From 1a9e56e419f17d35ffa2018a1eca6c15baa3a5ae Mon Sep 17 00:00:00 2001 From: Noe Luaces Date: Mon, 2 Sep 2024 12:26:21 +0200 Subject: [PATCH] basic helm chart for skupper --- deployments/helm/Chart.yaml | 4 + deployments/helm/README.md | 20 ++ .../helm/crds/skupper_access_grant_crd.yaml | 102 ++++++++ .../helm/crds/skupper_access_token_crd.yaml | 90 +++++++ ...skupper_attached_connector_anchor_crd.yaml | 91 +++++++ .../crds/skupper_attached_connector_crd.yaml | 109 +++++++++ .../helm/crds/skupper_certificate_crd.yaml | 110 +++++++++ .../helm/crds/skupper_cluster_policy_crd.yaml | 63 +++++ .../helm/crds/skupper_connector_crd.yaml | 125 ++++++++++ deployments/helm/crds/skupper_link_crd.yaml | 99 ++++++++ .../helm/crds/skupper_listener_crd.yaml | 102 ++++++++ .../helm/crds/skupper_router_access_crd.yaml | 113 +++++++++ .../helm/crds/skupper_secured_access_crd.yaml | 115 +++++++++ deployments/helm/crds/skupper_site_crd.yaml | 150 ++++++++++++ .../templates/deploy_namespace_scope.yaml | 223 ++++++++++++++++++ deployments/helm/values.yaml | 3 + 16 files changed, 1519 insertions(+) create mode 100644 deployments/helm/Chart.yaml create mode 100644 deployments/helm/README.md create mode 100644 deployments/helm/crds/skupper_access_grant_crd.yaml create mode 100644 deployments/helm/crds/skupper_access_token_crd.yaml create mode 100644 deployments/helm/crds/skupper_attached_connector_anchor_crd.yaml create mode 100644 deployments/helm/crds/skupper_attached_connector_crd.yaml create mode 100644 deployments/helm/crds/skupper_certificate_crd.yaml create mode 100644 deployments/helm/crds/skupper_cluster_policy_crd.yaml create mode 100644 deployments/helm/crds/skupper_connector_crd.yaml create mode 100644 deployments/helm/crds/skupper_link_crd.yaml create mode 100644 deployments/helm/crds/skupper_listener_crd.yaml create mode 100644 deployments/helm/crds/skupper_router_access_crd.yaml create mode 100644 deployments/helm/crds/skupper_secured_access_crd.yaml create mode 100644 deployments/helm/crds/skupper_site_crd.yaml create mode 100644 deployments/helm/templates/deploy_namespace_scope.yaml create mode 100644 deployments/helm/values.yaml diff --git a/deployments/helm/Chart.yaml b/deployments/helm/Chart.yaml new file mode 100644 index 000000000..557635846 --- /dev/null +++ b/deployments/helm/Chart.yaml @@ -0,0 +1,4 @@ +apiVersion: v2 +name: skupper-namespace-setup +description: Helm chart for setting up Skupper in a namespace. +version: 0.1.0 \ No newline at end of file diff --git a/deployments/helm/README.md b/deployments/helm/README.md new file mode 100644 index 000000000..678fbfe10 --- /dev/null +++ b/deployments/helm/README.md @@ -0,0 +1,20 @@ +### Description + +This Helm chart is designed to simplify the deployment of Skupper in a Kubernetes namespace. +It ensures that the Skupper Custom Resource Definitions (CRDs) and the Skupper controller +are correctly installed and configured. + +### Usage: +To deploy Skupper using this Helm chart, simply run the following command, specifying your +namespace: + +``` +helm install skupper-namespace-setup . --namespace +``` + +If the namespace is not specified it will be deployed in the current namespace. + +### How to uninstall the helm chart +``` +helm uninstall skupper-namespace-setup +``` \ No newline at end of file diff --git a/deployments/helm/crds/skupper_access_grant_crd.yaml b/deployments/helm/crds/skupper_access_grant_crd.yaml new file mode 100644 index 000000000..6b5554559 --- /dev/null +++ b/deployments/helm/crds/skupper_access_grant_crd.yaml @@ -0,0 +1,102 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: accessgrants.skupper.io +spec: + group: skupper.io + versions: + - name: v1alpha1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + properties: + spec: + type: object + properties: + redemptionsAllowed: + type: integer + expirationWindow: + type: string + format: duration + code: + type: string + issuer: + type: string + status: + type: object + properties: + url: + type: string + code: + type: string + ca: + type: string + redeemed: + type: integer + expiration: + type: string + format: date-time + status: + type: string + conditions: + type: array + items: + type: object + properties: + lastTransitionTime: + format: date-time + type: string + message: + maxLength: 32768 + type: string + observedGeneration: + format: int64 + minimum: 0 + type: integer + reason: + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + enum: + - "True" + - "False" + - Unknown + type: string + type: + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][- A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + subresources: + status: {} + additionalPrinterColumns: + - name: Redemptions Allowed + type: integer + description: The number of claims the grant is valid for + jsonPath: .spec.claims + - name: Redemptions Made + type: integer + description: The number of times an access token originating from this grant has been redeemed + jsonPath: .status.redeemed + - name: Expiration + type: string + description: When the grant will expire + jsonPath: .status.expiration + - name: Status + type: string + description: The status of the grant + jsonPath: .status.status + scope: Namespaced + names: + plural: accessgrants + singular: accessgrant + kind: AccessGrant diff --git a/deployments/helm/crds/skupper_access_token_crd.yaml b/deployments/helm/crds/skupper_access_token_crd.yaml new file mode 100644 index 000000000..d43c9c3b4 --- /dev/null +++ b/deployments/helm/crds/skupper_access_token_crd.yaml @@ -0,0 +1,90 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: accesstokens.skupper.io +spec: + group: skupper.io + versions: + - name: v1alpha1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + properties: + spec: + type: object + properties: + url: + type: string + code: + type: string + ca: + type: string + required: + - url + - code + - ca + status: + type: object + properties: + redeemed: + type: boolean + status: + type: string + conditions: + type: array + items: + type: object + properties: + lastTransitionTime: + format: date-time + type: string + message: + maxLength: 32768 + type: string + observedGeneration: + format: int64 + minimum: 0 + type: integer + reason: + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + enum: + - "True" + - "False" + - Unknown + type: string + type: + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][- A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + subresources: + status: {} + additionalPrinterColumns: + - name: URL + type: string + description: The URL the access token is redeemed at + jsonPath: .spec.url + - name: Redeemed + type: boolean + description: Whether the access token has already been redeemed + jsonPath: .status.redeemed + - name: Status + type: string + description: The status of the access token + jsonPath: .status.status + scope: Namespaced + names: + plural: accesstokens + singular: accesstoken + kind: AccessToken diff --git a/deployments/helm/crds/skupper_attached_connector_anchor_crd.yaml b/deployments/helm/crds/skupper_attached_connector_anchor_crd.yaml new file mode 100644 index 000000000..c2ef8881a --- /dev/null +++ b/deployments/helm/crds/skupper_attached_connector_anchor_crd.yaml @@ -0,0 +1,91 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: attachedconnectoranchors.skupper.io +spec: + group: skupper.io + versions: + - name: v1alpha1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + properties: + spec: + type: object + properties: + connectorNamespace: + type: string + routingKey: + type: string + required: + - connectorNamespace + - routingKey + status: + type: object + properties: + status: + type: string + conditions: + type: array + items: + type: object + properties: + lastTransitionTime: + format: date-time + type: string + message: + maxLength: 32768 + type: string + observedGeneration: + format: int64 + minimum: 0 + type: integer + reason: + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + enum: + - "True" + - "False" + - Unknown + type: string + type: + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][- A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + matchingListenerCount: + type: integer + subresources: + status: {} + additionalPrinterColumns: + - name: Routing Key + type: string + description: An identifier that associates connectors with listeners. + jsonPath: .spec.routingKey + - name: Connector Namespace + type: string + description: The namespace where the associated AttachableConnector is located. + jsonPath: .spec.connectorNamespace + - name: Status + type: string + description: The status of the connector + jsonPath: .status.status + - name: Matching Listener Count + type: integer + description: The number of listeners in the network with a matching routing key. + jsonPath: .status.matchingListenerCount + scope: Namespaced + names: + plural: attachedconnectoranchors + singular: attachedconnectoranchor + kind: AttachedConnectorAnchor diff --git a/deployments/helm/crds/skupper_attached_connector_crd.yaml b/deployments/helm/crds/skupper_attached_connector_crd.yaml new file mode 100644 index 000000000..247b394ef --- /dev/null +++ b/deployments/helm/crds/skupper_attached_connector_crd.yaml @@ -0,0 +1,109 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: attachedconnectors.skupper.io +spec: + group: skupper.io + versions: + - name: v1alpha1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + properties: + spec: + type: object + properties: + siteNamespace: + type: string + port: + type: integer + selector: + type: string + tlsCredentials: + type: string + type: + type: string + includeNotReady: + type: boolean + required: + - port + - selector + - siteNamespace + status: + type: object + properties: + status: + type: string + conditions: + type: array + items: + type: object + properties: + lastTransitionTime: + format: date-time + type: string + message: + maxLength: 32768 + type: string + observedGeneration: + format: int64 + minimum: 0 + type: integer + reason: + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + enum: + - "True" + - "False" + - Unknown + type: string + type: + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][- A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + selectedPods: + type: array + items: + type: object + properties: + name: + type: string + ip: + type: string + matchingListenerCount: + type: integer + subresources: + status: {} + additionalPrinterColumns: + - name: Port + type: integer + description: The port to connect to. + jsonPath: .spec.port + - name: Selector + type: string + description: The selector that identifies the pods to connect to. + jsonPath: .spec.selector + - name: Site Namespace + type: string + description: The namespace in which the site this connector should be attached to is defined. + jsonPath: .spec.siteNamespace + - name: Status + type: string + description: The status of the connector. + jsonPath: .status.status + scope: Namespaced + names: + plural: attachedconnectors + singular: attachedconnector + kind: AttachedConnector diff --git a/deployments/helm/crds/skupper_certificate_crd.yaml b/deployments/helm/crds/skupper_certificate_crd.yaml new file mode 100644 index 000000000..84e1d5edc --- /dev/null +++ b/deployments/helm/crds/skupper_certificate_crd.yaml @@ -0,0 +1,110 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: certificates.skupper.io +spec: + group: skupper.io + versions: + - name: v1alpha1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + properties: + spec: + type: object + properties: + ca: + type: string + subject: + type: string + hosts: + type: array + items: + type: string + client: + type: boolean + server: + type: boolean + signing: + type: boolean + required: + - ca + - subject + status: + type: object + properties: + status: + type: string + conditions: + type: array + items: + type: object + properties: + lastTransitionTime: + format: date-time + type: string + message: + maxLength: 32768 + type: string + observedGeneration: + format: int64 + minimum: 0 + type: integer + reason: + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + enum: + - "True" + - "False" + - Unknown + type: string + type: + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][- A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + expiration: + type: string + format: date-time + subresources: + status: {} + additionalPrinterColumns: + - name: CA + type: string + description: Identifies the CA to be used in signing the certificate + jsonPath: .spec.ca + - name: Server + type: boolean + description: Whether or not the certificate is valid for use as a server + jsonPath: .spec.server + - name: Client + type: boolean + description: Whether or not the certificate is valid for use as a client + jsonPath: .spec.client + - name: Signing + type: boolean + description: Whether or not the certificate is valid for use as a CA + jsonPath: .spec.signing + - name: Status + type: string + description: The status of the certificate + jsonPath: .status.status + - name: Expiration + type: string + description: The expiration of the certificate if relevant + jsonPath: .status.expiration + scope: Namespaced + names: + plural: certificates + singular: certificate + kind: Certificate diff --git a/deployments/helm/crds/skupper_cluster_policy_crd.yaml b/deployments/helm/crds/skupper_cluster_policy_crd.yaml new file mode 100644 index 000000000..4a6cd647c --- /dev/null +++ b/deployments/helm/crds/skupper_cluster_policy_crd.yaml @@ -0,0 +1,63 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: skupperclusterpolicies.skupper.io +spec: + group: skupper.io + versions: + - name: v1alpha1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + properties: + spec: + type: object + properties: + namespaces: + type: array + items: + type: string + allowIncomingLinks: + type: boolean + allowedOutgoingLinksHostnames: + type: array + items: + type: string + allowedExposedResources: + type: array + items: + type: string + allowedServices: + type: array + items: + type: string + scope: Cluster + names: + plural: skupperclusterpolicies + singular: skupperclusterpolicy + kind: SkupperClusterPolicy +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + application: skupper-service-controller + name: skupper-service-controller +rules: + - apiGroups: + - skupper.io + resources: + - skupperclusterpolicies + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - namespaces + verbs: + - get diff --git a/deployments/helm/crds/skupper_connector_crd.yaml b/deployments/helm/crds/skupper_connector_crd.yaml new file mode 100644 index 000000000..f46bb8457 --- /dev/null +++ b/deployments/helm/crds/skupper_connector_crd.yaml @@ -0,0 +1,125 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: connectors.skupper.io +spec: + group: skupper.io + versions: + - name: v1alpha1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + properties: + spec: + type: object + properties: + routingKey: + type: string + port: + type: integer + selector: + type: string + host: + type: string + tlsCredentials: + type: string + type: + type: string + includeNotReady: + type: boolean + required: + - routingKey + - port + oneOf: + - properties: + required: + - selector + - properties: + required: + - host + status: + type: object + properties: + status: + type: string + conditions: + type: array + items: + type: object + properties: + lastTransitionTime: + format: date-time + type: string + message: + maxLength: 32768 + type: string + observedGeneration: + format: int64 + minimum: 0 + type: integer + reason: + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + enum: + - "True" + - "False" + - Unknown + type: string + type: + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][- A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + selectedPods: + type: array + items: + type: object + properties: + name: + type: string + ip: + type: string + matchingListenerCount: + type: integer + subresources: + status: {} + additionalPrinterColumns: + - name: Routing Key + type: string + description: The key that ties connectors and listeners together + jsonPath: .spec.routingKey + - name: Port + type: integer + description: The port to connect to + jsonPath: .spec.port + - name: Host + type: string + description: The host to connect to + jsonPath: .spec.host + - name: Selector + type: string + description: The selector that identifies the pods to connect to + jsonPath: .spec.selector + - name: Status + type: string + description: The status of the connector + jsonPath: .status.status + - name: Matching Listener Count + type: integer + description: The number of listeners in the network with a matching routing key. + jsonPath: .status.matchingListenerCount + scope: Namespaced + names: + plural: connectors + singular: connector + kind: Connector diff --git a/deployments/helm/crds/skupper_link_crd.yaml b/deployments/helm/crds/skupper_link_crd.yaml new file mode 100644 index 000000000..952c07d25 --- /dev/null +++ b/deployments/helm/crds/skupper_link_crd.yaml @@ -0,0 +1,99 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: links.skupper.io +spec: + group: skupper.io + versions: + - name: v1alpha1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + properties: + spec: + type: object + properties: + endpoints: + type: array + items: + type: object + properties: + name: + type: string + host: + type: string + port: + type: string + group: + type: string + tlsCredentials: + type: string + cost: + type: integer + noClientAuth: + type: boolean + required: + - endpoints + status: + type: object + properties: + status: + type: string + remoteSiteId: + type: string + remoteSiteName: + type: string + conditions: + type: array + items: + type: object + properties: + lastTransitionTime: + format: date-time + type: string + message: + maxLength: 32768 + type: string + observedGeneration: + format: int64 + minimum: 0 + type: integer + reason: + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + enum: + - "True" + - "False" + - Unknown + type: string + type: + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][- A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + subresources: + status: {} + additionalPrinterColumns: + - name: Status + type: string + description: The status of the link + jsonPath: .status.status + - name: Remote Site + type: string + description: The name of the site linked to + jsonPath: .status.remoteSiteName + scope: Namespaced + names: + plural: links + singular: link + kind: Link diff --git a/deployments/helm/crds/skupper_listener_crd.yaml b/deployments/helm/crds/skupper_listener_crd.yaml new file mode 100644 index 000000000..bab6516c3 --- /dev/null +++ b/deployments/helm/crds/skupper_listener_crd.yaml @@ -0,0 +1,102 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: listeners.skupper.io +spec: + group: skupper.io + versions: + - name: v1alpha1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + properties: + spec: + type: object + properties: + routingKey: + type: string + host: + type: string + port: + type: integer + tlsCredentials: + type: string + type: + type: string + required: + - routingKey + - host + - port + status: + type: object + properties: + status: + type: string + conditions: + type: array + items: + type: object + properties: + lastTransitionTime: + format: date-time + type: string + message: + maxLength: 32768 + type: string + observedGeneration: + format: int64 + minimum: 0 + type: integer + reason: + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + enum: + - "True" + - "False" + - Unknown + type: string + type: + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][- A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + matchingConnectorCount: + type: integer + subresources: + status: {} + additionalPrinterColumns: + - name: Routing Key + type: string + description: The key that ties connectors and listeners together + jsonPath: .spec.routingKey + - name: Port + type: integer + description: The port the service listens on + jsonPath: .spec.port + - name: Host + type: string + description: The name of the service + jsonPath: .spec.host + - name: Status + type: string + description: The status of the listener + jsonPath: .status.status + - name: Matching Connector Count + type: integer + description: The number of connectors in the network with a matching routing key. + jsonPath: .status.matchingConnectorCount + scope: Namespaced + names: + plural: listeners + singular: listener + kind: Listener diff --git a/deployments/helm/crds/skupper_router_access_crd.yaml b/deployments/helm/crds/skupper_router_access_crd.yaml new file mode 100644 index 000000000..87f8f0f23 --- /dev/null +++ b/deployments/helm/crds/skupper_router_access_crd.yaml @@ -0,0 +1,113 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: routeraccesses.skupper.io +spec: + group: skupper.io + versions: + - name: v1alpha1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + properties: + spec: + type: object + properties: + roles: + type: array + items: + type: object + properties: + name: + type: string + port: + type: integer + generateTlsCredentials: + type: boolean + issuer: + type: string + accessType: + type: string + tlsCredentials: + type: string + bindHost: + type: string + subjectAlternativeNames: + type: array + items: + type: string + options: + type: object + additionalProperties: + type: string + required: + - roles + - tlsCredentials + status: + type: object + properties: + status: + type: string + conditions: + type: array + items: + type: object + properties: + lastTransitionTime: + format: date-time + type: string + message: + maxLength: 32768 + type: string + observedGeneration: + format: int64 + minimum: 0 + type: integer + reason: + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + enum: + - "True" + - "False" + - Unknown + type: string + type: + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][- A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + endpoints: + type: array + items: + type: object + properties: + name: + type: string + host: + type: string + port: + type: string + group: + type: string + subresources: + status: {} + additionalPrinterColumns: + - name: Status + type: string + description: The status of the router access + jsonPath: .status.status + scope: Namespaced + names: + plural: routeraccesses + singular: routeraccess + kind: RouterAccess diff --git a/deployments/helm/crds/skupper_secured_access_crd.yaml b/deployments/helm/crds/skupper_secured_access_crd.yaml new file mode 100644 index 000000000..26d67e03b --- /dev/null +++ b/deployments/helm/crds/skupper_secured_access_crd.yaml @@ -0,0 +1,115 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: securedaccesses.skupper.io +spec: + group: skupper.io + versions: + - name: v1alpha1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + properties: + spec: + type: object + properties: + ports: + type: array + items: + type: object + properties: + name: + type: string + port: + type: integer + targetPort: + type: integer + protocol: + type: string + selector: + type: object + additionalProperties: + type: string + issuer: + type: string + certificate: + type: string + accessType: + type: string + options: + type: object + additionalProperties: + type: string + required: + - selector + - ports + status: + type: object + properties: + endpoints: + type: array + items: + type: object + properties: + name: + type: string + host: + type: string + port: + type: string + group: + type: string + ca: + type: string + status: + type: string + conditions: + type: array + items: + type: object + properties: + lastTransitionTime: + format: date-time + type: string + message: + maxLength: 32768 + type: string + observedGeneration: + format: int64 + minimum: 0 + type: integer + reason: + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + enum: + - "True" + - "False" + - Unknown + type: string + type: + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][- A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + subresources: + status: {} + additionalPrinterColumns: + - name: Status + type: string + description: The status of the secured access + jsonPath: .status.status + scope: Namespaced + names: + plural: securedaccesses + singular: securedaccess + kind: SecuredAccess diff --git a/deployments/helm/crds/skupper_site_crd.yaml b/deployments/helm/crds/skupper_site_crd.yaml new file mode 100644 index 000000000..326e11ff6 --- /dev/null +++ b/deployments/helm/crds/skupper_site_crd.yaml @@ -0,0 +1,150 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: sites.skupper.io +spec: + group: skupper.io + versions: + - name: v1alpha1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + properties: + spec: + type: object + properties: + routerMode: + type: string + serviceAccount: + type: string + linkAccess: + type: string + defaultIssuer: + type: string + ha: + type: boolean + settings: + type: object + additionalProperties: + type: string + status: + type: object + properties: + defaultIssuer: + type: string + active: + type: boolean + status: + type: string + conditions: + type: array + items: + type: object + properties: + lastTransitionTime: + format: date-time + type: string + message: + maxLength: 32768 + type: string + observedGeneration: + format: int64 + minimum: 0 + type: integer + reason: + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + enum: + - "True" + - "False" + - Unknown + type: string + type: + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][- A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + endpoints: + type: array + items: + type: object + properties: + host: + type: string + port: + type: string + name: + type: string + group: + type: string + sitesInNetwork: + type: integer + network: + type: array + items: + type: object + properties: + id: + type: string + name: + type: string + namespace: + type: string + platform: + type: string + version: + type: string + links: + type: array + items: + type: object + properties: + name: + type: string + remoteSiteId: + type: string + remoteSiteName: + type: string + operational: + type: boolean + services: + type: array + items: + type: object + properties: + routingKey: + type: string + connectors: + type: array + items: + type: string + listeners: + type: array + items: + type: string + subresources: + status: {} + additionalPrinterColumns: + - name: Status + type: string + description: The status of the site + jsonPath: .status.status + - name: Sites In Network + type: integer + description: The number of sites in the network + jsonPath: .status.sitesInNetwork + scope: Namespaced + names: + plural: sites + singular: site + kind: Site diff --git a/deployments/helm/templates/deploy_namespace_scope.yaml b/deployments/helm/templates/deploy_namespace_scope.yaml new file mode 100644 index 000000000..bdbf0dd71 --- /dev/null +++ b/deployments/helm/templates/deploy_namespace_scope.yaml @@ -0,0 +1,223 @@ +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: skupper-controller + labels: + application: skupper-controller +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + application: skupper-controller + name: skupper-controller +rules: +- apiGroups: + - "" + resources: + - nodes + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - configmaps + - pods + - pods/exec + - services + - secrets + - serviceaccounts + - events + verbs: + - get + - list + - watch + - create + - update + - delete + - patch +- apiGroups: + - apps + resources: + - deployments + verbs: + - get + - list + - watch + - create + - update + - delete + - patch +- apiGroups: + - route.openshift.io + resources: + - routes + verbs: + - get + - list + - watch + - create + - delete + - update +- apiGroups: + - apps.openshift.io + resources: + - deploymentconfigs + verbs: + - get + - list + - watch +- apiGroups: + - networking.k8s.io + resources: + - ingresses + - networkpolicies + verbs: + - get + - list + - watch + - create + - delete +- apiGroups: + - projectcontour.io + resources: + - httpproxies + verbs: + - get + - list + - watch + - create + - delete +- apiGroups: + - rbac.authorization.k8s.io + resources: + - rolebindings + - roles + verbs: + - get + - list + - watch + - create + - delete + - update +- apiGroups: + - skupper.io + resources: + - sites + - sites/status + - links + - links/status + - accesstokens + - accesstokens/status + - accessgrants + - accessgrants/status + - listeners + - listeners/status + - connectors + - connectors/status + - attachedconnectors + - attachedconnectors/status + - attachedconnectoranchors + - attachedconnectoranchors/status + - routeraccesses + - routeraccesses/status + - securedaccesses + - securedaccesses/status + - certificates + - certificates/status + verbs: + - get + - list + - watch + - create + - update + - delete +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + application: skupper-controller + name: skupper-controller +subjects: +- kind: ServiceAccount + name: skupper-controller +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: skupper-controller +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: skupper-controller +spec: + replicas: 1 + selector: + matchLabels: + application: skupper-controller + template: + metadata: + labels: + app.kubernetes.io/part-of: skupper + application: skupper-controller + spec: + serviceAccountName: skupper-controller + securityContext: + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + containers: + - name: controller + image: {{.Values.controller.image}} + imagePullPolicy: Always + env: + - name: SKUPPER_ENABLE_GRANTS + value: "true" + - name: SKUPPER_CLAIMS_GET_BASE_URL_FROM + value: grs/skupper-grant-server + - name: SKUPPER_CLAIMS_TLS_CREDENTIALS_SECRET + value: skupper-grant-server + - name: SKUPPER_CONFIG_SYNC_IMAGE + value: quay.io/skupper/config-sync:v2-latest + - name: WATCH_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + securityContext: + capabilities: + drop: + - ALL + runAsNonRoot: true + allowPrivilegeEscalation: false + volumeMounts: + - name: tls-credentials + mountPath: /etc/controller + volumes: + - name: tls-credentials + emptyDir: {} +--- +apiVersion: skupper.io/v1alpha1 +kind: Certificate +metadata: + name: skupper-grant-server-ca +spec: + signing: true + ca: "" + subject: "grant server CA" +--- +apiVersion: skupper.io/v1alpha1 +kind: SecuredAccess +metadata: + name: skupper-grant-server +spec: + selector: + application: skupper-controller + ports: + - name: https + port: 9090 + issuer: skupper-grant-server-ca + certificate: skupper-grant-server diff --git a/deployments/helm/values.yaml b/deployments/helm/values.yaml new file mode 100644 index 000000000..e1bd4d140 --- /dev/null +++ b/deployments/helm/values.yaml @@ -0,0 +1,3 @@ +replicaCount: 1 +controller: + image: "quay.io/skupper/controller:v2-latest" \ No newline at end of file