Allow kustomize jobs to watch resources in multiple namespaces
This commit is contained in:
Matt Pryor
parent
5b94ef8e9f
commit
bf453de098
@ -212,15 +212,23 @@ Template for a script that installs or upgrades resources using Kustomize.
|
||||
*/}}
|
||||
{{- define "addon.kustomize.install" }}
|
||||
kustomize build . | kubectl apply -f -
|
||||
{{- if .resources }}
|
||||
{{- range .resources }}
|
||||
{{-
|
||||
$namespace := required
|
||||
"resourceNamespace is required for a Kustomize job with resources"
|
||||
.resourceNamespace
|
||||
"namespace is required for a resource to watch"
|
||||
.namespace
|
||||
}}
|
||||
{{- range .resources }}
|
||||
kubectl -n {{ $namespace }} rollout status {{ . }}
|
||||
{{- end }}
|
||||
{{-
|
||||
$kind := required
|
||||
"kind is required for a resource to watch"
|
||||
.kind
|
||||
}}
|
||||
{{-
|
||||
$name := required
|
||||
"name is required for a resource to watch"
|
||||
.name
|
||||
}}
|
||||
kubectl -n {{ $namespace }} rollout status {{ $kind }}/{{ $name }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
@ -229,15 +237,23 @@ Template for a script that deletes resources using Kustomize.
|
||||
*/}}
|
||||
{{- define "addon.kustomize.delete" }}
|
||||
kustomize build . | kubectl delete -f -
|
||||
{{- if .resources }}
|
||||
{{- range .resources }}
|
||||
{{-
|
||||
$namespace := required
|
||||
"resourceNamespace is required for a Kustomize job with resources"
|
||||
.resourceNamespace
|
||||
"namespace is required for a resource to watch"
|
||||
.namespace
|
||||
}}
|
||||
{{- range .resources }}
|
||||
kubectl -n {{ $namespace }} wait --for=delete {{ . }}
|
||||
{{- end }}
|
||||
{{-
|
||||
$kind := required
|
||||
"kind is required for a resource to watch"
|
||||
.kind
|
||||
}}
|
||||
{{-
|
||||
$name := required
|
||||
"name is required for a resource to watch"
|
||||
.name
|
||||
}}
|
||||
kubectl -n {{ $namespace }} wait --for=delete {{ $kind }}/{{ $name }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
@ -275,8 +291,13 @@ kustomize:
|
||||
# Values from the template take precedence over the dict
|
||||
kustomization: {}
|
||||
kustomizationTemplate:
|
||||
resourceNamespace:
|
||||
resources: []
|
||||
# List of resources to watch to determine if the rollout is complete
|
||||
# Resources should be usable with "kubectl rollout status"
|
||||
watches: []
|
||||
# The resources should be specified in the form
|
||||
# namespace:
|
||||
# kind:
|
||||
# name:
|
||||
custom:
|
||||
# Scripts are treated as templates during rendering
|
||||
install:
|
||||
|
||||
@ -1,166 +0,0 @@
|
||||
# Used to override the chart name in resource names
|
||||
nameOverride:
|
||||
# Used to override the full name in resource names (usually "<release name>-<chart-name>")
|
||||
fullnameOverride:
|
||||
|
||||
# The image to use for the job pods
|
||||
image:
|
||||
# The image repository to use
|
||||
repository: ghcr.io/stackhpc/k8s-utils
|
||||
# The image tag to use
|
||||
# Defaults to chart appVersion if not given
|
||||
tag:
|
||||
# The pull policy to use
|
||||
pullPolicy: IfNotPresent
|
||||
|
||||
# Secrets required to pull the image (if required)
|
||||
imagePullSecrets:
|
||||
|
||||
# Details of a secret containing a kubeconfig file for a remote cluster
|
||||
# If given, this is used in preference to a service account
|
||||
kubeconfigSecret:
|
||||
# The name of the secret
|
||||
# This is treated as a template during rendering
|
||||
name:
|
||||
# The key of the kubeconfig file in the secret
|
||||
key: value
|
||||
|
||||
# Options for the service account to use
|
||||
# A pre-existing service account can be used, or a new one can be created
|
||||
#
|
||||
# A service account is always required as it is used by the pre-delete hook
|
||||
# to suspend any install jobs that are still running prior to running the deletion
|
||||
#
|
||||
# The permissions required by the service account depend on whether the installation
|
||||
# is targetting a remote cluster or the local cluster
|
||||
#
|
||||
# Whether the installation target is local or remote, the service account needs to
|
||||
# have permission to list and patch jobs in the release namespace for the delete hook
|
||||
# in order to suspend any running install jobs
|
||||
#
|
||||
# When the installation targets the local cluster, the service account must also have
|
||||
# permission to create any resources that need to be installed, which could be into
|
||||
# other namespaces - the cluster-admin cluster role is normally used for this
|
||||
serviceAccount:
|
||||
# Indicates whether to create a new service account
|
||||
create: true
|
||||
# The name of the cluster role to bind the created service account to
|
||||
clusterRoleName: cluster-admin
|
||||
# The name of the service account
|
||||
# If create = true, this is the name of the created service account
|
||||
# If create = false, this is the name of an existing service account to use
|
||||
# This is treated as a template during rendering
|
||||
name: "{{ include \"addon.fullname\" . }}"
|
||||
|
||||
# The type of the install job
|
||||
# One of helm, kustomize or custom
|
||||
installType: custom
|
||||
|
||||
# Options that are used for Helm jobs
|
||||
helm:
|
||||
# List of manifest URLs containing CRDs to install before running Helm
|
||||
# This is because Helm has poor support for CRDs, particularly on upgrade
|
||||
crdManifests: []
|
||||
# Options for the Helm chart
|
||||
chart:
|
||||
# The repository URL for the chart
|
||||
repo:
|
||||
# The name of the chart
|
||||
name:
|
||||
# The version of the chart to use
|
||||
version:
|
||||
# Options for the Helm release
|
||||
release:
|
||||
# The namespace for the release
|
||||
namespace:
|
||||
# The name of the release
|
||||
name:
|
||||
# The time to wait for the release to complete
|
||||
timeout: 60m
|
||||
# The values for the release
|
||||
# Values can come from either a dict or a template
|
||||
# The template is rendered with the root context, then the result is merged into the dict
|
||||
# Values from the template take precedence over the dict
|
||||
values: {}
|
||||
valuesTemplate:
|
||||
|
||||
# Options that are used for Kustomize jobs
|
||||
kustomize:
|
||||
# Values for the kustomization file
|
||||
# Values can come from either a dict or a template
|
||||
# The template is rendered with the root context, then the result is merged into the dict
|
||||
# Values from the template take precedence over the dict
|
||||
kustomization: {}
|
||||
kustomizationTemplate:
|
||||
# The namespace to wait for resources in
|
||||
resourceNamespace:
|
||||
# List of resources to wait for for in the format <type>/<name>
|
||||
# Waiting is done using "kubectl rollout status" so resources must be compatible with that command
|
||||
resources: []
|
||||
# - statefulset/my-statefulset
|
||||
# - deployment/my-deployment
|
||||
|
||||
# Options for a custom install job
|
||||
custom:
|
||||
# The bash script to use for install/upgrade operations
|
||||
# This is treated as a template during rendering
|
||||
install:
|
||||
# The bash script to use for delete operations
|
||||
delete:
|
||||
|
||||
# A list of extra volumes to contribute to the projected volume for the config
|
||||
# Because they are used in a projected volumes, only secrets and configmaps can be used
|
||||
extraVolumes: []
|
||||
|
||||
# A map of filename -> content of extra files to be made available
|
||||
extraFiles: {}
|
||||
|
||||
# Hook configuration
|
||||
# Each hook is an optional bash script that is executed at a particular point
|
||||
# The hook scripts are treated as templates during the rendering
|
||||
hooks:
|
||||
# This hook is executed before an install/upgrade operation
|
||||
preInstall:
|
||||
# This hook is executed after a successful install/upgrade operation
|
||||
postInstall:
|
||||
# This hook is executed before a delete operation
|
||||
preDelete:
|
||||
# This hook is executed after a successful delete operation
|
||||
postDelete:
|
||||
|
||||
# This is the number of retries for the job before it is considered failed
|
||||
# By default, it is set to a large number so that failures are infrequent
|
||||
backoffLimit: 1000
|
||||
# The maximum duration of the job in seconds
|
||||
# By default, a deadline of one hour is imposed
|
||||
# For no deadline, set to null
|
||||
activeDeadlineSeconds: 3600
|
||||
|
||||
# The pod security context for the job pods
|
||||
# By default, just ensure that we run as a non-root user
|
||||
podSecurityContext:
|
||||
runAsNonRoot: true
|
||||
|
||||
# The container security context for the job pod containers
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
|
||||
# Resources for the job pod containers
|
||||
resources: {}
|
||||
|
||||
# Indicates if the job pod should use the host network
|
||||
# This may be required for certain bootstrap resources, e.g. using a job inside a cluster
|
||||
# to install the CNI for that cluster
|
||||
hostNetwork: false
|
||||
|
||||
# Tolerations for job pods
|
||||
# For example, if using this chart to deploy bootstrap resources it may be necessary
|
||||
# to add tolerations that allow the job pods to be scheduled onto the control plane nodes
|
||||
tolerations: []
|
||||
|
||||
# Node selector for job pods
|
||||
# Can be used to target jobs onto specific nodes
|
||||
nodeSelector: {}
|
||||
|
||||
# Affinity rules for job pods
|
||||
affinity: {}
|
||||
@ -305,11 +305,12 @@ kustomize:
|
||||
kustomization: {}
|
||||
kustomizationTemplate:
|
||||
# A list of resources to watch to determine when the addon has installed
|
||||
# These should be resources that can be used with "kubectl rollout status"
|
||||
# E.g. "deployment/my-deployment" or "statefulset/my-statefulset"
|
||||
resources: []
|
||||
# The namespace on the target cluster to watch resources in
|
||||
resourceNamespace:
|
||||
watches: []
|
||||
# These should be of the form
|
||||
# - namespace: my-namespace
|
||||
# kind: Deployment
|
||||
# name: my-deployment
|
||||
# condition: Available
|
||||
# Options for a custom addon
|
||||
custom:
|
||||
# Script that installs the addon
|
||||
|
||||
@ -32,9 +32,10 @@ kustomize:
|
||||
{{- with .Values.openstack.ccm.kustomization }}
|
||||
kustomization: {{ toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
resourceNamespace: kube-system
|
||||
resources:
|
||||
- daemonset/openstack-cloud-controller-manager
|
||||
watches:
|
||||
- namespace: kube-system
|
||||
kind: DaemonSet
|
||||
name: openstack-cloud-controller-manager
|
||||
{{- end }}
|
||||
|
||||
{{-
|
||||
|
||||
@ -18,9 +18,10 @@ kustomize:
|
||||
{{- with .Values.cni.calico.kustomization }}
|
||||
kustomization: {{ toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
resourceNamespace: kube-system
|
||||
resources:
|
||||
- daemonset/calico-node
|
||||
watches:
|
||||
- namespace: kube-system
|
||||
kind: DaemonSet
|
||||
name: calico-node
|
||||
{{- end }}
|
||||
|
||||
{{-
|
||||
|
||||
@ -13,10 +13,13 @@ kustomize:
|
||||
{{- with .Values.openstack.csiCinder.kustomization }}
|
||||
kustomization: {{ toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
resourceNamespace: kube-system
|
||||
resources:
|
||||
- statefulset/csi-cinder-controllerplugin
|
||||
- daemonset/csi-cinder-nodeplugin
|
||||
watches:
|
||||
- namespace: kube-system
|
||||
kind: StatefulSet
|
||||
name: csi-cinder-controllerplugin
|
||||
- namespace: kube-system
|
||||
kind: Daemonset
|
||||
name: csi-cinder-nodeplugin
|
||||
{{- with .Values.openstack.csiCinder.storageClass }}
|
||||
{{- if .enabled }}
|
||||
extraFiles:
|
||||
|
||||
@ -10,9 +10,10 @@ kustomize:
|
||||
{{- with .Values.metricsServer.kustomization }}
|
||||
kustomization: {{ toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
resourceNamespace: kube-system
|
||||
resources:
|
||||
- deployment/metrics-server
|
||||
watches:
|
||||
- namespace: kube-system
|
||||
kind: Deployment
|
||||
name: metrics-server
|
||||
{{- end }}
|
||||
|
||||
{{-
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user