diff --git a/charts/opensearch-operator/Chart.yaml b/charts/opensearch-operator/Chart.yaml index cdf5501e7..a9ed5ca55 100644 --- a/charts/opensearch-operator/Chart.yaml +++ b/charts/opensearch-operator/Chart.yaml @@ -1,24 +1,10 @@ apiVersion: v2 name: opensearch-operator description: The OpenSearch Operator Helm chart for Kubernetes - -# A chart can be either an 'application' or a 'library' chart. -# -# Application charts are a collection of templates that can be packaged into versioned archives -# to be deployed. -# -# Library charts provide useful utilities or functions for the chart developer. They're included as -# a dependency of application charts to inject those utilities and functions into the rendering -# pipeline. Library charts do not define any templates and therefore cannot be deployed. +home: https://opensearch.org +sources: + - https://github.com/opensearch-project/OpenSearch + - https://github.com/opensearch-project/opensearch-k8s-operator type: application - -# This is the opensearch-operator chart version. This version number should be incremented each time you make changes -# to the chart and its templates, including the app version. -# Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 2.8.0 - -# This is the version number of the application being deployed (the operator). This version number should be -# incremented each time you make changes to the application. Versions are not expected to -# follow Semantic Versioning. They should reflect the version the application is using. -# It is recommended to use it with quotes. +version: 2.8.1 appVersion: 2.8.0 diff --git a/charts/opensearch-operator/README.md b/charts/opensearch-operator/README.md index dc63c2504..b20d0a5f9 100644 --- a/charts/opensearch-operator/README.md +++ b/charts/opensearch-operator/README.md @@ -9,21 +9,27 @@ The Operator can be easily installed using helm on any CNCF-certified Kubernetes ### Installation Using Helm #### Get Repo Info -``` + +```bash helm repo add opensearch-operator https://opensearch-project.github.io/opensearch-k8s-operator/ helm repo update ``` + #### Install Chart -``` + +```bash helm install [RELEASE_NAME] opensearch-operator/opensearch-operator ``` + #### Uninstall Chart -``` + +```bash helm uninstall [RELEASE_NAME] ``` + #### Upgrade Chart -``` + +```bash helm repo update helm upgrade [RELEASE_NAME] opensearch-operator/opensearch-operator ``` - diff --git a/charts/opensearch-operator/templates/_helpers.tpl b/charts/opensearch-operator/templates/_helpers.tpl index 32f313e3f..b9cf390da 100644 --- a/charts/opensearch-operator/templates/_helpers.tpl +++ b/charts/opensearch-operator/templates/_helpers.tpl @@ -55,8 +55,8 @@ Create the name of the service account to use */}} {{- define "opensearch-operator.serviceAccountName" -}} {{- if .Values.serviceAccount.create }} -{{- default (printf "%s-%s" (include "opensearch-operator.fullname" .) "controller-manager") .Values.serviceAccount.name }} +{{- default (include "opensearch-operator.fullname" .) .Values.serviceAccount.name }} {{- else }} -{{- default "opensearch-operator-controller-manager" .Values.serviceAccount.name }} +{{- default "default" .Values.serviceAccount.name }} {{- end }} {{- end }} diff --git a/charts/opensearch-operator/templates/opensearch-operator-manager-config-cm.yaml b/charts/opensearch-operator/templates/configmap.yaml old mode 100755 new mode 100644 similarity index 74% rename from charts/opensearch-operator/templates/opensearch-operator-manager-config-cm.yaml rename to charts/opensearch-operator/templates/configmap.yaml index c2e9a13fd..f2fe76503 --- a/charts/opensearch-operator/templates/opensearch-operator-manager-config-cm.yaml +++ b/charts/opensearch-operator/templates/configmap.yaml @@ -1,4 +1,10 @@ +--- apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "opensearch-operator.fullname" . }} + labels: + {{- include "opensearch-operator.labels" . | nindent 4 }} data: controller_manager_config.yaml: | apiVersion: controller-runtime.sigs.k8s.io/v1alpha1 @@ -12,6 +18,3 @@ data: leaderElection: leaderElect: true resourceName: a867c7dc.opensearch.opster.io -kind: ConfigMap -metadata: - name: {{ include "opensearch-operator.fullname" . }}-manager-config diff --git a/charts/opensearch-operator/templates/crds.yaml b/charts/opensearch-operator/templates/crds.yaml new file mode 100644 index 000000000..6f4b796eb --- /dev/null +++ b/charts/opensearch-operator/templates/crds.yaml @@ -0,0 +1,19 @@ +{{- if .Values.installCRDs -}} +{{- range $path, $_ := .Files.Glob "files/*.yaml" }} + {{- $raw := $.Files.Get $path -}} + {{- $docs := splitList "\n---\n" $raw -}} + {{- range $doc := $docs }} + {{- if and $doc (ne $doc "") }} + {{- $obj := fromYaml $doc }} + {{- if $obj }} + {{- $labels := include "opensearch-operator.labels" $ | fromYaml }} + {{- $md := default (dict) $obj.metadata }} + {{- $_ := set $md "labels" (merge (default (dict) $obj.metadata.labels) $labels) }} + {{- $_ := set $obj "metadata" $md }} +{{ $obj | toYaml }} +--- + {{- end }} + {{- end }} + {{- end }} +{{- end }} +{{- end }} diff --git a/charts/opensearch-operator/templates/opensearch-operator-controller-manager-deployment.yaml b/charts/opensearch-operator/templates/deployment.yaml old mode 100755 new mode 100644 similarity index 92% rename from charts/opensearch-operator/templates/opensearch-operator-controller-manager-deployment.yaml rename to charts/opensearch-operator/templates/deployment.yaml index 4b5cb194b..4cae65551 --- a/charts/opensearch-operator/templates/opensearch-operator-controller-manager-deployment.yaml +++ b/charts/opensearch-operator/templates/deployment.yaml @@ -1,18 +1,19 @@ +--- apiVersion: apps/v1 kind: Deployment metadata: labels: - control-plane: controller-manager - name: {{ include "opensearch-operator.fullname" . }}-controller-manager + {{- include "opensearch-operator.labels" . | nindent 4 }} + name: {{ include "opensearch-operator.fullname" . }} spec: replicas: 1 selector: matchLabels: - control-plane: controller-manager + {{- include "opensearch-operator.selectorLabels" . | nindent 6 }} template: metadata: labels: - control-plane: controller-manager + {{- include "opensearch-operator.labels" . | nindent 8 }} {{- with .Values.podLabels }} {{- toYaml . | nindent 8 }} {{- end }} diff --git a/charts/opensearch-operator/templates/opensearch-operator-controller-manager-metrics-service-svc.yaml b/charts/opensearch-operator/templates/opensearch-operator-controller-manager-metrics-service-svc.yaml deleted file mode 100755 index e4c6e820c..000000000 --- a/charts/opensearch-operator/templates/opensearch-operator-controller-manager-metrics-service-svc.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - labels: - control-plane: controller-manager - name: {{ include "opensearch-operator.fullname" . }}-controller-manager-metrics-service -spec: - ports: - - name: https - port: 8443 - targetPort: https - selector: - control-plane: controller-manager diff --git a/charts/opensearch-operator/templates/opensearch-operator-crds.yaml b/charts/opensearch-operator/templates/opensearch-operator-crds.yaml deleted file mode 100644 index 21fdeedb2..000000000 --- a/charts/opensearch-operator/templates/opensearch-operator-crds.yaml +++ /dev/null @@ -1,5 +0,0 @@ -{{- if .Values.installCRDs -}} -{{- range $path, $bytes := .Files.Glob "files/*.yaml" }} -{{ $.Files.Get $path }} -{{- end }} -{{- end }} diff --git a/charts/opensearch-operator/templates/opensearch-operator-leader-election-role-role.yaml b/charts/opensearch-operator/templates/opensearch-operator-leader-election-role-role.yaml deleted file mode 100755 index aa8853e05..000000000 --- a/charts/opensearch-operator/templates/opensearch-operator-leader-election-role-role.yaml +++ /dev/null @@ -1,48 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ include "opensearch-operator.fullname" . }}-leader-election-role -rules: -- apiGroups: - - "" - resources: - - configmaps - verbs: - - get - - list - - watch - - create - - update - - patch - - delete -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - get - - list - - watch - - create - - update - - patch - - delete -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch -- apiGroups: - - monitoring.coreos.com - resources: - - servicemonitors - verbs: - - create - - delete - - get - - list - - patch - - update - - watch diff --git a/charts/opensearch-operator/templates/opensearch-operator-leader-election-rolebinding-rb.yaml b/charts/opensearch-operator/templates/opensearch-operator-leader-election-rolebinding-rb.yaml deleted file mode 100755 index 654a0a7df..000000000 --- a/charts/opensearch-operator/templates/opensearch-operator-leader-election-rolebinding-rb.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ include "opensearch-operator.fullname" . }}-leader-election-rolebinding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ include "opensearch-operator.fullname" . }}-leader-election-role -subjects: -- kind: ServiceAccount - name: {{ include "opensearch-operator.serviceAccountName" . }} diff --git a/charts/opensearch-operator/templates/opensearch-operator-manager-rolebinding.yaml b/charts/opensearch-operator/templates/opensearch-operator-manager-rolebinding.yaml deleted file mode 100755 index a528ffdf3..000000000 --- a/charts/opensearch-operator/templates/opensearch-operator-manager-rolebinding.yaml +++ /dev/null @@ -1,27 +0,0 @@ -{{- if .Values.useRoleBindings }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ include "opensearch-operator.fullname" . }}-{{ .Release.Namespace }}-manager-rolebinding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ include "opensearch-operator.fullname" . }}-{{ .Release.Namespace }}-manager-role -subjects: -- kind: ServiceAccount - name: {{ include "opensearch-operator.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} -{{- else }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ include "opensearch-operator.fullname" . }}-{{ .Release.Namespace }}-manager-rolebinding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ include "opensearch-operator.fullname" . }}-{{ .Release.Namespace }}-manager-role -subjects: -- kind: ServiceAccount - name: {{ include "opensearch-operator.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} -{{- end }} diff --git a/charts/opensearch-operator/templates/opensearch-operator-metrics-reader-cr.yaml b/charts/opensearch-operator/templates/opensearch-operator-metrics-reader-cr.yaml deleted file mode 100755 index c8f9d89ca..000000000 --- a/charts/opensearch-operator/templates/opensearch-operator-metrics-reader-cr.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ include "opensearch-operator.fullname" . }}-{{ .Release.Namespace }}-metrics-reader -rules: -- nonResourceURLs: - - /metrics - verbs: - - get diff --git a/charts/opensearch-operator/templates/opensearch-operator-proxy-role-cr.yaml b/charts/opensearch-operator/templates/opensearch-operator-proxy-role-cr.yaml deleted file mode 100755 index cbd6cb77e..000000000 --- a/charts/opensearch-operator/templates/opensearch-operator-proxy-role-cr.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ include "opensearch-operator.fullname" . }}-{{ .Release.Namespace }}-proxy-role -rules: -- apiGroups: - - authentication.k8s.io - resources: - - tokenreviews - verbs: - - create -- apiGroups: - - authorization.k8s.io - resources: - - subjectaccessreviews - verbs: - - create diff --git a/charts/opensearch-operator/templates/opensearch-operator-proxy-rolebinding.yaml b/charts/opensearch-operator/templates/opensearch-operator-proxy-rolebinding.yaml deleted file mode 100755 index d9a5d339f..000000000 --- a/charts/opensearch-operator/templates/opensearch-operator-proxy-rolebinding.yaml +++ /dev/null @@ -1,27 +0,0 @@ -{{- if .Values.useRoleBindings }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ include "opensearch-operator.fullname" . }}-{{ .Release.Namespace }}-proxy-rolebinding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ include "opensearch-operator.fullname" . }}-{{ .Release.Namespace }}-proxy-role -subjects: -- kind: ServiceAccount - name: {{ include "opensearch-operator.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} -{{- else }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ include "opensearch-operator.fullname" . }}-{{ .Release.Namespace }}-proxy-rolebinding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ include "opensearch-operator.fullname" . }}-{{ .Release.Namespace }}-proxy-role -subjects: -- kind: ServiceAccount - name: {{ include "opensearch-operator.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} -{{- end }} diff --git a/charts/opensearch-operator/templates/opensearch-operator-manager-role-cr.yaml b/charts/opensearch-operator/templates/rbac.yaml old mode 100755 new mode 100644 similarity index 64% rename from charts/opensearch-operator/templates/opensearch-operator-manager-role-cr.yaml rename to charts/opensearch-operator/templates/rbac.yaml index 3daf70d49..66d3eb9c7 --- a/charts/opensearch-operator/templates/opensearch-operator-manager-role-cr.yaml +++ b/charts/opensearch-operator/templates/rbac.yaml @@ -1,8 +1,10 @@ +--- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - creationTimestamp: null - name: {{ include "opensearch-operator.fullname" . }}-{{ .Release.Namespace }}-manager-role + name: {{ include "opensearch-operator.fullname" . }} + labels: + {{- include "opensearch-operator.labels" . | nindent 4 }} rules: - apiGroups: - apps @@ -411,4 +413,131 @@ rules: resources: - opensearchsnapshotpolicies/finalizers verbs: - - update \ No newline at end of file + - update +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "opensearch-operator.fullname" . }}-metrics + labels: + {{- include "opensearch-operator.labels" . | nindent 4 }} +rules: +- nonResourceURLs: + - /metrics + verbs: + - get +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "opensearch-operator.fullname" . }}-proxy + labels: + {{- include "opensearch-operator.labels" . | nindent 4 }} +rules: +- apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create +- apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ include "opensearch-operator.fullname" . }}-leader-election + labels: + {{- include "opensearch-operator.labels" . | nindent 4 }} +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +- apiGroups: + - monitoring.coreos.com + resources: + - servicemonitors + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ include "opensearch-operator.fullname" . }}-leader-election + labels: + {{- include "opensearch-operator.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ include "opensearch-operator.fullname" . }}-leader-election +subjects: +- kind: ServiceAccount + name: {{ include "opensearch-operator.serviceAccountName" . }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: {{ if .Values.useRoleBindings }}RoleBinding{{ else }}ClusterRoleBinding{{ end }} +metadata: + name: {{ include "opensearch-operator.fullname" . }} + labels: + {{- include "opensearch-operator.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ include "opensearch-operator.fullname" . }} +subjects: +- kind: ServiceAccount + name: {{ include "opensearch-operator.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: {{ if .Values.useRoleBindings }}RoleBinding{{ else }}ClusterRoleBinding{{ end }} +metadata: + name: {{ include "opensearch-operator.fullname" . }}-proxy + labels: + {{- include "opensearch-operator.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ include "opensearch-operator.fullname" . }}-proxy +subjects: +- kind: ServiceAccount + name: {{ include "opensearch-operator.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} diff --git a/charts/opensearch-operator/templates/service.yaml b/charts/opensearch-operator/templates/service.yaml new file mode 100644 index 000000000..0763a600d --- /dev/null +++ b/charts/opensearch-operator/templates/service.yaml @@ -0,0 +1,14 @@ +--- +apiVersion: v1 +kind: Service +metadata: + labels: + {{- include "opensearch-operator.labels" . | nindent 4 }} + name: {{ include "opensearch-operator.fullname" . }} +spec: + ports: + - name: https + port: 8443 + targetPort: https + selector: + {{- include "opensearch-operator.selectorLabels" . | nindent 4 }} diff --git a/charts/opensearch-operator/templates/opensearch-operator-controller-manager-sa.yaml b/charts/opensearch-operator/templates/serviceaccount.yaml old mode 100755 new mode 100644 similarity index 68% rename from charts/opensearch-operator/templates/opensearch-operator-controller-manager-sa.yaml rename to charts/opensearch-operator/templates/serviceaccount.yaml index ee5a1ca23..5baa8b06f --- a/charts/opensearch-operator/templates/opensearch-operator-controller-manager-sa.yaml +++ b/charts/opensearch-operator/templates/serviceaccount.yaml @@ -1,6 +1,9 @@ {{- if .Values.serviceAccount.create -}} +--- apiVersion: v1 kind: ServiceAccount metadata: name: {{ include "opensearch-operator.serviceAccountName" . }} + labels: + {{- include "opensearch-operator.labels" . | nindent 4 }} {{- end -}} diff --git a/charts/opensearch-operator/values.yaml b/charts/opensearch-operator/values.yaml index 1ee839bbe..a4dc76e92 100644 --- a/charts/opensearch-operator/values.yaml +++ b/charts/opensearch-operator/values.yaml @@ -71,7 +71,8 @@ installCRDs: true serviceAccount: # Specifies whether a service account should be created create: true - # Override the service account name. Defaults to opensearch-operator-controller-manager + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template name: "" kubeRbacProxy: @@ -91,7 +92,7 @@ kubeRbacProxy: memory: 25Mi livenessProbe: - failureThreshold: 3 + failureThreshold: 5 httpGet: path: /healthz port: 10443