From 3468c3467de6cef68b16c4765f192a45ab540406 Mon Sep 17 00:00:00 2001 From: Pete Brown Date: Tue, 11 Sep 2018 15:04:10 -0400 Subject: [PATCH 1/4] Fix #17: Make RBAC resources unique and optional Problem: With the current Chart RBAC resource names are hard coded and not optional so it's impossible to deploy more than one instance in a namespace Solution: This uses the helper f5-bigip-ctlr.fullname as the name of each resource to it's unique. It also add variables to make the RBAc resources optional. You can also set the name of the service account to use so you can use it across all deploys. Testing (optional if not described in Solution section): Description of tests that were run to exercise the solutions (unit tests, system tests, etc) --- src/incubator/f5-bigip-ctlr/Chart.yaml | 7 ++++- .../f5-bigip-ctlr/templates/_helpers.tpl | 27 +++++++++++++++++++ .../templates/f5-bigip-ctlr-clusterrole.yaml | 6 +++-- .../f5-bigip-ctlr-clusterrolebinding.yaml | 12 +++++---- .../templates/f5-bigip-ctlr-deploy.yaml | 6 ++--- .../f5-bigip-ctlr-serviceaccount.yaml | 12 ++++++--- src/incubator/f5-bigip-ctlr/values.yaml | 15 ++++++++--- 7 files changed, 67 insertions(+), 18 deletions(-) diff --git a/src/incubator/f5-bigip-ctlr/Chart.yaml b/src/incubator/f5-bigip-ctlr/Chart.yaml index 7d76edc89..cc462d238 100644 --- a/src/incubator/f5-bigip-ctlr/Chart.yaml +++ b/src/incubator/f5-bigip-ctlr/Chart.yaml @@ -1,4 +1,9 @@ apiVersion: v1 description: Deploy the F5 Networks BIG-IP Controller for Kubernetes and OpenShift (k8s-bigip-ctlr). name: f5-bigip-ctlr -version: 0.0.4 +version: 0.1.0 +home: https://github.com/F5Networks/charts +keywords: + - f5-bigip +sources: + - https://clouddocs.f5.com/containers/v2/kubernetes/kctlr-k8s-ingress-ctlr.html diff --git a/src/incubator/f5-bigip-ctlr/templates/_helpers.tpl b/src/incubator/f5-bigip-ctlr/templates/_helpers.tpl index f5e1ca8c5..874352b75 100644 --- a/src/incubator/f5-bigip-ctlr/templates/_helpers.tpl +++ b/src/incubator/f5-bigip-ctlr/templates/_helpers.tpl @@ -9,8 +9,35 @@ Expand the name of the chart. {{/* Create a default fully qualified app name. We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. */}} {{- define "f5-bigip-ctlr.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} {{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} {{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "f5-bigip-ctlr.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create the name of the service account to use +*/}} +{{- define "cert-manager.serviceAccountName" -}} +{{- if .Values.serviceAccount.create -}} + {{ default (include "cert-manager.fullname" .) .Values.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.serviceAccount.name }} +{{- end -}} +{{- end -}} diff --git a/src/incubator/f5-bigip-ctlr/templates/f5-bigip-ctlr-clusterrole.yaml b/src/incubator/f5-bigip-ctlr/templates/f5-bigip-ctlr-clusterrole.yaml index 33d482593..aae22f577 100644 --- a/src/incubator/f5-bigip-ctlr/templates/f5-bigip-ctlr-clusterrole.yaml +++ b/src/incubator/f5-bigip-ctlr/templates/f5-bigip-ctlr-clusterrole.yaml @@ -1,10 +1,11 @@ +{{- if .Values.rbac.create -}} kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1beta1 metadata: - name: f5-bigip-ctlr-clusterrole + name: {{ template "f5-bigip-ctlr.fullname" . }} labels: app: {{ template "f5-bigip-ctlr.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + chart: {{ template "f5-bigip-ctlr.chart" . }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} rules: @@ -37,3 +38,4 @@ rules: - update - create - patch +{{- end -}} diff --git a/src/incubator/f5-bigip-ctlr/templates/f5-bigip-ctlr-clusterrolebinding.yaml b/src/incubator/f5-bigip-ctlr/templates/f5-bigip-ctlr-clusterrolebinding.yaml index 898aa1014..d5b567988 100644 --- a/src/incubator/f5-bigip-ctlr/templates/f5-bigip-ctlr-clusterrolebinding.yaml +++ b/src/incubator/f5-bigip-ctlr/templates/f5-bigip-ctlr-clusterrolebinding.yaml @@ -1,11 +1,12 @@ +{{- if .Values.rbac.create -}} kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1beta1 metadata: - name: f5-bigip-ctlr-clusterrolebinding - namespace: kube-system + name: {{ template "f5-bigip-ctlr.fullname" . }} + namespace: {{ .Release.Namespace | quote }} labels: app: {{ template "f5-bigip-ctlr.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + chart: {{ template "f5-bigip-ctlr.chart" . }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} roleRef: @@ -14,5 +15,6 @@ roleRef: name: f5-bigip-ctlr-clusterrole subjects: - kind: ServiceAccount - name: f5-bigip-ctlr-serviceaccount - namespace: kube-system + name: {{ template "f5-bigip-ctlr.serviceAccountName" . }} + namespace: {{ .Release.Namespace | quote }} +{{- end -}} diff --git a/src/incubator/f5-bigip-ctlr/templates/f5-bigip-ctlr-deploy.yaml b/src/incubator/f5-bigip-ctlr/templates/f5-bigip-ctlr-deploy.yaml index 3a8acba98..7d53f3a14 100644 --- a/src/incubator/f5-bigip-ctlr/templates/f5-bigip-ctlr-deploy.yaml +++ b/src/incubator/f5-bigip-ctlr/templates/f5-bigip-ctlr-deploy.yaml @@ -9,10 +9,10 @@ apiVersion: extensions/v1beta1 kind: Deployment metadata: name: {{ template "f5-bigip-ctlr.fullname" . }} - namespace: {{ .Values.namespace }} + namespace: {{ .Release.Namespace | quote }} labels: app: {{ template "f5-bigip-ctlr.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "-" }} + chart: {{ template "f5-bigip-ctlr.chart" . }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} spec: @@ -23,7 +23,7 @@ spec: app: {{ template "f5-bigip-ctlr.name" . }} release: {{ .Release.Name }} spec: - serviceAccountName: {{ .Values.serviceaccount }} + serviceAccountName: {{ template "f5-bigip-ctlr.serviceAccountName" . }} {{- if .Values.image.pullSecrets }} imagePullSecrets: {{- range $pullSecret := .Values.image.pullSecrets }} diff --git a/src/incubator/f5-bigip-ctlr/templates/f5-bigip-ctlr-serviceaccount.yaml b/src/incubator/f5-bigip-ctlr/templates/f5-bigip-ctlr-serviceaccount.yaml index 5c9e869e7..52112bb18 100644 --- a/src/incubator/f5-bigip-ctlr/templates/f5-bigip-ctlr-serviceaccount.yaml +++ b/src/incubator/f5-bigip-ctlr/templates/f5-bigip-ctlr-serviceaccount.yaml @@ -1,10 +1,14 @@ +{{- if .Values.rbac.create -}} +{{- if .Values.serviceAccount.create -}} apiVersion: v1 kind: ServiceAccount metadata: - name: f5-bigip-ctlr-serviceaccount - namespace: kube-system + name: {{ template "f5-bigip-ctlr.fullname" . }} + namespace: {{ .Release.Namespace | quote }} labels: app: {{ template "f5-bigip-ctlr.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + chart: {{ template "f5-bigip-ctlr.chart" . }} release: {{ .Release.Name }} - heritage: {{ .Release.Service }} + heritage: {{ .Release.Service }} +{{- end -}} +{{- end -}} diff --git a/src/incubator/f5-bigip-ctlr/values.yaml b/src/incubator/f5-bigip-ctlr/values.yaml index f888276cd..d24828bcd 100644 --- a/src/incubator/f5-bigip-ctlr/values.yaml +++ b/src/incubator/f5-bigip-ctlr/values.yaml @@ -6,9 +6,18 @@ # To create a secret using kubectl see # http://clouddocs.f5.com/containers/latest/kubernetes/kctlr-secrets.html#secret-bigip-login bigip_login_secret: f5-bigip-ctlr-login -serviceaccount: f5-bigip-ctlr-serviceaccount -# This namespace is where the Controller lives; -namespace: kube-system + +rbac: + # Specifies whether RBAC resources should be created + create: true + +serviceAccount: + # Specifies whether a service account should be created + create: true + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: + args: # See http://clouddocs.f5.com/products/connectors/k8s-bigip-ctlr/latest/#controller-configuration-parameters # NOTE: helm has difficulty with values using `-`; `_` are used for naming From 0d562c8a45da37348ef081635d44f0c3282f270c Mon Sep 17 00:00:00 2001 From: Pete Brown Date: Wed, 12 Sep 2018 14:02:29 -0400 Subject: [PATCH 2/4] Fix name of ServiceAccount --- src/incubator/f5-bigip-ctlr/templates/_helpers.tpl | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/incubator/f5-bigip-ctlr/templates/_helpers.tpl b/src/incubator/f5-bigip-ctlr/templates/_helpers.tpl index 874352b75..7b18eb30e 100644 --- a/src/incubator/f5-bigip-ctlr/templates/_helpers.tpl +++ b/src/incubator/f5-bigip-ctlr/templates/_helpers.tpl @@ -34,9 +34,9 @@ Create chart name and version as used by the chart label. {{/* Create the name of the service account to use */}} -{{- define "cert-manager.serviceAccountName" -}} +{{- define "f5-bigip-ctlr.serviceAccountName" -}} {{- if .Values.serviceAccount.create -}} - {{ default (include "cert-manager.fullname" .) .Values.serviceAccount.name }} + {{ default (include "f5-bigip-ctlr.fullname" .) .Values.serviceAccount.name }} {{- else -}} {{ default "default" .Values.serviceAccount.name }} {{- end -}} From 8dfae0c017a4369aba034895d17f8c0db6163841 Mon Sep 17 00:00:00 2001 From: Pete Brown Date: Wed, 12 Sep 2018 14:39:22 -0400 Subject: [PATCH 3/4] Remove namespace from resources. Fix name of ClusterRole in ClusterRoleBinding --- .../templates/f5-bigip-ctlr-clusterrolebinding.yaml | 3 +-- .../f5-bigip-ctlr/templates/f5-bigip-ctlr-deploy.yaml | 1 - .../f5-bigip-ctlr/templates/f5-bigip-ctlr-serviceaccount.yaml | 1 - 3 files changed, 1 insertion(+), 4 deletions(-) diff --git a/src/incubator/f5-bigip-ctlr/templates/f5-bigip-ctlr-clusterrolebinding.yaml b/src/incubator/f5-bigip-ctlr/templates/f5-bigip-ctlr-clusterrolebinding.yaml index d5b567988..bc5e19a41 100644 --- a/src/incubator/f5-bigip-ctlr/templates/f5-bigip-ctlr-clusterrolebinding.yaml +++ b/src/incubator/f5-bigip-ctlr/templates/f5-bigip-ctlr-clusterrolebinding.yaml @@ -3,7 +3,6 @@ kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1beta1 metadata: name: {{ template "f5-bigip-ctlr.fullname" . }} - namespace: {{ .Release.Namespace | quote }} labels: app: {{ template "f5-bigip-ctlr.name" . }} chart: {{ template "f5-bigip-ctlr.chart" . }} @@ -12,7 +11,7 @@ metadata: roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole - name: f5-bigip-ctlr-clusterrole + name: {{ template "f5-bigip-ctlr.fullname" . }} subjects: - kind: ServiceAccount name: {{ template "f5-bigip-ctlr.serviceAccountName" . }} diff --git a/src/incubator/f5-bigip-ctlr/templates/f5-bigip-ctlr-deploy.yaml b/src/incubator/f5-bigip-ctlr/templates/f5-bigip-ctlr-deploy.yaml index 7d53f3a14..109298600 100644 --- a/src/incubator/f5-bigip-ctlr/templates/f5-bigip-ctlr-deploy.yaml +++ b/src/incubator/f5-bigip-ctlr/templates/f5-bigip-ctlr-deploy.yaml @@ -9,7 +9,6 @@ apiVersion: extensions/v1beta1 kind: Deployment metadata: name: {{ template "f5-bigip-ctlr.fullname" . }} - namespace: {{ .Release.Namespace | quote }} labels: app: {{ template "f5-bigip-ctlr.name" . }} chart: {{ template "f5-bigip-ctlr.chart" . }} diff --git a/src/incubator/f5-bigip-ctlr/templates/f5-bigip-ctlr-serviceaccount.yaml b/src/incubator/f5-bigip-ctlr/templates/f5-bigip-ctlr-serviceaccount.yaml index 52112bb18..82cf570a9 100644 --- a/src/incubator/f5-bigip-ctlr/templates/f5-bigip-ctlr-serviceaccount.yaml +++ b/src/incubator/f5-bigip-ctlr/templates/f5-bigip-ctlr-serviceaccount.yaml @@ -4,7 +4,6 @@ apiVersion: v1 kind: ServiceAccount metadata: name: {{ template "f5-bigip-ctlr.fullname" . }} - namespace: {{ .Release.Namespace | quote }} labels: app: {{ template "f5-bigip-ctlr.name" . }} chart: {{ template "f5-bigip-ctlr.chart" . }} From 03cc231ac40f8350fc4291b96da773b5cebd7cf4 Mon Sep 17 00:00:00 2001 From: Pete Brown Date: Mon, 12 Nov 2018 07:47:54 -0500 Subject: [PATCH 4/4] Set version to 0.0.5 --- src/incubator/f5-bigip-ctlr/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/incubator/f5-bigip-ctlr/Chart.yaml b/src/incubator/f5-bigip-ctlr/Chart.yaml index cc462d238..18493bc9e 100644 --- a/src/incubator/f5-bigip-ctlr/Chart.yaml +++ b/src/incubator/f5-bigip-ctlr/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v1 description: Deploy the F5 Networks BIG-IP Controller for Kubernetes and OpenShift (k8s-bigip-ctlr). name: f5-bigip-ctlr -version: 0.1.0 +version: 0.0.5 home: https://github.com/F5Networks/charts keywords: - f5-bigip