chore(helm): support installation using --wait option

2026-03-02 09:40:47 +00:00 · 2022-10-22 09:47:08 +02:00
7 changed files with 77 additions and 29 deletions
--- a/charts/kamaji/Chart.yaml
+++ b/charts/kamaji/Chart.yaml
@@ -19,7 +19,7 @@ name: kamaji
 sources:
 - https://github.com/clastix/kamaji
 type: application
-version: 0.10.0
+version: 0.10.1
 annotations:
  catalog.cattle.io/certified: partner
  catalog.cattle.io/release-name: kamaji
--- a/charts/kamaji/README.md
+++ b/charts/kamaji/README.md
@@ -1,6 +1,6 @@
 # kamaji

-![Version: 0.10.0](https://img.shields.io/badge/Version-0.10.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v0.1.1](https://img.shields.io/badge/AppVersion-v0.1.1-informational?style=flat-square)
+![Version: 0.10.1](https://img.shields.io/badge/Version-0.10.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v0.1.1](https://img.shields.io/badge/AppVersion-v0.1.1-informational?style=flat-square)

 Kamaji is a tool aimed to build and operate a Managed Kubernetes Service with a fraction of the operational burden. With Kamaji, you can deploy and operate hundreds of Kubernetes clusters as a hyper-scaler.

--- a/charts/kamaji/templates/etcd_cm.yaml
+++ b/charts/kamaji/templates/etcd_cm.yaml
@@ -6,6 +6,10 @@ metadata:
    {{- include "etcd.labels" . | nindent 4 }}
  name: {{ include "etcd.csrConfigMapName" . }}
  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": pre-install
+    "helm.sh/hook-weight": "-5"
+    "helm.sh/hook-delete-policy": "hook-succeeded,hook-failed"
 data:
  ca-csr.json: |-
    {
--- a/charts/kamaji/templates/etcd_job_postinstall.yaml
+++ b/charts/kamaji/templates/etcd_job_postinstall.yaml
@@ -18,35 +18,13 @@ spec:
      serviceAccountName: {{ include "etcd.serviceAccountName" . }}
      restartPolicy: Never
      initContainers:
-        - name: cfssl
-          image: cfssl/cfssl:latest
-          command:
-            - bash
-            - -c
-            - |-
-              cfssl gencert -initca /csr/ca-csr.json | cfssljson -bare /certs/ca &&
-              mv /certs/ca.pem /certs/ca.crt && mv /certs/ca-key.pem /certs/ca.key &&
-              cfssl gencert -ca=/certs/ca.crt -ca-key=/certs/ca.key -config=/csr/config.json -profile=peer-authentication /csr/peer-csr.json | cfssljson -bare /certs/peer &&
-              cfssl gencert -ca=/certs/ca.crt -ca-key=/certs/ca.key -config=/csr/config.json -profile=peer-authentication /csr/server-csr.json | cfssljson -bare /certs/server &&
-              cfssl gencert -ca=/certs/ca.crt -ca-key=/certs/ca.key -config=/csr/config.json -profile=client-authentication /csr/root-client-csr.json | cfssljson -bare /certs/root-client
-          volumeMounts:
-            - mountPath: /certs
-              name: certs
-            - mountPath: /csr
-              name: csr
        - name: kubectl
          image: {{ printf "clastix/kubectl:%s" (include "etcd.jobsTagKubeVersion" .) }}
          command:
            - sh
            - -c
            - |-
-              kubectl --namespace={{ .Release.Namespace }} delete secret --ignore-not-found=true {{ include "etcd.caSecretName" . }} {{ include "etcd.clientSecretName" . }} &&
-              kubectl --namespace={{ .Release.Namespace }} create secret generic {{ include "etcd.caSecretName" . }} --from-file=/certs/ca.crt --from-file=/certs/ca.key --from-file=/certs/peer-key.pem --from-file=/certs/peer.pem --from-file=/certs/server-key.pem --from-file=/certs/server.pem &&
-              kubectl --namespace={{ .Release.Namespace }} create secret tls {{ include "etcd.clientSecretName" . }} --key=/certs/root-client-key.pem --cert=/certs/root-client.pem &&
              kubectl --namespace={{ .Release.Namespace }} rollout status sts/etcd --timeout=300s
-          volumeMounts:
-            - mountPath: /certs
-              name: certs
      containers:
        - command:
            - bash
@@ -82,10 +60,7 @@ spec:
        - name: root-certs
          secret:
            secretName: {{ include "etcd.clientSecretName" . }}
-            optional: true
-        - name: csr
-          configMap:
-            name: {{ include "etcd.csrConfigMapName" . }}
        - name: certs
-          emptyDir: {}
+          secret:
+            secretName: {{ include "etcd.caSecretName" . }}
 {{- end }}
--- a/charts/kamaji/templates/etcd_job_preinstall.yaml
+++ b/charts/kamaji/templates/etcd_job_preinstall.yaml
@@ -0,0 +1,60 @@
+{{- if .Values.etcd.deploy }}
+apiVersion: batch/v1
+kind: Job
+metadata:
+  labels:
+    {{- include "etcd.labels" . | nindent 4 }}
+  annotations:
+    "helm.sh/hook": pre-install
+    "helm.sh/hook-weight": "-5"
+    "helm.sh/hook-delete-policy": "hook-succeeded"
+  name: "{{ .Release.Name }}-etcd-certs"
+  namespace: {{ .Release.Namespace }}
+spec:
+  template:
+    metadata:
+      name: "{{ .Release.Name }}"
+    spec:
+      serviceAccountName: {{ include "etcd.serviceAccountName" . }}
+      restartPolicy: Never
+      initContainers:
+        - name: cfssl
+          image: cfssl/cfssl:latest
+          command:
+            - bash
+            - -c
+            - |-
+              cfssl gencert -initca /csr/ca-csr.json | cfssljson -bare /certs/ca &&
+              mv /certs/ca.pem /certs/ca.crt && mv /certs/ca-key.pem /certs/ca.key &&
+              cfssl gencert -ca=/certs/ca.crt -ca-key=/certs/ca.key -config=/csr/config.json -profile=peer-authentication /csr/peer-csr.json | cfssljson -bare /certs/peer &&
+              cfssl gencert -ca=/certs/ca.crt -ca-key=/certs/ca.key -config=/csr/config.json -profile=peer-authentication /csr/server-csr.json | cfssljson -bare /certs/server &&
+              cfssl gencert -ca=/certs/ca.crt -ca-key=/certs/ca.key -config=/csr/config.json -profile=client-authentication /csr/root-client-csr.json | cfssljson -bare /certs/root-client
+          volumeMounts:
+            - mountPath: /certs
+              name: certs
+            - mountPath: /csr
+              name: csr
+      containers:
+        - name: kubectl
+          image: {{ printf "clastix/kubectl:%s" (include "etcd.jobsTagKubeVersion" .) }}
+          command:
+            - sh
+            - -c
+            - |-
+              kubectl --namespace={{ .Release.Namespace }} delete secret --ignore-not-found=true {{ include "etcd.caSecretName" . }} {{ include "etcd.clientSecretName" . }} &&
+              kubectl --namespace={{ .Release.Namespace }} create secret generic {{ include "etcd.caSecretName" . }} --from-file=/certs/ca.crt --from-file=/certs/ca.key --from-file=/certs/peer-key.pem --from-file=/certs/peer.pem --from-file=/certs/server-key.pem --from-file=/certs/server.pem &&
+              kubectl --namespace={{ .Release.Namespace }} create secret tls {{ include "etcd.clientSecretName" . }} --key=/certs/root-client-key.pem --cert=/certs/root-client.pem
+          volumeMounts:
+            - mountPath: /certs
+              name: certs
+      securityContext:
+        runAsUser: 1000
+        runAsGroup: 1000
+        fsGroup: 1000
+      volumes:
+        - name: csr
+          configMap:
+            name: {{ include "etcd.csrConfigMapName" . }}
+        - name: certs
+          emptyDir: {}
+{{- end }}
--- a/charts/kamaji/templates/etcd_rbac.yaml
+++ b/charts/kamaji/templates/etcd_rbac.yaml
@@ -5,6 +5,9 @@ metadata:
  labels:
    {{- include "etcd.labels" . | nindent 4 }}
  name: etcd-gen-certs-role
+  annotations:
+    "helm.sh/hook": pre-install
+    "helm.sh/hook-weight": "-5"
  namespace: {{ .Release.Namespace }}
 rules:
  - apiGroups:
@@ -38,6 +41,9 @@ metadata:
    {{- include "etcd.labels" . | nindent 4 }}
  name: etcd-gen-certs-rolebiding
  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": pre-install
+    "helm.sh/hook-weight": "-5"
 roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
--- a/charts/kamaji/templates/etcd_sa.yaml
+++ b/charts/kamaji/templates/etcd_sa.yaml
@@ -5,5 +5,8 @@ metadata:
  labels:
    {{- include "etcd.labels" . | nindent 4 }}
  name: {{ include "etcd.serviceAccountName" . }}
+  annotations:
+    "helm.sh/hook": pre-install
+    "helm.sh/hook-weight": "-5"
  namespace: {{ .Release.Namespace }}
 {{- end }}