Adding kubernetes backend to stolon-chart (#20)

* Implementation of backend kubernetes * fixes #18 * Added rbac roles
lwolf · Apr 9, 2018 · d42a1c5 · d42a1c5
1 parent b3643f5
commit d42a1c5
Show file tree

Hide file tree

Showing 15 changed files with 151 additions and 31 deletions.
diff --git a/README.md b/README.md
@@ -19,6 +19,7 @@ Currently only etcd backend is supported.
 - [X] Automate initial stolon cluster creating
 - [X] Do not manage etcd dependency, do not rely on etcd chart
 - [ ] Add support for consul backend
+- [X] Add support for kubernetes backend (experimental)
 - [X] Add support for 1.6
 
 

diff --git a/stolon/Chart.yaml b/stolon/Chart.yaml
@@ -1,6 +1,6 @@
 name: stolon
 home: https://github.com/sorintlab/stolon
-version: 0.4.0
+version: 0.5.0
 description: Stolon Helm Chart for Kubernetes.
 sources:
   - https://github.com/sorintlab/stolon

diff --git a/stolon/README.md b/stolon/README.md
@@ -31,6 +31,14 @@ $ helm dep build
 $ helm install --name my-release .
 ```
 
+### Experimental kubernetes backend:
+
+```bash
+# You need to set the backend to type kubernetes
+$ helm install --name my-release . --set store.backend=kubernetes
+```
+Or change them in your values.yml accordingly.
+
 ## Configuration
 
 The following tables lists the configurable parameters of the helm chart and their default values.
@@ -42,8 +50,9 @@ The following tables lists the configurable parameters of the helm chart and the
 | `imagePullPolicy`                       | Image pull policy                              | `Always` if `imageTag` is `latest`, else `IfNotPresent`      |
 | `clusterName`                           | Name of the cluster                            | `kube-stolon`                                                |
 | `debug`                                 | Debug mode                                     | `false`                                                      |
-| `store.backend`                         | Store backend to use (etcd/consul)             | `etcd`                                                       |
+| `store.backend`                         | Store backend to use (etcd/consul/kubernetes)  | `etcd`                                                       |
 | `store.endpoints`                       | Store backend endpoints                        | `http://etcd-0:2379,http://etcd-1:2379,http://etcd-2:2379`   |
+| `store.kubeResourceKind`                | Kubernetes resource kind (only for kubernetes) | `configmap`                                                  |
 | `pgReplUsername`                        | Repl username                                  | `repluser`                                                   |
 | `pgReplPassword`                        | Repl password                                  | random 40 characters                                         |
 | `pgSuperuserName`                       | Postgres Superuser name                        | `stolon`                                                     |
@@ -69,6 +78,9 @@ The following tables lists the configurable parameters of the helm chart and the
 | `persistence.storageClassName`          | Storage class name of backing PVC              | `standard`                                                   |
 | `persistence.accessMode`                | Use volume as ReadOnly or ReadWrite            | `ReadWriteOnce`                                              |
 | `persistence.size`                      | Size of data volume                            | `10Gi`                                                       |
+| `rbac.create`                           | Specifies if RBAC resources should be created  | `true`                                                       |
+| `serviceAccount.create`                 | Specifies if ServiceAccount should be created  | `true`                                                       |
+| `serviceAccount.name  `                 | Name of the generated serviceAccount           | Defaults to fullname template                                |
 
 Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`.
 

diff --git a/stolon/templates/_helpers.tpl b/stolon/templates/_helpers.tpl
@@ -46,3 +46,12 @@ We truncate at 63 chars because some Kubernetes name fields are limited to this
 {{- $name := default .Chart.Name .Values.nameOverride -}}
 {{- printf "%s-%s-%s" .Release.Name $name $serviceName | trunc 63 | trimSuffix "-" -}}
 {{- end -}}
+
+{{/* Create the name of the service account to use */}}
+{{- define "stolon.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create -}}
+    {{ default (include "stolon.fullname" .) .Values.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
diff --git a/stolon/templates/cluster-create-job.yaml b/stolon/templates/cluster-create-job.yaml
@@ -26,8 +26,9 @@ spec:
                   "imagePullPolicy": {{ default "Always" .Values.imagePullPolicy | quote }}
               }
           ]'
-        {{ end }}
+        {{- end }}
     spec:
+      serviceAccountName: {{ template "stolon.serviceAccountName" . }}
       restartPolicy: Never
       containers:
       - name: {{ template "stolon.fullname" . }}
@@ -38,7 +39,11 @@ spec:
           - init
           - --cluster-name={{ template "stolon.clusterName" . }}
           - --store-backend={{ .Values.store.backend }}
+          {{- if eq .Values.store.backend "kubernetes" }}
+          - --kube-resource-kind={{ default "configmap" .Values.store.kubeResourceKind }}
+          {{- else }}
           - --store-endpoints={{ .Values.store.endpoints }}
+          {{- end }}
           - --yes
           - '{  "initMode": "new"{{- if or .Values.keeper.client_ssl.enabled .Values.slow_queries.enabled }}, "pgParameters": { {{- if .Values.keeper.client_ssl.enabled }} "ssl": "on", "ssl_cert_file": "/etc/secrets/ssl/server.crt", "ssl_key_file": "/etc/secrets/ssl/server.key"{{- end }}{{- if and .Values.keeper.client_ssl.enabled .Values.slow_queries.enabled }},{{- end }}{{ if .Values.slow_queries.enabled }} "log_min_duration_statement" :  "{{ .Values.slow_queries.min_duration }}" {{ end }} }{{- end}} }'
 {{ end }}

diff --git a/stolon/templates/keeper-ro-service.yaml b/stolon/templates/keeper-ro-service.yaml
@@ -4,10 +4,10 @@ metadata:
   name: {{ template "stolon.keeper.fullname" . }}
   labels:
     app: {{ template "stolon.keeper.fullname" . }}
-    chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
     release: "{{ .Release.Name }}"
-    heritage: "{{ .Release.Service }}"
+    chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
     component: keeper
+    heritage: "{{ .Release.Service }}"
 spec:
   {{ if .Values.keeper.serviceType }}
   type: {{ .Values.keeper.serviceType }}
@@ -16,5 +16,8 @@ spec:
     - port: {{ .Values.ports.externalPort }}
       targetPort: {{ .Values.ports.internalPort }}
   selector:
-    app: {{ template "stolon.keeper.fullname" . }}
+    app: "stolon-keeper"
+    release: "{{ .Release.Name }}"
+    chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
     component: keeper
+    stolon-cluster: {{ template "stolon.clusterName" . }}
diff --git a/stolon/templates/keeper-statefulset.yaml b/stolon/templates/keeper-statefulset.yaml
@@ -4,24 +4,25 @@ metadata:
   name: {{ template "stolon.keeper.fullname" . }}
   labels:
     app: {{ template "stolon.keeper.fullname" . }}
-    chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
     release: "{{ .Release.Name }}"
-    heritage: "{{ .Release.Service }}"
+    chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
     component: keeper
+    heritage: "{{ .Release.Service }}"
 spec:
   serviceName: {{ template "stolon.keeper.fullname" . }}
   replicas: {{ .Values.keeper.replicas }}
   template:
     metadata:
       labels:
-        app: {{ template "stolon.keeper.fullname" . }}
-        chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
+        app: "stolon-keeper"
         release: "{{ .Release.Name }}"
-        heritage: "{{ .Release.Service }}"
+        chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
         component: keeper
+        stolon-cluster: {{ template "stolon.clusterName" . }}
       annotations:
         pod.alpha.kubernetes.io/initialized: "true"
     spec:
+      serviceAccountName: {{ template "stolon.serviceAccountName" . }}
       terminationGracePeriodSeconds: 10
 
 {{- if .Values.keeper.affinity }}
@@ -56,12 +57,21 @@ spec:
             chown stolon:stolon $STOLON_DATA
             exec gosu stolon stolon-keeper --data-dir $STOLON_DATA
         env:
+          - name: POD_NAME
+            valueFrom:
+              fieldRef:
+                fieldPath: metadata.name
           - name: STKEEPER_CLUSTER_NAME
             value: {{ template "stolon.clusterName" . }}
           - name: STKEEPER_STORE_BACKEND
             value: {{ .Values.store.backend  | quote}}
+          {{- if eq .Values.store.backend "kubernetes" }}
+          - name: STKEEPER_KUBE_RESOURCE_KIND
+            value: {{ default "configmap" .Values.store.kubeResourceKind  | quote}}
+          {{- else }}
           - name: STKEEPER_STORE_ENDPOINTS
             value: {{ .Values.store.endpoints | quote}}
+          {{- end }}
           - name: STKEEPER_PG_REPL_USERNAME
             value: {{ .Values.pgReplUsername  | quote}}
           - name: STKEEPER_PG_REPL_PASSWORDFILE
@@ -70,7 +80,7 @@ spec:
             value: {{ .Values.pgSuperuserName  | quote}}
           - name: STKEEPER_PG_SU_PASSWORDFILE
             value: "/etc/secrets/stolon/pg_su_password"
-          - name: STSENTINEL_DEBUG
+          - name: STKEEPER_DEBUG
             value: {{ .Values.debug | quote}}
         ports:
           - containerPort: {{ .Values.ports.internalPort }}

diff --git a/stolon/templates/proxy-deploy.yaml b/stolon/templates/proxy-deploy.yaml
@@ -4,23 +4,22 @@ metadata:
   name: {{ template "stolon.proxy.fullname" . }}
   labels:
     app: {{ template "stolon.proxy.fullname" . }}
-    chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
     release: "{{ .Release.Name }}"
-    heritage: "{{ .Release.Service }}"
+    chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
     component: proxy
+    heritage: "{{ .Release.Service }}"
 spec:
   replicas: {{ .Values.proxy.replicas }}
   template:
     metadata:
       labels:
-        app: {{ template "stolon.proxy.fullname" . }}
-        chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
+        app: "stolon-proxy"
         release: "{{ .Release.Name }}"
-        heritage: "{{ .Release.Service }}"
+        chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
         component: proxy
         stolon-cluster: {{ template "stolon.clusterName" . }}
     spec:
-
+      serviceAccountName: {{ template "stolon.serviceAccountName" . }}
 {{- if .Values.proxy.affinity }}
       affinity:
 {{ toYaml .Values.proxy.affinity | indent 8 }}
@@ -46,15 +45,24 @@ spec:
           - |
             exec gosu stolon stolon-proxy
         env:
+          - name: POD_NAME
+            valueFrom:
+              fieldRef:
+                fieldPath: metadata.name
           - name: STPROXY_CLUSTER_NAME
             value: {{ template "stolon.clusterName" . }}
           - name: STPROXY_STORE_BACKEND
             value: {{ .Values.store.backend | quote}}
+          {{- if eq .Values.store.backend "kubernetes" }}
+          - name: STPROXY_KUBE_RESOURCE_KIND
+            value: {{ default "configmap" .Values.store.kubeResourceKind  | quote}}
+          {{- else }}
           - name: STPROXY_STORE_ENDPOINTS
-            value: {{ .Values.store.endpoints | quote }}
+            value: {{ .Values.store.endpoints | quote}}
+          {{- end }}
           - name: STPROXY_LISTEN_ADDRESS
             value: {{ default "0.0.0.0" .Values.proxy.listenAddress | quote }}
-          - name: STSENTINEL_DEBUG
+          - name: STPROXY_DEBUG
             value: {{ .Values.debug | quote}}
         ports:
           - containerPort: {{ .Values.ports.internalPort }}

diff --git a/stolon/templates/proxy-service.yaml b/stolon/templates/proxy-service.yaml
@@ -4,10 +4,10 @@ metadata:
   name: {{ template "stolon.proxy.fullname" . }}
   labels:
     app: {{ template "stolon.proxy.fullname" . }}
-    chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
     release: "{{ .Release.Name }}"
-    heritage: "{{ .Release.Service }}"
+    chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
     component: proxy
+    heritage: "{{ .Release.Service }}"
 spec:
   {{ if .Values.proxy.serviceType }}
   type: {{ .Values.proxy.serviceType }}
@@ -16,5 +16,8 @@ spec:
     - port: {{ .Values.ports.externalPort }}
       targetPort: {{ .Values.ports.internalPort }}
   selector:
+    app: "stolon-proxy"
+    release: "{{ .Release.Name }}"
+    chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
     component: proxy
-    stolon-cluster: {{ .Values.clusterName }}
+    stolon-cluster: {{ template "stolon.clusterName" . }}
diff --git a/stolon/templates/secret.yaml b/stolon/templates/secret.yaml
@@ -4,8 +4,8 @@ metadata:
   name: {{ template "stolon.fullname" . }}
   labels:
     app: {{ template "stolon.fullname" . }}
-    chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
     release: "{{ .Release.Name }}"
+    chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
     heritage: "{{ .Release.Service }}"
 type: Opaque
 data:

diff --git a/stolon/templates/sentinel-deploy.yaml b/stolon/templates/sentinel-deploy.yaml
@@ -4,24 +4,23 @@ metadata:
   name: {{ template "stolon.sentinel.fullname" . }}
   labels:
     app: {{ template "stolon.sentinel.fullname" . }}
-    chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
     release: "{{ .Release.Name }}"
-    heritage: "{{ .Release.Service }}"
+    chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
     component: sentinel
+    heritage: "{{ .Release.Service }}"
 spec:
   replicas: {{ .Values.sentinel.replicas }}
   template:
     metadata:
       labels:
-        app: {{ template "stolon.sentinel.fullname" . }}
-        chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
+        app: "stolon-sentinel"
         release: "{{ .Release.Name }}"
-        heritage: "{{ .Release.Service }}"
+        chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
         component: sentinel
         stolon-cluster: {{ template "stolon.clusterName" . }}
         stolon-sentinel: "true"
     spec:
-
+      serviceAccountName: {{ template "stolon.serviceAccountName" . }}
 {{- if .Values.sentinel.affinity }}
       affinity:
 {{ toYaml .Values.sentinel.affinity | indent 8 }}
@@ -47,12 +46,21 @@ spec:
           - |
             exec gosu stolon stolon-sentinel
         env:
+          - name: POD_NAME
+            valueFrom:
+              fieldRef:
+                fieldPath: metadata.name
           - name: STSENTINEL_CLUSTER_NAME
             value: {{ template "stolon.clusterName" .}}
           - name: STSENTINEL_STORE_BACKEND
             value: {{ .Values.store.backend | quote}}
+          {{- if eq .Values.store.backend "kubernetes" }}
+          - name: STSENTINEL_KUBE_RESOURCE_KIND
+            value: {{ default "configmap" .Values.store.kubeResourceKind  | quote}}
+          {{- else }}
           - name: STSENTINEL_STORE_ENDPOINTS
             value: {{ .Values.store.endpoints | quote}}
+          {{- end }}
           - name: STSENTINEL_DEBUG
             value: {{ .Values.debug | quote}}
         resources:

diff --git a/stolon/templates/stolon-role.yaml b/stolon/templates/stolon-role.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.rbac.create -}}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: Role
+metadata:
+  name: {{ template "stolon.fullname" . }}
+  labels:
+    app: "stolon"
+    chart: {{ .Chart.Name }}-{{ .Chart.Version }}
+    heritage: {{ .Release.Service }}
+    release: {{ .Release.Name }}
+rules:
+- apiGroups:
+    - ""
+  resources:
+    - pods
+    - endpoints
+    - configmaps
+  verbs:
+    - "*"
+{{- end -}}
diff --git a/stolon/templates/stolon-rolebinding.yaml b/stolon/templates/stolon-rolebinding.yaml
@@ -0,0 +1,18 @@
+{{- if .Values.rbac.create -}}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: RoleBinding
+metadata:
+  name: {{ template "stolon.fullname" . }}
+  labels:
+    app: {{ .Chart.Name }}
+    chart: {{ .Chart.Name }}-{{ .Chart.Version }}
+    heritage: {{ .Release.Service }}
+    release: {{ .Release.Name }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "stolon.fullname" . }}
+subjects:
+- kind: ServiceAccount
+  name: {{ template "stolon.serviceAccountName" . }}
+{{- end -}}
diff --git a/stolon/templates/stolon-serviceaccount.yaml b/stolon/templates/stolon-serviceaccount.yaml
@@ -0,0 +1,11 @@
+{{- if .Values.serviceAccount.create -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "stolon.serviceAccountName" . }}
+  labels:
+    app: "stolon"
+    chart: {{ .Chart.Name }}-{{ .Chart.Version }}
+    heritage: {{ .Release.Service }}
+    release: {{ .Release.Name }}
+{{- end -}}
diff --git a/stolon/values.yaml b/stolon/values.yaml
@@ -14,7 +14,7 @@ image: "sorintlab/stolon"
 ## Stolon image version.
 ## ref: https://hub.docker.com/r/sorintlab/stolon/tags/
 ##
-imageTag: "v0.9.0-pg9.6"
+imageTag: "v0.10.0-pg9.6"
 
 ## Specify a imagePullPolicy: 'Always' if imageTag is 'latest', else set to 'IfNotPresent'.
 ## ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images
@@ -42,6 +42,7 @@ store:
   ## - etcdv2
   ## - etcdv3
   ## - consul (should work, but not tested yet)
+  ## - kubernetes (should work, but not tested yet)
   backend: "etcdv3"
   ## store endpoints MUST be set!
   endpoints: "http://etcd-etcd-0.etcd-etcd:2379,http://etcd-etcd-1.etcd-etcd:2379,http://etcd-etcd-2.etcd-etcd:2379"
@@ -150,3 +151,14 @@ persistence:
   ## Persistent Volume Storage Size.
   ##
   size: 10Gi
+
+rbac:
+  # Specifies whether RBAC resources should be created
+  create: true
+
+serviceAccount:
+  # Specifies whether a ServiceAccount should be created
+  create: true
+  # The name of the ServiceAccount to use.
+  # If not set and create is true, a name is generated using the fullname template
+  # name: my-name