diff --git a/.ci/publish-helm-charts b/.ci/publish-helm-charts index 26a5f8e8a..e0aae5888 100755 --- a/.ci/publish-helm-charts +++ b/.ci/publish-helm-charts @@ -16,3 +16,15 @@ ${SOURCE_PATH}/hack/update-helm-chart-version.sh $SOURCE_PATH/hack/create-helm-chart.sh ${CHART_REPO} charts/landscaper-service $SOURCE_PATH/hack/create-helm-chart.sh ${CHART_REPO} charts/landscaper-service-target-shoot-sidecar-server $SOURCE_PATH/hack/create-helm-chart.sh ${CHART_REPO} charts/sidecar-rbac + +CHART_REPO="eu.gcr.io/gardener-project/landscaper-service/charts/landscaper-instance/resource-cluster" + +$SOURCE_PATH/hack/create-helm-chart.sh ${CHART_REPO} charts/landscaper-instance/resource-cluster/landscaper +$SOURCE_PATH/hack/create-helm-chart.sh ${CHART_REPO} charts/landscaper-instance/resource-cluster/deployer + +CHART_REPO="eu.gcr.io/gardener-project/landscaper-service/charts/landscaper-instance/target-cluster" + +$SOURCE_PATH/hack/create-helm-chart.sh ${CHART_REPO} charts/landscaper-instance/target-cluster/landscaper +$SOURCE_PATH/hack/create-helm-chart.sh ${CHART_REPO} charts/landscaper-instance/target-cluster/helm-deployer +$SOURCE_PATH/hack/create-helm-chart.sh ${CHART_REPO} charts/landscaper-instance/target-cluster/manifest-deployer +$SOURCE_PATH/hack/create-helm-chart.sh ${CHART_REPO} charts/landscaper-instance/target-cluster/container-deployer diff --git a/.landscaper/landscaper-instance/blueprint/installation/landscaper-deployment-subinst.yaml b/.landscaper/landscaper-instance/blueprint/installation/landscaper-deployment-subinst.yaml index 0da7295ce..36f4d00d8 100644 --- a/.landscaper/landscaper-instance/blueprint/installation/landscaper-deployment-subinst.yaml +++ b/.landscaper/landscaper-instance/blueprint/installation/landscaper-deployment-subinst.yaml @@ -19,6 +19,8 @@ imports: dataRef: landscaperControllerKubeconfigYaml - name: landscaperWebhooksKubeconfigYaml dataRef: landscaperWebhooksKubeconfigYaml + - name: landscaperDeployerKubeconfigYaml + dataRef: landscaperDeployerKubeconfigYaml - name: registryConfig dataRef: registryConfig - name: landscaperConfig diff --git a/.landscaper/landscaper-instance/blueprint/installation/landscaper-rbac-subinst.yaml b/.landscaper/landscaper-instance/blueprint/installation/landscaper-rbac-subinst.yaml index 6e78b48e1..c75342508 100644 --- a/.landscaper/landscaper-instance/blueprint/installation/landscaper-rbac-subinst.yaml +++ b/.landscaper/landscaper-instance/blueprint/installation/landscaper-rbac-subinst.yaml @@ -28,3 +28,5 @@ exports: dataRef: landscaperWebhooksKubeconfigYaml - name: landscaperUserKubeconfigYaml dataRef: landscaperUserKubeconfigYaml + - name: landscaperDeployerKubeconfigYaml + dataRef: landscaperDeployerKubeconfigYaml diff --git a/.landscaper/landscaper-instance/blueprint/landscaper/blueprint.yaml b/.landscaper/landscaper-instance/blueprint/landscaper/blueprint.yaml index 30aa2e2a0..478625ca9 100644 --- a/.landscaper/landscaper-instance/blueprint/landscaper/blueprint.yaml +++ b/.landscaper/landscaper-instance/blueprint/landscaper/blueprint.yaml @@ -30,6 +30,12 @@ imports: schema: type: string + - name: landscaperDeployerKubeconfigYaml + required: true + type: data + schema: + type: string + - name: registryConfig type: data schema: diff --git a/.landscaper/landscaper-instance/blueprint/landscaper/deploy-execution.yaml b/.landscaper/landscaper-instance/blueprint/landscaper/deploy-execution.yaml index d9f40b7eb..1bb5e9f80 100644 --- a/.landscaper/landscaper-instance/blueprint/landscaper/deploy-execution.yaml +++ b/.landscaper/landscaper-instance/blueprint/landscaper/deploy-execution.yaml @@ -30,15 +30,16 @@ deployItems: operator: exists chart: - {{ $resource := getResource $landscaperComponent "name" "landscaper-controller-deployment-chart" }} + {{ $resource := getResource .cd "name" "landscaper-instance-target-cluster-landscaper" }} ref: {{ $resource.access.imageReference }} values: - nameOverride: landscaper-{{ .imports.hostingClusterNamespace }} - fullnameOverride: landscaper-{{ .imports.hostingClusterNamespace }} - landscaper: - verbosity: {{ .imports.landscaperConfig.landscaper.verbosity | default "info" }} + name: landscaper-{{ .imports.hostingClusterNamespace }} + + {{- if (dig "landscaperConfig" "landscaper" "verbosity" false .imports) }} + verbosity: {{ .imports.landscaperConfig.landscaper.verbosity }} + {{- end }} {{- if (dig "landscaperConfig" "landscaper" "controllers" false .imports) }} controllers: @@ -49,22 +50,13 @@ deployItems: deployCrd: true forceUpdate: true registryConfig: -{{ toYaml .imports.registryConfig | indent 12 }} + {{- toYaml .imports.registryConfig | nindent 12 }} {{- if (dig "landscaperConfig" "landscaper" "k8sClientSettings" false .imports) }} k8sClientSettings: {{- toYaml .imports.landscaperConfig.landscaper.k8sClientSettings | nindent 12 }} {{- end }} - deployers: [] - - deployerManagement: - disable: true - agent: - disable: true - - deployersConfig: {} - {{- if (dig "landscaperConfig" "landscaper" "deployItemTimeouts" false .imports) }} deployItemTimeouts: {{- toYaml .imports.landscaperConfig.landscaper.deployItemTimeouts | nindent 12 }} @@ -75,26 +67,25 @@ deployItems: additionalDeployments: deployments: - laas-{{ .imports.hostingClusterNamespace }}-shoot-sidecar -{{ if has "helm" .imports.landscaperConfig.deployers }} + {{- if has "helm" .imports.landscaperConfig.deployers }} - helm-{{ .imports.hostingClusterNamespace }}-helm-deployer -{{ end }} -{{ if has "manifest" .imports.landscaperConfig.deployers }} + {{- end }} + {{- if has "manifest" .imports.landscaperConfig.deployers }} - manifest-{{ .imports.hostingClusterNamespace }}-manifest-deployer -{{ end }} -{{ if has "container" .imports.landscaperConfig.deployers }} + {{- end }} + {{- if has "container" .imports.landscaperConfig.deployers }} - container-{{ .imports.hostingClusterNamespace }}-container-deployer -{{ end }} - - image: {} + {{- end }} controller: - name: landscaper-controller - - landscaperKubeconfig: + resourceCluster: kubeconfig: | -{{ .imports.landscaperControllerKubeconfigYaml | indent 14 }} + {{- .imports.landscaperControllerKubeconfigYaml | nindent 14 }} - replicaCount: {{ .imports.landscaperConfig.landscaper.replicas | default 1 }} + {{- if (dig "landscaperConfig" "resources" false .imports) }} + resources: + {{- toYaml .imports.landscaperConfig.resources | nindent 12 }} + {{- end }} {{ $landscaperImgresource := getResource $landscaperComponent "name" "landscaper-controller" }} {{ $landscaperImgrepo := ociRefRepo $landscaperImgresource.access.imageReference }} @@ -104,14 +95,48 @@ deployItems: tag: {{ $landscaperImgtag }} pullPolicy: IfNotPresent + main: + {{- if (dig "landscaperConfig" "landscaper" "replicas" false .imports) }} + replicaCount: {{ .imports.landscaperConfig.landscaper.replicas }} + {{- end }} + + {{- if (dig "landscaperConfig" "resourcesMain" false .imports) }} + resources: + {{- toYaml .imports.landscaperConfig.resourcesMain | nindent 14 }} + {{- end }} + + {{- if (dig "landscaperConfig" "hpaMain" false .imports) }} + hpa: + {{- if (dig "landscaperConfig" "hpaMain" "maxReplicas" false .imports) }} + maxReplicas: {{ .imports.landscaperConfig.hpaMain.maxReplicas }} + {{- end }} + {{- if (dig "landscaperConfig" "hpaMain" "averageCpuUtilization" false .imports) }} + averageCpuUtilization: {{ .imports.landscaperConfig.hpaMain.averageCpuUtilization }} + {{- end }} + {{- if (dig "landscaperConfig" "hpaMain" "averageMemoryUtilization" false .imports) }} + averageMemoryUtilization: {{ .imports.landscaperConfig.hpaMain.averageMemoryUtilization }} + {{- end }} + {{- end }} + webhooksServer: - name: landscaper-webhooks + certificatesNamespace: {{ .imports.targetClusterNamespace }} - landscaperKubeconfig: + resourceCluster: kubeconfig: | -{{ .imports.landscaperWebhooksKubeconfigYaml | indent 14}} + {{- .imports.landscaperWebhooksKubeconfigYaml | nindent 14}} + + {{- if (dig "landscaperConfig" "webhooksServer" "replicas" false .imports) }} + replicaCount: {{ .imports.landscaperConfig.webhooksServer.replicas }} + {{- end }} - replicaCount: {{ .imports.landscaperConfig.webhooksServer.replicas | default 1 }} + service: + type: ClusterIP + {{- if (dig "landscaperConfig" "webhooksServer" "servicePort" false .imports) }} + port: {{ .imports.landscaperConfig.webhooksServer.servicePort }} + {{- end }} + + ingress: + host: {{ .imports.webhooksHostName }} {{ $webhooksImgresource := getResource $landscaperComponent "name" "landscaper-webhooks-server" }} {{ $webhooksImgrepo := ociRefRepo $webhooksImgresource.access.imageReference }} @@ -121,70 +146,6 @@ deployItems: tag: {{ $webhooksImgtag }} pullPolicy: IfNotPresent - servicePort: {{ .imports.landscaperConfig.webhooksServer.servicePort | default 9443 }} - disableWebhooks: [] - certificatesNamespace: {{ .imports.targetClusterNamespace }} - - ingress: - host: {{ .imports.webhooksHostName }} - className: nginx - dns: - class: garden - - {{- if (dig "landscaperConfig" "webhooksServer" "resources" false .imports) }} - resources: - {{- toYaml .imports.landscaperConfig.webhooksServer.resources | nindent 12 }} - {{- end }} - - {{- if (dig "landscaperConfig" "webhooksServer" "hpa" false .imports) }} - hpa: - {{- if (dig "landscaperConfig" "webhooksServer" "hpa" "maxReplicas" false .imports) }} - maxReplicas: {{ .imports.landscaperConfig.webhooksServer.hpa.maxReplicas }} - {{- end }} - {{- if (dig "landscaperConfig" "webhooksServer" "hpa" "averageCpuUtilization" false .imports) }} - averageCpuUtilization: {{ .imports.landscaperConfig.webhooksServer.hpa.averageCpuUtilization }} - {{- end }} - {{- if (dig "landscaperConfig" "webhooksServer" "hpa" "averageMemoryUtilization" false .imports) }} - averageMemoryUtilization: {{ .imports.landscaperConfig.webhooksServer.hpa.averageMemoryUtilization }} - {{- end }} - {{- end }} - - service: - type: ClusterIP - port: 80 - - global: - serviceAccount: - controller: - create: true - annotations: {} - name: landscaper-{{ .imports.hostingClusterNamespace }} - webhooksServer: - name: landscaper-webhooks - - {{- if (dig "landscaperConfig" "resources" false .imports) }} - resources: - {{- toYaml .imports.landscaperConfig.resources | nindent 10 }} - {{- end }} - - {{- if (dig "landscaperConfig" "resourcesMain" false .imports) }} - resourcesMain: - {{- toYaml .imports.landscaperConfig.resourcesMain | nindent 10 }} - {{- end }} - - {{- if (dig "landscaperConfig" "hpaMain" false .imports) }} - hpaMain: - {{- if (dig "landscaperConfig" "hpaMain" "maxReplicas" false .imports) }} - maxReplicas: {{ .imports.landscaperConfig.hpaMain.maxReplicas }} - {{- end }} - {{- if (dig "landscaperConfig" "hpaMain" "averageCpuUtilization" false .imports) }} - averageCpuUtilization: {{ .imports.landscaperConfig.hpaMain.averageCpuUtilization }} - {{- end }} - {{- if (dig "landscaperConfig" "hpaMain" "averageMemoryUtilization" false .imports) }} - averageMemoryUtilization: {{ .imports.landscaperConfig.hpaMain.averageMemoryUtilization }} - {{- end }} - {{- end }} - {{ if has "helm" .imports.landscaperConfig.deployers }} - name: helm-deployer type: landscaper.gardener.cloud/helm @@ -206,56 +167,58 @@ deployItems: disableDefault: false chart: - {{ $helmDeployerComponent := getComponent $landscaperComponent "name" "helm-deployer" }} - {{ $helmDeployerChart := getResource $helmDeployerComponent "name" "helm-deployer-chart" }} + {{ $helmDeployerChart := getResource .cd "name" "landscaper-instance-target-cluster-helm-deployer" }} ref: {{ $helmDeployerChart.access.imageReference }} values: - nameOverride: helm-deployer - fullnameOverride: helm-{{ .imports.hostingClusterNamespace }}-helm-deployer + deployer: + name: helm-{{ .imports.hostingClusterNamespace }}-helm-deployer + identity: helm-{{ .imports.hostingClusterNamespace }} - identity: helm-{{ .imports.hostingClusterNamespace }} + {{- if (dig "landscaperConfig" "landscaper" "verbosity" false .imports) }} + verbosity: {{ .imports.landscaperConfig.landscaper.verbosity }} + {{- end }} + + resourceCluster: + kubeconfig: | + {{- .imports.landscaperControllerKubeconfigYaml | nindent 14 }} - deployer: - verbosityLevel: {{ .imports.landscaperConfig.landscaper.verbosity | default "info" }} {{- if (dig "landscaperConfig" "deployersConfig" "helm" "deployer" "controller" false .imports) }} controller: {{- toYaml .imports.landscaperConfig.deployersConfig.helm.deployer.controller | nindent 12 }} {{- end }} - landscaperClusterKubeconfig: - kubeconfig: | -{{ .imports.landscaperControllerKubeconfigYaml | indent 14 }} {{- if (dig "landscaperConfig" "deployersConfig" "helm" "deployer" "k8sClientSettings" false .imports) }} k8sClientSettings: {{- toYaml .imports.landscaperConfig.deployersConfig.helm.deployer.k8sClientSettings | nindent 12 }} {{- end }} - image: - {{ $image := getResource $helmDeployerComponent "name" "helm-deployer-image" }} - {{ $imageRepo := ociRefRepo $image.access.imageReference }} - {{ $imageTag := ociRefVersion $image.access.imageReference }} - repository: {{ $imageRepo }} - tag: {{ $imageTag }} - pullPolicy: IfNotPresent - - {{- if (dig "landscaperConfig" "deployersConfig" "helm" "resources" false .imports) }} - resources: - {{- toYaml .imports.landscaperConfig.deployersConfig.helm.resources | nindent 10 }} - {{- end }} - - {{- if (dig "landscaperConfig" "deployersConfig" "helm" "hpa" false .imports) }} - hpa: - {{- if (dig "landscaperConfig" "deployersConfig" "helm" "hpa" "maxReplicas" false .imports) }} - maxReplicas: {{ .imports.landscaperConfig.deployersConfig.helm.hpa.maxReplicas }} - {{- end }} - {{- if (dig "landscaperConfig" "deployersConfig" "helm" "hpa" "averageCpuUtilization" false .imports) }} - averageCpuUtilization: {{ .imports.landscaperConfig.deployersConfig.helm.hpa.averageCpuUtilization }} + {{- if (dig "landscaperConfig" "deployersConfig" "helm" "hpa" false .imports) }} + hpa: + {{- if (dig "landscaperConfig" "deployersConfig" "helm" "hpa" "maxReplicas" false .imports) }} + maxReplicas: {{ .imports.landscaperConfig.deployersConfig.helm.hpa.maxReplicas }} + {{- end }} + {{- if (dig "landscaperConfig" "deployersConfig" "helm" "hpa" "averageCpuUtilization" false .imports) }} + averageCpuUtilization: {{ .imports.landscaperConfig.deployersConfig.helm.hpa.averageCpuUtilization }} + {{- end }} + {{- if (dig "landscaperConfig" "deployersConfig" "helm" "hpa" "averageMemoryUtilization" false .imports) }} + averageMemoryUtilization: {{ .imports.landscaperConfig.deployersConfig.helm.hpa.averageMemoryUtilization }} + {{- end }} {{- end }} - {{- if (dig "landscaperConfig" "deployersConfig" "helm" "hpa" "averageMemoryUtilization" false .imports) }} - averageMemoryUtilization: {{ .imports.landscaperConfig.deployersConfig.helm.hpa.averageMemoryUtilization }} + + {{- if (dig "landscaperConfig" "deployersConfig" "helm" "resources" false .imports) }} + resources: + {{- toYaml .imports.landscaperConfig.deployersConfig.helm.resources | nindent 10 }} {{- end }} - {{- end }} + + image: + {{ $helmDeployerComponent := getComponent $landscaperComponent "name" "helm-deployer" }} + {{ $image := getResource $helmDeployerComponent "name" "helm-deployer-image" }} + {{ $imageRepo := ociRefRepo $image.access.imageReference }} + {{ $imageTag := ociRefVersion $image.access.imageReference }} + repository: {{ $imageRepo }} + tag: {{ $imageTag }} + pullPolicy: IfNotPresent {{ end }} {{ if has "manifest" .imports.landscaperConfig.deployers }} @@ -279,56 +242,58 @@ deployItems: disableDefault: false chart: - {{ $manifestDeployerComponent := getComponent $landscaperComponent "name" "manifest-deployer" }} - {{ $manifestDeployerChart := getResource $manifestDeployerComponent "name" "manifest-deployer-chart" }} + {{ $manifestDeployerChart := getResource .cd "name" "landscaper-instance-target-cluster-manifest-deployer" }} ref: {{ $manifestDeployerChart.access.imageReference }} values: - nameOverride: manifest-deployer - fullnameOverride: manifest-{{ .imports.hostingClusterNamespace }}-manifest-deployer + deployer: + name: manifest-{{ .imports.hostingClusterNamespace }}-manifest-deployer + identity: manifest-{{ .imports.hostingClusterNamespace }} + + {{- if (dig "landscaperConfig" "landscaper" "verbosity" false .imports) }} + verbosity: {{ .imports.landscaperConfig.landscaper.verbosity }} + {{- end }} - identity: manifest-{{ .imports.hostingClusterNamespace }} + resourceCluster: + kubeconfig: | + {{- .imports.landscaperControllerKubeconfigYaml | nindent 14 }} - deployer: - verbosityLevel: {{ .imports.landscaperConfig.landscaper.verbosity | default "info" }} {{- if (dig "landscaperConfig" "deployersConfig" "manifest" "deployer" "controller" false .imports) }} controller: {{- toYaml .imports.landscaperConfig.deployersConfig.manifest.deployer.controller | nindent 12 }} {{- end }} - landscaperClusterKubeconfig: - kubeconfig: | -{{ .imports.landscaperControllerKubeconfigYaml | indent 14 }} {{- if (dig "landscaperConfig" "deployersConfig" "manifest" "deployer" "k8sClientSettings" false .imports) }} k8sClientSettings: {{- toYaml .imports.landscaperConfig.deployersConfig.manifest.deployer.k8sClientSettings | nindent 12 }} {{- end }} - image: - {{ $image := getResource $manifestDeployerComponent "name" "manifest-deployer-image" }} - {{ $imageRepo := ociRefRepo $image.access.imageReference }} - {{ $imageTag := ociRefVersion $image.access.imageReference }} - repository: {{ $imageRepo }} - tag: {{ $imageTag }} - pullPolicy: IfNotPresent - - {{- if (dig "landscaperConfig" "deployersConfig" "manifest" "resources" false .imports) }} - resources: - {{- toYaml .imports.landscaperConfig.deployersConfig.manifest.resources | nindent 10 }} - {{- end }} - - {{- if (dig "landscaperConfig" "deployersConfig" "manifest" "hpa" false .imports) }} - hpa: - {{- if (dig "landscaperConfig" "deployersConfig" "manifest" "hpa" "maxReplicas" false .imports) }} - maxReplicas: {{ .imports.landscaperConfig.deployersConfig.manifest.hpa.maxReplicas }} - {{- end }} - {{- if (dig "landscaperConfig" "deployersConfig" "manifest" "hpa" "averageCpuUtilization" false .imports) }} - averageCpuUtilization: {{ .imports.landscaperConfig.deployersConfig.manifest.hpa.averageCpuUtilization }} + {{- if (dig "landscaperConfig" "deployersConfig" "manifest" "hpa" false .imports) }} + hpa: + {{- if (dig "landscaperConfig" "deployersConfig" "manifest" "hpa" "maxReplicas" false .imports) }} + maxReplicas: {{ .imports.landscaperConfig.deployersConfig.manifest.hpa.maxReplicas }} + {{- end }} + {{- if (dig "landscaperConfig" "deployersConfig" "manifest" "hpa" "averageCpuUtilization" false .imports) }} + averageCpuUtilization: {{ .imports.landscaperConfig.deployersConfig.manifest.hpa.averageCpuUtilization }} + {{- end }} + {{- if (dig "landscaperConfig" "deployersConfig" "manifest" "hpa" "averageMemoryUtilization" false .imports) }} + averageMemoryUtilization: {{ .imports.landscaperConfig.deployersConfig.manifest.hpa.averageMemoryUtilization }} + {{- end }} {{- end }} - {{- if (dig "landscaperConfig" "deployersConfig" "manifest" "hpa" "averageMemoryUtilization" false .imports) }} - averageMemoryUtilization: {{ .imports.landscaperConfig.deployersConfig.manifest.hpa.averageMemoryUtilization }} + + {{- if (dig "landscaperConfig" "deployersConfig" "manifest" "resources" false .imports) }} + resources: + {{- toYaml .imports.landscaperConfig.deployersConfig.manifest.resources | nindent 10 }} {{- end }} - {{- end }} + + image: + {{ $manifestDeployerComponent := getComponent $landscaperComponent "name" "manifest-deployer" }} + {{ $image := getResource $manifestDeployerComponent "name" "manifest-deployer-image" }} + {{ $imageRepo := ociRefRepo $image.access.imageReference }} + {{ $imageTag := ociRefVersion $image.access.imageReference }} + repository: {{ $imageRepo }} + tag: {{ $imageTag }} + pullPolicy: IfNotPresent {{ end }} {{ if has "container" .imports.landscaperConfig.deployers }} @@ -352,54 +317,71 @@ deployItems: disableDefault: false chart: - {{ $containerDeployerComponent := getComponent $landscaperComponent "name" "container-deployer" }} - {{ $containerDeployerChart := getResource $containerDeployerComponent "name" "container-deployer-chart" }} + {{ $containerDeployerChart := getResource .cd "name" "landscaper-instance-target-cluster-container-deployer" }} ref: {{ $containerDeployerChart.access.imageReference }} values: - nameOverride: container-deployer - fullnameOverride: container-{{ .imports.hostingClusterNamespace }}-container-deployer + deployer: + name: container-{{ .imports.hostingClusterNamespace }}-container-deployer + identity: container-{{ .imports.hostingClusterNamespace }} - identity: container-{{ .imports.hostingClusterNamespace }} + {{- if (dig "landscaperConfig" "landscaper" "verbosity" false .imports) }} + verbosity: {{ .imports.landscaperConfig.landscaper.verbosity }} + {{- end }} + + resourceCluster: + kubeconfig: | + {{- .imports.landscaperControllerKubeconfigYaml | nindent 14 }} - deployer: - verbosityLevel: {{ .imports.landscaperConfig.landscaper.verbosity | default "info" }} {{- if (dig "landscaperConfig" "deployersConfig" "container" "deployer" "controller" false .imports) }} controller: {{- toYaml .imports.landscaperConfig.deployersConfig.container.deployer.controller | nindent 12 }} {{- end }} - landscaperClusterKubeconfig: - kubeconfig: | -{{ .imports.landscaperControllerKubeconfigYaml | indent 14 }} {{- if (dig "landscaperConfig" "deployersConfig" "container" "deployer" "k8sClientSettings" false .imports) }} k8sClientSettings: {{- toYaml .imports.landscaperConfig.deployersConfig.container.deployer.k8sClientSettings | nindent 12 }} {{- end }} - image: - {{ $image := getResource $containerDeployerComponent "name" "container-deployer-image" }} - {{ $imageRepo := ociRefRepo $image.access.imageReference }} - {{ $imageTag := ociRefVersion $image.access.imageReference }} - repository: {{ $imageRepo }} - tag: {{ $imageTag }} - pullPolicy: IfNotPresent - - {{- if (dig "landscaperConfig" "deployersConfig" "container" "resources" false .imports) }} - resources: - {{- toYaml .imports.landscaperConfig.deployersConfig.container.resources | nindent 10 }} - {{- end }} - - {{- if (dig "landscaperConfig" "deployersConfig" "container" "hpa" false .imports) }} - hpa: - {{- if (dig "landscaperConfig" "deployersConfig" "container" "hpa" "maxReplicas" false .imports) }} - maxReplicas: {{ .imports.landscaperConfig.deployersConfig.container.hpa.maxReplicas }} - {{- end }} - {{- if (dig "landscaperConfig" "deployersConfig" "container" "hpa" "averageCpuUtilization" false .imports) }} - averageCpuUtilization: {{ .imports.landscaperConfig.deployersConfig.container.hpa.averageCpuUtilization }} + {{- if (dig "landscaperConfig" "deployersConfig" "container" "hpa" false .imports) }} + hpa: + {{- if (dig "landscaperConfig" "deployersConfig" "container" "hpa" "maxReplicas" false .imports) }} + maxReplicas: {{ .imports.landscaperConfig.deployersConfig.container.hpa.maxReplicas }} + {{- end }} + {{- if (dig "landscaperConfig" "deployersConfig" "container" "hpa" "averageCpuUtilization" false .imports) }} + averageCpuUtilization: {{ .imports.landscaperConfig.deployersConfig.manifest.hpa.averageCpuUtilization }} + {{- end }} + {{- if (dig "landscaperConfig" "deployersConfig" "container" "hpa" "averageMemoryUtilization" false .imports) }} + averageMemoryUtilization: {{ .imports.landscaperConfig.deployersConfig.manifest.hpa.averageMemoryUtilization }} + {{- end }} {{- end }} - {{- if (dig "landscaperConfig" "deployersConfig" "container" "hpa" "averageMemoryUtilization" false .imports) }} - averageMemoryUtilization: {{ .imports.landscaperConfig.deployersConfig.container.hpa.averageMemoryUtilization }} + + {{- if (dig "landscaperConfig" "deployersConfig" "container" "resources" false .imports) }} + resources: + {{- toYaml .imports.landscaperConfig.deployersConfig.container.resources | nindent 10 }} {{- end }} - {{- end }} + + image: + {{ $containerDeployerComponent := getComponent $landscaperComponent "name" "container-deployer" }} + controller: + {{ $image := getResource $containerDeployerComponent "name" "container-deployer-image" }} + {{ $imageRepo := ociRefRepo $image.access.imageReference }} + {{ $imageTag := ociRefVersion $image.access.imageReference }} + repository: {{ $imageRepo }} + tag: {{ $imageTag }} + pullPolicy: IfNotPresent + + initContainer: + {{ $image := getResource $containerDeployerComponent "name" "container-init-image" }} + {{ $imageRepo := ociRefRepo $image.access.imageReference }} + {{ $imageTag := ociRefVersion $image.access.imageReference }} + repository: {{ $imageRepo }} + tag: {{ $imageTag }} + + waitContainer: + {{ $image := getResource $containerDeployerComponent "name" "container-wait-image" }} + {{ $imageRepo := ociRefRepo $image.access.imageReference }} + {{ $imageTag := ociRefVersion $image.access.imageReference }} + repository: {{ $imageRepo }} + tag: {{ $imageTag }} {{ end }} diff --git a/.landscaper/landscaper-instance/blueprint/rbac/blueprint.yaml b/.landscaper/landscaper-instance/blueprint/rbac/blueprint.yaml index 37ec5a7a4..93e3629de 100644 --- a/.landscaper/landscaper-instance/blueprint/rbac/blueprint.yaml +++ b/.landscaper/landscaper-instance/blueprint/rbac/blueprint.yaml @@ -48,6 +48,11 @@ exports: schema: type: string + - name: landscaperDeployerKubeconfigYaml + type: data + schema: + type: string + exportExecutions: - name: export-execution file: /export-execution.yaml diff --git a/.landscaper/landscaper-instance/blueprint/rbac/deploy-execution.yaml b/.landscaper/landscaper-instance/blueprint/rbac/deploy-execution.yaml index 2b1970b08..f3aaac8eb 100644 --- a/.landscaper/landscaper-instance/blueprint/rbac/deploy-execution.yaml +++ b/.landscaper/landscaper-instance/blueprint/rbac/deploy-execution.yaml @@ -12,24 +12,38 @@ deployItems: createNamespace: true chart: - {{ $landscaperComponent := getComponent .cd "name" "landscaper" }} - {{ $resource := getResource $landscaperComponent "name" "landscaper-controller-rbac-chart" }} + {{ $resource := getResource .cd "name" "landscaper-instance-resource-cluster-landscaper" }} ref: {{ $resource.access.imageReference }} values: - global: - serviceAccount: - controller: - create: true - annotations: {} - name: landscaper-controller + controller: + serviceAccountName: "landscaper-controller" + clusterRoleName: "landscaper.gardener.cloud:controller" - webhooksServer: - create: true - annotations: {} - name: landscaper-webhooks + webhooksServer: + serviceAccountName: "landscaper-webhooks" + clusterRoleName: "landscaper.gardener.cloud:webhooks-server" - user: - create: true - annotations: {} - name: landscaper-user + user: + serviceAccountName: "landscaper-user" + clusterRoleName: "landscaper.gardener.cloud:user" + + - name: deployer-rbac + type: landscaper.gardener.cloud/helm + target: + import: shootCluster + config: + apiVersion: helm.deployer.landscaper.gardener.cloud/v1alpha1 + kind: ProviderConfiguration + updateStrategy: patch + name: deployer-rbac + namespace: {{ .imports.targetClusterNamespace }} + createNamespace: true + + chart: + {{ $resource := getResource .cd "name" "landscaper-instance-resource-cluster-deployer" }} + ref: {{ $resource.access.imageReference }} + + values: + serviceAccountName: "landscaper-deployer" + clusterRoleName: "landscaper.gardener.cloud:deployer" diff --git a/.landscaper/landscaper-instance/blueprint/rbac/export-execution.yaml b/.landscaper/landscaper-instance/blueprint/rbac/export-execution.yaml index d1af09516..a512ed1db 100644 --- a/.landscaper/landscaper-instance/blueprint/rbac/export-execution.yaml +++ b/.landscaper/landscaper-instance/blueprint/rbac/export-execution.yaml @@ -7,3 +7,6 @@ exports: landscaperUserKubeconfigYaml: | {{- getOidcKubeconfig .imports.shootConfig.kubernetes.kubeAPIServer.oidcConfig.issuerURL .imports.shootConfig.kubernetes.kubeAPIServer.oidcConfig.clientID .imports.shootCluster | b64dec | nindent 4 }} + + landscaperDeployerKubeconfigYaml: | + {{- getServiceAccountKubeconfig "landscaper-deployer" .imports.targetClusterNamespace .imports.rotationConfig.tokenExpirationSeconds .imports.shootCluster | b64dec | nindent 4 }} diff --git a/.landscaper/landscaper-instance/blueprint/shoot/blueprint.yaml b/.landscaper/landscaper-instance/blueprint/shoot/blueprint.yaml index a910aacfd..f12f0958a 100644 --- a/.landscaper/landscaper-instance/blueprint/shoot/blueprint.yaml +++ b/.landscaper/landscaper-instance/blueprint/shoot/blueprint.yaml @@ -62,12 +62,6 @@ imports: - user - password - - name: subaccountId - required: false - type: data - schema: - type: string - - name: rotationConfig type: data schema: diff --git a/.landscaper/landscaper-instance/resources.yaml b/.landscaper/landscaper-instance/resources.yaml index 3ebdaa26e..2389881a1 100644 --- a/.landscaper/landscaper-instance/resources.yaml +++ b/.landscaper/landscaper-instance/resources.yaml @@ -75,6 +75,54 @@ access: imageReference: eu.gcr.io/gardener-project/landscaper-service/charts/sidecar-rbac:${VERSION} ... --- +type: helm.io/chart +name: landscaper-instance-resource-cluster-landscaper +relation: local +access: + type: ociRegistry + imageReference: eu.gcr.io/gardener-project/landscaper-service/charts/landscaper-instance/resource-cluster/landscaper:${VERSION} +... +--- +type: helm.io/chart +name: landscaper-instance-resource-cluster-deployer +relation: local +access: + type: ociRegistry + imageReference: eu.gcr.io/gardener-project/landscaper-service/charts/landscaper-instance/resource-cluster/deployer:${VERSION} +... +--- +type: helm.io/chart +name: landscaper-instance-target-cluster-landscaper +relation: local +access: + type: ociRegistry + imageReference: eu.gcr.io/gardener-project/landscaper-service/charts/landscaper-instance/target-cluster/landscaper:${VERSION} +... +--- +type: helm.io/chart +name: landscaper-instance-target-cluster-helm-deployer +relation: local +access: + type: ociRegistry + imageReference: eu.gcr.io/gardener-project/landscaper-service/charts/landscaper-instance/target-cluster/helm-deployer:${VERSION} +... +--- +type: helm.io/chart +name: landscaper-instance-target-cluster-manifest-deployer +relation: local +access: + type: ociRegistry + imageReference: eu.gcr.io/gardener-project/landscaper-service/charts/landscaper-instance/target-cluster/manifest-deployer:${VERSION} +... +--- +type: helm.io/chart +name: landscaper-instance-target-cluster-container-deployer +relation: local +access: + type: ociRegistry + imageReference: eu.gcr.io/gardener-project/landscaper-service/charts/landscaper-instance/target-cluster/container-deployer:${VERSION} +... +--- type: ociImage name: ls-service-target-shoot-sidecar-image relation: local diff --git a/.landscaper/landscaper-instance/test/component-descriptor.yaml b/.landscaper/landscaper-instance/test/component-descriptor.yaml new file mode 100644 index 000000000..a6ec70375 --- /dev/null +++ b/.landscaper/landscaper-instance/test/component-descriptor.yaml @@ -0,0 +1,13 @@ +component: + componentReferences: [] + name: github.com/gardener/landscaper-service/landscaper-instance + provider: internal + repositoryContexts: + - baseUrl: eu.gcr.io/gardener-project/development + componentNameMapping: urlPath + type: ociRegistry + resources: [] + sources: [] + version: v0.1.0 +meta: + schemaVersion: v2 diff --git a/.landscaper/landscaper-instance/test/export-templates.yaml b/.landscaper/landscaper-instance/test/export-templates.yaml new file mode 100644 index 000000000..be0afe6ca --- /dev/null +++ b/.landscaper/landscaper-instance/test/export-templates.yaml @@ -0,0 +1,49 @@ +installations: + - name: shoot + selector: .*/shoot-cluster + template: | + dataExports: + shootClusterKubeconfig: | + apiVersion: v1 + kind: Config + shootClusterEndpoint: test-shoot.api.mycluster.net + targetExports: + shootCluster: + metadata: + name: shoot-cluster + namespace: default + spec: + type: landscaper.gardener.cloud/kubernetes-cluster + config: + kubeconfig: | + apiVersion: v1 + kind: Config + + - name: landscaper-rbac + selector: .*/landscaper-rbac + template: | + dataExports: + landscaperControllerKubeconfigYaml: | + apiVersion: v1 + kind: Config + landscaperWebhooksKubeconfigYaml: | + apiVersion: v1 + kind: Config + landscaperUserKubeconfigYaml: | + apiVersion: v1 + kind: Config + landscaperDeployerKubeconfigYaml: | + apiVersion: v1 + kind: Config + targetExports: {} + + - name: sidecar-rbac + selector: .*/sidecar-rbac + template: | + dataExports: + sidecarControllerKubeconfigYaml: | + apiVersion: v1 + kind: Config + targetExports: {} + +deployItems: [] diff --git a/.landscaper/landscaper-instance/test/render.sh b/.landscaper/landscaper-instance/test/render.sh new file mode 100755 index 000000000..23eceebd2 --- /dev/null +++ b/.landscaper/landscaper-instance/test/render.sh @@ -0,0 +1,44 @@ +#!/usr/bin/env bash + +TEST_DIR="$(dirname $0)" +BASE_DIR="$(dirname $0)/.." + +RENDER_TMP_DIR="$(mktemp -d)" +RESOURCES_FILE="${RENDER_TMP_DIR}/resources.yaml" +COMPONENT_DESCRIPTOR_FILE="${RENDER_TMP_DIR}/test/component-descriptor.yaml" + +cp -R "${BASE_DIR}/." "${RENDER_TMP_DIR}" +export VERSION=v0.1.0 +envsubst <"${BASE_DIR}/resources.yaml" >"${RESOURCES_FILE}" + +LANDSCAPER_COMPONENT_REF="$(yq ./.landscaper/landscaper-instance/component-references.yaml -ojson -I=0)" +yq ".component.componentReferences += [${LANDSCAPER_COMPONENT_REF}]" "${TEST_DIR}/component-descriptor.yaml" > "${COMPONENT_DESCRIPTOR_FILE}" + +# render global installation blueprint +echo "!!! render global installation blueprint !!!" +landscaper-cli blueprints render ${BASE_DIR}/blueprint/installation \ + -c "${COMPONENT_DESCRIPTOR_FILE}" \ + -f "${TEST_DIR}/values-global.yaml" \ + -e "${TEST_DIR}/export-templates.yaml" \ + -r "${RESOURCES_FILE}" + +# render shoot blueprint +echo "!!! render shoot blueprint !!!" +landscaper-cli blueprints render ${BASE_DIR}/blueprint/shoot \ + -c "${COMPONENT_DESCRIPTOR_FILE}" \ + -f "${TEST_DIR}/values-shoot.yaml" \ + -r "${RESOURCES_FILE}" + +# render shoot blueprint +echo "!!! render landscaper rbac blueprint !!!" +landscaper-cli blueprints render ${BASE_DIR}/blueprint/rbac \ + -c "${COMPONENT_DESCRIPTOR_FILE}" \ + -f "${TEST_DIR}/values-rbac.yaml" \ + -r "${RESOURCES_FILE}" + +# render shoot blueprint +echo "!!! render sidecar rbac blueprint !!!" +landscaper-cli blueprints render ${BASE_DIR}/blueprint/rbac \ + -c "${COMPONENT_DESCRIPTOR_FILE}" \ + -f "${TEST_DIR}/values-sidecar-rbac.yaml" \ + -r "${RESOURCES_FILE}" diff --git a/.landscaper/landscaper-instance/test/values-global.yaml b/.landscaper/landscaper-instance/test/values-global.yaml new file mode 100644 index 000000000..da4338f68 --- /dev/null +++ b/.landscaper/landscaper-instance/test/values-global.yaml @@ -0,0 +1,151 @@ +imports: + hostingCluster: + metadata: + name: hosting-cluster + namespace: default + spec: + type: landscaper.gardener.cloud/kubernetes-cluster + config: + kubeconfig: | + apiVersion: v1 + kind: Config + + gardenerServiceAccount: + metadata: + name: hosting-cluster + namespace: default + spec: + type: landscaper.gardener.cloud/kubernetes-cluster + config: + kubeconfig: | + apiVersion: v1 + kind: Config + + hostingClusterNamespace: tenant-test-instance-1 + targetClusterNamespace: ls-system + shootName: test-shoot + shootNamespace: laasds + shootSecretBindingName: myprovider-secret + shootLabels: + landscaper-service.gardener.cloud/instanceName: instance1 + shootConfig: {} + auditPolicy: {} + auditLogService: + tenantId: audit-tenant + url: api.auditlog.service + user: audit-user + password: audit-pw + registryConfig: + cache: + useInMemoryOverlay: false + allowPlainHttpRegistries: false + insecureSkipVerify: false + + landscaperConfig: + landscaper: + verbosity: debug + replicas: 2 + controllers: + installations: + workers: 10 + executions: + workers: 5 + deployItemTimeouts: + pickup: 1h + progressingDefault: 20m + k8sClientSettings: + hostClient: + burst: 10 + qps: 20 + resourceClient: + burst: 10 + qps: 20 + + webhooksServer: + servicePort: 9999 + replicas: 3 + + resources: + requests: + cpu: 200m + memory: 300Mi + resourcesMain: + requests: + cpu: 500m + memory: 600Mi + + hpaMain: + maxReplicas: 5 + averageMemoryUtilization: 70 + averageCpuUtilization: 70 + + deployers: + - helm + - manifest + - container + + deployersConfig: + helm: + deployer: + controller: + workers: 33 + k8sClientSettings: + hostClient: + burst: 10 + qps: 20 + resourceClient: + burst: 10 + qps: 20 + resources: + requests: + cpu: 300m + memory: 300Mi + hpa: + maxReplicas: 10 + averageMemoryUtilization: 70 + averageCpuUtilization: 70 + manifest: + deployer: + controller: + workers: 33 + k8sClientSettings: + hostClient: + burst: 10 + qps: 20 + resourceClient: + burst: 10 + qps: 20 + resources: + requests: + cpu: 300m + memory: 300Mi + hpa: + maxReplicas: 10 + averageMemoryUtilization: 70 + averageCpuUtilization: 70 + container: + deployer: + controller: + workers: 33 + k8sClientSettings: + hostClient: + burst: 10 + qps: 20 + resourceClient: + burst: 10 + qps: 20 + resources: + requests: + cpu: 300m + memory: 300Mi + hpa: + maxReplicas: 10 + averageMemoryUtilization: 70 + averageCpuUtilization: 70 + + sidecarConfig: + verbosity: info + rotationConfig: + tokenExpirationSeconds: 3600 + adminKubeconfigExpirationSeconds: 3601 + webhooksHostName: test-shoot.api.mycluster.net diff --git a/.landscaper/landscaper-instance/test/values-rbac.yaml b/.landscaper/landscaper-instance/test/values-rbac.yaml new file mode 100644 index 000000000..59cb62639 --- /dev/null +++ b/.landscaper/landscaper-instance/test/values-rbac.yaml @@ -0,0 +1,16 @@ +imports: + shootCluster: + metadata: + name: shoot-cluster + namespace: default + spec: + type: landscaper.gardener.cloud/kubernetes-cluster + config: + kubeconfig: | + apiVersion: v1 + kind: Config + + targetClusterNamespace: ls-system + shootClusterEndpoint: test-shoot.api.mycluster.net + shootConfig: {} + rotationConfig: {} diff --git a/.landscaper/landscaper-instance/test/values-shoot.yaml b/.landscaper/landscaper-instance/test/values-shoot.yaml new file mode 100644 index 000000000..f01720d1d --- /dev/null +++ b/.landscaper/landscaper-instance/test/values-shoot.yaml @@ -0,0 +1,64 @@ +imports: + gardenerServiceAccount: + metadata: + name: hosting-cluster + namespace: default + spec: + type: landscaper.gardener.cloud/kubernetes-cluster + config: + kubeconfig: | + apiVersion: v1 + kind: Config + + name: test-shoot + namespace: laasds + secretBindingName: myprovider-secret + labels: + landscaper-service.gardener.cloud/instanceName: instance1 + shootConfig: + { + "provider": { + "type": "gcp", + "zone": "europe-west1-c" + }, + "region": "europe-west1", + "workers": { + "machine": { + "type": "n1-standard-2", + "image": { + "name": "gardenlinux", + "version": "934.10.0" + } + }, + "volume": { + "type": "pd-standard", + "size": "50Gi" + }, + "minimum": 1, + "maximum": 1, + "maxSurge": 1, + "maxUnavailable": 0 + }, + "kubernetes": { + "version": "1.25" + }, + "maintenance": { + "timeWindow": { + "begin": "050000+0200", + "end": "060000+0200" + }, + "autoUpdate": { + "kubernetesVersion": false, + "machineImageVersion": false + } + } + } + auditPolicy: { } + auditLogService: + tenantId: audit-tenant + url: api.auditlog.service + user: audit-user + password: audit-pw + rotationConfig: + tokenExpirationSeconds: 3600 + adminKubeconfigExpirationSeconds: 3601 \ No newline at end of file diff --git a/.landscaper/landscaper-instance/test/values-sidecar-rbac.yaml b/.landscaper/landscaper-instance/test/values-sidecar-rbac.yaml new file mode 100644 index 000000000..a76cbce35 --- /dev/null +++ b/.landscaper/landscaper-instance/test/values-sidecar-rbac.yaml @@ -0,0 +1,16 @@ +imports: + shootCluster: + metadata: + name: shoot-cluster + namespace: default + spec: + type: landscaper.gardener.cloud/kubernetes-cluster + config: + kubeconfig: | + apiVersion: v1 + kind: Config + + targetClusterNamespace: ls-system + shootClusterEndpoint: test-shoot.api.mycluster.net + shootConfig: {} + rotationConfig: {} \ No newline at end of file diff --git a/charts/landscaper-instance/resource-cluster/deployer/Chart.yaml b/charts/landscaper-instance/resource-cluster/deployer/Chart.yaml new file mode 100644 index 000000000..6239057ed --- /dev/null +++ b/charts/landscaper-instance/resource-cluster/deployer/Chart.yaml @@ -0,0 +1,10 @@ +# SPDX-FileCopyrightText: 2023 SAP SE or an SAP affiliate company and Gardener contributors +# +# SPDX-License-Identifier: Apache-2.0 + +apiVersion: v2 +name: deployer +description: Deployer Resource Cluster objects +type: application +version: v0.1.0 +appVersion: v0.73.0 diff --git a/charts/landscaper-instance/resource-cluster/deployer/templates/_helpers.tpl b/charts/landscaper-instance/resource-cluster/deployer/templates/_helpers.tpl new file mode 100644 index 000000000..681d9cbf7 --- /dev/null +++ b/charts/landscaper-instance/resource-cluster/deployer/templates/_helpers.tpl @@ -0,0 +1,23 @@ +{{/* SPDX-FileCopyrightText: 2023 SAP SE or an SAP affiliate company and Gardener contributors + + SPDX-License-Identifier: Apache-2.0 +*/}} + + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "deployer.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.AppVersion | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "deployer.labels" -}} +helm.sh/chart: {{ include "deployer.chart" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} diff --git a/charts/landscaper-instance/resource-cluster/deployer/templates/clusterrole.yaml b/charts/landscaper-instance/resource-cluster/deployer/templates/clusterrole.yaml new file mode 100644 index 000000000..7e6e3f106 --- /dev/null +++ b/charts/landscaper-instance/resource-cluster/deployer/templates/clusterrole.yaml @@ -0,0 +1,58 @@ +{{/* SPDX-FileCopyrightText: 2023 SAP SE or an SAP affiliate company and Gardener contributors + + SPDX-License-Identifier: Apache-2.0 +*/}} + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ .Values.clusterRoleName }} + labels: + {{- include "deployer.labels" . | nindent 4 }} +rules: + - apiGroups: + - landscaper.gardener.cloud + resources: + - deployitems + - deployitems/status + verbs: + - get + - watch + - list + - update + - patch + + - apiGroups: + - landscaper.gardener.cloud + resources: + - targets + - contexts + verbs: + - get + - watch + - list + + - apiGroups: + - landscaper.gardener.cloud + resources: + - syncobjects + verbs: + - "*" + + - apiGroups: + - "" + resources: + - events + verbs: + - create + - get + - watch + - patch + - update + + - apiGroups: + - "" + resources: + - secrets + verbs: + - "*" \ No newline at end of file diff --git a/charts/landscaper-instance/resource-cluster/deployer/templates/clusterrolebinding.yaml b/charts/landscaper-instance/resource-cluster/deployer/templates/clusterrolebinding.yaml new file mode 100644 index 000000000..e2940f64d --- /dev/null +++ b/charts/landscaper-instance/resource-cluster/deployer/templates/clusterrolebinding.yaml @@ -0,0 +1,19 @@ +{{/* SPDX-FileCopyrightText: 2023 SAP SE or an SAP affiliate company and Gardener contributors + + SPDX-License-Identifier: Apache-2.0 +*/}} + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ .Values.clusterRoleName }} + labels: + {{- include "deployer.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ .Values.clusterRoleName }} +subjects: + - kind: ServiceAccount + name: {{ .Values.serviceAccountName }} + namespace: {{ .Release.Namespace }} diff --git a/charts/landscaper-instance/resource-cluster/deployer/templates/serviceaccount.yaml b/charts/landscaper-instance/resource-cluster/deployer/templates/serviceaccount.yaml new file mode 100644 index 000000000..b41c0c9ec --- /dev/null +++ b/charts/landscaper-instance/resource-cluster/deployer/templates/serviceaccount.yaml @@ -0,0 +1,11 @@ +{{/* SPDX-FileCopyrightText: 2023 SAP SE or an SAP affiliate company and Gardener contributors + + SPDX-License-Identifier: Apache-2.0 +*/}} + +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ .Values.serviceAccountName }} + labels: + {{- include "deployer.labels" . | nindent 4 }} diff --git a/charts/landscaper-instance/resource-cluster/deployer/values.yaml b/charts/landscaper-instance/resource-cluster/deployer/values.yaml new file mode 100644 index 000000000..04f108eec --- /dev/null +++ b/charts/landscaper-instance/resource-cluster/deployer/values.yaml @@ -0,0 +1,7 @@ +# SPDX-FileCopyrightText: 2023 SAP SE or an SAP affiliate company and Gardener contributors +# +# SPDX-License-Identifier: Apache-2.0 + + +serviceAccountName: "landscaper-deployer" +clusterRoleName: "landscaper.gardener.cloud:deployer" diff --git a/charts/landscaper-instance/resource-cluster/landscaper/Chart.yaml b/charts/landscaper-instance/resource-cluster/landscaper/Chart.yaml new file mode 100644 index 000000000..8a9b42e03 --- /dev/null +++ b/charts/landscaper-instance/resource-cluster/landscaper/Chart.yaml @@ -0,0 +1,10 @@ +# SPDX-FileCopyrightText: 2023 SAP SE or an SAP affiliate company and Gardener contributors +# +# SPDX-License-Identifier: Apache-2.0 + +apiVersion: v2 +name: landscaper +description: Landscaper Resource Cluster objects +type: application +version: v0.1.0 +appVersion: v0.73.0 diff --git a/charts/landscaper-instance/resource-cluster/landscaper/templates/_helpers.tpl b/charts/landscaper-instance/resource-cluster/landscaper/templates/_helpers.tpl new file mode 100644 index 000000000..d40bf8ea3 --- /dev/null +++ b/charts/landscaper-instance/resource-cluster/landscaper/templates/_helpers.tpl @@ -0,0 +1,23 @@ +{{/* SPDX-FileCopyrightText: 2023 SAP SE or an SAP affiliate company and Gardener contributors + + SPDX-License-Identifier: Apache-2.0 +*/}} + + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "landscaper.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.AppVersion | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "landscaper.labels" -}} +helm.sh/chart: {{ include "landscaper.chart" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} diff --git a/charts/landscaper-instance/resource-cluster/landscaper/templates/clusterrole-controller.yaml b/charts/landscaper-instance/resource-cluster/landscaper/templates/clusterrole-controller.yaml new file mode 100644 index 000000000..fb3ea223e --- /dev/null +++ b/charts/landscaper-instance/resource-cluster/landscaper/templates/clusterrole-controller.yaml @@ -0,0 +1,53 @@ +{{/* SPDX-FileCopyrightText: 2023 SAP SE or an SAP affiliate company and Gardener contributors + + SPDX-License-Identifier: Apache-2.0 +*/}} + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ .Values.controller.clusterRoleName }} + labels: + {{- include "landscaper.labels" . | nindent 4 }} +rules: + - apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - "*" + + - apiGroups: + - landscaper.gardener.cloud + resources: + - "*" + verbs: + - "*" + + - apiGroups: + - "" + resources: + - events + verbs: + - create + - get + - watch + - patch + - update + + - apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list + - watch + + - apiGroups: + - "" + resources: + - secrets + - configmaps + verbs: + - "*" diff --git a/charts/landscaper-instance/resource-cluster/landscaper/templates/clusterrole-user.yaml b/charts/landscaper-instance/resource-cluster/landscaper/templates/clusterrole-user.yaml new file mode 100644 index 000000000..32514a158 --- /dev/null +++ b/charts/landscaper-instance/resource-cluster/landscaper/templates/clusterrole-user.yaml @@ -0,0 +1,27 @@ +{{/* SPDX-FileCopyrightText: 2023 SAP SE or an SAP affiliate company and Gardener contributors + + SPDX-License-Identifier: Apache-2.0 +*/}} + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ .Values.user.clusterRoleName }} + labels: + {{- include "landscaper.labels" . | nindent 4 }} +rules: + - apiGroups: + - landscaper.gardener.cloud + resources: + - "*" + verbs: + - "*" + + - apiGroups: + - "" + resources: + - namespaces + - secrets + - configmaps + verbs: + - "*" diff --git a/charts/landscaper-instance/resource-cluster/landscaper/templates/clusterrole-webhooks.yaml b/charts/landscaper-instance/resource-cluster/landscaper/templates/clusterrole-webhooks.yaml new file mode 100644 index 000000000..235e63a52 --- /dev/null +++ b/charts/landscaper-instance/resource-cluster/landscaper/templates/clusterrole-webhooks.yaml @@ -0,0 +1,32 @@ +{{/* SPDX-FileCopyrightText: 2023 SAP SE or an SAP affiliate company and Gardener contributors + + SPDX-License-Identifier: Apache-2.0 +*/}} + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ .Values.webhooksServer.clusterRoleName }} + labels: + {{- include "landscaper.labels" . | nindent 4 }} +rules: + - apiGroups: + - admissionregistration.k8s.io + resources: + - validatingwebhookconfigurations + verbs: + - "*" + + - apiGroups: + - "" + resources: + - secrets + verbs: + - "*" + - + - apiGroups: + - landscaper.gardener.cloud + resources: + - installations + verbs: + - list diff --git a/charts/landscaper-instance/resource-cluster/landscaper/templates/clusterrolebinding.yaml b/charts/landscaper-instance/resource-cluster/landscaper/templates/clusterrolebinding.yaml new file mode 100644 index 000000000..dc20772ce --- /dev/null +++ b/charts/landscaper-instance/resource-cluster/landscaper/templates/clusterrolebinding.yaml @@ -0,0 +1,53 @@ +{{/* SPDX-FileCopyrightText: 2023 SAP SE or an SAP affiliate company and Gardener contributors + + SPDX-License-Identifier: Apache-2.0 +*/}} + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ .Values.controller.clusterRoleName }} + labels: + {{- include "landscaper.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ .Values.controller.clusterRoleName }} +subjects: + - kind: ServiceAccount + name: {{ .Values.controller.serviceAccountName }} + namespace: {{ .Release.Namespace }} +... +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ .Values.webhooksServer.clusterRoleName }} + labels: + {{- include "landscaper.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ .Values.webhooksServer.clusterRoleName }} +subjects: + - kind: ServiceAccount + name: {{ .Values.webhooksServer.serviceAccountName }} + namespace: {{ .Release.Namespace }} +... +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ .Values.user.clusterRoleName }} + labels: + {{- include "landscaper.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ .Values.user.clusterRoleName }} +subjects: + - kind: ServiceAccount + name: {{ .Values.user.serviceAccountName }} + namespace: {{ .Release.Namespace }} +... diff --git a/charts/landscaper-instance/resource-cluster/landscaper/templates/serviceaccount.yaml b/charts/landscaper-instance/resource-cluster/landscaper/templates/serviceaccount.yaml new file mode 100644 index 000000000..f76755309 --- /dev/null +++ b/charts/landscaper-instance/resource-cluster/landscaper/templates/serviceaccount.yaml @@ -0,0 +1,29 @@ +{{/* SPDX-FileCopyrightText: 2023 SAP SE or an SAP affiliate company and Gardener contributors + + SPDX-License-Identifier: Apache-2.0 +*/}} + +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ .Values.controller.serviceAccountName }} + labels: + {{- include "landscaper.labels" . | nindent 4 }} +... +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ .Values.webhooksServer.serviceAccountName }} + labels: + {{- include "landscaper.labels" . | nindent 4 }} +... +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ .Values.user.serviceAccountName }} + labels: + {{- include "landscaper.labels" . | nindent 4 }} +... \ No newline at end of file diff --git a/charts/landscaper-instance/resource-cluster/landscaper/values.yaml b/charts/landscaper-instance/resource-cluster/landscaper/values.yaml new file mode 100644 index 000000000..b57aec18f --- /dev/null +++ b/charts/landscaper-instance/resource-cluster/landscaper/values.yaml @@ -0,0 +1,15 @@ +# SPDX-FileCopyrightText: 2023 SAP SE or an SAP affiliate company and Gardener contributors +# +# SPDX-License-Identifier: Apache-2.0 + +controller: + serviceAccountName: "landscaper-controller" + clusterRoleName: "landscaper.gardener.cloud:controller" + +webhooksServer: + serviceAccountName: "landscaper-webhooks" + clusterRoleName: "landscaper.gardener.cloud:webhooks-server" + +user: + serviceAccountName: "landscaper-user" + clusterRoleName: "landscaper.gardener.cloud:user" diff --git a/charts/landscaper-instance/target-cluster/container-deployer/Chart.yaml b/charts/landscaper-instance/target-cluster/container-deployer/Chart.yaml new file mode 100644 index 000000000..94db4c1ac --- /dev/null +++ b/charts/landscaper-instance/target-cluster/container-deployer/Chart.yaml @@ -0,0 +1,10 @@ +# SPDX-FileCopyrightText: 2023 SAP SE or an SAP affiliate company and Gardener contributors +# +# SPDX-License-Identifier: Apache-2.0 + +apiVersion: v2 +name: container-deployer +description: Landscaper Container Deployer +type: application +version: v0.1.0 +appVersion: v0.77.0 diff --git a/charts/landscaper-instance/target-cluster/container-deployer/templates/_helpers.tpl b/charts/landscaper-instance/target-cluster/container-deployer/templates/_helpers.tpl new file mode 100644 index 000000000..6376262ba --- /dev/null +++ b/charts/landscaper-instance/target-cluster/container-deployer/templates/_helpers.tpl @@ -0,0 +1,94 @@ + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "deployer.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.AppVersion | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "deployer.labels" -}} +helm.sh/chart: {{ include "deployer.chart" . }} +{{ include "deployer.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "deployer.selectorLabels" -}} +app.kubernetes.io/name: {{ .Values.deployer.name}} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{- define "deployer.clusterrole.name" -}} +landscaper.gardener.cloud:{{- .Values.deployer.name }} +{{- end }} + +{{/* +Create the Helm deployer config file which will be encapsulated in a secret. +*/}} +{{- define "deployer-config" -}} +apiVersion: container.deployer.landscaper.gardener.cloud/v1alpha1 +kind: Configuration + +identity: {{ .Values.deployer.identity }} + +namespace: {{ .Release.Namespace }} + +initContainer: + image: "{{ include "init-image" . }}" +waitContainer: + image: "{{ include "wait-image" . }}" + +{{- if .Values.deployer.registryConfig }} +oci: + allowPlainHttp: {{ .Values.deployer.registryConfig.allowPlainHttp }} + insecureSkipVerify: {{ .Values.deployer.registryConfig.insecureSkipVerify }} + {{- if .Values.deployer.registryConfig.secrets }} + configFiles: + {{- range $key, $value := .Values.deployer.registryConfig.secrets }} + - /app/ls/registry/secrets/{{ $key }} + {{- end }} + {{- end }} +{{- end }} +{{- if .Values.deployer.hpa }} +hpa: +{{ .Values.deployer.hpa | toYaml | indent 2 }} +{{- end }} +{{- if .Values.deployer.controller }} +controller: +{{ .Values.deployer.controller | toYaml | indent 2 }} +{{- end }} +{{- end }} + +{{- define "deployer-image" -}} +{{- $tag := ( .Values.deployer.image.controller.tag | default .Chart.AppVersion ) -}} +{{- $image := dict "repository" .Values.deployer.image.controller.repository "tag" $tag -}} +{{- include "utils-templates.image" $image }} +{{- end -}} + +{{- define "init-image" -}} +{{- $tag := ( .Values.deployer.image.initContainer.tag | default .Chart.AppVersion ) -}} +{{- $image := dict "repository" .Values.deployer.image.initContainer.repository "tag" $tag -}} +{{- include "utils-templates.image" $image }} +{{- end -}} + +{{- define "wait-image" -}} +{{- $tag := ( .Values.deployer.image.waitContainer.tag | default .Chart.AppVersion ) -}} +{{- $image := dict "repository" .Values.deployer.image.waitContainer.repository "tag" $tag -}} +{{- include "utils-templates.image" $image }} +{{- end -}} + +{{- define "utils-templates.image" -}} +{{- if hasPrefix "sha256:" (required "$.tag is required" $.tag) -}} +{{ required "$.repository is required" $.repository }}@{{ required "$.tag is required" $.tag }} +{{- else -}} +{{ required "$.repository is required" $.repository }}:{{ required "$.tag is required" $.tag }} +{{- end -}} +{{- end -}} \ No newline at end of file diff --git a/charts/landscaper-instance/target-cluster/container-deployer/templates/clusterrole.yaml b/charts/landscaper-instance/target-cluster/container-deployer/templates/clusterrole.yaml new file mode 100644 index 000000000..27e2e26c0 --- /dev/null +++ b/charts/landscaper-instance/target-cluster/container-deployer/templates/clusterrole.yaml @@ -0,0 +1,62 @@ +{{/* SPDX-FileCopyrightText: 2023 SAP SE or an SAP affiliate company and Gardener contributors + + SPDX-License-Identifier: Apache-2.0 +*/}} + + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "deployer.clusterrole.name" . }} + labels: + {{- include "deployer.labels" . | nindent 4 }} +rules: + - apiGroups: + - "" + resources: + - "events" + verbs: + - create + - get + - list + - watch + - patch + - update + + - apiGroups: + - "" + resources: + - "secrets" + verbs: + - get + - list + - watch + + - apiGroups: + - "" + resources: + - "pods" + - "pods/status" + verbs: + - get + - list + - watch + + - apiGroups: + - "" + resources: + - "serviceaccounts" + verbs: + - get + - list + - watch + + - apiGroups: + - "rbac.authorization.k8s.io" + resources: + - "roles" + - "rolebindings" + verbs: + - get + - list + - watch diff --git a/charts/landscaper-instance/target-cluster/container-deployer/templates/clusterrolebinding.yaml b/charts/landscaper-instance/target-cluster/container-deployer/templates/clusterrolebinding.yaml new file mode 100644 index 000000000..ca23bbdf6 --- /dev/null +++ b/charts/landscaper-instance/target-cluster/container-deployer/templates/clusterrolebinding.yaml @@ -0,0 +1,19 @@ +{{/* SPDX-FileCopyrightText: 2023 SAP SE or an SAP affiliate company and Gardener contributors + + SPDX-License-Identifier: Apache-2.0 +*/}} + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ include "deployer.clusterrole.name" . }} + labels: + {{- include "deployer.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ include "deployer.clusterrole.name" . }} +subjects: + - kind: ServiceAccount + name: {{ .Values.deployer.serviceAccountName }} + namespace: {{ .Release.Namespace }} diff --git a/charts/landscaper-instance/target-cluster/container-deployer/templates/config-secret.yaml b/charts/landscaper-instance/target-cluster/container-deployer/templates/config-secret.yaml new file mode 100644 index 000000000..f3933e2ed --- /dev/null +++ b/charts/landscaper-instance/target-cluster/container-deployer/templates/config-secret.yaml @@ -0,0 +1,13 @@ +{{/* SPDX-FileCopyrightText: 2023 SAP SE or an SAP affiliate company and Gardener contributors + + SPDX-License-Identifier: Apache-2.0 +*/}} + +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Values.deployer.name }}-config + labels: + {{- include "deployer.labels" . | nindent 4 }} +data: + config.yaml: {{ include "deployer-config" . | b64enc }} diff --git a/charts/landscaper-instance/target-cluster/container-deployer/templates/deployment.yaml b/charts/landscaper-instance/target-cluster/container-deployer/templates/deployment.yaml new file mode 100644 index 000000000..64a11d765 --- /dev/null +++ b/charts/landscaper-instance/target-cluster/container-deployer/templates/deployment.yaml @@ -0,0 +1,100 @@ +{{/* SPDX-FileCopyrightText: 2023 SAP SE or an SAP affiliate company and Gardener contributors + + SPDX-License-Identifier: Apache-2.0 +*/}} + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ .Values.deployer.name }} + labels: + {{- include "deployer.labels" . | nindent 4 }} +spec: + replicas: {{ .Values.deployer.replicaCount }} + {{- if .Values.deployer.hpa.maxReplicas | int | eq 1 }} + strategy: + type: Recreate + {{- end }} + selector: + matchLabels: + {{- include "deployer.selectorLabels" . | nindent 6 }} + template: + metadata: + annotations: + checksum/config: {{ include "deployer-config" . | sha256sum }} + {{- if .Values.deployer.registryConfig.secrets }} + checksum/registrysecrets: {{ toJson .Values.deployer.registryConfig.secrets | sha256sum }} + {{- end }} + checksum/kubeconfigsecret: {{ toJson .Values.deployer.resourceCluster.kubeconfig | sha256sum }} + labels: + {{- include "deployer.selectorLabels" . | nindent 8 }} + landscaper.gardener.cloud/topology: container-deployer + landscaper.gardener.cloud/topology-ns: {{ .Release.Namespace }} + spec: + serviceAccountName: {{.Values.deployer.serviceAccountName }} + containers: + - name: {{ .Values.deployer.containerName }} + image: "{{ include "deployer-image" . }}" + imagePullPolicy: {{ .Values.deployer.image.pullPolicy }} + args: + - "--config=/app/ls/config/config.yaml" + - "--landscaper-kubeconfig=/app/ls/resource-cluster-kubeconfig/kubeconfig" + - "-v={{ .Values.deployer.verbosity }}" + volumeMounts: + - name: config + mountPath: /app/ls/config/ + {{- if .Values.deployer.registryConfig.secrets }} + - name: ociregistry + mountPath: /app/ls/registry/secrets + {{- end }} + - name: resource-cluster-kubeconfig + mountPath: /app/ls/resource-cluster-kubeconfig + resources: + {{- toYaml .Values.deployer.resources | nindent 12 }} + env: + - name: MY_POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: MY_POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + {{- if .Values.deployer.k8sClientSettings }} + - name: LS_HOST_CLIENT_BURST + value: {{ .Values.deployer.k8sClientSettings.hostClient.burst | quote }} + - name: LS_HOST_CLIENT_QPS + value: {{ .Values.deployer.k8sClientSettings.hostClient.qps | quote }} + - name: LS_RESOURCE_CLIENT_BURST + value: {{ .Values.deployer.k8sClientSettings.resourceClient.burst | quote }} + - name: LS_RESOURCE_CLIENT_QPS + value: {{ .Values.deployer.k8sClientSettings.resourceClient.qps | quote }} + {{- end }} + + volumes: + - name: config + secret: + secretName: {{ .Values.deployer.name }}-config + {{- if .Values.deployer.registryConfig.secrets }} + - name: ociregistry + secret: + secretName: {{ .Values.deployer.name }}-registries + {{- end }} + - name: resource-cluster-kubeconfig + secret: + secretName: {{ .Values.deployer.name }}-cluster-kubeconfig + topologySpreadConstraints: + - maxSkew: 1 + topologyKey: topology.kubernetes.io/zone + whenUnsatisfiable: ScheduleAnyway + labelSelector: + matchLabels: + landscaper.gardener.cloud/topology: container-deployer + landscaper.gardener.cloud/topology-ns: {{ .Release.Namespace }} + - maxSkew: 1 + topologyKey: kubernetes.io/hostname + whenUnsatisfiable: ScheduleAnyway + labelSelector: + matchLabels: + landscaper.gardener.cloud/topology: container-deployer + landscaper.gardener.cloud/topology-ns: {{ .Release.Namespace }} diff --git a/charts/landscaper-instance/target-cluster/container-deployer/templates/hpa.yaml b/charts/landscaper-instance/target-cluster/container-deployer/templates/hpa.yaml new file mode 100644 index 000000000..f5abe1bbe --- /dev/null +++ b/charts/landscaper-instance/target-cluster/container-deployer/templates/hpa.yaml @@ -0,0 +1,31 @@ +{{/* SPDX-FileCopyrightText: 2023 SAP SE or an SAP affiliate company and Gardener contributors + + SPDX-License-Identifier: Apache-2.0 +*/}} + +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: {{ .Values.deployer.name }} + labels: + {{- include "deployer.labels" . | nindent 4 }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ .Values.deployer.name }} + minReplicas: {{ .Values.deployer.hpa.minReplicas }} + maxReplicas: {{ .Values.deployer.hpa.maxReplicas }} + metrics: + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: {{ .Values.deployer.hpa.averageCpuUtilization }} + - type: Resource + resource: + name: memory + target: + type: Utilization + averageUtilization: {{ .Values.deployer.hpa.averageMemoryUtilization }} diff --git a/charts/landscaper-instance/target-cluster/container-deployer/templates/registry-secret.yaml b/charts/landscaper-instance/target-cluster/container-deployer/templates/registry-secret.yaml new file mode 100644 index 000000000..b2eba0309 --- /dev/null +++ b/charts/landscaper-instance/target-cluster/container-deployer/templates/registry-secret.yaml @@ -0,0 +1,17 @@ +{{/* SPDX-FileCopyrightText: 2023 SAP SE or an SAP affiliate company and Gardener contributors + + SPDX-License-Identifier: Apache-2.0 +*/}} + +{{- if .Values.deployer.registryConfig.secrets }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Values.deployer.name }}-registries + labels: + {{- include "deployer.labels" . | nindent 4 }} +data: + {{- range $key, $value := .Values.deployer.registryConfig.secrets }} + {{ $key }}: {{ toJson $value | b64enc }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/charts/landscaper-instance/target-cluster/container-deployer/templates/resourcecluster-kubeconfig-secret.yaml b/charts/landscaper-instance/target-cluster/container-deployer/templates/resourcecluster-kubeconfig-secret.yaml new file mode 100644 index 000000000..96073dedd --- /dev/null +++ b/charts/landscaper-instance/target-cluster/container-deployer/templates/resourcecluster-kubeconfig-secret.yaml @@ -0,0 +1,13 @@ +{{/* SPDX-FileCopyrightText: 2023 SAP SE or an SAP affiliate company and Gardener contributors + + SPDX-License-Identifier: Apache-2.0 +*/}} + +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Values.deployer.name }}-cluster-kubeconfig + labels: + {{- include "deployer.labels" . | nindent 4 }} +data: + kubeconfig: {{ .Values.deployer.resourceCluster.kubeconfig | b64enc }} diff --git a/charts/landscaper-instance/target-cluster/container-deployer/templates/role.yaml b/charts/landscaper-instance/target-cluster/container-deployer/templates/role.yaml new file mode 100644 index 000000000..13782b440 --- /dev/null +++ b/charts/landscaper-instance/target-cluster/container-deployer/templates/role.yaml @@ -0,0 +1,54 @@ +{{/* SPDX-FileCopyrightText: 2023 SAP SE or an SAP affiliate company and Gardener contributors + + SPDX-License-Identifier: Apache-2.0 +*/}} + + +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ .Values.deployer.name }} + labels: + {{- include "deployer.labels" . | nindent 4 }} +rules: + - apiGroups: + - "" + resources: + - "events" + verbs: + - create + - get + - list + - watch + - patch + - update + + - apiGroups: + - "" + resources: + - "secrets" + verbs: + - "*" + + - apiGroups: + - "" + resources: + - "pods" + - "pods/status" + verbs: + - "*" + + - apiGroups: + - "" + resources: + - "serviceaccounts" + verbs: + - "*" + + - apiGroups: + - "rbac.authorization.k8s.io" + resources: + - "roles" + - "rolebindings" + verbs: + - "*" diff --git a/charts/landscaper-instance/target-cluster/container-deployer/templates/rolebinding.yaml b/charts/landscaper-instance/target-cluster/container-deployer/templates/rolebinding.yaml new file mode 100644 index 000000000..fa70461f9 --- /dev/null +++ b/charts/landscaper-instance/target-cluster/container-deployer/templates/rolebinding.yaml @@ -0,0 +1,19 @@ +{{/* SPDX-FileCopyrightText: 2023 SAP SE or an SAP affiliate company and Gardener contributors + + SPDX-License-Identifier: Apache-2.0 +*/}} + +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ .Values.deployer.name }} + labels: + {{- include "deployer.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ .Values.deployer.name }} +subjects: + - kind: ServiceAccount + name: {{ .Values.deployer.serviceAccountName }} + namespace: {{ .Release.Namespace }} diff --git a/charts/landscaper-instance/target-cluster/container-deployer/templates/serviceaccount.yaml b/charts/landscaper-instance/target-cluster/container-deployer/templates/serviceaccount.yaml new file mode 100644 index 000000000..a8a6a05cc --- /dev/null +++ b/charts/landscaper-instance/target-cluster/container-deployer/templates/serviceaccount.yaml @@ -0,0 +1,11 @@ +{{/* SPDX-FileCopyrightText: 2023 SAP SE or an SAP affiliate company and Gardener contributors + + SPDX-License-Identifier: Apache-2.0 +*/}} + +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ .Values.deployer.serviceAccountName }} + labels: + {{- include "deployer.labels" . | nindent 4 }} diff --git a/charts/landscaper-instance/target-cluster/container-deployer/values.yaml b/charts/landscaper-instance/target-cluster/container-deployer/values.yaml new file mode 100644 index 000000000..32a22d119 --- /dev/null +++ b/charts/landscaper-instance/target-cluster/container-deployer/values.yaml @@ -0,0 +1,68 @@ +deployer: + name: container-deployer + identity: container-deployer-default + containerName: container-deployer + serviceAccountName: container-deployer + verbosity: info + + registryConfig: + allowPlainHttp: false + insecureSkipVerify: false + secrets: {} + + resourceCluster: + kubeconfig: | + apiVersion: v1 + kind: Config + clusters: [] + users: [] + contexts: [] + + replicaCount: 1 + + hpa: + minReplicas: 1 + maxReplicas: 1 + averageCpuUtilization: 80 + averageMemoryUtilization: 80 + + controller: + workers: 30 + + # burst and max queries per second settings for k8s client used in reconciliation + k8sClientSettings: + # settings of client for host cluster; are overwritten by settings for resourceClient if host and resource cluster are identical + hostClient: + burst: 30 + qps: 20 + + # settings of client for resource cluster + resourceClient: + burst: 60 + qps: 40 + + resources: + requests: + cpu: 100m + memory: 100Mi + # limits: + # cpu: 100m + # memory: 128Mi + + image: + controller: + repository: eu.gcr.io/gardener-project/landscaper/container-deployer-controller + pullPolicy: IfNotPresent + # Overrides the image tag whose default is the chart appVersion. + # tag: "" + + initContainer: + repository: eu.gcr.io/gardener-project/landscaper/container-deployer-init + # Overrides the image tag whose default is the chart appVersion. + # tag: "" + waitContainer: + repository: eu.gcr.io/gardener-project/landscaper/container-deployer-wait + # Overrides the image tag whose default is the chart appVersion. + # tag: "" + + diff --git a/charts/landscaper-instance/target-cluster/helm-deployer/Chart.yaml b/charts/landscaper-instance/target-cluster/helm-deployer/Chart.yaml new file mode 100644 index 000000000..f13bdae9c --- /dev/null +++ b/charts/landscaper-instance/target-cluster/helm-deployer/Chart.yaml @@ -0,0 +1,10 @@ +# SPDX-FileCopyrightText: 2023 SAP SE or an SAP affiliate company and Gardener contributors +# +# SPDX-License-Identifier: Apache-2.0 + +apiVersion: v2 +name: helm-deployer +description: Landscaper Helm Deployer +type: application +version: v0.1.0 +appVersion: v0.77.0 diff --git a/charts/landscaper-instance/target-cluster/helm-deployer/templates/_helpers.tpl b/charts/landscaper-instance/target-cluster/helm-deployer/templates/_helpers.tpl new file mode 100644 index 000000000..3c6cc6030 --- /dev/null +++ b/charts/landscaper-instance/target-cluster/helm-deployer/templates/_helpers.tpl @@ -0,0 +1,69 @@ + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "deployer.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.AppVersion | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "deployer.labels" -}} +helm.sh/chart: {{ include "deployer.chart" . }} +{{ include "deployer.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "deployer.selectorLabels" -}} +app.kubernetes.io/name: {{ .Values.deployer.name}} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the Helm deployer config file which will be encapsulated in a secret. +*/}} +{{- define "deployer-config" -}} +apiVersion: helm.deployer.landscaper.gardener.cloud/v1alpha1 +kind: Configuration +identity: {{ .Values.deployer.identity }} +{{- if .Values.deployer.registryConfig }} +oci: + allowPlainHttp: {{ .Values.deployer.registryConfig.allowPlainHttp }} + insecureSkipVerify: {{ .Values.deployer.registryConfig.insecureSkipVerify }} + {{- if .Values.deployer.registryConfig.secrets }} + configFiles: + {{- range $key, $value := .Values.deployer.registryConfig.secrets }} + - /app/ls/registry/secrets/{{ $key }} + {{- end }} + {{- end }} +{{- end }} +{{- if .Values.deployer.hpa }} +hpa: +{{ .Values.deployer.hpa | toYaml | indent 2 }} +{{- end }} +{{- if .Values.deployer.controller }} +controller: +{{ .Values.deployer.controller | toYaml | indent 2 }} +{{- end }} +{{- end }} + +{{- define "deployer-image" -}} +{{- $tag := ( .Values.deployer.image.tag | default .Chart.AppVersion ) -}} +{{- $image := dict "repository" .Values.deployer.image.repository "tag" $tag -}} +{{- include "utils-templates.image" $image }} +{{- end -}} + +{{- define "utils-templates.image" -}} +{{- if hasPrefix "sha256:" (required "$.tag is required" $.tag) -}} +{{ required "$.repository is required" $.repository }}@{{ required "$.tag is required" $.tag }} +{{- else -}} +{{ required "$.repository is required" $.repository }}:{{ required "$.tag is required" $.tag }} +{{- end -}} +{{- end -}} \ No newline at end of file diff --git a/charts/landscaper-instance/target-cluster/helm-deployer/templates/config-secret.yaml b/charts/landscaper-instance/target-cluster/helm-deployer/templates/config-secret.yaml new file mode 100644 index 000000000..f3933e2ed --- /dev/null +++ b/charts/landscaper-instance/target-cluster/helm-deployer/templates/config-secret.yaml @@ -0,0 +1,13 @@ +{{/* SPDX-FileCopyrightText: 2023 SAP SE or an SAP affiliate company and Gardener contributors + + SPDX-License-Identifier: Apache-2.0 +*/}} + +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Values.deployer.name }}-config + labels: + {{- include "deployer.labels" . | nindent 4 }} +data: + config.yaml: {{ include "deployer-config" . | b64enc }} diff --git a/charts/landscaper-instance/target-cluster/helm-deployer/templates/deployment.yaml b/charts/landscaper-instance/target-cluster/helm-deployer/templates/deployment.yaml new file mode 100644 index 000000000..c9ce184fc --- /dev/null +++ b/charts/landscaper-instance/target-cluster/helm-deployer/templates/deployment.yaml @@ -0,0 +1,100 @@ +{{/* SPDX-FileCopyrightText: 2023 SAP SE or an SAP affiliate company and Gardener contributors + + SPDX-License-Identifier: Apache-2.0 +*/}} + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ .Values.deployer.name }} + labels: + {{- include "deployer.labels" . | nindent 4 }} +spec: + replicas: {{ .Values.deployer.replicaCount }} + {{- if .Values.deployer.hpa.maxReplicas | int | eq 1 }} + strategy: + type: Recreate + {{- end }} + selector: + matchLabels: + {{- include "deployer.selectorLabels" . | nindent 6 }} + template: + metadata: + annotations: + checksum/config: {{ include "deployer-config" . | sha256sum }} + {{- if .Values.deployer.registryConfig.secrets }} + checksum/registrysecrets: {{ toJson .Values.deployer.registryConfig.secrets | sha256sum }} + {{- end }} + checksum/kubeconfigsecret: {{ toJson .Values.deployer.resourceCluster.kubeconfig | sha256sum }} + labels: + {{- include "deployer.selectorLabels" . | nindent 8 }} + landscaper.gardener.cloud/topology: helm-deployer + landscaper.gardener.cloud/topology-ns: {{ .Release.Namespace }} + spec: + serviceAccountName: {{ .Values.deployer.serviceAccountName }} + containers: + - name: {{ .Values.deployer.containerName }} + image: "{{ include "deployer-image" . }}" + imagePullPolicy: {{ .Values.deployer.image.pullPolicy }} + args: + - "--config=/app/ls/config/config.yaml" + - "--landscaper-kubeconfig=/app/ls/resource-cluster-kubeconfig/kubeconfig" + - "-v={{ .Values.deployer.verbosity }}" + volumeMounts: + - name: config + mountPath: /app/ls/config/ + {{- if .Values.deployer.registryConfig.secrets }} + - name: ociregistry + mountPath: /app/ls/registry/secrets + {{- end }} + - name: resource-cluster-kubeconfig + mountPath: /app/ls/resource-cluster-kubeconfig + resources: + {{- toYaml .Values.deployer.resources | nindent 12 }} + env: + - name: MY_POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: MY_POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + {{- if .Values.deployer.k8sClientSettings }} + - name: LS_HOST_CLIENT_BURST + value: {{ .Values.deployer.k8sClientSettings.hostClient.burst | quote }} + - name: LS_HOST_CLIENT_QPS + value: {{ .Values.deployer.k8sClientSettings.hostClient.qps | quote }} + - name: LS_RESOURCE_CLIENT_BURST + value: {{ .Values.deployer.k8sClientSettings.resourceClient.burst | quote }} + - name: LS_RESOURCE_CLIENT_QPS + value: {{ .Values.deployer.k8sClientSettings.resourceClient.qps | quote }} + {{- end }} + + volumes: + - name: config + secret: + secretName: {{ .Values.deployer.name }}-config + {{- if .Values.deployer.registryConfig.secrets }} + - name: ociregistry + secret: + secretName: {{ .Values.deployer.name }}-registries + {{- end }} + - name: resource-cluster-kubeconfig + secret: + secretName: {{ .Values.deployer.name }}-cluster-kubeconfig + topologySpreadConstraints: + - maxSkew: 1 + topologyKey: topology.kubernetes.io/zone + whenUnsatisfiable: ScheduleAnyway + labelSelector: + matchLabels: + landscaper.gardener.cloud/topology: helm-deployer + landscaper.gardener.cloud/topology-ns: {{ .Release.Namespace }} + - maxSkew: 1 + topologyKey: kubernetes.io/hostname + whenUnsatisfiable: ScheduleAnyway + labelSelector: + matchLabels: + landscaper.gardener.cloud/topology: helm-deployer + landscaper.gardener.cloud/topology-ns: {{ .Release.Namespace }} diff --git a/charts/landscaper-instance/target-cluster/helm-deployer/templates/hpa.yaml b/charts/landscaper-instance/target-cluster/helm-deployer/templates/hpa.yaml new file mode 100644 index 000000000..f5abe1bbe --- /dev/null +++ b/charts/landscaper-instance/target-cluster/helm-deployer/templates/hpa.yaml @@ -0,0 +1,31 @@ +{{/* SPDX-FileCopyrightText: 2023 SAP SE or an SAP affiliate company and Gardener contributors + + SPDX-License-Identifier: Apache-2.0 +*/}} + +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: {{ .Values.deployer.name }} + labels: + {{- include "deployer.labels" . | nindent 4 }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ .Values.deployer.name }} + minReplicas: {{ .Values.deployer.hpa.minReplicas }} + maxReplicas: {{ .Values.deployer.hpa.maxReplicas }} + metrics: + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: {{ .Values.deployer.hpa.averageCpuUtilization }} + - type: Resource + resource: + name: memory + target: + type: Utilization + averageUtilization: {{ .Values.deployer.hpa.averageMemoryUtilization }} diff --git a/charts/landscaper-instance/target-cluster/helm-deployer/templates/registry-secret.yaml b/charts/landscaper-instance/target-cluster/helm-deployer/templates/registry-secret.yaml new file mode 100644 index 000000000..b2eba0309 --- /dev/null +++ b/charts/landscaper-instance/target-cluster/helm-deployer/templates/registry-secret.yaml @@ -0,0 +1,17 @@ +{{/* SPDX-FileCopyrightText: 2023 SAP SE or an SAP affiliate company and Gardener contributors + + SPDX-License-Identifier: Apache-2.0 +*/}} + +{{- if .Values.deployer.registryConfig.secrets }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Values.deployer.name }}-registries + labels: + {{- include "deployer.labels" . | nindent 4 }} +data: + {{- range $key, $value := .Values.deployer.registryConfig.secrets }} + {{ $key }}: {{ toJson $value | b64enc }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/charts/landscaper-instance/target-cluster/helm-deployer/templates/resourcecluster-kubeconfig-secret.yaml b/charts/landscaper-instance/target-cluster/helm-deployer/templates/resourcecluster-kubeconfig-secret.yaml new file mode 100644 index 000000000..96073dedd --- /dev/null +++ b/charts/landscaper-instance/target-cluster/helm-deployer/templates/resourcecluster-kubeconfig-secret.yaml @@ -0,0 +1,13 @@ +{{/* SPDX-FileCopyrightText: 2023 SAP SE or an SAP affiliate company and Gardener contributors + + SPDX-License-Identifier: Apache-2.0 +*/}} + +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Values.deployer.name }}-cluster-kubeconfig + labels: + {{- include "deployer.labels" . | nindent 4 }} +data: + kubeconfig: {{ .Values.deployer.resourceCluster.kubeconfig | b64enc }} diff --git a/charts/landscaper-instance/target-cluster/helm-deployer/templates/role.yaml b/charts/landscaper-instance/target-cluster/helm-deployer/templates/role.yaml new file mode 100644 index 000000000..498caeb93 --- /dev/null +++ b/charts/landscaper-instance/target-cluster/helm-deployer/templates/role.yaml @@ -0,0 +1,20 @@ +{{/* SPDX-FileCopyrightText: 2023 SAP SE or an SAP affiliate company and Gardener contributors + + SPDX-License-Identifier: Apache-2.0 +*/}} + +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ .Values.deployer.name }} + labels: + {{- include "deployer.labels" . | nindent 4 }} +rules: + - apiGroups: + - "" + resources: + - pods + verbs: + - get + - list + - watch diff --git a/charts/landscaper-instance/target-cluster/helm-deployer/templates/rolebinding.yaml b/charts/landscaper-instance/target-cluster/helm-deployer/templates/rolebinding.yaml new file mode 100644 index 000000000..fa70461f9 --- /dev/null +++ b/charts/landscaper-instance/target-cluster/helm-deployer/templates/rolebinding.yaml @@ -0,0 +1,19 @@ +{{/* SPDX-FileCopyrightText: 2023 SAP SE or an SAP affiliate company and Gardener contributors + + SPDX-License-Identifier: Apache-2.0 +*/}} + +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ .Values.deployer.name }} + labels: + {{- include "deployer.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ .Values.deployer.name }} +subjects: + - kind: ServiceAccount + name: {{ .Values.deployer.serviceAccountName }} + namespace: {{ .Release.Namespace }} diff --git a/charts/landscaper-instance/target-cluster/helm-deployer/templates/serviceaccount.yaml b/charts/landscaper-instance/target-cluster/helm-deployer/templates/serviceaccount.yaml new file mode 100644 index 000000000..a8a6a05cc --- /dev/null +++ b/charts/landscaper-instance/target-cluster/helm-deployer/templates/serviceaccount.yaml @@ -0,0 +1,11 @@ +{{/* SPDX-FileCopyrightText: 2023 SAP SE or an SAP affiliate company and Gardener contributors + + SPDX-License-Identifier: Apache-2.0 +*/}} + +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ .Values.deployer.serviceAccountName }} + labels: + {{- include "deployer.labels" . | nindent 4 }} diff --git a/charts/landscaper-instance/target-cluster/helm-deployer/values.yaml b/charts/landscaper-instance/target-cluster/helm-deployer/values.yaml new file mode 100644 index 000000000..438a56ecd --- /dev/null +++ b/charts/landscaper-instance/target-cluster/helm-deployer/values.yaml @@ -0,0 +1,56 @@ +deployer: + name: helm-deployer + identity: helm-deployer-default + containerName: helm-deployer + serviceAccountName: helm-deployer + verbosity: info + + registryConfig: + allowPlainHttp: false + insecureSkipVerify: false + secrets: {} + + resourceCluster: + kubeconfig: | + apiVersion: v1 + kind: Config + clusters: [] + users: [] + contexts: [] + + replicaCount: 1 + + hpa: + minReplicas: 1 + maxReplicas: 1 + averageCpuUtilization: 80 + averageMemoryUtilization: 80 + + controller: + workers: 30 + + # burst and max queries per second settings for k8s client used in reconciliation + k8sClientSettings: + # settings of client for host cluster; are overwritten by settings for resourceClient if host and resource cluster are identical + hostClient: + burst: 30 + qps: 20 + + # settings of client for resource cluster + resourceClient: + burst: 60 + qps: 40 + + resources: + requests: + cpu: 300m + memory: 300Mi + # limits: + # cpu: 100m + # memory: 128Mi + + image: + repository: eu.gcr.io/gardener-project/landscaper/helm-deployer-controller + pullPolicy: IfNotPresent + # Overrides the image tag whose default is the chart appVersion. + # tag: "" \ No newline at end of file diff --git a/charts/landscaper-instance/target-cluster/landscaper/Chart.yaml b/charts/landscaper-instance/target-cluster/landscaper/Chart.yaml new file mode 100644 index 000000000..b1f5ede70 --- /dev/null +++ b/charts/landscaper-instance/target-cluster/landscaper/Chart.yaml @@ -0,0 +1,10 @@ +# SPDX-FileCopyrightText: 2023 SAP SE or an SAP affiliate company and Gardener contributors +# +# SPDX-License-Identifier: Apache-2.0 + +apiVersion: v2 +name: landscaper +description: Landscaper Target Cluster objects +type: application +version: v0.1.0 +appVersion: v0.73.0 diff --git a/charts/landscaper-instance/target-cluster/landscaper/templates/_helpers.tpl b/charts/landscaper-instance/target-cluster/landscaper/templates/_helpers.tpl new file mode 100644 index 000000000..5e8325742 --- /dev/null +++ b/charts/landscaper-instance/target-cluster/landscaper/templates/_helpers.tpl @@ -0,0 +1,136 @@ +{{/* SPDX-FileCopyrightText: 2023 SAP SE or an SAP affiliate company and Gardener contributors + + SPDX-License-Identifier: Apache-2.0 +*/}} + + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "landscaper.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.AppVersion | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{- define "landscaper.webhooks.name" -}} +{{- .Values.landscaper.name }}-webhooks +{{- end }} + +{{- define "landscaper.main.name" -}} +{{- .Values.landscaper.name }}-main +{{- end }} + +{{- define "landscaper.clusterrole.name" -}} +landscaper.gardener.cloud:{{- .Values.landscaper.name }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "landscaper.labels" -}} +helm.sh/chart: {{ include "landscaper.chart" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "landscaper.selectorLabels" -}} +landscaper.gardener.cloud/component: controller +app.kubernetes.io/name: {{ .Values.landscaper.name }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{- define "landscaper.main.selectorLabels" -}} +landscaper.gardener.cloud/component: controller-main +app.kubernetes.io/name: {{ .Values.landscaper.name }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{- define "landscaper.webhooks.selectorLabels" -}} +landscaper.gardener.cloud/component: webhook-server +app.kubernetes.io/name: {{ .Values.landscaper.name }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{- define "utils-templates.image" -}} +{{- if hasPrefix "sha256:" (required "$.tag is required" $.tag) -}} +{{ required "$.repository is required" $.repository }}@{{ required "$.tag is required" $.tag }} +{{- else -}} +{{ required "$.repository is required" $.repository }}:{{ required "$.tag is required" $.tag }} +{{- end -}} +{{- end -}} + +{{- define "landscaper-image" -}} +{{- $tag := ( .Values.controller.image.tag | default .Chart.AppVersion ) -}} +{{- $image := dict "repository" .Values.controller.image.repository "tag" $tag -}} +{{- include "utils-templates.image" $image }} +{{- end -}} + +{{- define "landscaper-webhook-image" -}} +{{- $tag := ( .Values.webhooksServer.image.tag | default .Chart.AppVersion ) -}} +{{- $image := dict "repository" .Values.webhooksServer.image.repository "tag" $tag -}} +{{- include "utils-templates.image" $image }} +{{- end -}} + +{{- define "landscaper-config" -}} +apiVersion: config.landscaper.gardener.cloud/v1alpha1 +kind: LandscaperConfiguration + +{{- if .Values.landscaper.controllers }} +controllers: +{{ .Values.landscaper.controllers | toYaml | indent 2 }} +{{- end }} + +registry: + oci: + allowPlainHttp: {{ .Values.landscaper.registryConfig.allowPlainHttpRegistries }} + insecureSkipVerify: {{ .Values.landscaper.registryConfig.insecureSkipVerify }} + {{- if .Values.landscaper.registryConfig.secrets }} + configFiles: + {{- range $key, $value := .Values.landscaper.registryConfig.secrets }} + - /app/ls/registry/secrets/{{ $key }} + {{- end }} + {{- end }} + cache: + path: /app/ls/oci-cache/ + useInMemoryOverlay: {{ .Values.landscaper.registryConfig.cache.useInMemoryOverlay | default false }} + + +crdManagement: + deployCrd: {{ .Values.landscaper.crdManagement.deployCrd }} + {{- if .Values.landscaper.crdManagement.forceUpdate }} + forceUpdate: {{ .Values.landscaper.crdManagement.forceUpdate }} + {{- end }} + +deployerManagement: + disable: true + agent: + disable: true + +{{- if .Values.landscaper.deployItemTimeouts }} +deployItemTimeouts: + {{- range $key, $value := .Values.landscaper.deployItemTimeouts }} + {{ $key }}: {{ $value }} + {{- end }} +{{- end }} + +lsDeployments: + lsController: "{{- .Values.landscaper.name }}" + webHook: "{{- include "landscaper.webhooks.name" . }}" + deploymentsNamespace: "{{ .Release.Namespace }}" + lsHealthCheckName: "{{- .Values.landscaper.healthCheck.name }}" + +{{- if .Values.landscaper.healthCheck.additionalDeployments }} + additionalDeployments: +{{ toYaml .Values.landscaper.healthCheck.additionalDeployments | indent 4 }} +{{- end }} + +{{- if .Values.controller.main.hpa }} +hpaMain: +{{ .Values.controller.main.hpa | toYaml | indent 2 }} +{{- end }} + +{{- end }} \ No newline at end of file diff --git a/charts/landscaper-instance/target-cluster/landscaper/templates/clusterrole.yaml b/charts/landscaper-instance/target-cluster/landscaper/templates/clusterrole.yaml new file mode 100644 index 000000000..e1187d4eb --- /dev/null +++ b/charts/landscaper-instance/target-cluster/landscaper/templates/clusterrole.yaml @@ -0,0 +1,25 @@ +{{/* SPDX-FileCopyrightText: 2023 SAP SE or an SAP affiliate company and Gardener contributors + + SPDX-License-Identifier: Apache-2.0 +*/}} + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "landscaper.clusterrole.name" . }} + labels: + {{- include "landscaper.labels" . | nindent 4 }} +rules: + - apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - "*" + + - apiGroups: + - landscaper.gardener.cloud + resources: + - lshealthchecks + verbs: + - "*" \ No newline at end of file diff --git a/charts/landscaper-instance/target-cluster/landscaper/templates/clusterrolebinding.yaml b/charts/landscaper-instance/target-cluster/landscaper/templates/clusterrolebinding.yaml new file mode 100644 index 000000000..c360b4919 --- /dev/null +++ b/charts/landscaper-instance/target-cluster/landscaper/templates/clusterrolebinding.yaml @@ -0,0 +1,19 @@ +{{/* SPDX-FileCopyrightText: 2023 SAP SE or an SAP affiliate company and Gardener contributors + + SPDX-License-Identifier: Apache-2.0 +*/}} + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ include "landscaper.clusterrole.name" . }} + labels: + {{- include "landscaper.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ include "landscaper.clusterrole.name" . }} +subjects: + - kind: ServiceAccount + name: {{ .Values.controller.serviceAccountName }} + namespace: {{ .Release.Namespace }} diff --git a/charts/landscaper-instance/target-cluster/landscaper/templates/config-secret.yaml b/charts/landscaper-instance/target-cluster/landscaper/templates/config-secret.yaml new file mode 100644 index 000000000..9ea6a7cd8 --- /dev/null +++ b/charts/landscaper-instance/target-cluster/landscaper/templates/config-secret.yaml @@ -0,0 +1,13 @@ +{{/* SPDX-FileCopyrightText: 2020 SAP SE or an SAP affiliate company and Gardener contributors + + SPDX-License-Identifier: Apache-2.0 +*/}} + +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Values.landscaper.name }}-config + labels: + {{- include "landscaper.labels" . | nindent 4 }} +data: + config.yaml: {{ include "landscaper-config" . | b64enc }} diff --git a/charts/landscaper-instance/target-cluster/landscaper/templates/deployment-central-landscaper.yaml b/charts/landscaper-instance/target-cluster/landscaper/templates/deployment-central-landscaper.yaml new file mode 100644 index 000000000..5d60ecb4f --- /dev/null +++ b/charts/landscaper-instance/target-cluster/landscaper/templates/deployment-central-landscaper.yaml @@ -0,0 +1,86 @@ +{{/* SPDX-FileCopyrightText: 2023 SAP SE or an SAP affiliate company and Gardener contributors + + SPDX-License-Identifier: Apache-2.0 +*/}} + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ .Values.landscaper.name }} + labels: + {{- include "landscaper.labels" . | nindent 4 }} +spec: + replicas: {{ .Values.controller.replicaCount }} + strategy: + type: Recreate + selector: + matchLabels: + {{- include "landscaper.selectorLabels" . | nindent 6 }} + template: + metadata: + annotations: + checksum/config: {{ include "landscaper-config" . | sha256sum }} + {{- if .Values.landscaper.registryConfig.secrets }} + checksum/registrysecrets: {{ toJson .Values.landscaper.registryConfig.secrets | sha256sum }} + {{- end }} + checksum/kubeconfigsecret: {{ toJson .Values.controller.resourceCluster.kubeconfig | sha256sum }} + labels: + {{- include "landscaper.selectorLabels" . | nindent 8 }} + spec: + serviceAccountName: {{ .Values.controller.serviceAccountName }} + containers: + - name: {{ .Values.controller.containerName }} + image: "{{ include "landscaper-image" . }}" + imagePullPolicy: {{ .Values.controller.image.pullPolicy }} + args: + - "--landscaper-kubeconfig=/app/ls/resource-cluster-kubeconfig/kubeconfig" + - "--config=/app/ls/config/config.yaml" + - "-v={{ .Values.landscaper.verbosity }}" + volumeMounts: + - name: oci-cache + mountPath: /app/ls/oci-cache + - name: config + mountPath: /app/ls/config + {{- if .Values.landscaper.registryConfig.secrets }} + - name: registrypullsecrets + mountPath: /app/ls/registry/secrets + {{- end }} + - name: resource-cluster-kubeconfig + mountPath: /app/ls/resource-cluster-kubeconfig + resources: + {{- toYaml .Values.controller.resources | nindent 12 }} + env: + - name: MY_POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: MY_POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: LANDSCAPER_MODE + value: "central-landscaper" + {{- if .Values.landscaper.k8sClientSettings }} + - name: LS_HOST_CLIENT_BURST + value: {{ .Values.landscaper.k8sClientSettings.hostClient.burst | quote }} + - name: LS_HOST_CLIENT_QPS + value: {{ .Values.landscaper.k8sClientSettings.hostClient.qps | quote }} + - name: LS_RESOURCE_CLIENT_BURST + value: {{ .Values.landscaper.k8sClientSettings.resourceClient.burst | quote }} + - name: LS_RESOURCE_CLIENT_QPS + value: {{ .Values.landscaper.k8sClientSettings.resourceClient.qps | quote }} + {{- end }} + volumes: + - name: oci-cache + emptyDir: {} + - name: config + secret: + secretName: {{ .Values.landscaper.name }}-config + {{- if .Values.landscaper.registryConfig.secrets }} + - name: registrypullsecrets + secret: + secretName: {{ .Values.landscaper.name }}-registry + {{- end }} + - name: resource-cluster-kubeconfig + secret: + secretName: {{ .Values.landscaper.name }}-controller-cluster-kubeconfig diff --git a/charts/landscaper-instance/target-cluster/landscaper/templates/deployment-main-controller.yaml b/charts/landscaper-instance/target-cluster/landscaper/templates/deployment-main-controller.yaml new file mode 100644 index 000000000..f40da235a --- /dev/null +++ b/charts/landscaper-instance/target-cluster/landscaper/templates/deployment-main-controller.yaml @@ -0,0 +1,103 @@ +{{/* SPDX-FileCopyrightText: 2023 SAP SE or an SAP affiliate company and Gardener contributors + + SPDX-License-Identifier: Apache-2.0 +*/}} + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "landscaper.main.name" . }} + labels: + {{- include "landscaper.labels" . | nindent 4 }} +spec: + replicas: {{ .Values.controller.replicaCount }} + {{- if .Values.controller.main.hpa.maxReplicas | int | eq 1 }} + strategy: + type: Recreate + {{- end }} + selector: + matchLabels: + {{- include "landscaper.main.selectorLabels" . | nindent 6 }} + template: + metadata: + annotations: + checksum/config: {{ include "landscaper-config" . | sha256sum }} + {{- if .Values.landscaper.registryConfig.secrets }} + checksum/registrysecrets: {{ toJson .Values.landscaper.registryConfig.secrets | sha256sum }} + {{- end }} + checksum/kubeconfigsecret: {{ toJson .Values.controller.resourceCluster.kubeconfig | sha256sum }} + labels: + {{- include "landscaper.main.selectorLabels" . | nindent 8 }} + landscaper.gardener.cloud/topology: main-controller + landscaper.gardener.cloud/topology-ns: {{ .Release.Namespace }} + spec: + serviceAccountName: {{ .Values.controller.serviceAccountName }} + containers: + - name: {{ .Values.controller.main.containerName }} + image: "{{ include "landscaper-image" . }}" + imagePullPolicy: {{ .Values.controller.image.pullPolicy }} + args: + - "--landscaper-kubeconfig=/app/ls/resource-cluster-kubeconfig/kubeconfig" + - "--config=/app/ls/config/config.yaml" + - "-v={{ .Values.landscaper.verbosity }}" + volumeMounts: + - name: oci-cache + mountPath: /app/ls/oci-cache + - name: config + mountPath: /app/ls/config + {{- if .Values.landscaper.registryConfig.secrets }} + - name: registrypullsecrets + mountPath: /app/ls/registry/secrets + {{- end }} + - name: resource-cluster-kubeconfig + mountPath: /app/ls/resource-cluster-kubeconfig + resources: + {{- toYaml .Values.controller.main.resources | nindent 12 }} + env: + - name: MY_POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: MY_POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + {{- if .Values.landscaper.k8sClientSettings }} + - name: LS_HOST_CLIENT_BURST + value: {{ .Values.landscaper.k8sClientSettings.hostClient.burst | quote }} + - name: LS_HOST_CLIENT_QPS + value: {{ .Values.landscaper.k8sClientSettings.hostClient.qps | quote }} + - name: LS_RESOURCE_CLIENT_BURST + value: {{ .Values.landscaper.k8sClientSettings.resourceClient.burst | quote }} + - name: LS_RESOURCE_CLIENT_QPS + value: {{ .Values.landscaper.k8sClientSettings.resourceClient.qps | quote }} + {{- end }} + volumes: + - name: oci-cache + emptyDir: {} + - name: config + secret: + secretName: {{ .Values.landscaper.name }}-config + {{- if .Values.landscaper.registryConfig.secrets }} + - name: registrypullsecrets + secret: + secretName: {{ .Values.landscaper.name }}-registry + {{- end }} + - name: resource-cluster-kubeconfig + secret: + secretName: {{ .Values.landscaper.name }}-controller-cluster-kubeconfig + topologySpreadConstraints: + - maxSkew: 1 + topologyKey: topology.kubernetes.io/zone + whenUnsatisfiable: ScheduleAnyway + labelSelector: + matchLabels: + landscaper.gardener.cloud/topology: main-controller + landscaper.gardener.cloud/topology-ns: {{ .Release.Namespace }} + - maxSkew: 1 + topologyKey: kubernetes.io/hostname + whenUnsatisfiable: ScheduleAnyway + labelSelector: + matchLabels: + landscaper.gardener.cloud/topology: main-controller + landscaper.gardener.cloud/topology-ns: {{ .Release.Namespace }} diff --git a/charts/landscaper-instance/target-cluster/landscaper/templates/deployment-webhooks.yaml b/charts/landscaper-instance/target-cluster/landscaper/templates/deployment-webhooks.yaml new file mode 100644 index 000000000..49e16a48e --- /dev/null +++ b/charts/landscaper-instance/target-cluster/landscaper/templates/deployment-webhooks.yaml @@ -0,0 +1,60 @@ +{{/* SPDX-FileCopyrightText: 2023 SAP SE or an SAP affiliate company and Gardener contributors + + SPDX-License-Identifier: Apache-2.0 +*/}} + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "landscaper.webhooks.name" . }} + labels: + {{- include "landscaper.labels" . | nindent 4 }} +spec: + replicas: {{ .Values.webhooksServer.replicaCount }} + selector: + matchLabels: + {{- include "landscaper.webhooks.selectorLabels" . | nindent 6 }} + template: + metadata: + annotations: + checksum/kubeconfigsecret: {{ toJson .Values.webhooksServer.resourceCluster.kubeconfig | sha256sum }} + labels: + landscaper.gardener.cloud/topology: webhook-server + landscaper.gardener.cloud/topology-ns: {{ .Release.Namespace }} + {{- include "landscaper.webhooks.selectorLabels" . | nindent 8 }} + spec: + automountServiceAccountToken: false + containers: + - name: {{ .Values.webhooksServer.containerName }} + image: "{{ include "landscaper-webhook-image" . }}" + imagePullPolicy: {{ .Values.webhooksServer.image.pullPolicy }} + args: + - "--kubeconfig=/app/ls/resource-cluster-kubeconfig/kubeconfig" + - "--webhook-url=https://{{ .Values.webhooksServer.ingress.host }}" + - "--cert-ns={{ .Values.webhooksServer.certificatesNamespace }}" + - "-v={{ .Values.landscaper.verbosity }}" + - "--port={{ .Values.webhooksServer.service.port }}" + volumeMounts: + - name: resource-cluster-kubeconfig + mountPath: /app/ls/resource-cluster-kubeconfig + resources: + {{- toYaml .Values.webhooksServer.resources | nindent 12 }} + volumes: + - name: resource-cluster-kubeconfig + secret: + secretName: {{ .Values.landscaper.name }}-webhooks-cluster-kubeconfig + topologySpreadConstraints: + - maxSkew: 1 + topologyKey: topology.kubernetes.io/zone + whenUnsatisfiable: ScheduleAnyway + labelSelector: + matchLabels: + landscaper.gardener.cloud/topology: webhook-server + landscaper.gardener.cloud/topology-ns: {{ .Release.Namespace }} + - maxSkew: 1 + topologyKey: kubernetes.io/hostname + whenUnsatisfiable: ScheduleAnyway + labelSelector: + matchLabels: + landscaper.gardener.cloud/topology: webhook-server + landscaper.gardener.cloud/topology-ns: {{ .Release.Namespace }} diff --git a/charts/landscaper-instance/target-cluster/landscaper/templates/hpa.yaml b/charts/landscaper-instance/target-cluster/landscaper/templates/hpa.yaml new file mode 100644 index 000000000..d055c884e --- /dev/null +++ b/charts/landscaper-instance/target-cluster/landscaper/templates/hpa.yaml @@ -0,0 +1,89 @@ +{{/* SPDX-FileCopyrightText: 2023 SAP SE or an SAP affiliate company and Gardener contributors + + SPDX-License-Identifier: Apache-2.0 +*/}} + +--- +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: {{ .Values.landscaper.name }} + labels: + {{- include "landscaper.labels" . | nindent 4 }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ .Values.landscaper.name }} + minReplicas: {{ .Values.controller.hpa.minReplicas }} + maxReplicas: {{ .Values.controller.hpa.maxReplicas }} + metrics: + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: {{ .Values.controller.hpa.averageCpuUtilization }} + - type: Resource + resource: + name: memory + target: + type: Utilization + averageUtilization: {{ .Values.controller.hpa.averageMemoryUtilization }} +... +--- +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "landscaper.main.name" . }} + labels: + {{- include "landscaper.labels" . | nindent 4 }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ include "landscaper.main.name" . }} + minReplicas: {{ .Values.controller.main.hpa.minReplicas }} + maxReplicas: {{ .Values.controller.main.hpa.maxReplicas }} + metrics: + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: {{ .Values.controller.main.hpa.averageCpuUtilization }} + - type: Resource + resource: + name: memory + target: + type: Utilization + averageUtilization: {{ .Values.controller.main.hpa.averageMemoryUtilization }} +... +--- +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "landscaper.webhooks.name" . }} + labels: + {{- include "landscaper.labels" . | nindent 4 }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ include "landscaper.webhooks.name" . }} + minReplicas: {{ .Values.webhooksServer.hpa.minReplicas }} + maxReplicas: {{ .Values.webhooksServer.hpa.maxReplicas }} + metrics: + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: {{ .Values.webhooksServer.hpa.averageCpuUtilization }} + - type: Resource + resource: + name: memory + target: + type: Utilization + averageUtilization: {{ .Values.webhooksServer.hpa.averageMemoryUtilization }} +... diff --git a/charts/landscaper-instance/target-cluster/landscaper/templates/ingress.yaml b/charts/landscaper-instance/target-cluster/landscaper/templates/ingress.yaml new file mode 100644 index 000000000..f82ce462f --- /dev/null +++ b/charts/landscaper-instance/target-cluster/landscaper/templates/ingress.yaml @@ -0,0 +1,28 @@ +{{/* SPDX-FileCopyrightText: 2023 SAP SE or an SAP affiliate company and Gardener contributors + + SPDX-License-Identifier: Apache-2.0 +*/}} + +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: {{ include "landscaper.webhooks.name" . }} + annotations: + nginx.ingress.kubernetes.io/ssl-passthrough: "true" + dns.gardener.cloud/class: {{ .Values.webhooksServer.ingress.dns.class }} + dns.gardener.cloud/dnsnames: {{ .Values.webhooksServer.ingress.host }} + labels: + {{- include "landscaper.labels" . | nindent 4 }} +spec: + ingressClassName: {{ .Values.webhooksServer.ingress.className }} + rules: + - host: {{ .Values.webhooksServer.ingress.host }} + http: + paths: + - path: "/" + pathType: Prefix + backend: + service: + name: {{ include "landscaper.webhooks.name" . }} + port: + number: {{ .Values.webhooksServer.service.port }} diff --git a/charts/landscaper-instance/target-cluster/landscaper/templates/registry-secret.yaml b/charts/landscaper-instance/target-cluster/landscaper/templates/registry-secret.yaml new file mode 100644 index 000000000..ec0c8f213 --- /dev/null +++ b/charts/landscaper-instance/target-cluster/landscaper/templates/registry-secret.yaml @@ -0,0 +1,17 @@ +{{/* SPDX-FileCopyrightText: 2023 SAP SE or an SAP affiliate company and Gardener contributors + + SPDX-License-Identifier: Apache-2.0 +*/}} + +{{- if .Values.landscaper.registryConfig.secrets }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Values.landscaper.name }}-registry + labels: + {{- include "landscaper.labels" . | nindent 4 }} +data: + {{- range $key, $value := .Values.landscaper.registryConfig.secrets }} + {{ $key }}: {{ toJson $value | b64enc }} + {{- end }} +{{- end }} diff --git a/charts/landscaper-instance/target-cluster/landscaper/templates/resourcecluster-kubeconfig-secret.yaml b/charts/landscaper-instance/target-cluster/landscaper/templates/resourcecluster-kubeconfig-secret.yaml new file mode 100644 index 000000000..b3e205ee6 --- /dev/null +++ b/charts/landscaper-instance/target-cluster/landscaper/templates/resourcecluster-kubeconfig-secret.yaml @@ -0,0 +1,25 @@ +{{/* SPDX-FileCopyrightText: 2023 SAP SE or an SAP affiliate company and Gardener contributors + + SPDX-License-Identifier: Apache-2.0 +*/}} + +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Values.landscaper.name }}-controller-cluster-kubeconfig + labels: + {{- include "landscaper.labels" . | nindent 4 }} +data: + kubeconfig: {{ .Values.controller.resourceCluster.kubeconfig | b64enc }} +... +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Values.landscaper.name }}-webhooks-cluster-kubeconfig + labels: + {{- include "landscaper.labels" . | nindent 4 }} +data: + kubeconfig: {{ .Values.webhooksServer.resourceCluster.kubeconfig | b64enc }} +... \ No newline at end of file diff --git a/charts/landscaper-instance/target-cluster/landscaper/templates/role.yaml b/charts/landscaper-instance/target-cluster/landscaper/templates/role.yaml new file mode 100644 index 000000000..56548d574 --- /dev/null +++ b/charts/landscaper-instance/target-cluster/landscaper/templates/role.yaml @@ -0,0 +1,52 @@ +{{/* SPDX-FileCopyrightText: 2023 SAP SE or an SAP affiliate company and Gardener contributors + + SPDX-License-Identifier: Apache-2.0 +*/}} + +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ .Values.controller.roleName }} + labels: + {{- include "landscaper.labels" . | nindent 4 }} +rules: + - apiGroups: + - "" + resources: + - events + verbs: + - create + - get + - list + - watch + - patch + - update + + - apiGroups: + - "" + resources: + - secrets + - configmaps + - pods + verbs: + - get + - list + - watch + + - apiGroups: + - apps + resources: + - deployments + verbs: + - get + - list + - watch + + - apiGroups: + - autoscaling + resources: + - horizontalpodautoscalers + verbs: + - get + - list + - watch diff --git a/charts/landscaper-instance/target-cluster/landscaper/templates/rolebinding.yaml b/charts/landscaper-instance/target-cluster/landscaper/templates/rolebinding.yaml new file mode 100644 index 000000000..568c1a652 --- /dev/null +++ b/charts/landscaper-instance/target-cluster/landscaper/templates/rolebinding.yaml @@ -0,0 +1,19 @@ +{{/* SPDX-FileCopyrightText: 2023 SAP SE or an SAP affiliate company and Gardener contributors + + SPDX-License-Identifier: Apache-2.0 +*/}} + +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ .Values.controller.roleName }} + labels: + {{- include "landscaper.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ .Values.controller.roleName }} +subjects: + - kind: ServiceAccount + name: {{ .Values.controller.serviceAccountName }} + namespace: {{ .Release.Namespace }} diff --git a/charts/landscaper-instance/target-cluster/landscaper/templates/service.yaml b/charts/landscaper-instance/target-cluster/landscaper/templates/service.yaml new file mode 100644 index 000000000..bfec67346 --- /dev/null +++ b/charts/landscaper-instance/target-cluster/landscaper/templates/service.yaml @@ -0,0 +1,39 @@ +{{/* SPDX-FileCopyrightText: 2023 SAP SE or an SAP affiliate company and Gardener contributors + + SPDX-License-Identifier: Apache-2.0 +*/}} + +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ .Values.landscaper.name }} + labels: + {{- include "landscaper.labels" . | nindent 4 }} +spec: + type: {{ .Values.controller.service.type }} + ports: + - port: {{ .Values.controller.service.port }} + targetPort: {{ .Values.controller.service.port }} + protocol: TCP + name: http + selector: + {{- include "landscaper.selectorLabels" . | nindent 4 }} +... +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ include "landscaper.webhooks.name" . }} + labels: + {{- include "landscaper.labels" . | nindent 4 }} +spec: + type: {{ .Values.webhooksServer.service.type }} + ports: + - port: {{ .Values.webhooksServer.service.port }} + targetPort: {{ .Values.webhooksServer.service.port }} + protocol: TCP + name: webhook + selector: + {{- include "landscaper.webhooks.selectorLabels" . | nindent 4 }} +... diff --git a/charts/landscaper-instance/target-cluster/landscaper/templates/serviceaccount.yaml b/charts/landscaper-instance/target-cluster/landscaper/templates/serviceaccount.yaml new file mode 100644 index 000000000..784dbab81 --- /dev/null +++ b/charts/landscaper-instance/target-cluster/landscaper/templates/serviceaccount.yaml @@ -0,0 +1,12 @@ +{{/* SPDX-FileCopyrightText: 2023 SAP SE or an SAP affiliate company and Gardener contributors + + SPDX-License-Identifier: Apache-2.0 +*/}} + +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ .Values.controller.serviceAccountName }} + labels: + {{- include "landscaper.labels" . | nindent 4 }} diff --git a/charts/landscaper-instance/target-cluster/landscaper/values.yaml b/charts/landscaper-instance/target-cluster/landscaper/values.yaml new file mode 100644 index 000000000..1aa6073b4 --- /dev/null +++ b/charts/landscaper-instance/target-cluster/landscaper/values.yaml @@ -0,0 +1,161 @@ +landscaper: + name: "landscaper" + + verbosity: "info" + + controllers: + # syncPeriod: 10h + installations: + workers: 30 + # cacheSyncTimeout: 2m + executions: + workers: 30 + # cacheSyncTimeout: 2m + deployItems: + workers: 5 + # cacheSyncTimeout: 2m + componentOverwrites: + workers: 5 + # cacheSyncTimeout: 2m + context: + workers: 5 + # cacheSyncTimeout: 2m + + config: + default: + disable: false + excludeNamespaces: + - kube-system + + deployItemTimeouts: + # how long deployers may take to react on changes to deploy items + pickup: 60m + # default for how long deployers may take to process a deploy item before failing, can be overwritten via the deploy item's 'spec.timeout' field + progressingDefault: 10m + + registryConfig: + allowPlainHttpRegistries: false + insecureSkipVerify: false + cache: + useInMemoryOverlay: false + secrets: {} + + crdManagement: + deployCrd: true + forceUpdate: true + + healthCheck: + name: "landscaper" + additionalDeployments: + deployments: [] + + # burst and max queries per second settings for k8s client used in reconciliation + k8sClientSettings: + # settings of client for host cluster; are overwritten by settings for resourceClient if host and resource cluster are identical + hostClient: + burst: 30 + qps: 20 + + # settings of client for resource cluster + resourceClient: + burst: 60 + qps: 40 + +controller: + containerName: landscaper-controller + serviceAccountName: "landscaper-controller" + roleName: "landscaper-controller" + + resourceCluster: + kubeconfig: | + apiVersion: v1 + kind: Config + clusters: [] + users: [] + contexts: [] + + image: + repository: eu.gcr.io/gardener-project/landscaper/landscaper-controller + pullPolicy: IfNotPresent + # Overrides the image tag whose default is the .Values.image.tag or chart appVersion. + #tag: "" + + replicaCount: 1 + + resources: + requests: + cpu: 100m + memory: 100Mi + # limits: + # cpu: 100m + # memory: 128Mi + + hpa: + minReplicas: 1 + maxReplicas: 1 + averageCpuUtilization: 80 + averageMemoryUtilization: 80 + + service: + type: ClusterIP + port: 80 + + main: + containerName: landscaper-main + + replicaCount: 1 + + resources: + requests: + cpu: 300m + memory: 300Mi + + hpa: + minReplicas: 1 + maxReplicas: 1 + averageCpuUtilization: 80 + averageMemoryUtilization: 80 + +webhooksServer: + containerName: landscaper-webhooks + certificatesNamespace: ls-system + + resourceCluster: + kubeconfig: | + apiVersion: v1 + kind: Config + clusters: [] + users: [] + contexts: [] + + image: + repository: eu.gcr.io/gardener-project/landscaper/landscaper-webhooks-server + pullPolicy: IfNotPresent + # Overrides the image tag whose default is the .Values.image.tag or the chart appVersion. + #tag: "" + + replicaCount: 2 + + resources: + requests: + cpu: 100m + memory: 100Mi + # limits: + # cpu: 100m + # memory: 128Mi + + hpa: + minReplicas: 2 + maxReplicas: 10 + averageCpuUtilization: 80 + averageMemoryUtilization: 80 + + service: + type: ClusterIP + port: 9443 + + ingress: + host: webhooks.ingress.mydomain.org + className: nginx + dns: + class: garden diff --git a/charts/landscaper-instance/target-cluster/manifest-deployer/Chart.yaml b/charts/landscaper-instance/target-cluster/manifest-deployer/Chart.yaml new file mode 100644 index 000000000..6c24f39cd --- /dev/null +++ b/charts/landscaper-instance/target-cluster/manifest-deployer/Chart.yaml @@ -0,0 +1,10 @@ +# SPDX-FileCopyrightText: 2023 SAP SE or an SAP affiliate company and Gardener contributors +# +# SPDX-License-Identifier: Apache-2.0 + +apiVersion: v2 +name: manifest-deployer +description: Landscaper K8S Manifest Deployer +type: application +version: v0.1.0 +appVersion: v0.77.0 diff --git a/charts/landscaper-instance/target-cluster/manifest-deployer/templates/_helpers.tpl b/charts/landscaper-instance/target-cluster/manifest-deployer/templates/_helpers.tpl new file mode 100644 index 000000000..2382f6bec --- /dev/null +++ b/charts/landscaper-instance/target-cluster/manifest-deployer/templates/_helpers.tpl @@ -0,0 +1,69 @@ + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "deployer.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.AppVersion | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "deployer.labels" -}} +helm.sh/chart: {{ include "deployer.chart" . }} +{{ include "deployer.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "deployer.selectorLabels" -}} +app.kubernetes.io/name: {{ .Values.deployer.name}} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the Helm deployer config file which will be encapsulated in a secret. +*/}} +{{- define "deployer-config" -}} +apiVersion: manifest.deployer.landscaper.gardener.cloud/v1alpha2 +kind: Configuration +identity: {{ .Values.deployer.identity }} +{{- if .Values.deployer.registryConfig }} +oci: + allowPlainHttp: {{ .Values.deployer.registryConfig.allowPlainHttp }} + insecureSkipVerify: {{ .Values.deployer.registryConfig.insecureSkipVerify }} + {{- if .Values.deployer.registryConfig.secrets }} + configFiles: + {{- range $key, $value := .Values.deployer.registryConfig.secrets }} + - /app/ls/registry/secrets/{{ $key }} + {{- end }} + {{- end }} +{{- end }} +{{- if .Values.deployer.hpa }} +hpa: +{{ .Values.deployer.hpa | toYaml | indent 2 }} +{{- end }} +{{- if .Values.deployer.controller }} +controller: +{{ .Values.deployer.controller | toYaml | indent 2 }} +{{- end }} +{{- end }} + +{{- define "deployer-image" -}} +{{- $tag := ( .Values.deployer.image.tag | default .Chart.AppVersion ) -}} +{{- $image := dict "repository" .Values.deployer.image.repository "tag" $tag -}} +{{- include "utils-templates.image" $image }} +{{- end -}} + +{{- define "utils-templates.image" -}} +{{- if hasPrefix "sha256:" (required "$.tag is required" $.tag) -}} +{{ required "$.repository is required" $.repository }}@{{ required "$.tag is required" $.tag }} +{{- else -}} +{{ required "$.repository is required" $.repository }}:{{ required "$.tag is required" $.tag }} +{{- end -}} +{{- end -}} \ No newline at end of file diff --git a/charts/landscaper-instance/target-cluster/manifest-deployer/templates/config-secret.yaml b/charts/landscaper-instance/target-cluster/manifest-deployer/templates/config-secret.yaml new file mode 100644 index 000000000..f3933e2ed --- /dev/null +++ b/charts/landscaper-instance/target-cluster/manifest-deployer/templates/config-secret.yaml @@ -0,0 +1,13 @@ +{{/* SPDX-FileCopyrightText: 2023 SAP SE or an SAP affiliate company and Gardener contributors + + SPDX-License-Identifier: Apache-2.0 +*/}} + +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Values.deployer.name }}-config + labels: + {{- include "deployer.labels" . | nindent 4 }} +data: + config.yaml: {{ include "deployer-config" . | b64enc }} diff --git a/charts/landscaper-instance/target-cluster/manifest-deployer/templates/deployment.yaml b/charts/landscaper-instance/target-cluster/manifest-deployer/templates/deployment.yaml new file mode 100644 index 000000000..420be5de3 --- /dev/null +++ b/charts/landscaper-instance/target-cluster/manifest-deployer/templates/deployment.yaml @@ -0,0 +1,100 @@ +{{/* SPDX-FileCopyrightText: 2023 SAP SE or an SAP affiliate company and Gardener contributors + + SPDX-License-Identifier: Apache-2.0 +*/}} + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ .Values.deployer.name }} + labels: + {{- include "deployer.labels" . | nindent 4 }} +spec: + replicas: {{ .Values.deployer.replicaCount }} + {{- if .Values.deployer.hpa.maxReplicas | int | eq 1 }} + strategy: + type: Recreate + {{- end }} + selector: + matchLabels: + {{- include "deployer.selectorLabels" . | nindent 6 }} + template: + metadata: + annotations: + checksum/config: {{ include "deployer-config" . | sha256sum }} + {{- if .Values.deployer.registryConfig.secrets }} + checksum/registrysecrets: {{ toJson .Values.deployer.registryConfig.secrets | sha256sum }} + {{- end }} + checksum/kubeconfigsecret: {{ toJson .Values.deployer.resourceCluster.kubeconfig | sha256sum }} + labels: + {{- include "deployer.selectorLabels" . | nindent 8 }} + landscaper.gardener.cloud/topology: manifest-deployer + landscaper.gardener.cloud/topology-ns: {{ .Release.Namespace }} + spec: + serviceAccountName: {{ .Values.deployer.serviceAccountName }} + containers: + - name: {{ .Values.deployer.containerName }} + image: "{{ include "deployer-image" . }}" + imagePullPolicy: {{ .Values.deployer.image.pullPolicy }} + args: + - "--config=/app/ls/config/config.yaml" + - "--landscaper-kubeconfig=/app/ls/resource-cluster-kubeconfig/kubeconfig" + - "-v={{ .Values.deployer.verbosity }}" + volumeMounts: + - name: config + mountPath: /app/ls/config/ + {{- if .Values.deployer.registryConfig.secrets }} + - name: ociregistry + mountPath: /app/ls/registry/secrets + {{- end }} + - name: resource-cluster-kubeconfig + mountPath: /app/ls/resource-cluster-kubeconfig + resources: + {{- toYaml .Values.deployer.resources | nindent 12 }} + env: + - name: MY_POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: MY_POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + {{- if .Values.deployer.k8sClientSettings }} + - name: LS_HOST_CLIENT_BURST + value: {{ .Values.deployer.k8sClientSettings.hostClient.burst | quote }} + - name: LS_HOST_CLIENT_QPS + value: {{ .Values.deployer.k8sClientSettings.hostClient.qps | quote }} + - name: LS_RESOURCE_CLIENT_BURST + value: {{ .Values.deployer.k8sClientSettings.resourceClient.burst | quote }} + - name: LS_RESOURCE_CLIENT_QPS + value: {{ .Values.deployer.k8sClientSettings.resourceClient.qps | quote }} + {{- end }} + + volumes: + - name: config + secret: + secretName: {{ .Values.deployer.name }}-config + {{- if .Values.deployer.registryConfig.secrets }} + - name: ociregistry + secret: + secretName: {{ .Values.deployer.name }}-registries + {{- end }} + - name: resource-cluster-kubeconfig + secret: + secretName: {{ .Values.deployer.name }}-cluster-kubeconfig + topologySpreadConstraints: + - maxSkew: 1 + topologyKey: topology.kubernetes.io/zone + whenUnsatisfiable: ScheduleAnyway + labelSelector: + matchLabels: + landscaper.gardener.cloud/topology: manifest-deployer + landscaper.gardener.cloud/topology-ns: {{ .Release.Namespace }} + - maxSkew: 1 + topologyKey: kubernetes.io/hostname + whenUnsatisfiable: ScheduleAnyway + labelSelector: + matchLabels: + landscaper.gardener.cloud/topology: manifest-deployer + landscaper.gardener.cloud/topology-ns: {{ .Release.Namespace }} diff --git a/charts/landscaper-instance/target-cluster/manifest-deployer/templates/hpa.yaml b/charts/landscaper-instance/target-cluster/manifest-deployer/templates/hpa.yaml new file mode 100644 index 000000000..f5abe1bbe --- /dev/null +++ b/charts/landscaper-instance/target-cluster/manifest-deployer/templates/hpa.yaml @@ -0,0 +1,31 @@ +{{/* SPDX-FileCopyrightText: 2023 SAP SE or an SAP affiliate company and Gardener contributors + + SPDX-License-Identifier: Apache-2.0 +*/}} + +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: {{ .Values.deployer.name }} + labels: + {{- include "deployer.labels" . | nindent 4 }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ .Values.deployer.name }} + minReplicas: {{ .Values.deployer.hpa.minReplicas }} + maxReplicas: {{ .Values.deployer.hpa.maxReplicas }} + metrics: + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: {{ .Values.deployer.hpa.averageCpuUtilization }} + - type: Resource + resource: + name: memory + target: + type: Utilization + averageUtilization: {{ .Values.deployer.hpa.averageMemoryUtilization }} diff --git a/charts/landscaper-instance/target-cluster/manifest-deployer/templates/registry-secret.yaml b/charts/landscaper-instance/target-cluster/manifest-deployer/templates/registry-secret.yaml new file mode 100644 index 000000000..b2eba0309 --- /dev/null +++ b/charts/landscaper-instance/target-cluster/manifest-deployer/templates/registry-secret.yaml @@ -0,0 +1,17 @@ +{{/* SPDX-FileCopyrightText: 2023 SAP SE or an SAP affiliate company and Gardener contributors + + SPDX-License-Identifier: Apache-2.0 +*/}} + +{{- if .Values.deployer.registryConfig.secrets }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Values.deployer.name }}-registries + labels: + {{- include "deployer.labels" . | nindent 4 }} +data: + {{- range $key, $value := .Values.deployer.registryConfig.secrets }} + {{ $key }}: {{ toJson $value | b64enc }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/charts/landscaper-instance/target-cluster/manifest-deployer/templates/resourcecluster-kubeconfig-secret.yaml b/charts/landscaper-instance/target-cluster/manifest-deployer/templates/resourcecluster-kubeconfig-secret.yaml new file mode 100644 index 000000000..96073dedd --- /dev/null +++ b/charts/landscaper-instance/target-cluster/manifest-deployer/templates/resourcecluster-kubeconfig-secret.yaml @@ -0,0 +1,13 @@ +{{/* SPDX-FileCopyrightText: 2023 SAP SE or an SAP affiliate company and Gardener contributors + + SPDX-License-Identifier: Apache-2.0 +*/}} + +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Values.deployer.name }}-cluster-kubeconfig + labels: + {{- include "deployer.labels" . | nindent 4 }} +data: + kubeconfig: {{ .Values.deployer.resourceCluster.kubeconfig | b64enc }} diff --git a/charts/landscaper-instance/target-cluster/manifest-deployer/templates/role.yaml b/charts/landscaper-instance/target-cluster/manifest-deployer/templates/role.yaml new file mode 100644 index 000000000..498caeb93 --- /dev/null +++ b/charts/landscaper-instance/target-cluster/manifest-deployer/templates/role.yaml @@ -0,0 +1,20 @@ +{{/* SPDX-FileCopyrightText: 2023 SAP SE or an SAP affiliate company and Gardener contributors + + SPDX-License-Identifier: Apache-2.0 +*/}} + +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ .Values.deployer.name }} + labels: + {{- include "deployer.labels" . | nindent 4 }} +rules: + - apiGroups: + - "" + resources: + - pods + verbs: + - get + - list + - watch diff --git a/charts/landscaper-instance/target-cluster/manifest-deployer/templates/rolebinding.yaml b/charts/landscaper-instance/target-cluster/manifest-deployer/templates/rolebinding.yaml new file mode 100644 index 000000000..fa70461f9 --- /dev/null +++ b/charts/landscaper-instance/target-cluster/manifest-deployer/templates/rolebinding.yaml @@ -0,0 +1,19 @@ +{{/* SPDX-FileCopyrightText: 2023 SAP SE or an SAP affiliate company and Gardener contributors + + SPDX-License-Identifier: Apache-2.0 +*/}} + +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ .Values.deployer.name }} + labels: + {{- include "deployer.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ .Values.deployer.name }} +subjects: + - kind: ServiceAccount + name: {{ .Values.deployer.serviceAccountName }} + namespace: {{ .Release.Namespace }} diff --git a/charts/landscaper-instance/target-cluster/manifest-deployer/templates/serviceaccount.yaml b/charts/landscaper-instance/target-cluster/manifest-deployer/templates/serviceaccount.yaml new file mode 100644 index 000000000..a8a6a05cc --- /dev/null +++ b/charts/landscaper-instance/target-cluster/manifest-deployer/templates/serviceaccount.yaml @@ -0,0 +1,11 @@ +{{/* SPDX-FileCopyrightText: 2023 SAP SE or an SAP affiliate company and Gardener contributors + + SPDX-License-Identifier: Apache-2.0 +*/}} + +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ .Values.deployer.serviceAccountName }} + labels: + {{- include "deployer.labels" . | nindent 4 }} diff --git a/charts/landscaper-instance/target-cluster/manifest-deployer/values.yaml b/charts/landscaper-instance/target-cluster/manifest-deployer/values.yaml new file mode 100644 index 000000000..14471cc9e --- /dev/null +++ b/charts/landscaper-instance/target-cluster/manifest-deployer/values.yaml @@ -0,0 +1,56 @@ +deployer: + name: manifest-deployer + identity: manifest-deployer-default + containerName: manifest-deployer + serviceAccountName: manifest-deployer + verbosity: info + + registryConfig: + allowPlainHttp: false + insecureSkipVerify: false + secrets: {} + + resourceCluster: + kubeconfig: | + apiVersion: v1 + kind: Config + clusters: [] + users: [] + contexts: [] + + replicaCount: 1 + + hpa: + minReplicas: 1 + maxReplicas: 1 + averageCpuUtilization: 80 + averageMemoryUtilization: 80 + + controller: + workers: 30 + + # burst and max queries per second settings for k8s client used in reconciliation + k8sClientSettings: + # settings of client for host cluster; are overwritten by settings for resourceClient if host and resource cluster are identical + hostClient: + burst: 30 + qps: 20 + + # settings of client for resource cluster + resourceClient: + burst: 60 + qps: 40 + + resources: + requests: + cpu: 100m + memory: 100Mi + # limits: + # cpu: 100m + # memory: 128Mi + + image: + repository: eu.gcr.io/gardener-project/landscaper/manifest-deployer-controller + pullPolicy: IfNotPresent + # Overrides the image tag whose default is the chart appVersion. + # tag: "" \ No newline at end of file