- Specifies whether the cert-controller should be created.
enabled: true
image:
repository: docker-registry3.mariadb.com/mariadb-operator/mariadb-operator
pullPolicy: IfNotPresent
# -- Image tag to use. By default the chart appVersion is used
tag: ""
# Setting a digest will override any tag
# digest: sha256:084a927ee9f3918a5c85d283f73822ae205757df352218de0b935853a0765060
imagePullSecrets: []
ha:
# -- Enable high availability
enabled: false
# -- Number of replicas
replicas: 3
# -- CA certificate validity. It must be greater than certValidity.
caValidity: 35064h
# -- Certificate validity.
certValidity: 8766h
# -- Duration used to verify whether a certificate is valid or not.
lookaheadValidity: 2160h
# -- Requeue duration to ensure that certificate gets renewed.
requeueDuration: 5m
serviceMonitor:
# -- Enable cert-controller ServiceMonitor. Metrics must be enabled
enabled: true
# -- Labels to be added to the cert-controller ServiceMonitor
additionalLabels: {}
# release: kube-prometheus-stack
# -- Interval to scrape metrics
interval: 30s
# -- Timeout if metrics can't be retrieved in given time interval
scrapeTimeout: 25s
serviceAccount:
# -- Specifies whether a service account should be created
enabled: true
# -- Automounts the service account token in all containers of the Pod
automount: true
# -- Annotations to add to the service account
annotations: {}
# -- Extra Labels to add to the service account
extraLabels: {}
# -- The name of the service account to use.
# If not set and enabled is true, a name is generated using the fullname template
name: ""
# -- Extra arguments to be passed to the cert-controller entrypoint
extrArgs: []
# -- Extra volumes to pass to cert-controller Pod
extraVolumes: []
# -- Extra volumes to mount to cert-controller container
extraVolumeMounts: []
# -- Annotations to add to cert-controller Pod
podAnnotations: {}
# -- Security context to add to cert-controller Pod
podSecurityContext: {}
# -- Security context to add to cert-controller container
securityContext: {}
# -- Resources to add to cert-controller container
resources: {}
# requests:
# cpu: 10m
# memory: 32Mi
# -- Node selectors to add to controller Pod
nodeSelector: {}
# -- Tolerations to add to controller Pod
tolerations: []
# -- Affinity to add to controller Pod
affinity: {}
5 changes: 5 additions & 0 deletions base-kustomize/mariadb-operator/base/kustomization.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization

resources:
- all.yaml
Loading