From 2bc4d787fce4b265471bc167d39211946e9ba799 Mon Sep 17 00:00:00 2001 From: Pedro Silva Date: Sun, 23 May 2021 12:56:49 +0100 Subject: [PATCH] [Helm] Adds Lightbend's helm chart definition of the lyft flinkK8sOperator to codebase --- helm/.gitignore | 1 + helm/Chart.yaml | 11 + helm/LICENSE | 201 +++++++++ helm/README.md | 38 ++ helm/templates/_helpers.tpl | 56 +++ helm/templates/configmap.yaml | 21 + helm/templates/crd.yaml | 413 ++++++++++++++++++ helm/templates/deployment.yaml | 54 +++ helm/templates/flink-operator-rbac.yaml | 96 ++++ .../flink-operator-serviceaccount.yaml | 11 + helm/templates/flink-rbac.yaml | 44 ++ helm/templates/flink-serviceaccount.yaml | 12 + helm/values.yaml | 39 ++ 13 files changed, 997 insertions(+) create mode 100644 helm/.gitignore create mode 100644 helm/Chart.yaml create mode 100644 helm/LICENSE create mode 100644 helm/README.md create mode 100644 helm/templates/_helpers.tpl create mode 100644 helm/templates/configmap.yaml create mode 100644 helm/templates/crd.yaml create mode 100644 helm/templates/deployment.yaml create mode 100644 helm/templates/flink-operator-rbac.yaml create mode 100644 helm/templates/flink-operator-serviceaccount.yaml create mode 100644 helm/templates/flink-rbac.yaml create mode 100644 helm/templates/flink-serviceaccount.yaml create mode 100644 helm/values.yaml diff --git a/helm/.gitignore b/helm/.gitignore new file mode 100644 index 00000000..9f11b755 --- /dev/null +++ b/helm/.gitignore @@ -0,0 +1 @@ +.idea/ diff --git a/helm/Chart.yaml b/helm/Chart.yaml new file mode 100644 index 00000000..6c379456 --- /dev/null +++ b/helm/Chart.yaml @@ -0,0 +1,11 @@ +name: flink-operator +description: A Helm chart for Flink operator +version: 0.8.2 +appVersion: 0.4.0 +apiVersion: v1 +kubeVersion: ">=1.10.0-0" +keywords: + - flink +home: https://github.com/lyft/flinkk8soperator +maintainers: + - name: Lightbend Cloudflow Team diff --git a/helm/LICENSE b/helm/LICENSE new file mode 100644 index 00000000..261eeb9e --- /dev/null +++ b/helm/LICENSE @@ -0,0 +1,201 @@ + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright [yyyy] [name of copyright owner] + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/helm/README.md b/helm/README.md new file mode 100644 index 00000000..d0fd932d --- /dev/null +++ b/helm/README.md @@ -0,0 +1,38 @@ +### Helm Chart for the [Flink Operator](https://github.com/lyft/flinkk8soperator) from Lyft. + +The chart is installable via both Helm 2 and 3 binaries, as indicated by the `apiVersion` of `v1` in `Chart.yaml`. + +##### Configuration + +The following table lists the configurable parameters of the chart and their default values. + +| Parameter | Description | Default | +| -------------------------------------- | ------------------------------------------------------------ | ---------------------------- | +| `operatorImageName` | The name of the operator image | `lyft/flinkk8soperator` | +| `operatorVersion` | The version of the operator to install | `0.4.0` | +| `imagePullPolicy` | Docker image pull policy | `IfNotPresent` | +| `flinkJobNamespace` | K8s namespace where Flink jobs are to be deployed. | `default` | +| `limitNamespace` | Comma separated list of namespaces that the operator is configured to watch. Empty string by default, which indicates all namespaces will be watched. | "" | +| `resyncPeriod` | The resync period for all watchers | "30s" | +| `metricsPrefix` | Prefix for metrics propagated to prometheus | "flinkk8soperator" | +| `profilerPort` | Profiler port | "10254" | +| `ingressUrlFormat` | Ingress URL format | "" | +| `useKubectlProxy` | Whether to use `kubectl` proxy | `false` | +| `containerNameFormat` | Container name format | "" | +| `workers` | Number of routines to process custom resource | 4 | +| `baseBackoffDuration` | The base backoff for exponential retries | "100ms" | +| `maxBackoffDuration` | The max backoff for exponential retries | "30s" | +| `maxErrDuration` | The max time to wait on errors | "5m" | +| `rbac.create` | Whether to create required roles and bindings | `true` | +| `resourcesRequests.memory` | Requested memory for the operator deployment | 1G | +| `resourcesRequests.cpu` | Requested CPU for the operator deployment | 0.5 | +| `resourcesLimits.memory` | Memory limits for the operator deployment | 1G | +| `resourcesLimits.cpu` | CPU limits for the operator deployment | 2 | +| **Name-related configs** | | | +| `serviceAccounts.flink.create` | Create Flink operator ServiceAccount name using fully qualified app name | `true` | +| `serviceAccounts.flink.name` | ServiceAccount name for the Flink operator | `default` if not created | +| `serviceAccounts.flinkoperator.create` | Create Flink job ServiceAccount name using release name | `true` | +| `serviceAccounts.flinkoperator.name` | ServiceAccount name for the Flink jobs | `default` if not created | + +Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. + diff --git a/helm/templates/_helpers.tpl b/helm/templates/_helpers.tpl new file mode 100644 index 00000000..6cca4ad5 --- /dev/null +++ b/helm/templates/_helpers.tpl @@ -0,0 +1,56 @@ +{{/* vim: set filetype=mustache: */}} + +{{/* +Expand the name of the chart. +*/}} +{{- define "flink-operator.name" -}} + {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "flink-operator.fullname" -}} + {{- if .Values.fullnameOverride -}} + {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} + {{- else -}} + {{- $name := default .Chart.Name .Values.nameOverride -}} + {{- if contains $name .Release.Name -}} + {{- .Release.Name | trunc 63 | trimSuffix "-" -}} + {{- else -}} + {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} + {{- end -}} + {{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "flink-operator.chart" -}} + {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create the name of the Flink operator service account to use. +*/}} +{{- define "flink-operator.serviceAccountName" -}} + {{- if .Values.serviceAccounts.flinkoperator.create -}} + {{ default (include "flink-operator.fullname" .) .Values.serviceAccounts.flinkoperator.name }} + {{- else -}} + {{ default "default" .Values.serviceAccounts.flinkoperator.name }} + {{- end -}} +{{- end -}} + +{{/* +Create the name of the Flink job service account to use. +*/}} +{{- define "flink.serviceAccountName" -}} + {{- if .Values.serviceAccounts.flink.create -}} + {{ $flinkServiceaccount := printf "%s-%s" .Release.Name "flink" }} + {{ default $flinkServiceaccount .Values.serviceAccounts.flink.name }} + {{- else -}} + {{ default "default" .Values.serviceAccounts.flink.name }} + {{- end -}} +{{- end -}} diff --git a/helm/templates/configmap.yaml b/helm/templates/configmap.yaml new file mode 100644 index 00000000..8289944f --- /dev/null +++ b/helm/templates/configmap.yaml @@ -0,0 +1,21 @@ +kind: ConfigMap +apiVersion: v1 +metadata: + name: {{ include "flink-operator.name" . }}-config +data: + config: |- + operator: + limitNamespace: {{ .Values.limitNamespace }} + resyncPeriod: {{ .Values.resyncPeriod }} + metricsPrefix: {{ .Values.metricsPrefix }} + profilerPort: {{ .Values.profilerPort }} + ingressUrlFormat: {{ .Values.ingressUrlFormat }} + useKubectlProxy: {{ .Values.useKubectlProxy }} + proxyPort: {{ .Values.proxyPort }} + containerNameFormat: {{ .Values.containerNameFormat }} + workers: {{ .Values.workers }} + baseBackoffDuration: {{ .Values.baseBackoffDuration }} + maxBackoffDuration: {{ .Values.maxBackoffDuration }} + maxErrDuration: {{ .Values.maxErrDuration }} + logger: + level: 4 diff --git a/helm/templates/crd.yaml b/helm/templates/crd.yaml new file mode 100644 index 00000000..a03be265 --- /dev/null +++ b/helm/templates/crd.yaml @@ -0,0 +1,413 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: flinkapplications.flink.k8s.io +spec: + group: flink.k8s.io + names: + kind: FlinkApplication + listKind: FlinkApplicationList + plural: flinkapplications + singular: flinkapplication + shortNames: + - flinkapp + scope: Namespaced + version: v1beta1 + versions: + - name: v1beta1 + served: true + storage: true + - name: v1alpha1 + served: true + storage: false + validation: + # openAPIV3Schema is the schema for validating custom objects. + openAPIV3Schema: + properties: + spec: + type: object + properties: + image: + type: string + imagePullPolicy: + type: string + enum: [Always, Never, IfNotPresent] + imagePullSecrets: + type: array + items: + type: object + properties: + name: + type: string + serviceAccountName: + type: string + jarName: + type: string + programArgs: + type: string + entryClass: + type: string + flinkVersion: + type: string + restartNonce: + type: string + parallelism: + type: integer + minimum: 1 + deleteMode: + type: string + enum: [Savepoint, None, ForceCancel] + allowNonRestoredState: + type: boolean + deploymentMode: + type: string + enum: [Dual] + rpcPort: + type: integer + minimum: 1 + maximum: 65535 + blobPort: + type: integer + minimum: 1 + maximum: 65535 + queryPort: + type: integer + minimum: 1 + maximum: 65535 + metricsQueryPort: + type: integer + minimum: 1 + maximum: 65535 + flinkConfig: + type: object + properties: + additionalProperties: + type: string + savepointInfo: + type: object + properties: + savepointLocation: + type: string + savepointPath: + type: string + maxCheckpointRestoreAgeSeconds: + type: integer + minimum: 1 + jobManagerConfig: + type: object + properties: + replicas: + type: integer + minimum: 1 + offHeapMemoryFraction: + type: number + minimum: 0 + maximum: 1 + nodeSelector: + type: object + properties: + additionalProperties: + type: string + envConfig: + type: object + properties: + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + resourceFieldRef: + properties: + containerName: + type: string + divisor: {} + resource: + type: string + required: + - resource + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + items: + properties: + configMapRef: + properties: + name: + type: string + optional: + type: boolean + type: object + prefix: + type: string + secretRef: + properties: + name: + type: string + optional: + type: boolean + type: object + type: object + type: array + resources: + type: object + properties: + requests: + type: object + properties: + memory: + type: string + pattern: ^([+-]?[0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$ + cpu: + type: string + pattern: ^([+-]?[0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$ + storage: + type: string + pattern: ^([+-]?[0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$ + ephemeral-storage: + type: string + pattern: ^([+-]?[0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$ + limits: + type: object + properties: + memory: + type: string + pattern: ^([+-]?[0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$ + cpu: + type: string + pattern: ^([+-]?[0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$ + storage: + type: string + pattern: ^([+-]?[0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$ + ephemeral-storage: + type: string + pattern: ^([+-]?[0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$ + taskManagerConfig: + type: object + properties: + taskSlots: + type: integer + minimum: 1 + offHeapMemoryFraction: + type: number + minimum: 0 + maximum: 1 + nodeSelector: + type: object + properties: + additionalProperties: + type: string + envConfig: + type: object + properties: + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + resourceFieldRef: + properties: + containerName: + type: string + divisor: {} + resource: + type: string + required: + - resource + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + items: + properties: + configMapRef: + properties: + name: + type: string + optional: + type: boolean + type: object + prefix: + type: string + secretRef: + properties: + name: + type: string + optional: + type: boolean + type: object + type: object + type: array + resources: + type: object + properties: + requests: + type: object + properties: + memory: + type: string + pattern: ^([+-]?[0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$ + cpu: + type: string + pattern: ^([+-]?[0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$ + storage: + type: string + pattern: ^([+-]?[0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$ + ephemeral-storage: + type: string + pattern: ^([+-]?[0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$ + limits: + type: object + properties: + memory: + type: string + pattern: ^([+-]?[0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$ + cpu: + type: string + pattern: ^([+-]?[0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$ + storage: + type: string + pattern: ^([+-]?[0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$ + ephemeral-storage: + type: string + pattern: ^([+-]?[0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$ + volumes: + type: array + items: + type: object + properties: + name: + type: string + required: + - name + volumeMounts: + type: array + items: + type: object + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + subPath: + type: string + subPathExpr: + type: string + required: + - name + - mountPath + required: + - image + - jarName + - parallelism + - entryClass + subresources: + status: {} + additionalPrinterColumns: + - name: Phase + type: string + description: The current state machine phase for this FlinkApplication + JSONPath: .status.phase + - name: Cluster Health + type: string + description: The health of the Flink cluster + JSONPath: .status.clusterStatus.health + - name: Job Health + type: string + description: The health of the Flink job + JSONPath: .status.jobStatus.health + - name: Healthy TMs + type: string + JSONPath: ".status.clusterStatus.healthyTaskManagers" + priority: 1 + - name: Total TMs + type: string + JSONPath: ".status.clusterStatus.numberOfTaskManagers" + priority: 1 + - name: Job Restarts + type: integer + description: Number of times the job has restarted + JSONPath: .status.jobStatus.jobRestartCount + - name: Age + type: date + JSONPath: .metadata.creationTimestamp \ No newline at end of file diff --git a/helm/templates/deployment.yaml b/helm/templates/deployment.yaml new file mode 100644 index 00000000..8e4d984d --- /dev/null +++ b/helm/templates/deployment.yaml @@ -0,0 +1,54 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "flink-operator.fullname" . }} + labels: + app.kubernetes.io/name: {{ include "flink-operator.name" . }} + helm.sh/chart: {{ include "flink-operator.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: {{ include "flink-operator.name" . }} + app.kubernetes.io/version: {{ .Values.operatorVersion }} + template: + metadata: + labels: + app.kubernetes.io/name: {{ include "flink-operator.name" . }} + app.kubernetes.io/version: {{ .Values.operatorVersion }} + spec: + serviceAccountName: {{ include "flink-operator.serviceAccountName" . }} + volumes: + - name: config-volume + configMap: + name: flink-operator-config + items: + - key: config + path: config.yaml + containers: + - name: flinkoperator-gojson + image: {{ .Values.operatorImageName }}:{{ .Values.operatorVersion }} + command: + - flinkoperator + args: + - --logtostderr + - --config + - /etc/flinkoperator/config*/config.yaml + env: + - name: OPERATOR_NAME + value: flinkk8soperator + imagePullPolicy: {{ .Values.imagePullPolicy }} + ports: + - containerPort: 10254 + resources: + requests: + memory: {{ .Values.resourceRequests.memory }} + cpu: {{ .Values.resourceRequests.cpu }} + limits: + memory: {{ .Values.resourceLimits.memory }} + cpu: {{ .Values.resourceLimits.cpu }} + volumeMounts: + - name: config-volume + mountPath: /etc/flinkoperator/config diff --git a/helm/templates/flink-operator-rbac.yaml b/helm/templates/flink-operator-rbac.yaml new file mode 100644 index 00000000..e0ff41dc --- /dev/null +++ b/helm/templates/flink-operator-rbac.yaml @@ -0,0 +1,96 @@ +{{- if .Values.rbac.create }} +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ include "flink-operator.fullname" . }} +rules: + - apiGroups: + - "" + resources: + - pods + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - services + verbs: + - create + - get + - list + - watch + - update + - delete + - apiGroups: + - extensions + - apps + resources: + - deployments + - deployments/status + - ingresses + - ingresses/status + verbs: + - get + - list + - watch + - create + - update + - delete + # Allow Event recording access + - apiGroups: + - "" + resources: + - events + verbs: + - create + - update + - patch + # Allow Access to CRD + - apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get + - list + - watch + - create + - update + # Allow Access to flink applications under flink.k8s.io + - apiGroups: + - flink.k8s.io + resources: + - flinkapplications + - flinkapplications/status + - flinkapplications/finalizers + verbs: + - get + - list + - watch + - create + - update + - delete + - patch + - apiGroups: + - "" + - route.openshift.io + resources: + - routes/custom-host + verbs: + - create +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1beta1 +metadata: + name: {{ include "flink-operator.fullname" . }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ include "flink-operator.fullname" . }} +subjects: + - kind: ServiceAccount + name: {{ include "flink-operator.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} +{{- end }} diff --git a/helm/templates/flink-operator-serviceaccount.yaml b/helm/templates/flink-operator-serviceaccount.yaml new file mode 100644 index 00000000..0b4fcdde --- /dev/null +++ b/helm/templates/flink-operator-serviceaccount.yaml @@ -0,0 +1,11 @@ +{{- if .Values.serviceAccounts.flinkoperator.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "flink-operator.serviceAccountName" . }} + labels: + app.kubernetes.io/name: {{ include "flink-operator.name" . }} + helm.sh/chart: {{ include "flink-operator.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} diff --git a/helm/templates/flink-rbac.yaml b/helm/templates/flink-rbac.yaml new file mode 100644 index 00000000..c72df78b --- /dev/null +++ b/helm/templates/flink-rbac.yaml @@ -0,0 +1,44 @@ +{{- if and (.Values.rbac.create) (ne .Values.flinkJobNamespace "") }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + namespace: {{ .Values.flinkJobNamespace }} + name: flink-role + labels: + app.kubernetes.io/name: {{ include "flink-operator.name" . }} + helm.sh/chart: {{ include "flink-operator.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} +rules: +- apiGroups: + - "" + resources: + - "pods" + verbs: + - "*" +- apiGroups: + - "" + resources: + - "services" + verbs: + - "*" +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: flink-role-binding + namespace: {{ .Values.flinkJobNamespace }} + labels: + app.kubernetes.io/name: {{ include "flink-operator.name" . }} + helm.sh/chart: {{ include "flink-operator.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} +subjects: +- kind: ServiceAccount + name: {{ include "flink.serviceAccountName" . }} + namespace: {{ .Values.flinkJobNamespace }} +roleRef: + kind: Role + name: flink-role + apiGroup: rbac.authorization.k8s.io +{{- end }} diff --git a/helm/templates/flink-serviceaccount.yaml b/helm/templates/flink-serviceaccount.yaml new file mode 100644 index 00000000..085ea3de --- /dev/null +++ b/helm/templates/flink-serviceaccount.yaml @@ -0,0 +1,12 @@ +{{- if .Values.serviceAccounts.flink.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "flink.serviceAccountName" . }} + namespace: {{ .Values.flinkJobNamespace }} + labels: + app.kubernetes.io/name: {{ include "flink-operator.name" . }} + helm.sh/chart: {{ include "flink-operator.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} diff --git a/helm/values.yaml b/helm/values.yaml new file mode 100644 index 00000000..abd6de37 --- /dev/null +++ b/helm/values.yaml @@ -0,0 +1,39 @@ +operatorImageName: lyft/flinkk8soperator +operatorVersion: v0.4.0 +imagePullPolicy: IfNotPresent + +rbac: + create: true + +flinkJobNamespace: default + +serviceAccounts: + flink: + create: true + name: + flinkoperator: + create: true + name: + +resourceRequests: + memory: 1G + cpu: 0.5 + +resourceLimits: + memory: 1G + cpu: 2 + +# Comma separated list of namespaces that the operator is configured to watch +# Empty string by default, which indicates all namespaces will be watched +limitNamespace: "" +resyncPeriod: "30s" +metricsPrefix: "flinkk8soperator" +profilerPort: "10254" +ingressUrlFormat: "" +useKubectlProxy: false +proxyPort: "8001" +containerNameFormat: "" +workers: 4 +baseBackoffDuration: "100ms" +maxBackoffDuration: "30s" +maxErrDuration: "5m"