Make image puller a standalone chart (#244)

* Make image puller a standalone chart

* Set chart version to 1.0.0

charts/image-puller/Chart.yaml

@@ -0,0 +1,31 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+
+apiVersion: v1
+appVersion: "1.0.0"
+description: Chart to deploy an image puller that pulls docker images
+name: sn-image-puller
+version: 1.0.0
+home: https://streamnative.io
+sources:
+- https://github.com/streamnative/charts/pulsar
+icon: http://pulsar.apache.org/img/pulsar.svg
+maintainers:
+- name: StreamNative Support
+  email: [email protected]

charts/image-puller/templates/_daemonset-helper.yaml

@@ -0,0 +1,70 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+
+{{- /*
+Returns an image-puller daemonset. Two daemonsets will be created like this.
+- hook-image-puller: for pre helm upgrade image pulling (lives temporarily)
+- continuous-image-puller: for newly added nodes image pulling
+*/}}
+{{- define "image_puller.daemonset" -}}
+# image puller daemonset
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ template "chart.fullname" . }}-{{ print .componentPrefix "image-puller" }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "chart.standardLabels" . | nindent 4 }}
+  {{- if .hook }}
+  annotations:
+    {{- /*
+    Allows the daemonset to be deleted when the image-awaiter job is completed.
+    */}}
+    "helm.sh/hook": pre-install,pre-upgrade
+    "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
+    "helm.sh/hook-weight": "-10"
+  {{- end }}
+spec:
+  selector:
+    matchLabels:
+      {{- include "chart.matchLabels" . | nindent 6 }}
+  updateStrategy:
+    type: RollingUpdate
+    rollingUpdate:
+      maxUnavailable: 100%
+  template:
+    metadata:
+      labels:
+        {{- /* Changes here will cause the DaemonSet to restart the pods. */}}
+        {{- include "chart.template.labels" . | nindent 8 }}
+    spec:
+      initContainers:
+        {{- range $image := .Values.images }}
+        - name: image-pull-{{ $image.name }}
+          image: {{ $image.repository }}:{{ $image.tag }}
+          imagePullPolicy: {{ $image.pullPolicy }}
+          command:
+            - /bin/sh
+            - -c
+            - echo "Pulling {{ $image.name }} complete"
+        {{- end }}
+      containers:
+        - name: pause
+          image: {{ .Values.pause.image.name }}:{{ .Values.pause.image.tag }}
+{{- end }}

charts/image-puller/templates/_helpers.tpl

@@ -0,0 +1,54 @@
+{{/* vim: set filetype=mustache: */}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "chart.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "chart.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "chart.versionname" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create the common labels.
+*/}}
+{{- define "chart.standardLabels" -}}
+app: {{ template "chart.name" . }}
+chart: {{ template "chart.versionname" . }}
+release: {{ .Release.Name }}
+heritage: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Create the template labels.
+*/}}
+{{- define "chart.template.labels" -}}
+app: {{ template "chart.name" . }}
+release: {{ .Release.Name }}
+{{- end }}
+
+{{/*
+Create the match labels.
+*/}}
+{{- define "chart.matchLabels" -}}
+app: {{ template "chart.name" . }}
+release: {{ .Release.Name }}
+{{- end }}

charts/sn-pulsar/templates/image-puller/daemonset.yaml → charts/image-puller/templates/daemonset.yaml

@@ -23,17 +23,17 @@ helm upgrades. It's task is to pull the required images on all nodes. When the
 image-awaiter job confirms the required images to be pulled, the daemonset is
 deleted. Only then will the actual helm upgrade start.
 */}}
-{{- if .Values.imagePuller.hook.enabled }}
+{{- if .Values.hook.enabled }}
 {{- $_ := merge (dict "hook" true "componentPrefix" "hook-") . }}
-{{- include "pulsar.imagePuller.daemonset" $_ }}
+{{- include "image_puller.daemonset" $_ }}
 {{- end }}
 ---
 {{- /*
 The continuous-image-puller daemonset task is to pull required images to nodes
 that are added in between helm upgrades, for example by manually adding a node
 or by the cluster autoscaler.
 */}}
-{{- if .Values.imagePuller.continuous.enabled }}
+{{- if .Values.continuous.enabled }}
 {{- $_ := merge (dict "hook" false "componentPrefix" "continuous-") . }}
-{{ include "pulsar.imagePuller.daemonset" $_ }}
+{{ include "image_puller.daemonset" $_ }}
 {{- end }}

charts/sn-pulsar/templates/image-puller/job.yaml → charts/image-puller/templates/job.yaml

@@ -24,16 +24,16 @@ its' pods running. If all those pods are running they must have pulled all the
 required images on all nodes as they are used as init containers with a dummy
 command.
 */}}
-{{- if .Values.imagePuller.hook.enabled -}}
+{{- if .Values.hook.enabled -}}
 # wait for images to be pulled
 apiVersion: batch/v1
 kind: Job
 metadata:
-  name: {{ template "pulsar.fullname" . }}-hook-image-awaiter
-  namespace: {{ template "pulsar.namespace" . }}
+  name: {{ template "chart.fullname" . }}-hook-image-awaiter
+  namespace: {{ .Release.Namespace }}
   labels:
-    {{- include "pulsar.standardLabels" . | nindent 4 }}
-    component: {{ .Values.imagePuller.component }}
+    {{- include "chart.standardLabels" . | nindent 4 }}
+    component: {{ .Values.component }}
   annotations:
     "helm.sh/hook": pre-install,pre-upgrade
     "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
@@ -43,22 +43,22 @@ spec:
     metadata:
       labels:
         {{- /* Changes here will cause the Job to restart the pods. */}}
-        {{- include "pulsar.matchLabels" . | nindent 8 }}
-        component: {{ .Values.imagePuller.component }}
+        {{- include "chart.matchLabels" . | nindent 8 }}
+        component: {{ .Values.component }}
     spec:
       restartPolicy: Never
-      {{- if .Values.imagePuller.rbac.enabled }}
-      serviceAccountName: {{ template "pulsar.fullname" . }}-hook-image-awaiter
+      {{- if .Values.rbac.enabled }}
+      serviceAccountName: {{ template "chart.fullname" . }}-hook-image-awaiter
       {{- end }}
       containers:
-        - image: {{ .Values.imagePuller.hook.image.name }}:{{ .Values.imagePuller.hook.image.tag }}
+        - image: {{ .Values.hook.image.name }}:{{ .Values.hook.image.tag }}
           name: hook-image-awaiter
           imagePullPolicy: IfNotPresent
           command:
             - /image-awaiter
             - -ca-path=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt
             - -auth-token-path=/var/run/secrets/kubernetes.io/serviceaccount/token
             - -api-server-address=https://$(KUBERNETES_SERVICE_HOST):$(KUBERNETES_SERVICE_PORT)
-            - -namespace={{ template "pulsar.namespace" . }}
-            - -daemonset={{ template "pulsar.fullname" . }}-hook-image-puller
+            - -namespace={{ .Release.Namespace }}
+            - -daemonset={{ template "chart.fullname" . }}-hook-image-puller
 {{- end }}

charts/sn-pulsar/templates/image-puller/rbac.yaml → charts/image-puller/templates/rbac.yaml

@@ -20,19 +20,19 @@
 {{- /*
 Permissions to be used by the hook-image-awaiter job
 */}}
-{{- if .Values.imagePuller.hook.enabled }}
-{{- if .Values.imagePuller.rbac.enabled }}
+{{- if .Values.hook.enabled }}
+{{- if .Values.rbac.enabled }}
 {{- /*
 This service account...
 */ -}}
 # service account
 apiVersion: v1
 kind: ServiceAccount
 metadata:
-  name: {{ template "pulsar.fullname" . }}-hook-image-awaiter
-  namespace: {{ template "pulsar.namespace" . }}
+  name: {{ template "chart.fullname" . }}-hook-image-awaiter
+  namespace: {{ .Release.Namespace }}
   labels:
-    {{- include "pulsar.standardLabels" . | nindent 4 }}
+    {{- include "chart.standardLabels" . | nindent 4 }}
   annotations:
     "helm.sh/hook": pre-install,pre-upgrade
     "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
@@ -45,10 +45,10 @@ metadata:
 kind: Role
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
-  name: {{ template "pulsar.fullname" . }}-hook-image-awaiter
-  namespace: {{ template "pulsar.namespace" . }}
+  name: {{ template "chart.fullname" . }}-hook-image-awaiter
+  namespace: {{ .Release.Namespace }}
   labels:
-    {{- include "pulsar.standardLabels" . | nindent 4 }}
+    {{- include "chart.standardLabels" . | nindent 4 }}
   annotations:
     "helm.sh/hook": pre-install,pre-upgrade
     "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
@@ -65,21 +65,21 @@ rules:
 kind: RoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
-  name: {{ template "pulsar.fullname" . }}-hook-image-awaiter
-  namespace: {{ template "pulsar.namespace" . }}
+  name: {{ template "chart.fullname" . }}-hook-image-awaiter
+  namespace: {{ .Release.Namespace }}
   labels:
-    {{- include "pulsar.standardLabels" . | nindent 4 }}
+    {{- include "chart.standardLabels" . | nindent 4 }}
   annotations:
     "helm.sh/hook": pre-install,pre-upgrade
     "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
     "helm.sh/hook-weight": "0"
 subjects:
   - kind: ServiceAccount
-    name: {{ template "pulsar.fullname" . }}-hook-image-awaiter
-    namespace: {{ template "pulsar.namespace" . }}
+    name: {{ template "chart.fullname" . }}-hook-image-awaiter
+    namespace: {{ .Release.Namespace }}
 roleRef:
   kind: Role
-  name: {{ template "pulsar.fullname" . }}-hook-image-awaiter
+  name: {{ template "chart.fullname" . }}-hook-image-awaiter
   apiGroup: rbac.authorization.k8s.io
 {{- end }}
 {{- end }}

charts/image-puller/values.yaml

@@ -0,0 +1,74 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+
+component: image-puller
+pullSecret:
+  enabled: false
+hook:
+  enabled: false
+  image:
+    name: streamnative/k8s-image-awaiter
+    tag: '0.1.0'
+rbac:
+  enabled: true
+continuous:
+  enabled: false
+pause:
+  image:
+    name: gcr.io/google_containers/pause
+    tag: '3.1'
+
+images:
+  - name: pulsar
+    repository: streamnative/sn-pulsar
+    tag: 2.8.0.1
+    pullPolicy: IfNotPresent
+#  - name: prometheus
+#    repository: prom/prometheus
+#    tag: v2.17.2
+#    pullPolicy: IfNotPresent
+#  - nmae: alert_manager
+#    repository: prom/alertmanager
+#    tag: v0.20.0
+#    pullPolicy: IfNotPresent
+#  - name: grafana
+#    repository: streamnative/apache-pulsar-grafana-dashboard-k8s
+#    tag: 0.0.14
+#    pullPolicy: IfNotPresent
+#  - name: streamnative_console
+#    repository: streamnative/sn-pulsar-manager
+#    tag: 0.7.0-15
+#    pullPolicy: IfNotPresent
+#    hasCommand: false
+#  - name: node_exporter
+#    repository: prom/node-exporter
+#    tag: v0.16.0
+#    pullPolicy: "IfNotPresent"
+#  - name: nginx_ingress_controller
+#    repository: quay.io/kubernetes-ingress-controller/nginx-ingress-controller
+#    tag: 0.26.2
+#    pullPolicy: "IfNotPresent"
+#  - name: vault
+#    repository: vault
+#    tag: 1.7.0
+#    pullPolicy: "IfNotPresent"
+#  - name: vault_init
+#    repository: streamnative/pulsar_vault_init
+#    tag: v1.0.2
+