[Feature] Kustomization support (#578)

Author: ajanikow

CHANGELOG.md

@@ -4,6 +4,8 @@
 - Add Encryption Key rotation feature for ArangoDB EE 3.7+
 - Improve TLS CA and Keyfile rotation for CE and EE
 - Add runtime TLS rotation for ArangoDB EE 3.7+
+- Add Kustomize support
+- Improve Helm 3 support
 
 ## [1.0.3](https://github.com/arangodb/kube-arangodb/tree/1.0.3) (2020-05-25)
 - Prevent deletion of not known PVC's

Makefile

@@ -33,6 +33,10 @@ DOCKERDURATIONTESTFILE := tests/duration/Dockerfile
 
 HELM ?= $(shell which helm)
 
+UPPER = $(shell echo '$1' | tr '[:lower:]' '[:upper:]')
+LOWER = $(shell echo '$1' | tr '[:upper:]' '[:lower:]')
+UPPER_ENV = $(shell echo '$1' | tr '[:lower:]' '[:upper:]' | tr -d '-')
+
 .PHONY: helm
 helm:
 ifeq ($(HELM),)
@@ -73,7 +77,15 @@ MANIFESTPATHDEPLOYMENT := manifests/arango-deployment$(MANIFESTSUFFIX).yaml
 MANIFESTPATHDEPLOYMENTREPLICATION := manifests/arango-deployment-replication$(MANIFESTSUFFIX).yaml
 MANIFESTPATHBACKUP := manifests/arango-backup$(MANIFESTSUFFIX).yaml
 MANIFESTPATHSTORAGE := manifests/arango-storage$(MANIFESTSUFFIX).yaml
+MANIFESTPATHALL := manifests/arango-all$(MANIFESTSUFFIX).yaml
 MANIFESTPATHTEST := manifests/arango-test$(MANIFESTSUFFIX).yaml
+KUSTOMIZEPATHCRD := manifests/kustomize/crd/arango-crd$(MANIFESTSUFFIX).yaml
+KUSTOMIZEPATHDEPLOYMENT := manifests/kustomize/deployment/arango-deployment$(MANIFESTSUFFIX).yaml
+KUSTOMIZEPATHDEPLOYMENTREPLICATION := manifests/kustomize/deployment-replication/arango-deployment-replication$(MANIFESTSUFFIX).yaml
+KUSTOMIZEPATHBACKUP := manifests/kustomize/backup/arango-backup$(MANIFESTSUFFIX).yaml
+KUSTOMIZEPATHSTORAGE := manifests/kustomize/storage/arango-storage$(MANIFESTSUFFIX).yaml
+KUSTOMIZEPATHALL := manifests/kustomize/all/arango-all$(MANIFESTSUFFIX).yaml
+KUSTOMIZEPATHTEST := manifests/kustomize/test/arango-test$(MANIFESTSUFFIX).yaml
 ifndef DEPLOYMENTNAMESPACE
 	DEPLOYMENTNAMESPACE := default
 endif
@@ -272,81 +284,77 @@ endif
 
 # Manifests
 
-.PHONY: manifests-crd
-manifests-crd: export CHART_NAME := kube-arangodb-crd
-manifests-crd: export NAME := crd
-manifests-crd: helm
-	@echo Building manifests for CRD - $(MANIFESTPATHCRD)
-	@$(HELM_CMD) > "$(MANIFESTPATHCRD)"
-
-.PHONY: manifests-test
-manifests-test: export CHART_NAME := kube-arangodb-test
-manifests-test: export NAME := arangodb-test
-manifests-test: helm
-	@echo Building manifests for test - $(MANIFESTPATHTEST)
-	@$(HELM_CMD) > "$(MANIFESTPATHTEST)"
-
-.PHONY: manifests-operator-deployment
-manifests-operator-deployment: export CHART_NAME := kube-arangodb
-manifests-operator-deployment: export NAME := deployment
-manifests-operator-deployment: helm
-	@echo Building manifests for Operator Deployment - $(MANIFESTPATHDEPLOYMENT)
-	@$(HELM_CMD) \
-	     --set "operator.features.deployment=true" \
-	     --set "operator.features.deploymentReplications=false" \
-	     --set "operator.features.storage=false" \
-	     --set "operator.features.backup=false" > "$(MANIFESTPATHDEPLOYMENT)"
-
-.PHONY: manifests-operator-deployment-replication
-manifests-operator-deployment-replication: export CHART_NAME := kube-arangodb
-manifests-operator-deployment-replication: export NAME := deployment-replication
-manifests-operator-deployment-replication: helm
-	@echo Building manifests for Operator Deployment Replication - $(MANIFESTPATHDEPLOYMENTREPLICATION)
-	@$(HELM_CMD) \
-	     --set "operator.features.deployment=false" \
-	     --set "operator.features.deploymentReplications=true" \
-	     --set "operator.features.storage=false" \
-	     --set "operator.features.backup=false" > "$(MANIFESTPATHDEPLOYMENTREPLICATION)"
-
-.PHONY: manifests-operator-storage
-manifests-operator-storage: export CHART_NAME := kube-arangodb
-manifests-operator-storage: export NAME := storage
-manifests-operator-storage: helm
-	@echo Building manifests for Operator Storage - $(MANIFESTPATHSTORAGE)
-	@$(HELM_CMD) \
-	     --set "operator.features.deployment=false" \
-	     --set "operator.features.deploymentReplications=false" \
-	     --set "operator.features.storage=true" \
-	     --set "operator.features.backup=false" > "$(MANIFESTPATHSTORAGE)"
-
-.PHONY: manifests-operator-backup
-manifests-operator-backup: export CHART_NAME := kube-arangodb
-manifests-operator-backup: export NAME := backup
-manifests-operator-backup: helm
-	@echo Building manifests for Operator Backup - $(MANIFESTPATHBACKUP)
-	@$(HELM_CMD) \
-	     --set "operator.features.deployment=false" \
-	     --set "operator.features.deploymentReplications=false" \
-	     --set "operator.features.storage=false" \
-	     --set "operator.features.backup=true" > "$(MANIFESTPATHBACKUP)"
-
-.PHONY: manifests-operator
-manifests-operator: manifests-operator-deployment manifests-operator-deployment-replication manifests-operator-storage manifests-operator-backup
+define manifest-generator
+$(eval _TARGET:=$(call LOWER,$1))
+$(eval _ENV:=$(call UPPER_ENV,$1))
+.PHONY: manifests-$(_TARGET)-file
+manifests-$(_TARGET)-file: export CHART_NAME := $2
+manifests-$(_TARGET)-file: export NAME := $(_TARGET)
+manifests-$(_TARGET)-file: helm
+	@echo Building manifests for $(_ENV) - $$(MANIFESTPATH$(_ENV))
+	@$$(HELM_CMD) $3 > "$$(MANIFESTPATH$(_ENV))"
+manifests: manifests-$(_TARGET)-file
+
+.PHONY: manifests-$(_TARGET)-kustomize
+manifests-$(_TARGET)-kustomize: export CHART_NAME := $2
+manifests-$(_TARGET)-kustomize: export NAME := $(_TARGET)
+manifests-$(_TARGET)-kustomize: helm
+	@echo Building kustomize manifests for $(_ENV) - $$(KUSTOMIZEPATH$(_ENV))
+	@$$(HELM_CMD) $3 > "$$(KUSTOMIZEPATH$(_ENV))"
+manifests: manifests-$(_TARGET)-kustomize
+endef
+
+.PHONY: manifests
+manifests:
+
+$(eval $(call manifest-generator, crd, kube-arangodb-crd))
+
+$(eval $(call manifest-generator, test, kube-arangodb-test))
+
+$(eval $(call manifest-generator, deployment, kube-arangodb, \
+       --set "operator.features.deployment=true" \
+	   --set "operator.features.deploymentReplications=false" \
+	   --set "operator.features.storage=false" \
+	   --set "operator.features.backup=false"))
+
+$(eval $(call manifest-generator, deployment-replication, kube-arangodb, \
+       --set "operator.features.deployment=false" \
+       --set "operator.features.deploymentReplications=true" \
+       --set "operator.features.storage=false" \
+       --set "operator.features.backup=false"))
+
+$(eval $(call manifest-generator, storage, kube-arangodb, \
+       --set "operator.features.deployment=false" \
+       --set "operator.features.deploymentReplications=false" \
+       --set "operator.features.storage=true" \
+       --set "operator.features.backup=false"))
+
+$(eval $(call manifest-generator, backup, kube-arangodb, \
+       --set "operator.features.deployment=false" \
+       --set "operator.features.deploymentReplications=false" \
+       --set "operator.features.storage=false" \
+       --set "operator.features.backup=true"))
+
+$(eval $(call manifest-generator, all, kube-arangodb, \
+       --set "operator.features.deployment=true" \
+       --set "operator.features.deploymentReplications=true" \
+       --set "operator.features.storage=true" \
+       --set "operator.features.backup=true"))
 
 .PHONY: chart-crd
 chart-crd: export CHART_NAME := kube-arangodb-crd
 chart-crd: helm
 	@mkdir -p "$(ROOTDIR)/bin/charts"
 	@$(HELM_PACKAGE_CMD)
+manifests: chart-crd
 
 .PHONY: chart-operator
 chart-operator: export CHART_NAME := kube-arangodb
 chart-operator: helm
 	@mkdir -p "$(ROOTDIR)/bin/charts"
 	@$(HELM_PACKAGE_CMD)
 
-.PHONY: manifests
-manifests: helm manifests-crd manifests-operator manifests-test chart-crd chart-operator
+manifests: chart-operator
 
 # Testing
 

README.md

@@ -86,6 +86,25 @@ kubectl apply -f https://raw.githubusercontent.com/arangodb/kube-arangodb/1.0.3/
 This procedure can also be used for upgrades and will not harm any
 running ArangoDB deployments.
 
+## Installation of latest release using kustomize
+
+Installation using [kustomize](https://kubernetes.io/docs/tasks/manage-kubernetes-objects/kustomization/) looks like installation from yaml files,
+but user is allowed to modify namespace or resource names without yaml modifications.
+
+IT is recommended to use kustomization instead of handcrafting namespace in yaml files - kustomization will replace not only resource namespaces,
+but also namespace references in resources like ClusterRoleBinding.
+
+Example kustomization file:
+```
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+namespace: my-custom-namespace
+
+bases:
+  - https://github.com/arangodb/kube-arangodb/manifests/kustomize/deployment/?ref=1.0.3
+```
+
 ## Installation of latest release using Helm
 
 Only use this procedure for a new install of the operator. See below for

chart/kube-arangodb/templates/_helpers.tpl

@@ -34,3 +34,14 @@ Create the name of the Operator RBAC role
 {{- define "kube-arangodb.rbac" -}}
 {{- printf "%s-%s" (include "kube-arangodb.operatorName" .) "rbac" | trunc 63 | trimSuffix "-" -}}
 {{- end -}}
+
+{{/*
+Create the name of the Operator Cluster resources
+*/}}
+{{- define "kube-arangodb.rbac-cluster" -}}
+{{- if eq .Release.Namespace "default" -}}
+{{- printf "%s-rbac" (include "kube-arangodb.operatorName" .) | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s-rbac" (include "kube-arangodb.operatorName" .) .Release.Namespace | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}

chart/kube-arangodb/templates/backup-operator/cluster-role-binding.yaml

@@ -4,8 +4,7 @@
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
-    name: {{ template "kube-arangodb.rbac" . }}-storage
-    namespace: {{ .Release.Namespace }}
+    name: {{ template "kube-arangodb.rbac-cluster" . }}-backup
     labels:
         app.kubernetes.io/name: {{ template "kube-arangodb.name" . }}
         helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }}
@@ -15,7 +14,7 @@ metadata:
 roleRef:
     apiGroup: rbac.authorization.k8s.io
     kind: ClusterRole
-    name: {{ template "kube-arangodb.rbac" . }}-backup
+    name: {{ template "kube-arangodb.rbac-cluster" . }}-backup
 subjects:
     - kind: ServiceAccount
       name: {{ template "kube-arangodb.operatorName" . }}

chart/kube-arangodb/templates/backup-operator/cluster-role.yaml

@@ -4,8 +4,7 @@
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
-    name: {{ template "kube-arangodb.rbac" . }}-backup
-    namespace: {{ .Release.Namespace }}
+    name: {{ template "kube-arangodb.rbac-cluster" . }}-backup
     labels:
         app.kubernetes.io/name: {{ template "kube-arangodb.name" . }}
         helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }}

chart/kube-arangodb/templates/deployment-operator/cluster-role-binding.yaml

@@ -4,8 +4,7 @@
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
-    name: {{ template "kube-arangodb.rbac" . }}-deployment
-    namespace: {{ .Release.Namespace }}
+    name: {{ template "kube-arangodb.rbac-cluster" . }}-deployment
     labels:
         app.kubernetes.io/name: {{ template "kube-arangodb.name" . }}
         helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }}
@@ -15,7 +14,7 @@ metadata:
 roleRef:
     apiGroup: rbac.authorization.k8s.io
     kind: ClusterRole
-    name: {{ template "kube-arangodb.rbac" . }}-deployment
+    name: {{ template "kube-arangodb.rbac-cluster" . }}-deployment
 subjects:
     - kind: ServiceAccount
       name: {{ template "kube-arangodb.operatorName" . }}

chart/kube-arangodb/templates/deployment-operator/cluster-role.yaml

@@ -4,8 +4,7 @@
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
-    name: {{ template "kube-arangodb.rbac" . }}-deployment
-    namespace: {{ .Release.Namespace }}
+    name: {{ template "kube-arangodb.rbac-cluster" . }}-deployment
     labels:
         app.kubernetes.io/name: {{ template "kube-arangodb.name" . }}
         helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }}

chart/kube-arangodb/templates/deployment-replications-operator/cluster-role-binding.yaml

@@ -5,7 +5,6 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
     name: {{ template "kube-arangodb.rbac" . }}-deployment-replication
-    namespace: {{ .Release.Namespace }}
     labels:
         app.kubernetes.io/name: {{ template "kube-arangodb.name" . }}
         helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }}
@@ -15,7 +14,7 @@ metadata:
 roleRef:
     apiGroup: rbac.authorization.k8s.io
     kind: ClusterRole
-    name: {{ template "kube-arangodb.rbac" . }}-deployment-replication
+    name: {{ template "kube-arangodb.rbac-cluster" . }}-deployment-replication
 subjects:
     - kind: ServiceAccount
       name: {{ template "kube-arangodb.operatorName" . }}

chart/kube-arangodb/templates/deployment-replications-operator/cluster-role.yaml

@@ -4,8 +4,7 @@
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
-    name: {{ template "kube-arangodb.rbac" . }}-deployment-replication
-    namespace: {{ .Release.Namespace }}
+    name: {{ template "kube-arangodb.rbac-cluster" . }}-deployment-replication
     labels:
         app.kubernetes.io/name: {{ template "kube-arangodb.name" . }}
         helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }}