feat: initial chart

Chart.yaml

@@ -0,0 +1,16 @@
+apiVersion: v1
+name: cluster-rke2-openstack
+description: Helm Chart for provisioning RKE2 Cluster on top of OpenStack
+version: '0.1.0'
+maintainers:
+  - name: eduardo.scheidet
+    email: eduardo.scheidet@luizalabs.com
+  - name: leonardo.martinsda
+    email: leonardo.martinsda@luizalabs.com
+  - name: alcidesmig
+    email: alcidesmig@gmail.com
+  - name: renato.guilhermini
+    email: renato.guilhermini@luizalabs.com
+annotations:
+  catalog.cattle.io/type: cluster-rke2-openstack
+  catalog.cattle.io/namespace: fleet-default

templates/_autoscaler_getkubeconfig.tpl

@@ -0,0 +1,5 @@
+{{- define "cluster-rke2-openstack.autoscalerKubeconfig" }}
+#!/bin/sh
+CLUSTER_ID=$(curl -s -H "Authorization: Bearer {{ $.Values.cluster.autoscaler.rancherToken }}" {{ $.Values.cluster.autoscaler.rancherUrl }}/v3/clusters?name={{ $.Values.cluster.name }} | jq -r .data[].id)
+curl -s -u {{ $.Values.cluster.autoscaler.rancherToken }} {{ $.Values.cluster.autoscaler.rancherUrl }}/v3/clusters/$CLUSTER_ID?action=generateKubeconfig -X POST -H 'content-type: application/json' --insecure | jq -r .config
+{{- end }}

templates/_autoscaler_secret.tpl

@@ -0,0 +1,7 @@
+{{- define "cluster-rke2-openstack.autoscalerConfigMap" }}
+url: {{ $.Values.cluster.autoscaler.rancherUrl }}
+token: {{ $.Values.cluster.autoscaler.rancherToken }}
+clusterName: {{ $.Values.cluster.name }}
+clusterNamespace: {{ $.Release.Namespace }}
+providerIDPrefix: openstack
+{{- end }}

templates/_cinder_csi_plugin.tpl

@@ -0,0 +1,81 @@
+{{/*
+OpenStack Cinder CSI plugin
+*/}}
+{{- define "cluster-rke2-openstack.cinderCsiPlugin" }}
+apiVersion: helm.cattle.io/v1
+kind: HelmChart
+metadata:
+  annotations:
+    meta.helm.sh/release-name: {{ $.Release.Name }}
+  name: cinder-csi-plugin
+  namespace: kube-system
+spec:
+  chart: openstack-cinder-csi
+  repo: https://kubernetes.github.io/cloud-provider-openstack
+  targetNamespace: kube-system
+  bootstrap: false
+  valuesContent: |+
+    storageClass:
+          enabled: true
+          delete:
+              isDefault: false
+              allowVolumeExpansion: true
+          retain:
+              isDefault: false
+              allowVolumeExpansion: true
+          custom: |-
+            ---
+            apiVersion: storage.k8s.io/v1
+            kind: StorageClass
+            metadata:
+              name: csi-cinder-default
+              annotations:
+                storageclass.kubernetes.io/is-default-class: "true"
+            allowVolumeExpansion: true
+            parameters:
+              availability: {{ $.Values.openstack.availabilityZone }}
+            provisioner: cinder.csi.openstack.org
+            reclaimPolicy: Delete
+            volumeBindingMode: Immediate
+            ---
+            apiVersion: storage.k8s.io/v1
+            kind: StorageClass
+            metadata:
+              name: csi-cinder-nvme
+              annotations:
+                {}
+              labels:
+                {}
+            allowVolumeExpansion: true
+            parameters:
+              availability: nova
+              type: nvme
+            provisioner: cinder.csi.openstack.org
+            reclaimPolicy: Retain
+            volumeBindingMode: Immediate
+    secret:
+      enabled: true
+      create: true
+      name: cinder-csi-cloud-config
+      data:
+        cloud.conf: |-
+          [Global]
+          auth-url={{ $.Values.openstack.authUrl }}
+          application-credential-id={{ $.Values.openstack.applicationCredentialId }}
+          application-credential-secret={{ $.Values.openstack.applicationCredentialSecret }}
+          region={{ $.Values.openstack.region }}
+          [BlockStorage]
+          ignore-volume-az=true
+    {{- if .Values.rke.cinderCsiPlugin }}
+    {{- if .Values.rke.cinderCsiPlugin.image }}
+    csi:
+      plugin:
+        image:
+          repository: {{ $.Values.imageRegistryURL }}{{ $.Values.rke.cinderCsiPlugin.image }}
+          {{- if .Values.rke.cinderCsiPlugin.tag }}
+          tag: {{ $.Values.rke.cinderCsiPlugin.tag }}
+          {{- end }}
+    {{- end }}
+    {{- end }}
+---
+{{- end }}

templates/_cni_calico.tpl

@@ -0,0 +1,29 @@
+{{/*
+Calico setup script for running on nodes
+*/}}
+{{- define "calicoCNIConfigmap" }}
+{{- if eq .Values.cluster.cni.name "calico" }}
+kind: ConfigMap
+apiVersion: v1
+metadata:
+  name: entrypoint
+  namespace: kube-system
+  labels:
+    app: default-init
+data:
+  entrypoint.sh: |
+    #!/bin/sh
+    echo "Starting configuration"
+    echo "nameserver 8.8.8.8" >> /etc/resolv.conf
+    cat /etc/resolv.conf
+    IP_ADDR=$(ip -f inet addr show ens3|grep -o "inet [0-9]*\.[0-9]*\.[0-9]*\.[0-9]*" | grep -o "[0-9]*\.[0-9]*\.[0-9]*\.[0-9]*")
+    echo "Machine IP: " $IP_ADDR
+    MAC_ADDRESS=$(cat /sys/class/net/ens3/address)
+    echo "Mac Address: " $MAC_ADDRESS
+    ID=$(openstack port list --fixed-ip ip-address=$IP_ADDR -f value -c ID)
+    echo "Port ID:" $ID
+    openstack port set --allowed-address mac-address=$MAC_ADDRESS,ip-address={{ $.Values.cluster.cni.podCidr | default "10.42.0.0/16" }} $ID
+    echo "Configuration Done"
+---
+{{- end }}
+{{- end }}

templates/_kubeconfig_ingress.tpl

@@ -0,0 +1,31 @@
+{{/*
+Ingress for local authentication bypassing rancher
+*/}}
+{{ define "cluster-rke2-openstack.kubeconfigIngress"}}
+{{ if $.Values.rke.localClusterAuthEndpoint.enabled }}
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: kubeconfig
+  namespace: default
+  annotations:
+    nginx.ingress.kubernetes.io/backend-protocol: HTTPS
+spec:
+  rules:
+  - host: {{ $.Values.rke.localClusterAuthEndpoint.fqdn | default "direct-external-access.domain.local" }}
+    http:
+      paths:
+      - backend:
+          service:
+            name: kubernetes
+            port:
+              number: 443
+        path: /
+        pathType: Prefix
+  tls:
+  - hosts:
+    - {{ $.Values.rke.localClusterAuthEndpoint.fqdn | default "direct-external-access.domain.local" }}
+    secretName: {{ $.Values.rke.localClusterAuthEndpoint.secretName }}
+---
+{{ end }}
+{{ end }}

templates/_nodeinitializer.tpl

@@ -0,0 +1,69 @@
+{{/*
+Node initializer to configurate
+*/}}
+{{- define "calicoNodeInitializer" }}
+{{- if eq .Values.cluster.cni.name "calico" }}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: node-initializer
+  namespace: kube-system
+  labels:
+    app: default-init
+spec:
+  selector:
+    matchLabels:
+      app: default-init
+  updateStrategy:
+    type: RollingUpdate
+  template:
+    metadata:
+      labels:
+        name: node-initializer
+        app: default-init
+    spec:
+      priorityClassName: system-node-critical
+      hostNetwork: true
+      volumes:
+      - name: root-mount
+        hostPath:
+          path: /
+      - name: entrypoint
+        configMap:
+          name: entrypoint
+          defaultMode: 0744
+      initContainers:
+      - image: {{ $.Values.openstack.openstackClientImage }}
+        name: node-initializer
+        command: ["/scripts/entrypoint.sh"]
+        env:
+        - name: OS_AUTH_TYPE
+          value: v3applicationcredential
+        - name: OS_REGION_NAME
+          value: {{ $.Values.openstack.region }}
+        - name: OS_INTERFACE
+          value: public
+        - name: OS_AUTH_URL
+          value: {{ $.Values.openstack.authUrl }}/v3
+        - name: OS_APPLICATION_CREDENTIAL_ID
+          value: {{ $.Values.openstack.applicationCredentialId }}
+        - name: OS_APPLICATION_CREDENTIAL_SECRET
+          value: {{ $.Values.openstack.applicationCredentialSecret }}
+        - name: ROOT_MOUNT_DIR
+          value: /root
+        securityContext:
+          privileged: true
+        volumeMounts:
+        - name: root-mount
+          mountPath: /root
+        - name: entrypoint
+          mountPath: /scripts
+      containers:
+      - image: google/pause
+        name: pause
+      tolerations:
+        - key:
+          operator: Exists
+---
+{{- end }}
+{{- end }}

templates/_nodescript.tpl

@@ -0,0 +1,57 @@
+{{/*
+Node scripts to run arbitrary codes on cluster nodes through DaemonSets
+*/}}
+{{- define "cluster-rke2-openstack.nodeScript" }}
+{{- range .Values.rke.nodeScripts }}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: node-script-{{ .name }}
+  namespace: kube-system
+  labels:
+    script: {{ .name }}
+spec:
+  selector:
+    matchLabels:
+      script: {{ .name }}
+  updateStrategy:
+    type: RollingUpdate
+  template:
+    metadata:
+      labels:
+        name: node-script-{{ .name }}
+        script: {{ .name }}
+    spec:
+      priorityClassName: system-node-critical
+      hostNetwork: true
+      {{- if .volumes }}
+      volumes:
+      {{- toYaml .volumes.entries | nindent 6 }}
+      {{- end }}
+      initContainers:
+      - image: {{ .image | default "alpine:3.8" }}
+        name: node-script-{{ .name }}
+        command:
+        {{- toYaml .script | nindent 8 }}
+        {{- if .env }}
+        env:
+        {{- toYaml .env | nindent 8 }}
+        {{- end }}
+        securityContext:
+          privileged: true
+        {{- if .volumes }}
+        volumeMounts:
+        {{- toYaml .volumes.volumeMounts | nindent 8 }}
+        {{- end }} 
+      containers:
+        # @todo parametize
+      - image: {{ .pauseContainerImage }} 
+        name: pause
+      tolerations:
+        {{- if $.runOnControlPlanes }}
+        - key:
+          operator: Exists
+        {{- end}}
+---
+{{- end }}
+{{- end }}

templates/_openstack_controller_mng.tpl

@@ -0,0 +1,61 @@
+{{/*
+OpenStack Cloud controller Manager
+*/}}
+{{ define "cluster-rke2-openstack.openstack-controller-manager" }}
+apiVersion: helm.cattle.io/v1
+kind: HelmChart
+metadata:
+    name: openstack-cloud-controller-manager
+    namespace: kube-system
+spec:
+    bootstrap: true
+    chart: openstack-cloud-controller-manager
+    repo: https://kubernetes.github.io/cloud-provider-openstack
+    targetNamespace: kube-system
+    valuesContent: |-
+        controllerExtraArgs: |-
+            - --cluster-name={{ $.Values.cluster.name }}
+        logVerbosityLevel: 2
+        secret:
+            create: true
+            name: cloud-config
+        tolerations:
+            - effect: NoSchedule
+              key: node-role.kubernetes.io/control-plane
+            - effect: NoExecute
+              key: node-role.kubernetes.io/etcd
+            - effect: NoSchedule
+              key: node.cloudprovider.kubernetes.io/uninitialized
+              value: "true"
+        cloudConfig:
+            global:
+                auth-url: {{ $.Values.openstack.authUrl }}
+                application-credential-id: {{ $.Values.openstack.applicationCredentialId }}
+                application-credential-secret: {{ $.Values.openstack.applicationCredentialSecret }}
+                region: {{ $.Values.openstack.region }}
+            loadBalancer:
+                {{- if .Values.rke.openstackControllerManager }}
+                create-monitor: {{ $.Values.rke.openstackControllerManager.enableLoadBalancerCreateMonitor }}
+                {{- else }}
+                create-monitor: false
+                {{- end }}
+                monitor-delay: 60s
+                monitor-timeout: 30s
+                monitor-max-retries: 5
+                use-octavia: true
+                cascade-delete: true
+                subnet-id: {{ $.Values.openstack.subnetID }}
+                floating-network-id: {{ $.Values.openstack.floatingNetID }}
+            block_storage:
+                ignore-volume-az: true
+        {{- if .Values.rke.openstackControllerManager }}
+        {{- if .Values.rke.openstackControllerManager.image }}
+        image:
+          repository: {{ $.Values.imageRegistryURL }}{{ $.Values.rke.openstackControllerManager.image }}
+        {{- if .Values.rke.openstackControllerManager.tag }}
+          tag: {{ $.Values.rke.openstackControllerManager.tag }}
+        {{- end }}
+        {{- end }}
+        {{- end }}
+---
+{{ end }}