From d2f3cfda2494ac8ed382ed5e21ffb594889a9a5d Mon Sep 17 00:00:00 2001 From: Dario Tranchitella Date: Sun, 11 Aug 2024 10:40:37 +0200 Subject: [PATCH] feat(helm)!: kamaji-etcd chart dependency (#529) * feat(helm)!: kamaji-etcd chart dependency Signed-off-by: Dario Tranchitella * chore(ci): building dependencies prior linting Signed-off-by: Dario Tranchitella * chore(make): building helm dependencies prior e2e Signed-off-by: Dario Tranchitella --------- Signed-off-by: Dario Tranchitella --- .github/workflows/helm.yaml | 4 + .gitignore | 1 + Makefile | 2 + charts/kamaji/Chart.lock | 6 + charts/kamaji/Chart.yaml | 27 +++- charts/kamaji/README.md | 53 ++----- .../kamaji/templates/_helpers_datastore.tpl | 94 ------------ charts/kamaji/templates/_helpers_etcd.tpl | 142 ------------------ charts/kamaji/templates/controller.yaml | 6 +- charts/kamaji/templates/datastore.yaml | 33 ---- charts/kamaji/templates/etcd_cm.yaml | 98 ------------ .../kamaji/templates/etcd_job_postdelete.yaml | 35 ----- .../templates/etcd_job_postinstall.yaml | 74 --------- .../kamaji/templates/etcd_job_preinstall.yaml | 72 --------- charts/kamaji/templates/etcd_rbac.yaml | 56 ------- charts/kamaji/templates/etcd_sa.yaml | 12 -- charts/kamaji/templates/etcd_service.yaml | 18 --- charts/kamaji/templates/etcd_sts.yaml | 101 ------------- charts/kamaji/values.yaml | 132 ++-------------- 19 files changed, 64 insertions(+), 902 deletions(-) create mode 100644 charts/kamaji/Chart.lock delete mode 100644 charts/kamaji/templates/_helpers_datastore.tpl delete mode 100644 charts/kamaji/templates/_helpers_etcd.tpl delete mode 100644 charts/kamaji/templates/datastore.yaml delete mode 100644 charts/kamaji/templates/etcd_cm.yaml delete mode 100644 charts/kamaji/templates/etcd_job_postdelete.yaml delete mode 100644 charts/kamaji/templates/etcd_job_postinstall.yaml delete mode 100644 charts/kamaji/templates/etcd_job_preinstall.yaml delete mode 100644 charts/kamaji/templates/etcd_rbac.yaml delete mode 100644 charts/kamaji/templates/etcd_sa.yaml delete mode 100644 charts/kamaji/templates/etcd_service.yaml delete mode 100644 charts/kamaji/templates/etcd_sts.yaml diff --git a/.github/workflows/helm.yaml b/.github/workflows/helm.yaml index 54da9f8..4c70b46 100644 --- a/.github/workflows/helm.yaml +++ b/.github/workflows/helm.yaml @@ -25,6 +25,10 @@ jobs: - uses: azure/setup-helm@v1 with: version: 3.3.4 + - name: Building dependencies + run: |- + helm repo add clastix https://clastix.github.io/charts + helm dependency build ./charts/kamaji - name: Linting Chart run: helm lint ./charts/kamaji release: diff --git a/.gitignore b/.gitignore index 4897247..223a16f 100644 --- a/.gitignore +++ b/.gitignore @@ -37,3 +37,4 @@ bin **/server-csr.json !deploy/kine/mysql/server-csr.json !deploy/kine/nats/server-csr.json +charts/kamaji/charts diff --git a/Makefile b/Makefile index d4af2db..126bb60 100644 --- a/Makefile +++ b/Makefile @@ -307,6 +307,8 @@ env: .PHONY: e2e e2e: env load helm ginkgo cert-manager ## Create a KinD cluster, install Kamaji on it and run the test suite. + $(HELM) repo add clastix https://clastix.github.io/charts + $(HELM) dependency build ./charts/kamaji $(HELM) upgrade --debug --install kamaji ./charts/kamaji --create-namespace --namespace kamaji-system --set "image.pullPolicy=Never" --set "telemetry.disabled=true" $(MAKE) datastores $(GINKGO) -v ./e2e diff --git a/charts/kamaji/Chart.lock b/charts/kamaji/Chart.lock new file mode 100644 index 0000000..f60ef4f --- /dev/null +++ b/charts/kamaji/Chart.lock @@ -0,0 +1,6 @@ +dependencies: +- name: kamaji-etcd + repository: https://clastix.github.io/charts + version: 0.7.0 +digest: sha256:f04e6647b87e590b69b986df93d7060f866670d83ff2988fcdb896f440d1ab72 +generated: "2024-08-10T18:12:21.800380631+02:00" diff --git a/charts/kamaji/Chart.yaml b/charts/kamaji/Chart.yaml index eba0730..e93e585 100644 --- a/charts/kamaji/Chart.yaml +++ b/charts/kamaji/Chart.yaml @@ -17,8 +17,33 @@ name: kamaji sources: - https://github.com/clastix/kamaji type: application -version: 1.0.0 +version: 2.0.0 +dependencies: +- name: kamaji-etcd + repository: https://clastix.github.io/charts + version: 0.7.0 + condition: kamaji-etcd.deploy annotations: catalog.cattle.io/certified: partner catalog.cattle.io/release-name: kamaji catalog.cattle.io/display-name: Kamaji + artifacthub.io/crds: | + - kind: TenantControlPlane + version: v1alpha1 + name: tenantcontrolplanes.kamaji.clastix.io + displayName: TenantControlPlane + description: TenantControlPlane defines the desired state for a Control Plane backed by Kamaji. + - kind: DataStore + version: v1alpha1 + name: datastores.kamaji.clastix.io + displayName: DataStore + description: DataStores is holding all the required details to communicate with a Datastore, such as etcd, MySQL, PostgreSQL, and NATS. + artifacthub.io/links: | + - name: CLASTIX + url: https://clastix.io + - name: support + url: https://clastix.io/support + artifacthub.io/operator: "true" + artifacthub.io/operatorCapabilities: "full lifecycle" + artifacthub.io/changes: | + - Using dependency chart `kamaji-etcd` as a default DataStore. diff --git a/charts/kamaji/README.md b/charts/kamaji/README.md index 3d71b56..d8d1fa1 100644 --- a/charts/kamaji/README.md +++ b/charts/kamaji/README.md @@ -1,6 +1,6 @@ # kamaji -![Version: 1.0.0](https://img.shields.io/badge/Version-1.0.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v1.0.0](https://img.shields.io/badge/AppVersion-v1.0.0-informational?style=flat-square) +![Version: 2.0.0](https://img.shields.io/badge/Version-2.0.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v1.0.0](https://img.shields.io/badge/AppVersion-v1.0.0-informational?style=flat-square) Kamaji is the Hosted Control Plane Manager for Kubernetes. @@ -20,6 +20,10 @@ Kamaji is the Hosted Control Plane Manager for Kubernetes. Kubernetes: `>=1.21.0-0` +| Repository | Name | Version | +|------------|------|---------| +| https://clastix.github.io/charts | kamaji-etcd | 0.7.0 | + [Kamaji](https://github.com/clastix/kamaji) requires a [multi-tenant `etcd`](https://github.com/clastix/kamaji-internal/blob/master/deploy/getting-started-with-kamaji.md#setup-internal-multi-tenant-etcd) cluster. This Helm Chart starting from v0.1.1 provides the installation of an internal `etcd` in order to streamline the local test. If you'd like to use an externally managed etcd instance, you can specify the overrides and by setting the value `etcd.deploy=false`. @@ -66,48 +70,8 @@ Here the values you can override: | Key | Type | Default | Description | |-----|------|---------|-------------| | affinity | object | `{}` | Kubernetes affinity rules to apply to Kamaji controller pods | -| cfssl.image.repository | string | `"cfssl/cfssl"` | | -| cfssl.image.tag | string | `"latest"` | | -| datastore.basicAuth.passwordSecret.keyPath | string | `nil` | The Secret key where the data is stored. | -| datastore.basicAuth.passwordSecret.name | string | `nil` | The name of the Secret containing the password used to connect to the relational database. | -| datastore.basicAuth.passwordSecret.namespace | string | `nil` | The namespace of the Secret containing the password used to connect to the relational database. | -| datastore.basicAuth.usernameSecret.keyPath | string | `nil` | The Secret key where the data is stored. | -| datastore.basicAuth.usernameSecret.name | string | `nil` | The name of the Secret containing the username used to connect to the relational database. | -| datastore.basicAuth.usernameSecret.namespace | string | `nil` | The namespace of the Secret containing the username used to connect to the relational database. | -| datastore.driver | string | `"etcd"` | (string) The Kamaji Datastore driver, supported: etcd, MySQL, PostgreSQL (defaults=etcd). | -| datastore.enabled | bool | `true` | (bool) Enable the Kamaji Datastore creation (default=true) | -| datastore.endpoints | list | `[]` | (array) List of endpoints of the selected Datastore. When letting the Chart install the etcd datastore, this field is populated automatically. | -| datastore.nameOverride | string | `nil` | The Datastore name override, if empty and enabled=true defaults to `default`, if enabled=false, this is the name of the Datastore to connect to. | -| datastore.tlsConfig.certificateAuthority.certificate.keyPath | string | `nil` | Key of the Secret which contains the content of the certificate. | -| datastore.tlsConfig.certificateAuthority.certificate.name | string | `nil` | Name of the Secret containing the CA required to establish the mandatory SSL/TLS connection to the datastore. | -| datastore.tlsConfig.certificateAuthority.certificate.namespace | string | `nil` | Namespace of the Secret containing the CA required to establish the mandatory SSL/TLS connection to the datastore. | -| datastore.tlsConfig.certificateAuthority.privateKey.keyPath | string | `nil` | Key of the Secret which contains the content of the private key. | -| datastore.tlsConfig.certificateAuthority.privateKey.name | string | `nil` | Name of the Secret containing the CA private key required to establish the mandatory SSL/TLS connection to the datastore. | -| datastore.tlsConfig.certificateAuthority.privateKey.namespace | string | `nil` | Namespace of the Secret containing the CA private key required to establish the mandatory SSL/TLS connection to the datastore. | -| datastore.tlsConfig.clientCertificate.certificate.keyPath | string | `nil` | Key of the Secret which contains the content of the certificate. | -| datastore.tlsConfig.clientCertificate.certificate.name | string | `nil` | Name of the Secret containing the client certificate required to establish the mandatory SSL/TLS connection to the datastore. | -| datastore.tlsConfig.clientCertificate.certificate.namespace | string | `nil` | Namespace of the Secret containing the client certificate required to establish the mandatory SSL/TLS connection to the datastore. | -| datastore.tlsConfig.clientCertificate.privateKey.keyPath | string | `nil` | Key of the Secret which contains the content of the private key. | -| datastore.tlsConfig.clientCertificate.privateKey.name | string | `nil` | Name of the Secret containing the client certificate private key required to establish the mandatory SSL/TLS connection to the datastore. | -| datastore.tlsConfig.clientCertificate.privateKey.namespace | string | `nil` | Namespace of the Secret containing the client certificate private key required to establish the mandatory SSL/TLS connection to the datastore. | -| datastore.tlsConfig.enabled | bool | `true` | | -| etcd.deploy | bool | `true` | Install an etcd with enabled multi-tenancy along with Kamaji | -| etcd.image | object | `{"pullPolicy":"IfNotPresent","repository":"quay.io/coreos/etcd","tag":"v3.5.6"}` | Install specific etcd image | -| etcd.livenessProbe | object | `{"failureThreshold":8,"httpGet":{"path":"/health?serializable=true","port":2381,"scheme":"HTTP"},"initialDelaySeconds":10,"periodSeconds":10,"timeoutSeconds":15}` | The livenessProbe for the etcd container | -| etcd.overrides.caSecret.name | string | `"etcd-certs"` | Name of the secret which contains CA's certificate and private key. (default: "etcd-certs") | -| etcd.overrides.caSecret.namespace | string | `"kamaji-system"` | Namespace of the secret which contains CA's certificate and private key. (default: "kamaji-system") | -| etcd.overrides.clientSecret.name | string | `"root-client-certs"` | Name of the secret which contains ETCD client certificates. (default: "root-client-certs") | -| etcd.overrides.clientSecret.namespace | string | `"kamaji-system"` | Name of the namespace where the secret which contains ETCD client certificates is. (default: "kamaji-system") | -| etcd.overrides.endpoints | object | `{"etcd-0":"etcd-0.etcd.kamaji-system.svc.cluster.local","etcd-1":"etcd-1.etcd.kamaji-system.svc.cluster.local","etcd-2":"etcd-2.etcd.kamaji-system.svc.cluster.local"}` | (map) Dictionary of the endpoints for the etcd cluster's members, key is the name of the etcd server. Don't define the protocol (TLS is automatically inflected), or any port, inflected from .etcd.peerApiPort value. | -| etcd.peerApiPort | int | `2380` | The peer API port which servers are listening to. | -| etcd.persistence.accessModes[0] | string | `"ReadWriteOnce"` | | -| etcd.persistence.customAnnotations | object | `{}` | The custom annotations to add to the PVC | -| etcd.persistence.size | string | `"10Gi"` | | -| etcd.persistence.storageClassName | string | `""` | | -| etcd.port | int | `2379` | The client request port. | -| etcd.serviceAccount.create | bool | `true` | Create a ServiceAccount, required to install and provision the etcd backing storage (default: true) | -| etcd.serviceAccount.name | string | `""` | Define the ServiceAccount name to use during the setup and provision of the etcd backing storage (default: "") | -| etcd.tolerations | list | `[]` | (array) Kubernetes affinity rules to apply to Kamaji etcd pods | +| etcd.datastoreName | string | `"kamaji-etcd"` | (string) If the creation of an etcd instance is disabled, specify the default DataStore name for the Kamaji instance. | +| etcd.deploy | bool | `true` | (bool) Enable the creation of a local etcd instance as a default Datastore using the kamaji-etcd chart by CLASTIX. (default=true) | | extraArgs | list | `[]` | A list of extra arguments to add to the kamaji controller default ones | | fullnameOverride | string | `""` | | | healthProbeBindAddress | string | `":8081"` | The address the probe endpoint binds to. (default ":8081") | @@ -115,6 +79,9 @@ Here the values you can override: | image.repository | string | `"clastix/kamaji"` | The container image of the Kamaji controller. | | image.tag | string | `nil` | Overrides the image tag whose default is the chart appVersion. | | imagePullSecrets | list | `[]` | | +| kamaji-etcd.datastore.enabled | bool | `true` | | +| kamaji-etcd.datastore.name | string | `"default"` | | +| kamaji-etcd.fullnameOverride | string | `"kamaji-etcd"` | | | livenessProbe | object | `{"httpGet":{"path":"/healthz","port":"healthcheck"},"initialDelaySeconds":15,"periodSeconds":20}` | The livenessProbe for the controller container | | loggingDevel.enable | bool | `false` | (string) Development Mode defaults(encoder=consoleEncoder,logLevel=Debug,stackTraceLevel=Warn). Production Mode defaults(encoder=jsonEncoder,logLevel=Info,stackTraceLevel=Error) (default false) | | metricsBindAddress | string | `":8080"` | (string) The address the metric endpoint binds to. (default ":8080") | diff --git a/charts/kamaji/templates/_helpers_datastore.tpl b/charts/kamaji/templates/_helpers_datastore.tpl deleted file mode 100644 index 3ed2c16..0000000 --- a/charts/kamaji/templates/_helpers_datastore.tpl +++ /dev/null @@ -1,94 +0,0 @@ -{{/* -Create a default fully qualified datastore name. -*/}} -{{- define "datastore.fullname" -}} -{{- if .Values.datastore.enabled }} -{{- default "default" .Values.datastore.nameOverride | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- required "A valid .Values.datastore.nameOverride required!" .Values.datastore.nameOverride }} -{{- end }} -{{- end }} - -{{/* -Common labels -*/}} -{{- define "datastore.labels" -}} -kamaji.clastix.io/datastore: {{ .Values.datastore.driver }} -helm.sh/chart: {{ include "kamaji.chart" . }} -{{ include "kamaji.selectorLabels" . }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end }} - -{{/* -Datastore endpoints, in case of ETCD, retrieving the one provided by the chart. -*/}} -{{- define "datastore.endpoints" -}} -{{- if eq .Values.datastore.driver "etcd" }} -{{ include "etcd.endpoints" . }} -{{- else }} -{{ .Values.datastore.endpoints }} -{{- end }} -{{- end }} - -{{/* -The Certificate Authority section for the DataSource object. -*/}} -{{- define "datastore.certificateAuthority" -}} -{{- if eq .Values.datastore.driver "etcd" }} -certificate: - secretReference: - name: {{ include "etcd.caSecretName" . }} - namespace: {{ include "etcd.caSecretNamespace" . }} - keyPath: ca.crt -privateKey: - secretReference: - name: {{ include "etcd.caSecretName" . }} - namespace: {{ include "etcd.caSecretNamespace" . }} - keyPath: ca.key -{{- else }} -certificate: - secretReference: - name: {{ .Values.datastore.tlsConfig.certificateAuthority.certificate.name }} - namespace: {{ .Values.datastore.tlsConfig.certificateAuthority.certificate.namespace }} - keyPath: {{ .Values.datastore.tlsConfig.certificateAuthority.certificate.keyPath }} -{{- if .Values.datastore.tlsConfig.certificateAuthority.privateKey.name }} -privateKey: - secretReference: - name: {{ .Values.datastore.tlsConfig.certificateAuthority.privateKey.name }} - namespace: {{ .Values.datastore.tlsConfig.certificateAuthority.privateKey.namespace }} - keyPath: {{ .Values.datastore.tlsConfig.certificateAuthority.privateKey.keyPath }} -{{- end }} -{{- end }} -{{- end }} - -{{/* -The Client Certificate section for the DataSource object. -*/}} -{{- define "datastore.clientCertificate" -}} -{{- if eq .Values.datastore.driver "etcd" }} -certificate: - secretReference: - name: {{ include "etcd.clientSecretName" . }} - namespace: {{ include "etcd.clientSecretNamespace" . }} - keyPath: tls.crt -privateKey: - secretReference: - name: {{ include "etcd.clientSecretName" . }} - namespace: {{ include "etcd.clientSecretNamespace" . }} - keyPath: tls.key -{{- else }} -certificate: - secretReference: - name: {{ .Values.datastore.tlsConfig.clientCertificate.certificate.name }} - namespace: {{ .Values.datastore.tlsConfig.clientCertificate.certificate.namespace }} - keyPath: {{ .Values.datastore.tlsConfig.clientCertificate.certificate.keyPath }} -privateKey: - secretReference: - name: {{ .Values.datastore.tlsConfig.clientCertificate.privateKey.name }} - namespace: {{ .Values.datastore.tlsConfig.clientCertificate.privateKey.namespace }} - keyPath: {{ .Values.datastore.tlsConfig.clientCertificate.privateKey.keyPath }} -{{- end }} -{{- end }} diff --git a/charts/kamaji/templates/_helpers_etcd.tpl b/charts/kamaji/templates/_helpers_etcd.tpl deleted file mode 100644 index 2a6b524..0000000 --- a/charts/kamaji/templates/_helpers_etcd.tpl +++ /dev/null @@ -1,142 +0,0 @@ -{{/* -Create a default fully qualified etcd name. -*/}} -{{- define "etcd.fullname" -}} -{{- printf "etcd" }} -{{- end }} - -{{/* -Create the name of the service account to use -*/}} -{{- define "etcd.serviceAccountName" -}} -{{- if .Values.etcd.serviceAccount.create }} -{{- default (include "etcd.fullname" .) .Values.etcd.serviceAccount.name }} -{{- else }} -{{- default "default" .Values.etcd.serviceAccount.name }} -{{- end }} -{{- end }} - -{{/* -Create the name of the Service to use -*/}} -{{- define "etcd.serviceName" -}} -{{- printf "%s" (include "etcd.fullname" .) | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Common labels -*/}} -{{- define "etcd.labels" -}} -app.kubernetes.io/name: {{ include "kamaji.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -app.kubernetes.io/components: etcd -{{- end }} - -{{/* -Selector labels. -*/}} -{{- define "etcd.selectorLabels" -}} -app.kubernetes.io/name: {{ include "kamaji.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -app.kubernetes.io/component: etcd -{{- end }} - -{{/* -Name of the etcd CA secret. -*/}} -{{- define "etcd.caSecretName" }} -{{- if .Values.etcd.deploy }} -{{- printf "%s-%s" (include "etcd.fullname" .) "certs" | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- required "A valid .Values.etcd.overrides.caSecret.name required!" .Values.etcd.overrides.caSecret.name }} -{{- end }} -{{- end }} - -{{/* -Namespace of the etcd CA secret. -*/}} -{{- define "etcd.caSecretNamespace" }} -{{- if .Values.etcd.deploy }} -{{- .Release.Namespace }} -{{- else }} -{{- required "A valid .Values.etcd.overrides.caSecret.namespace required!" .Values.etcd.overrides.caSecret.namespace }} -{{- end }} -{{- end }} - -{{/* -Name of the certificate signing requests for the certificates required by etcd. -*/}} -{{- define "etcd.csrConfigMapName" }} -{{- printf "%s-csr" (include "etcd.fullname" .) }} -{{- end }} - -{{/* -Name of the etcd root-client secret. -*/}} -{{- define "etcd.clientSecretName" }} -{{- if .Values.etcd.deploy }} -{{- printf "root-client-certs" }} -{{- else }} -{{- required "A valid .Values.etcd.overrides.clientSecret.name required!" .Values.etcd.overrides.clientSecret.name }} -{{- end }} -{{- end }} - -{{/* -Namespace of the etcd root-client secret. -*/}} -{{- define "etcd.clientSecretNamespace" }} -{{- if .Values.etcd.deploy }} -{{- .Release.Namespace }} -{{- else }} -{{- required "A valid .Values.etcd.overrides.clientSecret.namespace required!" .Values.etcd.overrides.clientSecret.namespace }} -{{- end }} -{{- end }} - -{{/* -Comma separated list of etcd endpoints, using the overrides in case of unmanaged etcd. -*/}} -{{- define "etcd.endpoints" }} -{{- $list := list -}} -{{- if .Values.etcd.deploy }} - {{- range $count := until 3 -}} - {{- $list = append $list (printf "%s-%d.%s.%s.svc.cluster.local:%d" "etcd" $count ( include "etcd.serviceName" . ) $.Release.Namespace (int $.Values.etcd.port) ) -}} - {{- end }} -{{- else if .Values.etcd.overrides.endpoints }} - {{- range $v := .Values.etcd.overrides.endpoints -}} - {{- $list = append $list (printf "%s:%d" $v (int $.Values.etcd.port) ) -}} - {{- end -}} -{{- else if not .Values.etcd.overrides.endpoints }} - {{- fail "A valid .Values.etcd.overrides.endpoints required!" }} -{{- end }} -{{- $list | toYaml }} -{{- end }} - -{{/* -Key-value of the etcd peers, using the overrides in case of unmanaged etcd. -*/}} -{{- define "etcd.initialCluster" }} -{{- $list := list -}} -{{- if .Values.etcd.deploy }} - {{- range $i, $count := until 3 -}} - {{- $list = append $list ( printf "etcd-%d=https://%s-%d.%s.%s.svc.cluster.local:%d" $i "etcd" $count ( include "etcd.serviceName" . ) $.Release.Namespace (int $.Values.etcd.peerApiPort) ) -}} - {{- end }} -{{- else if .Values.etcd.overrides.endpoints }} - {{- range $k, $v := .Values.etcd.overrides.endpoints -}} - {{- $list = append $list ( printf "%s=%s:%d" $k $v (int $.Values.etcd.peerApiPort) ) -}} - {{- end -}} -{{- else if not .Values.etcd.overrides.endpoints }} - {{- fail "A valid .Values.etcd.overrides.endpoints required!" }} -{{- end }} -{{- join "," $list -}} -{{- end }} - -{{/* -Retrieve the current Kubernetes version to launch a kubectl container with the minimum version skew possible. -*/}} -{{- define "etcd.jobsTagKubeVersion" -}} -{{- if contains "-eks-" .Capabilities.KubeVersion.GitVersion }} -{{- print "v" .Capabilities.KubeVersion.Major "." (.Capabilities.KubeVersion.Minor | replace "+" "") -}} -{{- else }} -{{- print "v" .Capabilities.KubeVersion.Major "." .Capabilities.KubeVersion.Minor -}} -{{- end }} -{{- end }} diff --git a/charts/kamaji/templates/controller.yaml b/charts/kamaji/templates/controller.yaml index e1a73e6..6b77801 100644 --- a/charts/kamaji/templates/controller.yaml +++ b/charts/kamaji/templates/controller.yaml @@ -33,7 +33,11 @@ spec: - --leader-elect - --metrics-bind-address={{ .Values.metricsBindAddress }} - --tmp-directory={{ .Values.temporaryDirectoryPath }} - - --datastore={{ include "datastore.fullname" . }} + {{- if .Values.etcd.deploy }} + - --datastore={{ (index .Values "kamaji-etcd" "datastore").name }} + {{- else }} + - --datastore={{ required ".Values.etcd.datastoreName is required when etcd sub-chart is enabled!" .Values.etcd.datastoreName }} + {{- end }} {{- if .Values.telemetry.disabled }} - --disable-telemetry {{- end }} diff --git a/charts/kamaji/templates/datastore.yaml b/charts/kamaji/templates/datastore.yaml deleted file mode 100644 index 08631b9..0000000 --- a/charts/kamaji/templates/datastore.yaml +++ /dev/null @@ -1,33 +0,0 @@ -{{- if .Values.datastore.enabled}} -apiVersion: kamaji.clastix.io/v1alpha1 -kind: DataStore -metadata: - name: {{ include "datastore.fullname" . }} - annotations: - "helm.sh/hook": pre-install - labels: - {{- include "datastore.labels" . | nindent 4 }} -spec: - driver: {{ .Values.datastore.driver }} - endpoints: - {{- include "datastore.endpoints" . | indent 4 }} -{{- if (and .Values.datastore.basicAuth.usernameSecret.name .Values.datastore.basicAuth.passwordSecret.name) }} - basicAuth: - username: - secretReference: - {{- .Values.datastore.basicAuth.usernameSecret | toYaml | nindent 8 }} - password: - secretReference: - {{- .Values.datastore.basicAuth.passwordSecret | toYaml | nindent 8 }} -{{- end }} -{{- if .Values.datastore.tlsConfig.enabled }} - tlsConfig: - certificateAuthority: - {{- include "datastore.certificateAuthority" . | indent 6 }} - - {{- if .Values.datastore.tlsConfig.clientCertificate }} - clientCertificate: - {{- include "datastore.clientCertificate" . | indent 6 }} - {{- end }} -{{- end}} -{{- end}} diff --git a/charts/kamaji/templates/etcd_cm.yaml b/charts/kamaji/templates/etcd_cm.yaml deleted file mode 100644 index 53e48b5..0000000 --- a/charts/kamaji/templates/etcd_cm.yaml +++ /dev/null @@ -1,98 +0,0 @@ -{{- if .Values.etcd.deploy }} -apiVersion: v1 -kind: ConfigMap -metadata: - labels: - {{- include "etcd.labels" . | nindent 4 }} - name: {{ include "etcd.csrConfigMapName" . }} - namespace: {{ .Release.Namespace }} - annotations: - "helm.sh/hook": pre-install - "helm.sh/hook-weight": "-5" - "helm.sh/hook-delete-policy": "hook-succeeded,hook-failed" -data: - ca-csr.json: |- - { - "CN": "Clastix CA", - "key": { - "algo": "rsa", - "size": 2048 - }, - "names": [ - { - "C": "IT", - "ST": "Italy", - "L": "Milan" - } - ] - } - config.json: |- - { - "signing": { - "default": { - "expiry": "8760h" - }, - "profiles": { - "server-authentication": { - "usages": ["signing", "key encipherment", "server auth"], - "expiry": "8760h" - }, - "client-authentication": { - "usages": ["signing", "key encipherment", "client auth"], - "expiry": "8760h" - }, - "peer-authentication": { - "usages": ["signing", "key encipherment", "server auth", "client auth"], - "expiry": "8760h" - } - } - } - } - server-csr.json: |- - { - "CN": "etcd", - "key": { - "algo": "rsa", - "size": 2048 - }, - "hosts": [ -{{- range $count := until 3 -}} - {{ printf "\"etcd-%d.%s.%s.svc.cluster.local\"," $count (include "etcd.serviceName" .) $.Release.Namespace }} -{{- end }} - "etcd-server.{{ .Release.Namespace }}.svc.cluster.local", - "etcd-server.{{ .Release.Namespace }}.svc", - "etcd-server", - "127.0.0.1" - ] - } - peer-csr.json: |- - { - "CN": "etcd", - "key": { - "algo": "rsa", - "size": 2048 - }, - "hosts": [ -{{- range $count := until 3 -}} - {{ printf "\"etcd-%d\"," $count }} - {{ printf "\"etcd-%d.%s\"," $count (include "etcd.serviceName" .) }} - {{ printf "\"etcd-%d.%s.%s.svc\"," $count (include "etcd.serviceName" .) $.Release.Namespace }} - {{ printf "\"etcd-%d.%s.%s.svc.cluster.local\"," $count (include "etcd.serviceName" .) $.Release.Namespace }} -{{- end }} - "127.0.0.1" - ] - } - root-client-csr.json: |- - { - "CN": "root", - "key": { - "algo": "rsa", - "size": 2048 - }, - "names": [ - { - "O": "system:masters" - } - ] - } -{{- end }} diff --git a/charts/kamaji/templates/etcd_job_postdelete.yaml b/charts/kamaji/templates/etcd_job_postdelete.yaml deleted file mode 100644 index 45a8b4e..0000000 --- a/charts/kamaji/templates/etcd_job_postdelete.yaml +++ /dev/null @@ -1,35 +0,0 @@ -{{- if .Values.etcd.deploy }} -apiVersion: batch/v1 -kind: Job -metadata: - labels: - {{- include "etcd.labels" . | nindent 4 }} - annotations: - "helm.sh/hook": pre-delete - "helm.sh/hook-weight": "-5" - "helm.sh/hook-delete-policy": "hook-succeeded,hook-failed" - name: "{{ .Release.Name }}-etcd-teardown" - namespace: {{ .Release.Namespace }} -spec: - template: - metadata: - name: "{{ .Release.Name }}" - spec: - serviceAccountName: {{ include "etcd.serviceAccountName" . }} - restartPolicy: Never - containers: - - name: kubectl - image: {{ printf "clastix/kubectl:%s" (include "etcd.jobsTagKubeVersion" .) }} - command: - - kubectl - - --namespace={{ .Release.Namespace }} - - delete - - secret - - --ignore-not-found=true - - {{ include "etcd.caSecretName" . }} - - {{ include "etcd.clientSecretName" . }} - {{- with .Values.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} -{{- end }} diff --git a/charts/kamaji/templates/etcd_job_postinstall.yaml b/charts/kamaji/templates/etcd_job_postinstall.yaml deleted file mode 100644 index 0ecd928..0000000 --- a/charts/kamaji/templates/etcd_job_postinstall.yaml +++ /dev/null @@ -1,74 +0,0 @@ -{{- if .Values.etcd.deploy }} -apiVersion: batch/v1 -kind: Job -metadata: - labels: - {{- include "etcd.labels" . | nindent 4 }} - annotations: - "helm.sh/hook": post-install - "helm.sh/hook-weight": "-5" - "helm.sh/hook-delete-policy": "hook-succeeded,hook-failed" - name: "{{ .Release.Name }}-etcd-setup" - namespace: {{ .Release.Namespace }} -spec: - template: - metadata: - name: "{{ .Release.Name }}" - spec: - serviceAccountName: {{ include "etcd.serviceAccountName" . }} - restartPolicy: Never - initContainers: - - name: kubectl - image: {{ printf "clastix/kubectl:%s" (include "etcd.jobsTagKubeVersion" .) }} - command: - - sh - - -c - - |- - kubectl --namespace={{ .Release.Namespace }} rollout status sts/etcd --timeout=300s - containers: - - command: - - bash - - -c - - |- - etcdctl member list -w table - if etcdctl user get root &>/dev/null; then - echo "User already exists, nothing to do" - else - etcdctl user add --no-password=true root && - etcdctl role add root && - etcdctl user grant-role root root && - etcdctl auth enable - fi - env: - - name: ETCDCTL_ENDPOINTS - value: https://etcd-0.{{ include "etcd.serviceName" . }}.{{ .Release.Namespace }}.svc.cluster.local:2379 - - name: ETCDCTL_CACERT - value: /opt/certs/ca/ca.crt - - name: ETCDCTL_CERT - value: /opt/certs/root-certs/tls.crt - - name: ETCDCTL_KEY - value: /opt/certs/root-certs/tls.key - image: quay.io/coreos/etcd:v3.5.1 - imagePullPolicy: Always - name: etcd-client - volumeMounts: - - name: root-certs - mountPath: /opt/certs/root-certs - - name: certs - mountPath: /opt/certs/ca - securityContext: - runAsUser: 1000 - runAsGroup: 1000 - fsGroup: 1000 - volumes: - - name: root-certs - secret: - secretName: {{ include "etcd.clientSecretName" . }} - - name: certs - secret: - secretName: {{ include "etcd.caSecretName" . }} - {{- with .Values.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} -{{- end }} diff --git a/charts/kamaji/templates/etcd_job_preinstall.yaml b/charts/kamaji/templates/etcd_job_preinstall.yaml deleted file mode 100644 index 3344a58..0000000 --- a/charts/kamaji/templates/etcd_job_preinstall.yaml +++ /dev/null @@ -1,72 +0,0 @@ -{{- if .Values.etcd.deploy }} -apiVersion: batch/v1 -kind: Job -metadata: - labels: - {{- include "etcd.labels" . | nindent 4 }} - annotations: - "helm.sh/hook": pre-install - "helm.sh/hook-weight": "-5" - "helm.sh/hook-delete-policy": "hook-succeeded" - name: "{{ .Release.Name }}-etcd-certs" - namespace: {{ .Release.Namespace }} -spec: - template: - metadata: - name: "{{ .Release.Name }}" - spec: - serviceAccountName: {{ include "etcd.serviceAccountName" . }} - restartPolicy: Never - initContainers: - - name: cfssl - image: "{{ .Values.cfssl.image.repository }}:{{ .Values.cfssl.image.tag }}" - command: - - bash - - -c - - |- - cfssl gencert -initca /csr/ca-csr.json | cfssljson -bare /certs/ca && - mv /certs/ca.pem /certs/ca.crt && mv /certs/ca-key.pem /certs/ca.key && - cfssl gencert -ca=/certs/ca.crt -ca-key=/certs/ca.key -config=/csr/config.json -profile=peer-authentication /csr/peer-csr.json | cfssljson -bare /certs/peer && - cfssl gencert -ca=/certs/ca.crt -ca-key=/certs/ca.key -config=/csr/config.json -profile=peer-authentication /csr/server-csr.json | cfssljson -bare /certs/server && - cfssl gencert -ca=/certs/ca.crt -ca-key=/certs/ca.key -config=/csr/config.json -profile=client-authentication /csr/root-client-csr.json | cfssljson -bare /certs/root-client - volumeMounts: - - mountPath: /certs - name: certs - - mountPath: /csr - name: csr - containers: - - name: kubectl - image: {{ printf "clastix/kubectl:%s" (include "etcd.jobsTagKubeVersion" .) }} - command: ["/bin/sh", "-c"] - args: - - | - if kubectl get secret {{ include "etcd.caSecretName" . }} --namespace={{ .Release.Namespace }} &>/dev/null; then - echo "Secret {{ include "etcd.caSecretName" . }} already exists" - else - echo "Creating secret {{ include "etcd.caSecretName" . }}" - kubectl --namespace={{ .Release.Namespace }} create secret generic {{ include "etcd.caSecretName" . }} --from-file=/certs/ca.crt --from-file=/certs/ca.key --from-file=/certs/peer-key.pem --from-file=/certs/peer.pem --from-file=/certs/server-key.pem --from-file=/certs/server.pem - fi - if kubectl get secret {{ include "etcd.clientSecretName" . }} --namespace={{ .Release.Namespace }} &>/dev/null; then - echo "Secret {{ include "etcd.clientSecretName" . }} already exists" - else - echo "Creating secret {{ include "etcd.clientSecretName" . }}" - kubectl --namespace={{ .Release.Namespace }} create secret tls {{ include "etcd.clientSecretName" . }} --key=/certs/root-client-key.pem --cert=/certs/root-client.pem - fi - volumeMounts: - - mountPath: /certs - name: certs - securityContext: - runAsUser: 1000 - runAsGroup: 1000 - fsGroup: 1000 - volumes: - - name: csr - configMap: - name: {{ include "etcd.csrConfigMapName" . }} - - name: certs - emptyDir: {} - {{- with .Values.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} -{{- end }} diff --git a/charts/kamaji/templates/etcd_rbac.yaml b/charts/kamaji/templates/etcd_rbac.yaml deleted file mode 100644 index c34d3bc..0000000 --- a/charts/kamaji/templates/etcd_rbac.yaml +++ /dev/null @@ -1,56 +0,0 @@ -{{- if .Values.etcd.deploy }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - labels: - {{- include "etcd.labels" . | nindent 4 }} - name: etcd-gen-certs-role - annotations: - "helm.sh/hook": pre-install - "helm.sh/hook-weight": "-5" - namespace: {{ .Release.Namespace }} -rules: - - apiGroups: - - "" - resources: - - secrets - verbs: - - get - - delete - resourceNames: - - {{ include "etcd.caSecretName" . }} - - {{ include "etcd.clientSecretName" . }} - - apiGroups: - - "" - resources: - - secrets - verbs: - - create - - apiGroups: - - apps - resources: - - statefulsets - verbs: - - get - - list - - watch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - labels: - {{- include "etcd.labels" . | nindent 4 }} - name: etcd-gen-certs-rolebiding - namespace: {{ .Release.Namespace }} - annotations: - "helm.sh/hook": pre-install - "helm.sh/hook-weight": "-5" -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: etcd-gen-certs-role -subjects: - - kind: ServiceAccount - name: {{ include "etcd.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} -{{- end }} diff --git a/charts/kamaji/templates/etcd_sa.yaml b/charts/kamaji/templates/etcd_sa.yaml deleted file mode 100644 index e511ef2..0000000 --- a/charts/kamaji/templates/etcd_sa.yaml +++ /dev/null @@ -1,12 +0,0 @@ -{{- if .Values.etcd.deploy }} -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - {{- include "etcd.labels" . | nindent 4 }} - name: {{ include "etcd.serviceAccountName" . }} - annotations: - "helm.sh/hook": pre-install - "helm.sh/hook-weight": "-5" - namespace: {{ .Release.Namespace }} -{{- end }} diff --git a/charts/kamaji/templates/etcd_service.yaml b/charts/kamaji/templates/etcd_service.yaml deleted file mode 100644 index 9634242..0000000 --- a/charts/kamaji/templates/etcd_service.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if .Values.etcd.deploy }} -apiVersion: v1 -kind: Service -metadata: - labels: - {{- include "etcd.labels" . | nindent 4 }} - name: {{ include "etcd.serviceName" . }} - namespace: {{ .Release.Namespace }} -spec: - clusterIP: None - ports: - - port: {{ .Values.etcd.port }} - name: client - - port: {{ .Values.etcd.peerApiPort }} - name: peer - selector: - {{- include "etcd.selectorLabels" . | nindent 4 }} -{{- end }} diff --git a/charts/kamaji/templates/etcd_sts.yaml b/charts/kamaji/templates/etcd_sts.yaml deleted file mode 100644 index 516873b..0000000 --- a/charts/kamaji/templates/etcd_sts.yaml +++ /dev/null @@ -1,101 +0,0 @@ -{{- if .Values.etcd.deploy }} -apiVersion: apps/v1 -kind: StatefulSet -metadata: - labels: - {{- include "etcd.labels" . | nindent 4 }} - name: {{ include "etcd.fullname" . }} - namespace: {{ .Release.Namespace }} -spec: - serviceName: {{ include "etcd.serviceName" . }} - selector: - matchLabels: - {{- include "etcd.selectorLabels" . | nindent 6 }} - replicas: 3 - template: - metadata: - name: etcd - labels: - {{- include "etcd.selectorLabels" . | nindent 8 }} - spec: - volumes: - - name: certs - secret: - secretName: {{ include "etcd.caSecretName" . }} - {{- with .Values.etcd.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} - containers: - - name: etcd - image: {{ .Values.etcd.image.repository }}:{{ .Values.etcd.image.tag | default "v3.5.4" }} - imagePullPolicy: {{ .Values.etcd.image.pullPolicy }} - ports: - - containerPort: 2379 - name: client - - containerPort: 2380 - name: peer - volumeMounts: - - name: data - mountPath: /var/run/etcd - - name: certs - mountPath: /etc/etcd/pki - command: - - etcd - - --data-dir=/var/run/etcd - - --name=$(POD_NAME) - - --initial-cluster-state=new - - --initial-cluster={{ include "etcd.initialCluster" . }} - - --initial-advertise-peer-urls=https://$(POD_NAME).etcd.$(POD_NAMESPACE).svc.cluster.local:2380 - - --advertise-client-urls=https://$(POD_NAME).etcd.$(POD_NAMESPACE).svc.cluster.local:2379 - - --initial-cluster-token=kamaji - - --listen-client-urls=https://0.0.0.0:2379 - - --listen-metrics-urls=http://0.0.0.0:2381 - - --listen-peer-urls=https://0.0.0.0:2380 - - --client-cert-auth=true - - --peer-client-cert-auth=true - - --trusted-ca-file=/etc/etcd/pki/ca.crt - - --cert-file=/etc/etcd/pki/server.pem - - --key-file=/etc/etcd/pki/server-key.pem - - --peer-trusted-ca-file=/etc/etcd/pki/ca.crt - - --peer-cert-file=/etc/etcd/pki/peer.pem - - --peer-key-file=/etc/etcd/pki/peer-key.pem - - --auto-compaction-mode=periodic - - --auto-compaction-retention=5m - - --snapshot-count=10000 - - --quota-backend-bytes=8589934592 - - --v=8 - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - {{- with .Values.etcd.livenessProbe }} - livenessProbe: - {{- toYaml . | nindent 12 }} - {{- end }} - {{- with .Values.etcd.startupProbe }} - startupProbe: - {{- toYaml . | nindent 12 }} - {{- end }} - volumeClaimTemplates: - - metadata: - name: data - {{- with .Values.etcd.persistence.customAnnotations }} - annotations: - {{- toYaml . | nindent 8 }} - {{- end }} - spec: - storageClassName: {{ .Values.etcd.persistence.storageClassName }} - accessModes: - {{- range .Values.etcd.persistence.accessModes }} - - {{ . | quote }} - {{- end }} - resources: - requests: - storage: {{ .Values.etcd.persistence.size }} -{{- end }} diff --git a/charts/kamaji/values.yaml b/charts/kamaji/values.yaml index 7bb0d90..cf36946 100644 --- a/charts/kamaji/values.yaml +++ b/charts/kamaji/values.yaml @@ -15,72 +15,10 @@ image: # -- A list of extra arguments to add to the kamaji controller default ones extraArgs: [] - serviceMonitor: # -- Toggle the ServiceMonitor true if you have Prometheus Operator installed and configured enabled: false -etcd: - # -- Install an etcd with enabled multi-tenancy along with Kamaji - deploy: true - - # -- The peer API port which servers are listening to. - peerApiPort: 2380 - - # -- The client request port. - port: 2379 - - # -- Install specific etcd image - image: - repository: quay.io/coreos/etcd - tag: "v3.5.6" - pullPolicy: IfNotPresent - - # -- The livenessProbe for the etcd container - livenessProbe: - failureThreshold: 8 - httpGet: - path: /health?serializable=true - port: 2381 - scheme: HTTP - initialDelaySeconds: 10 - periodSeconds: 10 - timeoutSeconds: 15 - - serviceAccount: - # -- Create a ServiceAccount, required to install and provision the etcd backing storage (default: true) - create: true - # -- Define the ServiceAccount name to use during the setup and provision of the etcd backing storage (default: "") - name: "" - persistence: - size: 10Gi - storageClassName: "" - accessModes: - - ReadWriteOnce - # -- The custom annotations to add to the PVC - customAnnotations: {} - # volumeType: local - - # -- (array) Kubernetes affinity rules to apply to Kamaji etcd pods - tolerations: [] - - overrides: - caSecret: - # -- Name of the secret which contains CA's certificate and private key. (default: "etcd-certs") - name: etcd-certs - # -- Namespace of the secret which contains CA's certificate and private key. (default: "kamaji-system") - namespace: kamaji-system - clientSecret: - # -- Name of the secret which contains ETCD client certificates. (default: "root-client-certs") - name: root-client-certs - # -- Name of the namespace where the secret which contains ETCD client certificates is. (default: "kamaji-system") - namespace: kamaji-system - # -- (map) Dictionary of the endpoints for the etcd cluster's members, key is the name of the etcd server. Don't define the protocol (TLS is automatically inflected), or any port, inflected from .etcd.peerApiPort value. - endpoints: - etcd-0: etcd-0.etcd.kamaji-system.svc.cluster.local - etcd-1: etcd-1.etcd.kamaji-system.svc.cluster.local - etcd-2: etcd-2.etcd.kamaji-system.svc.cluster.local - # -- The address the probe endpoint binds to. (default ":8081") healthProbeBindAddress: ":8081" @@ -157,67 +95,17 @@ loggingDevel: # -- (string) Development Mode defaults(encoder=consoleEncoder,logLevel=Debug,stackTraceLevel=Warn). Production Mode defaults(encoder=jsonEncoder,logLevel=Info,stackTraceLevel=Error) (default false) enable: false -datastore: - # -- (bool) Enable the Kamaji Datastore creation (default=true) - enabled: true - # -- (string) The Datastore name override, if empty and enabled=true defaults to `default`, if enabled=false, this is the name of the Datastore to connect to. - nameOverride: - # -- (string) The Kamaji Datastore driver, supported: etcd, MySQL, PostgreSQL (defaults=etcd). - driver: etcd - # -- (array) List of endpoints of the selected Datastore. When letting the Chart install the etcd datastore, this field is populated automatically. - endpoints: [] - basicAuth: - usernameSecret: - # -- The name of the Secret containing the username used to connect to the relational database. - name: - # -- The namespace of the Secret containing the username used to connect to the relational database. - namespace: - # -- The Secret key where the data is stored. - keyPath: - passwordSecret: - # -- The name of the Secret containing the password used to connect to the relational database. - name: - # -- The namespace of the Secret containing the password used to connect to the relational database. - namespace: - # -- The Secret key where the data is stored. - keyPath: - tlsConfig: - enabled: true - certificateAuthority: - certificate: - # -- Name of the Secret containing the CA required to establish the mandatory SSL/TLS connection to the datastore. - name: - # -- Namespace of the Secret containing the CA required to establish the mandatory SSL/TLS connection to the datastore. - namespace: - # -- Key of the Secret which contains the content of the certificate. - keyPath: - privateKey: - # -- Name of the Secret containing the CA private key required to establish the mandatory SSL/TLS connection to the datastore. - name: - # -- Namespace of the Secret containing the CA private key required to establish the mandatory SSL/TLS connection to the datastore. - namespace: - # -- Key of the Secret which contains the content of the private key. - keyPath: - clientCertificate: - certificate: - # -- Name of the Secret containing the client certificate required to establish the mandatory SSL/TLS connection to the datastore. - name: - # -- Namespace of the Secret containing the client certificate required to establish the mandatory SSL/TLS connection to the datastore. - namespace: - # -- Key of the Secret which contains the content of the certificate. - keyPath: - privateKey: - # -- Name of the Secret containing the client certificate private key required to establish the mandatory SSL/TLS connection to the datastore. - name: - # -- Namespace of the Secret containing the client certificate private key required to establish the mandatory SSL/TLS connection to the datastore. - namespace: - # -- Key of the Secret which contains the content of the private key. - keyPath: +etcd: + # -- (bool) Enable the creation of a local etcd instance as a default Datastore using the kamaji-etcd chart by CLASTIX. (default=true) + deploy: true + # -- (string) If the creation of an etcd instance is disabled, specify the default DataStore name for the Kamaji instance. + datastoreName: kamaji-etcd -cfssl: - image: - repository: cfssl/cfssl - tag: latest +kamaji-etcd: + fullnameOverride: kamaji-etcd + datastore: + enabled: true + name: "default" # -- Disable the analytics traces collection telemetry: