From f0fed2dd7be68302b1fc140d6fa8e3cf4ba27f4a Mon Sep 17 00:00:00 2001 From: Anthony Lin Date: Fri, 27 Oct 2017 14:09:18 +0000 Subject: [PATCH] Refactor controller_manager Chart Refactor controller_manager chart to align with OSH standards Change-Id: I6adfbb23dc6f00a1521168ecf6c062c490947192 --- charts/controller_manager/Chart.yaml | 14 +++ charts/controller_manager/requirements.yaml | 14 +++ .../templates/bin/_anchor.tpl | 87 +++++--------- .../templates/bin/_pre_stop.tpl | 13 +++ .../templates/configmap-bin.yaml | 20 ++++ .../templates/configmap-etc.yaml | 47 ++++---- .../templates/daemonset.yaml | 65 +++++++---- .../templates/etc/_kubeconfig.yaml.tpl | 34 ++++++ .../_kubernetes-controller-manager.yaml.tpl | 53 +++++++++ .../controller_manager/templates/secret.yaml | 23 +++- charts/controller_manager/values.yaml | 108 +++++++++++++++--- examples/basic/armada-resources.yaml | 26 +++-- examples/complete/armada-resources.yaml | 26 +++-- .../bootstrap-armada-config.yaml | 26 +++-- 14 files changed, 399 insertions(+), 157 deletions(-) create mode 100644 charts/controller_manager/templates/etc/_kubeconfig.yaml.tpl create mode 100644 charts/controller_manager/templates/etc/_kubernetes-controller-manager.yaml.tpl diff --git a/charts/controller_manager/Chart.yaml b/charts/controller_manager/Chart.yaml index 2c67a387..f42c7ef1 100644 --- a/charts/controller_manager/Chart.yaml +++ b/charts/controller_manager/Chart.yaml @@ -1,3 +1,17 @@ +# Copyright 2017 AT&T Intellectual Property. All other rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + apiVersion: v1 description: A chart for Kubernetes controller-manager name: controller_manager diff --git a/charts/controller_manager/requirements.yaml b/charts/controller_manager/requirements.yaml index 4b156320..21a6052a 100644 --- a/charts/controller_manager/requirements.yaml +++ b/charts/controller_manager/requirements.yaml @@ -1,3 +1,17 @@ +# Copyright 2017 AT&T Intellectual Property. All other rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + dependencies: - name: helm-toolkit repository: http://localhost:8879/charts diff --git a/charts/controller_manager/templates/bin/_anchor.tpl b/charts/controller_manager/templates/bin/_anchor.tpl index fc4584cf..8f165e2a 100644 --- a/charts/controller_manager/templates/bin/_anchor.tpl +++ b/charts/controller_manager/templates/bin/_anchor.tpl @@ -1,79 +1,48 @@ #!/bin/sh +# Copyright 2017 AT&T Intellectual Property. All other rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. set -x -export MANIFEST_PATH=/host{{ .Values.anchor.kubelet.manifest_path }}/{{ .Values.service.name }}.yaml -export ETC_PATH=/host{{ .Values.controller_manager.host_etc_path }} +compare_copy_files() { -copy_etc_files() { - mkdir -p $ETC_PATH - cp /configmap/* /secret/* $ETC_PATH -} - -create_manifest() { - mkdir -p $(dirname $MANIFEST_PATH) - cat < $MANIFEST_PATH ---- -apiVersion: v1 -kind: Pod -metadata: - name: {{ .Values.service.name }} - namespace: {{ .Release.Namespace }} - labels: - {{ .Values.service.name }}-service: enabled -spec: - hostNetwork: true - containers: - - name: controller-manager - image: {{ .Values.images.controller_manager }} - env: - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - command: - - {{ .Values.controller_manager.command }} - - --allocate-node-cidrs=true - - --cluster-cidr={{ .Values.network.pod_cidr }} - - --configure-cloud-routes=false - - --leader-elect=true - - --node-monitor-period={{ .Values.controller_manager.node_monitor_period }} - - --node-monitor-grace-period={{ .Values.controller_manager.node_monitor_grace_period }} - - --pod-eviction-timeout={{ .Values.controller_manager.pod_eviction_timeout }} - - --kubeconfig=/etc/kubernetes/controller-manager/kubeconfig.yaml - - --root-ca-file=/etc/kubernetes/controller-manager/cluster-ca.pem - - --service-account-private-key-file=/etc/kubernetes/controller-manager/service-account.priv - - --service-cluster-ip-range={{ .Values.network.service_cidr }} - - --use-service-account-credentials=true - - - --v=5 - - volumeMounts: - - name: etc - mountPath: /etc/kubernetes/controller-manager - volumes: - - name: etc - hostPath: - path: {{ .Values.controller_manager.host_etc_path }} -EODOC + {{range .Values.anchor.files_to_copy}} + if [ ! -e /host{{ .dest }} ] || cmp -s {{ .source }} /host{{ .dest }}; then + mkdir -p $(dirname /host{{ .dest }}) + cp {{ .source }} /host{{ .dest }} + fi + {{end}} } cleanup() { - rm -f $MANIFEST_PATH - rm -rf $ETC_PATH + + {{range .Values.anchor.files_to_copy}} + rm -f /host{{ .dest }} + {{end}} } while true; do + if [ -e /tmp/stop ]; then echo Stopping cleanup break fi - if [ ! -e $MANIFEST_PATH ]; then - copy_etc_files - create_manifest - fi + # Compare and replace files on Genesis host if needed + # Copy files to other master nodes + compare_copy_files sleep {{ .Values.anchor.period }} done diff --git a/charts/controller_manager/templates/bin/_pre_stop.tpl b/charts/controller_manager/templates/bin/_pre_stop.tpl index 37bb5c0f..e58fffe9 100644 --- a/charts/controller_manager/templates/bin/_pre_stop.tpl +++ b/charts/controller_manager/templates/bin/_pre_stop.tpl @@ -1,4 +1,17 @@ #!/bin/sh +# Copyright 2017 AT&T Intellectual Property. All other rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. set -x diff --git a/charts/controller_manager/templates/configmap-bin.yaml b/charts/controller_manager/templates/configmap-bin.yaml index e2740643..5205587b 100644 --- a/charts/controller_manager/templates/configmap-bin.yaml +++ b/charts/controller_manager/templates/configmap-bin.yaml @@ -1,3 +1,22 @@ +{{/* +Copyright 2017 AT&T Intellectual Property. All other rights reserved. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.configmap_bin }} +{{- $envAll := . }} + --- apiVersion: v1 kind: ConfigMap @@ -8,3 +27,4 @@ data: {{ tuple "bin/_anchor.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} pre_stop: |+ {{ tuple "bin/_pre_stop.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} +{{- end }} diff --git a/charts/controller_manager/templates/configmap-etc.yaml b/charts/controller_manager/templates/configmap-etc.yaml index 27758516..568080aa 100644 --- a/charts/controller_manager/templates/configmap-etc.yaml +++ b/charts/controller_manager/templates/configmap-etc.yaml @@ -1,29 +1,32 @@ +{{/* +Copyright 2017 AT&T Intellectual Property. All other rights reserved. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.configmap_etc }} +{{- $envAll := . }} + --- apiVersion: v1 kind: ConfigMap metadata: name: {{ .Values.service.name }}-etc data: - cluster-ca.pem: {{ .Values.tls.ca | quote }} - controller-manager.pem: {{ .Values.tls.cert | quote }} + cluster-ca.pem: {{ .Values.secrets.tls.ca | quote }} + controller-manager.pem: {{ .Values.secrets.tls.cert | quote }} kubeconfig.yaml: |+ - --- - apiVersion: v1 - clusters: - - cluster: - server: https://{{ .Values.network.kubernetes_netloc }} - certificate-authority: cluster-ca.pem - name: kubernetes - contexts: - - context: - cluster: kubernetes - user: controller-manager - name: controller-manager@kubernetes - current-context: controller-manager@kubernetes - kind: Config - preferences: {} - users: - - name: controller-manager - user: - client-certificate: controller-manager.pem - client-key: controller-manager-key.pem +{{ tuple "etc/_kubeconfig.yaml.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} + kubernetes-controller-manager.yaml: |+ +{{ tuple "etc/_kubernetes-controller-manager.yaml.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} +{{- end }} diff --git a/charts/controller_manager/templates/daemonset.yaml b/charts/controller_manager/templates/daemonset.yaml index 071206a3..8c7be108 100644 --- a/charts/controller_manager/templates/daemonset.yaml +++ b/charts/controller_manager/templates/daemonset.yaml @@ -1,39 +1,62 @@ +{{/* +Copyright 2017 AT&T Intellectual Property. All other rights reserved. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.controller_manager }} +{{- $envAll := . }} +{{- $dependencies := .Values.dependencies.controller_manager }} +{{- $mounts_controller_manager := .Values.pod.mounts.controller_manager.controller_manager }} +{{- $mounts_controller_manager_init := .Values.pod.mounts.controller_manager.init_container }} --- apiVersion: "extensions/v1beta1" kind: DaemonSet metadata: name: {{ .Values.service.name }}-anchor - labels: - application: kubernetes - component: kubernetes-controller-manager-anchor spec: - selector: - matchLabels: - {{ .Values.service.name | quote }}: anchor - updateStrategy: - rollingUpdate: - maxUnavailable: 1 +{{ tuple $envAll "controller_manager" | include "helm-toolkit.snippets.kubernetes_upgrades_daemonset" | indent 2 }} template: metadata: + labels: +{{ tuple $envAll "kubernetes" "controller-manager-anchor" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} annotations: scheduler.alpha.kubernetes.io/critical-pod: '' configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }} configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }} - labels: - {{ .Values.service.name | quote }}: anchor spec: - hostNetwork: true - dnsPolicy: {{ .Values.anchor.dns_policy }} nodeSelector: - {{ .Values.anchor.node_selector.key }}: {{ .Values.anchor.node_selector.value }} + {{ .Values.labels.controller_manager.node_selector_key }}: {{ .Values.labels.controller_manager.node_selector_value }} + dnsPolicy: {{ .Values.anchor.dns_policy }} + hostNetwork: true tolerations: - key: node-role.kubernetes.io/master effect: NoSchedule - key: CriticalAddonsOnly operator: Exists + terminationGracePeriodSeconds: {{ .Values.pod.lifecycle.termination_grace_period.controller_manager.timeout }} + initContainers: +{{ tuple $envAll $dependencies $mounts_controller_manager_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} containers: - name: anchor - image: {{ .Values.images.anchor }} + image: {{ .Values.images.tags.anchor }} + imagePullPolicy: {{ .Values.images.pull_policy }} + env: + - name: MANIFEST_PATH + value: /host{{ .Values.anchor.kubelet.manifest_path }}/kubernetes-controller-manager.yaml + - name: ETC_PATH + value: /host{{ .Values.controller_manager.host_etc_path }} +{{ tuple $envAll $envAll.Values.pod.resources.controller_manager | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} command: - /tmp/bin/anchor lifecycle: @@ -42,21 +65,21 @@ spec: command: - /tmp/bin/pre_stop volumeMounts: - - name: bin + - name: {{ .Values.service.name }}-bin mountPath: /tmp/bin - - name: etc + - name: {{ .Values.service.name }}-etc mountPath: /configmap - name: host mountPath: /host - name: secret mountPath: /secret - terminationGracePeriodSeconds: {{ .Values.anchor.termination_grace_period }} +{{ if $mounts_controller_manager.volumeMounts }}{{ toYaml $mounts_controller_manager.volumeMounts | indent 12 }}{{ end }} volumes: - - name: bin + - name: {{ .Values.service.name }}-bin configMap: name: {{ .Values.service.name }}-bin defaultMode: 0555 - - name: etc + - name: {{ .Values.service.name }}-etc configMap: name: {{ .Values.service.name }}-etc defaultMode: 0444 @@ -67,3 +90,5 @@ spec: secret: secretName: {{ .Values.service.name }} defaultMode: 0444 +{{ if $mounts_controller_manager.volumes }}{{ toYaml $mounts_controller_manager.volumes | indent 8 }}{{ end }} +{{- end }} diff --git a/charts/controller_manager/templates/etc/_kubeconfig.yaml.tpl b/charts/controller_manager/templates/etc/_kubeconfig.yaml.tpl new file mode 100644 index 00000000..3b57f51c --- /dev/null +++ b/charts/controller_manager/templates/etc/_kubeconfig.yaml.tpl @@ -0,0 +1,34 @@ +# Copyright 2017 AT&T Intellectual Property. All other rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- +apiVersion: v1 +clusters: +- cluster: + server: https://{{ .Values.network.kubernetes_netloc }} + certificate-authority: cluster-ca.pem + name: kubernetes +contexts: +- context: + cluster: kubernetes + user: controller-manager + name: controller-manager@kubernetes +current-context: controller-manager@kubernetes +kind: Config +preferences: {} +users: +- name: controller-manager + user: + client-certificate: controller-manager.pem + client-key: controller-manager-key.pem diff --git a/charts/controller_manager/templates/etc/_kubernetes-controller-manager.yaml.tpl b/charts/controller_manager/templates/etc/_kubernetes-controller-manager.yaml.tpl new file mode 100644 index 00000000..bfb80d5c --- /dev/null +++ b/charts/controller_manager/templates/etc/_kubernetes-controller-manager.yaml.tpl @@ -0,0 +1,53 @@ +# Copyright 2017 AT&T Intellectual Property. All other rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- +apiVersion: v1 +kind: Pod +metadata: + name: {{ .Values.service.name }} + namespace: {{ .Release.Namespace }} + labels: + {{ .Values.service.name }}-service: enabled +spec: + hostNetwork: true + containers: + - name: controller-manager + image: {{ .Values.images.tags.controller_manager }} + env: + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + # NOTE: We will not expose parameters that should take on fixed values + # in the values.yaml as these parameters should not be changed by user(s). + command: + {{- range .Values.command_prefix }} + - {{ . }} + {{- end }} + - --configure-cloud-routes=false + - --leader-elect=true + - --kubeconfig=/etc/kubernetes/controller-manager/kubeconfig.yaml + - --root-ca-file=/etc/kubernetes/controller-manager/cluster-ca.pem + - --service-account-private-key-file=/etc/kubernetes/controller-manager/service-account.priv + - --use-service-account-credentials=true + - --v=5 + + volumeMounts: + - name: etc + mountPath: /etc/kubernetes/controller-manager + volumes: + - name: etc + hostPath: + path: {{ .Values.controller_manager.host_etc_path }} diff --git a/charts/controller_manager/templates/secret.yaml b/charts/controller_manager/templates/secret.yaml index 9b6af0ae..c73ec60b 100644 --- a/charts/controller_manager/templates/secret.yaml +++ b/charts/controller_manager/templates/secret.yaml @@ -1,3 +1,21 @@ +{{/* +Copyright 2017 AT&T Intellectual Property. All other rights reserved. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.secret }} +{{- $envAll := . }} --- apiVersion: v1 kind: Secret @@ -5,5 +23,6 @@ metadata: name: {{ .Values.service.name }} type: Opaque data: - controller-manager-key.pem: {{ .Values.tls.key | b64enc }} - service-account.priv: {{ .Values.service_account.private_key | b64enc }} + controller-manager-key.pem: {{ .Values.secrets.tls.key | b64enc }} + service-account.priv: {{ .Values.secrets.service_account.private_key | b64enc }} +{{- end }} diff --git a/charts/controller_manager/values.yaml b/charts/controller_manager/values.yaml index 0b1b2ddd..2189d0b2 100644 --- a/charts/controller_manager/values.yaml +++ b/charts/controller_manager/values.yaml @@ -1,31 +1,68 @@ +# Copyright 2017 AT&T Intellectual Property. All other rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +release_group: null + +images: + tags: + anchor: quay.io/attcomdev/kube-controller-manager:v1.8.0 + controller_manager: quay.io/attcomdev/kube-controller-manager:v1.8.0 + dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.2.1 + pull_policy: "IfNotPresent" + +labels: + controller_manager: + node_selector_key: kubernetes-controller-manager + node_selector_value: enabled + anchor: dns_policy: Default kubelet: manifest_path: /etc/kubernetes/manifests - node_selector: - key: kubernetes-controller-manager - value: enabled period: 15 - termination_grace_period: 3600 + files_to_copy: + - source: /configmap/cluster-ca.pem + dest: /etc/kubernetes/controller-manager/cluster-ca.pem + - source: /configmap/controller-manager.pem + dest: /etc/kubernetes/controller-manager/controller-manager.pem + - source: /configmap/kubeconfig.yaml + dest: /etc/kubernetes/controller-manager/kubeconfig.yaml + - source: /secret/controller-manager-key.pem + dest: /etc/kubernetes/controller-manager/controller-manager-key.pem + - source: /secret/service-account.priv + dest: /etc/kubernetes/controller-manager/service-account.priv + - source: /configmap/kubernetes-controller-manager.yaml + dest: /etc/kubernetes/manifests/kubernetes-controller-manager.yaml controller_manager: - command: /controller-manager host_etc_path: /etc/kubernetes/controller-manager - node_monitor_period: 5s - node_monitor_grace_period: 20s - pod_eviction_timeout: 60s -service_account: - private_key: placeholder +command_prefix: + - /controller-manager + - --cluster-cidr=10.97.0.0/16 + - --node-monitor-period=5s + - --node-monitor-grace-period=20s + - --pod-eviction-timeout=60s + - --service-cluster-ip-range=10.96.0.0/16 -tls: - ca: placeholder - cert: placeholder - key: placeholder - -images: - anchor: quay.io/attcomdev/kube-controller-manager:v1.8.0 - controller_manager: quay.io/attcomdev/kube-controller-manager:v1.8.0 +secrets: + tls: + ca: placeholder + cert: placeholder + key: placeholder + service_account: + private_key: placeholder network: kubernetes_netloc: 10.96.0.1 @@ -34,3 +71,38 @@ network: service: name: kubernetes-controller-manager + +dependencies: + controller_manager: + +pod: + mounts: + controller_manager: + init_container: null + controller_manager: + lifecycle: + upgrades: + daemonsets: + pod_replacement_strategy: RollingUpdate + controller_manager: + enabled: false + min_ready_seconds: 0 + max_unavailable: 1 + termination_grace_period: + controller_manager: + timeout: 3600 + resources: + enabled: false + controller_manager: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "1024Mi" + cpu: "2000m" + +manifests: + configmap_bin: true + configmap_etc: true + controller_manager: true + secret: true diff --git a/examples/basic/armada-resources.yaml b/examples/basic/armada-resources.yaml index 2b11c199..02b88cb7 100644 --- a/examples/basic/armada-resources.yaml +++ b/examples/basic/armada-resources.yaml @@ -619,7 +619,7 @@ metadata: name: kubernetes path: $ dest: - path: $.values.tls.ca + path: $.values.secrets.tls.ca - src: @@ -627,21 +627,21 @@ metadata: name: controller-manager path: $ dest: - path: $.values.tls.cert + path: $.values.secrets.tls.cert - src: schema: deckhand/CertificateKey/v1 name: controller-manager path: $ dest: - path: $.values.tls.key + path: $.values.secrets.tls.key - src: schema: deckhand/PrivateKey/v1 name: service-account path: $ dest: - path: $.values.service_account.private_key + path: $.values.secrets.service_account.private_key data: chart_name: controller_manager @@ -652,14 +652,16 @@ data: no_hooks: true values: images: - anchor: gcr.io/google_containers/hyperkube-amd64:v1.8.0 - controller_manager: gcr.io/google_containers/hyperkube-amd64:v1.8.0 - service_account: - private_key: placeholder - tls: - ca: placeholder - cert: placeholder - key: placeholder + tags: + anchor: gcr.io/google_containers/hyperkube-amd64:v1.8.0 + controller_manager: gcr.io/google_containers/hyperkube-amd64:v1.8.0 + secrets: + service_account: + private_key: placeholder + tls: + ca: placeholder + cert: placeholder + key: placeholder network: kubernetes_netloc: apiserver.kubernetes.promenade:6443 pod_cidr: 10.97.0.0/16 diff --git a/examples/complete/armada-resources.yaml b/examples/complete/armada-resources.yaml index 90d56e2a..b40bb011 100644 --- a/examples/complete/armada-resources.yaml +++ b/examples/complete/armada-resources.yaml @@ -648,7 +648,7 @@ metadata: name: kubernetes path: $ dest: - path: $.values.tls.ca + path: $.values.secrets.tls.ca - src: @@ -656,21 +656,21 @@ metadata: name: controller-manager path: $ dest: - path: $.values.tls.cert + path: $.values.secrets.tls.cert - src: schema: deckhand/CertificateKey/v1 name: controller-manager path: $ dest: - path: $.values.tls.key + path: $.values.secrets.tls.key - src: schema: deckhand/PrivateKey/v1 name: service-account path: $ dest: - path: $.values.service_account.private_key + path: $.values.secrets.service_account.private_key data: chart_name: controller_manager @@ -681,14 +681,16 @@ data: no_hooks: true values: images: - anchor: gcr.io/google_containers/hyperkube-amd64:v1.8.0 - controller_manager: gcr.io/google_containers/hyperkube-amd64:v1.8.0 - service_account: - private_key: placeholder - tls: - ca: placeholder - cert: placeholder - key: placeholder + tags: + anchor: gcr.io/google_containers/hyperkube-amd64:v1.8.0 + controller_manager: gcr.io/google_containers/hyperkube-amd64:v1.8.0 + secrets: + service_account: + private_key: placeholder + tls: + ca: placeholder + cert: placeholder + key: placeholder network: kubernetes_netloc: apiserver.kubernetes.promenade:6443 pod_cidr: 10.97.0.0/16 diff --git a/tools/gate/config-templates/bootstrap-armada-config.yaml b/tools/gate/config-templates/bootstrap-armada-config.yaml index eac9511e..2af3b500 100644 --- a/tools/gate/config-templates/bootstrap-armada-config.yaml +++ b/tools/gate/config-templates/bootstrap-armada-config.yaml @@ -632,7 +632,7 @@ metadata: name: kubernetes path: $ dest: - path: $.values.tls.ca + path: $.values.secrets.tls.ca - src: @@ -640,21 +640,21 @@ metadata: name: controller-manager path: $ dest: - path: $.values.tls.cert + path: $.values.secrets.tls.cert - src: schema: deckhand/CertificateKey/v1 name: controller-manager path: $ dest: - path: $.values.tls.key + path: $.values.secrets.tls.key - src: schema: deckhand/PrivateKey/v1 name: service-account path: $ dest: - path: $.values.service_account.private_key + path: $.values.secrets.service_account.private_key data: chart_name: controller_manager @@ -665,14 +665,16 @@ data: no_hooks: true values: images: - anchor: ${IMAGE_HYPERKUBE} - controller_manager: ${IMAGE_HYPERKUBE} - service_account: - private_key: placeholder - tls: - ca: placeholder - cert: placeholder - key: placeholder + tags: + anchor: ${IMAGE_HYPERKUBE} + controller_manager: ${IMAGE_HYPERKUBE} + secrets: + service_account: + private_key: placeholder + tls: + ca: placeholder + cert: placeholder + key: placeholder network: kubernetes_netloc: apiserver.kubernetes.promenade:6443 pod_cidr: 10.97.0.0/16