diff --git a/charts/addon/templates/_helpers.tpl b/charts/addon/templates/_helpers.tpl index cba596b..d90ae51 100644 --- a/charts/addon/templates/_helpers.tpl +++ b/charts/addon/templates/_helpers.tpl @@ -76,6 +76,7 @@ Lists are merged by concatenating them rather than overwriting. {{- index . 1 | default list | concat $left | toYaml }} {{- else if kindIs (kindOf dict) $left }} {{- $right := index . 1 | default dict }} +{{- if or $left $right }} {{- range $key := concat (keys $left) (keys $right) | uniq }} {{ $key }}: {{- if and (hasKey $left $key) (hasKey $right $key) }} @@ -90,6 +91,9 @@ Lists are merged by concatenating them rather than overwriting. {{- end }} {{- end }} {{- else }} +{} +{{- end }} +{{- else }} {{- $right := index . 1 }} {{- kindIs "invalid" $right | ternary $left $right | toYaml }} {{- end }} @@ -303,6 +307,10 @@ hooks: postInstall: preDelete: postDelete: +# Extra containers to run as init containers +# These should include environment variables, volume mounts etc. if they need +# to target a remote cluster using kubeconfigSecret +extraInitContainers: [] backoffLimit: 1000 activeDeadlineSeconds: 3600 podSecurityContext: diff --git a/charts/addon/templates/_job-install.tpl b/charts/addon/templates/_job-install.tpl index 96c7ab1..6b4f29f 100644 --- a/charts/addon/templates/_job-install.tpl +++ b/charts/addon/templates/_job-install.tpl @@ -74,6 +74,9 @@ template: kubectl wait --for=condition=Complete job -n {{ $ctx.Release.Namespace }} -l "$LABELS" --all --timeout=-1s resources: {{ toYaml $config.resources | nindent 10 }} {{- end }} + {{- range $config.extraInitContainers }} + - {{ toYaml . | nindent 8 }} + {{- end }} containers: - name: install image: {{ printf "%s:%s" $config.image.repository (default $ctx.Chart.AppVersion $config.image.tag) }} diff --git a/charts/cluster-addons/templates/_helpers.tpl b/charts/cluster-addons/templates/_helpers.tpl index a91808a..04836ba 100644 --- a/charts/cluster-addons/templates/_helpers.tpl +++ b/charts/cluster-addons/templates/_helpers.tpl @@ -68,6 +68,28 @@ dependsOn: {{ nindent 2 }} uninstallHookWeight: {{ include "cluster-addons.uninstallHookWeight" . }} +{{- if and $ctx.Values.clusterApi (not (has $name $ctx.Values.categories.bootstrap)) }} +extraInitContainers: + - name: wait-for-capi-cluster + image: {{ + printf "%s:%s" + $ctx.Values.jobDefaults.image.repository + (default $ctx.Chart.AppVersion $ctx.Values.jobDefaults.image.tag) + }} + imagePullPolicy: {{ $ctx.Values.jobDefaults.image.pullPolicy }} + securityContext: {{ toYaml $ctx.Values.jobDefaults.securityContext | nindent 6 }} + args: + - kubectl + - wait + - --for=condition=Ready + - clusters.cluster.x-k8s.io + - {{ tpl $ctx.Values.clusterName $ctx }} + - --namespace + - {{ $ctx.Release.Namespace }} + - --timeout + - "-1s" + resources: {{ toYaml $ctx.Values.jobDefaults.resources | nindent 6 }} +{{- end }} {{- end }} {{/* diff --git a/charts/cluster-addons/templates/extra-addons.yaml b/charts/cluster-addons/templates/extra-addons.yaml index db9e4ce..d856125 100644 --- a/charts/cluster-addons/templates/extra-addons.yaml +++ b/charts/cluster-addons/templates/extra-addons.yaml @@ -9,6 +9,7 @@ "enabled" "dependsOn" "uninstallHookWeight" + "extraInitContainers" }} {{- include "cluster-addons.job.defaults" (list $ctx $name) | diff --git a/charts/cluster-addons/templates/rbac/role.yaml b/charts/cluster-addons/templates/rbac/role.yaml index 4549ef4..5087bdb 100644 --- a/charts/cluster-addons/templates/rbac/role.yaml +++ b/charts/cluster-addons/templates/rbac/role.yaml @@ -21,4 +21,14 @@ rules: - get - watch - patch + {{- if .Values.clusterApi }} + - apiGroups: + - cluster.x-k8s.io + resources: + - clusters + verbs: + - list + - get + - watch + {{- end }} {{- end }} diff --git a/charts/cluster-addons/values.yaml b/charts/cluster-addons/values.yaml index 6500317..84a18c9 100644 --- a/charts/cluster-addons/values.yaml +++ b/charts/cluster-addons/values.yaml @@ -6,6 +6,11 @@ clusterName: "{{ .Release.Name }}" # This is treated as a template at rendering time kubernetesVersion: v1.22 +# Indicates whether the addons are being deployed as part of a Cluster API cluster +# If true then addons will wait for the cluster to become ready before installing, except +# for the bootstrap addons which just wait for the API to become available +clusterApi: false + # Details of a secret containing a kubeconfig file for a remote cluster # If given, this is used in preference to a service account kubeconfigSecret: @@ -45,17 +50,18 @@ serviceAccount: # Defaults for job settings # In all cases, the defaults for the version of the addons chart in use are used # See the values for the addons chart for details -jobDefaults: {} - # image: - # repository: - # tag: - # pullPolicy: +jobDefaults: + image: + repository: ghcr.io/stackhpc/k8s-utils + tag: # Defaults to chart appVersion if not given + pullPolicy: IfNotPresent + securityContext: + allowPrivilegeEscalation: false + resources: {} # imagePullSecrets: # backoffLimit: # activeDeadlineSeconds: # podSecurityContext: - # securityContext: - # resources: # hostNetwork: # tolerations: # nodeSelector: diff --git a/charts/openstack-cluster/values.yaml b/charts/openstack-cluster/values.yaml index 4cbb37a..f167844 100644 --- a/charts/openstack-cluster/values.yaml +++ b/charts/openstack-cluster/values.yaml @@ -223,6 +223,10 @@ nodeGroups: addons: # Indicates if cluster addons should be deployed enabled: true + # Indicates to the cluster addons that they are being deployed as part of a Cluster API cluster + # This means that they will wait for the control plane to stabilise before installing, except + # for the bootstrap addons which just wait for it be become available + clusterApi: true clusterName: "{{ include \"openstack-cluster.clusterName\" . }}" # The Kubernetes version for the addons should be v. kubernetesVersion: "v{{ .Values.global.kubernetesVersion | splitList \".\" | reverse | rest | reverse | join \".\" }}"