Change custom templates to Helm charts (#445)

Makefile

@@ -31,11 +31,14 @@ DOCKERFILE := Dockerfile
 DOCKERTESTFILE := Dockerfile.test
 DOCKERDURATIONTESTFILE := tests/duration/Dockerfile
 
+HELM_CMD = $(HELM) template "$(ROOTDIR)/chart/$(CHART_NAME)" \
+         	       --name "$(NAME)" \
+         	       --set "operator.image=$(OPERATORIMAGE)" \
+         	       --set "operator.imagePullPolicy=Always" \
+         	       --namespace "$(DEPLOYMENTNAMESPACE)"
+
 ifndef LOCALONLY
 	PUSHIMAGES := 1
-	IMAGESHA256 := true
-else
-	IMAGESHA256 := false
 endif
 
 ifdef IMAGETAG
@@ -197,15 +200,62 @@ endif
 
 # Manifests
 
+.PHONY: manifests-crd
+manifests-crd: export CHART_NAME := kube-arangodb-crd
+manifests-crd: export NAME := crd
+manifests-crd:
+	@echo Building manifests for CRD - $(MANIFESTPATHCRD)
+	@$(HELM_CMD) > "$(MANIFESTPATHCRD)"
+
+.PHONY: manifests-test
+manifests-test: export CHART_NAME := kube-arangodb-test
+manifests-test: export NAME := arangodb-test
+manifests-test:
+	@echo Building manifests for test - $(MANIFESTPATHTEST)
+	@$(HELM_CMD) > "$(MANIFESTPATHTEST)"
+
+.PHONY: manifests-operator-deployment
+manifests-operator-deployment: export CHART_NAME := kube-arangodb
+manifests-operator-deployment: export NAME := deployment
+manifests-operator-deployment:
+	@echo Building manifests for Operator Deployment - $(MANIFESTPATHDEPLOYMENT)
+	@$(HELM_CMD) \
+	     --set "rbac.scope=ClusterRole" \
+	     --set "operator.features.deployment=true" \
+	     --set "operator.features.deploymentReplications=false" \
+	     --set "operator.features.storage=false"> "$(MANIFESTPATHDEPLOYMENT)"
+
+.PHONY: manifests-operator-deployment-replication
+manifests-operator-deployment-replication: export CHART_NAME := kube-arangodb
+manifests-operator-deployment-replication: export NAME := deployment-replication
+manifests-operator-deployment-replication:
+	@echo Building manifests for Operator Deployment Replication - $(MANIFESTPATHDEPLOYMENTREPLICATION)
+	@$(HELM_CMD) \
+	     --set "rbac.scope=ClusterRole" \
+	     --set "operator.features.deployment=false" \
+	     --set "operator.features.deploymentReplications=true" \
+	     --set "operator.features.storage=false"> "$(MANIFESTPATHDEPLOYMENTREPLICATION)"
+
+.PHONY: manifests-operator-storage
+manifests-operator-storage: export CHART_NAME := kube-arangodb
+manifests-operator-storage: export NAME := storage
+manifests-operator-storage:
+	@echo Building manifests for Operator Storage - $(MANIFESTPATHSTORAGE)
+	@$(HELM_CMD) \
+	     --set "rbac.scope=ClusterRole" \
+	     --set "operator.features.deployment=false" \
+	     --set "operator.features.deploymentReplications=false" \
+	     --set "operator.features.storage=true"> "$(MANIFESTPATHSTORAGE)"
+
+.PHONY: manifests-operator
+manifests-operator: manifests-operator-deployment manifests-operator-deployment-replication manifests-operator-storage
+
 .PHONY: manifests
-manifests: $(GOBUILDDIR)
-	@echo Building manifests
-	GOPATH=$(GOBUILDDIR) go run $(ROOTDIR)/tools/manifests/manifest_builder.go \
-		--output-suffix=$(MANIFESTSUFFIX) \
-		--image=$(OPERATORIMAGE) \
-		--image-sha256=$(IMAGESHA256) \
-		--namespace=$(DEPLOYMENTNAMESPACE) \
-		--allow-chaos=$(ALLOWCHAOS)
+manifests: manifests-crd manifests-operator manifests-test
+	@mkdir -p "$(ROOTDIR)/bin/charts"
+	@$(HELM) package "$(ROOTDIR)/chart/kube-arangodb" -d "$(ROOTDIR)/bin/charts" --save=false
+	@$(HELM) package "$(ROOTDIR)/chart/kube-arangodb-crd" -d "$(ROOTDIR)/bin/charts" --save=false
+
 
 # Testing
 

README.md

@@ -91,8 +91,8 @@ helm install https://github.com/arangodb/kube-arangodb/releases/download/0.3.14/
 # The following will install the operator for `ArangoDeployment` &
 # `ArangoDeploymentReplication` resources.
 helm install https://github.com/arangodb/kube-arangodb/releases/download/0.3.14/kube-arangodb.tgz
-# To use `ArangoLocalStorage`, also run
-helm install https://github.com/arangodb/kube-arangodb/releases/download/0.3.14/kube-arangodb-storage.tgz
+# To use `ArangoLocalStorage`, set field `operator.features.storage` to true
+helm install https://github.com/arangodb/kube-arangodb/releases/download/0.3.14/kube-arangodb.tgz --set "operator.features.storage=true"
 ```
 
 ## Upgrading the operator using Helm
@@ -111,7 +111,6 @@ list` output:
 ```
 % helm list
 NAME            	REVISION	UPDATED                 	STATUS  	CHART                               	APP VERSION	NAMESPACE
-intent-camel    	1       	Mon Apr  8 11:37:52 2019	DEPLOYED	kube-arangodb-storage-0.3.10-preview	           	default  
 steely-mule     	1       	Sun Mar 31 21:11:07 2019	DEPLOYED	kube-arangodb-crd-0.3.9             	           	default  
 vetoed-ladybird 	1       	Mon Apr  8 11:36:58 2019	DEPLOYED	kube-arangodb-0.3.10-preview        	           	default  
 ```
@@ -119,7 +118,6 @@ vetoed-ladybird 	1       	Mon Apr  8 11:36:58 2019	DEPLOYED	kube-arangodb-0.3.10
 So here, you would have to do
 
 ```bash
-helm delete intent-camel
 helm delete vetoed-ladybird
 ```
 
@@ -130,8 +128,8 @@ with `helm install` as normal:
 # The following will install the operator for `ArangoDeployment` &
 # `ArangoDeploymentReplication` resources.
 helm install https://github.com/arangodb/kube-arangodb/releases/download/0.3.14/kube-arangodb.tgz
-# To use `ArangoLocalStorage`, also run
-helm install https://github.com/arangodb/kube-arangodb/releases/download/0.3.14/kube-arangodb-storage.tgz
+# To use `ArangoLocalStorage`, set field `operator.features.storage` to true
+helm install https://github.com/arangodb/kube-arangodb/releases/download/0.3.14/kube-arangodb.tgz --set "operator.features.storage=true"
 ```
 
 ## Building

chart/kube-arangodb-crd/Chart.yaml

@@ -0,0 +1,9 @@
+---
+
+name: kube-arangodb-crd
+version: 1.0.0
+
+description: "ArangoDB Kubernetes Custom Resource Definitions"
+tillerVersion: ">2.7"
+
+appVersion: 3.5.0

chart/kube-arangodb-crd/LICENSE

@@ -0,0 +1,15 @@
+Copyright 2018 ArangoDB GmbH, Cologne, Germany
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+Copyright holder is ArangoDB GmbH, Cologne, Germany

chart/kube-arangodb-crd/templates/_helpers.tpl

@@ -0,0 +1,8 @@
+{{/* vim: set filetype=mustache: */}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "kube-arangodb-crd.name" -}}
+{{- printf "%s" .Chart.Name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}

chart/kube-arangodb-crd/templates/deployment-replications.yaml

@@ -0,0 +1,21 @@
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+    name: arangodeploymentreplications.replication.database.arangodb.com
+    labels:
+        app.kubernetes.io/name: {{ template "kube-arangodb-crd.name" . }}
+        helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }}
+        app.kubernetes.io/managed-by: {{ .Release.Service }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        release: {{ .Release.Name }}
+spec:
+    group: replication.database.arangodb.com
+    names:
+        kind: ArangoDeploymentReplication
+        listKind: ArangoDeploymentReplicationList
+        plural: arangodeploymentreplications
+        shortNames:
+            - arangorepl
+        singular: arangodeploymentreplication
+    scope: Namespaced
+    version: v1alpha

chart/kube-arangodb-crd/templates/deployment.yaml

@@ -0,0 +1,22 @@
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+    name: arangodeployments.database.arangodb.com
+    labels:
+        app.kubernetes.io/name: {{ template "kube-arangodb-crd.name" . }}
+        helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }}
+        app.kubernetes.io/managed-by: {{ .Release.Service }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        release: {{ .Release.Name }}
+spec:
+    group: database.arangodb.com
+    names:
+        kind: ArangoDeployment
+        listKind: ArangoDeploymentList
+        plural: arangodeployments
+        shortNames:
+            - arangodb
+            - arango
+        singular: arangodeployment
+    scope: Namespaced
+    version: v1alpha

chart/kube-arangodb-test/Chart.yaml

@@ -0,0 +1,6 @@
+---
+
+name: kube-arangodb-test
+version: 1.0.0
+
+description: "ArangoDB Kubernetes Test Access"

chart/kube-arangodb-test/templates/_helpers.tpl

@@ -0,0 +1,22 @@
+{{/* vim: set filetype=mustache: */}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "kube-arangodb-test.name" -}}
+{{- printf "%s" .Chart.Name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Expand the name of the release.
+*/}}
+{{- define "kube-arangodb-test.releaseName" -}}
+{{- printf "%s" .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Combine name of the deployment.
+*/}}
+{{- define "kube-arangodb-test.fullName" -}}
+{{- printf "%s-%s" .Chart.Name .Release.Name  | trunc 63 | trimSuffix "-" -}}
+{{- end -}}

chart/kube-arangodb-test/templates/cluster-role-binding.yaml

@@ -0,0 +1,19 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+    name: {{ template "kube-arangodb-test.fullName" . }}
+    namespace: {{ .Release.Namespace }}
+    labels:
+        app.kubernetes.io/name: {{ template "kube-arangodb-test.name" . }}
+        helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }}
+        app.kubernetes.io/managed-by: {{ .Release.Service }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        release: {{ .Release.Name }}
+roleRef:
+    apiGroup: rbac.authorization.k8s.io
+    kind: ClusterRole
+    name: cluster-admin
+subjects:
+    - kind: ServiceAccount
+      name: {{ template "kube-arangodb-test.releaseName" . }}
+      namespace: {{ .Release.Namespace }}

chart/kube-arangodb-test/templates/service-account.yaml

@@ -0,0 +1,17 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+    name: {{ template "kube-arangodb-test.releaseName" . }}
+    namespace: {{ .Release.Namespace }}
+    labels:
+        app.kubernetes.io/name: {{ template "kube-arangodb-test.name" . }}
+        helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }}
+        app.kubernetes.io/managed-by: {{ .Release.Service }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        release: {{ .Release.Name }}
+{{- if .Values.imagePullSecrets }}
+imagePullSecrets:
+{{- range .Values.imagePullSecrets }}
+    - name: {{ . }}
+{{- end }}
+{{- end }}

chart/kube-arangodb-test/values.yaml

@@ -0,0 +1,3 @@
+---
+
+imagePullSecrets: []

chart/kube-arangodb/Chart.yaml

@@ -0,0 +1,9 @@
+---
+
+name: kube-arangodb
+version: 1.0.0
+
+description: "ArangoDB Kubernetes Operator"
+tillerVersion: ">2.7"
+
+appVersion: 3.5.0

chart/kube-arangodb/LICENSE

@@ -0,0 +1,15 @@
+Copyright 2018 ArangoDB GmbH, Cologne, Germany
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+Copyright holder is ArangoDB GmbH, Cologne, Germany

chart/kube-arangodb/README.md

@@ -0,0 +1,144 @@
+# Introduction
+
+Kubernetes ArangoDB Operator.
+
+# Chart Details
+
+Chart will install fully operational ArangoDB Kubernetes Operator. CRD are moved to different Helm package.
+
+# Prerequisites
+
+To be able to work with Operator, Custom Resource Definitions needs to be installed. More details can be found in `kube-arangodb-crd` chart.
+
+# Resources Required
+
+In default installation deployment with 2 pods will be created. Each default pod require 256MB of ram and 250m of CPU.
+
+# Installing the Chart
+
+Chart can be installed in two methods:
+- With all Operators in single Helm Release
+- One Helm Release per Operator
+
+Possible Operators:
+- `ArangoDeployment` - enabled by default
+- `ArangoDeploymentReplications` - enabled by default
+- `ArangoLocalStorage` - disabled by default
+
+To install Operators in mode "One per Helm Release" we can use:
+
+```
+helm install --name arango-deployment kube-arangodb.tar.gz \
+             --set operator.features.deployment=true \
+             --set operator.features.deploymentReplications=false \
+             --set operator.features.storage=false
+
+
+helm install --name arango-deployment-replications kube-arangodb.tar.gz \
+             --set operator.features.deployment=false \
+             --set operator.features.deploymentReplications=true \
+             --set operator.features.storage=false
+
+
+helm install --name arango-storage kube-arangodb.tar.gz \
+             --set operator.features.deployment=false \
+             --set operator.features.deploymentReplications=false \
+             --set operator.features.storage=true
+```
+
+
+# Configuration
+
+### `operator.image`
+
+Image used for the ArangoDB Operator.
+
+Default: `arangodb/kube-arangodb:latest`
+
+### `operator.imagePullPolicy`
+
+Image pull policy for Operator images.
+
+Default: `IfNotPresent`
+
+### `operator.imagePullSecrets`
+
+List of the Image Pull Secrets for Operator images.
+
+Default: `[]string`
+
+### `operator.service.type`
+
+Type of the Operator service.
+
+Default: `ClusterIP`
+
+### `operator.annotations`
+
+Annotations passed to the Operator Deployment definition.
+
+Default: `[]string`
+
+### `operator.resources.limits.cpu`
+
+CPU limits for operator pods.
+
+Default: `1`
+
+### `operator.resources.limits.memory`
+
+Memory limits for operator pods.
+
+Default: `256Mi`
+
+### `operator.resources.requested.cpu`
+
+Requested CPI by Operator pods.
+
+Default: `250m`
+
+### `operator.resources.requested.memory`
+
+Requested memory for operator pods.
+
+Default: `256Mi`
+
+### `operator.replicaCount`
+
+Replication count for Operator deployment.
+
+Default: `2`
+
+### `operator.updateStrategy`
+
+Update strategy for operator pod.
+
+Default: `Recreate`
+
+### `operator.features.deployment`
+
+Define if ArangoDeployment Operator should be enabled.
+
+Default: `true`
+
+### `operator.features.deploymentReplications`
+
+Define if ArangoDeploymentReplications Operator should be enabled.
+
+Default: `true`
+
+### `operator.features.storage`
+
+Define if ArangoLocalStorage Operator should be enabled.
+
+Default: `false`
+
+### `rbac.enabled`
+
+Define if RBAC should be enabled.
+
+Default: `true`
+
+# Limitations
+
+N/A

chart/kube-arangodb/templates/_helpers.tpl

@@ -0,0 +1,36 @@
+{{/* vim: set filetype=mustache: */}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "kube-arangodb.name" -}}
+{{- printf "%s" .Chart.Name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Expand the name of the release.
+*/}}
+{{- define "kube-arangodb.releaseName" -}}
+{{- printf "%s" .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Expand the name of the operator.
+*/}}
+{{- define "kube-arangodb.operatorName" -}}
+{{- printf "arango-%s-operator" .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Combine name of the deployment.
+*/}}
+{{- define "kube-arangodb.fullName" -}}
+{{- printf "%s-%s" .Chart.Name .Release.Name  | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create the name of the Operator RBAC role
+*/}}
+{{- define "kube-arangodb.rbac" -}}
+{{- printf "%s-%s" (include "kube-arangodb.operatorName" .) "rbac" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}

chart/kube-arangodb/templates/deployment-operator/cluster-role-binding.yaml

@@ -0,0 +1,26 @@
+{{ if .Values.rbac.enabled -}}
+{{ if .Values.operator.features.deployment -}}
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+    name: {{ template "kube-arangodb.rbac" . }}-deployment
+    namespace: {{ .Release.Namespace }}
+    labels:
+        app.kubernetes.io/name: {{ template "kube-arangodb.name" . }}
+        helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }}
+        app.kubernetes.io/managed-by: {{ .Release.Service }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        release: {{ .Release.Name }}
+roleRef:
+    apiGroup: rbac.authorization.k8s.io
+    kind: ClusterRole
+    name: {{ template "kube-arangodb.rbac" . }}-deployment
+subjects:
+    - kind: ServiceAccount
+      name: {{ template "kube-arangodb.operatorName" . }}
+      namespace: {{ .Release.Namespace }}
+
+
+{{- end }}
+{{- end }}

chart/kube-arangodb/templates/deployment-operator/cluster-role.yaml

@@ -0,0 +1,27 @@
+{{ if .Values.rbac.enabled -}}
+{{ if .Values.operator.features.deployment -}}
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+    name: {{ template "kube-arangodb.rbac" . }}-deployment
+    namespace: {{ .Release.Namespace }}
+    labels:
+        app.kubernetes.io/name: {{ template "kube-arangodb.name" . }}
+        helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }}
+        app.kubernetes.io/managed-by: {{ .Release.Service }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        release: {{ .Release.Name }}
+rules:
+    - apiGroups: ["apiextensions.k8s.io"]
+      resources: ["customresourcedefinitions"]
+      verbs: ["get", "list", "watch"]
+    - apiGroups: [""]
+      resources: ["namespaces", "nodes"]
+      verbs: ["get", "list"]
+    - apiGroups: ["storage.k8s.io"]
+      resources: ["storageclasses"]
+      verbs: ["get", "list"]
+
+{{- end }}
+{{- end }}

chart/kube-arangodb/templates/deployment-operator/role-binding.yaml

@@ -0,0 +1,26 @@
+{{ if .Values.rbac.enabled -}}
+{{ if .Values.operator.features.deployment -}}
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+    name: {{ template "kube-arangodb.rbac" . }}-deployment
+    namespace: {{ .Release.Namespace }}
+    labels:
+        app.kubernetes.io/name: {{ template "kube-arangodb.name" . }}
+        helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }}
+        app.kubernetes.io/managed-by: {{ .Release.Service }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        release: {{ .Release.Name }}
+roleRef:
+    apiGroup: rbac.authorization.k8s.io
+    kind: Role
+    name: {{ template "kube-arangodb.rbac" . }}-deployment
+subjects:
+    - kind: ServiceAccount
+      name: {{ template "kube-arangodb.operatorName" . }}
+      namespace: {{ .Release.Namespace }}
+
+
+{{- end }}
+{{- end }}

chart/kube-arangodb/templates/deployment-operator/role.yaml

@@ -0,0 +1,33 @@
+{{ if .Values.rbac.enabled -}}
+{{ if .Values.operator.features.deployment -}}
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+    name: {{ template "kube-arangodb.rbac" . }}-deployment
+    namespace: {{ .Release.Namespace }}
+    labels:
+        app.kubernetes.io/name: {{ template "kube-arangodb.name" . }}
+        helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }}
+        app.kubernetes.io/managed-by: {{ .Release.Service }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        release: {{ .Release.Name }}
+rules:
+    - apiGroups: ["database.arangodb.com"]
+      resources: ["arangodeployments"]
+      verbs: ["*"]
+    - apiGroups: [""]
+      resources: ["pods", "services", "endpoints", "persistentvolumeclaims", "events", "secrets"]
+      verbs: ["*"]
+    - apiGroups: ["apps"]
+      resources: ["deployments", "replicasets"]
+      verbs: ["get"]
+    - apiGroups: ["policy"]
+      resources: ["poddisruptionbudgets"]
+      verbs: ["get", "create", "delete"]
+    - apiGroups: ["monitoring.coreos.com"]
+      resources: ["servicemonitors"]
+      verbs: ["get", "create", "delete"]
+
+{{- end }}
+{{- end }}

chart/kube-arangodb/templates/deployment-replications-operator/cluster-role-binding.yaml

@@ -0,0 +1,26 @@
+{{ if .Values.rbac.enabled -}}
+{{ if .Values.operator.features.deploymentReplications -}}
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+    name: {{ template "kube-arangodb.rbac" . }}-deployment-replication
+    namespace: {{ .Release.Namespace }}
+    labels:
+        app.kubernetes.io/name: {{ template "kube-arangodb.name" . }}
+        helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }}
+        app.kubernetes.io/managed-by: {{ .Release.Service }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        release: {{ .Release.Name }}
+roleRef:
+    apiGroup: rbac.authorization.k8s.io
+    kind: ClusterRole
+    name: {{ template "kube-arangodb.rbac" . }}-deployment-replication
+subjects:
+    - kind: ServiceAccount
+      name: {{ template "kube-arangodb.operatorName" . }}
+      namespace: {{ .Release.Namespace }}
+
+
+{{- end }}
+{{- end }}

chart/kube-arangodb/templates/deployment-replications-operator/cluster-role.yaml

@@ -0,0 +1,24 @@
+{{ if .Values.rbac.enabled -}}
+{{ if .Values.operator.features.deploymentReplications -}}
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+    name: {{ template "kube-arangodb.rbac" . }}-deployment-replication
+    namespace: {{ .Release.Namespace }}
+    labels:
+        app.kubernetes.io/name: {{ template "kube-arangodb.name" . }}
+        helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }}
+        app.kubernetes.io/managed-by: {{ .Release.Service }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        release: {{ .Release.Name }}
+rules:
+    - apiGroups: ["apiextensions.k8s.io"]
+      resources: ["customresourcedefinitions"]
+      verbs: ["get"]
+    - apiGroups: [""]
+      resources: ["namespaces", "nodes"]
+      verbs: ["get", "list"]
+
+{{- end }}
+{{- end }}

chart/kube-arangodb/templates/deployment-replications-operator/role-binding.yaml

@@ -0,0 +1,26 @@
+{{ if .Values.rbac.enabled -}}
+{{ if .Values.operator.features.deploymentReplications -}}
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+    name: {{ template "kube-arangodb.rbac" . }}-deployment-replication
+    namespace: {{ .Release.Namespace }}
+    labels:
+        app.kubernetes.io/name: {{ template "kube-arangodb.name" . }}
+        helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }}
+        app.kubernetes.io/managed-by: {{ .Release.Service }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        release: {{ .Release.Name }}
+roleRef:
+    apiGroup: rbac.authorization.k8s.io
+    kind: Role
+    name: {{ template "kube-arangodb.rbac" . }}-deployment-replication
+subjects:
+    - kind: ServiceAccount
+      name: {{ template "kube-arangodb.operatorName" . }}
+      namespace: {{ .Release.Namespace }}
+
+
+{{- end }}
+{{- end }}

chart/kube-arangodb/templates/deployment-replications-operator/role.yaml

@@ -0,0 +1,30 @@
+{{ if .Values.rbac.enabled -}}
+{{ if .Values.operator.features.deploymentReplications -}}
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+    name: {{ template "kube-arangodb.rbac" . }}-deployment-replication
+    namespace: {{ .Release.Namespace }}
+    labels:
+        app.kubernetes.io/name: {{ template "kube-arangodb.name" . }}
+        helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }}
+        app.kubernetes.io/managed-by: {{ .Release.Service }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        release: {{ .Release.Name }}
+rules:
+    - apiGroups: ["replication.database.arangodb.com"]
+      resources: ["arangodeploymentreplications"]
+      verbs: ["*"]
+    - apiGroups: ["database.arangodb.com"]
+      resources: ["arangodeployments"]
+      verbs: ["get"]
+    - apiGroups: [""]
+      resources: ["pods", "services", "endpoints", "persistentvolumeclaims", "events", "secrets"]
+      verbs: ["*"]
+    - apiGroups: ["apps"]
+      resources: ["deployments", "replicasets"]
+      verbs: ["get"]
+
+{{- end }}
+{{- end }}

chart/kube-arangodb/templates/deployment.yaml

@@ -0,0 +1,110 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+    name: {{ template "kube-arangodb.operatorName" . }}
+    namespace: {{ .Release.Namespace }}
+{{- if .Values.operator.annotations }}
+    annotations:
+{{ toYaml .Values.operator.annotations | indent 8 }}
+{{- end }}
+    labels:
+        app.kubernetes.io/name: {{ template "kube-arangodb.name" . }}
+        helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }}
+        app.kubernetes.io/managed-by: {{ .Release.Service }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        release: {{ .Release.Name }}
+spec:
+    replicas: {{ .Values.operator.replicaCount }}
+    strategy:
+{{ toYaml .Values.operator.updateStrategy | indent 8 }}
+    selector:
+        matchLabels:
+            app.kubernetes.io/name: {{ template "kube-arangodb.name" . }}
+            app.kubernetes.io/managed-by: {{ .Release.Service }}
+            app.kubernetes.io/instance: {{ .Release.Name }}
+            release: {{ .Release.Name }}
+    template:
+        metadata:
+            labels:
+                app.kubernetes.io/name: {{ template "kube-arangodb.name" . }}
+                helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }}
+                app.kubernetes.io/managed-by: {{ .Release.Service }}
+                app.kubernetes.io/instance: {{ .Release.Name }}
+                release: {{ .Release.Name }}
+{{- if .Values.operator.annotations }}
+            annotations:
+{{ toYaml .Values.operator.annotations | indent 16 }}
+{{- end }}
+        spec:
+            serviceAccountName: {{ template "kube-arangodb.operatorName" . }}
+            affinity:
+              nodeAffinity:
+                requiredDuringSchedulingIgnoredDuringExecution:
+                  nodeSelectorTerms:
+                    - matchExpressions:
+                        - key: beta.kubernetes.io/arch
+                          operator: In
+                          values:
+                            - amd64
+            containers:
+                - name: operator
+                  imagePullPolicy: {{ .Values.operator.imagePullPolicy }}
+                  image: {{ .Values.operator.image }}
+                  args:
+{{- if .Values.operator.features.deployment }}
+                    - --operator.deployment
+{{- end -}}
+{{ if .Values.operator.features.deploymentReplications }}
+                    - --operator.deployment-replication
+{{- end -}}
+{{ if .Values.operator.features.storage }}
+                    - --operator.storage
+{{- end }}
+                    - --chaos.allowed={{ .Values.operator.allowChaos }}
+                  env:
+                      - name: MY_POD_NAMESPACE
+                        valueFrom:
+                            fieldRef:
+                                fieldPath: metadata.namespace
+                      - name: MY_POD_NAME
+                        valueFrom:
+                            fieldRef:
+                                fieldPath: metadata.name
+                      - name: MY_POD_IP
+                        valueFrom:
+                            fieldRef:
+                                fieldPath: status.podIP
+                  ports:
+                      - name: metrics
+                        containerPort: 8528
+                  securityContext:
+                    capabilities:
+                      drop:
+                        - 'ALL'
+{{- if .Values.operator.resources }}
+                  resources:
+{{ toYaml .Values.operator.resources | indent 22 }}
+{{- end }}
+                  livenessProbe:
+                      httpGet:
+                          path: /health
+                          port: 8528
+                          scheme: HTTPS
+                      initialDelaySeconds: 5
+                      periodSeconds: 10
+                  readinessProbe:
+                      httpGet:
+                          path: /ready
+                          port: 8528
+                          scheme: HTTPS
+                      initialDelaySeconds: 5
+                      periodSeconds: 10
+            tolerations:
+                - key: "node.kubernetes.io/unreachable"
+                  operator: "Exists"
+                  effect: "NoExecute"
+                  tolerationSeconds: 5
+                - key: "node.kubernetes.io/not-ready"
+                  operator: "Exists"
+                  effect: "NoExecute"
+                  tolerationSeconds: 5

chart/kube-arangodb/templates/service-account.yaml

@@ -0,0 +1,17 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "kube-arangodb.operatorName" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+      app.kubernetes.io/name: {{ template "kube-arangodb.name" . }}
+      helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }}
+      app.kubernetes.io/managed-by: {{ .Release.Service }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      release: {{ .Release.Name }}
+{{- if .Values.operator.imagePullSecrets }}
+imagePullSecrets:
+{{- range .Values.operator.imagePullSecrets }}
+  - name: {{ . }}
+{{- end }}
+{{- end }}

chart/kube-arangodb/templates/service.yaml

@@ -0,0 +1,28 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "kube-arangodb.operatorName" . }}
+  namespace: {{ .Release.Namespace }}
+{{- if .Values.operator.annotations }}
+  annotations:
+{{ toYaml .Values.operator.annotations | indent 8 }}
+{{- end }}
+  labels:
+    app.kubernetes.io/name: {{ template "kube-arangodb.name" . }}
+    helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    release: {{ .Release.Name }}
+spec:
+  ports:
+    - name: server
+      port: 8528
+      protocol: TCP
+      targetPort: 8528
+  selector:
+    app.kubernetes.io/name: {{ template "kube-arangodb.name" . }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    release: {{ .Release.Name }}
+    role: leader
+  type: {{ .Values.operator.service.type }}

chart/kube-arangodb/templates/storage-operator/cluster-role-binding.yaml

@@ -0,0 +1,26 @@
+{{ if .Values.rbac.enabled -}}
+{{ if .Values.operator.features.storage -}}
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+    name: {{ template "kube-arangodb.rbac" . }}-storage
+    namespace: {{ .Release.Namespace }}
+    labels:
+        app.kubernetes.io/name: {{ template "kube-arangodb.name" . }}
+        helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }}
+        app.kubernetes.io/managed-by: {{ .Release.Service }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        release: {{ .Release.Name }}
+roleRef:
+    apiGroup: rbac.authorization.k8s.io
+    kind: ClusterRole
+    name: {{ template "kube-arangodb.rbac" . }}-storage
+subjects:
+    - kind: ServiceAccount
+      name: {{ template "kube-arangodb.operatorName" . }}
+      namespace: {{ .Release.Namespace }}
+
+
+{{- end }}
+{{- end }}

chart/kube-arangodb/templates/storage-operator/cluster-role.yaml

@@ -0,0 +1,29 @@
+{{ if .Values.rbac.enabled -}}
+{{ if .Values.operator.features.storage -}}
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+    name: {{ template "kube-arangodb.rbac" . }}-storage
+    namespace: {{ .Release.Namespace }}
+    labels:
+        app.kubernetes.io/name: {{ template "kube-arangodb.name" . }}
+        helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }}
+        app.kubernetes.io/managed-by: {{ .Release.Service }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        release: {{ .Release.Name }}
+rules:
+    - apiGroups: ["apiextensions.k8s.io"]
+      resources: ["customresourcedefinitions"]
+      verbs: ["get"]
+    - apiGroups: [""]
+      resources: ["namespaces", "nodes"]
+      verbs: ["get", "list"]
+    - apiGroups: ["storage.k8s.io"]
+      resources: ["storageclasses"]
+      verbs: ["*"]
+    - apiGroups: ["storage.arangodb.com"]
+      resources: ["arangolocalstorages"]
+      verbs: ["*"]
+{{- end }}
+{{- end }}

chart/kube-arangodb/templates/storage-operator/crd.yaml

@@ -0,0 +1,25 @@
+{{ if .Values.operator.features.storage -}}
+
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+    name: arangolocalstorages.storage.arangodb.com
+    labels:
+        app.kubernetes.io/name: {{ template "kube-arangodb.name" . }}
+        helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }}
+        app.kubernetes.io/managed-by: {{ .Release.Service }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        release: {{ .Release.Name }}
+spec:
+    group: storage.arangodb.com
+    names:
+        kind: ArangoLocalStorage
+        listKind: ArangoLocalStorageList
+        plural: arangolocalstorages
+        shortNames:
+            - arangostorage
+        singular: arangolocalstorage
+    scope: Cluster
+    version: v1alpha
+
+{{- end }}

chart/kube-arangodb/templates/storage-operator/role-binding.yaml

@@ -0,0 +1,26 @@
+{{ if .Values.rbac.enabled -}}
+{{ if .Values.operator.features.storage -}}
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+    name: {{ template "kube-arangodb.rbac" . }}-storage
+    namespace: {{ .Release.Namespace }}
+    labels:
+        app.kubernetes.io/name: {{ template "kube-arangodb.name" . }}
+        helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }}
+        app.kubernetes.io/managed-by: {{ .Release.Service }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        release: {{ .Release.Name }}
+roleRef:
+    apiGroup: rbac.authorization.k8s.io
+    kind: Role
+    name: {{ template "kube-arangodb.rbac" . }}-storage
+subjects:
+    - kind: ServiceAccount
+      name: {{ template "kube-arangodb.operatorName" . }}
+      namespace: {{ .Release.Namespace }}
+
+
+{{- end }}
+{{- end }}

chart/kube-arangodb/templates/storage-operator/role.yaml

@@ -0,0 +1,33 @@
+{{ if .Values.rbac.enabled -}}
+{{ if .Values.operator.features.storage -}}
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+    name: {{ template "kube-arangodb.rbac" . }}-storage
+    namespace: {{ .Release.Namespace }}
+    labels:
+        app.kubernetes.io/name: {{ template "kube-arangodb.name" . }}
+        helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }}
+        app.kubernetes.io/managed-by: {{ .Release.Service }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        release: {{ .Release.Name }}
+rules:
+    - apiGroups: [""]
+      resources: ["persistentvolumes", "persistentvolumeclaims", "endpoints", "events", "services"]
+      verbs: ["*"]
+    - apiGroups: [""]
+      resources: ["pods"]
+      verbs: ["get", "update"]
+    - apiGroups: [""]
+      resources: ["secrets"]
+      verbs: ["get"]
+    - apiGroups: ["apps"]
+      resources: ["daemonsets"]
+      verbs: ["*"]
+    - apiGroups: ["apps"]
+      resources: ["deployments", "replicasets"]
+      verbs: ["get"]
+
+{{- end }}
+{{- end }}

chart/kube-arangodb/values.yaml

@@ -0,0 +1,34 @@
+---
+
+operator:
+  image: arangodb/kube-arangodb:latest
+  imagePullPolicy: IfNotPresent
+  imagePullSecrets: []
+
+  service:
+    type: ClusterIP
+
+  annotations: {}
+
+  resources:
+    limits:
+      cpu: 1
+      memory: 256Mi
+    requests:
+      cpu: 250m
+      memory: 256Mi
+
+  replicaCount: 2
+
+  updateStrategy:
+    type: Recreate
+
+  allowChaos: false
+
+  features:
+    deployment: true
+    deploymentReplications: true
+    storage: false
+
+rbac:
+  enabled: true

docs/Manual/Deployment/Kubernetes/Helm.md

@@ -13,13 +13,10 @@ For example you can install the operator in a namespace other than
 
 The ArangoDB Kubernetes Operator is contained in two `helm` charts:
 
-- `kube-arangodb` which contains the operator for the `ArangoDeployment`
+- `kube-arangodb` which contains the operator for the `ArangoDeployment`, `ArangoLocalStorage`
   and `ArangoDeploymentReplication` resource types.
-- `kube-arangodb-storage` which contains the operator for the `ArangoLocalStorage`
-  resource type.
+- `kube-arangodb-crd` which contains the CRD for the `ArangoDeployment` and `ArangoDeploymentReplication` resource types.
 
-The `kube-arangodb-storage` only has to be installed if your Kubernetes cluster
-does not already provide `StorageClasses` that use locally attached SSDs.
 
 ## Configurable values for ArangoDB Kubernetes Operator
 
@@ -29,35 +26,95 @@ ArangoDB Kubernetes Operator with `helm`.
 Values are passed to `helm` using an `--set=<key>=<value>` argument passed
 to the `helm install` or `helm upgrade` command.
 
-### Values applicable to both charts
+### `operator.image`
 
-| Key               | Type   | Description
-|-------------------|--------|-----|
-| Image             | string | Override the docker image used by the operators
-| ImagePullPolicy   | string | Override the image pull policy used by the operators. See [Updating Images](https://kubernetes.io/docs/concepts/containers/images/#updating-images) for details.
-| RBAC.Create       | bool   | Set to `true` (default) to create roles & role bindings.
+Image used for the ArangoDB Operator.
 
-### Values applicable to the `kube-arangodb` chart
+Default: `arangodb/kube-arangodb:latest`
 
-| Key               | Type   | Description
-|-------------------|--------|-----|
-| Deployment.Create | bool   | Set to `true` (default) to deploy the `ArangoDeployment` operator
-| Deployment.User.ServiceAccountName | string | Name of the `ServiceAccount` that is the subject of the `RoleBinding` of users of the `ArangoDeployment` operator
-| Deployment.Operator.ServiceAccountName | string | Name of the `ServiceAccount` used to run the `ArangoDeployment` operator
-| Deployment.Operator.ServiceType | string | Type of `Service` created for the dashboard of the `ArangoDeployment` operator
-| Deployment.AllowChaos | bool | Set to `true` to allow the introduction of chaos. **Only use for testing, never for production!** Defaults to `false`.
-| DeploymentReplication.Create | bool   | Set to `true` (default) to deploy the `ArangoDeploymentReplication` operator
-| DeploymentReplication.User.ServiceAccountName | string | Name of the `ServiceAccount` that is the subject of the `RoleBinding` of users of the `ArangoDeploymentReplication` operator
-| DeploymentReplication.Operator.ServiceAccountName | string | Name of the `ServiceAccount` used to run the `ArangoDeploymentReplication` operator
-| DeploymentReplication.Operator.ServiceType | string | Type of `Service` created for the dashboard of the `ArangoDeploymentReplication` operator
+### `operator.imagePullPolicy`
 
-### Values applicable to the `kube-arangodb-storage` chart
+Image pull policy for Operator images.
 
-| Key               | Type   | Description
-|-------------------|--------|-----|
-| Storage.User.ServiceAccountName | string | Name of the `ServiceAccount` that is the subject of the `RoleBinding` of users of the `ArangoLocalStorage` operator
-| Storage.Operator.ServiceAccountName | string | Name of the `ServiceAccount` used to run the `ArangoLocalStorage` operator
-| Storage.Operator.ServiceType | string | Type of `Service` created for the dashboard of the `ArangoLocalStorage` operator
+Default: `IfNotPresent`
+
+### `operator.imagePullSecrets`
+
+List of the Image Pull Secrets for Operator images.
+
+Default: `[]string`
+
+### `operator.service.type`
+
+Type of the Operator service.
+
+Default: `ClusterIP`
+
+### `operator.annotations`
+
+Annotations passed to the Operator Deployment definition.
+
+Default: `[]string`
+
+### `operator.resources.limits.cpu`
+
+CPU limits for operator pods.
+
+Default: `1`
+
+### `operator.resources.limits.memory`
+
+Memory limits for operator pods.
+
+Default: `256Mi`
+
+### `operator.resources.requested.cpu`
+
+Requested CPI by Operator pods.
+
+Default: `250m`
+
+### `operator.resources.requested.memory`
+
+Requested memory for operator pods.
+
+Default: `256Mi`
+
+### `operator.replicaCount`
+
+Replication count for Operator deployment.
+
+Default: `2`
+
+### `operator.updateStrategy`
+
+Update strategy for operator pod.
+
+Default: `Recreate`
+
+### `operator.features.deployment`
+
+Define if ArangoDeployment Operator should be enabled.
+
+Default: `true`
+
+### `operator.features.deploymentReplications`
+
+Define if ArangoDeploymentReplications Operator should be enabled.
+
+Default: `true`
+
+### `operator.features.storage`
+
+Define if ArangoLocalStorage Operator should be enabled.
+
+Default: `false`
+
+### `rbac.enabled`
+
+Define if RBAC should be enabled.
+
+Default: `true`
 
 ## Alternate namespaces
 

go.mod

@@ -13,133 +13,89 @@ replace (
 )
 
 require (
-	cloud.google.com/go v0.34.0
-	github.com/Azure/go-ansiterm v0.0.0-20170929234023-d6e3b3328b78
-	github.com/Azure/go-autorest/autorest v0.1.0
-	github.com/Azure/go-autorest/autorest/adal v0.1.0
-	github.com/Azure/go-autorest/autorest/date v0.1.0
-	github.com/PuerkitoBio/purell v1.1.1
-	github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578
-	github.com/aktau/github-release v0.7.2
+	github.com/Azure/go-ansiterm v0.0.0-20170929234023-d6e3b3328b78 // indirect
+	github.com/Azure/go-autorest/autorest v0.1.0 // indirect
+	github.com/aktau/github-release v0.7.2 // indirect
 	github.com/arangodb-helper/go-certificates v0.0.0-20180821055445-9fca24fc2680
 	github.com/arangodb/arangosync-client v0.6.3
 	github.com/arangodb/go-driver v0.0.0-20190802095550-7a2c11a3ff12
 	github.com/arangodb/go-upgrade-rules v0.0.0-20180809110947-031b4774ff21
-	github.com/arangodb/go-velocypack v0.0.0-20190129082528-7896a965b4ad
-	github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a
-	github.com/beorn7/perks v1.0.0
-	github.com/bugagazavr/go-gitlab-client v0.0.0-20150830002541-e5999f934dc4
+	github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a // indirect
+	github.com/bugagazavr/go-gitlab-client v0.0.0-20150830002541-e5999f934dc4 // indirect
 	github.com/cenkalti/backoff v2.1.1+incompatible
-	github.com/cockroachdb/cmux v0.0.0-20170110192607-30d10be49292
-	github.com/coreos/bbolt v1.3.2
-	github.com/coreos/etcd v3.3.13+incompatible
+	github.com/coreos/bbolt v1.3.2 // indirect
+	github.com/coreos/etcd v3.3.13+incompatible // indirect
 	github.com/coreos/go-semver v0.3.0
-	github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e
-	github.com/coreos/pkg v0.0.0-20180928190104-399ea9e2e55f
+	github.com/coreos/pkg v0.0.0-20180928190104-399ea9e2e55f // indirect
 	github.com/coreos/prometheus-operator v0.31.1
-	github.com/cpuguy83/go-md2man v1.0.10
-	github.com/davecgh/go-spew v1.1.1
+	github.com/cpuguy83/go-md2man v1.0.10 // indirect
 	github.com/dchest/uniuri v0.0.0-20160212164326-8902c56451e9
 	github.com/dgrijalva/jwt-go v3.2.0+incompatible
-	github.com/docker/spdystream v0.0.0-20181023171402-6480d4af844c
-	github.com/docopt/docopt-go v0.0.0-20180111231733-ee0de3bc6815
-	github.com/dustin/go-broadcast v0.0.0-20171205050544-f664265f5a66
-	github.com/dustin/go-humanize v1.0.0
-	github.com/emicklei/go-restful v2.6.0+incompatible
+	github.com/docker/spdystream v0.0.0-20181023171402-6480d4af844c // indirect
+	github.com/docopt/docopt-go v0.0.0-20180111231733-ee0de3bc6815 // indirect
+	github.com/dustin/go-broadcast v0.0.0-20171205050544-f664265f5a66 // indirect
 	github.com/evanphx/json-patch v4.2.0+incompatible // indirect
-	github.com/ewoutp/go-gitlab-client v0.0.0-20150214183219-6e4464cd3221
+	github.com/ewoutp/go-gitlab-client v0.0.0-20150214183219-6e4464cd3221 // indirect
 	github.com/ghodss/yaml v1.0.0
-	github.com/gin-contrib/sse v0.0.0-20190301062529-5545eab6dad3
-	github.com/gin-gonic/autotls v0.0.0-20190406003154-fb31fc47f521
+	github.com/gin-contrib/sse v0.0.0-20190301062529-5545eab6dad3 // indirect
+	github.com/gin-gonic/autotls v0.0.0-20190406003154-fb31fc47f521 // indirect
 	github.com/gin-gonic/gin v1.3.0
-	github.com/go-kit/kit v0.8.0
-	github.com/go-openapi/analysis v0.19.0
-	github.com/go-openapi/errors v0.19.0
-	github.com/go-openapi/jsonpointer v0.19.0
-	github.com/go-openapi/jsonreference v0.19.0
-	github.com/go-openapi/loads v0.19.0
-	github.com/go-openapi/runtime v0.19.0
-	github.com/go-openapi/spec v0.18.0
-	github.com/go-openapi/strfmt v0.19.0
-	github.com/go-openapi/swag v0.18.0
-	github.com/gogo/protobuf v1.2.1
-	github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b
-	github.com/golang/groupcache v0.0.0-20190129154638-5b532d6fd5ef
-	github.com/golang/protobuf v1.3.1
-	github.com/google/btree v1.0.0
-	github.com/google/gofuzz v1.0.0
-	github.com/googleapis/gnostic v0.2.0
-	github.com/gophercloud/gophercloud v0.0.0-20190504011306-6f9faf57fddc
+	github.com/go-openapi/analysis v0.19.0 // indirect
+	github.com/go-openapi/errors v0.19.0 // indirect
+	github.com/go-openapi/loads v0.19.0 // indirect
+	github.com/go-openapi/runtime v0.19.0 // indirect
+	github.com/go-openapi/strfmt v0.19.0 // indirect
+	github.com/golang/groupcache v0.0.0-20190129154638-5b532d6fd5ef // indirect
+	github.com/google/btree v1.0.0 // indirect
+	github.com/google/gofuzz v1.0.0 // indirect
+	github.com/googleapis/gnostic v0.2.0 // indirect
+	github.com/gophercloud/gophercloud v0.0.0-20190504011306-6f9faf57fddc // indirect
 	github.com/gorilla/websocket v1.4.0 // indirect
-	github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0
-	github.com/grpc-ecosystem/grpc-gateway v1.8.5
-	github.com/hashicorp/golang-lru v0.5.1
+	github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0 // indirect
+	github.com/helm/helm v2.14.3+incompatible // indirect
+	github.com/inconshreveable/mousetrap v1.0.0 // indirect
 	github.com/jessevdk/go-assets v0.0.0-20160921144138-4f4301a06e15
 	github.com/jessevdk/go-assets-builder v0.0.0-20130903091706-b8483521738f // indirect
-	github.com/jessevdk/go-flags v1.4.0
-	github.com/jonboulle/clockwork v0.1.0
-	github.com/juju/errgo v0.0.0-20140925100237-08cceb5d0b53
+	github.com/jessevdk/go-flags v1.4.0 // indirect
+	github.com/jonboulle/clockwork v0.1.0 // indirect
+	github.com/juju/errgo v0.0.0-20140925100237-08cceb5d0b53 // indirect
 	github.com/julienschmidt/httprouter v1.2.0
-	github.com/kr/pretty v0.1.0
-	github.com/mailru/easyjson v0.0.0-20190312143242-1de009706dbe
-	github.com/manucorporat/stats v0.0.0-20180402194714-3ba42d56d227
-	github.com/mattn/go-colorable v0.1.1
-	github.com/mattn/go-isatty v0.0.7
-	github.com/matttproud/golang_protobuf_extensions v1.0.1
-	github.com/mgutz/ansi v0.0.0-20170206155736-9520e82c474b
-	github.com/mitchellh/go-homedir v1.1.0
-	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd
-	github.com/modern-go/reflect2 v1.0.1
-	github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223
-	github.com/op/go-logging v0.0.0-20160315200505-970db520ece7
-	github.com/pavel-v-chernykh/keystore-go v2.1.0+incompatible
-	github.com/peterbourgon/diskv v2.0.1+incompatible
+	github.com/manucorporat/stats v0.0.0-20180402194714-3ba42d56d227 // indirect
+	github.com/mattn/go-colorable v0.1.1 // indirect
+	github.com/mattn/go-isatty v0.0.7 // indirect
+	github.com/mgutz/ansi v0.0.0-20170206155736-9520e82c474b // indirect
+	github.com/op/go-logging v0.0.0-20160315200505-970db520ece7 // indirect
+	github.com/peterbourgon/diskv v2.0.1+incompatible // indirect
 	github.com/pkg/errors v0.8.1
-	github.com/pmezard/go-difflib v1.0.0
 	github.com/prometheus/client_golang v1.0.0
-	github.com/pulcy/pulsar v0.0.0-20180915062927-71ea24b0ec2f
+	github.com/pulcy/pulsar v0.0.0-20180915062927-71ea24b0ec2f // indirect
 	github.com/rs/zerolog v1.14.3
-	github.com/russross/blackfriday v2.0.0+incompatible
-	github.com/shurcooL/sanitized_anchor_name v1.0.0
-	github.com/sirupsen/logrus v1.4.2
-	github.com/sourcegraph/go-vcsurl v0.0.0-20161114165620-2305ecca26ab
+	github.com/russross/blackfriday v2.0.0+incompatible // indirect
+	github.com/shurcooL/sanitized_anchor_name v1.0.0 // indirect
+	github.com/sourcegraph/go-vcsurl v0.0.0-20161114165620-2305ecca26ab // indirect
 	github.com/spf13/cobra v0.0.3
 	github.com/spf13/pflag v1.0.3
-	github.com/spf13/viper v1.3.2
-	github.com/stretchr/objx v0.1.1
+	github.com/spf13/viper v1.3.2 // indirect
 	github.com/stretchr/testify v1.3.0
-	github.com/thinkerou/favicon v0.1.0
+	github.com/thinkerou/favicon v0.1.0 // indirect
 	github.com/tmc/grpc-websocket-proxy v0.0.0-20190109142713-0ad062ec5ee5 // indirect
-	github.com/tomnomnom/linkheader v0.0.0-20180905144013-02ca5825eb80
+	github.com/tomnomnom/linkheader v0.0.0-20180905144013-02ca5825eb80 // indirect
 	github.com/ugorji/go v1.1.4 // indirect
-	github.com/ugorji/go/codec v0.0.0-20181209151446-772ced7fd4c2
-	github.com/voxelbrain/goptions v0.0.0-20180630082107-58cddc247ea2
-	github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2
+	github.com/voxelbrain/goptions v0.0.0-20180630082107-58cddc247ea2 // indirect
+	github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2 // indirect
 	go.uber.org/atomic v1.4.0 // indirect
 	go.uber.org/multierr v1.1.0 // indirect
 	go.uber.org/zap v1.10.0 // indirect
-	golang.org/x/crypto v0.0.0-20190513172903-22d7a77e9e5f
-	golang.org/x/net v0.0.0-20190522155817-f3200d17e092
-	golang.org/x/oauth2 v0.0.0-20190402181905-9f3314589c9a
-	golang.org/x/sync v0.0.0-20190423024810-112230192c58
 	golang.org/x/sys v0.0.0-20190506115046-ca7f33d4116e
-	golang.org/x/text v0.3.1
-	golang.org/x/time v0.0.0-20190308202827-9d24e82272b4
-	golang.org/x/tools v0.0.0-20190425163242-31fd60d6bfdc
+	golang.org/x/time v0.0.0-20190308202827-9d24e82272b4 // indirect
 	google.golang.org/api v0.4.0 // indirect
-	google.golang.org/genproto v0.0.0-20190502173448-54afdca5d873
-	google.golang.org/grpc v1.20.1
-	gopkg.in/alecthomas/kingpin.v2 v2.2.6
-	gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127
-	gopkg.in/go-playground/assert.v1 v1.2.1
-	gopkg.in/go-playground/validator.v8 v8.18.2
-	gopkg.in/sourcegraph/go-vcsurl.v1 v1.0.0-20131114132947-6b12603ea6fd
-	gopkg.in/yaml.v2 v2.2.2
+	google.golang.org/genproto v0.0.0-20190502173448-54afdca5d873 // indirect
+	google.golang.org/grpc v1.20.1 // indirect
+	gopkg.in/sourcegraph/go-vcsurl.v1 v1.0.0-20131114132947-6b12603ea6fd // indirect
 	k8s.io/api v0.0.0-20190409021203-6e4e0e4f393b
 	k8s.io/apiextensions-apiserver v0.0.0-20190409022649-727a075fdec8
 	k8s.io/apimachinery v0.0.0-20190404173353-6a84e37a896d
 	k8s.io/client-go v11.0.0+incompatible
-	k8s.io/gengo v0.0.0-20190327210449-e17681d19d3a
 	k8s.io/klog v0.3.0
 	k8s.io/kube-openapi v0.0.0-20190502190224-411b2483e503 // indirect
 	k8s.io/utils v0.0.0-20190506122338-8fab8cb257d5 // indirect

go.sum

@@ -349,10 +349,12 @@ github.com/hashicorp/logutils v1.0.0/go.mod h1:QIAnNjmIWmVIIkWDTG1z5v++HQmx9WQRO
 github.com/hashicorp/mdns v1.0.0/go.mod h1:tL+uN++7HEJ6SQLQ2/p+z2pH24WQKWjBPkE0mNTz8vQ=
 github.com/hashicorp/memberlist v0.1.3/go.mod h1:ajVTdAv/9Im8oMAAj5G31PhhMCZJV2pPBoIllUwCN7I=
 github.com/hashicorp/serf v0.8.2/go.mod h1:6hOLApaqBFA1NXqRQAsxw9QxuDEvNxSQRwA/JwenrHc=
+github.com/helm/helm v2.14.3+incompatible/go.mod h1:ahXhuvluW4YnSL6W6hDVetZsVK8Pv4BP8OwKli7aMqo=
 github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU=
 github.com/imdario/mergo v0.3.5/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA=
 github.com/improbable-eng/thanos v0.3.2/go.mod h1:GZewVGILKuJVPNRn7L4Zw+7X96qzFOwj63b22xYGXBE=
 github.com/improbable-eng/thanos v0.5.0/go.mod h1:RXlsWB7YlTbhIod//QDyd5cBZsnEN0jROXZJY/ol4nk=
+github.com/inconshreveable/mousetrap v1.0.0 h1:Z8tu5sraLXCXIcARxBp/8cbvlwVa7Z1NHg9XEKhtSvM=
 github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8=
 github.com/influxdata/influxdb v0.0.0-20170331210902-15e594fc09f1/go.mod h1:qZna6X/4elxqT3yI9iZYdZrWWdeFOOprn86kgg4+IzY=
 github.com/jackc/fake v0.0.0-20150926172116-812a484cc733/go.mod h1:WrMFNQdiFJ80sQsxDoMokWK1W5TQtxBFNpzWTD84ibQ=
@@ -728,6 +730,7 @@ google.golang.org/api v0.3.2/go.mod h1:6wY9I6uQWHQ8EM57III9mq/AjF+i8G65rmVagqKMt
 google.golang.org/api v0.4.0 h1:KKgc1aqhV8wDPbDzlDtpvyjZFY3vjz85FP7p4wcQUyI=
 google.golang.org/api v0.4.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE=
 google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
+google.golang.org/appengine v1.4.0 h1:/wp5JvzpHIxhs/dumFmF7BXTf3Z+dd4uXta4kVyO508=
 google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
 google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
 google.golang.org/genproto v0.0.0-20170731182057-09f6ed296fc6/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=

main.go

@@ -205,13 +205,23 @@ func cmdMainRun(cmd *cobra.Command, args []string) {
 		AdminSecretName:    serverOptions.adminSecretName,
 		AllowAnonymous:     serverOptions.allowAnonymous,
 	}, server.Dependencies{
-		Log:                        logService.MustGetLogger("server"),
-		LivenessProbe:              &livenessProbe,
-		DeploymentProbe:            &deploymentProbe,
-		DeploymentReplicationProbe: &deploymentReplicationProbe,
-		StorageProbe:               &storageProbe,
-		Operators:                  o,
-		Secrets:                    secrets,
+		Log:                   logService.MustGetLogger("server"),
+		LivenessProbe:         &livenessProbe,
+		Deployment:            server.OperatorDependency{
+			Enabled: cfg.EnableDeployment,
+			Probe:   &deploymentProbe,
+		},
+		DeploymentReplication: server.OperatorDependency{
+			Enabled: cfg.EnableDeploymentReplication,
+			Probe:   &deploymentReplicationProbe,
+		},
+		Storage: server.OperatorDependency{
+			Enabled: cfg.EnableStorage,
+			Probe:   &storageProbe,
+		},
+		Operators:             o,
+
+		Secrets:               secrets,
 	}); err != nil {
 		cliLog.Fatal().Err(err).Msg("Failed to create HTTP server")
 	} else {

manifests/.gitignore

@@ -1,5 +1 @@
-arango-deployment-dev.yaml
-arango-deployment-replication-dev.yaml
-arango-storage-dev.yaml
-arango-test-dev.yaml
-arango-crd-dev.yaml
+*-dev.yaml

manifests/arango-crd.yaml

@@ -1,38 +1,47 @@
-## crd/deployment.yaml
-apiVersion: apiextensions.k8s.io/v1beta1
-kind: CustomResourceDefinition
-metadata:
-  name: arangodeployments.database.arangodb.com
-spec:
-  group: database.arangodb.com
-  names:
-    kind: ArangoDeployment
-    listKind: ArangoDeploymentList
-    plural: arangodeployments
-    shortNames:
-    - arangodb
-    - arango
-    singular: arangodeployment
-  scope: Namespaced
-  version: v1alpha
-
-
 ---
-
-## crd/deployment-replication.yaml
+# Source: kube-arangodb-crd/templates/deployment-replications.yaml
 apiVersion: apiextensions.k8s.io/v1beta1
 kind: CustomResourceDefinition
 metadata:
-  name: arangodeploymentreplications.replication.database.arangodb.com
+    name: arangodeploymentreplications.replication.database.arangodb.com
+    labels:
+        app.kubernetes.io/name: kube-arangodb-crd
+        helm.sh/chart: kube-arangodb-crd-1.0.0
+        app.kubernetes.io/managed-by: Tiller
+        app.kubernetes.io/instance: crd
+        release: crd
 spec:
-  group: replication.database.arangodb.com
-  names:
-    kind: ArangoDeploymentReplication
-    listKind: ArangoDeploymentReplicationList
-    plural: arangodeploymentreplications
-    shortNames:
-    - arangorepl
-    singular: arangodeploymentreplication
-  scope: Namespaced
-  version: v1alpha
-
+    group: replication.database.arangodb.com
+    names:
+        kind: ArangoDeploymentReplication
+        listKind: ArangoDeploymentReplicationList
+        plural: arangodeploymentreplications
+        shortNames:
+            - arangorepl
+        singular: arangodeploymentreplication
+    scope: Namespaced
+    version: v1alpha
+---
+# Source: kube-arangodb-crd/templates/deployment.yaml
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+    name: arangodeployments.database.arangodb.com
+    labels:
+        app.kubernetes.io/name: kube-arangodb-crd
+        helm.sh/chart: kube-arangodb-crd-1.0.0
+        app.kubernetes.io/managed-by: Tiller
+        app.kubernetes.io/instance: crd
+        release: crd
+spec:
+    group: database.arangodb.com
+    names:
+        kind: ArangoDeployment
+        listKind: ArangoDeploymentList
+        plural: arangodeployments
+        shortNames:
+            - arangodb
+            - arango
+        singular: arangodeployment
+    scope: Namespaced
+    version: v1alpha

manifests/arango-deployment-replication.yaml

@@ -1,178 +1,256 @@
-## deployment-replication/rbac.yaml
-
-
-
-## Cluster role granting access to ArangoDeploymentReplication resources.
-apiVersion: rbac.authorization.k8s.io/v1beta1
-kind: ClusterRole
-metadata:
-  name: arango-deployment-replications
-rules:
-- apiGroups: ["replication.database.arangodb.com"]
-  resources: ["arangodeploymentreplications"]
-  verbs: ["*"]
-
 ---
-
-## Cluster role granting access to all resources needed by the ArangoDeploymentReplication operator.
-apiVersion: rbac.authorization.k8s.io/v1beta1
-kind: ClusterRole
+# Source: kube-arangodb/templates/service-account.yaml
+apiVersion: v1
+kind: ServiceAccount
 metadata:
   name: arango-deployment-replication-operator
-rules:
-- apiGroups: ["replication.database.arangodb.com"]
-  resources: ["arangodeploymentreplications"]
-  verbs: ["*"]
-- apiGroups: ["database.arangodb.com"]
-  resources: ["arangodeployments"]
-  verbs: ["get"]
-- apiGroups: ["apiextensions.k8s.io"]
-  resources: ["customresourcedefinitions"]
-  verbs: ["get"]
-- apiGroups: [""]
-  resources: ["pods", "services", "endpoints", "persistentvolumeclaims", "events", "secrets"]
-  verbs: ["*"]
-- apiGroups: [""]
-  resources: ["namespaces", "nodes"]
-  verbs: ["get", "list"]
-- apiGroups: ["apps"]
-  resources: ["deployments", "replicasets"]
-  verbs: ["get"]
-
+  namespace: default
+  labels:
+      app.kubernetes.io/name: kube-arangodb
+      helm.sh/chart: kube-arangodb-1.0.0
+      app.kubernetes.io/managed-by: Tiller
+      app.kubernetes.io/instance: deployment-replication
+      release: deployment-replication
 ---
-
-## Bind the cluster role granting access to ArangoDeploymentReplication resources
-## to the default service account of the configured namespace.
-apiVersion: rbac.authorization.k8s.io/v1beta1
-kind: RoleBinding
+# Source: kube-arangodb/templates/deployment-replications-operator/cluster-role.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
 metadata:
-  name: arango-deployment-replications
-  namespace: default
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: arango-deployment-replications
-subjects:
-- kind: ServiceAccount
-  name: default
-  namespace: default
-
+    name: arango-deployment-replication-operator-rbac-deployment-replication
+    namespace: default
+    labels:
+        app.kubernetes.io/name: kube-arangodb
+        helm.sh/chart: kube-arangodb-1.0.0
+        app.kubernetes.io/managed-by: Tiller
+        app.kubernetes.io/instance: deployment-replication
+        release: deployment-replication
+rules:
+    - apiGroups: ["apiextensions.k8s.io"]
+      resources: ["customresourcedefinitions"]
+      verbs: ["get"]
+    - apiGroups: [""]
+      resources: ["namespaces", "nodes"]
+      verbs: ["get", "list"]
 ---
-
-## Bind the cluster role granting access to all resources needed by 
-## the ArangoDeploymentReplication operator to the default service account
-## the is being used to run the operator deployment.
-apiVersion: rbac.authorization.k8s.io/v1beta1
+# Source: kube-arangodb/templates/deployment-replications-operator/cluster-role-binding.yaml
+apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
-  name: arango-deployment-replication-operator-default
+    name: arango-deployment-replication-operator-rbac-deployment-replication
+    namespace: default
+    labels:
+        app.kubernetes.io/name: kube-arangodb
+        helm.sh/chart: kube-arangodb-1.0.0
+        app.kubernetes.io/managed-by: Tiller
+        app.kubernetes.io/instance: deployment-replication
+        release: deployment-replication
 roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: arango-deployment-replication-operator
+    apiGroup: rbac.authorization.k8s.io
+    kind: ClusterRole
+    name: arango-deployment-replication-operator-rbac-deployment-replication
 subjects:
-- kind: ServiceAccount
-  name: default
-  namespace: default
-
-
-
-
-
+    - kind: ServiceAccount
+      name: arango-deployment-replication-operator
+      namespace: default
 ---
-
-## deployment-replication/deployment-replication.yaml
-
-
-apiVersion: extensions/v1beta1
-kind: Deployment
+# Source: kube-arangodb/templates/deployment-replications-operator/role.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
 metadata:
-  name: arango-deployment-replication-operator
-  namespace: default
-spec:
-  replicas: 2
-  strategy:
-    type: Recreate
-  template:
-    metadata:
-      labels:
-        name: arango-deployment-replication-operator
-        app: arango-deployment-replication-operator
-    spec:
-      serviceAccountName: default
-      containers:
-      - name: operator
-        imagePullPolicy: IfNotPresent
-        image: arangodb/kube-arangodb@sha256:8de8cba7727bf4bf2b9f5ac943418afb4a139cfc51627a57a6e5febdbc8fbcb2
-        args:
-          - --operator.deployment-replication
-        env:
-        - name: MY_POD_NAMESPACE
-          valueFrom:
-            fieldRef:
-              fieldPath: metadata.namespace
-        - name: MY_POD_NAME
-          valueFrom:
-            fieldRef:
-              fieldPath: metadata.name
-        - name: MY_POD_IP
-          valueFrom:
-            fieldRef:
-              fieldPath: status.podIP
-        ports:
-        - name: metrics
-          containerPort: 8528
-        livenessProbe:
-          httpGet:
-            path: /health
-            port: 8528
-            scheme: HTTPS
-          initialDelaySeconds: 5
-          periodSeconds: 10
-        readinessProbe:
-          httpGet:
-            path: /ready/deployment-replication
-            port: 8528
-            scheme: HTTPS
-          initialDelaySeconds: 5
-          periodSeconds: 10
-      tolerations:
-      - key: "node.kubernetes.io/unreachable"
-        operator: "Exists"
-        effect: "NoExecute"
-        tolerationSeconds: 5
-      - key: "node.kubernetes.io/not-ready"
-        operator: "Exists"
-        effect: "NoExecute"
-        tolerationSeconds: 5
-
-
-
-
+    name: arango-deployment-replication-operator-rbac-deployment-replication
+    namespace: default
+    labels:
+        app.kubernetes.io/name: kube-arangodb
+        helm.sh/chart: kube-arangodb-1.0.0
+        app.kubernetes.io/managed-by: Tiller
+        app.kubernetes.io/instance: deployment-replication
+        release: deployment-replication
+rules:
+    - apiGroups: ["replication.database.arangodb.com"]
+      resources: ["arangodeploymentreplications"]
+      verbs: ["*"]
+    - apiGroups: ["database.arangodb.com"]
+      resources: ["arangodeployments"]
+      verbs: ["get"]
+    - apiGroups: [""]
+      resources: ["pods", "services", "endpoints", "persistentvolumeclaims", "events", "secrets"]
+      verbs: ["*"]
+    - apiGroups: ["apps"]
+      resources: ["deployments", "replicasets"]
+      verbs: ["get"]
 ---
-
-## deployment-replication/service.yaml
-
-
+# Source: kube-arangodb/templates/deployment-replications-operator/role-binding.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+    name: arango-deployment-replication-operator-rbac-deployment-replication
+    namespace: default
+    labels:
+        app.kubernetes.io/name: kube-arangodb
+        helm.sh/chart: kube-arangodb-1.0.0
+        app.kubernetes.io/managed-by: Tiller
+        app.kubernetes.io/instance: deployment-replication
+        release: deployment-replication
+roleRef:
+    apiGroup: rbac.authorization.k8s.io
+    kind: Role
+    name: arango-deployment-replication-operator-rbac-deployment-replication
+subjects:
+    - kind: ServiceAccount
+      name: arango-deployment-replication-operator
+      namespace: default
+---
+# Source: kube-arangodb/templates/service.yaml
 apiVersion: v1
 kind: Service
 metadata:
   name: arango-deployment-replication-operator
   namespace: default
   labels:
-    name: arango-deployment-replication-operator
-    app: arango-deployment-replication-operator
+    app.kubernetes.io/name: kube-arangodb
+    helm.sh/chart: kube-arangodb-1.0.0
+    app.kubernetes.io/managed-by: Tiller
+    app.kubernetes.io/instance: deployment-replication
+    release: deployment-replication
 spec:
   ports:
-  - name: server
-    port: 8528
-    protocol: TCP
-    targetPort: 8528
+    - name: server
+      port: 8528
+      protocol: TCP
+      targetPort: 8528
   selector:
-    name: arango-deployment-replication-operator
-    app: arango-deployment-replication-operator
+    app.kubernetes.io/name: kube-arangodb
+    app.kubernetes.io/managed-by: Tiller
+    app.kubernetes.io/instance: deployment-replication
+    release: deployment-replication
     role: leader
   type: ClusterIP
+---
+# Source: kube-arangodb/templates/deployment.yaml
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+    name: arango-deployment-replication-operator
+    namespace: default
+    labels:
+        app.kubernetes.io/name: kube-arangodb
+        helm.sh/chart: kube-arangodb-1.0.0
+        app.kubernetes.io/managed-by: Tiller
+        app.kubernetes.io/instance: deployment-replication
+        release: deployment-replication
+spec:
+    replicas: 2
+    strategy:
+        type: Recreate
+        
+    selector:
+        matchLabels:
+            app.kubernetes.io/name: kube-arangodb
+            app.kubernetes.io/managed-by: Tiller
+            app.kubernetes.io/instance: deployment-replication
+            release: deployment-replication
+    template:
+        metadata:
+            labels:
+                app.kubernetes.io/name: kube-arangodb
+                helm.sh/chart: kube-arangodb-1.0.0
+                app.kubernetes.io/managed-by: Tiller
+                app.kubernetes.io/instance: deployment-replication
+                release: deployment-replication
+        spec:
+            serviceAccountName: arango-deployment-replication-operator
+            affinity:
+              nodeAffinity:
+                requiredDuringSchedulingIgnoredDuringExecution:
+                  nodeSelectorTerms:
+                    - matchExpressions:
+                        - key: beta.kubernetes.io/arch
+                          operator: In
+                          values:
+                            - amd64
+            containers:
+                - name: operator
+                  imagePullPolicy: Always
+                  image: arangodb/kube-arangodb@sha256:8de8cba7727bf4bf2b9f5ac943418afb4a139cfc51627a57a6e5febdbc8fbcb2
+                  args:
+                    - --operator.deployment-replication
+                    - --chaos.allowed=false
+                  env:
+                      - name: MY_POD_NAMESPACE
+                        valueFrom:
+                            fieldRef:
+                                fieldPath: metadata.namespace
+                      - name: MY_POD_NAME
+                        valueFrom:
+                            fieldRef:
+                                fieldPath: metadata.name
+                      - name: MY_POD_IP
+                        valueFrom:
+                            fieldRef:
+                                fieldPath: status.podIP
+                  ports:
+                      - name: metrics
+                        containerPort: 8528
+                  securityContext:
+                    capabilities:
+                      drop:
+                        - 'ALL'
+                  resources:
+                      limits:
+                        cpu: 1
+                        memory: 256Mi
+                      requests:
+                        cpu: 250m
+                        memory: 256Mi
+                      
+                  livenessProbe:
+                      httpGet:
+                          path: /health
+                          port: 8528
+                          scheme: HTTPS
+                      initialDelaySeconds: 5
+                      periodSeconds: 10
+                  readinessProbe:
+                      httpGet:
+                          path: /ready
+                          port: 8528
+                          scheme: HTTPS
+                      initialDelaySeconds: 5
+                      periodSeconds: 10
+            tolerations:
+                - key: "node.kubernetes.io/unreachable"
+                  operator: "Exists"
+                  effect: "NoExecute"
+                  tolerationSeconds: 5
+                - key: "node.kubernetes.io/not-ready"
+                  operator: "Exists"
+                  effect: "NoExecute"
+                  tolerationSeconds: 5
 
+---
+# Source: kube-arangodb/templates/deployment-operator/cluster-role-binding.yaml
 
+---
+# Source: kube-arangodb/templates/deployment-operator/cluster-role.yaml
+
+---
+# Source: kube-arangodb/templates/deployment-operator/role-binding.yaml
+
+---
+# Source: kube-arangodb/templates/deployment-operator/role.yaml
+
+---
+# Source: kube-arangodb/templates/storage-operator/cluster-role-binding.yaml
+
+---
+# Source: kube-arangodb/templates/storage-operator/cluster-role.yaml
+
+---
+# Source: kube-arangodb/templates/storage-operator/crd.yaml
+
+---
+# Source: kube-arangodb/templates/storage-operator/role-binding.yaml
+
+---
+# Source: kube-arangodb/templates/storage-operator/role.yaml
 

manifests/arango-deployment.yaml

@@ -1,186 +1,262 @@
-## deployment/rbac.yaml
-
-
-
-## Cluster role granting access to ArangoDeployment resources.
-apiVersion: rbac.authorization.k8s.io/v1beta1
-kind: ClusterRole
-metadata:
-  name: arango-deployments
-rules:
-- apiGroups: ["database.arangodb.com"]
-  resources: ["arangodeployments"]
-  verbs: ["*"]
-
 ---
-
-## Cluster role granting access to all resources needed by the ArangoDeployment operator.
-apiVersion: rbac.authorization.k8s.io/v1beta1
-kind: ClusterRole
+# Source: kube-arangodb/templates/service-account.yaml
+apiVersion: v1
+kind: ServiceAccount
 metadata:
   name: arango-deployment-operator
-rules:
-- apiGroups: ["database.arangodb.com"]
-  resources: ["arangodeployments"]
-  verbs: ["*"]
-- apiGroups: ["apiextensions.k8s.io"]
-  resources: ["customresourcedefinitions"]
-  verbs: ["get", "list", "watch"]
-- apiGroups: [""]
-  resources: ["pods", "services", "endpoints", "persistentvolumeclaims", "events", "secrets"]
-  verbs: ["*"]
-- apiGroups: [""]
-  resources: ["namespaces", "nodes"]
-  verbs: ["get", "list"]
-- apiGroups: ["apps"]
-  resources: ["deployments", "replicasets"]
-  verbs: ["get"]
-- apiGroups: ["policy"]
-  resources: ["poddisruptionbudgets"]
-  verbs: ["get", "create", "delete"]
-- apiGroups: ["storage.k8s.io"]
-  resources: ["storageclasses"]
-  verbs: ["get", "list"]
-- apiGroups: ["monitoring.coreos.com"]
-  resources: ["servicemonitors"]
-  verbs: ["get", "create", "delete"]
-  
-
+  namespace: default
+  labels:
+      app.kubernetes.io/name: kube-arangodb
+      helm.sh/chart: kube-arangodb-1.0.0
+      app.kubernetes.io/managed-by: Tiller
+      app.kubernetes.io/instance: deployment
+      release: deployment
 ---
-
-## Bind the cluster role granting access to ArangoDeployment resources
-## to the default service account of the configured namespace.
-apiVersion: rbac.authorization.k8s.io/v1beta1
-kind: RoleBinding
+# Source: kube-arangodb/templates/deployment-operator/cluster-role.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
 metadata:
-  name: arango-deployments
-  namespace: default
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: arango-deployments
-subjects:
-- kind: ServiceAccount
-  name: default
-  namespace: default
-
+    name: arango-deployment-operator-rbac-deployment
+    namespace: default
+    labels:
+        app.kubernetes.io/name: kube-arangodb
+        helm.sh/chart: kube-arangodb-1.0.0
+        app.kubernetes.io/managed-by: Tiller
+        app.kubernetes.io/instance: deployment
+        release: deployment
+rules:
+    - apiGroups: ["apiextensions.k8s.io"]
+      resources: ["customresourcedefinitions"]
+      verbs: ["get", "list", "watch"]
+    - apiGroups: [""]
+      resources: ["namespaces", "nodes"]
+      verbs: ["get", "list"]
+    - apiGroups: ["storage.k8s.io"]
+      resources: ["storageclasses"]
+      verbs: ["get", "list"]
 ---
-
-## Bind the cluster role granting access to all resources needed by 
-## the ArangoDeployment operator to the default service account
-## the is being used to run the operator deployment.
-apiVersion: rbac.authorization.k8s.io/v1beta1
+# Source: kube-arangodb/templates/deployment-operator/cluster-role-binding.yaml
+apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
-  name: arango-deployment-operator-default
+    name: arango-deployment-operator-rbac-deployment
+    namespace: default
+    labels:
+        app.kubernetes.io/name: kube-arangodb
+        helm.sh/chart: kube-arangodb-1.0.0
+        app.kubernetes.io/managed-by: Tiller
+        app.kubernetes.io/instance: deployment
+        release: deployment
 roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: arango-deployment-operator
+    apiGroup: rbac.authorization.k8s.io
+    kind: ClusterRole
+    name: arango-deployment-operator-rbac-deployment
 subjects:
-- kind: ServiceAccount
-  name: default
-  namespace: default
-
-
-
-
-
+    - kind: ServiceAccount
+      name: arango-deployment-operator
+      namespace: default
 ---
-
-## deployment/deployment.yaml
-
-
-apiVersion: extensions/v1beta1
-kind: Deployment
+# Source: kube-arangodb/templates/deployment-operator/role.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
 metadata:
-  name: arango-deployment-operator
-  namespace: default
-spec:
-  replicas: 2
-  strategy:
-    type: Recreate
-  template:
-    metadata:
-      labels:
-        name: arango-deployment-operator
-        app: arango-deployment-operator
-    spec:
-      serviceAccountName: default
-      containers:
-      - name: operator
-        imagePullPolicy: IfNotPresent
-        image: arangodb/kube-arangodb@sha256:8de8cba7727bf4bf2b9f5ac943418afb4a139cfc51627a57a6e5febdbc8fbcb2
-        args:
-          - --operator.deployment
-          - --chaos.allowed=false
-        env:
-        - name: MY_POD_NAMESPACE
-          valueFrom:
-            fieldRef:
-              fieldPath: metadata.namespace
-        - name: MY_POD_NAME
-          valueFrom:
-            fieldRef:
-              fieldPath: metadata.name
-        - name: MY_POD_IP
-          valueFrom:
-            fieldRef:
-              fieldPath: status.podIP
-        ports:
-        - name: metrics
-          containerPort: 8528
-        livenessProbe:
-          httpGet:
-            path: /health
-            port: 8528
-            scheme: HTTPS
-          initialDelaySeconds: 5
-          periodSeconds: 10
-        readinessProbe:
-          httpGet:
-            path: /ready/deployment
-            port: 8528
-            scheme: HTTPS
-          initialDelaySeconds: 5
-          periodSeconds: 10
-      tolerations:
-      - key: "node.kubernetes.io/unreachable"
-        operator: "Exists"
-        effect: "NoExecute"
-        tolerationSeconds: 5
-      - key: "node.kubernetes.io/not-ready"
-        operator: "Exists"
-        effect: "NoExecute"
-        tolerationSeconds: 5
-
-
-
-
+    name: arango-deployment-operator-rbac-deployment
+    namespace: default
+    labels:
+        app.kubernetes.io/name: kube-arangodb
+        helm.sh/chart: kube-arangodb-1.0.0
+        app.kubernetes.io/managed-by: Tiller
+        app.kubernetes.io/instance: deployment
+        release: deployment
+rules:
+    - apiGroups: ["database.arangodb.com"]
+      resources: ["arangodeployments"]
+      verbs: ["*"]
+    - apiGroups: [""]
+      resources: ["pods", "services", "endpoints", "persistentvolumeclaims", "events", "secrets"]
+      verbs: ["*"]
+    - apiGroups: ["apps"]
+      resources: ["deployments", "replicasets"]
+      verbs: ["get"]
+    - apiGroups: ["policy"]
+      resources: ["poddisruptionbudgets"]
+      verbs: ["get", "create", "delete"]
+    - apiGroups: ["monitoring.coreos.com"]
+      resources: ["servicemonitors"]
+      verbs: ["get", "create", "delete"]
 ---
-
-## deployment/service.yaml
-
-
+# Source: kube-arangodb/templates/deployment-operator/role-binding.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+    name: arango-deployment-operator-rbac-deployment
+    namespace: default
+    labels:
+        app.kubernetes.io/name: kube-arangodb
+        helm.sh/chart: kube-arangodb-1.0.0
+        app.kubernetes.io/managed-by: Tiller
+        app.kubernetes.io/instance: deployment
+        release: deployment
+roleRef:
+    apiGroup: rbac.authorization.k8s.io
+    kind: Role
+    name: arango-deployment-operator-rbac-deployment
+subjects:
+    - kind: ServiceAccount
+      name: arango-deployment-operator
+      namespace: default
+---
+# Source: kube-arangodb/templates/service.yaml
 apiVersion: v1
 kind: Service
 metadata:
   name: arango-deployment-operator
   namespace: default
   labels:
-    name: arango-deployment-operator
-    app: arango-deployment-operator
+    app.kubernetes.io/name: kube-arangodb
+    helm.sh/chart: kube-arangodb-1.0.0
+    app.kubernetes.io/managed-by: Tiller
+    app.kubernetes.io/instance: deployment
+    release: deployment
 spec:
   ports:
-  - name: server
-    port: 8528
-    protocol: TCP
-    targetPort: 8528
+    - name: server
+      port: 8528
+      protocol: TCP
+      targetPort: 8528
   selector:
-    name: arango-deployment-operator
-    app: arango-deployment-operator
+    app.kubernetes.io/name: kube-arangodb
+    app.kubernetes.io/managed-by: Tiller
+    app.kubernetes.io/instance: deployment
+    release: deployment
     role: leader
   type: ClusterIP
+---
+# Source: kube-arangodb/templates/deployment.yaml
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+    name: arango-deployment-operator
+    namespace: default
+    labels:
+        app.kubernetes.io/name: kube-arangodb
+        helm.sh/chart: kube-arangodb-1.0.0
+        app.kubernetes.io/managed-by: Tiller
+        app.kubernetes.io/instance: deployment
+        release: deployment
+spec:
+    replicas: 2
+    strategy:
+        type: Recreate
+        
+    selector:
+        matchLabels:
+            app.kubernetes.io/name: kube-arangodb
+            app.kubernetes.io/managed-by: Tiller
+            app.kubernetes.io/instance: deployment
+            release: deployment
+    template:
+        metadata:
+            labels:
+                app.kubernetes.io/name: kube-arangodb
+                helm.sh/chart: kube-arangodb-1.0.0
+                app.kubernetes.io/managed-by: Tiller
+                app.kubernetes.io/instance: deployment
+                release: deployment
+        spec:
+            serviceAccountName: arango-deployment-operator
+            affinity:
+              nodeAffinity:
+                requiredDuringSchedulingIgnoredDuringExecution:
+                  nodeSelectorTerms:
+                    - matchExpressions:
+                        - key: beta.kubernetes.io/arch
+                          operator: In
+                          values:
+                            - amd64
+            containers:
+                - name: operator
+                  imagePullPolicy: Always
+                  image: arangodb/kube-arangodb@sha256:8de8cba7727bf4bf2b9f5ac943418afb4a139cfc51627a57a6e5febdbc8fbcb2
+                  args:
+                    - --operator.deployment
+                    - --chaos.allowed=false
+                  env:
+                      - name: MY_POD_NAMESPACE
+                        valueFrom:
+                            fieldRef:
+                                fieldPath: metadata.namespace
+                      - name: MY_POD_NAME
+                        valueFrom:
+                            fieldRef:
+                                fieldPath: metadata.name
+                      - name: MY_POD_IP
+                        valueFrom:
+                            fieldRef:
+                                fieldPath: status.podIP
+                  ports:
+                      - name: metrics
+                        containerPort: 8528
+                  securityContext:
+                    capabilities:
+                      drop:
+                        - 'ALL'
+                  resources:
+                      limits:
+                        cpu: 1
+                        memory: 256Mi
+                      requests:
+                        cpu: 250m
+                        memory: 256Mi
+                      
+                  livenessProbe:
+                      httpGet:
+                          path: /health
+                          port: 8528
+                          scheme: HTTPS
+                      initialDelaySeconds: 5
+                      periodSeconds: 10
+                  readinessProbe:
+                      httpGet:
+                          path: /ready
+                          port: 8528
+                          scheme: HTTPS
+                      initialDelaySeconds: 5
+                      periodSeconds: 10
+            tolerations:
+                - key: "node.kubernetes.io/unreachable"
+                  operator: "Exists"
+                  effect: "NoExecute"
+                  tolerationSeconds: 5
+                - key: "node.kubernetes.io/not-ready"
+                  operator: "Exists"
+                  effect: "NoExecute"
+                  tolerationSeconds: 5
 
+---
+# Source: kube-arangodb/templates/deployment-replications-operator/cluster-role-binding.yaml
 
+---
+# Source: kube-arangodb/templates/deployment-replications-operator/cluster-role.yaml
+
+---
+# Source: kube-arangodb/templates/deployment-replications-operator/role-binding.yaml
+
+---
+# Source: kube-arangodb/templates/deployment-replications-operator/role.yaml
+
+---
+# Source: kube-arangodb/templates/storage-operator/cluster-role-binding.yaml
+
+---
+# Source: kube-arangodb/templates/storage-operator/cluster-role.yaml
+
+---
+# Source: kube-arangodb/templates/storage-operator/crd.yaml
+
+---
+# Source: kube-arangodb/templates/storage-operator/role-binding.yaml
+
+---
+# Source: kube-arangodb/templates/storage-operator/role.yaml
 

manifests/arango-storage.yaml

@@ -1,216 +1,285 @@
-## storage/crd.yaml
-apiVersion: apiextensions.k8s.io/v1beta1
-kind: CustomResourceDefinition
-metadata:
-  name: arangolocalstorages.storage.arangodb.com
-spec:
-  group: storage.arangodb.com
-  names:
-    kind: ArangoLocalStorage
-    listKind: ArangoLocalStorageList
-    plural: arangolocalstorages
-    shortNames:
-    - arangostorage
-    singular: arangolocalstorage
-  scope: Cluster
-  version: v1alpha
-
-
 ---
-
-## storage/rbac.yaml
-
-
-
-## Cluster role granting access to ArangoLocalStorage resources.
-apiVersion: rbac.authorization.k8s.io/v1beta1
-kind: ClusterRole
-metadata:
-  name: arango-storages
-rules:
-- apiGroups: ["storage.arangodb.com"]
-  resources: ["arangolocalstorages"]
-  verbs: ["*"]
-
----
-
-## Cluster role granting access to all resources needed by the ArangoLocalStorage operator.
-apiVersion: rbac.authorization.k8s.io/v1beta1
-kind: ClusterRole
-metadata:
-  name: arango-storage-operator
-rules:
-- apiGroups: ["storage.arangodb.com"]
-  resources: ["arangolocalstorages"]
-  verbs: ["*"]
-- apiGroups: ["apiextensions.k8s.io"]
-  resources: ["customresourcedefinitions"]
-  verbs: ["get"]
-- apiGroups: [""]
-  resources: ["persistentvolumes", "persistentvolumeclaims", "endpoints", "events", "services"]
-  verbs: ["*"]
-- apiGroups: [""]
-  resources: ["pods"]
-  verbs: ["get", "update"]
-- apiGroups: [""]
-  resources: ["secrets"]
-  verbs: ["get"]
-- apiGroups: [""]
-  resources: ["namespaces", "nodes"]
-  verbs: ["get", "list"]
-- apiGroups: ["apps"]
-  resources: ["daemonsets"]
-  verbs: ["*"]
-- apiGroups: ["apps"]
-  resources: ["deployments", "replicasets"]
-  verbs: ["get"]
-- apiGroups: ["storage.k8s.io"]
-  resources: ["storageclasses"]
-  verbs: ["*"]
-
----
-
-## Bind the cluster role granting access to ArangoLocalStorage resources
-## to the default service account of the configured namespace.
-apiVersion: rbac.authorization.k8s.io/v1beta1
-kind: RoleBinding
-metadata:
-  name: arango-storages
-  namespace: default
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: arango-storages
-subjects:
-- kind: ServiceAccount
-  name: default
-  namespace: default
-
----
-
-## Bind the cluster role granting access to all resources needed by 
-## the ArangoLocalStorage operator to the default service account
-## the is being used to run the operator deployment.
-apiVersion: rbac.authorization.k8s.io/v1beta1
-kind: ClusterRoleBinding
-metadata:
-  name: arango-storage-operator
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: arango-storage-operator
-subjects:
-- kind: ServiceAccount
-  name: arango-storage-operator
-  namespace: kube-system
-
-
-
-
-
----
-
-## storage/deployment.yaml
-
-
-## Service accounts
+# Source: kube-arangodb/templates/service-account.yaml
 apiVersion: v1
 kind: ServiceAccount
 metadata:
-  namespace: kube-system
   name: arango-storage-operator
-
+  namespace: default
+  labels:
+      app.kubernetes.io/name: kube-arangodb
+      helm.sh/chart: kube-arangodb-1.0.0
+      app.kubernetes.io/managed-by: Tiller
+      app.kubernetes.io/instance: storage
+      release: storage
 ---
-
-apiVersion: extensions/v1beta1
-kind: Deployment
+# Source: kube-arangodb/templates/storage-operator/crd.yaml
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
 metadata:
-  name: arango-storage-operator
-  namespace: kube-system
+    name: arangolocalstorages.storage.arangodb.com
+    labels:
+        app.kubernetes.io/name: kube-arangodb
+        helm.sh/chart: kube-arangodb-1.0.0
+        app.kubernetes.io/managed-by: Tiller
+        app.kubernetes.io/instance: storage
+        release: storage
 spec:
-  replicas: 2
-  strategy:
-    type: Recreate
-  template:
-    metadata:
-      labels:
-        name: arango-storage-operator
-        app: arango-storage-operator
-    spec:
-      serviceAccountName: arango-storage-operator
-      containers:
-      - name: operator
-        imagePullPolicy: IfNotPresent
-        image: arangodb/kube-arangodb@sha256:8de8cba7727bf4bf2b9f5ac943418afb4a139cfc51627a57a6e5febdbc8fbcb2
-        args:
-        - --operator.storage
-        env:
-        - name: MY_POD_NAMESPACE
-          valueFrom:
-            fieldRef:
-              fieldPath: metadata.namespace
-        - name: MY_POD_NAME
-          valueFrom:
-            fieldRef:
-              fieldPath: metadata.name
-        - name: MY_POD_IP
-          valueFrom:
-            fieldRef:
-              fieldPath: status.podIP
-        ports:
-        - name: metrics
-          containerPort: 8528
-        livenessProbe:
-          httpGet:
-            path: /health
-            port: 8528
-            scheme: HTTPS
-          initialDelaySeconds: 5
-          periodSeconds: 10
-        readinessProbe:
-          httpGet:
-            path: /ready/storage
-            port: 8528
-            scheme: HTTPS
-          initialDelaySeconds: 5
-          periodSeconds: 10
-      tolerations:
-      - key: "node.kubernetes.io/unreachable"
-        operator: "Exists"
-        effect: "NoExecute"
-        tolerationSeconds: 5
-      - key: "node.kubernetes.io/not-ready"
-        operator: "Exists"
-        effect: "NoExecute"
-        tolerationSeconds: 5
-
-
-
-
+    group: storage.arangodb.com
+    names:
+        kind: ArangoLocalStorage
+        listKind: ArangoLocalStorageList
+        plural: arangolocalstorages
+        shortNames:
+            - arangostorage
+        singular: arangolocalstorage
+    scope: Cluster
+    version: v1alpha
 ---
-
-## storage/service.yaml
-
-
+# Source: kube-arangodb/templates/storage-operator/cluster-role.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+    name: arango-storage-operator-rbac-storage
+    namespace: default
+    labels:
+        app.kubernetes.io/name: kube-arangodb
+        helm.sh/chart: kube-arangodb-1.0.0
+        app.kubernetes.io/managed-by: Tiller
+        app.kubernetes.io/instance: storage
+        release: storage
+rules:
+    - apiGroups: ["apiextensions.k8s.io"]
+      resources: ["customresourcedefinitions"]
+      verbs: ["get"]
+    - apiGroups: [""]
+      resources: ["namespaces", "nodes"]
+      verbs: ["get", "list"]
+    - apiGroups: ["storage.k8s.io"]
+      resources: ["storageclasses"]
+      verbs: ["*"]
+    - apiGroups: ["storage.arangodb.com"]
+      resources: ["arangolocalstorages"]
+      verbs: ["*"]
+---
+# Source: kube-arangodb/templates/storage-operator/cluster-role-binding.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+    name: arango-storage-operator-rbac-storage
+    namespace: default
+    labels:
+        app.kubernetes.io/name: kube-arangodb
+        helm.sh/chart: kube-arangodb-1.0.0
+        app.kubernetes.io/managed-by: Tiller
+        app.kubernetes.io/instance: storage
+        release: storage
+roleRef:
+    apiGroup: rbac.authorization.k8s.io
+    kind: ClusterRole
+    name: arango-storage-operator-rbac-storage
+subjects:
+    - kind: ServiceAccount
+      name: arango-storage-operator
+      namespace: default
+---
+# Source: kube-arangodb/templates/storage-operator/role.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+    name: arango-storage-operator-rbac-storage
+    namespace: default
+    labels:
+        app.kubernetes.io/name: kube-arangodb
+        helm.sh/chart: kube-arangodb-1.0.0
+        app.kubernetes.io/managed-by: Tiller
+        app.kubernetes.io/instance: storage
+        release: storage
+rules:
+    - apiGroups: [""]
+      resources: ["persistentvolumes", "persistentvolumeclaims", "endpoints", "events", "services"]
+      verbs: ["*"]
+    - apiGroups: [""]
+      resources: ["pods"]
+      verbs: ["get", "update"]
+    - apiGroups: [""]
+      resources: ["secrets"]
+      verbs: ["get"]
+    - apiGroups: ["apps"]
+      resources: ["daemonsets"]
+      verbs: ["*"]
+    - apiGroups: ["apps"]
+      resources: ["deployments", "replicasets"]
+      verbs: ["get"]
+---
+# Source: kube-arangodb/templates/storage-operator/role-binding.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+    name: arango-storage-operator-rbac-storage
+    namespace: default
+    labels:
+        app.kubernetes.io/name: kube-arangodb
+        helm.sh/chart: kube-arangodb-1.0.0
+        app.kubernetes.io/managed-by: Tiller
+        app.kubernetes.io/instance: storage
+        release: storage
+roleRef:
+    apiGroup: rbac.authorization.k8s.io
+    kind: Role
+    name: arango-storage-operator-rbac-storage
+subjects:
+    - kind: ServiceAccount
+      name: arango-storage-operator
+      namespace: default
+---
+# Source: kube-arangodb/templates/service.yaml
 apiVersion: v1
 kind: Service
 metadata:
   name: arango-storage-operator
-  namespace: kube-system
+  namespace: default
   labels:
-    name: arango-storage-operator
-    app: arango-storage-operator
+    app.kubernetes.io/name: kube-arangodb
+    helm.sh/chart: kube-arangodb-1.0.0
+    app.kubernetes.io/managed-by: Tiller
+    app.kubernetes.io/instance: storage
+    release: storage
 spec:
   ports:
-  - name: server
-    port: 8528
-    protocol: TCP
-    targetPort: 8528
+    - name: server
+      port: 8528
+      protocol: TCP
+      targetPort: 8528
   selector:
-    name: arango-storage-operator
-    app: arango-storage-operator
+    app.kubernetes.io/name: kube-arangodb
+    app.kubernetes.io/managed-by: Tiller
+    app.kubernetes.io/instance: storage
+    release: storage
     role: leader
   type: ClusterIP
+---
+# Source: kube-arangodb/templates/deployment.yaml
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+    name: arango-storage-operator
+    namespace: default
+    labels:
+        app.kubernetes.io/name: kube-arangodb
+        helm.sh/chart: kube-arangodb-1.0.0
+        app.kubernetes.io/managed-by: Tiller
+        app.kubernetes.io/instance: storage
+        release: storage
+spec:
+    replicas: 2
+    strategy:
+        type: Recreate
+        
+    selector:
+        matchLabels:
+            app.kubernetes.io/name: kube-arangodb
+            app.kubernetes.io/managed-by: Tiller
+            app.kubernetes.io/instance: storage
+            release: storage
+    template:
+        metadata:
+            labels:
+                app.kubernetes.io/name: kube-arangodb
+                helm.sh/chart: kube-arangodb-1.0.0
+                app.kubernetes.io/managed-by: Tiller
+                app.kubernetes.io/instance: storage
+                release: storage
+        spec:
+            serviceAccountName: arango-storage-operator
+            affinity:
+              nodeAffinity:
+                requiredDuringSchedulingIgnoredDuringExecution:
+                  nodeSelectorTerms:
+                    - matchExpressions:
+                        - key: beta.kubernetes.io/arch
+                          operator: In
+                          values:
+                            - amd64
+            containers:
+                - name: operator
+                  imagePullPolicy: Always
+                  image: arangodb/kube-arangodb@sha256:8de8cba7727bf4bf2b9f5ac943418afb4a139cfc51627a57a6e5febdbc8fbcb2
+                  args:
+                    - --operator.storage
+                    - --chaos.allowed=false
+                  env:
+                      - name: MY_POD_NAMESPACE
+                        valueFrom:
+                            fieldRef:
+                                fieldPath: metadata.namespace
+                      - name: MY_POD_NAME
+                        valueFrom:
+                            fieldRef:
+                                fieldPath: metadata.name
+                      - name: MY_POD_IP
+                        valueFrom:
+                            fieldRef:
+                                fieldPath: status.podIP
+                  ports:
+                      - name: metrics
+                        containerPort: 8528
+                  securityContext:
+                    capabilities:
+                      drop:
+                        - 'ALL'
+                  resources:
+                      limits:
+                        cpu: 1
+                        memory: 256Mi
+                      requests:
+                        cpu: 250m
+                        memory: 256Mi
+                      
+                  livenessProbe:
+                      httpGet:
+                          path: /health
+                          port: 8528
+                          scheme: HTTPS
+                      initialDelaySeconds: 5
+                      periodSeconds: 10
+                  readinessProbe:
+                      httpGet:
+                          path: /ready
+                          port: 8528
+                          scheme: HTTPS
+                      initialDelaySeconds: 5
+                      periodSeconds: 10
+            tolerations:
+                - key: "node.kubernetes.io/unreachable"
+                  operator: "Exists"
+                  effect: "NoExecute"
+                  tolerationSeconds: 5
+                - key: "node.kubernetes.io/not-ready"
+                  operator: "Exists"
+                  effect: "NoExecute"
+                  tolerationSeconds: 5
 
+---
+# Source: kube-arangodb/templates/deployment-operator/cluster-role-binding.yaml
 
+---
+# Source: kube-arangodb/templates/deployment-operator/cluster-role.yaml
+
+---
+# Source: kube-arangodb/templates/deployment-operator/role-binding.yaml
+
+---
+# Source: kube-arangodb/templates/deployment-operator/role.yaml
+
+---
+# Source: kube-arangodb/templates/deployment-replications-operator/cluster-role-binding.yaml
+
+---
+# Source: kube-arangodb/templates/deployment-replications-operator/cluster-role.yaml
+
+---
+# Source: kube-arangodb/templates/deployment-replications-operator/role-binding.yaml
+
+---
+# Source: kube-arangodb/templates/deployment-replications-operator/role.yaml
 

manifests/arango-test.yaml

@@ -1,42 +1,34 @@
-## test/rbac.yaml
-
-
-## Cluster role granting access to resources needed by the integration tests.
-apiVersion: rbac.authorization.k8s.io/v1beta1
-kind: ClusterRole
-metadata:
-  name: arango-operator-test
-rules:
-- apiGroups: [""]
-  resources: ["nodes"]
-  verbs: ["list"]
-- apiGroups: [""]
-  resources: ["pods", "services", "persistentvolumes", "persistentvolumeclaims", "secrets", "serviceaccounts", "pods/log"]
-  verbs: ["*"]
-- apiGroups: ["apps"]
-  resources: ["daemonsets", "deployments"]
-  verbs: ["*"]
-- apiGroups: ["scheduling.k8s.io"]
-  resources: ["priorityclasses"]
-  verbs: ["*"]
-
 ---
-
-## Bind the cluster role granting access to ArangoLocalStorage resources
-## to the default service account of the configured namespace.
-apiVersion: rbac.authorization.k8s.io/v1beta1
+# Source: kube-arangodb-test/templates/service-account.yaml
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+    name: arangodb-test
+    namespace: default
+    labels:
+        app.kubernetes.io/name: kube-arangodb-test
+        helm.sh/chart: kube-arangodb-test-1.0.0
+        app.kubernetes.io/managed-by: Tiller
+        app.kubernetes.io/instance: arangodb-test
+        release: arangodb-test
+---
+# Source: kube-arangodb-test/templates/cluster-role-binding.yaml
+apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
-  name: arango-operator-test
-  namespace: default
+    name: kube-arangodb-test-arangodb-test
+    namespace: default
+    labels:
+        app.kubernetes.io/name: kube-arangodb-test
+        helm.sh/chart: kube-arangodb-test-1.0.0
+        app.kubernetes.io/managed-by: Tiller
+        app.kubernetes.io/instance: arangodb-test
+        release: arangodb-test
 roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: arango-operator-test
+    apiGroup: rbac.authorization.k8s.io
+    kind: ClusterRole
+    name: cluster-admin
 subjects:
-- kind: ServiceAccount
-  name: default
-  namespace: default
-
-
-
+    - kind: ServiceAccount
+      name: arangodb-test
+      namespace: default

manifests/templates/crd/deployment-replication.yaml

@@ -1,15 +0,0 @@
-apiVersion: apiextensions.k8s.io/v1beta1
-kind: CustomResourceDefinition
-metadata:
-  name: arangodeploymentreplications.replication.database.arangodb.com
-spec:
-  group: replication.database.arangodb.com
-  names:
-    kind: ArangoDeploymentReplication
-    listKind: ArangoDeploymentReplicationList
-    plural: arangodeploymentreplications
-    shortNames:
-    - arangorepl
-    singular: arangodeploymentreplication
-  scope: Namespaced
-  version: v1alpha

manifests/templates/crd/deployment.yaml

@@ -1,16 +0,0 @@
-apiVersion: apiextensions.k8s.io/v1beta1
-kind: CustomResourceDefinition
-metadata:
-  name: arangodeployments.database.arangodb.com
-spec:
-  group: database.arangodb.com
-  names:
-    kind: ArangoDeployment
-    listKind: ArangoDeploymentList
-    plural: arangodeployments
-    shortNames:
-    - arangodb
-    - arango
-    singular: arangodeployment
-  scope: Namespaced
-  version: v1alpha

manifests/templates/deployment-replication/deployment-replication.yaml

@@ -1,65 +0,0 @@
-{{ .DeploymentReplication.FilterStart }}
-
-apiVersion: extensions/v1beta1
-kind: Deployment
-metadata:
-  name: {{ .DeploymentReplication.OperatorDeploymentName }}
-  namespace: {{ .DeploymentReplication.Operator.Namespace }}
-spec:
-  replicas: 2
-  strategy:
-    type: Recreate
-  template:
-    metadata:
-      labels:
-        name: {{ .DeploymentReplication.OperatorDeploymentName }}
-        app: arango-deployment-replication-operator
-    spec:
-      serviceAccountName: {{ .DeploymentReplication.Operator.ServiceAccountName }}
-      containers:
-      - name: operator
-        imagePullPolicy: {{ .ImagePullPolicy }}
-        image: {{ .Image }}
-        args:
-          - --operator.deployment-replication
-        env:
-        - name: MY_POD_NAMESPACE
-          valueFrom:
-            fieldRef:
-              fieldPath: metadata.namespace
-        - name: MY_POD_NAME
-          valueFrom:
-            fieldRef:
-              fieldPath: metadata.name
-        - name: MY_POD_IP
-          valueFrom:
-            fieldRef:
-              fieldPath: status.podIP
-        ports:
-        - name: metrics
-          containerPort: 8528
-        livenessProbe:
-          httpGet:
-            path: /health
-            port: 8528
-            scheme: HTTPS
-          initialDelaySeconds: 5
-          periodSeconds: 10
-        readinessProbe:
-          httpGet:
-            path: /ready/deployment-replication
-            port: 8528
-            scheme: HTTPS
-          initialDelaySeconds: 5
-          periodSeconds: 10
-      tolerations:
-      - key: "node.kubernetes.io/unreachable"
-        operator: "Exists"
-        effect: "NoExecute"
-        tolerationSeconds: 5
-      - key: "node.kubernetes.io/not-ready"
-        operator: "Exists"
-        effect: "NoExecute"
-        tolerationSeconds: 5
-
-{{ .DeploymentReplication.FilterEnd }}

manifests/templates/deployment-replication/rbac.yaml

@@ -1,78 +0,0 @@
-{{ .DeploymentReplication.FilterStart }}
-{{ .RBACFilterStart }}
-
-## Cluster role granting access to ArangoDeploymentReplication resources.
-apiVersion: rbac.authorization.k8s.io/v1beta1
-kind: ClusterRole
-metadata:
-  name: {{ .DeploymentReplication.User.RoleName }}
-rules:
-- apiGroups: ["replication.database.arangodb.com"]
-  resources: ["arangodeploymentreplications"]
-  verbs: ["*"]
-
----
-
-## Cluster role granting access to all resources needed by the ArangoDeploymentReplication operator.
-apiVersion: rbac.authorization.k8s.io/v1beta1
-kind: ClusterRole
-metadata:
-  name: {{ .DeploymentReplication.Operator.RoleName }}
-rules:
-- apiGroups: ["replication.database.arangodb.com"]
-  resources: ["arangodeploymentreplications"]
-  verbs: ["*"]
-- apiGroups: ["database.arangodb.com"]
-  resources: ["arangodeployments"]
-  verbs: ["get"]
-- apiGroups: ["apiextensions.k8s.io"]
-  resources: ["customresourcedefinitions"]
-  verbs: ["get"]
-- apiGroups: [""]
-  resources: ["pods", "services", "endpoints", "persistentvolumeclaims", "events", "secrets"]
-  verbs: ["*"]
-- apiGroups: [""]
-  resources: ["namespaces", "nodes"]
-  verbs: ["get", "list"]
-- apiGroups: ["apps"]
-  resources: ["deployments", "replicasets"]
-  verbs: ["get"]
-
----
-
-## Bind the cluster role granting access to ArangoDeploymentReplication resources
-## to the default service account of the configured namespace.
-apiVersion: rbac.authorization.k8s.io/v1beta1
-kind: RoleBinding
-metadata:
-  name: {{ .DeploymentReplication.User.RoleBindingName }}
-  namespace: {{ .DeploymentReplication.User.Namespace }}
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: {{ .DeploymentReplication.User.RoleName }}
-subjects:
-- kind: ServiceAccount
-  name: {{ .DeploymentReplication.User.ServiceAccountName }}
-  namespace: {{ .DeploymentReplication.User.Namespace }}
-
----
-
-## Bind the cluster role granting access to all resources needed by 
-## the ArangoDeploymentReplication operator to the default service account
-## the is being used to run the operator deployment.
-apiVersion: rbac.authorization.k8s.io/v1beta1
-kind: ClusterRoleBinding
-metadata:
-  name: {{ .DeploymentReplication.Operator.RoleBindingName }}-{{ .DeploymentReplication.Operator.Namespace }}
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: {{ .DeploymentReplication.Operator.RoleName }}
-subjects:
-- kind: ServiceAccount
-  name: {{ .DeploymentReplication.Operator.ServiceAccountName }}
-  namespace: {{ .DeploymentReplication.Operator.Namespace }}
-
-{{ .RBACFilterEnd }}
-{{ .DeploymentReplication.FilterEnd }}

manifests/templates/deployment-replication/service.yaml

@@ -1,23 +0,0 @@
-{{ .DeploymentReplication.FilterStart }}
-
-apiVersion: v1
-kind: Service
-metadata:
-  name: {{ .DeploymentReplication.OperatorDeploymentName }}
-  namespace: {{ .DeploymentReplication.Operator.Namespace }}
-  labels:
-    name: {{ .DeploymentReplication.OperatorDeploymentName }}
-    app: arango-deployment-replication-operator
-spec:
-  ports:
-  - name: server
-    port: 8528
-    protocol: TCP
-    targetPort: 8528
-  selector:
-    name: {{ .DeploymentReplication.OperatorDeploymentName }}
-    app: arango-deployment-replication-operator
-    role: leader
-  type: {{ .DeploymentReplication.Operator.ServiceType }}
-
-{{ .DeploymentReplication.FilterEnd }}

manifests/templates/deployment/deployment.yaml

@@ -1,66 +0,0 @@
-{{ .Deployment.FilterStart }}
-
-apiVersion: extensions/v1beta1
-kind: Deployment
-metadata:
-  name: {{ .Deployment.OperatorDeploymentName }}
-  namespace: {{ .Deployment.Operator.Namespace }}
-spec:
-  replicas: 2
-  strategy:
-    type: Recreate
-  template:
-    metadata:
-      labels:
-        name: {{ .Deployment.OperatorDeploymentName }}
-        app: arango-deployment-operator
-    spec:
-      serviceAccountName: {{ .Deployment.Operator.ServiceAccountName }}
-      containers:
-      - name: operator
-        imagePullPolicy: {{ .ImagePullPolicy }}
-        image: {{ .Image }}
-        args:
-          - --operator.deployment
-          - --chaos.allowed={{ .Deployment.AllowChaos }}
-        env:
-        - name: MY_POD_NAMESPACE
-          valueFrom:
-            fieldRef:
-              fieldPath: metadata.namespace
-        - name: MY_POD_NAME
-          valueFrom:
-            fieldRef:
-              fieldPath: metadata.name
-        - name: MY_POD_IP
-          valueFrom:
-            fieldRef:
-              fieldPath: status.podIP
-        ports:
-        - name: metrics
-          containerPort: 8528
-        livenessProbe:
-          httpGet:
-            path: /health
-            port: 8528
-            scheme: HTTPS
-          initialDelaySeconds: 5
-          periodSeconds: 10
-        readinessProbe:
-          httpGet:
-            path: /ready/deployment
-            port: 8528
-            scheme: HTTPS
-          initialDelaySeconds: 5
-          periodSeconds: 10
-      tolerations:
-      - key: "node.kubernetes.io/unreachable"
-        operator: "Exists"
-        effect: "NoExecute"
-        tolerationSeconds: 5
-      - key: "node.kubernetes.io/not-ready"
-        operator: "Exists"
-        effect: "NoExecute"
-        tolerationSeconds: 5
-
-{{ .Deployment.FilterEnd }}

manifests/templates/deployment/rbac.yaml

@@ -1,85 +0,0 @@
-{{ .Deployment.FilterStart }}
-{{ .RBACFilterStart }}
-
-## Cluster role granting access to ArangoDeployment resources.
-apiVersion: rbac.authorization.k8s.io/v1beta1
-kind: ClusterRole
-metadata:
-  name: {{ .Deployment.User.RoleName }}
-rules:
-- apiGroups: ["database.arangodb.com"]
-  resources: ["arangodeployments"]
-  verbs: ["*"]
-
----
-
-## Cluster role granting access to all resources needed by the ArangoDeployment operator.
-apiVersion: rbac.authorization.k8s.io/v1beta1
-kind: ClusterRole
-metadata:
-  name: {{ .Deployment.Operator.RoleName }}
-rules:
-- apiGroups: ["database.arangodb.com"]
-  resources: ["arangodeployments"]
-  verbs: ["*"]
-- apiGroups: ["apiextensions.k8s.io"]
-  resources: ["customresourcedefinitions"]
-  verbs: ["get", "list", "watch"]
-- apiGroups: [""]
-  resources: ["pods", "services", "endpoints", "persistentvolumeclaims", "events", "secrets"]
-  verbs: ["*"]
-- apiGroups: [""]
-  resources: ["namespaces", "nodes"]
-  verbs: ["get", "list"]
-- apiGroups: ["apps"]
-  resources: ["deployments", "replicasets"]
-  verbs: ["get"]
-- apiGroups: ["policy"]
-  resources: ["poddisruptionbudgets"]
-  verbs: ["get", "create", "delete"]
-- apiGroups: ["storage.k8s.io"]
-  resources: ["storageclasses"]
-  verbs: ["get", "list"]
-- apiGroups: ["monitoring.coreos.com"]
-  resources: ["servicemonitors"]
-  verbs: ["get", "create", "delete"]
-  
-
----
-
-## Bind the cluster role granting access to ArangoDeployment resources
-## to the default service account of the configured namespace.
-apiVersion: rbac.authorization.k8s.io/v1beta1
-kind: RoleBinding
-metadata:
-  name: {{ .Deployment.User.RoleBindingName }}
-  namespace: {{ .Deployment.User.Namespace }}
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: {{ .Deployment.User.RoleName }}
-subjects:
-- kind: ServiceAccount
-  name: {{ .Deployment.User.ServiceAccountName }}
-  namespace: {{ .Deployment.User.Namespace }}
-
----
-
-## Bind the cluster role granting access to all resources needed by 
-## the ArangoDeployment operator to the default service account
-## the is being used to run the operator deployment.
-apiVersion: rbac.authorization.k8s.io/v1beta1
-kind: ClusterRoleBinding
-metadata:
-  name: {{ .Deployment.Operator.RoleBindingName }}-{{ .Deployment.Operator.Namespace }}
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: {{ .Deployment.Operator.RoleName }}
-subjects:
-- kind: ServiceAccount
-  name: {{ .Deployment.Operator.ServiceAccountName }}
-  namespace: {{ .Deployment.Operator.Namespace }}
-
-{{ .RBACFilterEnd }}
-{{ .Deployment.FilterEnd }}

manifests/templates/deployment/service.yaml

@@ -1,23 +0,0 @@
-{{ .Deployment.FilterStart }}
-
-apiVersion: v1
-kind: Service
-metadata:
-  name: {{ .Deployment.OperatorDeploymentName }}
-  namespace: {{ .Deployment.Operator.Namespace }}
-  labels:
-    name: {{ .Deployment.OperatorDeploymentName }}
-    app: arango-deployment-operator
-spec:
-  ports:
-  - name: server
-    port: 8528
-    protocol: TCP
-    targetPort: 8528
-  selector:
-    name: {{ .Deployment.OperatorDeploymentName }}
-    app: arango-deployment-operator
-    role: leader
-  type: {{ .Deployment.Operator.ServiceType }}
-
-{{ .Deployment.FilterEnd }}

manifests/templates/storage/crd.yaml

@@ -1,15 +0,0 @@
-apiVersion: apiextensions.k8s.io/v1beta1
-kind: CustomResourceDefinition
-metadata:
-  name: arangolocalstorages.storage.arangodb.com
-spec:
-  group: storage.arangodb.com
-  names:
-    kind: ArangoLocalStorage
-    listKind: ArangoLocalStorageList
-    plural: arangolocalstorages
-    shortNames:
-    - arangostorage
-    singular: arangolocalstorage
-  scope: Cluster
-  version: v1alpha

manifests/templates/storage/deployment.yaml

@@ -1,74 +0,0 @@
-{{ .Storage.FilterStart }}
-
-## Service accounts
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  namespace: {{ .Storage.Operator.Namespace }}
-  name: {{ .Storage.Operator.ServiceAccountName }}
-
----
-
-apiVersion: extensions/v1beta1
-kind: Deployment
-metadata:
-  name: {{ .Storage.OperatorDeploymentName }}
-  namespace: {{ .Storage.Operator.Namespace }}
-spec:
-  replicas: 2
-  strategy:
-    type: Recreate
-  template:
-    metadata:
-      labels:
-        name: {{ .Storage.OperatorDeploymentName }}
-        app: arango-storage-operator
-    spec:
-      serviceAccountName: {{ .Storage.Operator.ServiceAccountName }}
-      containers:
-      - name: operator
-        imagePullPolicy: {{ .ImagePullPolicy }}
-        image: {{ .Image }}
-        args:
-        - --operator.storage
-        env:
-        - name: MY_POD_NAMESPACE
-          valueFrom:
-            fieldRef:
-              fieldPath: metadata.namespace
-        - name: MY_POD_NAME
-          valueFrom:
-            fieldRef:
-              fieldPath: metadata.name
-        - name: MY_POD_IP
-          valueFrom:
-            fieldRef:
-              fieldPath: status.podIP
-        ports:
-        - name: metrics
-          containerPort: 8528
-        livenessProbe:
-          httpGet:
-            path: /health
-            port: 8528
-            scheme: HTTPS
-          initialDelaySeconds: 5
-          periodSeconds: 10
-        readinessProbe:
-          httpGet:
-            path: /ready/storage
-            port: 8528
-            scheme: HTTPS
-          initialDelaySeconds: 5
-          periodSeconds: 10
-      tolerations:
-      - key: "node.kubernetes.io/unreachable"
-        operator: "Exists"
-        effect: "NoExecute"
-        tolerationSeconds: 5
-      - key: "node.kubernetes.io/not-ready"
-        operator: "Exists"
-        effect: "NoExecute"
-        tolerationSeconds: 5
-
-{{ .Storage.FilterEnd }}

manifests/templates/storage/rbac.yaml

@@ -1,87 +0,0 @@
-{{ .Storage.FilterStart }}
-{{ .RBACFilterStart }}
-
-## Cluster role granting access to ArangoLocalStorage resources.
-apiVersion: rbac.authorization.k8s.io/v1beta1
-kind: ClusterRole
-metadata:
-  name: {{ .Storage.User.RoleName }}
-rules:
-- apiGroups: ["storage.arangodb.com"]
-  resources: ["arangolocalstorages"]
-  verbs: ["*"]
-
----
-
-## Cluster role granting access to all resources needed by the ArangoLocalStorage operator.
-apiVersion: rbac.authorization.k8s.io/v1beta1
-kind: ClusterRole
-metadata:
-  name: {{ .Storage.Operator.RoleName }}
-rules:
-- apiGroups: ["storage.arangodb.com"]
-  resources: ["arangolocalstorages"]
-  verbs: ["*"]
-- apiGroups: ["apiextensions.k8s.io"]
-  resources: ["customresourcedefinitions"]
-  verbs: ["get"]
-- apiGroups: [""]
-  resources: ["persistentvolumes", "persistentvolumeclaims", "endpoints", "events", "services"]
-  verbs: ["*"]
-- apiGroups: [""]
-  resources: ["pods"]
-  verbs: ["get", "update"]
-- apiGroups: [""]
-  resources: ["secrets"]
-  verbs: ["get"]
-- apiGroups: [""]
-  resources: ["namespaces", "nodes"]
-  verbs: ["get", "list"]
-- apiGroups: ["apps"]
-  resources: ["daemonsets"]
-  verbs: ["*"]
-- apiGroups: ["apps"]
-  resources: ["deployments", "replicasets"]
-  verbs: ["get"]
-- apiGroups: ["storage.k8s.io"]
-  resources: ["storageclasses"]
-  verbs: ["*"]
-
----
-
-## Bind the cluster role granting access to ArangoLocalStorage resources
-## to the default service account of the configured namespace.
-apiVersion: rbac.authorization.k8s.io/v1beta1
-kind: RoleBinding
-metadata:
-  name: {{ .Storage.User.RoleBindingName }}
-  namespace: {{ .Storage.User.Namespace }}
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: {{ .Storage.User.RoleName }}
-subjects:
-- kind: ServiceAccount
-  name: {{ .Storage.User.ServiceAccountName }}
-  namespace: {{ .Storage.User.Namespace }}
-
----
-
-## Bind the cluster role granting access to all resources needed by 
-## the ArangoLocalStorage operator to the default service account
-## the is being used to run the operator deployment.
-apiVersion: rbac.authorization.k8s.io/v1beta1
-kind: ClusterRoleBinding
-metadata:
-  name: {{ .Storage.Operator.RoleBindingName }}
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: {{ .Storage.Operator.RoleName }}
-subjects:
-- kind: ServiceAccount
-  name: {{ .Storage.Operator.ServiceAccountName }}
-  namespace: {{ .Storage.Operator.Namespace }}
-
-{{ .RBACFilterEnd }}
-{{ .Storage.FilterEnd }}

manifests/templates/storage/service.yaml

@@ -1,23 +0,0 @@
-{{ .Storage.FilterStart }}
-
-apiVersion: v1
-kind: Service
-metadata:
-  name: {{ .Storage.OperatorDeploymentName }}
-  namespace: {{ .Storage.Operator.Namespace }}
-  labels:
-    name: {{ .Storage.OperatorDeploymentName }}
-    app: arango-storage-operator
-spec:
-  ports:
-  - name: server
-    port: 8528
-    protocol: TCP
-    targetPort: 8528
-  selector:
-    name: {{ .Storage.OperatorDeploymentName }}
-    app: arango-storage-operator
-    role: leader
-  type: {{ .Storage.Operator.ServiceType }}
-
-{{ .Storage.FilterEnd }}

manifests/templates/test/rbac.yaml

@@ -1,40 +0,0 @@
-{{ .RBACFilterStart }}
-
-## Cluster role granting access to resources needed by the integration tests.
-apiVersion: rbac.authorization.k8s.io/v1beta1
-kind: ClusterRole
-metadata:
-  name: {{ .Test.RoleName }}
-rules:
-- apiGroups: [""]
-  resources: ["nodes"]
-  verbs: ["list"]
-- apiGroups: [""]
-  resources: ["pods", "services", "persistentvolumes", "persistentvolumeclaims", "secrets", "serviceaccounts", "pods/log"]
-  verbs: ["*"]
-- apiGroups: ["apps"]
-  resources: ["daemonsets", "deployments"]
-  verbs: ["*"]
-- apiGroups: ["scheduling.k8s.io"]
-  resources: ["priorityclasses"]
-  verbs: ["*"]
-
----
-
-## Bind the cluster role granting access to ArangoLocalStorage resources
-## to the default service account of the configured namespace.
-apiVersion: rbac.authorization.k8s.io/v1beta1
-kind: ClusterRoleBinding
-metadata:
-  name: {{ .Test.RoleBindingName }}
-  namespace: {{ .Test.Namespace }}
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: {{ .Test.RoleName }}
-subjects:
-- kind: ServiceAccount
-  name: {{ .Test.ServiceAccountName }}
-  namespace: {{ .Test.Namespace }}
-
-{{ .RBACFilterEnd }}

pkg/server/handlers.go

@@ -57,9 +57,9 @@ func (s *Server) handleGetOperators(c *gin.Context) {
 	result := operatorsResponse{
 		PodName:               s.cfg.PodName,
 		Namespace:             s.cfg.Namespace,
-		Deployment:            s.deps.DeploymentProbe.IsReady(),
-		DeploymentReplication: s.deps.DeploymentReplicationProbe.IsReady(),
-		Storage:               s.deps.StorageProbe.IsReady(),
+		Deployment:            s.deps.Deployment.Probe.IsReady(),
+		DeploymentReplication: s.deps.DeploymentReplication.Probe.IsReady(),
+		Storage:               s.deps.Storage.Probe.IsReady(),
 		Other:                 s.deps.Operators.FindOtherOperators(),
 	}
 	s.deps.Log.Info().Interface("result", result).Msg("handleGetOperators")

pkg/server/server.go

@@ -29,14 +29,14 @@ import (
 	"strings"
 	"time"
 
-	certificates "github.com/arangodb-helper/go-certificates"
+	"github.com/arangodb-helper/go-certificates"
 	"github.com/gin-gonic/gin"
-	assets "github.com/jessevdk/go-assets"
+	"github.com/jessevdk/go-assets"
 	prometheus "github.com/prometheus/client_golang/prometheus/promhttp"
 	"github.com/rs/zerolog"
+	"k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	corev1 "k8s.io/client-go/kubernetes/typed/core/v1"
-	"k8s.io/api/core/v1"
 
 	"github.com/arangodb/kube-arangodb/dashboard"
 	"github.com/arangodb/kube-arangodb/pkg/util/probe"
@@ -54,15 +54,20 @@ type Config struct {
 	AllowAnonymous     bool   // If set, anonymous access to dashboard is allowed
 }
 
+type OperatorDependency struct {
+	Enabled bool
+	Probe *probe.ReadyProbe
+}
+
 // Dependencies of the Server
 type Dependencies struct {
-	Log                        zerolog.Logger
-	LivenessProbe              *probe.LivenessProbe
-	DeploymentProbe            *probe.ReadyProbe
-	DeploymentReplicationProbe *probe.ReadyProbe
-	StorageProbe               *probe.ReadyProbe
-	Operators                  Operators
-	Secrets                    corev1.SecretInterface
+	Log                   zerolog.Logger
+	LivenessProbe         *probe.LivenessProbe
+	Deployment            OperatorDependency
+	DeploymentReplication OperatorDependency
+	Storage               OperatorDependency
+	Operators             Operators
+	Secrets               corev1.SecretInterface
 }
 
 // Operators is the API provided to the server for accessing the various operators.
@@ -148,9 +153,21 @@ func NewServer(cli corev1.CoreV1Interface, cfg Config, deps Dependencies) (*Serv
 	r := gin.New()
 	r.Use(gin.Recovery())
 	r.GET("/health", gin.WrapF(deps.LivenessProbe.LivenessHandler))
-	r.GET("/ready/deployment", gin.WrapF(deps.DeploymentProbe.ReadyHandler))
-	r.GET("/ready/deployment-replication", gin.WrapF(deps.DeploymentReplicationProbe.ReadyHandler))
-	r.GET("/ready/storage", gin.WrapF(deps.StorageProbe.ReadyHandler))
+
+	var readyProbes []*probe.ReadyProbe
+	if deps.Deployment.Enabled {
+		r.GET("/ready/deployment", gin.WrapF(deps.Deployment.Probe.ReadyHandler))
+		readyProbes = append(readyProbes, deps.Deployment.Probe)
+	}
+	if deps.DeploymentReplication.Enabled {
+		r.GET("/ready/deployment-replication", gin.WrapF(deps.DeploymentReplication.Probe.ReadyHandler))
+		readyProbes = append(readyProbes, deps.DeploymentReplication.Probe)
+	}
+	if deps.Storage.Enabled {
+		r.GET("/ready/storage", gin.WrapF(deps.Storage.Probe.ReadyHandler))
+		readyProbes = append(readyProbes, deps.Storage.Probe)
+	}
+	r.GET("/ready", gin.WrapF(ready(readyProbes...)))
 	r.GET("/metrics", gin.WrapH(prometheus.Handler()))
 	r.POST("/login", s.auth.handleLogin)
 	api := r.Group("/api", s.auth.checkAuthentication)
@@ -209,3 +226,16 @@ func createTLSConfig(cert, key string) (*tls.Config, error) {
 	}
 	return result, nil
 }
+
+func ready(probes ... *probe.ReadyProbe) func(w http.ResponseWriter, r *http.Request) {
+	return func(w http.ResponseWriter, r *http.Request) {
+		for _, probe := range probes  {
+			if !probe.IsReady() {
+				w.WriteHeader(http.StatusInternalServerError)
+				return
+			}
+		}
+
+		w.WriteHeader(http.StatusOK)
+	}
+}

scripts/kube_run_sync_tests.sh

@@ -22,4 +22,5 @@ kubectl --namespace ${DEPLOYMENTNAMESPACE} \
     --arango-sync-test-image=${ARANOSYNCTESTIMAGEID} \
     --license-key-secret-name=arangodb-jenkins-license-key \
     --namespace=${DEPLOYMENTNAMESPACE} \
+    --serviceaccount=arangodb-test \
     --test-args="${TESTARGS}"

scripts/kube_run_tests.sh

@@ -20,5 +20,6 @@ kubectl --namespace ${DEPLOYMENTNAMESPACE} \
     --env="TEST_NAMESPACE=${DEPLOYMENTNAMESPACE}" \
     --env="CLEANDEPLOYMENTS=${CLEANDEPLOYMENTS}" \
     --env="TESTDISABLEIPV6=${TESTDISABLEIPV6}" \
+    --serviceaccount=arangodb-test \
     -- \
     -test.v -test.timeout $TESTTIMEOUT $TESTLENGTHOPTIONS $TESTOPTIONS