Skip to content

Commit ecd4f1a

Browse files
committed
Add bash script to sync manifests from Helm chart to Kustomize
Signed-off-by: Yi Chen <github@chenyicn.net>
1 parent a3fa15c commit ecd4f1a

28 files changed

+516
-399
lines changed

Makefile

Lines changed: 21 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -25,7 +25,11 @@ IMAGE_REGISTRY ?= $(STAGING_IMAGE_REGISTRY)/jobset
2525
IMAGE_NAME := jobset
2626
IMAGE_REPO ?= $(IMAGE_REGISTRY)/$(IMAGE_NAME)
2727
IMAGE_TAG ?= $(IMAGE_REPO):$(GIT_TAG)
28+
29+
# Helm
2830
HELM_CHART_REPO := $(STAGING_IMAGE_REGISTRY)/jobset/charts
31+
RELEASE_NAME ?= jobset
32+
RELEASE_NAMESPACE ?= jobset-system
2933

3034
# Use distroless as minimal base image to package the manager binary
3135
# Refer to https://github.com/GoogleContainerTools/distroless for more details
@@ -203,6 +207,11 @@ undeploy: ## Undeploy controller from the K8s cluster specified in ~/.kube/confi
203207
$(KUSTOMIZE) build config/default | kubectl delete --ignore-not-found=$(ignore-not-found) -f -
204208

205209
##@ Helm
210+
211+
.PHONY: sync-manifests
212+
sync-manifests: helm yq ## Sync Kustomize manifests from manifests templated by Helm chart.
213+
RELEASE_NAME=$(RELEASE_NAME) RELEASE_NAMESPACE=$(RELEASE_NAMESPACE) HELM=$(HELM) YQ=$(YQ) hack/sync-manifests.sh
214+
206215
.PHONY: helm-unittest
207216
helm-unittest: helm-unittest-plugin ## Run Helm chart unittests.
208217
$(HELM) unittest $(JOBSET_CHART_DIR) --strict --file "tests/**/*_test.yaml"
@@ -219,8 +228,8 @@ helm-docs: helm-docs-plugin ## Generates markdown documentation for helm charts
219228
helm-chart-push: yq helm
220229
EXTRA_TAG="$(EXTRA_TAG)" GIT_TAG="$(GIT_TAG)" IMAGE_REGISTRY="$(IMAGE_REGISTRY)" HELM_CHART_REPO="$(HELM_CHART_REPO)" IMAGE_REPO="$(IMAGE_REPO)" HELM="$(HELM)" YQ="$(YQ)" ./hack/push-chart.sh
221230

222-
223231
##@ Release
232+
224233
.PHONY: artifacts
225234
artifacts: kustomize helm
226235
cd config/components/manager && $(KUSTOMIZE) edit set image controller=${IMAGE_TAG}
@@ -267,16 +276,22 @@ $(LOCALBIN):
267276
## Tool Versions
268277
KUSTOMIZE_VERSION ?= v3.8.7
269278
CONTROLLER_TOOLS_VERSION ?= v0.17.2
279+
GINKGO_VERSION ?= v2.1.4
280+
KIND_VERSION ?= v0.23.0
270281
HELM_VERSION ?= v3.17.1
271282
HELM_UNITTEST_VERSION ?= 0.7.2
272283
HELM_DOCS_VERSION ?= v1.14.2
284+
YQ_VERSION ?= v4.45.1
273285

274286
## Tool Binaries
275287
KUSTOMIZE ?= $(LOCALBIN)/kustomize
276288
CONTROLLER_GEN ?= $(LOCALBIN)/controller-gen
277289
ENVTEST ?= $(LOCALBIN)/setup-envtest
278-
HELM ?= $(ARTIFACTS)/helm
279-
HELM_DOCS ?= $(ARTIFACTS)/helm-docs
290+
GINKGO = $(LOCALBIN)/ginkgo
291+
KIND = $(LOCALBIN)/kind
292+
HELM ?= $(LOCALBIN)/helm
293+
HELM_DOCS ?= $(LOCALBIN)/helm-docs
294+
YQ ?= $(LOCALBIN)/yq
280295

281296
KUSTOMIZE_INSTALL_SCRIPT ?= "https://raw.githubusercontent.com/kubernetes-sigs/kustomize/master/hack/install_kustomize.sh"
282297
.PHONY: kustomize
@@ -317,15 +332,13 @@ envtest: $(ENVTEST) ## Download envtest-setup locally if necessary.
317332
$(ENVTEST): $(LOCALBIN)
318333
test -s $(LOCALBIN)/setup-envtest || GOBIN=$(LOCALBIN) $(GO_CMD) install sigs.k8s.io/controller-runtime/tools/setup-envtest@v0.0.0-20240813183042-b901db121e1f
319334

320-
GINKGO = $(shell pwd)/bin/ginkgo
321335
.PHONY: ginkgo
322336
ginkgo: ## Download ginkgo locally if necessary.
323-
@GOBIN=$(PROJECT_DIR)/bin GO111MODULE=on $(GO_CMD) install github.com/onsi/ginkgo/v2/ginkgo@v2.1.4
337+
@GOBIN=$(PROJECT_DIR)/bin GO111MODULE=on $(GO_CMD) install github.com/onsi/ginkgo/v2/ginkgo@$(GINKGO_VERSION)
324338

325-
KIND = $(shell pwd)/bin/kind
326339
.PHONY: kind
327340
kind:
328-
@GOBIN=$(PROJECT_DIR)/bin GO111MODULE=on $(GO_CMD) install sigs.k8s.io/kind@v0.23.0
341+
@GOBIN=$(PROJECT_DIR)/bin GO111MODULE=on $(GO_CMD) install sigs.k8s.io/kind@$(KIND_VERSION)
329342

330343
.PHONY: kind-image-build
331344
kind-image-build: PLATFORMS=linux/amd64
@@ -345,7 +358,6 @@ test-e2e-kind: manifests kustomize fmt vet envtest ginkgo kind-image-build
345358
prometheus:
346359
kubectl apply --server-side -k config/prometheus
347360

348-
HELM = $(PROJECT_DIR)/bin/helm
349361
.PHONY: helm
350362
helm: ## Download helm locally if necessary.
351363
GOBIN=$(PROJECT_DIR)/bin GO111MODULE=on $(GO_CMD) install helm.sh/helm/v3/cmd/helm@$(HELM_VERSION)
@@ -362,8 +374,6 @@ helm-docs-plugin: $(HELM_DOCS) ## Download helm-docs plugin locally if necessary
362374
$(HELM_DOCS): $(LOCALBIN)
363375
GOBIN=$(LOCALBIN) $(GO_CMD) install github.com/norwoodj/helm-docs/cmd/helm-docs@$(HELM_DOCS_VERSION)
364376

365-
YQ = $(PROJECT_DIR)/bin/yq
366377
.PHONY: yq
367378
yq: ## Download yq locally if necessary.
368-
GOBIN=$(PROJECT_DIR)/bin GO111MODULE=on $(GO_CMD) install github.com/mikefarah/yq/v4@v4.45.1
369-
379+
GOBIN=$(PROJECT_DIR)/bin GO111MODULE=on $(GO_CMD) install github.com/mikefarah/yq/v4@$(YQ_VERSION)

charts/jobset/crds/jobset.x-k8s.io_jobsets.yaml

Lines changed: 6 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
33
kind: CustomResourceDefinition
44
metadata:
55
annotations:
6-
controller-gen.kubebuilder.io/version: v0.16.2
6+
controller-gen.kubebuilder.io/version: v0.17.2
77
name: jobsets.jobset.x-k8s.io
88
spec:
99
group: jobset.x-k8s.io
@@ -237,6 +237,11 @@ spec:
237237
x-kubernetes-validations:
238238
- message: Value is immutable
239239
rule: self == oldSelf
240+
groupName:
241+
default: default
242+
description: GroupName defines the name of the group this ReplicatedJob
243+
belongs to. Defaults to "default"
244+
type: string
240245
name:
241246
description: |-
242247
Name is the name of the entry and will be used as a suffix

charts/jobset/templates/prometheus/service_monitor.yaml

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -31,4 +31,9 @@ spec:
3131
{{- include "jobset.controller.selectorLabels" . | nindent 6 }}
3232
endpoints:
3333
- port: metrics
34+
path: /metrics
35+
scheme: https
36+
bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
37+
tlsConfig:
38+
insecureSkipVerify: true
3439
{{- end }}
Lines changed: 18 additions & 32 deletions
Original file line numberDiff line numberDiff line change
@@ -1,39 +1,25 @@
1-
# The following manifests contain a self-signed issuer CR and a certificate CR.
2-
# More document can be found at https://docs.cert-manager.io
3-
# WARNING: Targets CertManager v1.0. Check https://cert-manager.io/docs/installation/upgrading/ for breaking changes.
4-
apiVersion: cert-manager.io/v1
5-
kind: Issuer
6-
metadata:
7-
labels:
8-
app.kubernetes.io/name: issuer
9-
app.kubernetes.io/instance: selfsigned-issuer
10-
app.kubernetes.io/component: certificate
11-
app.kubernetes.io/created-by: jobset
12-
app.kubernetes.io/part-of: jobset
13-
app.kubernetes.io/managed-by: kustomize
14-
name: selfsigned-issuer
15-
namespace: system
16-
spec:
17-
selfSigned: {}
18-
---
191
apiVersion: cert-manager.io/v1
202
kind: Certificate
213
metadata:
4+
name: jobset-cert
5+
namespace: jobset-system
226
labels:
23-
app.kubernetes.io/name: certificate
24-
app.kubernetes.io/instance: serving-cert
25-
app.kubernetes.io/component: certificate
26-
app.kubernetes.io/created-by: jobset
27-
app.kubernetes.io/part-of: jobset
28-
app.kubernetes.io/managed-by: kustomize
29-
name: serving-cert # this name should match the one appeared in kustomizeconfig.yaml
30-
namespace: system
7+
app.kubernetes.io/managed-by: Kustomize
8+
app.kubernetes.io/version: "0.7.3"
9+
app.kubernetes.io/name: jobset
10+
app.kubernetes.io/instance: jobset
3111
spec:
32-
# $(SERVICE_NAME) and $(SERVICE_NAMESPACE) will be substituted by kustomize
33-
dnsNames:
34-
- $(SERVICE_NAME).$(SERVICE_NAMESPACE).svc
35-
- $(SERVICE_NAME).$(SERVICE_NAMESPACE).svc.cluster.local
12+
secretName: jobset-webhook-server-cert
3613
issuerRef:
14+
group: cert-manager.io/v1
3715
kind: Issuer
38-
name: selfsigned-issuer
39-
secretName: webhook-server-cert # this secret will not be prefixed, since it's not managed by kustomize
16+
name: jobset-self-signed-issuer
17+
commonName: jobset-webhook-service.jobset-system.svc
18+
dnsNames:
19+
- jobset-webhook-service.jobset-system.svc
20+
- jobset-webhook-service.jobset-system.svc.cluster.local
21+
duration: 8760h
22+
renewBefore: 720h
23+
usages:
24+
- server auth
25+
- client auth
Lines changed: 12 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,12 @@
1+
apiVersion: cert-manager.io/v1
2+
kind: Issuer
3+
metadata:
4+
name: jobset-self-signed-issuer
5+
namespace: jobset-system
6+
labels:
7+
app.kubernetes.io/managed-by: Kustomize
8+
app.kubernetes.io/version: "0.7.3"
9+
app.kubernetes.io/name: jobset
10+
app.kubernetes.io/instance: jobset
11+
spec:
12+
selfSigned: {}
Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,6 @@
11
resources:
22
- certificate.yaml
3+
- issuer.yaml
34

45
configurations:
56
- kustomizeconfig.yaml

config/components/certmanager/kustomizeconfig.yaml

Lines changed: 0 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -6,11 +6,3 @@ nameReference:
66
- kind: Certificate
77
group: cert-manager.io
88
path: spec/issuerRef/name
9-
10-
varReference:
11-
- kind: Certificate
12-
group: cert-manager.io
13-
path: spec/commonName
14-
- kind: Certificate
15-
group: cert-manager.io
16-
path: spec/dnsNames
Lines changed: 24 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,24 @@
1+
apiVersion: v1
2+
kind: ConfigMap
3+
metadata:
4+
name: jobset-controller-config
5+
namespace: jobset-system
6+
labels:
7+
app.kubernetes.io/managed-by: Kustomize
8+
app.kubernetes.io/version: "0.7.3"
9+
app.kubernetes.io/name: jobset
10+
app.kubernetes.io/instance: jobset
11+
app.kubernetes.io/component: controller
12+
data:
13+
controller_manager_config.yaml: |2
14+
apiVersion: config.jobset.x-k8s.io/v1alpha1
15+
kind: Configuration
16+
leaderElection:
17+
leaderElect: true
18+
clientConnection:
19+
qps: 500
20+
burst: 500
21+
internalCertManagement:
22+
enable: false
23+
webhookServiceName: jobset-webhook-service
24+
webhookSecretName: jobset-webhook-server-cert

config/components/manager/controller_manager_config.yaml

Lines changed: 0 additions & 5 deletions
This file was deleted.
Lines changed: 96 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,96 @@
1+
apiVersion: apps/v1
2+
kind: Deployment
3+
metadata:
4+
name: jobset-controller
5+
namespace: jobset-system
6+
labels:
7+
app.kubernetes.io/managed-by: Kustomize
8+
app.kubernetes.io/version: "0.7.3"
9+
app.kubernetes.io/name: jobset
10+
app.kubernetes.io/instance: jobset
11+
app.kubernetes.io/component: controller
12+
spec:
13+
replicas: 1
14+
selector:
15+
matchLabels:
16+
app.kubernetes.io/name: jobset
17+
app.kubernetes.io/instance: jobset
18+
app.kubernetes.io/component: controller
19+
template:
20+
metadata:
21+
labels:
22+
helm.sh/chart: jobset-0.7.3
23+
app.kubernetes.io/managed-by: Helm
24+
app.kubernetes.io/version: "0.7.3"
25+
app.kubernetes.io/name: jobset
26+
app.kubernetes.io/instance: jobset
27+
app.kubernetes.io/component: controller
28+
annotations:
29+
jobset.x-k8s.io/config-hash: dce001eda0b7844802217531a27610b3940fc050b7999ee6a3a43956db1f726d
30+
spec:
31+
containers:
32+
- name: controller
33+
image: "us-central1-docker.pkg.dev/k8s-staging-images/jobset/jobset:main"
34+
imagePullPolicy: Always
35+
command:
36+
- /manager
37+
args:
38+
- --zap-log-level=2
39+
- --config=/controller_manager_config.yaml
40+
volumeMounts:
41+
- name: manager-config
42+
subPath: controller_manager_config.yaml
43+
mountPath: /controller_manager_config.yaml
44+
- name: webhook-cert
45+
mountPath: /tmp/k8s-webhook-server/serving-certs
46+
readOnly: true
47+
ports:
48+
- name: health-probe
49+
containerPort: 8081
50+
protocol: TCP
51+
- name: webhook
52+
containerPort: 9443
53+
protocol: TCP
54+
- name: metrics
55+
containerPort: 8080
56+
protocol: TCP
57+
livenessProbe:
58+
httpGet:
59+
port: 8081
60+
scheme: HTTP
61+
path: /healthz
62+
initialDelaySeconds: 15
63+
periodSeconds: 20
64+
readinessProbe:
65+
httpGet:
66+
port: 8081
67+
scheme: HTTP
68+
path: /readyz
69+
initialDelaySeconds: 5
70+
periodSeconds: 10
71+
resources:
72+
limits:
73+
cpu: 2
74+
memory: 4Gi
75+
requests:
76+
cpu: 500m
77+
memory: 128Mi
78+
securityContext:
79+
allowPrivilegeEscalation: false
80+
capabilities:
81+
drop:
82+
- ALL
83+
readOnlyRootFilesystem: true
84+
volumes:
85+
- name: manager-config
86+
configMap:
87+
name: jobset-controller-config
88+
- name: webhook-cert
89+
secret:
90+
secretName: jobset-webhook-server-cert
91+
defaultMode: 420
92+
securityContext:
93+
runAsNonRoot: true
94+
seccompProfile:
95+
type: RuntimeDefault
96+
serviceAccountName: jobset-controller

0 commit comments

Comments
 (0)