Skip to content

Commit 517ec8f

Browse files
oliverbaehleroliverbaehler
committed
feat(chart): add crd lifecycle
Signed-off-by: Oliver Bähler <[email protected]>
1 parent 3941ec1 commit 517ec8f

7 files changed

+248
-99
lines changed

charts/capsule-proxy/Chart.yaml

+1-1
Original file line numberDiff line numberDiff line change
@@ -34,4 +34,4 @@ annotations:
3434
url: https://capsule.clastix.io/
3535
artifacthub.io/changes: |
3636
- kind: added
37-
description: add subjects for cert-manager certificate
37+
description: crd lifecycle

charts/capsule-proxy/README.md

+19
Original file line numberDiff line numberDiff line change
@@ -40,6 +40,23 @@ The Capsule-proxy Chart can be used to instantly deploy the Capsule-proxy on you
4040

4141
$ helm uninstall capsule-proxy -n capsule-system
4242

43+
## Upgrading the Chart
44+
45+
Intsructions to upgrade the chart the versions, which may remove features or introduce breaking changes.
46+
47+
### 0.7.x
48+
49+
Introduces a new flow to manage all capsule-proxy CRDs. This can be controlled via `global.crds.install` (by default true). However if you are upgrading to this release, you need to add metadata to the existing CRDs so they can be correctly managed with the new flow. Run the following commands:
50+
51+
```bash
52+
kubectl label crd proxysettings.capsule.clastix.io app.kubernetes.io/managed-by=Helm
53+
kubectl annotate crd proxysettings.capsule.clastix.io meta.helm.sh/release-namespace=capsule-system
54+
kubectl annotate crd proxysettings.capsule.clastix.io meta.helm.sh/release-name=capsule-proxy
55+
```
56+
57+
With the new CRD management we can release update CRDs bundled with the chart. The Chart can be uninstalled and the CRDs are still kept.
58+
If you are managing CRDs yourself set `global.crds.install` to `false`.
59+
4360
## Customize the installation
4461

4562
There are two methods for specifying overrides of values during chart installation: `--values` and `--set`.
@@ -72,6 +89,8 @@ If you only need to make minor customizations, you can specify them on the comma
7289
| certManager.issuer.name | string | `""` | Set the name of the ClusterIssuer if issuer kind is ClusterIssuer and if cert manager will generate CA signed SSL certificates |
7390
| daemonset.hostNetwork | bool | `false` | Use the host network namespace for capsule-proxy pod. |
7491
| daemonset.hostPort | bool | `false` | Binding the capsule-proxy listening port to the host port. |
92+
| global.crds.install | bool | `true` | Install the CustomResourceDefinitions (This also manages the lifecycle of the CRDs for update operations) |
93+
| global.crds.keep | bool | `true` | Keep the CustomResourceDefinitions (when the chart is deleted) |
7594
| hostNetwork | bool | `false` | When deployed as DaemonSet use |
7695
| image.pullPolicy | string | `"IfNotPresent"` | Set the image pull policy. |
7796
| image.registry | string | `"ghcr.io"` | Set the image registry for capsule-proxy |

charts/capsule-proxy/README.md.gotmpl

+17
Original file line numberDiff line numberDiff line change
@@ -40,6 +40,23 @@ The Capsule-proxy Chart can be used to instantly deploy the Capsule-proxy on you
4040

4141
$ helm uninstall capsule-proxy -n capsule-system
4242

43+
## Upgrading the Chart
44+
45+
Intsructions to upgrade the chart the versions, which may remove features or introduce breaking changes.
46+
47+
### 0.7.x
48+
49+
Introduces a new flow to manage all capsule-proxy CRDs. This can be controlled via `global.crds.install` (by default true). However if you are upgrading to this release, you need to add metadata to the existing CRDs so they can be correctly managed with the new flow. Run the following commands:
50+
51+
```bash
52+
kubectl label crd proxysettings.capsule.clastix.io app.kubernetes.io/managed-by=Helm
53+
kubectl annotate crd proxysettings.capsule.clastix.io meta.helm.sh/release-namespace=capsule-system
54+
kubectl annotate crd proxysettings.capsule.clastix.io meta.helm.sh/release-name=capsule-proxy
55+
```
56+
57+
With the new CRD management we can release update CRDs bundled with the chart. The Chart can be uninstalled and the CRDs are still kept.
58+
If you are managing CRDs yourself set `global.crds.install` to `false`.
59+
4360
## Customize the installation
4461

4562
There are two methods for specifying overrides of values during chart installation: `--values` and `--set`.

charts/capsule-proxy/crd/capsule.clastix.io_proxysettings.yaml

+182
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,182 @@
1+
---
2+
apiVersion: apiextensions.k8s.io/v1
3+
kind: CustomResourceDefinition
4+
metadata:
5+
annotations:
6+
controller-gen.kubebuilder.io/version: v0.8.0
7+
creationTimestamp: null
8+
name: proxysettings.capsule.clastix.io
9+
spec:
10+
group: capsule.clastix.io
11+
names:
12+
kind: ProxySetting
13+
listKind: ProxySettingList
14+
plural: proxysettings
15+
singular: proxysetting
16+
scope: Namespaced
17+
versions:
18+
- name: v1beta1
19+
schema:
20+
openAPIV3Schema:
21+
description: ProxySetting is the Schema for the proxysettings API.
22+
properties:
23+
apiVersion:
24+
description: 'APIVersion defines the versioned schema of this representation
25+
of an object. Servers should convert recognized schemas to the latest
26+
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
27+
type: string
28+
kind:
29+
description: 'Kind is a string value representing the REST resource this
30+
object represents. Servers may infer this from the endpoint the client
31+
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
32+
type: string
33+
metadata:
34+
type: object
35+
spec:
36+
description: ProxySettingSpec defines the additional Capsule Proxy settings
37+
for additional users of the Tenant. Resource is Namespace-scoped and
38+
applies the settings to the belonged Tenant.
39+
properties:
40+
subjects:
41+
description: Subjects that should receive additional permissions.
42+
items:
43+
properties:
44+
clusterResources:
45+
description: Cluster Resources for tenant Owner.
46+
items:
47+
properties:
48+
apiGroups:
49+
description: APIGroups is the name of the APIGroup that
50+
contains the resources. If multiple API groups are specified,
51+
any action requested against any resource listed will
52+
be allowed. '*' represents all resources. Empty string
53+
represents v1 api resources.
54+
items:
55+
type: string
56+
type: array
57+
operations:
58+
default:
59+
- List
60+
description: Operations which can be executed on the selected
61+
resources.
62+
items:
63+
enum:
64+
- List
65+
- Update
66+
- Delete
67+
type: string
68+
type: array
69+
resources:
70+
description: Resources is a list of resources this rule
71+
applies to. '*' represents all resources.
72+
items:
73+
type: string
74+
type: array
75+
selector:
76+
description: Select all cluster scoped resources with
77+
the given label selector.
78+
properties:
79+
matchExpressions:
80+
description: matchExpressions is a list of label selector
81+
requirements. The requirements are ANDed.
82+
items:
83+
description: A label selector requirement is a selector
84+
that contains values, a key, and an operator that
85+
relates the key and values.
86+
properties:
87+
key:
88+
description: key is the label key that the selector
89+
applies to.
90+
type: string
91+
operator:
92+
description: operator represents a key's relationship
93+
to a set of values. Valid operators are In,
94+
NotIn, Exists and DoesNotExist.
95+
type: string
96+
values:
97+
description: values is an array of string values.
98+
If the operator is In or NotIn, the values
99+
array must be non-empty. If the operator is
100+
Exists or DoesNotExist, the values array must
101+
be empty. This array is replaced during a
102+
strategic merge patch.
103+
items:
104+
type: string
105+
type: array
106+
required:
107+
- key
108+
- operator
109+
type: object
110+
type: array
111+
matchLabels:
112+
additionalProperties:
113+
type: string
114+
description: matchLabels is a map of {key,value} pairs.
115+
A single {key,value} in the matchLabels map is equivalent
116+
to an element of matchExpressions, whose key field
117+
is "key", the operator is "In", and the values array
118+
contains only "value". The requirements are ANDed.
119+
type: object
120+
type: object
121+
required:
122+
- apiGroups
123+
- operations
124+
- resources
125+
- selector
126+
type: object
127+
type: array
128+
kind:
129+
description: Kind of tenant owner. Possible values are "User",
130+
"Group", and "ServiceAccount"
131+
enum:
132+
- User
133+
- Group
134+
- ServiceAccount
135+
type: string
136+
name:
137+
description: Name of tenant owner.
138+
type: string
139+
proxySettings:
140+
description: Proxy settings for tenant owner.
141+
items:
142+
properties:
143+
kind:
144+
enum:
145+
- Nodes
146+
- StorageClasses
147+
- IngressClasses
148+
- PriorityClasses
149+
- RuntimeClasses
150+
- PersistentVolumes
151+
type: string
152+
operations:
153+
items:
154+
enum:
155+
- List
156+
- Update
157+
- Delete
158+
type: string
159+
type: array
160+
required:
161+
- kind
162+
- operations
163+
type: object
164+
type: array
165+
required:
166+
- kind
167+
- name
168+
type: object
169+
minItems: 1
170+
type: array
171+
required:
172+
- subjects
173+
type: object
174+
type: object
175+
served: true
176+
storage: true
177+
status:
178+
acceptedNames:
179+
kind: ""
180+
plural: ""
181+
conditions: []
182+
storedVersions: []

charts/capsule-proxy/crds/capsule.clastix.io_proxysettings.yaml

-98
This file was deleted.

charts/capsule-proxy/templates/crds.tpl

+21
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,21 @@
1+
{{/* CustomResources Lifecycle */}}
2+
{{- if $.Values.global.crds.install }}
3+
{{ range $path, $_ := .Files.Glob "crd/**" }}
4+
{{- with $ }}
5+
{{- $content := (tpl (.Files.Get $path) .) -}}
6+
{{- $p := (fromYaml $content) -}}
7+
8+
{{/* Add Common Lables */}}
9+
{{- $_ := set $p.metadata "labels" (mergeOverwrite (default dict (get $p.metadata "labels")) (fromYaml (include "capsule-proxy.labels" $))) -}}
10+
11+
{{/* Add Keep annotation to CRDs */}}
12+
{{- if $.Values.global.crds.keep }}
13+
{{- $_ := set $p.metadata.annotations "helm.sh/resource-policy" "keep" -}}
14+
{{- end }}
15+
16+
{{- if $p }}
17+
{{- printf "---\n%s" (toYaml $p) | nindent 0 }}
18+
{{- end }}
19+
{{ end }}
20+
{{- end }}
21+
{{- end }}

charts/capsule-proxy/values.yaml

+8
Original file line numberDiff line numberDiff line change
@@ -2,6 +2,14 @@
22
# This is a YAML-formatted file.
33
# Declare variables to be passed into your templates.
44

5+
global:
6+
# Manage CRD Lifecycle
7+
crds:
8+
# -- Install the CustomResourceDefinitions (This also manages the lifecycle of the CRDs for update operations)
9+
install: true
10+
# -- Keep the CustomResourceDefinitions (when the chart is deleted)
11+
keep: true
12+
513
image:
614
# -- Set the image registry for capsule-proxy
715
registry: ghcr.io

0 commit comments

Comments
 (0)