diff --git a/.gitignore b/.gitignore index bd4986e9..34e4d8e7 100644 --- a/.gitignore +++ b/.gitignore @@ -1,6 +1,5 @@ build k8s-operator-hpcr.exe -k8s-operator-hpcr .env samples/apikey.yaml main.exe diff --git a/README.md b/README.md index dc9d5b57..630be19a 100644 --- a/README.md +++ b/README.md @@ -18,52 +18,6 @@ To get started, see [how to setup the controller in your cluster](#installing-th - all disks for the onprem case are created on the same storage pool - IBM Hyper Protect Virtual Servers v1 and IBM Cloud® Hyper Protect Virtual Servers v1 are not supported. -## Installing the Controller +## Installation & Deployment -You need a Kubernetes cluster with Internet connectivity. - -### 1. Install [Metacontroller](https://metacontroller.github.io/metacontroller/guide/install.html): - - ```bash - kubectl apply -k https://github.com/metacontroller/metacontroller/manifests/production - ``` - -### 2. Install the Hyper Protect Virtual Servers Kubernetes Operator - -```bash -kubectl apply -k https://github.com/ibm-hyper-protect/k8s-operator-hpcr/manifests -``` - -### 3. Verify your installation by checking for the existence of the custom resources - -```bash -kubectl get crds - -NAME CREATED AT -compositecontrollers.metacontroller.k8s.io 2023-03-15T21:32:11Z -controllerrevisions.metacontroller.k8s.io 2023-03-15T21:32:11Z -decoratorcontrollers.metacontroller.k8s.io 2023-03-15T21:32:11Z -onprem-hpcrs.hpse.ibm.com 2023-03-17T12:44:30Z -vpc-hpcrs.hpse.ibm.com 2023-03-17T12:44:30Z -``` - -```bash -kubectl get compositecontrollers - -NAME AGE -k8s-operator-hpcr-onprem 5m37s -k8s-operator-hpcr-vpc 5m37s -``` - -```bash -kubectl get deployments - -NAME READY UP-TO-DATE AVAILABLE AGE -k8s-operator-hpcr 1/1 1 1 6m35s -``` - -### Show Logs - -```bash -kubectl logs -l app=k8s-operator-hpcr -``` +Follow the instructions in the [deploy](https://github.com/ibm-hyper-protect/k8s-operator-hpcr/deploy) directory to install the operator on your cluster. \ No newline at end of file diff --git a/deploy/.helmignore b/deploy/.helmignore new file mode 100644 index 00000000..96a2c56e --- /dev/null +++ b/deploy/.helmignore @@ -0,0 +1,24 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +.helmignore +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/deploy/Makefile b/deploy/Makefile new file mode 100644 index 00000000..79fe38a7 --- /dev/null +++ b/deploy/Makefile @@ -0,0 +1,7 @@ +.PHONY: manifests +manifests: + helm template k8s-operator-hpcr-deployment charts/k8s-operator-hpcr -f helm-values.yaml > manifests/manifests.yaml + +.PHONY: kustomize-install +kustomize-install: + kubectl apply -k manifests diff --git a/deploy/README.md b/deploy/README.md new file mode 100644 index 00000000..921761b9 --- /dev/null +++ b/deploy/README.md @@ -0,0 +1,73 @@ +# Installing the Controller + +You need a Kubernetes cluster with Internet connectivity. + +## 1. Install [Metacontroller](https://metacontroller.github.io/metacontroller/guide/install.html): + + ```bash + kubectl apply -k https://github.com/metacontroller/metacontroller/manifests/production + ``` + +## 2. Install the Hyper Protect Virtual Servers Kubernetes Operator +The operator is installed via its helm chart. +Add the operator's helm chart to your local helm repository list as `k8s-operator-hpcr`. + ``` bash + helm repo add k8s-operator-hpcr https://charts.k8s-operator-hpcr.io + ``` +Install the chart with the release name `k8s-operator-hpcr`: + ``` bash + helm install k8s-operator-hpcr k8s-operator-hpcr/k8s-operator-hpcr + ``` + +### Generate my own Manifest files +The static deployment manifests would be generated from the helm chart and bundled as part of a release on github. +You can also generate your own static deployment manifests on your local workstation, using helm and make. +The default deployment values can be overwrtitten by customizing the `helm-values.yaml` file. + ```bash + make manifests + ``` +Then install the operator on your cluster via kubectl and kustomize. Be sure to have created the namespace for the operator's namespace on your cluster before apply the manifests: + ```bash + make kustomize-install + ``` + +## 3. Verify your installation by checking for the existence of the custom resources + +```bash +kubectl get crds + +NAME CREATED AT +compositecontrollers.metacontroller.k8s.io 2023-03-15T21:32:11Z +controllerrevisions.metacontroller.k8s.io 2023-03-15T21:32:11Z +decoratorcontrollers.metacontroller.k8s.io 2023-03-15T21:32:11Z +onprem-hpcrs.hpse.ibm.com 2023-03-17T12:44:30Z +vpc-hpcrs.hpse.ibm.com 2023-03-17T12:44:30Z +``` + +```bash +kubectl get compositecontrollers + +NAME AGE +k8s-operator-hpcr-onprem 5m37s +k8s-operator-hpcr-vpc 5m37s +``` + +```bash +kubectl get deployments -n k8s-operator-hpcr + +NAME READY UP-TO-DATE AVAILABLE AGE +k8s-operator-hpcr 1/1 1 1 6m35s +``` + +## Show Logs + + ```bash + kubectl logs -l app=k8s-operator-hpcr -n k8s-operator-hpcr + ``` + +## 4. Uninstalling the Chart +To uninstall the k8s-operator-hpcr deployment via helm: + ```bash + helm uninstall k8s-operator-hpcr + ``` +The command removes all the Kubernetes components associated with the chart and deletes the helm release. \ No newline at end of file diff --git a/deploy/charts/k8s-operator-hpcr/Chart.yaml b/deploy/charts/k8s-operator-hpcr/Chart.yaml new file mode 100644 index 00000000..bed9ba19 --- /dev/null +++ b/deploy/charts/k8s-operator-hpcr/Chart.yaml @@ -0,0 +1,18 @@ +apiVersion: v2 +name: k8s-operator-hpcr +description: A Kubernetes operator for managing VPC and onprem HPCR images +type: application + +version: 0.1.0 +appVersion: "v0.1.0" +kubeVersion: ">= 1.19.0-0" +keywords: + - kubernetes-hpcr + - hpcr + - onprem + - vpc +home: https://github.com/ibm-hyper-protect/k8s-operator-hpcr + +maintainers: + - name: Carsten Leue + email: test@gmail.com diff --git a/deploy/charts/k8s-operator-hpcr/README.md b/deploy/charts/k8s-operator-hpcr/README.md new file mode 100644 index 00000000..3b10bba2 --- /dev/null +++ b/deploy/charts/k8s-operator-hpcr/README.md @@ -0,0 +1,19 @@ +# Hyper Protect Virtual Servers Kubernetes Operator + +## Installing the chart + +To add the operator's helm chart to your local helm repository list as `k8s-hpcr-operator`. + ``` bash + helm repo add k8s-hpcr-operator https://charts.k8s-hpcr-operator.io + ``` +Install the chart with the release name `k8s-hpcr-operator`: + ``` bash + helm install k8s-hpcr-operator k8s-hpcr-operator/k8s-hpcr-operator + ``` + +## 4. Uninstalling the Chart +To uninstall `k8s-operator-hpcr` deployment: + ```bash + helm uninstall k8s-operator-hpcr + ``` +The command removes all the Kubernetes components associated with the chart and deletes the helm release. \ No newline at end of file diff --git a/manifests/crd.yaml b/deploy/charts/k8s-operator-hpcr/crds/bundle.yaml similarity index 100% rename from manifests/crd.yaml rename to deploy/charts/k8s-operator-hpcr/crds/bundle.yaml diff --git a/deploy/charts/k8s-operator-hpcr/index.yaml b/deploy/charts/k8s-operator-hpcr/index.yaml new file mode 100644 index 00000000..b68f5672 --- /dev/null +++ b/deploy/charts/k8s-operator-hpcr/index.yaml @@ -0,0 +1,3 @@ +apiVersion: v1 +entries: {} +generated: "2023-07-06T21:13:17.517976+02:00" diff --git a/deploy/charts/k8s-operator-hpcr/templates/_helpers.tpl b/deploy/charts/k8s-operator-hpcr/templates/_helpers.tpl new file mode 100644 index 00000000..6d1c007a --- /dev/null +++ b/deploy/charts/k8s-operator-hpcr/templates/_helpers.tpl @@ -0,0 +1,63 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "k8s-operator-hpcr.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "k8s-operator-hpcr.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "k8s-operator-hpcr.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "k8s-operator-hpcr.labels" -}} +helm.sh/chart: {{ include "k8s-operator-hpcr.chart" . }} +{{ include "k8s-operator-hpcr.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "k8s-operator-hpcr.selectorLabels" -}} +app.kubernetes.io/name: {{ include "k8s-operator-hpcr.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +app: {{ include "k8s-operator-hpcr.name" . }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "k8s-operator-hpcr.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "k8s-operator-hpcr.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} diff --git a/deploy/charts/k8s-operator-hpcr/templates/deployment.yaml b/deploy/charts/k8s-operator-hpcr/templates/deployment.yaml new file mode 100644 index 00000000..94732201 --- /dev/null +++ b/deploy/charts/k8s-operator-hpcr/templates/deployment.yaml @@ -0,0 +1,29 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "k8s-operator-hpcr.fullname" . }} + namespace: {{ .Values.namespace | default .Release.Namespace }} + labels: + {{- include "k8s-operator-hpcr.labels" . | nindent 4 }} +spec: + replicas: {{ .Values.replicaCount }} + selector: + matchLabels: + {{- include "k8s-operator-hpcr.selectorLabels" . | nindent 6 }} + template: + metadata: + labels: + {{- include "k8s-operator-hpcr.selectorLabels" . | nindent 8 }} + spec: + securityContext: + {{- toYaml .Values.podSecurityContext | nindent 8 }} + containers: + - name: {{ .Chart.Name }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + ports: + - name: http + containerPort: 8080 + protocol: TCP + resources: + {{- toYaml .Values.resources | nindent 12 }} diff --git a/deploy/charts/k8s-operator-hpcr/templates/meta_composite_controller.yaml b/deploy/charts/k8s-operator-hpcr/templates/meta_composite_controller.yaml new file mode 100644 index 00000000..4581fee0 --- /dev/null +++ b/deploy/charts/k8s-operator-hpcr/templates/meta_composite_controller.yaml @@ -0,0 +1,102 @@ +--- +{{- $serviceBaseUrl := "http://k8s-operator-hpcr" -}} +{{- $servicePort := "8080" -}} + +apiVersion: metacontroller.k8s.io/v1alpha1 +kind: CompositeController +metadata: + name: k8s-operator-hpcr-vpc +spec: + generateSelector: true + parentResource: + apiVersion: hpse.ibm.com/v1 + resource: vpc-hpcrs + resyncPeriodSeconds: 60 + hooks: + sync: + webhook: + url: {{ printf "%s.%s:%s/vpc/sync" $serviceBaseUrl (.Values.namespace | default .Release.Namespace) $servicePort }} + finalize: + webhook: + url: {{ printf "%s.%s:%s/vpc/finalize" $serviceBaseUrl (.Values.namespace | default .Release.Namespace) $servicePort }} + customize: + webhook: + url: {{ printf "%s.%s:%s/vpc/customize" $serviceBaseUrl (.Values.namespace | default .Release.Namespace) $servicePort }} +--- +apiVersion: metacontroller.k8s.io/v1alpha1 +kind: CompositeController +metadata: + name: k8s-operator-hpcr-onprem +spec: + generateSelector: true + parentResource: + apiVersion: hpse.ibm.com/v1 + resource: onprem-hpcrs + resyncPeriodSeconds: 60 + hooks: + sync: + webhook: + url: {{ printf "%s.%s:%s/onprem/sync" $serviceBaseUrl (.Values.namespace | default .Release.Namespace) $servicePort }} + finalize: + webhook: + url: {{ printf "%s.%s:%s/onprem/finalize" $serviceBaseUrl (.Values.namespace | default .Release.Namespace) $servicePort }} + customize: + webhook: + url: {{ printf "%s.%s:%s/onprem/customize" $serviceBaseUrl (.Values.namespace | default .Release.Namespace) $servicePort }} +--- +apiVersion: metacontroller.k8s.io/v1alpha1 +kind: CompositeController +metadata: + name: k8s-operator-hpcr-datadisk +spec: + generateSelector: true + parentResource: + apiVersion: hpse.ibm.com/v1 + resource: onprem-datadisks + resyncPeriodSeconds: 120 + hooks: + sync: + webhook: + url: {{ printf "%s.%s:%s/datadisk/sync" $serviceBaseUrl (.Values.namespace | default .Release.Namespace) $servicePort }} + finalize: + webhook: + url: {{ printf "%s.%s:%s/datadisk/finalize" $serviceBaseUrl (.Values.namespace | default .Release.Namespace) $servicePort }} + customize: + webhook: + url: {{ printf "%s.%s:%s/datadisk/customize" $serviceBaseUrl (.Values.namespace | default .Release.Namespace) $servicePort }} +--- +apiVersion: metacontroller.k8s.io/v1alpha1 +kind: CompositeController +metadata: + name: k8s-operator-hpcr-datadiskref +spec: + generateSelector: true + parentResource: + apiVersion: hpse.ibm.com/v1 + resource: onprem-datadiskrefs + resyncPeriodSeconds: 120 + hooks: + sync: + webhook: + url: {{ printf "%s.%s:%s/datadiskref/sync" $serviceBaseUrl (.Values.namespace | default .Release.Namespace) $servicePort }} + customize: + webhook: + url: {{ printf "%s.%s:%s/datadiskref/customize" $serviceBaseUrl (.Values.namespace | default .Release.Namespace) $servicePort }} +--- +apiVersion: metacontroller.k8s.io/v1alpha1 +kind: CompositeController +metadata: + name: k8s-operator-hpcr-networkref +spec: + generateSelector: true + parentResource: + apiVersion: hpse.ibm.com/v1 + resource: onprem-networkrefs + resyncPeriodSeconds: 120 + hooks: + sync: + webhook: + url: {{ printf "%s.%s:%s/networkref/sync" $serviceBaseUrl (.Values.namespace | default .Release.Namespace) $servicePort }} + customize: + webhook: + url: {{ printf "%s.%s:%s/networkref/customize" $serviceBaseUrl (.Values.namespace | default .Release.Namespace) $servicePort }} diff --git a/deploy/charts/k8s-operator-hpcr/templates/service.yaml b/deploy/charts/k8s-operator-hpcr/templates/service.yaml new file mode 100644 index 00000000..76efd523 --- /dev/null +++ b/deploy/charts/k8s-operator-hpcr/templates/service.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "k8s-operator-hpcr.fullname" . }} + namespace: {{ .Values.namespace | default .Release.Namespace }} + labels: + {{- include "k8s-operator-hpcr.labels" . | nindent 4 }} +spec: + type: {{ .Values.service.type }} + ports: + - port: {{ .Values.service.port }} + targetPort: http + protocol: TCP + name: http + selector: + {{- include "k8s-operator-hpcr.selectorLabels" . | nindent 4 }} diff --git a/deploy/charts/k8s-operator-hpcr/values.yaml b/deploy/charts/k8s-operator-hpcr/values.yaml new file mode 100644 index 00000000..4b41c3c9 --- /dev/null +++ b/deploy/charts/k8s-operator-hpcr/values.yaml @@ -0,0 +1,21 @@ +# Default values for k8s-operator-hpcr. + +replicaCount: 1 + +image: + repository: ghcr.io/ibm-hyper-protect/k8s-operator-hpcr + pullPolicy: Always + # Overrides the image tag whose default is the chart appVersion. + tag: latest + +service: + type: ClusterIP + port: 8080 + +resources: + limits: + memory: 512Mi + cpu: "1" + requests: + memory: 256Mi + cpu: "0.2" diff --git a/deploy/helm-values.yaml b/deploy/helm-values.yaml new file mode 100644 index 00000000..91cfdc86 --- /dev/null +++ b/deploy/helm-values.yaml @@ -0,0 +1,10 @@ +fullnameOverride: k8s-operator-hpcr +namespace: k8s-operator-hpcr + +resources: + limits: + memory: 512Mi + cpu: "1" + requests: + memory: 256Mi + cpu: "0.2" \ No newline at end of file diff --git a/deploy/manifests/kustomization.yaml b/deploy/manifests/kustomization.yaml new file mode 100644 index 00000000..5966c489 --- /dev/null +++ b/deploy/manifests/kustomization.yaml @@ -0,0 +1,2 @@ +resources: +- manifests.yaml \ No newline at end of file diff --git a/manifests/controller.yaml b/manifests/controller.yaml deleted file mode 100644 index 06889789..00000000 --- a/manifests/controller.yaml +++ /dev/null @@ -1,99 +0,0 @@ ---- -apiVersion: metacontroller.k8s.io/v1alpha1 -kind: CompositeController -metadata: - name: k8s-operator-hpcr-vpc -spec: - generateSelector: true - parentResource: - apiVersion: hpse.ibm.com/v1 - resource: vpc-hpcrs - resyncPeriodSeconds: 60 - hooks: - sync: - webhook: - url: http://k8s-operator-hpcr.default:8080/vpc/sync - finalize: - webhook: - url: http://k8s-operator-hpcr.default:8080/vpc/finalize - customize: - webhook: - url: http://k8s-operator-hpcr.default:8080/vpc/customize ---- -apiVersion: metacontroller.k8s.io/v1alpha1 -kind: CompositeController -metadata: - name: k8s-operator-hpcr-onprem -spec: - generateSelector: true - parentResource: - apiVersion: hpse.ibm.com/v1 - resource: onprem-hpcrs - resyncPeriodSeconds: 60 - hooks: - sync: - webhook: - url: http://k8s-operator-hpcr.default:8080/onprem/sync - finalize: - webhook: - url: http://k8s-operator-hpcr.default:8080/onprem/finalize - customize: - webhook: - url: http://k8s-operator-hpcr.default:8080/onprem/customize ---- -apiVersion: metacontroller.k8s.io/v1alpha1 -kind: CompositeController -metadata: - name: k8s-operator-hpcr-datadisk -spec: - generateSelector: true - parentResource: - apiVersion: hpse.ibm.com/v1 - resource: onprem-datadisks - resyncPeriodSeconds: 120 - hooks: - sync: - webhook: - url: http://k8s-operator-hpcr.default:8080/datadisk/sync - finalize: - webhook: - url: http://k8s-operator-hpcr.default:8080/datadisk/finalize - customize: - webhook: - url: http://k8s-operator-hpcr.default:8080/datadisk/customize ---- -apiVersion: metacontroller.k8s.io/v1alpha1 -kind: CompositeController -metadata: - name: k8s-operator-hpcr-datadiskref -spec: - generateSelector: true - parentResource: - apiVersion: hpse.ibm.com/v1 - resource: onprem-datadiskrefs - resyncPeriodSeconds: 120 - hooks: - sync: - webhook: - url: http://k8s-operator-hpcr.default:8080/datadiskref/sync - customize: - webhook: - url: http://k8s-operator-hpcr.default:8080/datadiskref/customize ---- -apiVersion: metacontroller.k8s.io/v1alpha1 -kind: CompositeController -metadata: - name: k8s-operator-hpcr-networkref -spec: - generateSelector: true - parentResource: - apiVersion: hpse.ibm.com/v1 - resource: onprem-networkrefs - resyncPeriodSeconds: 120 - hooks: - sync: - webhook: - url: http://k8s-operator-hpcr.default:8080/networkref/sync - customize: - webhook: - url: http://k8s-operator-hpcr.default:8080/networkref/customize diff --git a/manifests/kustomization.yaml b/manifests/kustomization.yaml deleted file mode 100644 index 44681296..00000000 --- a/manifests/kustomization.yaml +++ /dev/null @@ -1,4 +0,0 @@ -resources: -- controller.yaml -- crd.yaml -- webhook.yaml \ No newline at end of file diff --git a/manifests/webhook.yaml b/manifests/webhook.yaml deleted file mode 100644 index b4b31e34..00000000 --- a/manifests/webhook.yaml +++ /dev/null @@ -1,37 +0,0 @@ ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: k8s-operator-hpcr - labels: - hpcr: pod -spec: - replicas: 1 - selector: - matchLabels: - app: k8s-operator-hpcr - template: - metadata: - labels: - app: k8s-operator-hpcr - spec: - containers: - - name: controller - image: ghcr.io/ibm-hyper-protect/k8s-operator-hpcr:latest - resources: - limits: - memory: 512Mi - cpu: "1" - requests: - memory: 256Mi - cpu: "0.2" ---- -apiVersion: v1 -kind: Service -metadata: - name: k8s-operator-hpcr -spec: - selector: - app: k8s-operator-hpcr - ports: - - port: 8080 \ No newline at end of file