diff --git a/.circleci/continue_config.yml b/.circleci/continue_config.yml index 5a128e2de..ec51f73e0 100644 --- a/.circleci/continue_config.yml +++ b/.circleci/continue_config.yml @@ -84,7 +84,7 @@ jobs: echo "This is not a pull request. Skipping..." exit 0 fi - make tidy update-generated synchronize-v2alpha1-with-v1 generate-internal fmt yamlfmt + make tidy update-generated synchronize-v2alpha1-with-v1 generate-internal sync fmt yamlfmt git checkout -- go.sum # ignore changes in go.sum if [ ! -z "$(git status --porcelain)" ]; then echo "There are uncommited changes!" diff --git a/CHANGELOG.md b/CHANGELOG.md index a2d2e6d01..de46aec0f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,7 @@ - (Feature) Expose HTTP Client Config - (Bugfix) MarkedToRemove Condition Check - (Bugfix) Fix HTTP Client NPE +- (Documentation) Update Supported K8S Versions and Charts ## [1.2.41](https://github.com/arangodb/kube-arangodb/tree/1.2.41) (2024-05-24) - (Maintenance) Bump Prometheus API Version diff --git a/Makefile b/Makefile index 842f62956..bf6f3cf4e 100644 --- a/Makefile +++ b/Makefile @@ -270,7 +270,9 @@ SOURCES := $(shell $(SOURCES_QUERY)) NON_EE_SOURCES_QUERY := $(SOURCES_QUERY) ! -name '*.enterprise.go' NON_EE_SOURCES := $(shell $(NON_EE_SOURCES_QUERY)) -YAML_EXCLUDE_DIRS := vendor .gobuild deps tools pkg/generated/clientset pkg/generated/informers pkg/generated/listers chart/kube-arangodb/templates chart/kube-arangodb-crd/templates chart/arangodb-ingress-proxy/templates +YAML_EXCLUDE_DIRS := vendor .gobuild deps tools pkg/generated/clientset pkg/generated/informers pkg/generated/listers \ + chart/kube-arangodb/templates chart/kube-arangodb-arm64/templates chart/kube-arangodb-enterprise/templates chart/kube-arangodb-enterprise-arm64/templates \ + chart/kube-arangodb-crd/templates chart/arangodb-ingress-proxy/templates YAML_EXCLUDE_FILES := YAML_QUERY := find ./ -type f -name '*.yaml' $(foreach EXCLUDE_DIR,$(YAML_EXCLUDE_DIRS), ! -path "*/$(EXCLUDE_DIR)/*") $(foreach EXCLUDE_FILE,$(YAML_EXCLUDE_FILES), ! -path "*/$(EXCLUDE_FILE)") YAMLS := $(shell $(YAML_QUERY)) @@ -616,6 +618,30 @@ chart-operator: helm manifests: chart-operator +.PHONY: chart-operator-enterprise +chart-operator-enterprise: export CHART_NAME := kube-arangodb-enterprise +chart-operator-enterprise: helm + @mkdir -p "$(ROOTDIR)/bin/charts" + @$(HELM_PACKAGE_CMD) + +manifests: chart-operator-enterprise + +.PHONY: chart-operator-arm64 +chart-operator-arm64: export CHART_NAME := kube-arangodb-arm64 +chart-operator-arm64: helm + @mkdir -p "$(ROOTDIR)/bin/charts" + @$(HELM_PACKAGE_CMD) + +manifests: chart-operator-arm64 + +.PHONY: chart-operator-enterprise-arm64 +chart-operator-enterprise-arm64: export CHART_NAME := kube-arangodb-enterprise-arm64 +chart-operator-enterprise-arm64: helm + @mkdir -p "$(ROOTDIR)/bin/charts" + @$(HELM_PACKAGE_CMD) + +manifests: chart-operator-enterprise-arm64 + .PHONY: manifests-verify manifests-verify: $(MAKE) manifest-verify-plain-ce @@ -870,6 +896,24 @@ CRDS:=apps-job \ scheduler-profile \ analytics-graphanalyticsengine +.PHONY: sync +sync: + .PHONY: sync-crds sync-crds: @cp $(foreach FILE,$(CRDS),"$(ROOT)/chart/kube-arangodb/crds/$(FILE).yaml" ) "$(ROOT)/pkg/crd/crds/" + +sync: sync-crds + +.PHONY: sync-charts +sync-charts: + @(cd "$(ROOT)/chart/kube-arangodb"; find . -type d -not -name values.yaml -exec mkdir -p "$(ROOT)/chart/kube-arangodb-enterprise/{}" \;) + @(cd "$(ROOT)/chart/kube-arangodb"; find . -type f -not -name values.yaml -not -name Chart.yaml -exec cp "$(ROOT)/chart/kube-arangodb/{}" "$(ROOT)/chart/kube-arangodb-enterprise/{}" \;) + + @(cd "$(ROOT)/chart/kube-arangodb"; find . -type d -not -name values.yaml -exec mkdir -p "$(ROOT)/chart/kube-arangodb-enterprise-arm64/{}" \;) + @(cd "$(ROOT)/chart/kube-arangodb"; find . -type f -not -name values.yaml -not -name Chart.yaml -exec cp "$(ROOT)/chart/kube-arangodb/{}" "$(ROOT)/chart/kube-arangodb-enterprise-arm64/{}" \;) + + @(cd "$(ROOT)/chart/kube-arangodb"; find . -type d -not -name values.yaml -exec mkdir -p "$(ROOT)/chart/kube-arangodb-arm64/{}" \;) + @(cd "$(ROOT)/chart/kube-arangodb"; find . -type f -not -name values.yaml -not -name Chart.yaml -exec cp "$(ROOT)/chart/kube-arangodb/{}" "$(ROOT)/chart/kube-arangodb-arm64/{}" \;) + +sync: sync-charts diff --git a/README.md b/README.md index 6a4d83e21..1cfb291cc 100644 --- a/README.md +++ b/README.md @@ -54,17 +54,17 @@ covers individual newer features separately. | Platform | Kubernetes Version | ArangoDB Version | State | Remarks | Provider Remarks | |:--------------------|:-------------------|:-----------------|:-----------|:------------------------------------------|:-----------------------------------| -| Google GKE | 1.21-1.28 | >= 3.8.0 | Production | Don't use micro nodes | | -| Azure AKS | 1.21-1.28 | >= 3.8.0 | Production | | | -| Amazon EKS | 1.21-1.28 | >= 3.8.0 | Production | | [Amazon EKS](./docs/providers/eks) | +| Google GKE | 1.25-1.30 | >= 3.8.0 | Production | Don't use micro nodes | | +| Azure AKS | 1.25-1.30 | >= 3.8.0 | Production | | | +| Amazon EKS | 1.25-1.30 | >= 3.8.0 | Production | | [Amazon EKS](./docs/providers/eks) | | IBM Cloud | <= 1.20 | >= 3.8.0 | Deprecated | Support will be dropped in Operator 1.5.0 | | -| IBM Cloud | 1.21-1.28 | >= 3.8.0 | Production | | | +| IBM Cloud | 1.25-1.30 | >= 3.8.0 | Production | | | | OpenShift | 3.11 | >= 3.8.0 | Deprecated | Support will be dropped in Operator 1.5.0 | | | OpenShift | 4.2-4.14 | >= 3.8.0 | Production | | | | BareMetal (kubeadm) | <= 1.20 | >= 3.8.0 | Deprecated | Support will be dropped in Operator 1.5.0 | | -| BareMetal (kubeadm) | 1.21-1.28 | >= 3.8.0 | Production | | | -| Minikube | 1.21-1.28 | >= 3.8.0 | Devel Only | | | -| Other | 1.21-1.28 | >= 3.8.0 | Devel Only | | | +| BareMetal (kubeadm) | 1.25-1.30 | >= 3.8.0 | Production | | | +| Minikube | 1.25-1.30 | >= 3.8.0 | Devel Only | | | +| Other | 1.25-1.30 | >= 3.8.0 | Devel Only | | | [END_INJECT]: # (kubernetesVersionsTable) @@ -285,6 +285,32 @@ resources: Only use this procedure for clean installation of the operator. For upgrades see next section +#### From Chart Repository + +##### Chart Installation + +```bash +# Add helm repository +helm repo add kube-arangodb https://arangodb.github.io/kube-arangodb +``` + +##### Community Edition +```bash +# The following will install the operator and basic CRDs resources. +helm install --generate-name kube-arangodb/kube-arangodb +# To use `ArangoLocalStorage`, set field `operator.features.storage` to true +helm install --generate-name kube-arangodb/kube-arangodb --set "operator.features.storage=true" +``` + +##### Enterprise Edition +```bash +helm install --generate-name kube-arangodb/kube-arangodb-enterprise +# To use `ArangoLocalStorage`, set field `operator.features.storage` to true +helm install --generate-name kube-arangodb/kube-arangodb-enterprise --set "operator.features.storage=true" +``` + +#### From Chart Release + ##### Community Edition ```bash # The following will install the operator and basic CRDs resources. @@ -296,9 +322,9 @@ helm install --generate-name https://github.com/arangodb/kube-arangodb/releases/ ##### Enterprise Edition ```bash # The following will install the operator and basic CRDs resources. -helm install --generate-name https://github.com/arangodb/kube-arangodb/releases/download/1.2.41/kube-arangodb-1.2.41.tgz --set "operator.image=arangodb/kube-arangodb-enterprise:1.2.41" +helm install --generate-name https://github.com/arangodb/kube-arangodb/releases/download/1.2.41/kube-arangodb-enterprise-1.2.41.tgz # To use `ArangoLocalStorage`, set field `operator.features.storage` to true -helm install --generate-name https://github.com/arangodb/kube-arangodb/releases/download/1.2.41/kube-arangodb-1.2.41.tgz --set "operator.image=arangodb/kube-arangodb-enterprise:1.2.41" --set "operator.features.storage=true" +helm install --generate-name https://github.com/arangodb/kube-arangodb/releases/download/1.2.41/kube-arangodb-enterprise-1.2.41.tgz --set "operator.features.storage=true" ``` ### Upgrading the operator using Helm @@ -335,9 +361,9 @@ helm install --generate-name https://github.com/arangodb/kube-arangodb/releases/ ##### Enterprise Edition ```bash # The following will install the operator and basic CRDs resources. -helm install --generate-name https://github.com/arangodb/kube-arangodb/releases/download/1.2.41/kube-arangodb-1.2.41.tgz --set "operator.image=arangodb/kube-arangodb-enterprise:1.2.41" +helm install --generate-name https://github.com/arangodb/kube-arangodb/releases/download/1.2.41/kube-arangodb-enterprise-1.2.41.tgz # To use `ArangoLocalStorage`, set field `operator.features.storage` to true -helm install --generate-name https://github.com/arangodb/kube-arangodb/releases/download/1.2.41/kube-arangodb-1.2.41.tgz --set "operator.image=arangodb/kube-arangodb-enterprise:1.2.41" --set "operator.features.storage=true" +helm install --generate-name https://github.com/arangodb/kube-arangodb/releases/download/1.2.41/kube-arangodb-enterprise-1.2.41.tgz --set "operator.features.storage=true" ``` ## Building diff --git a/chart/kube-arangodb-arm64/Chart.yaml b/chart/kube-arangodb-arm64/Chart.yaml new file mode 100644 index 000000000..2bc6c35f5 --- /dev/null +++ b/chart/kube-arangodb-arm64/Chart.yaml @@ -0,0 +1,5 @@ +# do not switch to V2 yet - we still need to support Helm 2 +apiVersion: v1 +name: kube-arangodb-arm64 +version: 1.2.41 +description: "ArangoDB Kubernetes Operator with ARM64 defaults" diff --git a/chart/kube-arangodb-arm64/LICENSE b/chart/kube-arangodb-arm64/LICENSE new file mode 100644 index 000000000..79013b689 --- /dev/null +++ b/chart/kube-arangodb-arm64/LICENSE @@ -0,0 +1,15 @@ +Copyright 2016-2022 ArangoDB GmbH, Cologne, Germany + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + +http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. + +Copyright holder is ArangoDB GmbH, Cologne, Germany \ No newline at end of file diff --git a/chart/kube-arangodb-arm64/README.md b/chart/kube-arangodb-arm64/README.md new file mode 100644 index 000000000..a912db933 --- /dev/null +++ b/chart/kube-arangodb-arm64/README.md @@ -0,0 +1,206 @@ +# Introduction + +Kubernetes ArangoDB Operator. + +# Chart Details + +Chart will install fully operational ArangoDB Kubernetes Operator. + +# Resources Required + +In default installation deployment with 1 pod will be created. The operator pod require 256MB of ram and 250m of CPU. + +# Installing the Chart + +Chart can be installed in two methods: +- With all Operators in single Helm Release +- One Helm Release per Operator + +Possible Operators: +- `ArangoDeployment` - enabled by default +- `ArangoDeploymentReplications` - enabled by default +- `ArangoLocalStorage` - disabled by default +- `ArangoBackup` - disabled by default +- `ArangoJob` - disabled by default +- `ArangoClusterSynchronization` - disabled by default + +To install Operators in mode "One per Helm Release" we can use: + +``` +helm install --name arango-deployment kube-arangodb.tar.gz \ + --set operator.features.deployment=true \ + --set operator.features.deploymentReplications=false \ + --set operator.features.storage=false \ + --set operator.features.backup=false \ + --set operator.features.apps=false \ + --set operator.features.k8sToK8sClusterSync=false +``` + + +# Configuration + +### `operator.image` + +Image used for the ArangoDB Operator. + +Default: `arangodb/kube-arangodb:latest` + +### `operator.imagePullPolicy` + +Image pull policy for Operator images. + +Default: `IfNotPresent` + +### `operator.imagePullSecrets` + +List of the Image Pull Secrets for Operator images. + +Default: `[]string` + +### `operator.scope` + +Scope on which Operator will be configured. + +Default: `legacy` + +Supported modes: +- `legacy` - mode with limited cluster scope access +- `namespaced` - mode with namespace access only + +### `operator.service.type` + +Type of the Operator service. + +Default: `ClusterIP` + +### `operator.annotations` + +Annotations passed to the Operator Deployment definition. + +Default: `[]string` + +### `operator.resources.limits.cpu` + +CPU limits for operator pods. + +Default: `1` + +### `operator.resources.limits.memory` + +Memory limits for operator pods. + +Default: `256Mi` + +### `operator.resources.requested.cpu` + +Requested CPI by Operator pods. + +Default: `250m` + +### `operator.resources.requested.memory` + +Requested memory for operator pods. + +Default: `256Mi` + +### `operator.nodeSelector` + +NodeSelector for Deployment pods. + +Default: `{}` + +### `operator.tolerations` + +Tolerations for Deployment pods. + +There is built in configuration (can not be changed): +```yaml +tolerations: +- key: "node.kubernetes.io/unreachable" + operator: "Exists" + effect: "NoExecute" + tolerationSeconds: 5 +- key: "node.kubernetes.io/not-ready" + operator: "Exists" + effect: "NoExecute" + tolerationSeconds: 5 +``` + +which can be extended by additional entries e.g.: +```yaml +tolerations: +- key: devops + operator: Exists + effect: NoSchedule +``` +Default (empty): `[]` + +### `operator.securityContext.runAsUser` + +Controls which user ID the containers are run with. + +Default: `1000` + +### `operator.replicaCount` + +Replication count for Operator deployment. + +Default: `1` + +### `operator.updateStrategy` + +Update strategy for operator pod. + +Default: `Recreate` + +### `operator.features.deployment` + +Define if ArangoDeployment Operator should be enabled. + +Default: `true` + +### `operator.features.deploymentReplications` + +Define if ArangoDeploymentReplications Operator should be enabled. + +Default: `true` + +### `operator.features.storage` + +Define if ArangoLocalStorage Operator should be enabled. + +Default: `false` + +### `operator.features.backup` + +Define if ArangoBackup Operator should be enabled. + +Default: `false` + +### `operator.features.apps` + +Define if ArangoJob Operator should be enabled. + +Default: `false` + +### `operator.features.k8sToK8sClusterSync` + +Define if ArangoClusterSynchronization Operator should be enabled. + +Default: `false` + +### `rbac.enabled` + +Define if RBAC should be enabled. + +Default: `true` + +### `operator.architectures` + +List of supported architectures. + +Default: `[]string{"amd64"}` + +# Limitations + +N/A \ No newline at end of file diff --git a/chart/kube-arangodb-arm64/crds/analytics-graphanalyticsengine.yaml b/chart/kube-arangodb-arm64/crds/analytics-graphanalyticsengine.yaml new file mode 100644 index 000000000..cac5e6f51 --- /dev/null +++ b/chart/kube-arangodb-arm64/crds/analytics-graphanalyticsengine.yaml @@ -0,0 +1,22 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: graphanalyticsengines.analytics.arangodb.com +spec: + group: analytics.arangodb.com + names: + kind: GraphAnalyticsEngine + listKind: GraphAnalyticsEngineList + plural: graphanalyticsengines + singular: graphanalyticsengine + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + type: object + x-kubernetes-preserve-unknown-fields: true + served: true + storage: true + subresources: + status: {} diff --git a/chart/kube-arangodb-arm64/crds/apps-job.yaml b/chart/kube-arangodb-arm64/crds/apps-job.yaml new file mode 100644 index 000000000..9f0800fc2 --- /dev/null +++ b/chart/kube-arangodb-arm64/crds/apps-job.yaml @@ -0,0 +1,29 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: arangojobs.apps.arangodb.com +spec: + group: apps.arangodb.com + names: + kind: ArangoJob + listKind: ArangoJobList + plural: arangojobs + singular: arangojob + shortNames: + - arangojob + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + type: object + x-kubernetes-preserve-unknown-fields: true + served: true + storage: true + additionalPrinterColumns: + - jsonPath: .spec.arangoDeploymentName + description: Deployment name + name: ArangoDeploymentName + type: string + subresources: + status: {} diff --git a/chart/kube-arangodb-arm64/crds/backups-backup.yaml b/chart/kube-arangodb-arm64/crds/backups-backup.yaml new file mode 100644 index 000000000..577574362 --- /dev/null +++ b/chart/kube-arangodb-arm64/crds/backups-backup.yaml @@ -0,0 +1,103 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: arangobackups.backup.arangodb.com +spec: + group: backup.arangodb.com + names: + kind: ArangoBackup + listKind: ArangoBackupList + plural: arangobackups + shortNames: + - arangobackup + singular: arangobackup + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + type: object + x-kubernetes-preserve-unknown-fields: true + served: true + storage: true + additionalPrinterColumns: + - jsonPath: .spec.policyName + description: Policy name + name: Policy + type: string + - jsonPath: .spec.deployment.name + description: Deployment name + name: Deployment + type: string + - jsonPath: .status.backup.version + description: Backup Version + name: Version + type: string + - jsonPath: .status.backup.createdAt + description: Backup Creation Timestamp + name: Created + type: string + - jsonPath: .status.backup.sizeInBytes + description: Backup Size in Bytes + name: Size + type: integer + format: byte + - jsonPath: .status.backup.numberOfDBServers + description: Backup Number of the DB Servers + name: DBServers + type: integer + - jsonPath: .status.state + description: The actual state of the ArangoBackup + name: State + type: string + - jsonPath: .status.message + priority: 1 + description: Message of the ArangoBackup object + name: Message + type: string + subresources: + status: {} + - name: v1alpha + schema: + openAPIV3Schema: + type: object + x-kubernetes-preserve-unknown-fields: true + served: true + storage: false + additionalPrinterColumns: + - jsonPath: .spec.policyName + description: Policy name + name: Policy + type: string + - jsonPath: .spec.deployment.name + description: Deployment name + name: Deployment + type: string + - jsonPath: .status.backup.version + description: Backup Version + name: Version + type: string + - jsonPath: .status.backup.createdAt + description: Backup Creation Timestamp + name: Created + type: string + - jsonPath: .status.backup.sizeInBytes + description: Backup Size in Bytes + name: Size + type: integer + format: byte + - jsonPath: .status.backup.numberOfDBServers + description: Backup Number of the DB Servers + name: DBServers + type: integer + - jsonPath: .status.state + description: The actual state of the ArangoBackup + name: State + type: string + - jsonPath: .status.message + priority: 1 + description: Message of the ArangoBackup object + name: Message + type: string + subresources: + status: {} diff --git a/chart/kube-arangodb-arm64/crds/backups-backuppolicy.yaml b/chart/kube-arangodb-arm64/crds/backups-backuppolicy.yaml new file mode 100644 index 000000000..e0ca6c623 --- /dev/null +++ b/chart/kube-arangodb-arm64/crds/backups-backuppolicy.yaml @@ -0,0 +1,62 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: arangobackuppolicies.backup.arangodb.com +spec: + group: backup.arangodb.com + names: + kind: ArangoBackupPolicy + listKind: ArangoBackupPolicyList + plural: arangobackuppolicies + shortNames: + - arangobackuppolicy + - arangobp + singular: arangobackuppolicy + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + type: object + x-kubernetes-preserve-unknown-fields: true + served: true + storage: true + additionalPrinterColumns: + - jsonPath: .spec.schedule + description: Schedule + name: Schedule + type: string + - jsonPath: .status.scheduled + description: Scheduled + name: Scheduled + type: string + - jsonPath: .status.message + priority: 1 + description: Message of the ArangoBackupPolicy object + name: Message + type: string + subresources: + status: {} + - name: v1alpha + schema: + openAPIV3Schema: + type: object + x-kubernetes-preserve-unknown-fields: true + served: true + storage: false + additionalPrinterColumns: + - jsonPath: .spec.schedule + description: Schedule + name: Schedule + type: string + - jsonPath: .status.scheduled + description: Scheduled + name: Scheduled + type: string + - jsonPath: .status.message + priority: 1 + description: Message of the ArangoBackupPolicy object + name: Message + type: string + subresources: + status: {} diff --git a/chart/kube-arangodb-arm64/crds/database-clustersynchronization.yaml b/chart/kube-arangodb-arm64/crds/database-clustersynchronization.yaml new file mode 100644 index 000000000..e8d799d30 --- /dev/null +++ b/chart/kube-arangodb-arm64/crds/database-clustersynchronization.yaml @@ -0,0 +1,33 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: arangoclustersynchronizations.database.arangodb.com +spec: + group: database.arangodb.com + names: + kind: ArangoClusterSynchronization + listKind: ArangoClusterSynchronizationList + plural: arangoclustersynchronizations + singular: arangoclustersynchronization + shortNames: + - arangoclustersync + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + type: object + x-kubernetes-preserve-unknown-fields: true + served: true + storage: true + subresources: + status: {} + - name: v2alpha1 + schema: + openAPIV3Schema: + type: object + x-kubernetes-preserve-unknown-fields: true + served: true + storage: false + subresources: + status: {} diff --git a/chart/kube-arangodb-arm64/crds/database-deployment.yaml b/chart/kube-arangodb-arm64/crds/database-deployment.yaml new file mode 100644 index 000000000..22f9d1acf --- /dev/null +++ b/chart/kube-arangodb-arm64/crds/database-deployment.yaml @@ -0,0 +1,39 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: arangodeployments.database.arangodb.com +spec: + group: database.arangodb.com + names: + kind: ArangoDeployment + listKind: ArangoDeploymentList + plural: arangodeployments + shortNames: + - arangodb + - arango + singular: arangodeployment + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + type: object + x-kubernetes-preserve-unknown-fields: true + served: true + storage: true + - name: v1alpha + schema: + openAPIV3Schema: + type: object + x-kubernetes-preserve-unknown-fields: true + served: true + storage: false + - name: v2alpha1 + schema: + openAPIV3Schema: + type: object + x-kubernetes-preserve-unknown-fields: true + served: true + storage: false + subresources: + status: {} diff --git a/chart/kube-arangodb-arm64/crds/database-member.yaml b/chart/kube-arangodb-arm64/crds/database-member.yaml new file mode 100644 index 000000000..214f5d207 --- /dev/null +++ b/chart/kube-arangodb-arm64/crds/database-member.yaml @@ -0,0 +1,33 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: arangomembers.database.arangodb.com +spec: + group: database.arangodb.com + names: + kind: ArangoMember + listKind: ArangoMemberList + plural: arangomembers + shortNames: + - arangomembers + singular: arangomember + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + type: object + x-kubernetes-preserve-unknown-fields: true + served: true + storage: true + subresources: + status: {} + - name: v2alpha1 + schema: + openAPIV3Schema: + type: object + x-kubernetes-preserve-unknown-fields: true + served: true + storage: false + subresources: + status: {} diff --git a/chart/kube-arangodb-arm64/crds/database-task.yaml b/chart/kube-arangodb-arm64/crds/database-task.yaml new file mode 100644 index 000000000..85d452000 --- /dev/null +++ b/chart/kube-arangodb-arm64/crds/database-task.yaml @@ -0,0 +1,36 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: arangotasks.database.arangodb.com +spec: + group: database.arangodb.com + names: + kind: ArangoTask + listKind: ArangoTaskList + plural: arangotasks + singular: arangotask + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + type: object + x-kubernetes-preserve-unknown-fields: true + served: true + storage: true + - name: v1alpha + schema: + openAPIV3Schema: + type: object + x-kubernetes-preserve-unknown-fields: true + served: true + storage: false + - name: v2alpha1 + schema: + openAPIV3Schema: + type: object + x-kubernetes-preserve-unknown-fields: true + served: true + storage: false + subresources: + status: {} diff --git a/chart/kube-arangodb-arm64/crds/ml-extension.yaml b/chart/kube-arangodb-arm64/crds/ml-extension.yaml new file mode 100644 index 000000000..1ba50dd8c --- /dev/null +++ b/chart/kube-arangodb-arm64/crds/ml-extension.yaml @@ -0,0 +1,31 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: arangomlextensions.ml.arangodb.com +spec: + group: ml.arangodb.com + names: + kind: ArangoMLExtension + listKind: ArangoMLExtensionList + plural: arangomlextensions + singular: arangomlextension + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + type: object + x-kubernetes-preserve-unknown-fields: true + served: true + storage: false + subresources: + status: {} + - name: v1beta1 + schema: + openAPIV3Schema: + type: object + x-kubernetes-preserve-unknown-fields: true + served: true + storage: true + subresources: + status: {} diff --git a/chart/kube-arangodb-arm64/crds/ml-job-batch.yaml b/chart/kube-arangodb-arm64/crds/ml-job-batch.yaml new file mode 100644 index 000000000..5fbaa6e13 --- /dev/null +++ b/chart/kube-arangodb-arm64/crds/ml-job-batch.yaml @@ -0,0 +1,22 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: arangomlbatchjobs.ml.arangodb.com +spec: + group: ml.arangodb.com + names: + kind: ArangoMLBatchJob + listKind: ArangoMLBatchJobList + plural: arangomlbatchjobs + singular: arangomlbatchjob + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + type: object + x-kubernetes-preserve-unknown-fields: true + served: true + storage: true + subresources: + status: {} diff --git a/chart/kube-arangodb-arm64/crds/ml-job-cron.yaml b/chart/kube-arangodb-arm64/crds/ml-job-cron.yaml new file mode 100644 index 000000000..e6c7c5b2f --- /dev/null +++ b/chart/kube-arangodb-arm64/crds/ml-job-cron.yaml @@ -0,0 +1,22 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: arangomlcronjobs.ml.arangodb.com +spec: + group: ml.arangodb.com + names: + kind: ArangoMLCronJob + listKind: ArangoMLCronJobList + plural: arangomlcronjobs + singular: arangomlcronjob + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + type: object + x-kubernetes-preserve-unknown-fields: true + served: true + storage: true + subresources: + status: {} diff --git a/chart/kube-arangodb-arm64/crds/ml-storage.yaml b/chart/kube-arangodb-arm64/crds/ml-storage.yaml new file mode 100644 index 000000000..01b23a672 --- /dev/null +++ b/chart/kube-arangodb-arm64/crds/ml-storage.yaml @@ -0,0 +1,31 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: arangomlstorages.ml.arangodb.com +spec: + group: ml.arangodb.com + names: + kind: ArangoMLStorage + listKind: ArangoMLStorageList + plural: arangomlstorages + singular: arangomlstorage + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + type: object + x-kubernetes-preserve-unknown-fields: true + served: true + storage: false + subresources: + status: {} + - name: v1beta1 + schema: + openAPIV3Schema: + type: object + x-kubernetes-preserve-unknown-fields: true + served: true + storage: true + subresources: + status: {} diff --git a/chart/kube-arangodb-arm64/crds/replication-deploymentreplication.yaml b/chart/kube-arangodb-arm64/crds/replication-deploymentreplication.yaml new file mode 100644 index 000000000..e3918b355 --- /dev/null +++ b/chart/kube-arangodb-arm64/crds/replication-deploymentreplication.yaml @@ -0,0 +1,38 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: arangodeploymentreplications.replication.database.arangodb.com +spec: + group: replication.database.arangodb.com + names: + kind: ArangoDeploymentReplication + listKind: ArangoDeploymentReplicationList + plural: arangodeploymentreplications + shortNames: + - arangorepl + singular: arangodeploymentreplication + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + type: object + x-kubernetes-preserve-unknown-fields: true + served: true + storage: true + - name: v1alpha + schema: + openAPIV3Schema: + type: object + x-kubernetes-preserve-unknown-fields: true + served: true + storage: false + - name: v2alpha1 + schema: + openAPIV3Schema: + type: object + x-kubernetes-preserve-unknown-fields: true + served: true + storage: false + subresources: + status: {} diff --git a/chart/kube-arangodb-arm64/crds/scheduler-profile.yaml b/chart/kube-arangodb-arm64/crds/scheduler-profile.yaml new file mode 100644 index 000000000..2be38f32a --- /dev/null +++ b/chart/kube-arangodb-arm64/crds/scheduler-profile.yaml @@ -0,0 +1,31 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: arangoprofiles.scheduler.arangodb.com +spec: + group: scheduler.arangodb.com + names: + kind: ArangoProfile + listKind: ArangoProfileList + plural: arangoprofiles + singular: arangoprofile + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + type: object + x-kubernetes-preserve-unknown-fields: true + served: true + storage: false + subresources: + status: {} + - name: v1beta1 + schema: + openAPIV3Schema: + type: object + x-kubernetes-preserve-unknown-fields: true + served: true + storage: true + subresources: + status: {} diff --git a/chart/kube-arangodb-arm64/templates/NOTES.txt b/chart/kube-arangodb-arm64/templates/NOTES.txt new file mode 100644 index 000000000..f45cab92e --- /dev/null +++ b/chart/kube-arangodb-arm64/templates/NOTES.txt @@ -0,0 +1,7 @@ +You have installed Kubernetes ArangoDB Operator in version {{ .Chart.Version }} + +To access ArangoDeployments you can use: + +kubectl --namespace "{{ .Release.Namespace }}" get arangodeployments + +More details can be found on https://github.com/arangodb/kube-arangodb/tree/{{ .Chart.Version }}/docs \ No newline at end of file diff --git a/chart/kube-arangodb-arm64/templates/_helpers.tpl b/chart/kube-arangodb-arm64/templates/_helpers.tpl new file mode 100644 index 000000000..ab2edeb91 --- /dev/null +++ b/chart/kube-arangodb-arm64/templates/_helpers.tpl @@ -0,0 +1,47 @@ +{{/* vim: set filetype=mustache: */}} + +{{/* +Expand the name of the chart. +*/}} +{{- define "kube-arangodb.name" -}} +{{- printf "%s" .Chart.Name | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Expand the name of the release. +*/}} +{{- define "kube-arangodb.releaseName" -}} +{{- printf "%s" .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Expand the name of the operator. +*/}} +{{- define "kube-arangodb.operatorName" -}} +{{- printf "arango-%s-operator" .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Combine name of the deployment. +*/}} +{{- define "kube-arangodb.fullName" -}} +{{- printf "%s-%s" .Chart.Name .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create the name of the Operator RBAC role +*/}} +{{- define "kube-arangodb.rbac" -}} +{{- printf "%s-%s" (include "kube-arangodb.operatorName" .) "rbac" | trunc 95 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create the name of the Operator Cluster resources +*/}} +{{- define "kube-arangodb.rbac-cluster" -}} +{{- if eq .Release.Namespace "default" -}} +{{- printf "%s-rbac" (include "kube-arangodb.operatorName" .) | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s-rbac" (include "kube-arangodb.operatorName" .) .Release.Namespace | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} diff --git a/chart/kube-arangodb-arm64/templates/analytics-operator/cluster-role-binding.yaml b/chart/kube-arangodb-arm64/templates/analytics-operator/cluster-role-binding.yaml new file mode 100644 index 000000000..201c4915b --- /dev/null +++ b/chart/kube-arangodb-arm64/templates/analytics-operator/cluster-role-binding.yaml @@ -0,0 +1,26 @@ +{{ if .Values.rbac.enabled -}} +{{ if not (eq .Values.operator.scope "namespaced") -}} +{{ if .Values.operator.features.analytics -}} + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "kube-arangodb.rbac-cluster" . }}-analytics + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "kube-arangodb.rbac-cluster" . }}-analytics +subjects: + - kind: ServiceAccount + name: {{ template "kube-arangodb.operatorName" . }} + namespace: {{ .Release.Namespace }} + +{{- end }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/chart/kube-arangodb-arm64/templates/analytics-operator/cluster-role.yaml b/chart/kube-arangodb-arm64/templates/analytics-operator/cluster-role.yaml new file mode 100644 index 000000000..76ac5ee99 --- /dev/null +++ b/chart/kube-arangodb-arm64/templates/analytics-operator/cluster-role.yaml @@ -0,0 +1,22 @@ +{{ if .Values.rbac.enabled -}} +{{ if not (eq .Values.operator.scope "namespaced") -}} +{{ if .Values.operator.features.analytics -}} + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "kube-arangodb.rbac-cluster" . }}-analytics + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} +rules: + - apiGroups: ["apiextensions.k8s.io"] + resources: ["customresourcedefinitions"] + verbs: ["get", "list", "watch"] + +{{- end }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/chart/kube-arangodb-arm64/templates/analytics-operator/role-binding.yaml b/chart/kube-arangodb-arm64/templates/analytics-operator/role-binding.yaml new file mode 100644 index 000000000..9fd0877f4 --- /dev/null +++ b/chart/kube-arangodb-arm64/templates/analytics-operator/role-binding.yaml @@ -0,0 +1,25 @@ +{{ if .Values.rbac.enabled -}} +{{ if .Values.operator.features.analytics -}} + +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ template "kube-arangodb.rbac" . }}-analytics + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ template "kube-arangodb.rbac" . }}-analytics +subjects: + - kind: ServiceAccount + name: {{ template "kube-arangodb.operatorName" . }} + namespace: {{ .Release.Namespace }} + +{{- end }} +{{- end }} \ No newline at end of file diff --git a/chart/kube-arangodb-arm64/templates/analytics-operator/role.yaml b/chart/kube-arangodb-arm64/templates/analytics-operator/role.yaml new file mode 100644 index 000000000..84e6cba2f --- /dev/null +++ b/chart/kube-arangodb-arm64/templates/analytics-operator/role.yaml @@ -0,0 +1,41 @@ +{{ if .Values.rbac.enabled -}} +{{ if .Values.operator.features.analytics -}} + +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ template "kube-arangodb.rbac" . }}-analytics + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} +rules: + - apiGroups: + - "analytics.arangodb.com" + resources: + - "graphanalyticsengines" + - "graphanalyticsengines/status" + verbs: + - "*" + - apiGroups: + - "database.arangodb.com" + resources: + - "arangodeployments" + verbs: + - "get" + - "list" + - "watch" + - apiGroups: ["apps"] + resources: + - "statefulsets" + verbs: ["*"] + - apiGroups: [ "" ] + resources: + - "secrets" + - "services" + verbs: [ "*" ] +{{- end }} +{{- end }} \ No newline at end of file diff --git a/chart/kube-arangodb-arm64/templates/apps-operator/cluster-role-binding.yaml b/chart/kube-arangodb-arm64/templates/apps-operator/cluster-role-binding.yaml new file mode 100644 index 000000000..785c6e886 --- /dev/null +++ b/chart/kube-arangodb-arm64/templates/apps-operator/cluster-role-binding.yaml @@ -0,0 +1,26 @@ +{{ if .Values.rbac.enabled -}} +{{ if not (eq .Values.operator.scope "namespaced") -}} +{{ if .Values.operator.features.apps -}} + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "kube-arangodb.rbac-cluster" . }}-apps + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "kube-arangodb.rbac-cluster" . }}-apps +subjects: + - kind: ServiceAccount + name: {{ template "kube-arangodb.operatorName" . }} + namespace: {{ .Release.Namespace }} + +{{- end }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/chart/kube-arangodb-arm64/templates/apps-operator/cluster-role.yaml b/chart/kube-arangodb-arm64/templates/apps-operator/cluster-role.yaml new file mode 100644 index 000000000..4789de945 --- /dev/null +++ b/chart/kube-arangodb-arm64/templates/apps-operator/cluster-role.yaml @@ -0,0 +1,22 @@ +{{ if .Values.rbac.enabled -}} +{{ if not (eq .Values.operator.scope "namespaced") -}} +{{ if .Values.operator.features.apps -}} + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "kube-arangodb.rbac-cluster" . }}-apps + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} +rules: + - apiGroups: ["apiextensions.k8s.io"] + resources: ["customresourcedefinitions"] + verbs: ["get", "list", "watch"] + +{{- end }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/chart/kube-arangodb-arm64/templates/apps-operator/role-binding.yaml b/chart/kube-arangodb-arm64/templates/apps-operator/role-binding.yaml new file mode 100644 index 000000000..dbd9fc636 --- /dev/null +++ b/chart/kube-arangodb-arm64/templates/apps-operator/role-binding.yaml @@ -0,0 +1,47 @@ +{{ if .Values.rbac.enabled -}} +{{ if .Values.operator.features.apps -}} + +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ template "kube-arangodb.rbac" . }}-apps + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ template "kube-arangodb.rbac" . }}-apps +subjects: + - kind: ServiceAccount + name: {{ template "kube-arangodb.operatorName" . }} + namespace: {{ .Release.Namespace }} + +--- + +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ template "kube-arangodb.rbac" . }}-job + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ template "kube-arangodb.rbac" . }}-job +subjects: + - kind: ServiceAccount + name: {{ template "kube-arangodb.operatorName" . }}-job + namespace: {{ .Release.Namespace }} + +{{- end }} +{{- end }} \ No newline at end of file diff --git a/chart/kube-arangodb-arm64/templates/apps-operator/role.yaml b/chart/kube-arangodb-arm64/templates/apps-operator/role.yaml new file mode 100644 index 000000000..63df49055 --- /dev/null +++ b/chart/kube-arangodb-arm64/templates/apps-operator/role.yaml @@ -0,0 +1,54 @@ +{{ if .Values.rbac.enabled -}} +{{ if .Values.operator.features.apps -}} + +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ template "kube-arangodb.rbac" . }}-apps + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} +rules: + - apiGroups: [""] + resources: ["pods", "services", "endpoints"] + verbs: ["get", "update"] + - apiGroups: [""] + resources: ["events"] + verbs: ["*"] + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get"] + - apiGroups: ["apps"] + resources: ["deployments", "replicasets"] + verbs: ["get"] + - apiGroups: ["batch"] + resources: ["jobs"] + verbs: ["*"] + - apiGroups: ["database.arangodb.com"] + resources: ["arangodeployments"] + verbs: ["get", "list", "watch"] + - apiGroups: ["apps.arangodb.com"] + resources: ["arangojobs","arangojobs/status"] + verbs: ["*"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ template "kube-arangodb.rbac" . }}-job + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} +rules: + - apiGroups: ["database.arangodb.com"] + resources: ["arangodeployments"] + verbs: ["get", "list", "watch"] +{{- end }} +{{- end }} \ No newline at end of file diff --git a/chart/kube-arangodb-arm64/templates/apps-operator/service-account-job.yaml b/chart/kube-arangodb-arm64/templates/apps-operator/service-account-job.yaml new file mode 100644 index 000000000..07ae08095 --- /dev/null +++ b/chart/kube-arangodb-arm64/templates/apps-operator/service-account-job.yaml @@ -0,0 +1,19 @@ +{{ if .Values.operator.features.apps -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "kube-arangodb.operatorName" . }}-job + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} +{{- if .Values.operator.imagePullSecrets }} +imagePullSecrets: +{{- range .Values.operator.imagePullSecrets }} + - name: {{ . }} +{{- end }} +{{- end }} +{{- end }} diff --git a/chart/kube-arangodb-arm64/templates/backup-operator/cluster-role-binding.yaml b/chart/kube-arangodb-arm64/templates/backup-operator/cluster-role-binding.yaml new file mode 100644 index 000000000..4f1c23cff --- /dev/null +++ b/chart/kube-arangodb-arm64/templates/backup-operator/cluster-role-binding.yaml @@ -0,0 +1,26 @@ +{{ if .Values.rbac.enabled -}} +{{ if not (eq .Values.operator.scope "namespaced") -}} +{{ if .Values.operator.features.backup -}} + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "kube-arangodb.rbac-cluster" . }}-backup + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "kube-arangodb.rbac-cluster" . }}-backup +subjects: + - kind: ServiceAccount + name: {{ template "kube-arangodb.operatorName" . }} + namespace: {{ .Release.Namespace }} + +{{- end }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/chart/kube-arangodb-arm64/templates/backup-operator/cluster-role.yaml b/chart/kube-arangodb-arm64/templates/backup-operator/cluster-role.yaml new file mode 100644 index 000000000..a1c011982 --- /dev/null +++ b/chart/kube-arangodb-arm64/templates/backup-operator/cluster-role.yaml @@ -0,0 +1,22 @@ +{{ if .Values.rbac.enabled -}} +{{ if not (eq .Values.operator.scope "namespaced") -}} +{{ if .Values.operator.features.backup -}} + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "kube-arangodb.rbac-cluster" . }}-backup + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} +rules: + - apiGroups: ["apiextensions.k8s.io"] + resources: ["customresourcedefinitions"] + verbs: ["get", "list", "watch"] + +{{- end }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/chart/kube-arangodb-arm64/templates/backup-operator/role-binding.yaml b/chart/kube-arangodb-arm64/templates/backup-operator/role-binding.yaml new file mode 100644 index 000000000..679902669 --- /dev/null +++ b/chart/kube-arangodb-arm64/templates/backup-operator/role-binding.yaml @@ -0,0 +1,25 @@ +{{ if .Values.rbac.enabled -}} +{{ if .Values.operator.features.backup -}} + +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ template "kube-arangodb.rbac" . }}-backup + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ template "kube-arangodb.rbac" . }}-backup +subjects: + - kind: ServiceAccount + name: {{ template "kube-arangodb.operatorName" . }} + namespace: {{ .Release.Namespace }} + +{{- end }} +{{- end }} \ No newline at end of file diff --git a/chart/kube-arangodb-arm64/templates/backup-operator/role.yaml b/chart/kube-arangodb-arm64/templates/backup-operator/role.yaml new file mode 100644 index 000000000..8d4aff472 --- /dev/null +++ b/chart/kube-arangodb-arm64/templates/backup-operator/role.yaml @@ -0,0 +1,35 @@ +{{ if .Values.rbac.enabled -}} +{{ if .Values.operator.features.backup -}} + +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ template "kube-arangodb.rbac" . }}-backup + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} +rules: + - apiGroups: [""] + resources: ["pods", "services", "endpoints"] + verbs: ["get", "update"] + - apiGroups: [""] + resources: ["events"] + verbs: ["*"] + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get"] + - apiGroups: ["apps"] + resources: ["deployments", "replicasets"] + verbs: ["get"] + - apiGroups: ["backup.arangodb.com"] + resources: ["arangobackuppolicies", "arangobackuppolicies/status", "arangobackups", "arangobackups/status"] + verbs: ["*"] + - apiGroups: ["database.arangodb.com"] + resources: ["arangodeployments"] + verbs: ["get", "list", "watch"] +{{- end }} +{{- end }} \ No newline at end of file diff --git a/chart/kube-arangodb-arm64/templates/crd/cluster-role-binding.yaml b/chart/kube-arangodb-arm64/templates/crd/cluster-role-binding.yaml new file mode 100644 index 000000000..a0355a66f --- /dev/null +++ b/chart/kube-arangodb-arm64/templates/crd/cluster-role-binding.yaml @@ -0,0 +1,26 @@ +{{ if .Values.rbac.enabled -}} +{{ if not (eq .Values.operator.scope "namespaced") -}} +{{ if .Values.operator.enableCRDManagement -}} + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "kube-arangodb.rbac-cluster" . }}-crd + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "kube-arangodb.rbac-cluster" . }}-crd +subjects: + - kind: ServiceAccount + name: {{ template "kube-arangodb.operatorName" . }} + namespace: {{ .Release.Namespace }} + +{{- end }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/chart/kube-arangodb-arm64/templates/crd/cluster-role.yaml b/chart/kube-arangodb-arm64/templates/crd/cluster-role.yaml new file mode 100644 index 000000000..894674ced --- /dev/null +++ b/chart/kube-arangodb-arm64/templates/crd/cluster-role.yaml @@ -0,0 +1,32 @@ +{{ if .Values.rbac.enabled -}} +{{ if not (eq .Values.operator.scope "namespaced") -}} +{{ if .Values.operator.enableCRDManagement -}} + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "kube-arangodb.rbac-cluster" . }}-crd + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} +rules: + - apiGroups: ["apiextensions.k8s.io"] + resources: ["customresourcedefinitions"] + verbs: ["get", "list", "watch", "update", "delete"] + resourceNames: + - "arangodeployments.database.arangodb.com" + - "arangoclustersynchronizations.database.arangodb.com" + - "arangomembers.database.arangodb.com" + - "arangotasks.database.arangodb.com" + - "arangodeploymentreplications.replication.database.arangodb.com" + - "arangobackups.backup.arangodb.com" + - "arangobackuppolicies.backup.arangodb.com" + - "arangojobs.apps.arangodb.com" + - "arangolocalstorages.storage.arangodb.com" + +{{- end }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/chart/kube-arangodb-arm64/templates/deployment-operator/cluster-role-binding.yaml b/chart/kube-arangodb-arm64/templates/deployment-operator/cluster-role-binding.yaml new file mode 100644 index 000000000..5e3261c21 --- /dev/null +++ b/chart/kube-arangodb-arm64/templates/deployment-operator/cluster-role-binding.yaml @@ -0,0 +1,26 @@ +{{ if .Values.rbac.enabled -}} +{{ if not (eq .Values.operator.scope "namespaced") -}} +{{ if .Values.operator.features.deployment -}} + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "kube-arangodb.rbac-cluster" . }}-deployment + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "kube-arangodb.rbac-cluster" . }}-deployment +subjects: + - kind: ServiceAccount + name: {{ template "kube-arangodb.operatorName" . }} + namespace: {{ .Release.Namespace }} + +{{- end }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/chart/kube-arangodb-arm64/templates/deployment-operator/cluster-role.yaml b/chart/kube-arangodb-arm64/templates/deployment-operator/cluster-role.yaml new file mode 100644 index 000000000..1e9222396 --- /dev/null +++ b/chart/kube-arangodb-arm64/templates/deployment-operator/cluster-role.yaml @@ -0,0 +1,25 @@ +{{ if .Values.rbac.enabled -}} +{{ if not (eq .Values.operator.scope "namespaced") -}} +{{ if .Values.operator.features.deployment -}} + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "kube-arangodb.rbac-cluster" . }}-deployment + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} +rules: + - apiGroups: ["apiextensions.k8s.io"] + resources: ["customresourcedefinitions"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["namespaces", "nodes", "persistentvolumes"] + verbs: ["get", "list"] + +{{- end }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/chart/kube-arangodb-arm64/templates/deployment-operator/default-role-binding.yaml b/chart/kube-arangodb-arm64/templates/deployment-operator/default-role-binding.yaml new file mode 100644 index 000000000..606474ee4 --- /dev/null +++ b/chart/kube-arangodb-arm64/templates/deployment-operator/default-role-binding.yaml @@ -0,0 +1,26 @@ +{{ if .Values.rbac.enabled -}} +{{ if .Values.operator.features.deployment -}} + +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ template "kube-arangodb.rbac" . }}-default + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ template "kube-arangodb.rbac" . }}-default +subjects: + - kind: ServiceAccount + name: default + namespace: {{ .Release.Namespace }} + + +{{- end }} +{{- end }} \ No newline at end of file diff --git a/chart/kube-arangodb-arm64/templates/deployment-operator/default-role.yaml b/chart/kube-arangodb-arm64/templates/deployment-operator/default-role.yaml new file mode 100644 index 000000000..af530b233 --- /dev/null +++ b/chart/kube-arangodb-arm64/templates/deployment-operator/default-role.yaml @@ -0,0 +1,21 @@ +{{ if .Values.rbac.enabled -}} +{{ if .Values.operator.features.deployment -}} + +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ template "kube-arangodb.rbac" . }}-default + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} +rules: + - apiGroups: [""] + resources: ["pods"] + verbs: ["get"] + +{{- end }} +{{- end }} \ No newline at end of file diff --git a/chart/kube-arangodb-arm64/templates/deployment-operator/role-binding.yaml b/chart/kube-arangodb-arm64/templates/deployment-operator/role-binding.yaml new file mode 100644 index 000000000..d06ec7ec0 --- /dev/null +++ b/chart/kube-arangodb-arm64/templates/deployment-operator/role-binding.yaml @@ -0,0 +1,26 @@ +{{ if .Values.rbac.enabled -}} +{{ if .Values.operator.features.deployment -}} + +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ template "kube-arangodb.rbac" . }}-deployment + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ template "kube-arangodb.rbac" . }}-deployment +subjects: + - kind: ServiceAccount + name: {{ template "kube-arangodb.operatorName" . }} + namespace: {{ .Release.Namespace }} + + +{{- end }} +{{- end }} \ No newline at end of file diff --git a/chart/kube-arangodb-arm64/templates/deployment-operator/role.yaml b/chart/kube-arangodb-arm64/templates/deployment-operator/role.yaml new file mode 100644 index 000000000..ad6fd3796 --- /dev/null +++ b/chart/kube-arangodb-arm64/templates/deployment-operator/role.yaml @@ -0,0 +1,58 @@ +{{ if .Values.rbac.enabled -}} +{{ if .Values.operator.features.deployment -}} + +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ template "kube-arangodb.rbac" . }}-deployment + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} +rules: + - apiGroups: ["database.arangodb.com"] + resources: ["arangodeployments", "arangodeployments/status","arangomembers", "arangomembers/status"] + verbs: ["*"] +{{- if .Values.rbac.extensions.acs }} + - apiGroups: ["database.arangodb.com"] + resources: ["arangoclustersynchronizations", "arangoclustersynchronizations/status"] + verbs: ["*"] +{{- end }} +{{- if .Values.rbac.extensions.at }} + - apiGroups: ["database.arangodb.com"] + resources: ["arangotasks", "arangotasks/status"] + verbs: ["*"] +{{- end }} + - apiGroups: [""] + resources: ["pods", "services", "endpoints", "persistentvolumeclaims", "events", "secrets", "serviceaccounts", "configmaps"] + verbs: ["*"] + - apiGroups: ["apps"] + resources: ["deployments", "replicasets"] + verbs: ["get"] + - apiGroups: ["policy"] + resources: ["poddisruptionbudgets"] + verbs: ["*"] + - apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + verbs: ["*"] + - apiGroups: ["backup.arangodb.com"] + resources: ["arangobackuppolicies", "arangobackups"] + verbs: ["get", "list", "watch"] +{{- if .Values.rbac.extensions.debug }} + - apiGroups: ["events.k8s.io"] + resources: ["pods/log"] + verbs: ["list"] + - apiGroups: [""] + resources: ["pods/log"] + verbs: ["get", "list"] +{{- end }} +{{- if .Values.rbac.extensions.monitoring }} + - apiGroups: ["monitoring.coreos.com"] + resources: ["servicemonitors"] + verbs: ["get", "create", "delete", "update", "list", "watch", "patch"] +{{- end }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/chart/kube-arangodb-arm64/templates/deployment-replications-operator/cluster-role-binding.yaml b/chart/kube-arangodb-arm64/templates/deployment-replications-operator/cluster-role-binding.yaml new file mode 100644 index 000000000..e526e91f3 --- /dev/null +++ b/chart/kube-arangodb-arm64/templates/deployment-replications-operator/cluster-role-binding.yaml @@ -0,0 +1,26 @@ +{{ if .Values.rbac.enabled -}} +{{ if not (eq .Values.operator.scope "namespaced") -}} +{{ if .Values.operator.features.deploymentReplications -}} + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "kube-arangodb.rbac-cluster" . }}-deployment-replication + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "kube-arangodb.rbac-cluster" . }}-deployment-replication +subjects: + - kind: ServiceAccount + name: {{ template "kube-arangodb.operatorName" . }} + namespace: {{ .Release.Namespace }} + +{{- end }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/chart/kube-arangodb-arm64/templates/deployment-replications-operator/cluster-role.yaml b/chart/kube-arangodb-arm64/templates/deployment-replications-operator/cluster-role.yaml new file mode 100644 index 000000000..cd4f9eb67 --- /dev/null +++ b/chart/kube-arangodb-arm64/templates/deployment-replications-operator/cluster-role.yaml @@ -0,0 +1,25 @@ +{{ if .Values.rbac.enabled -}} +{{ if not (eq .Values.operator.scope "namespaced") -}} +{{ if .Values.operator.features.deploymentReplications -}} + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "kube-arangodb.rbac-cluster" . }}-deployment-replication + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} +rules: + - apiGroups: ["apiextensions.k8s.io"] + resources: ["customresourcedefinitions"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["namespaces", "nodes"] + verbs: ["get", "list"] + +{{- end }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/chart/kube-arangodb-arm64/templates/deployment-replications-operator/role-binding.yaml b/chart/kube-arangodb-arm64/templates/deployment-replications-operator/role-binding.yaml new file mode 100644 index 000000000..f908090c9 --- /dev/null +++ b/chart/kube-arangodb-arm64/templates/deployment-replications-operator/role-binding.yaml @@ -0,0 +1,26 @@ +{{ if .Values.rbac.enabled -}} +{{ if .Values.operator.features.deploymentReplications -}} + +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ template "kube-arangodb.rbac" . }}-deployment-replication + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ template "kube-arangodb.rbac" . }}-deployment-replication +subjects: + - kind: ServiceAccount + name: {{ template "kube-arangodb.operatorName" . }} + namespace: {{ .Release.Namespace }} + + +{{- end }} +{{- end }} \ No newline at end of file diff --git a/chart/kube-arangodb-arm64/templates/deployment-replications-operator/role.yaml b/chart/kube-arangodb-arm64/templates/deployment-replications-operator/role.yaml new file mode 100644 index 000000000..c8cf8f993 --- /dev/null +++ b/chart/kube-arangodb-arm64/templates/deployment-replications-operator/role.yaml @@ -0,0 +1,30 @@ +{{ if .Values.rbac.enabled -}} +{{ if .Values.operator.features.deploymentReplications -}} + +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ template "kube-arangodb.rbac" . }}-deployment-replication + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} +rules: + - apiGroups: ["replication.database.arangodb.com"] + resources: ["arangodeploymentreplications", "arangodeploymentreplications/status"] + verbs: ["*"] + - apiGroups: ["database.arangodb.com"] + resources: ["arangodeployments"] + verbs: ["get"] + - apiGroups: [""] + resources: ["pods", "services", "endpoints", "persistentvolumeclaims", "events", "secrets"] + verbs: ["*"] + - apiGroups: ["apps"] + resources: ["deployments", "replicasets"] + verbs: ["get"] + +{{- end }} +{{- end }} \ No newline at end of file diff --git a/chart/kube-arangodb-arm64/templates/deployment.yaml b/chart/kube-arangodb-arm64/templates/deployment.yaml new file mode 100644 index 000000000..51b35d9a7 --- /dev/null +++ b/chart/kube-arangodb-arm64/templates/deployment.yaml @@ -0,0 +1,193 @@ +{{ if eq .Values.operator.scope "legacy" -}} +# Scope "legacy" selected +{{ else if eq .Values.operator.scope "namespaced" -}} +# Scope "namespaced" selected +{{ if .Values.operator.features.storage -}} +{{ fail (printf "Storage Operator not supported in %s scope!" .Values.operator.scope) -}} +{{ end -}} +{{ else -}} +{{ fail (printf "Operator Scope %s is not supported!" .Values.operator.scope) -}} +{{ end -}} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "kube-arangodb.operatorName" . }} + namespace: {{ .Release.Namespace }} +{{- if .Values.operator.annotations }} + annotations: +{{ toYaml .Values.operator.annotations | indent 8 }} +{{- end }} + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} +spec: +{{- if .Values.operator.debug }} + replicas: 1 +{{- else }} + replicas: {{ .Values.operator.replicaCount }} +{{- end }} + strategy: +{{ toYaml .Values.operator.updateStrategy | indent 8 }} + selector: + matchLabels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} + template: + metadata: + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} +{{- if .Values.operator.annotations }} + annotations: +{{ toYaml .Values.operator.annotations | indent 16 }} +{{- end }} + spec: +{{- if .Values.operator.nodeSelector }} + nodeSelector: +{{ toYaml .Values.operator.nodeSelector | indent 16 }} +{{- end }} + serviceAccountName: {{ template "kube-arangodb.operatorName" . }} + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: kubernetes.io/arch + operator: In + values: +{{- range .Values.operator.architectures }} + - {{ . | quote }} +{{- end }} + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + podAffinityTerm: + topologyKey: "kubernetes.io/hostname" + labelSelector: + matchExpressions: + - key: app.kubernetes.io/name + operator: In + values: + - {{ template "kube-arangodb.name" . }} + - key: app.kubernetes.io/instance + operator: In + values: + - {{ .Release.Name }} + hostNetwork: false + hostPID: false + hostIPC: false + securityContext: + runAsNonRoot: true + runAsUser: {{ .Values.operator.securityContext.runAsUser }} + containers: + - name: operator + imagePullPolicy: {{ .Values.operator.imagePullPolicy }} + image: {{ .Values.operator.image }} + args: + - --scope={{ .Values.operator.scope }} +{{- if .Values.operator.features.deployment }} + - --operator.deployment +{{- end -}} +{{ if .Values.operator.features.deploymentReplications }} + - --operator.deployment-replication +{{- end -}} +{{ if .Values.operator.features.storage }} + - --operator.storage +{{- end }} +{{ if .Values.operator.features.backup }} + - --operator.backup +{{- end }} +{{- if or .Values.operator.debug (eq ( int .Values.operator.replicaCount) 1) }} + - --mode.single +{{- end }} +{{ if .Values.operator.features.apps }} + - --operator.apps +{{- end }} +{{ if .Values.operator.features.ml }} + - --operator.ml +{{- end }} +{{ if .Values.operator.features.analytics }} + - --operator.analytics +{{- end }} +{{ if .Values.operator.features.k8sToK8sClusterSync }} + - --operator.k2k-cluster-sync +{{- end }} + - --chaos.allowed={{ .Values.operator.allowChaos }} +{{- if .Values.operator.args }} +{{- range .Values.operator.args }} + - {{ . | quote }} +{{- end }} +{{- end }} + env: + - name: MY_POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: MY_POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: MY_CONTAINER_NAME + value: "operator" + - name: MY_POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP +{{- if .Values.operator.features.apps }} + - name: ARANGOJOB_SA_NAME + value: "{{ template "kube-arangodb.operatorName" . }}-job" +{{- end }} + ports: + - name: metrics + containerPort: 8528 + securityContext: + privileged: false + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + capabilities: + drop: + - 'ALL' +{{- if .Values.operator.debug }} + add: + - 'SYS_PTRACE' +{{- end }} +{{- if .Values.operator.resources }} + resources: +{{ toYaml .Values.operator.resources | indent 22 }} +{{- end }} +{{- if not .Values.operator.debug }} + livenessProbe: + httpGet: + path: /health + port: 8528 + scheme: HTTPS + initialDelaySeconds: 5 + periodSeconds: 10 + readinessProbe: + httpGet: + path: /ready + port: 8528 + scheme: HTTPS + initialDelaySeconds: 5 + periodSeconds: 10 +{{- end }} + tolerations: + - key: "node.kubernetes.io/unreachable" + operator: "Exists" + effect: "NoExecute" + tolerationSeconds: 5 + - key: "node.kubernetes.io/not-ready" + operator: "Exists" + effect: "NoExecute" + tolerationSeconds: 5 +{{- if .Values.operator.tolerations }} +{{ toYaml .Values.operator.tolerations | indent 16 }} +{{- end }} diff --git a/chart/kube-arangodb-arm64/templates/k2k-cluster-sync-operator/cluster-role-binding.yaml b/chart/kube-arangodb-arm64/templates/k2k-cluster-sync-operator/cluster-role-binding.yaml new file mode 100644 index 000000000..c8cef6a03 --- /dev/null +++ b/chart/kube-arangodb-arm64/templates/k2k-cluster-sync-operator/cluster-role-binding.yaml @@ -0,0 +1,26 @@ +{{ if .Values.rbac.enabled -}} +{{ if not (eq .Values.operator.scope "namespaced") -}} +{{ if .Values.operator.features.k8sToK8sClusterSync -}} + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "kube-arangodb.rbac-cluster" . }}-k2kclustersync + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "kube-arangodb.rbac-cluster" . }}-k2kclustersync +subjects: + - kind: ServiceAccount + name: {{ template "kube-arangodb.operatorName" . }} + namespace: {{ .Release.Namespace }} + +{{- end }} +{{- end }} +{{- end }} diff --git a/chart/kube-arangodb-arm64/templates/k2k-cluster-sync-operator/cluster-role.yaml b/chart/kube-arangodb-arm64/templates/k2k-cluster-sync-operator/cluster-role.yaml new file mode 100644 index 000000000..17f1a73f3 --- /dev/null +++ b/chart/kube-arangodb-arm64/templates/k2k-cluster-sync-operator/cluster-role.yaml @@ -0,0 +1,22 @@ +{{ if .Values.rbac.enabled -}} +{{ if not (eq .Values.operator.scope "namespaced") -}} +{{ if .Values.operator.features.k8sToK8sClusterSync -}} + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "kube-arangodb.rbac-cluster" . }}-k2kclustersync + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} +rules: + - apiGroups: ["apiextensions.k8s.io"] + resources: ["customresourcedefinitions"] + verbs: ["get", "list", "watch"] + +{{- end }} +{{- end }} +{{- end }} diff --git a/chart/kube-arangodb-arm64/templates/k2k-cluster-sync-operator/role-binding.yaml b/chart/kube-arangodb-arm64/templates/k2k-cluster-sync-operator/role-binding.yaml new file mode 100644 index 000000000..c4399917d --- /dev/null +++ b/chart/kube-arangodb-arm64/templates/k2k-cluster-sync-operator/role-binding.yaml @@ -0,0 +1,25 @@ +{{ if .Values.rbac.enabled -}} +{{ if .Values.operator.features.k8sToK8sClusterSync -}} + +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ template "kube-arangodb.rbac" . }}-k2kclustersync + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ template "kube-arangodb.rbac" . }}-k2kclustersync +subjects: + - kind: ServiceAccount + name: {{ template "kube-arangodb.operatorName" . }} + namespace: {{ .Release.Namespace }} + +{{- end }} +{{- end }} diff --git a/chart/kube-arangodb-arm64/templates/k2k-cluster-sync-operator/role.yaml b/chart/kube-arangodb-arm64/templates/k2k-cluster-sync-operator/role.yaml new file mode 100644 index 000000000..d308f9111 --- /dev/null +++ b/chart/kube-arangodb-arm64/templates/k2k-cluster-sync-operator/role.yaml @@ -0,0 +1,33 @@ +{{ if .Values.rbac.enabled -}} +{{ if .Values.operator.features.k8sToK8sClusterSync -}} + +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ template "kube-arangodb.rbac" . }}-k2kclustersync + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} +rules: + - apiGroups: [""] + resources: ["pods", "services", "endpoints"] + verbs: ["get", "update"] + - apiGroups: [""] + resources: ["events"] + verbs: ["*"] + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get"] + - apiGroups: ["apps"] + resources: ["deployments", "replicasets"] + verbs: ["get"] + - apiGroups: ["database.arangodb.com"] + resources: ["arangodeployments", "arangoclustersynchronizations"] + verbs: ["get", "list", "watch"] + +{{- end }} +{{- end }} diff --git a/chart/kube-arangodb-arm64/templates/ml-operator/cluster-role-binding.yaml b/chart/kube-arangodb-arm64/templates/ml-operator/cluster-role-binding.yaml new file mode 100644 index 000000000..85d3cdc05 --- /dev/null +++ b/chart/kube-arangodb-arm64/templates/ml-operator/cluster-role-binding.yaml @@ -0,0 +1,26 @@ +{{ if .Values.rbac.enabled -}} +{{ if not (eq .Values.operator.scope "namespaced") -}} +{{ if .Values.operator.features.ml -}} + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "kube-arangodb.rbac-cluster" . }}-ml + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "kube-arangodb.rbac-cluster" . }}-ml +subjects: + - kind: ServiceAccount + name: {{ template "kube-arangodb.operatorName" . }} + namespace: {{ .Release.Namespace }} + +{{- end }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/chart/kube-arangodb-arm64/templates/ml-operator/cluster-role.yaml b/chart/kube-arangodb-arm64/templates/ml-operator/cluster-role.yaml new file mode 100644 index 000000000..4e6a92385 --- /dev/null +++ b/chart/kube-arangodb-arm64/templates/ml-operator/cluster-role.yaml @@ -0,0 +1,22 @@ +{{ if .Values.rbac.enabled -}} +{{ if not (eq .Values.operator.scope "namespaced") -}} +{{ if .Values.operator.features.ml -}} + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "kube-arangodb.rbac-cluster" . }}-ml + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} +rules: + - apiGroups: ["apiextensions.k8s.io"] + resources: ["customresourcedefinitions"] + verbs: ["get", "list", "watch"] + +{{- end }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/chart/kube-arangodb-arm64/templates/ml-operator/role-binding.yaml b/chart/kube-arangodb-arm64/templates/ml-operator/role-binding.yaml new file mode 100644 index 000000000..a7a666189 --- /dev/null +++ b/chart/kube-arangodb-arm64/templates/ml-operator/role-binding.yaml @@ -0,0 +1,25 @@ +{{ if .Values.rbac.enabled -}} +{{ if .Values.operator.features.ml -}} + +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ template "kube-arangodb.rbac" . }}-ml + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ template "kube-arangodb.rbac" . }}-ml +subjects: + - kind: ServiceAccount + name: {{ template "kube-arangodb.operatorName" . }} + namespace: {{ .Release.Namespace }} + +{{- end }} +{{- end }} \ No newline at end of file diff --git a/chart/kube-arangodb-arm64/templates/ml-operator/role.yaml b/chart/kube-arangodb-arm64/templates/ml-operator/role.yaml new file mode 100644 index 000000000..bc628afa4 --- /dev/null +++ b/chart/kube-arangodb-arm64/templates/ml-operator/role.yaml @@ -0,0 +1,68 @@ +{{ if .Values.rbac.enabled -}} +{{ if .Values.operator.features.ml -}} + +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ template "kube-arangodb.rbac" . }}-ml + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} +rules: + - apiGroups: + - "ml.arangodb.com" + resources: + - "arangomlextensions" + - "arangomlextensions/status" + - "arangomlbatchjobs" + - "arangomlbatchjobs/status" + - "arangomlcronjobs" + - "arangomlcronjobs/status" + - "arangomlstorages" + - "arangomlstorages/status" + verbs: + - "*" + - apiGroups: + - "scheduler.arangodb.com" + resources: + - "arangoprofiles" + - "arangoprofiles/status" + verbs: + - "*" + - apiGroups: + - "database.arangodb.com" + resources: + - "arangodeployments" + verbs: + - "get" + - "list" + - "watch" + - apiGroups: + - "rbac.authorization.k8s.io" + resources: + - "roles" + - "rolebindings" + verbs: ["*"] + - apiGroups: + - "batch" + resources: + - "cronjobs" + - "jobs" + verbs: ["*"] + - apiGroups: ["apps"] + resources: + - "statefulsets" + verbs: ["*"] + - apiGroups: [""] + resources: + - "pods" + - "secrets" + - "services" + - "serviceaccounts" + verbs: ["*"] +{{- end }} +{{- end }} \ No newline at end of file diff --git a/chart/kube-arangodb-arm64/templates/service-account.yaml b/chart/kube-arangodb-arm64/templates/service-account.yaml new file mode 100644 index 000000000..3c102d1a7 --- /dev/null +++ b/chart/kube-arangodb-arm64/templates/service-account.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "kube-arangodb.operatorName" . }} + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} +{{- if .Values.operator.imagePullSecrets }} +imagePullSecrets: +{{- range .Values.operator.imagePullSecrets }} + - name: {{ . }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/chart/kube-arangodb-arm64/templates/service.yaml b/chart/kube-arangodb-arm64/templates/service.yaml new file mode 100644 index 000000000..2005e2f07 --- /dev/null +++ b/chart/kube-arangodb-arm64/templates/service.yaml @@ -0,0 +1,36 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ template "kube-arangodb.operatorName" . }} + namespace: {{ .Release.Namespace }} +{{- if .Values.operator.annotations }} + annotations: +{{ toYaml .Values.operator.annotations | indent 8 }} +{{- end }} + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} +spec: + ports: + - name: server + port: 8528 + protocol: TCP + targetPort: 8528 + - name: http-api + port: 8628 + protocol: TCP + targetPort: 8628 + - name: grpc-api + port: 8728 + protocol: TCP + targetPort: 8728 + selector: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} + role: leader + type: {{ .Values.operator.service.type }} \ No newline at end of file diff --git a/chart/kube-arangodb-arm64/templates/storage-operator/cluster-role-binding.yaml b/chart/kube-arangodb-arm64/templates/storage-operator/cluster-role-binding.yaml new file mode 100644 index 000000000..cfaaff455 --- /dev/null +++ b/chart/kube-arangodb-arm64/templates/storage-operator/cluster-role-binding.yaml @@ -0,0 +1,24 @@ +{{ if .Values.rbac.enabled -}} +{{ if .Values.operator.features.storage -}} + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "kube-arangodb.rbac-cluster" . }}-storage + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "kube-arangodb.rbac-cluster" . }}-storage +subjects: + - kind: ServiceAccount + name: {{ template "kube-arangodb.operatorName" . }} + namespace: {{ .Release.Namespace }} + +{{- end }} +{{- end }} \ No newline at end of file diff --git a/chart/kube-arangodb-arm64/templates/storage-operator/cluster-role.yaml b/chart/kube-arangodb-arm64/templates/storage-operator/cluster-role.yaml new file mode 100644 index 000000000..8109978b3 --- /dev/null +++ b/chart/kube-arangodb-arm64/templates/storage-operator/cluster-role.yaml @@ -0,0 +1,32 @@ +{{ if .Values.rbac.enabled -}} +{{ if .Values.operator.features.storage -}} + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "kube-arangodb.rbac-cluster" . }}-storage + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} +rules: + - apiGroups: [""] + resources: ["persistentvolumes", "persistentvolumeclaims", "endpoints", "events", "services"] + verbs: ["*"] + - apiGroups: ["apiextensions.k8s.io"] + resources: ["customresourcedefinitions"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["namespaces", "nodes"] + verbs: ["get", "list", "watch"] + - apiGroups: ["storage.k8s.io"] + resources: ["storageclasses"] + verbs: ["*"] + - apiGroups: ["storage.arangodb.com"] + resources: ["arangolocalstorages"] + verbs: ["*"] + +{{- end }} +{{- end }} \ No newline at end of file diff --git a/chart/kube-arangodb-arm64/templates/storage-operator/crd.yaml b/chart/kube-arangodb-arm64/templates/storage-operator/crd.yaml new file mode 100644 index 000000000..487dec10f --- /dev/null +++ b/chart/kube-arangodb-arm64/templates/storage-operator/crd.yaml @@ -0,0 +1,32 @@ +{{ if .Values.operator.features.storage -}} + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: arangolocalstorages.storage.arangodb.com + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} +spec: + group: storage.arangodb.com + names: + kind: ArangoLocalStorage + listKind: ArangoLocalStorageList + plural: arangolocalstorages + shortNames: + - arangostorage + singular: arangolocalstorage + scope: Cluster + versions: + - name: v1alpha + served: true + storage: true + schema: + openAPIV3Schema: + type: object + x-kubernetes-preserve-unknown-fields: true + +{{- end }} \ No newline at end of file diff --git a/chart/kube-arangodb-arm64/templates/storage-operator/role-binding.yaml b/chart/kube-arangodb-arm64/templates/storage-operator/role-binding.yaml new file mode 100644 index 000000000..5e120f06b --- /dev/null +++ b/chart/kube-arangodb-arm64/templates/storage-operator/role-binding.yaml @@ -0,0 +1,26 @@ +{{ if .Values.rbac.enabled -}} +{{ if .Values.operator.features.storage -}} + +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ template "kube-arangodb.rbac" . }}-storage + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ template "kube-arangodb.rbac" . }}-storage +subjects: + - kind: ServiceAccount + name: {{ template "kube-arangodb.operatorName" . }} + namespace: {{ .Release.Namespace }} + + +{{- end }} +{{- end }} \ No newline at end of file diff --git a/chart/kube-arangodb-arm64/templates/storage-operator/role.yaml b/chart/kube-arangodb-arm64/templates/storage-operator/role.yaml new file mode 100644 index 000000000..47553bb0a --- /dev/null +++ b/chart/kube-arangodb-arm64/templates/storage-operator/role.yaml @@ -0,0 +1,30 @@ +{{ if .Values.rbac.enabled -}} +{{ if .Values.operator.features.storage -}} + +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ template "kube-arangodb.rbac" . }}-storage + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} +rules: + - apiGroups: [""] + resources: ["pods"] + verbs: ["get", "update", "watch", "list"] + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get"] + - apiGroups: ["apps"] + resources: ["daemonsets"] + verbs: ["*"] + - apiGroups: ["apps"] + resources: ["deployments", "replicasets"] + verbs: ["get"] + +{{- end }} +{{- end }} \ No newline at end of file diff --git a/chart/kube-arangodb-arm64/values.yaml b/chart/kube-arangodb-arm64/values.yaml new file mode 100644 index 000000000..b7990c693 --- /dev/null +++ b/chart/kube-arangodb-arm64/values.yaml @@ -0,0 +1,44 @@ +operator: + image: arangodb/kube-arangodb:1.2.41 + imagePullPolicy: IfNotPresent + imagePullSecrets: [] + scope: legacy + architectures: + - arm64 + debug: false + args: [] + service: + type: ClusterIP + annotations: {} + resources: + limits: + cpu: 1 + memory: 512Mi + requests: + cpu: 250m + memory: 256Mi + securityContext: + runAsUser: 1000 + replicaCount: 1 + updateStrategy: + type: Recreate + allowChaos: false + nodeSelector: {} + enableCRDManagement: true + features: + deployment: true + deploymentReplications: true + storage: false + backup: false + apps: false + k8sToK8sClusterSync: false + ml: false + analytics: false + tolerations: [] +rbac: + enabled: true + extensions: + monitoring: true + acs: true + at: true + debug: false diff --git a/chart/kube-arangodb-enterprise-arm64/Chart.yaml b/chart/kube-arangodb-enterprise-arm64/Chart.yaml new file mode 100644 index 000000000..5332cab59 --- /dev/null +++ b/chart/kube-arangodb-enterprise-arm64/Chart.yaml @@ -0,0 +1,5 @@ +# do not switch to V2 yet - we still need to support Helm 2 +apiVersion: v1 +name: kube-arangodb-enterprise-arm64 +version: 1.2.41 +description: "ArangoDB Kubernetes Enterprise Operator with ARM64 defaults" diff --git a/chart/kube-arangodb-enterprise-arm64/LICENSE b/chart/kube-arangodb-enterprise-arm64/LICENSE new file mode 100644 index 000000000..79013b689 --- /dev/null +++ b/chart/kube-arangodb-enterprise-arm64/LICENSE @@ -0,0 +1,15 @@ +Copyright 2016-2022 ArangoDB GmbH, Cologne, Germany + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + +http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. + +Copyright holder is ArangoDB GmbH, Cologne, Germany \ No newline at end of file diff --git a/chart/kube-arangodb-enterprise-arm64/README.md b/chart/kube-arangodb-enterprise-arm64/README.md new file mode 100644 index 000000000..a912db933 --- /dev/null +++ b/chart/kube-arangodb-enterprise-arm64/README.md @@ -0,0 +1,206 @@ +# Introduction + +Kubernetes ArangoDB Operator. + +# Chart Details + +Chart will install fully operational ArangoDB Kubernetes Operator. + +# Resources Required + +In default installation deployment with 1 pod will be created. The operator pod require 256MB of ram and 250m of CPU. + +# Installing the Chart + +Chart can be installed in two methods: +- With all Operators in single Helm Release +- One Helm Release per Operator + +Possible Operators: +- `ArangoDeployment` - enabled by default +- `ArangoDeploymentReplications` - enabled by default +- `ArangoLocalStorage` - disabled by default +- `ArangoBackup` - disabled by default +- `ArangoJob` - disabled by default +- `ArangoClusterSynchronization` - disabled by default + +To install Operators in mode "One per Helm Release" we can use: + +``` +helm install --name arango-deployment kube-arangodb.tar.gz \ + --set operator.features.deployment=true \ + --set operator.features.deploymentReplications=false \ + --set operator.features.storage=false \ + --set operator.features.backup=false \ + --set operator.features.apps=false \ + --set operator.features.k8sToK8sClusterSync=false +``` + + +# Configuration + +### `operator.image` + +Image used for the ArangoDB Operator. + +Default: `arangodb/kube-arangodb:latest` + +### `operator.imagePullPolicy` + +Image pull policy for Operator images. + +Default: `IfNotPresent` + +### `operator.imagePullSecrets` + +List of the Image Pull Secrets for Operator images. + +Default: `[]string` + +### `operator.scope` + +Scope on which Operator will be configured. + +Default: `legacy` + +Supported modes: +- `legacy` - mode with limited cluster scope access +- `namespaced` - mode with namespace access only + +### `operator.service.type` + +Type of the Operator service. + +Default: `ClusterIP` + +### `operator.annotations` + +Annotations passed to the Operator Deployment definition. + +Default: `[]string` + +### `operator.resources.limits.cpu` + +CPU limits for operator pods. + +Default: `1` + +### `operator.resources.limits.memory` + +Memory limits for operator pods. + +Default: `256Mi` + +### `operator.resources.requested.cpu` + +Requested CPI by Operator pods. + +Default: `250m` + +### `operator.resources.requested.memory` + +Requested memory for operator pods. + +Default: `256Mi` + +### `operator.nodeSelector` + +NodeSelector for Deployment pods. + +Default: `{}` + +### `operator.tolerations` + +Tolerations for Deployment pods. + +There is built in configuration (can not be changed): +```yaml +tolerations: +- key: "node.kubernetes.io/unreachable" + operator: "Exists" + effect: "NoExecute" + tolerationSeconds: 5 +- key: "node.kubernetes.io/not-ready" + operator: "Exists" + effect: "NoExecute" + tolerationSeconds: 5 +``` + +which can be extended by additional entries e.g.: +```yaml +tolerations: +- key: devops + operator: Exists + effect: NoSchedule +``` +Default (empty): `[]` + +### `operator.securityContext.runAsUser` + +Controls which user ID the containers are run with. + +Default: `1000` + +### `operator.replicaCount` + +Replication count for Operator deployment. + +Default: `1` + +### `operator.updateStrategy` + +Update strategy for operator pod. + +Default: `Recreate` + +### `operator.features.deployment` + +Define if ArangoDeployment Operator should be enabled. + +Default: `true` + +### `operator.features.deploymentReplications` + +Define if ArangoDeploymentReplications Operator should be enabled. + +Default: `true` + +### `operator.features.storage` + +Define if ArangoLocalStorage Operator should be enabled. + +Default: `false` + +### `operator.features.backup` + +Define if ArangoBackup Operator should be enabled. + +Default: `false` + +### `operator.features.apps` + +Define if ArangoJob Operator should be enabled. + +Default: `false` + +### `operator.features.k8sToK8sClusterSync` + +Define if ArangoClusterSynchronization Operator should be enabled. + +Default: `false` + +### `rbac.enabled` + +Define if RBAC should be enabled. + +Default: `true` + +### `operator.architectures` + +List of supported architectures. + +Default: `[]string{"amd64"}` + +# Limitations + +N/A \ No newline at end of file diff --git a/chart/kube-arangodb-enterprise-arm64/crds/analytics-graphanalyticsengine.yaml b/chart/kube-arangodb-enterprise-arm64/crds/analytics-graphanalyticsengine.yaml new file mode 100644 index 000000000..cac5e6f51 --- /dev/null +++ b/chart/kube-arangodb-enterprise-arm64/crds/analytics-graphanalyticsengine.yaml @@ -0,0 +1,22 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: graphanalyticsengines.analytics.arangodb.com +spec: + group: analytics.arangodb.com + names: + kind: GraphAnalyticsEngine + listKind: GraphAnalyticsEngineList + plural: graphanalyticsengines + singular: graphanalyticsengine + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + type: object + x-kubernetes-preserve-unknown-fields: true + served: true + storage: true + subresources: + status: {} diff --git a/chart/kube-arangodb-enterprise-arm64/crds/apps-job.yaml b/chart/kube-arangodb-enterprise-arm64/crds/apps-job.yaml new file mode 100644 index 000000000..9f0800fc2 --- /dev/null +++ b/chart/kube-arangodb-enterprise-arm64/crds/apps-job.yaml @@ -0,0 +1,29 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: arangojobs.apps.arangodb.com +spec: + group: apps.arangodb.com + names: + kind: ArangoJob + listKind: ArangoJobList + plural: arangojobs + singular: arangojob + shortNames: + - arangojob + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + type: object + x-kubernetes-preserve-unknown-fields: true + served: true + storage: true + additionalPrinterColumns: + - jsonPath: .spec.arangoDeploymentName + description: Deployment name + name: ArangoDeploymentName + type: string + subresources: + status: {} diff --git a/chart/kube-arangodb-enterprise-arm64/crds/backups-backup.yaml b/chart/kube-arangodb-enterprise-arm64/crds/backups-backup.yaml new file mode 100644 index 000000000..577574362 --- /dev/null +++ b/chart/kube-arangodb-enterprise-arm64/crds/backups-backup.yaml @@ -0,0 +1,103 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: arangobackups.backup.arangodb.com +spec: + group: backup.arangodb.com + names: + kind: ArangoBackup + listKind: ArangoBackupList + plural: arangobackups + shortNames: + - arangobackup + singular: arangobackup + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + type: object + x-kubernetes-preserve-unknown-fields: true + served: true + storage: true + additionalPrinterColumns: + - jsonPath: .spec.policyName + description: Policy name + name: Policy + type: string + - jsonPath: .spec.deployment.name + description: Deployment name + name: Deployment + type: string + - jsonPath: .status.backup.version + description: Backup Version + name: Version + type: string + - jsonPath: .status.backup.createdAt + description: Backup Creation Timestamp + name: Created + type: string + - jsonPath: .status.backup.sizeInBytes + description: Backup Size in Bytes + name: Size + type: integer + format: byte + - jsonPath: .status.backup.numberOfDBServers + description: Backup Number of the DB Servers + name: DBServers + type: integer + - jsonPath: .status.state + description: The actual state of the ArangoBackup + name: State + type: string + - jsonPath: .status.message + priority: 1 + description: Message of the ArangoBackup object + name: Message + type: string + subresources: + status: {} + - name: v1alpha + schema: + openAPIV3Schema: + type: object + x-kubernetes-preserve-unknown-fields: true + served: true + storage: false + additionalPrinterColumns: + - jsonPath: .spec.policyName + description: Policy name + name: Policy + type: string + - jsonPath: .spec.deployment.name + description: Deployment name + name: Deployment + type: string + - jsonPath: .status.backup.version + description: Backup Version + name: Version + type: string + - jsonPath: .status.backup.createdAt + description: Backup Creation Timestamp + name: Created + type: string + - jsonPath: .status.backup.sizeInBytes + description: Backup Size in Bytes + name: Size + type: integer + format: byte + - jsonPath: .status.backup.numberOfDBServers + description: Backup Number of the DB Servers + name: DBServers + type: integer + - jsonPath: .status.state + description: The actual state of the ArangoBackup + name: State + type: string + - jsonPath: .status.message + priority: 1 + description: Message of the ArangoBackup object + name: Message + type: string + subresources: + status: {} diff --git a/chart/kube-arangodb-enterprise-arm64/crds/backups-backuppolicy.yaml b/chart/kube-arangodb-enterprise-arm64/crds/backups-backuppolicy.yaml new file mode 100644 index 000000000..e0ca6c623 --- /dev/null +++ b/chart/kube-arangodb-enterprise-arm64/crds/backups-backuppolicy.yaml @@ -0,0 +1,62 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: arangobackuppolicies.backup.arangodb.com +spec: + group: backup.arangodb.com + names: + kind: ArangoBackupPolicy + listKind: ArangoBackupPolicyList + plural: arangobackuppolicies + shortNames: + - arangobackuppolicy + - arangobp + singular: arangobackuppolicy + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + type: object + x-kubernetes-preserve-unknown-fields: true + served: true + storage: true + additionalPrinterColumns: + - jsonPath: .spec.schedule + description: Schedule + name: Schedule + type: string + - jsonPath: .status.scheduled + description: Scheduled + name: Scheduled + type: string + - jsonPath: .status.message + priority: 1 + description: Message of the ArangoBackupPolicy object + name: Message + type: string + subresources: + status: {} + - name: v1alpha + schema: + openAPIV3Schema: + type: object + x-kubernetes-preserve-unknown-fields: true + served: true + storage: false + additionalPrinterColumns: + - jsonPath: .spec.schedule + description: Schedule + name: Schedule + type: string + - jsonPath: .status.scheduled + description: Scheduled + name: Scheduled + type: string + - jsonPath: .status.message + priority: 1 + description: Message of the ArangoBackupPolicy object + name: Message + type: string + subresources: + status: {} diff --git a/chart/kube-arangodb-enterprise-arm64/crds/database-clustersynchronization.yaml b/chart/kube-arangodb-enterprise-arm64/crds/database-clustersynchronization.yaml new file mode 100644 index 000000000..e8d799d30 --- /dev/null +++ b/chart/kube-arangodb-enterprise-arm64/crds/database-clustersynchronization.yaml @@ -0,0 +1,33 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: arangoclustersynchronizations.database.arangodb.com +spec: + group: database.arangodb.com + names: + kind: ArangoClusterSynchronization + listKind: ArangoClusterSynchronizationList + plural: arangoclustersynchronizations + singular: arangoclustersynchronization + shortNames: + - arangoclustersync + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + type: object + x-kubernetes-preserve-unknown-fields: true + served: true + storage: true + subresources: + status: {} + - name: v2alpha1 + schema: + openAPIV3Schema: + type: object + x-kubernetes-preserve-unknown-fields: true + served: true + storage: false + subresources: + status: {} diff --git a/chart/kube-arangodb-enterprise-arm64/crds/database-deployment.yaml b/chart/kube-arangodb-enterprise-arm64/crds/database-deployment.yaml new file mode 100644 index 000000000..22f9d1acf --- /dev/null +++ b/chart/kube-arangodb-enterprise-arm64/crds/database-deployment.yaml @@ -0,0 +1,39 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: arangodeployments.database.arangodb.com +spec: + group: database.arangodb.com + names: + kind: ArangoDeployment + listKind: ArangoDeploymentList + plural: arangodeployments + shortNames: + - arangodb + - arango + singular: arangodeployment + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + type: object + x-kubernetes-preserve-unknown-fields: true + served: true + storage: true + - name: v1alpha + schema: + openAPIV3Schema: + type: object + x-kubernetes-preserve-unknown-fields: true + served: true + storage: false + - name: v2alpha1 + schema: + openAPIV3Schema: + type: object + x-kubernetes-preserve-unknown-fields: true + served: true + storage: false + subresources: + status: {} diff --git a/chart/kube-arangodb-enterprise-arm64/crds/database-member.yaml b/chart/kube-arangodb-enterprise-arm64/crds/database-member.yaml new file mode 100644 index 000000000..214f5d207 --- /dev/null +++ b/chart/kube-arangodb-enterprise-arm64/crds/database-member.yaml @@ -0,0 +1,33 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: arangomembers.database.arangodb.com +spec: + group: database.arangodb.com + names: + kind: ArangoMember + listKind: ArangoMemberList + plural: arangomembers + shortNames: + - arangomembers + singular: arangomember + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + type: object + x-kubernetes-preserve-unknown-fields: true + served: true + storage: true + subresources: + status: {} + - name: v2alpha1 + schema: + openAPIV3Schema: + type: object + x-kubernetes-preserve-unknown-fields: true + served: true + storage: false + subresources: + status: {} diff --git a/chart/kube-arangodb-enterprise-arm64/crds/database-task.yaml b/chart/kube-arangodb-enterprise-arm64/crds/database-task.yaml new file mode 100644 index 000000000..85d452000 --- /dev/null +++ b/chart/kube-arangodb-enterprise-arm64/crds/database-task.yaml @@ -0,0 +1,36 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: arangotasks.database.arangodb.com +spec: + group: database.arangodb.com + names: + kind: ArangoTask + listKind: ArangoTaskList + plural: arangotasks + singular: arangotask + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + type: object + x-kubernetes-preserve-unknown-fields: true + served: true + storage: true + - name: v1alpha + schema: + openAPIV3Schema: + type: object + x-kubernetes-preserve-unknown-fields: true + served: true + storage: false + - name: v2alpha1 + schema: + openAPIV3Schema: + type: object + x-kubernetes-preserve-unknown-fields: true + served: true + storage: false + subresources: + status: {} diff --git a/chart/kube-arangodb-enterprise-arm64/crds/ml-extension.yaml b/chart/kube-arangodb-enterprise-arm64/crds/ml-extension.yaml new file mode 100644 index 000000000..1ba50dd8c --- /dev/null +++ b/chart/kube-arangodb-enterprise-arm64/crds/ml-extension.yaml @@ -0,0 +1,31 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: arangomlextensions.ml.arangodb.com +spec: + group: ml.arangodb.com + names: + kind: ArangoMLExtension + listKind: ArangoMLExtensionList + plural: arangomlextensions + singular: arangomlextension + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + type: object + x-kubernetes-preserve-unknown-fields: true + served: true + storage: false + subresources: + status: {} + - name: v1beta1 + schema: + openAPIV3Schema: + type: object + x-kubernetes-preserve-unknown-fields: true + served: true + storage: true + subresources: + status: {} diff --git a/chart/kube-arangodb-enterprise-arm64/crds/ml-job-batch.yaml b/chart/kube-arangodb-enterprise-arm64/crds/ml-job-batch.yaml new file mode 100644 index 000000000..5fbaa6e13 --- /dev/null +++ b/chart/kube-arangodb-enterprise-arm64/crds/ml-job-batch.yaml @@ -0,0 +1,22 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: arangomlbatchjobs.ml.arangodb.com +spec: + group: ml.arangodb.com + names: + kind: ArangoMLBatchJob + listKind: ArangoMLBatchJobList + plural: arangomlbatchjobs + singular: arangomlbatchjob + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + type: object + x-kubernetes-preserve-unknown-fields: true + served: true + storage: true + subresources: + status: {} diff --git a/chart/kube-arangodb-enterprise-arm64/crds/ml-job-cron.yaml b/chart/kube-arangodb-enterprise-arm64/crds/ml-job-cron.yaml new file mode 100644 index 000000000..e6c7c5b2f --- /dev/null +++ b/chart/kube-arangodb-enterprise-arm64/crds/ml-job-cron.yaml @@ -0,0 +1,22 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: arangomlcronjobs.ml.arangodb.com +spec: + group: ml.arangodb.com + names: + kind: ArangoMLCronJob + listKind: ArangoMLCronJobList + plural: arangomlcronjobs + singular: arangomlcronjob + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + type: object + x-kubernetes-preserve-unknown-fields: true + served: true + storage: true + subresources: + status: {} diff --git a/chart/kube-arangodb-enterprise-arm64/crds/ml-storage.yaml b/chart/kube-arangodb-enterprise-arm64/crds/ml-storage.yaml new file mode 100644 index 000000000..01b23a672 --- /dev/null +++ b/chart/kube-arangodb-enterprise-arm64/crds/ml-storage.yaml @@ -0,0 +1,31 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: arangomlstorages.ml.arangodb.com +spec: + group: ml.arangodb.com + names: + kind: ArangoMLStorage + listKind: ArangoMLStorageList + plural: arangomlstorages + singular: arangomlstorage + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + type: object + x-kubernetes-preserve-unknown-fields: true + served: true + storage: false + subresources: + status: {} + - name: v1beta1 + schema: + openAPIV3Schema: + type: object + x-kubernetes-preserve-unknown-fields: true + served: true + storage: true + subresources: + status: {} diff --git a/chart/kube-arangodb-enterprise-arm64/crds/replication-deploymentreplication.yaml b/chart/kube-arangodb-enterprise-arm64/crds/replication-deploymentreplication.yaml new file mode 100644 index 000000000..e3918b355 --- /dev/null +++ b/chart/kube-arangodb-enterprise-arm64/crds/replication-deploymentreplication.yaml @@ -0,0 +1,38 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: arangodeploymentreplications.replication.database.arangodb.com +spec: + group: replication.database.arangodb.com + names: + kind: ArangoDeploymentReplication + listKind: ArangoDeploymentReplicationList + plural: arangodeploymentreplications + shortNames: + - arangorepl + singular: arangodeploymentreplication + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + type: object + x-kubernetes-preserve-unknown-fields: true + served: true + storage: true + - name: v1alpha + schema: + openAPIV3Schema: + type: object + x-kubernetes-preserve-unknown-fields: true + served: true + storage: false + - name: v2alpha1 + schema: + openAPIV3Schema: + type: object + x-kubernetes-preserve-unknown-fields: true + served: true + storage: false + subresources: + status: {} diff --git a/chart/kube-arangodb-enterprise-arm64/crds/scheduler-profile.yaml b/chart/kube-arangodb-enterprise-arm64/crds/scheduler-profile.yaml new file mode 100644 index 000000000..2be38f32a --- /dev/null +++ b/chart/kube-arangodb-enterprise-arm64/crds/scheduler-profile.yaml @@ -0,0 +1,31 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: arangoprofiles.scheduler.arangodb.com +spec: + group: scheduler.arangodb.com + names: + kind: ArangoProfile + listKind: ArangoProfileList + plural: arangoprofiles + singular: arangoprofile + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + type: object + x-kubernetes-preserve-unknown-fields: true + served: true + storage: false + subresources: + status: {} + - name: v1beta1 + schema: + openAPIV3Schema: + type: object + x-kubernetes-preserve-unknown-fields: true + served: true + storage: true + subresources: + status: {} diff --git a/chart/kube-arangodb-enterprise-arm64/templates/NOTES.txt b/chart/kube-arangodb-enterprise-arm64/templates/NOTES.txt new file mode 100644 index 000000000..f45cab92e --- /dev/null +++ b/chart/kube-arangodb-enterprise-arm64/templates/NOTES.txt @@ -0,0 +1,7 @@ +You have installed Kubernetes ArangoDB Operator in version {{ .Chart.Version }} + +To access ArangoDeployments you can use: + +kubectl --namespace "{{ .Release.Namespace }}" get arangodeployments + +More details can be found on https://github.com/arangodb/kube-arangodb/tree/{{ .Chart.Version }}/docs \ No newline at end of file diff --git a/chart/kube-arangodb-enterprise-arm64/templates/_helpers.tpl b/chart/kube-arangodb-enterprise-arm64/templates/_helpers.tpl new file mode 100644 index 000000000..ab2edeb91 --- /dev/null +++ b/chart/kube-arangodb-enterprise-arm64/templates/_helpers.tpl @@ -0,0 +1,47 @@ +{{/* vim: set filetype=mustache: */}} + +{{/* +Expand the name of the chart. +*/}} +{{- define "kube-arangodb.name" -}} +{{- printf "%s" .Chart.Name | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Expand the name of the release. +*/}} +{{- define "kube-arangodb.releaseName" -}} +{{- printf "%s" .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Expand the name of the operator. +*/}} +{{- define "kube-arangodb.operatorName" -}} +{{- printf "arango-%s-operator" .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Combine name of the deployment. +*/}} +{{- define "kube-arangodb.fullName" -}} +{{- printf "%s-%s" .Chart.Name .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create the name of the Operator RBAC role +*/}} +{{- define "kube-arangodb.rbac" -}} +{{- printf "%s-%s" (include "kube-arangodb.operatorName" .) "rbac" | trunc 95 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create the name of the Operator Cluster resources +*/}} +{{- define "kube-arangodb.rbac-cluster" -}} +{{- if eq .Release.Namespace "default" -}} +{{- printf "%s-rbac" (include "kube-arangodb.operatorName" .) | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s-rbac" (include "kube-arangodb.operatorName" .) .Release.Namespace | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} diff --git a/chart/kube-arangodb-enterprise-arm64/templates/analytics-operator/cluster-role-binding.yaml b/chart/kube-arangodb-enterprise-arm64/templates/analytics-operator/cluster-role-binding.yaml new file mode 100644 index 000000000..201c4915b --- /dev/null +++ b/chart/kube-arangodb-enterprise-arm64/templates/analytics-operator/cluster-role-binding.yaml @@ -0,0 +1,26 @@ +{{ if .Values.rbac.enabled -}} +{{ if not (eq .Values.operator.scope "namespaced") -}} +{{ if .Values.operator.features.analytics -}} + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "kube-arangodb.rbac-cluster" . }}-analytics + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "kube-arangodb.rbac-cluster" . }}-analytics +subjects: + - kind: ServiceAccount + name: {{ template "kube-arangodb.operatorName" . }} + namespace: {{ .Release.Namespace }} + +{{- end }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/chart/kube-arangodb-enterprise-arm64/templates/analytics-operator/cluster-role.yaml b/chart/kube-arangodb-enterprise-arm64/templates/analytics-operator/cluster-role.yaml new file mode 100644 index 000000000..76ac5ee99 --- /dev/null +++ b/chart/kube-arangodb-enterprise-arm64/templates/analytics-operator/cluster-role.yaml @@ -0,0 +1,22 @@ +{{ if .Values.rbac.enabled -}} +{{ if not (eq .Values.operator.scope "namespaced") -}} +{{ if .Values.operator.features.analytics -}} + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "kube-arangodb.rbac-cluster" . }}-analytics + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} +rules: + - apiGroups: ["apiextensions.k8s.io"] + resources: ["customresourcedefinitions"] + verbs: ["get", "list", "watch"] + +{{- end }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/chart/kube-arangodb-enterprise-arm64/templates/analytics-operator/role-binding.yaml b/chart/kube-arangodb-enterprise-arm64/templates/analytics-operator/role-binding.yaml new file mode 100644 index 000000000..9fd0877f4 --- /dev/null +++ b/chart/kube-arangodb-enterprise-arm64/templates/analytics-operator/role-binding.yaml @@ -0,0 +1,25 @@ +{{ if .Values.rbac.enabled -}} +{{ if .Values.operator.features.analytics -}} + +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ template "kube-arangodb.rbac" . }}-analytics + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ template "kube-arangodb.rbac" . }}-analytics +subjects: + - kind: ServiceAccount + name: {{ template "kube-arangodb.operatorName" . }} + namespace: {{ .Release.Namespace }} + +{{- end }} +{{- end }} \ No newline at end of file diff --git a/chart/kube-arangodb-enterprise-arm64/templates/analytics-operator/role.yaml b/chart/kube-arangodb-enterprise-arm64/templates/analytics-operator/role.yaml new file mode 100644 index 000000000..84e6cba2f --- /dev/null +++ b/chart/kube-arangodb-enterprise-arm64/templates/analytics-operator/role.yaml @@ -0,0 +1,41 @@ +{{ if .Values.rbac.enabled -}} +{{ if .Values.operator.features.analytics -}} + +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ template "kube-arangodb.rbac" . }}-analytics + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} +rules: + - apiGroups: + - "analytics.arangodb.com" + resources: + - "graphanalyticsengines" + - "graphanalyticsengines/status" + verbs: + - "*" + - apiGroups: + - "database.arangodb.com" + resources: + - "arangodeployments" + verbs: + - "get" + - "list" + - "watch" + - apiGroups: ["apps"] + resources: + - "statefulsets" + verbs: ["*"] + - apiGroups: [ "" ] + resources: + - "secrets" + - "services" + verbs: [ "*" ] +{{- end }} +{{- end }} \ No newline at end of file diff --git a/chart/kube-arangodb-enterprise-arm64/templates/apps-operator/cluster-role-binding.yaml b/chart/kube-arangodb-enterprise-arm64/templates/apps-operator/cluster-role-binding.yaml new file mode 100644 index 000000000..785c6e886 --- /dev/null +++ b/chart/kube-arangodb-enterprise-arm64/templates/apps-operator/cluster-role-binding.yaml @@ -0,0 +1,26 @@ +{{ if .Values.rbac.enabled -}} +{{ if not (eq .Values.operator.scope "namespaced") -}} +{{ if .Values.operator.features.apps -}} + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "kube-arangodb.rbac-cluster" . }}-apps + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "kube-arangodb.rbac-cluster" . }}-apps +subjects: + - kind: ServiceAccount + name: {{ template "kube-arangodb.operatorName" . }} + namespace: {{ .Release.Namespace }} + +{{- end }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/chart/kube-arangodb-enterprise-arm64/templates/apps-operator/cluster-role.yaml b/chart/kube-arangodb-enterprise-arm64/templates/apps-operator/cluster-role.yaml new file mode 100644 index 000000000..4789de945 --- /dev/null +++ b/chart/kube-arangodb-enterprise-arm64/templates/apps-operator/cluster-role.yaml @@ -0,0 +1,22 @@ +{{ if .Values.rbac.enabled -}} +{{ if not (eq .Values.operator.scope "namespaced") -}} +{{ if .Values.operator.features.apps -}} + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "kube-arangodb.rbac-cluster" . }}-apps + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} +rules: + - apiGroups: ["apiextensions.k8s.io"] + resources: ["customresourcedefinitions"] + verbs: ["get", "list", "watch"] + +{{- end }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/chart/kube-arangodb-enterprise-arm64/templates/apps-operator/role-binding.yaml b/chart/kube-arangodb-enterprise-arm64/templates/apps-operator/role-binding.yaml new file mode 100644 index 000000000..dbd9fc636 --- /dev/null +++ b/chart/kube-arangodb-enterprise-arm64/templates/apps-operator/role-binding.yaml @@ -0,0 +1,47 @@ +{{ if .Values.rbac.enabled -}} +{{ if .Values.operator.features.apps -}} + +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ template "kube-arangodb.rbac" . }}-apps + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ template "kube-arangodb.rbac" . }}-apps +subjects: + - kind: ServiceAccount + name: {{ template "kube-arangodb.operatorName" . }} + namespace: {{ .Release.Namespace }} + +--- + +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ template "kube-arangodb.rbac" . }}-job + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ template "kube-arangodb.rbac" . }}-job +subjects: + - kind: ServiceAccount + name: {{ template "kube-arangodb.operatorName" . }}-job + namespace: {{ .Release.Namespace }} + +{{- end }} +{{- end }} \ No newline at end of file diff --git a/chart/kube-arangodb-enterprise-arm64/templates/apps-operator/role.yaml b/chart/kube-arangodb-enterprise-arm64/templates/apps-operator/role.yaml new file mode 100644 index 000000000..63df49055 --- /dev/null +++ b/chart/kube-arangodb-enterprise-arm64/templates/apps-operator/role.yaml @@ -0,0 +1,54 @@ +{{ if .Values.rbac.enabled -}} +{{ if .Values.operator.features.apps -}} + +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ template "kube-arangodb.rbac" . }}-apps + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} +rules: + - apiGroups: [""] + resources: ["pods", "services", "endpoints"] + verbs: ["get", "update"] + - apiGroups: [""] + resources: ["events"] + verbs: ["*"] + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get"] + - apiGroups: ["apps"] + resources: ["deployments", "replicasets"] + verbs: ["get"] + - apiGroups: ["batch"] + resources: ["jobs"] + verbs: ["*"] + - apiGroups: ["database.arangodb.com"] + resources: ["arangodeployments"] + verbs: ["get", "list", "watch"] + - apiGroups: ["apps.arangodb.com"] + resources: ["arangojobs","arangojobs/status"] + verbs: ["*"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ template "kube-arangodb.rbac" . }}-job + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} +rules: + - apiGroups: ["database.arangodb.com"] + resources: ["arangodeployments"] + verbs: ["get", "list", "watch"] +{{- end }} +{{- end }} \ No newline at end of file diff --git a/chart/kube-arangodb-enterprise-arm64/templates/apps-operator/service-account-job.yaml b/chart/kube-arangodb-enterprise-arm64/templates/apps-operator/service-account-job.yaml new file mode 100644 index 000000000..07ae08095 --- /dev/null +++ b/chart/kube-arangodb-enterprise-arm64/templates/apps-operator/service-account-job.yaml @@ -0,0 +1,19 @@ +{{ if .Values.operator.features.apps -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "kube-arangodb.operatorName" . }}-job + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} +{{- if .Values.operator.imagePullSecrets }} +imagePullSecrets: +{{- range .Values.operator.imagePullSecrets }} + - name: {{ . }} +{{- end }} +{{- end }} +{{- end }} diff --git a/chart/kube-arangodb-enterprise-arm64/templates/backup-operator/cluster-role-binding.yaml b/chart/kube-arangodb-enterprise-arm64/templates/backup-operator/cluster-role-binding.yaml new file mode 100644 index 000000000..4f1c23cff --- /dev/null +++ b/chart/kube-arangodb-enterprise-arm64/templates/backup-operator/cluster-role-binding.yaml @@ -0,0 +1,26 @@ +{{ if .Values.rbac.enabled -}} +{{ if not (eq .Values.operator.scope "namespaced") -}} +{{ if .Values.operator.features.backup -}} + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "kube-arangodb.rbac-cluster" . }}-backup + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "kube-arangodb.rbac-cluster" . }}-backup +subjects: + - kind: ServiceAccount + name: {{ template "kube-arangodb.operatorName" . }} + namespace: {{ .Release.Namespace }} + +{{- end }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/chart/kube-arangodb-enterprise-arm64/templates/backup-operator/cluster-role.yaml b/chart/kube-arangodb-enterprise-arm64/templates/backup-operator/cluster-role.yaml new file mode 100644 index 000000000..a1c011982 --- /dev/null +++ b/chart/kube-arangodb-enterprise-arm64/templates/backup-operator/cluster-role.yaml @@ -0,0 +1,22 @@ +{{ if .Values.rbac.enabled -}} +{{ if not (eq .Values.operator.scope "namespaced") -}} +{{ if .Values.operator.features.backup -}} + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "kube-arangodb.rbac-cluster" . }}-backup + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} +rules: + - apiGroups: ["apiextensions.k8s.io"] + resources: ["customresourcedefinitions"] + verbs: ["get", "list", "watch"] + +{{- end }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/chart/kube-arangodb-enterprise-arm64/templates/backup-operator/role-binding.yaml b/chart/kube-arangodb-enterprise-arm64/templates/backup-operator/role-binding.yaml new file mode 100644 index 000000000..679902669 --- /dev/null +++ b/chart/kube-arangodb-enterprise-arm64/templates/backup-operator/role-binding.yaml @@ -0,0 +1,25 @@ +{{ if .Values.rbac.enabled -}} +{{ if .Values.operator.features.backup -}} + +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ template "kube-arangodb.rbac" . }}-backup + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ template "kube-arangodb.rbac" . }}-backup +subjects: + - kind: ServiceAccount + name: {{ template "kube-arangodb.operatorName" . }} + namespace: {{ .Release.Namespace }} + +{{- end }} +{{- end }} \ No newline at end of file diff --git a/chart/kube-arangodb-enterprise-arm64/templates/backup-operator/role.yaml b/chart/kube-arangodb-enterprise-arm64/templates/backup-operator/role.yaml new file mode 100644 index 000000000..8d4aff472 --- /dev/null +++ b/chart/kube-arangodb-enterprise-arm64/templates/backup-operator/role.yaml @@ -0,0 +1,35 @@ +{{ if .Values.rbac.enabled -}} +{{ if .Values.operator.features.backup -}} + +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ template "kube-arangodb.rbac" . }}-backup + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} +rules: + - apiGroups: [""] + resources: ["pods", "services", "endpoints"] + verbs: ["get", "update"] + - apiGroups: [""] + resources: ["events"] + verbs: ["*"] + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get"] + - apiGroups: ["apps"] + resources: ["deployments", "replicasets"] + verbs: ["get"] + - apiGroups: ["backup.arangodb.com"] + resources: ["arangobackuppolicies", "arangobackuppolicies/status", "arangobackups", "arangobackups/status"] + verbs: ["*"] + - apiGroups: ["database.arangodb.com"] + resources: ["arangodeployments"] + verbs: ["get", "list", "watch"] +{{- end }} +{{- end }} \ No newline at end of file diff --git a/chart/kube-arangodb-enterprise-arm64/templates/crd/cluster-role-binding.yaml b/chart/kube-arangodb-enterprise-arm64/templates/crd/cluster-role-binding.yaml new file mode 100644 index 000000000..a0355a66f --- /dev/null +++ b/chart/kube-arangodb-enterprise-arm64/templates/crd/cluster-role-binding.yaml @@ -0,0 +1,26 @@ +{{ if .Values.rbac.enabled -}} +{{ if not (eq .Values.operator.scope "namespaced") -}} +{{ if .Values.operator.enableCRDManagement -}} + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "kube-arangodb.rbac-cluster" . }}-crd + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "kube-arangodb.rbac-cluster" . }}-crd +subjects: + - kind: ServiceAccount + name: {{ template "kube-arangodb.operatorName" . }} + namespace: {{ .Release.Namespace }} + +{{- end }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/chart/kube-arangodb-enterprise-arm64/templates/crd/cluster-role.yaml b/chart/kube-arangodb-enterprise-arm64/templates/crd/cluster-role.yaml new file mode 100644 index 000000000..894674ced --- /dev/null +++ b/chart/kube-arangodb-enterprise-arm64/templates/crd/cluster-role.yaml @@ -0,0 +1,32 @@ +{{ if .Values.rbac.enabled -}} +{{ if not (eq .Values.operator.scope "namespaced") -}} +{{ if .Values.operator.enableCRDManagement -}} + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "kube-arangodb.rbac-cluster" . }}-crd + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} +rules: + - apiGroups: ["apiextensions.k8s.io"] + resources: ["customresourcedefinitions"] + verbs: ["get", "list", "watch", "update", "delete"] + resourceNames: + - "arangodeployments.database.arangodb.com" + - "arangoclustersynchronizations.database.arangodb.com" + - "arangomembers.database.arangodb.com" + - "arangotasks.database.arangodb.com" + - "arangodeploymentreplications.replication.database.arangodb.com" + - "arangobackups.backup.arangodb.com" + - "arangobackuppolicies.backup.arangodb.com" + - "arangojobs.apps.arangodb.com" + - "arangolocalstorages.storage.arangodb.com" + +{{- end }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/chart/kube-arangodb-enterprise-arm64/templates/deployment-operator/cluster-role-binding.yaml b/chart/kube-arangodb-enterprise-arm64/templates/deployment-operator/cluster-role-binding.yaml new file mode 100644 index 000000000..5e3261c21 --- /dev/null +++ b/chart/kube-arangodb-enterprise-arm64/templates/deployment-operator/cluster-role-binding.yaml @@ -0,0 +1,26 @@ +{{ if .Values.rbac.enabled -}} +{{ if not (eq .Values.operator.scope "namespaced") -}} +{{ if .Values.operator.features.deployment -}} + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "kube-arangodb.rbac-cluster" . }}-deployment + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "kube-arangodb.rbac-cluster" . }}-deployment +subjects: + - kind: ServiceAccount + name: {{ template "kube-arangodb.operatorName" . }} + namespace: {{ .Release.Namespace }} + +{{- end }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/chart/kube-arangodb-enterprise-arm64/templates/deployment-operator/cluster-role.yaml b/chart/kube-arangodb-enterprise-arm64/templates/deployment-operator/cluster-role.yaml new file mode 100644 index 000000000..1e9222396 --- /dev/null +++ b/chart/kube-arangodb-enterprise-arm64/templates/deployment-operator/cluster-role.yaml @@ -0,0 +1,25 @@ +{{ if .Values.rbac.enabled -}} +{{ if not (eq .Values.operator.scope "namespaced") -}} +{{ if .Values.operator.features.deployment -}} + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "kube-arangodb.rbac-cluster" . }}-deployment + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} +rules: + - apiGroups: ["apiextensions.k8s.io"] + resources: ["customresourcedefinitions"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["namespaces", "nodes", "persistentvolumes"] + verbs: ["get", "list"] + +{{- end }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/chart/kube-arangodb-enterprise-arm64/templates/deployment-operator/default-role-binding.yaml b/chart/kube-arangodb-enterprise-arm64/templates/deployment-operator/default-role-binding.yaml new file mode 100644 index 000000000..606474ee4 --- /dev/null +++ b/chart/kube-arangodb-enterprise-arm64/templates/deployment-operator/default-role-binding.yaml @@ -0,0 +1,26 @@ +{{ if .Values.rbac.enabled -}} +{{ if .Values.operator.features.deployment -}} + +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ template "kube-arangodb.rbac" . }}-default + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ template "kube-arangodb.rbac" . }}-default +subjects: + - kind: ServiceAccount + name: default + namespace: {{ .Release.Namespace }} + + +{{- end }} +{{- end }} \ No newline at end of file diff --git a/chart/kube-arangodb-enterprise-arm64/templates/deployment-operator/default-role.yaml b/chart/kube-arangodb-enterprise-arm64/templates/deployment-operator/default-role.yaml new file mode 100644 index 000000000..af530b233 --- /dev/null +++ b/chart/kube-arangodb-enterprise-arm64/templates/deployment-operator/default-role.yaml @@ -0,0 +1,21 @@ +{{ if .Values.rbac.enabled -}} +{{ if .Values.operator.features.deployment -}} + +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ template "kube-arangodb.rbac" . }}-default + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} +rules: + - apiGroups: [""] + resources: ["pods"] + verbs: ["get"] + +{{- end }} +{{- end }} \ No newline at end of file diff --git a/chart/kube-arangodb-enterprise-arm64/templates/deployment-operator/role-binding.yaml b/chart/kube-arangodb-enterprise-arm64/templates/deployment-operator/role-binding.yaml new file mode 100644 index 000000000..d06ec7ec0 --- /dev/null +++ b/chart/kube-arangodb-enterprise-arm64/templates/deployment-operator/role-binding.yaml @@ -0,0 +1,26 @@ +{{ if .Values.rbac.enabled -}} +{{ if .Values.operator.features.deployment -}} + +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ template "kube-arangodb.rbac" . }}-deployment + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ template "kube-arangodb.rbac" . }}-deployment +subjects: + - kind: ServiceAccount + name: {{ template "kube-arangodb.operatorName" . }} + namespace: {{ .Release.Namespace }} + + +{{- end }} +{{- end }} \ No newline at end of file diff --git a/chart/kube-arangodb-enterprise-arm64/templates/deployment-operator/role.yaml b/chart/kube-arangodb-enterprise-arm64/templates/deployment-operator/role.yaml new file mode 100644 index 000000000..ad6fd3796 --- /dev/null +++ b/chart/kube-arangodb-enterprise-arm64/templates/deployment-operator/role.yaml @@ -0,0 +1,58 @@ +{{ if .Values.rbac.enabled -}} +{{ if .Values.operator.features.deployment -}} + +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ template "kube-arangodb.rbac" . }}-deployment + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} +rules: + - apiGroups: ["database.arangodb.com"] + resources: ["arangodeployments", "arangodeployments/status","arangomembers", "arangomembers/status"] + verbs: ["*"] +{{- if .Values.rbac.extensions.acs }} + - apiGroups: ["database.arangodb.com"] + resources: ["arangoclustersynchronizations", "arangoclustersynchronizations/status"] + verbs: ["*"] +{{- end }} +{{- if .Values.rbac.extensions.at }} + - apiGroups: ["database.arangodb.com"] + resources: ["arangotasks", "arangotasks/status"] + verbs: ["*"] +{{- end }} + - apiGroups: [""] + resources: ["pods", "services", "endpoints", "persistentvolumeclaims", "events", "secrets", "serviceaccounts", "configmaps"] + verbs: ["*"] + - apiGroups: ["apps"] + resources: ["deployments", "replicasets"] + verbs: ["get"] + - apiGroups: ["policy"] + resources: ["poddisruptionbudgets"] + verbs: ["*"] + - apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + verbs: ["*"] + - apiGroups: ["backup.arangodb.com"] + resources: ["arangobackuppolicies", "arangobackups"] + verbs: ["get", "list", "watch"] +{{- if .Values.rbac.extensions.debug }} + - apiGroups: ["events.k8s.io"] + resources: ["pods/log"] + verbs: ["list"] + - apiGroups: [""] + resources: ["pods/log"] + verbs: ["get", "list"] +{{- end }} +{{- if .Values.rbac.extensions.monitoring }} + - apiGroups: ["monitoring.coreos.com"] + resources: ["servicemonitors"] + verbs: ["get", "create", "delete", "update", "list", "watch", "patch"] +{{- end }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/chart/kube-arangodb-enterprise-arm64/templates/deployment-replications-operator/cluster-role-binding.yaml b/chart/kube-arangodb-enterprise-arm64/templates/deployment-replications-operator/cluster-role-binding.yaml new file mode 100644 index 000000000..e526e91f3 --- /dev/null +++ b/chart/kube-arangodb-enterprise-arm64/templates/deployment-replications-operator/cluster-role-binding.yaml @@ -0,0 +1,26 @@ +{{ if .Values.rbac.enabled -}} +{{ if not (eq .Values.operator.scope "namespaced") -}} +{{ if .Values.operator.features.deploymentReplications -}} + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "kube-arangodb.rbac-cluster" . }}-deployment-replication + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "kube-arangodb.rbac-cluster" . }}-deployment-replication +subjects: + - kind: ServiceAccount + name: {{ template "kube-arangodb.operatorName" . }} + namespace: {{ .Release.Namespace }} + +{{- end }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/chart/kube-arangodb-enterprise-arm64/templates/deployment-replications-operator/cluster-role.yaml b/chart/kube-arangodb-enterprise-arm64/templates/deployment-replications-operator/cluster-role.yaml new file mode 100644 index 000000000..cd4f9eb67 --- /dev/null +++ b/chart/kube-arangodb-enterprise-arm64/templates/deployment-replications-operator/cluster-role.yaml @@ -0,0 +1,25 @@ +{{ if .Values.rbac.enabled -}} +{{ if not (eq .Values.operator.scope "namespaced") -}} +{{ if .Values.operator.features.deploymentReplications -}} + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "kube-arangodb.rbac-cluster" . }}-deployment-replication + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} +rules: + - apiGroups: ["apiextensions.k8s.io"] + resources: ["customresourcedefinitions"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["namespaces", "nodes"] + verbs: ["get", "list"] + +{{- end }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/chart/kube-arangodb-enterprise-arm64/templates/deployment-replications-operator/role-binding.yaml b/chart/kube-arangodb-enterprise-arm64/templates/deployment-replications-operator/role-binding.yaml new file mode 100644 index 000000000..f908090c9 --- /dev/null +++ b/chart/kube-arangodb-enterprise-arm64/templates/deployment-replications-operator/role-binding.yaml @@ -0,0 +1,26 @@ +{{ if .Values.rbac.enabled -}} +{{ if .Values.operator.features.deploymentReplications -}} + +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ template "kube-arangodb.rbac" . }}-deployment-replication + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ template "kube-arangodb.rbac" . }}-deployment-replication +subjects: + - kind: ServiceAccount + name: {{ template "kube-arangodb.operatorName" . }} + namespace: {{ .Release.Namespace }} + + +{{- end }} +{{- end }} \ No newline at end of file diff --git a/chart/kube-arangodb-enterprise-arm64/templates/deployment-replications-operator/role.yaml b/chart/kube-arangodb-enterprise-arm64/templates/deployment-replications-operator/role.yaml new file mode 100644 index 000000000..c8cf8f993 --- /dev/null +++ b/chart/kube-arangodb-enterprise-arm64/templates/deployment-replications-operator/role.yaml @@ -0,0 +1,30 @@ +{{ if .Values.rbac.enabled -}} +{{ if .Values.operator.features.deploymentReplications -}} + +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ template "kube-arangodb.rbac" . }}-deployment-replication + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} +rules: + - apiGroups: ["replication.database.arangodb.com"] + resources: ["arangodeploymentreplications", "arangodeploymentreplications/status"] + verbs: ["*"] + - apiGroups: ["database.arangodb.com"] + resources: ["arangodeployments"] + verbs: ["get"] + - apiGroups: [""] + resources: ["pods", "services", "endpoints", "persistentvolumeclaims", "events", "secrets"] + verbs: ["*"] + - apiGroups: ["apps"] + resources: ["deployments", "replicasets"] + verbs: ["get"] + +{{- end }} +{{- end }} \ No newline at end of file diff --git a/chart/kube-arangodb-enterprise-arm64/templates/deployment.yaml b/chart/kube-arangodb-enterprise-arm64/templates/deployment.yaml new file mode 100644 index 000000000..51b35d9a7 --- /dev/null +++ b/chart/kube-arangodb-enterprise-arm64/templates/deployment.yaml @@ -0,0 +1,193 @@ +{{ if eq .Values.operator.scope "legacy" -}} +# Scope "legacy" selected +{{ else if eq .Values.operator.scope "namespaced" -}} +# Scope "namespaced" selected +{{ if .Values.operator.features.storage -}} +{{ fail (printf "Storage Operator not supported in %s scope!" .Values.operator.scope) -}} +{{ end -}} +{{ else -}} +{{ fail (printf "Operator Scope %s is not supported!" .Values.operator.scope) -}} +{{ end -}} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "kube-arangodb.operatorName" . }} + namespace: {{ .Release.Namespace }} +{{- if .Values.operator.annotations }} + annotations: +{{ toYaml .Values.operator.annotations | indent 8 }} +{{- end }} + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} +spec: +{{- if .Values.operator.debug }} + replicas: 1 +{{- else }} + replicas: {{ .Values.operator.replicaCount }} +{{- end }} + strategy: +{{ toYaml .Values.operator.updateStrategy | indent 8 }} + selector: + matchLabels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} + template: + metadata: + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} +{{- if .Values.operator.annotations }} + annotations: +{{ toYaml .Values.operator.annotations | indent 16 }} +{{- end }} + spec: +{{- if .Values.operator.nodeSelector }} + nodeSelector: +{{ toYaml .Values.operator.nodeSelector | indent 16 }} +{{- end }} + serviceAccountName: {{ template "kube-arangodb.operatorName" . }} + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: kubernetes.io/arch + operator: In + values: +{{- range .Values.operator.architectures }} + - {{ . | quote }} +{{- end }} + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + podAffinityTerm: + topologyKey: "kubernetes.io/hostname" + labelSelector: + matchExpressions: + - key: app.kubernetes.io/name + operator: In + values: + - {{ template "kube-arangodb.name" . }} + - key: app.kubernetes.io/instance + operator: In + values: + - {{ .Release.Name }} + hostNetwork: false + hostPID: false + hostIPC: false + securityContext: + runAsNonRoot: true + runAsUser: {{ .Values.operator.securityContext.runAsUser }} + containers: + - name: operator + imagePullPolicy: {{ .Values.operator.imagePullPolicy }} + image: {{ .Values.operator.image }} + args: + - --scope={{ .Values.operator.scope }} +{{- if .Values.operator.features.deployment }} + - --operator.deployment +{{- end -}} +{{ if .Values.operator.features.deploymentReplications }} + - --operator.deployment-replication +{{- end -}} +{{ if .Values.operator.features.storage }} + - --operator.storage +{{- end }} +{{ if .Values.operator.features.backup }} + - --operator.backup +{{- end }} +{{- if or .Values.operator.debug (eq ( int .Values.operator.replicaCount) 1) }} + - --mode.single +{{- end }} +{{ if .Values.operator.features.apps }} + - --operator.apps +{{- end }} +{{ if .Values.operator.features.ml }} + - --operator.ml +{{- end }} +{{ if .Values.operator.features.analytics }} + - --operator.analytics +{{- end }} +{{ if .Values.operator.features.k8sToK8sClusterSync }} + - --operator.k2k-cluster-sync +{{- end }} + - --chaos.allowed={{ .Values.operator.allowChaos }} +{{- if .Values.operator.args }} +{{- range .Values.operator.args }} + - {{ . | quote }} +{{- end }} +{{- end }} + env: + - name: MY_POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: MY_POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: MY_CONTAINER_NAME + value: "operator" + - name: MY_POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP +{{- if .Values.operator.features.apps }} + - name: ARANGOJOB_SA_NAME + value: "{{ template "kube-arangodb.operatorName" . }}-job" +{{- end }} + ports: + - name: metrics + containerPort: 8528 + securityContext: + privileged: false + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + capabilities: + drop: + - 'ALL' +{{- if .Values.operator.debug }} + add: + - 'SYS_PTRACE' +{{- end }} +{{- if .Values.operator.resources }} + resources: +{{ toYaml .Values.operator.resources | indent 22 }} +{{- end }} +{{- if not .Values.operator.debug }} + livenessProbe: + httpGet: + path: /health + port: 8528 + scheme: HTTPS + initialDelaySeconds: 5 + periodSeconds: 10 + readinessProbe: + httpGet: + path: /ready + port: 8528 + scheme: HTTPS + initialDelaySeconds: 5 + periodSeconds: 10 +{{- end }} + tolerations: + - key: "node.kubernetes.io/unreachable" + operator: "Exists" + effect: "NoExecute" + tolerationSeconds: 5 + - key: "node.kubernetes.io/not-ready" + operator: "Exists" + effect: "NoExecute" + tolerationSeconds: 5 +{{- if .Values.operator.tolerations }} +{{ toYaml .Values.operator.tolerations | indent 16 }} +{{- end }} diff --git a/chart/kube-arangodb-enterprise-arm64/templates/k2k-cluster-sync-operator/cluster-role-binding.yaml b/chart/kube-arangodb-enterprise-arm64/templates/k2k-cluster-sync-operator/cluster-role-binding.yaml new file mode 100644 index 000000000..c8cef6a03 --- /dev/null +++ b/chart/kube-arangodb-enterprise-arm64/templates/k2k-cluster-sync-operator/cluster-role-binding.yaml @@ -0,0 +1,26 @@ +{{ if .Values.rbac.enabled -}} +{{ if not (eq .Values.operator.scope "namespaced") -}} +{{ if .Values.operator.features.k8sToK8sClusterSync -}} + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "kube-arangodb.rbac-cluster" . }}-k2kclustersync + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "kube-arangodb.rbac-cluster" . }}-k2kclustersync +subjects: + - kind: ServiceAccount + name: {{ template "kube-arangodb.operatorName" . }} + namespace: {{ .Release.Namespace }} + +{{- end }} +{{- end }} +{{- end }} diff --git a/chart/kube-arangodb-enterprise-arm64/templates/k2k-cluster-sync-operator/cluster-role.yaml b/chart/kube-arangodb-enterprise-arm64/templates/k2k-cluster-sync-operator/cluster-role.yaml new file mode 100644 index 000000000..17f1a73f3 --- /dev/null +++ b/chart/kube-arangodb-enterprise-arm64/templates/k2k-cluster-sync-operator/cluster-role.yaml @@ -0,0 +1,22 @@ +{{ if .Values.rbac.enabled -}} +{{ if not (eq .Values.operator.scope "namespaced") -}} +{{ if .Values.operator.features.k8sToK8sClusterSync -}} + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "kube-arangodb.rbac-cluster" . }}-k2kclustersync + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} +rules: + - apiGroups: ["apiextensions.k8s.io"] + resources: ["customresourcedefinitions"] + verbs: ["get", "list", "watch"] + +{{- end }} +{{- end }} +{{- end }} diff --git a/chart/kube-arangodb-enterprise-arm64/templates/k2k-cluster-sync-operator/role-binding.yaml b/chart/kube-arangodb-enterprise-arm64/templates/k2k-cluster-sync-operator/role-binding.yaml new file mode 100644 index 000000000..c4399917d --- /dev/null +++ b/chart/kube-arangodb-enterprise-arm64/templates/k2k-cluster-sync-operator/role-binding.yaml @@ -0,0 +1,25 @@ +{{ if .Values.rbac.enabled -}} +{{ if .Values.operator.features.k8sToK8sClusterSync -}} + +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ template "kube-arangodb.rbac" . }}-k2kclustersync + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ template "kube-arangodb.rbac" . }}-k2kclustersync +subjects: + - kind: ServiceAccount + name: {{ template "kube-arangodb.operatorName" . }} + namespace: {{ .Release.Namespace }} + +{{- end }} +{{- end }} diff --git a/chart/kube-arangodb-enterprise-arm64/templates/k2k-cluster-sync-operator/role.yaml b/chart/kube-arangodb-enterprise-arm64/templates/k2k-cluster-sync-operator/role.yaml new file mode 100644 index 000000000..d308f9111 --- /dev/null +++ b/chart/kube-arangodb-enterprise-arm64/templates/k2k-cluster-sync-operator/role.yaml @@ -0,0 +1,33 @@ +{{ if .Values.rbac.enabled -}} +{{ if .Values.operator.features.k8sToK8sClusterSync -}} + +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ template "kube-arangodb.rbac" . }}-k2kclustersync + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} +rules: + - apiGroups: [""] + resources: ["pods", "services", "endpoints"] + verbs: ["get", "update"] + - apiGroups: [""] + resources: ["events"] + verbs: ["*"] + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get"] + - apiGroups: ["apps"] + resources: ["deployments", "replicasets"] + verbs: ["get"] + - apiGroups: ["database.arangodb.com"] + resources: ["arangodeployments", "arangoclustersynchronizations"] + verbs: ["get", "list", "watch"] + +{{- end }} +{{- end }} diff --git a/chart/kube-arangodb-enterprise-arm64/templates/ml-operator/cluster-role-binding.yaml b/chart/kube-arangodb-enterprise-arm64/templates/ml-operator/cluster-role-binding.yaml new file mode 100644 index 000000000..85d3cdc05 --- /dev/null +++ b/chart/kube-arangodb-enterprise-arm64/templates/ml-operator/cluster-role-binding.yaml @@ -0,0 +1,26 @@ +{{ if .Values.rbac.enabled -}} +{{ if not (eq .Values.operator.scope "namespaced") -}} +{{ if .Values.operator.features.ml -}} + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "kube-arangodb.rbac-cluster" . }}-ml + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "kube-arangodb.rbac-cluster" . }}-ml +subjects: + - kind: ServiceAccount + name: {{ template "kube-arangodb.operatorName" . }} + namespace: {{ .Release.Namespace }} + +{{- end }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/chart/kube-arangodb-enterprise-arm64/templates/ml-operator/cluster-role.yaml b/chart/kube-arangodb-enterprise-arm64/templates/ml-operator/cluster-role.yaml new file mode 100644 index 000000000..4e6a92385 --- /dev/null +++ b/chart/kube-arangodb-enterprise-arm64/templates/ml-operator/cluster-role.yaml @@ -0,0 +1,22 @@ +{{ if .Values.rbac.enabled -}} +{{ if not (eq .Values.operator.scope "namespaced") -}} +{{ if .Values.operator.features.ml -}} + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "kube-arangodb.rbac-cluster" . }}-ml + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} +rules: + - apiGroups: ["apiextensions.k8s.io"] + resources: ["customresourcedefinitions"] + verbs: ["get", "list", "watch"] + +{{- end }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/chart/kube-arangodb-enterprise-arm64/templates/ml-operator/role-binding.yaml b/chart/kube-arangodb-enterprise-arm64/templates/ml-operator/role-binding.yaml new file mode 100644 index 000000000..a7a666189 --- /dev/null +++ b/chart/kube-arangodb-enterprise-arm64/templates/ml-operator/role-binding.yaml @@ -0,0 +1,25 @@ +{{ if .Values.rbac.enabled -}} +{{ if .Values.operator.features.ml -}} + +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ template "kube-arangodb.rbac" . }}-ml + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ template "kube-arangodb.rbac" . }}-ml +subjects: + - kind: ServiceAccount + name: {{ template "kube-arangodb.operatorName" . }} + namespace: {{ .Release.Namespace }} + +{{- end }} +{{- end }} \ No newline at end of file diff --git a/chart/kube-arangodb-enterprise-arm64/templates/ml-operator/role.yaml b/chart/kube-arangodb-enterprise-arm64/templates/ml-operator/role.yaml new file mode 100644 index 000000000..bc628afa4 --- /dev/null +++ b/chart/kube-arangodb-enterprise-arm64/templates/ml-operator/role.yaml @@ -0,0 +1,68 @@ +{{ if .Values.rbac.enabled -}} +{{ if .Values.operator.features.ml -}} + +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ template "kube-arangodb.rbac" . }}-ml + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} +rules: + - apiGroups: + - "ml.arangodb.com" + resources: + - "arangomlextensions" + - "arangomlextensions/status" + - "arangomlbatchjobs" + - "arangomlbatchjobs/status" + - "arangomlcronjobs" + - "arangomlcronjobs/status" + - "arangomlstorages" + - "arangomlstorages/status" + verbs: + - "*" + - apiGroups: + - "scheduler.arangodb.com" + resources: + - "arangoprofiles" + - "arangoprofiles/status" + verbs: + - "*" + - apiGroups: + - "database.arangodb.com" + resources: + - "arangodeployments" + verbs: + - "get" + - "list" + - "watch" + - apiGroups: + - "rbac.authorization.k8s.io" + resources: + - "roles" + - "rolebindings" + verbs: ["*"] + - apiGroups: + - "batch" + resources: + - "cronjobs" + - "jobs" + verbs: ["*"] + - apiGroups: ["apps"] + resources: + - "statefulsets" + verbs: ["*"] + - apiGroups: [""] + resources: + - "pods" + - "secrets" + - "services" + - "serviceaccounts" + verbs: ["*"] +{{- end }} +{{- end }} \ No newline at end of file diff --git a/chart/kube-arangodb-enterprise-arm64/templates/service-account.yaml b/chart/kube-arangodb-enterprise-arm64/templates/service-account.yaml new file mode 100644 index 000000000..3c102d1a7 --- /dev/null +++ b/chart/kube-arangodb-enterprise-arm64/templates/service-account.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "kube-arangodb.operatorName" . }} + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} +{{- if .Values.operator.imagePullSecrets }} +imagePullSecrets: +{{- range .Values.operator.imagePullSecrets }} + - name: {{ . }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/chart/kube-arangodb-enterprise-arm64/templates/service.yaml b/chart/kube-arangodb-enterprise-arm64/templates/service.yaml new file mode 100644 index 000000000..2005e2f07 --- /dev/null +++ b/chart/kube-arangodb-enterprise-arm64/templates/service.yaml @@ -0,0 +1,36 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ template "kube-arangodb.operatorName" . }} + namespace: {{ .Release.Namespace }} +{{- if .Values.operator.annotations }} + annotations: +{{ toYaml .Values.operator.annotations | indent 8 }} +{{- end }} + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} +spec: + ports: + - name: server + port: 8528 + protocol: TCP + targetPort: 8528 + - name: http-api + port: 8628 + protocol: TCP + targetPort: 8628 + - name: grpc-api + port: 8728 + protocol: TCP + targetPort: 8728 + selector: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} + role: leader + type: {{ .Values.operator.service.type }} \ No newline at end of file diff --git a/chart/kube-arangodb-enterprise-arm64/templates/storage-operator/cluster-role-binding.yaml b/chart/kube-arangodb-enterprise-arm64/templates/storage-operator/cluster-role-binding.yaml new file mode 100644 index 000000000..cfaaff455 --- /dev/null +++ b/chart/kube-arangodb-enterprise-arm64/templates/storage-operator/cluster-role-binding.yaml @@ -0,0 +1,24 @@ +{{ if .Values.rbac.enabled -}} +{{ if .Values.operator.features.storage -}} + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "kube-arangodb.rbac-cluster" . }}-storage + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "kube-arangodb.rbac-cluster" . }}-storage +subjects: + - kind: ServiceAccount + name: {{ template "kube-arangodb.operatorName" . }} + namespace: {{ .Release.Namespace }} + +{{- end }} +{{- end }} \ No newline at end of file diff --git a/chart/kube-arangodb-enterprise-arm64/templates/storage-operator/cluster-role.yaml b/chart/kube-arangodb-enterprise-arm64/templates/storage-operator/cluster-role.yaml new file mode 100644 index 000000000..8109978b3 --- /dev/null +++ b/chart/kube-arangodb-enterprise-arm64/templates/storage-operator/cluster-role.yaml @@ -0,0 +1,32 @@ +{{ if .Values.rbac.enabled -}} +{{ if .Values.operator.features.storage -}} + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "kube-arangodb.rbac-cluster" . }}-storage + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} +rules: + - apiGroups: [""] + resources: ["persistentvolumes", "persistentvolumeclaims", "endpoints", "events", "services"] + verbs: ["*"] + - apiGroups: ["apiextensions.k8s.io"] + resources: ["customresourcedefinitions"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["namespaces", "nodes"] + verbs: ["get", "list", "watch"] + - apiGroups: ["storage.k8s.io"] + resources: ["storageclasses"] + verbs: ["*"] + - apiGroups: ["storage.arangodb.com"] + resources: ["arangolocalstorages"] + verbs: ["*"] + +{{- end }} +{{- end }} \ No newline at end of file diff --git a/chart/kube-arangodb-enterprise-arm64/templates/storage-operator/crd.yaml b/chart/kube-arangodb-enterprise-arm64/templates/storage-operator/crd.yaml new file mode 100644 index 000000000..487dec10f --- /dev/null +++ b/chart/kube-arangodb-enterprise-arm64/templates/storage-operator/crd.yaml @@ -0,0 +1,32 @@ +{{ if .Values.operator.features.storage -}} + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: arangolocalstorages.storage.arangodb.com + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} +spec: + group: storage.arangodb.com + names: + kind: ArangoLocalStorage + listKind: ArangoLocalStorageList + plural: arangolocalstorages + shortNames: + - arangostorage + singular: arangolocalstorage + scope: Cluster + versions: + - name: v1alpha + served: true + storage: true + schema: + openAPIV3Schema: + type: object + x-kubernetes-preserve-unknown-fields: true + +{{- end }} \ No newline at end of file diff --git a/chart/kube-arangodb-enterprise-arm64/templates/storage-operator/role-binding.yaml b/chart/kube-arangodb-enterprise-arm64/templates/storage-operator/role-binding.yaml new file mode 100644 index 000000000..5e120f06b --- /dev/null +++ b/chart/kube-arangodb-enterprise-arm64/templates/storage-operator/role-binding.yaml @@ -0,0 +1,26 @@ +{{ if .Values.rbac.enabled -}} +{{ if .Values.operator.features.storage -}} + +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ template "kube-arangodb.rbac" . }}-storage + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ template "kube-arangodb.rbac" . }}-storage +subjects: + - kind: ServiceAccount + name: {{ template "kube-arangodb.operatorName" . }} + namespace: {{ .Release.Namespace }} + + +{{- end }} +{{- end }} \ No newline at end of file diff --git a/chart/kube-arangodb-enterprise-arm64/templates/storage-operator/role.yaml b/chart/kube-arangodb-enterprise-arm64/templates/storage-operator/role.yaml new file mode 100644 index 000000000..47553bb0a --- /dev/null +++ b/chart/kube-arangodb-enterprise-arm64/templates/storage-operator/role.yaml @@ -0,0 +1,30 @@ +{{ if .Values.rbac.enabled -}} +{{ if .Values.operator.features.storage -}} + +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ template "kube-arangodb.rbac" . }}-storage + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} +rules: + - apiGroups: [""] + resources: ["pods"] + verbs: ["get", "update", "watch", "list"] + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get"] + - apiGroups: ["apps"] + resources: ["daemonsets"] + verbs: ["*"] + - apiGroups: ["apps"] + resources: ["deployments", "replicasets"] + verbs: ["get"] + +{{- end }} +{{- end }} \ No newline at end of file diff --git a/chart/kube-arangodb-enterprise-arm64/values.yaml b/chart/kube-arangodb-enterprise-arm64/values.yaml new file mode 100644 index 000000000..b9c0c40f5 --- /dev/null +++ b/chart/kube-arangodb-enterprise-arm64/values.yaml @@ -0,0 +1,44 @@ +operator: + image: arangodb/kube-arangodb-enterprise:1.2.41 + imagePullPolicy: IfNotPresent + imagePullSecrets: [] + scope: legacy + architectures: + - amd64 + debug: false + args: [] + service: + type: ClusterIP + annotations: {} + resources: + limits: + cpu: 1 + memory: 512Mi + requests: + cpu: 250m + memory: 256Mi + securityContext: + runAsUser: 1000 + replicaCount: 1 + updateStrategy: + type: Recreate + allowChaos: false + nodeSelector: {} + enableCRDManagement: true + features: + deployment: true + deploymentReplications: true + storage: false + backup: false + apps: false + k8sToK8sClusterSync: false + ml: false + analytics: false + tolerations: [] +rbac: + enabled: true + extensions: + monitoring: true + acs: true + at: true + debug: false diff --git a/chart/kube-arangodb-enterprise/Chart.yaml b/chart/kube-arangodb-enterprise/Chart.yaml new file mode 100644 index 000000000..ebdff67a1 --- /dev/null +++ b/chart/kube-arangodb-enterprise/Chart.yaml @@ -0,0 +1,5 @@ +# do not switch to V2 yet - we still need to support Helm 2 +apiVersion: v1 +name: kube-arangodb-enterprise +version: 1.2.41 +description: "ArangoDB Kubernetes Enterprise Operator" diff --git a/chart/kube-arangodb-enterprise/LICENSE b/chart/kube-arangodb-enterprise/LICENSE new file mode 100644 index 000000000..79013b689 --- /dev/null +++ b/chart/kube-arangodb-enterprise/LICENSE @@ -0,0 +1,15 @@ +Copyright 2016-2022 ArangoDB GmbH, Cologne, Germany + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + +http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. + +Copyright holder is ArangoDB GmbH, Cologne, Germany \ No newline at end of file diff --git a/chart/kube-arangodb-enterprise/README.md b/chart/kube-arangodb-enterprise/README.md new file mode 100644 index 000000000..a912db933 --- /dev/null +++ b/chart/kube-arangodb-enterprise/README.md @@ -0,0 +1,206 @@ +# Introduction + +Kubernetes ArangoDB Operator. + +# Chart Details + +Chart will install fully operational ArangoDB Kubernetes Operator. + +# Resources Required + +In default installation deployment with 1 pod will be created. The operator pod require 256MB of ram and 250m of CPU. + +# Installing the Chart + +Chart can be installed in two methods: +- With all Operators in single Helm Release +- One Helm Release per Operator + +Possible Operators: +- `ArangoDeployment` - enabled by default +- `ArangoDeploymentReplications` - enabled by default +- `ArangoLocalStorage` - disabled by default +- `ArangoBackup` - disabled by default +- `ArangoJob` - disabled by default +- `ArangoClusterSynchronization` - disabled by default + +To install Operators in mode "One per Helm Release" we can use: + +``` +helm install --name arango-deployment kube-arangodb.tar.gz \ + --set operator.features.deployment=true \ + --set operator.features.deploymentReplications=false \ + --set operator.features.storage=false \ + --set operator.features.backup=false \ + --set operator.features.apps=false \ + --set operator.features.k8sToK8sClusterSync=false +``` + + +# Configuration + +### `operator.image` + +Image used for the ArangoDB Operator. + +Default: `arangodb/kube-arangodb:latest` + +### `operator.imagePullPolicy` + +Image pull policy for Operator images. + +Default: `IfNotPresent` + +### `operator.imagePullSecrets` + +List of the Image Pull Secrets for Operator images. + +Default: `[]string` + +### `operator.scope` + +Scope on which Operator will be configured. + +Default: `legacy` + +Supported modes: +- `legacy` - mode with limited cluster scope access +- `namespaced` - mode with namespace access only + +### `operator.service.type` + +Type of the Operator service. + +Default: `ClusterIP` + +### `operator.annotations` + +Annotations passed to the Operator Deployment definition. + +Default: `[]string` + +### `operator.resources.limits.cpu` + +CPU limits for operator pods. + +Default: `1` + +### `operator.resources.limits.memory` + +Memory limits for operator pods. + +Default: `256Mi` + +### `operator.resources.requested.cpu` + +Requested CPI by Operator pods. + +Default: `250m` + +### `operator.resources.requested.memory` + +Requested memory for operator pods. + +Default: `256Mi` + +### `operator.nodeSelector` + +NodeSelector for Deployment pods. + +Default: `{}` + +### `operator.tolerations` + +Tolerations for Deployment pods. + +There is built in configuration (can not be changed): +```yaml +tolerations: +- key: "node.kubernetes.io/unreachable" + operator: "Exists" + effect: "NoExecute" + tolerationSeconds: 5 +- key: "node.kubernetes.io/not-ready" + operator: "Exists" + effect: "NoExecute" + tolerationSeconds: 5 +``` + +which can be extended by additional entries e.g.: +```yaml +tolerations: +- key: devops + operator: Exists + effect: NoSchedule +``` +Default (empty): `[]` + +### `operator.securityContext.runAsUser` + +Controls which user ID the containers are run with. + +Default: `1000` + +### `operator.replicaCount` + +Replication count for Operator deployment. + +Default: `1` + +### `operator.updateStrategy` + +Update strategy for operator pod. + +Default: `Recreate` + +### `operator.features.deployment` + +Define if ArangoDeployment Operator should be enabled. + +Default: `true` + +### `operator.features.deploymentReplications` + +Define if ArangoDeploymentReplications Operator should be enabled. + +Default: `true` + +### `operator.features.storage` + +Define if ArangoLocalStorage Operator should be enabled. + +Default: `false` + +### `operator.features.backup` + +Define if ArangoBackup Operator should be enabled. + +Default: `false` + +### `operator.features.apps` + +Define if ArangoJob Operator should be enabled. + +Default: `false` + +### `operator.features.k8sToK8sClusterSync` + +Define if ArangoClusterSynchronization Operator should be enabled. + +Default: `false` + +### `rbac.enabled` + +Define if RBAC should be enabled. + +Default: `true` + +### `operator.architectures` + +List of supported architectures. + +Default: `[]string{"amd64"}` + +# Limitations + +N/A \ No newline at end of file diff --git a/chart/kube-arangodb-enterprise/crds/analytics-graphanalyticsengine.yaml b/chart/kube-arangodb-enterprise/crds/analytics-graphanalyticsengine.yaml new file mode 100644 index 000000000..cac5e6f51 --- /dev/null +++ b/chart/kube-arangodb-enterprise/crds/analytics-graphanalyticsengine.yaml @@ -0,0 +1,22 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: graphanalyticsengines.analytics.arangodb.com +spec: + group: analytics.arangodb.com + names: + kind: GraphAnalyticsEngine + listKind: GraphAnalyticsEngineList + plural: graphanalyticsengines + singular: graphanalyticsengine + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + type: object + x-kubernetes-preserve-unknown-fields: true + served: true + storage: true + subresources: + status: {} diff --git a/chart/kube-arangodb-enterprise/crds/apps-job.yaml b/chart/kube-arangodb-enterprise/crds/apps-job.yaml new file mode 100644 index 000000000..9f0800fc2 --- /dev/null +++ b/chart/kube-arangodb-enterprise/crds/apps-job.yaml @@ -0,0 +1,29 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: arangojobs.apps.arangodb.com +spec: + group: apps.arangodb.com + names: + kind: ArangoJob + listKind: ArangoJobList + plural: arangojobs + singular: arangojob + shortNames: + - arangojob + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + type: object + x-kubernetes-preserve-unknown-fields: true + served: true + storage: true + additionalPrinterColumns: + - jsonPath: .spec.arangoDeploymentName + description: Deployment name + name: ArangoDeploymentName + type: string + subresources: + status: {} diff --git a/chart/kube-arangodb-enterprise/crds/backups-backup.yaml b/chart/kube-arangodb-enterprise/crds/backups-backup.yaml new file mode 100644 index 000000000..577574362 --- /dev/null +++ b/chart/kube-arangodb-enterprise/crds/backups-backup.yaml @@ -0,0 +1,103 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: arangobackups.backup.arangodb.com +spec: + group: backup.arangodb.com + names: + kind: ArangoBackup + listKind: ArangoBackupList + plural: arangobackups + shortNames: + - arangobackup + singular: arangobackup + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + type: object + x-kubernetes-preserve-unknown-fields: true + served: true + storage: true + additionalPrinterColumns: + - jsonPath: .spec.policyName + description: Policy name + name: Policy + type: string + - jsonPath: .spec.deployment.name + description: Deployment name + name: Deployment + type: string + - jsonPath: .status.backup.version + description: Backup Version + name: Version + type: string + - jsonPath: .status.backup.createdAt + description: Backup Creation Timestamp + name: Created + type: string + - jsonPath: .status.backup.sizeInBytes + description: Backup Size in Bytes + name: Size + type: integer + format: byte + - jsonPath: .status.backup.numberOfDBServers + description: Backup Number of the DB Servers + name: DBServers + type: integer + - jsonPath: .status.state + description: The actual state of the ArangoBackup + name: State + type: string + - jsonPath: .status.message + priority: 1 + description: Message of the ArangoBackup object + name: Message + type: string + subresources: + status: {} + - name: v1alpha + schema: + openAPIV3Schema: + type: object + x-kubernetes-preserve-unknown-fields: true + served: true + storage: false + additionalPrinterColumns: + - jsonPath: .spec.policyName + description: Policy name + name: Policy + type: string + - jsonPath: .spec.deployment.name + description: Deployment name + name: Deployment + type: string + - jsonPath: .status.backup.version + description: Backup Version + name: Version + type: string + - jsonPath: .status.backup.createdAt + description: Backup Creation Timestamp + name: Created + type: string + - jsonPath: .status.backup.sizeInBytes + description: Backup Size in Bytes + name: Size + type: integer + format: byte + - jsonPath: .status.backup.numberOfDBServers + description: Backup Number of the DB Servers + name: DBServers + type: integer + - jsonPath: .status.state + description: The actual state of the ArangoBackup + name: State + type: string + - jsonPath: .status.message + priority: 1 + description: Message of the ArangoBackup object + name: Message + type: string + subresources: + status: {} diff --git a/chart/kube-arangodb-enterprise/crds/backups-backuppolicy.yaml b/chart/kube-arangodb-enterprise/crds/backups-backuppolicy.yaml new file mode 100644 index 000000000..e0ca6c623 --- /dev/null +++ b/chart/kube-arangodb-enterprise/crds/backups-backuppolicy.yaml @@ -0,0 +1,62 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: arangobackuppolicies.backup.arangodb.com +spec: + group: backup.arangodb.com + names: + kind: ArangoBackupPolicy + listKind: ArangoBackupPolicyList + plural: arangobackuppolicies + shortNames: + - arangobackuppolicy + - arangobp + singular: arangobackuppolicy + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + type: object + x-kubernetes-preserve-unknown-fields: true + served: true + storage: true + additionalPrinterColumns: + - jsonPath: .spec.schedule + description: Schedule + name: Schedule + type: string + - jsonPath: .status.scheduled + description: Scheduled + name: Scheduled + type: string + - jsonPath: .status.message + priority: 1 + description: Message of the ArangoBackupPolicy object + name: Message + type: string + subresources: + status: {} + - name: v1alpha + schema: + openAPIV3Schema: + type: object + x-kubernetes-preserve-unknown-fields: true + served: true + storage: false + additionalPrinterColumns: + - jsonPath: .spec.schedule + description: Schedule + name: Schedule + type: string + - jsonPath: .status.scheduled + description: Scheduled + name: Scheduled + type: string + - jsonPath: .status.message + priority: 1 + description: Message of the ArangoBackupPolicy object + name: Message + type: string + subresources: + status: {} diff --git a/chart/kube-arangodb-enterprise/crds/database-clustersynchronization.yaml b/chart/kube-arangodb-enterprise/crds/database-clustersynchronization.yaml new file mode 100644 index 000000000..e8d799d30 --- /dev/null +++ b/chart/kube-arangodb-enterprise/crds/database-clustersynchronization.yaml @@ -0,0 +1,33 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: arangoclustersynchronizations.database.arangodb.com +spec: + group: database.arangodb.com + names: + kind: ArangoClusterSynchronization + listKind: ArangoClusterSynchronizationList + plural: arangoclustersynchronizations + singular: arangoclustersynchronization + shortNames: + - arangoclustersync + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + type: object + x-kubernetes-preserve-unknown-fields: true + served: true + storage: true + subresources: + status: {} + - name: v2alpha1 + schema: + openAPIV3Schema: + type: object + x-kubernetes-preserve-unknown-fields: true + served: true + storage: false + subresources: + status: {} diff --git a/chart/kube-arangodb-enterprise/crds/database-deployment.yaml b/chart/kube-arangodb-enterprise/crds/database-deployment.yaml new file mode 100644 index 000000000..22f9d1acf --- /dev/null +++ b/chart/kube-arangodb-enterprise/crds/database-deployment.yaml @@ -0,0 +1,39 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: arangodeployments.database.arangodb.com +spec: + group: database.arangodb.com + names: + kind: ArangoDeployment + listKind: ArangoDeploymentList + plural: arangodeployments + shortNames: + - arangodb + - arango + singular: arangodeployment + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + type: object + x-kubernetes-preserve-unknown-fields: true + served: true + storage: true + - name: v1alpha + schema: + openAPIV3Schema: + type: object + x-kubernetes-preserve-unknown-fields: true + served: true + storage: false + - name: v2alpha1 + schema: + openAPIV3Schema: + type: object + x-kubernetes-preserve-unknown-fields: true + served: true + storage: false + subresources: + status: {} diff --git a/chart/kube-arangodb-enterprise/crds/database-member.yaml b/chart/kube-arangodb-enterprise/crds/database-member.yaml new file mode 100644 index 000000000..214f5d207 --- /dev/null +++ b/chart/kube-arangodb-enterprise/crds/database-member.yaml @@ -0,0 +1,33 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: arangomembers.database.arangodb.com +spec: + group: database.arangodb.com + names: + kind: ArangoMember + listKind: ArangoMemberList + plural: arangomembers + shortNames: + - arangomembers + singular: arangomember + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + type: object + x-kubernetes-preserve-unknown-fields: true + served: true + storage: true + subresources: + status: {} + - name: v2alpha1 + schema: + openAPIV3Schema: + type: object + x-kubernetes-preserve-unknown-fields: true + served: true + storage: false + subresources: + status: {} diff --git a/chart/kube-arangodb-enterprise/crds/database-task.yaml b/chart/kube-arangodb-enterprise/crds/database-task.yaml new file mode 100644 index 000000000..85d452000 --- /dev/null +++ b/chart/kube-arangodb-enterprise/crds/database-task.yaml @@ -0,0 +1,36 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: arangotasks.database.arangodb.com +spec: + group: database.arangodb.com + names: + kind: ArangoTask + listKind: ArangoTaskList + plural: arangotasks + singular: arangotask + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + type: object + x-kubernetes-preserve-unknown-fields: true + served: true + storage: true + - name: v1alpha + schema: + openAPIV3Schema: + type: object + x-kubernetes-preserve-unknown-fields: true + served: true + storage: false + - name: v2alpha1 + schema: + openAPIV3Schema: + type: object + x-kubernetes-preserve-unknown-fields: true + served: true + storage: false + subresources: + status: {} diff --git a/chart/kube-arangodb-enterprise/crds/ml-extension.yaml b/chart/kube-arangodb-enterprise/crds/ml-extension.yaml new file mode 100644 index 000000000..1ba50dd8c --- /dev/null +++ b/chart/kube-arangodb-enterprise/crds/ml-extension.yaml @@ -0,0 +1,31 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: arangomlextensions.ml.arangodb.com +spec: + group: ml.arangodb.com + names: + kind: ArangoMLExtension + listKind: ArangoMLExtensionList + plural: arangomlextensions + singular: arangomlextension + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + type: object + x-kubernetes-preserve-unknown-fields: true + served: true + storage: false + subresources: + status: {} + - name: v1beta1 + schema: + openAPIV3Schema: + type: object + x-kubernetes-preserve-unknown-fields: true + served: true + storage: true + subresources: + status: {} diff --git a/chart/kube-arangodb-enterprise/crds/ml-job-batch.yaml b/chart/kube-arangodb-enterprise/crds/ml-job-batch.yaml new file mode 100644 index 000000000..5fbaa6e13 --- /dev/null +++ b/chart/kube-arangodb-enterprise/crds/ml-job-batch.yaml @@ -0,0 +1,22 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: arangomlbatchjobs.ml.arangodb.com +spec: + group: ml.arangodb.com + names: + kind: ArangoMLBatchJob + listKind: ArangoMLBatchJobList + plural: arangomlbatchjobs + singular: arangomlbatchjob + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + type: object + x-kubernetes-preserve-unknown-fields: true + served: true + storage: true + subresources: + status: {} diff --git a/chart/kube-arangodb-enterprise/crds/ml-job-cron.yaml b/chart/kube-arangodb-enterprise/crds/ml-job-cron.yaml new file mode 100644 index 000000000..e6c7c5b2f --- /dev/null +++ b/chart/kube-arangodb-enterprise/crds/ml-job-cron.yaml @@ -0,0 +1,22 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: arangomlcronjobs.ml.arangodb.com +spec: + group: ml.arangodb.com + names: + kind: ArangoMLCronJob + listKind: ArangoMLCronJobList + plural: arangomlcronjobs + singular: arangomlcronjob + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + type: object + x-kubernetes-preserve-unknown-fields: true + served: true + storage: true + subresources: + status: {} diff --git a/chart/kube-arangodb-enterprise/crds/ml-storage.yaml b/chart/kube-arangodb-enterprise/crds/ml-storage.yaml new file mode 100644 index 000000000..01b23a672 --- /dev/null +++ b/chart/kube-arangodb-enterprise/crds/ml-storage.yaml @@ -0,0 +1,31 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: arangomlstorages.ml.arangodb.com +spec: + group: ml.arangodb.com + names: + kind: ArangoMLStorage + listKind: ArangoMLStorageList + plural: arangomlstorages + singular: arangomlstorage + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + type: object + x-kubernetes-preserve-unknown-fields: true + served: true + storage: false + subresources: + status: {} + - name: v1beta1 + schema: + openAPIV3Schema: + type: object + x-kubernetes-preserve-unknown-fields: true + served: true + storage: true + subresources: + status: {} diff --git a/chart/kube-arangodb-enterprise/crds/replication-deploymentreplication.yaml b/chart/kube-arangodb-enterprise/crds/replication-deploymentreplication.yaml new file mode 100644 index 000000000..e3918b355 --- /dev/null +++ b/chart/kube-arangodb-enterprise/crds/replication-deploymentreplication.yaml @@ -0,0 +1,38 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: arangodeploymentreplications.replication.database.arangodb.com +spec: + group: replication.database.arangodb.com + names: + kind: ArangoDeploymentReplication + listKind: ArangoDeploymentReplicationList + plural: arangodeploymentreplications + shortNames: + - arangorepl + singular: arangodeploymentreplication + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + type: object + x-kubernetes-preserve-unknown-fields: true + served: true + storage: true + - name: v1alpha + schema: + openAPIV3Schema: + type: object + x-kubernetes-preserve-unknown-fields: true + served: true + storage: false + - name: v2alpha1 + schema: + openAPIV3Schema: + type: object + x-kubernetes-preserve-unknown-fields: true + served: true + storage: false + subresources: + status: {} diff --git a/chart/kube-arangodb-enterprise/crds/scheduler-profile.yaml b/chart/kube-arangodb-enterprise/crds/scheduler-profile.yaml new file mode 100644 index 000000000..2be38f32a --- /dev/null +++ b/chart/kube-arangodb-enterprise/crds/scheduler-profile.yaml @@ -0,0 +1,31 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: arangoprofiles.scheduler.arangodb.com +spec: + group: scheduler.arangodb.com + names: + kind: ArangoProfile + listKind: ArangoProfileList + plural: arangoprofiles + singular: arangoprofile + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + type: object + x-kubernetes-preserve-unknown-fields: true + served: true + storage: false + subresources: + status: {} + - name: v1beta1 + schema: + openAPIV3Schema: + type: object + x-kubernetes-preserve-unknown-fields: true + served: true + storage: true + subresources: + status: {} diff --git a/chart/kube-arangodb-enterprise/templates/NOTES.txt b/chart/kube-arangodb-enterprise/templates/NOTES.txt new file mode 100644 index 000000000..f45cab92e --- /dev/null +++ b/chart/kube-arangodb-enterprise/templates/NOTES.txt @@ -0,0 +1,7 @@ +You have installed Kubernetes ArangoDB Operator in version {{ .Chart.Version }} + +To access ArangoDeployments you can use: + +kubectl --namespace "{{ .Release.Namespace }}" get arangodeployments + +More details can be found on https://github.com/arangodb/kube-arangodb/tree/{{ .Chart.Version }}/docs \ No newline at end of file diff --git a/chart/kube-arangodb-enterprise/templates/_helpers.tpl b/chart/kube-arangodb-enterprise/templates/_helpers.tpl new file mode 100644 index 000000000..ab2edeb91 --- /dev/null +++ b/chart/kube-arangodb-enterprise/templates/_helpers.tpl @@ -0,0 +1,47 @@ +{{/* vim: set filetype=mustache: */}} + +{{/* +Expand the name of the chart. +*/}} +{{- define "kube-arangodb.name" -}} +{{- printf "%s" .Chart.Name | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Expand the name of the release. +*/}} +{{- define "kube-arangodb.releaseName" -}} +{{- printf "%s" .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Expand the name of the operator. +*/}} +{{- define "kube-arangodb.operatorName" -}} +{{- printf "arango-%s-operator" .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Combine name of the deployment. +*/}} +{{- define "kube-arangodb.fullName" -}} +{{- printf "%s-%s" .Chart.Name .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create the name of the Operator RBAC role +*/}} +{{- define "kube-arangodb.rbac" -}} +{{- printf "%s-%s" (include "kube-arangodb.operatorName" .) "rbac" | trunc 95 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create the name of the Operator Cluster resources +*/}} +{{- define "kube-arangodb.rbac-cluster" -}} +{{- if eq .Release.Namespace "default" -}} +{{- printf "%s-rbac" (include "kube-arangodb.operatorName" .) | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s-rbac" (include "kube-arangodb.operatorName" .) .Release.Namespace | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} diff --git a/chart/kube-arangodb-enterprise/templates/analytics-operator/cluster-role-binding.yaml b/chart/kube-arangodb-enterprise/templates/analytics-operator/cluster-role-binding.yaml new file mode 100644 index 000000000..201c4915b --- /dev/null +++ b/chart/kube-arangodb-enterprise/templates/analytics-operator/cluster-role-binding.yaml @@ -0,0 +1,26 @@ +{{ if .Values.rbac.enabled -}} +{{ if not (eq .Values.operator.scope "namespaced") -}} +{{ if .Values.operator.features.analytics -}} + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "kube-arangodb.rbac-cluster" . }}-analytics + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "kube-arangodb.rbac-cluster" . }}-analytics +subjects: + - kind: ServiceAccount + name: {{ template "kube-arangodb.operatorName" . }} + namespace: {{ .Release.Namespace }} + +{{- end }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/chart/kube-arangodb-enterprise/templates/analytics-operator/cluster-role.yaml b/chart/kube-arangodb-enterprise/templates/analytics-operator/cluster-role.yaml new file mode 100644 index 000000000..76ac5ee99 --- /dev/null +++ b/chart/kube-arangodb-enterprise/templates/analytics-operator/cluster-role.yaml @@ -0,0 +1,22 @@ +{{ if .Values.rbac.enabled -}} +{{ if not (eq .Values.operator.scope "namespaced") -}} +{{ if .Values.operator.features.analytics -}} + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "kube-arangodb.rbac-cluster" . }}-analytics + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} +rules: + - apiGroups: ["apiextensions.k8s.io"] + resources: ["customresourcedefinitions"] + verbs: ["get", "list", "watch"] + +{{- end }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/chart/kube-arangodb-enterprise/templates/analytics-operator/role-binding.yaml b/chart/kube-arangodb-enterprise/templates/analytics-operator/role-binding.yaml new file mode 100644 index 000000000..9fd0877f4 --- /dev/null +++ b/chart/kube-arangodb-enterprise/templates/analytics-operator/role-binding.yaml @@ -0,0 +1,25 @@ +{{ if .Values.rbac.enabled -}} +{{ if .Values.operator.features.analytics -}} + +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ template "kube-arangodb.rbac" . }}-analytics + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ template "kube-arangodb.rbac" . }}-analytics +subjects: + - kind: ServiceAccount + name: {{ template "kube-arangodb.operatorName" . }} + namespace: {{ .Release.Namespace }} + +{{- end }} +{{- end }} \ No newline at end of file diff --git a/chart/kube-arangodb-enterprise/templates/analytics-operator/role.yaml b/chart/kube-arangodb-enterprise/templates/analytics-operator/role.yaml new file mode 100644 index 000000000..84e6cba2f --- /dev/null +++ b/chart/kube-arangodb-enterprise/templates/analytics-operator/role.yaml @@ -0,0 +1,41 @@ +{{ if .Values.rbac.enabled -}} +{{ if .Values.operator.features.analytics -}} + +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ template "kube-arangodb.rbac" . }}-analytics + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} +rules: + - apiGroups: + - "analytics.arangodb.com" + resources: + - "graphanalyticsengines" + - "graphanalyticsengines/status" + verbs: + - "*" + - apiGroups: + - "database.arangodb.com" + resources: + - "arangodeployments" + verbs: + - "get" + - "list" + - "watch" + - apiGroups: ["apps"] + resources: + - "statefulsets" + verbs: ["*"] + - apiGroups: [ "" ] + resources: + - "secrets" + - "services" + verbs: [ "*" ] +{{- end }} +{{- end }} \ No newline at end of file diff --git a/chart/kube-arangodb-enterprise/templates/apps-operator/cluster-role-binding.yaml b/chart/kube-arangodb-enterprise/templates/apps-operator/cluster-role-binding.yaml new file mode 100644 index 000000000..785c6e886 --- /dev/null +++ b/chart/kube-arangodb-enterprise/templates/apps-operator/cluster-role-binding.yaml @@ -0,0 +1,26 @@ +{{ if .Values.rbac.enabled -}} +{{ if not (eq .Values.operator.scope "namespaced") -}} +{{ if .Values.operator.features.apps -}} + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "kube-arangodb.rbac-cluster" . }}-apps + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "kube-arangodb.rbac-cluster" . }}-apps +subjects: + - kind: ServiceAccount + name: {{ template "kube-arangodb.operatorName" . }} + namespace: {{ .Release.Namespace }} + +{{- end }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/chart/kube-arangodb-enterprise/templates/apps-operator/cluster-role.yaml b/chart/kube-arangodb-enterprise/templates/apps-operator/cluster-role.yaml new file mode 100644 index 000000000..4789de945 --- /dev/null +++ b/chart/kube-arangodb-enterprise/templates/apps-operator/cluster-role.yaml @@ -0,0 +1,22 @@ +{{ if .Values.rbac.enabled -}} +{{ if not (eq .Values.operator.scope "namespaced") -}} +{{ if .Values.operator.features.apps -}} + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "kube-arangodb.rbac-cluster" . }}-apps + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} +rules: + - apiGroups: ["apiextensions.k8s.io"] + resources: ["customresourcedefinitions"] + verbs: ["get", "list", "watch"] + +{{- end }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/chart/kube-arangodb-enterprise/templates/apps-operator/role-binding.yaml b/chart/kube-arangodb-enterprise/templates/apps-operator/role-binding.yaml new file mode 100644 index 000000000..dbd9fc636 --- /dev/null +++ b/chart/kube-arangodb-enterprise/templates/apps-operator/role-binding.yaml @@ -0,0 +1,47 @@ +{{ if .Values.rbac.enabled -}} +{{ if .Values.operator.features.apps -}} + +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ template "kube-arangodb.rbac" . }}-apps + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ template "kube-arangodb.rbac" . }}-apps +subjects: + - kind: ServiceAccount + name: {{ template "kube-arangodb.operatorName" . }} + namespace: {{ .Release.Namespace }} + +--- + +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ template "kube-arangodb.rbac" . }}-job + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ template "kube-arangodb.rbac" . }}-job +subjects: + - kind: ServiceAccount + name: {{ template "kube-arangodb.operatorName" . }}-job + namespace: {{ .Release.Namespace }} + +{{- end }} +{{- end }} \ No newline at end of file diff --git a/chart/kube-arangodb-enterprise/templates/apps-operator/role.yaml b/chart/kube-arangodb-enterprise/templates/apps-operator/role.yaml new file mode 100644 index 000000000..63df49055 --- /dev/null +++ b/chart/kube-arangodb-enterprise/templates/apps-operator/role.yaml @@ -0,0 +1,54 @@ +{{ if .Values.rbac.enabled -}} +{{ if .Values.operator.features.apps -}} + +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ template "kube-arangodb.rbac" . }}-apps + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} +rules: + - apiGroups: [""] + resources: ["pods", "services", "endpoints"] + verbs: ["get", "update"] + - apiGroups: [""] + resources: ["events"] + verbs: ["*"] + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get"] + - apiGroups: ["apps"] + resources: ["deployments", "replicasets"] + verbs: ["get"] + - apiGroups: ["batch"] + resources: ["jobs"] + verbs: ["*"] + - apiGroups: ["database.arangodb.com"] + resources: ["arangodeployments"] + verbs: ["get", "list", "watch"] + - apiGroups: ["apps.arangodb.com"] + resources: ["arangojobs","arangojobs/status"] + verbs: ["*"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ template "kube-arangodb.rbac" . }}-job + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} +rules: + - apiGroups: ["database.arangodb.com"] + resources: ["arangodeployments"] + verbs: ["get", "list", "watch"] +{{- end }} +{{- end }} \ No newline at end of file diff --git a/chart/kube-arangodb-enterprise/templates/apps-operator/service-account-job.yaml b/chart/kube-arangodb-enterprise/templates/apps-operator/service-account-job.yaml new file mode 100644 index 000000000..07ae08095 --- /dev/null +++ b/chart/kube-arangodb-enterprise/templates/apps-operator/service-account-job.yaml @@ -0,0 +1,19 @@ +{{ if .Values.operator.features.apps -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "kube-arangodb.operatorName" . }}-job + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} +{{- if .Values.operator.imagePullSecrets }} +imagePullSecrets: +{{- range .Values.operator.imagePullSecrets }} + - name: {{ . }} +{{- end }} +{{- end }} +{{- end }} diff --git a/chart/kube-arangodb-enterprise/templates/backup-operator/cluster-role-binding.yaml b/chart/kube-arangodb-enterprise/templates/backup-operator/cluster-role-binding.yaml new file mode 100644 index 000000000..4f1c23cff --- /dev/null +++ b/chart/kube-arangodb-enterprise/templates/backup-operator/cluster-role-binding.yaml @@ -0,0 +1,26 @@ +{{ if .Values.rbac.enabled -}} +{{ if not (eq .Values.operator.scope "namespaced") -}} +{{ if .Values.operator.features.backup -}} + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "kube-arangodb.rbac-cluster" . }}-backup + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "kube-arangodb.rbac-cluster" . }}-backup +subjects: + - kind: ServiceAccount + name: {{ template "kube-arangodb.operatorName" . }} + namespace: {{ .Release.Namespace }} + +{{- end }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/chart/kube-arangodb-enterprise/templates/backup-operator/cluster-role.yaml b/chart/kube-arangodb-enterprise/templates/backup-operator/cluster-role.yaml new file mode 100644 index 000000000..a1c011982 --- /dev/null +++ b/chart/kube-arangodb-enterprise/templates/backup-operator/cluster-role.yaml @@ -0,0 +1,22 @@ +{{ if .Values.rbac.enabled -}} +{{ if not (eq .Values.operator.scope "namespaced") -}} +{{ if .Values.operator.features.backup -}} + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "kube-arangodb.rbac-cluster" . }}-backup + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} +rules: + - apiGroups: ["apiextensions.k8s.io"] + resources: ["customresourcedefinitions"] + verbs: ["get", "list", "watch"] + +{{- end }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/chart/kube-arangodb-enterprise/templates/backup-operator/role-binding.yaml b/chart/kube-arangodb-enterprise/templates/backup-operator/role-binding.yaml new file mode 100644 index 000000000..679902669 --- /dev/null +++ b/chart/kube-arangodb-enterprise/templates/backup-operator/role-binding.yaml @@ -0,0 +1,25 @@ +{{ if .Values.rbac.enabled -}} +{{ if .Values.operator.features.backup -}} + +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ template "kube-arangodb.rbac" . }}-backup + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ template "kube-arangodb.rbac" . }}-backup +subjects: + - kind: ServiceAccount + name: {{ template "kube-arangodb.operatorName" . }} + namespace: {{ .Release.Namespace }} + +{{- end }} +{{- end }} \ No newline at end of file diff --git a/chart/kube-arangodb-enterprise/templates/backup-operator/role.yaml b/chart/kube-arangodb-enterprise/templates/backup-operator/role.yaml new file mode 100644 index 000000000..8d4aff472 --- /dev/null +++ b/chart/kube-arangodb-enterprise/templates/backup-operator/role.yaml @@ -0,0 +1,35 @@ +{{ if .Values.rbac.enabled -}} +{{ if .Values.operator.features.backup -}} + +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ template "kube-arangodb.rbac" . }}-backup + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} +rules: + - apiGroups: [""] + resources: ["pods", "services", "endpoints"] + verbs: ["get", "update"] + - apiGroups: [""] + resources: ["events"] + verbs: ["*"] + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get"] + - apiGroups: ["apps"] + resources: ["deployments", "replicasets"] + verbs: ["get"] + - apiGroups: ["backup.arangodb.com"] + resources: ["arangobackuppolicies", "arangobackuppolicies/status", "arangobackups", "arangobackups/status"] + verbs: ["*"] + - apiGroups: ["database.arangodb.com"] + resources: ["arangodeployments"] + verbs: ["get", "list", "watch"] +{{- end }} +{{- end }} \ No newline at end of file diff --git a/chart/kube-arangodb-enterprise/templates/crd/cluster-role-binding.yaml b/chart/kube-arangodb-enterprise/templates/crd/cluster-role-binding.yaml new file mode 100644 index 000000000..a0355a66f --- /dev/null +++ b/chart/kube-arangodb-enterprise/templates/crd/cluster-role-binding.yaml @@ -0,0 +1,26 @@ +{{ if .Values.rbac.enabled -}} +{{ if not (eq .Values.operator.scope "namespaced") -}} +{{ if .Values.operator.enableCRDManagement -}} + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "kube-arangodb.rbac-cluster" . }}-crd + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "kube-arangodb.rbac-cluster" . }}-crd +subjects: + - kind: ServiceAccount + name: {{ template "kube-arangodb.operatorName" . }} + namespace: {{ .Release.Namespace }} + +{{- end }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/chart/kube-arangodb-enterprise/templates/crd/cluster-role.yaml b/chart/kube-arangodb-enterprise/templates/crd/cluster-role.yaml new file mode 100644 index 000000000..894674ced --- /dev/null +++ b/chart/kube-arangodb-enterprise/templates/crd/cluster-role.yaml @@ -0,0 +1,32 @@ +{{ if .Values.rbac.enabled -}} +{{ if not (eq .Values.operator.scope "namespaced") -}} +{{ if .Values.operator.enableCRDManagement -}} + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "kube-arangodb.rbac-cluster" . }}-crd + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} +rules: + - apiGroups: ["apiextensions.k8s.io"] + resources: ["customresourcedefinitions"] + verbs: ["get", "list", "watch", "update", "delete"] + resourceNames: + - "arangodeployments.database.arangodb.com" + - "arangoclustersynchronizations.database.arangodb.com" + - "arangomembers.database.arangodb.com" + - "arangotasks.database.arangodb.com" + - "arangodeploymentreplications.replication.database.arangodb.com" + - "arangobackups.backup.arangodb.com" + - "arangobackuppolicies.backup.arangodb.com" + - "arangojobs.apps.arangodb.com" + - "arangolocalstorages.storage.arangodb.com" + +{{- end }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/chart/kube-arangodb-enterprise/templates/deployment-operator/cluster-role-binding.yaml b/chart/kube-arangodb-enterprise/templates/deployment-operator/cluster-role-binding.yaml new file mode 100644 index 000000000..5e3261c21 --- /dev/null +++ b/chart/kube-arangodb-enterprise/templates/deployment-operator/cluster-role-binding.yaml @@ -0,0 +1,26 @@ +{{ if .Values.rbac.enabled -}} +{{ if not (eq .Values.operator.scope "namespaced") -}} +{{ if .Values.operator.features.deployment -}} + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "kube-arangodb.rbac-cluster" . }}-deployment + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "kube-arangodb.rbac-cluster" . }}-deployment +subjects: + - kind: ServiceAccount + name: {{ template "kube-arangodb.operatorName" . }} + namespace: {{ .Release.Namespace }} + +{{- end }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/chart/kube-arangodb-enterprise/templates/deployment-operator/cluster-role.yaml b/chart/kube-arangodb-enterprise/templates/deployment-operator/cluster-role.yaml new file mode 100644 index 000000000..1e9222396 --- /dev/null +++ b/chart/kube-arangodb-enterprise/templates/deployment-operator/cluster-role.yaml @@ -0,0 +1,25 @@ +{{ if .Values.rbac.enabled -}} +{{ if not (eq .Values.operator.scope "namespaced") -}} +{{ if .Values.operator.features.deployment -}} + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "kube-arangodb.rbac-cluster" . }}-deployment + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} +rules: + - apiGroups: ["apiextensions.k8s.io"] + resources: ["customresourcedefinitions"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["namespaces", "nodes", "persistentvolumes"] + verbs: ["get", "list"] + +{{- end }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/chart/kube-arangodb-enterprise/templates/deployment-operator/default-role-binding.yaml b/chart/kube-arangodb-enterprise/templates/deployment-operator/default-role-binding.yaml new file mode 100644 index 000000000..606474ee4 --- /dev/null +++ b/chart/kube-arangodb-enterprise/templates/deployment-operator/default-role-binding.yaml @@ -0,0 +1,26 @@ +{{ if .Values.rbac.enabled -}} +{{ if .Values.operator.features.deployment -}} + +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ template "kube-arangodb.rbac" . }}-default + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ template "kube-arangodb.rbac" . }}-default +subjects: + - kind: ServiceAccount + name: default + namespace: {{ .Release.Namespace }} + + +{{- end }} +{{- end }} \ No newline at end of file diff --git a/chart/kube-arangodb-enterprise/templates/deployment-operator/default-role.yaml b/chart/kube-arangodb-enterprise/templates/deployment-operator/default-role.yaml new file mode 100644 index 000000000..af530b233 --- /dev/null +++ b/chart/kube-arangodb-enterprise/templates/deployment-operator/default-role.yaml @@ -0,0 +1,21 @@ +{{ if .Values.rbac.enabled -}} +{{ if .Values.operator.features.deployment -}} + +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ template "kube-arangodb.rbac" . }}-default + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} +rules: + - apiGroups: [""] + resources: ["pods"] + verbs: ["get"] + +{{- end }} +{{- end }} \ No newline at end of file diff --git a/chart/kube-arangodb-enterprise/templates/deployment-operator/role-binding.yaml b/chart/kube-arangodb-enterprise/templates/deployment-operator/role-binding.yaml new file mode 100644 index 000000000..d06ec7ec0 --- /dev/null +++ b/chart/kube-arangodb-enterprise/templates/deployment-operator/role-binding.yaml @@ -0,0 +1,26 @@ +{{ if .Values.rbac.enabled -}} +{{ if .Values.operator.features.deployment -}} + +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ template "kube-arangodb.rbac" . }}-deployment + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ template "kube-arangodb.rbac" . }}-deployment +subjects: + - kind: ServiceAccount + name: {{ template "kube-arangodb.operatorName" . }} + namespace: {{ .Release.Namespace }} + + +{{- end }} +{{- end }} \ No newline at end of file diff --git a/chart/kube-arangodb-enterprise/templates/deployment-operator/role.yaml b/chart/kube-arangodb-enterprise/templates/deployment-operator/role.yaml new file mode 100644 index 000000000..ad6fd3796 --- /dev/null +++ b/chart/kube-arangodb-enterprise/templates/deployment-operator/role.yaml @@ -0,0 +1,58 @@ +{{ if .Values.rbac.enabled -}} +{{ if .Values.operator.features.deployment -}} + +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ template "kube-arangodb.rbac" . }}-deployment + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} +rules: + - apiGroups: ["database.arangodb.com"] + resources: ["arangodeployments", "arangodeployments/status","arangomembers", "arangomembers/status"] + verbs: ["*"] +{{- if .Values.rbac.extensions.acs }} + - apiGroups: ["database.arangodb.com"] + resources: ["arangoclustersynchronizations", "arangoclustersynchronizations/status"] + verbs: ["*"] +{{- end }} +{{- if .Values.rbac.extensions.at }} + - apiGroups: ["database.arangodb.com"] + resources: ["arangotasks", "arangotasks/status"] + verbs: ["*"] +{{- end }} + - apiGroups: [""] + resources: ["pods", "services", "endpoints", "persistentvolumeclaims", "events", "secrets", "serviceaccounts", "configmaps"] + verbs: ["*"] + - apiGroups: ["apps"] + resources: ["deployments", "replicasets"] + verbs: ["get"] + - apiGroups: ["policy"] + resources: ["poddisruptionbudgets"] + verbs: ["*"] + - apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + verbs: ["*"] + - apiGroups: ["backup.arangodb.com"] + resources: ["arangobackuppolicies", "arangobackups"] + verbs: ["get", "list", "watch"] +{{- if .Values.rbac.extensions.debug }} + - apiGroups: ["events.k8s.io"] + resources: ["pods/log"] + verbs: ["list"] + - apiGroups: [""] + resources: ["pods/log"] + verbs: ["get", "list"] +{{- end }} +{{- if .Values.rbac.extensions.monitoring }} + - apiGroups: ["monitoring.coreos.com"] + resources: ["servicemonitors"] + verbs: ["get", "create", "delete", "update", "list", "watch", "patch"] +{{- end }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/chart/kube-arangodb-enterprise/templates/deployment-replications-operator/cluster-role-binding.yaml b/chart/kube-arangodb-enterprise/templates/deployment-replications-operator/cluster-role-binding.yaml new file mode 100644 index 000000000..e526e91f3 --- /dev/null +++ b/chart/kube-arangodb-enterprise/templates/deployment-replications-operator/cluster-role-binding.yaml @@ -0,0 +1,26 @@ +{{ if .Values.rbac.enabled -}} +{{ if not (eq .Values.operator.scope "namespaced") -}} +{{ if .Values.operator.features.deploymentReplications -}} + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "kube-arangodb.rbac-cluster" . }}-deployment-replication + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "kube-arangodb.rbac-cluster" . }}-deployment-replication +subjects: + - kind: ServiceAccount + name: {{ template "kube-arangodb.operatorName" . }} + namespace: {{ .Release.Namespace }} + +{{- end }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/chart/kube-arangodb-enterprise/templates/deployment-replications-operator/cluster-role.yaml b/chart/kube-arangodb-enterprise/templates/deployment-replications-operator/cluster-role.yaml new file mode 100644 index 000000000..cd4f9eb67 --- /dev/null +++ b/chart/kube-arangodb-enterprise/templates/deployment-replications-operator/cluster-role.yaml @@ -0,0 +1,25 @@ +{{ if .Values.rbac.enabled -}} +{{ if not (eq .Values.operator.scope "namespaced") -}} +{{ if .Values.operator.features.deploymentReplications -}} + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "kube-arangodb.rbac-cluster" . }}-deployment-replication + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} +rules: + - apiGroups: ["apiextensions.k8s.io"] + resources: ["customresourcedefinitions"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["namespaces", "nodes"] + verbs: ["get", "list"] + +{{- end }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/chart/kube-arangodb-enterprise/templates/deployment-replications-operator/role-binding.yaml b/chart/kube-arangodb-enterprise/templates/deployment-replications-operator/role-binding.yaml new file mode 100644 index 000000000..f908090c9 --- /dev/null +++ b/chart/kube-arangodb-enterprise/templates/deployment-replications-operator/role-binding.yaml @@ -0,0 +1,26 @@ +{{ if .Values.rbac.enabled -}} +{{ if .Values.operator.features.deploymentReplications -}} + +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ template "kube-arangodb.rbac" . }}-deployment-replication + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ template "kube-arangodb.rbac" . }}-deployment-replication +subjects: + - kind: ServiceAccount + name: {{ template "kube-arangodb.operatorName" . }} + namespace: {{ .Release.Namespace }} + + +{{- end }} +{{- end }} \ No newline at end of file diff --git a/chart/kube-arangodb-enterprise/templates/deployment-replications-operator/role.yaml b/chart/kube-arangodb-enterprise/templates/deployment-replications-operator/role.yaml new file mode 100644 index 000000000..c8cf8f993 --- /dev/null +++ b/chart/kube-arangodb-enterprise/templates/deployment-replications-operator/role.yaml @@ -0,0 +1,30 @@ +{{ if .Values.rbac.enabled -}} +{{ if .Values.operator.features.deploymentReplications -}} + +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ template "kube-arangodb.rbac" . }}-deployment-replication + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} +rules: + - apiGroups: ["replication.database.arangodb.com"] + resources: ["arangodeploymentreplications", "arangodeploymentreplications/status"] + verbs: ["*"] + - apiGroups: ["database.arangodb.com"] + resources: ["arangodeployments"] + verbs: ["get"] + - apiGroups: [""] + resources: ["pods", "services", "endpoints", "persistentvolumeclaims", "events", "secrets"] + verbs: ["*"] + - apiGroups: ["apps"] + resources: ["deployments", "replicasets"] + verbs: ["get"] + +{{- end }} +{{- end }} \ No newline at end of file diff --git a/chart/kube-arangodb-enterprise/templates/deployment.yaml b/chart/kube-arangodb-enterprise/templates/deployment.yaml new file mode 100644 index 000000000..51b35d9a7 --- /dev/null +++ b/chart/kube-arangodb-enterprise/templates/deployment.yaml @@ -0,0 +1,193 @@ +{{ if eq .Values.operator.scope "legacy" -}} +# Scope "legacy" selected +{{ else if eq .Values.operator.scope "namespaced" -}} +# Scope "namespaced" selected +{{ if .Values.operator.features.storage -}} +{{ fail (printf "Storage Operator not supported in %s scope!" .Values.operator.scope) -}} +{{ end -}} +{{ else -}} +{{ fail (printf "Operator Scope %s is not supported!" .Values.operator.scope) -}} +{{ end -}} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "kube-arangodb.operatorName" . }} + namespace: {{ .Release.Namespace }} +{{- if .Values.operator.annotations }} + annotations: +{{ toYaml .Values.operator.annotations | indent 8 }} +{{- end }} + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} +spec: +{{- if .Values.operator.debug }} + replicas: 1 +{{- else }} + replicas: {{ .Values.operator.replicaCount }} +{{- end }} + strategy: +{{ toYaml .Values.operator.updateStrategy | indent 8 }} + selector: + matchLabels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} + template: + metadata: + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} +{{- if .Values.operator.annotations }} + annotations: +{{ toYaml .Values.operator.annotations | indent 16 }} +{{- end }} + spec: +{{- if .Values.operator.nodeSelector }} + nodeSelector: +{{ toYaml .Values.operator.nodeSelector | indent 16 }} +{{- end }} + serviceAccountName: {{ template "kube-arangodb.operatorName" . }} + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: kubernetes.io/arch + operator: In + values: +{{- range .Values.operator.architectures }} + - {{ . | quote }} +{{- end }} + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + podAffinityTerm: + topologyKey: "kubernetes.io/hostname" + labelSelector: + matchExpressions: + - key: app.kubernetes.io/name + operator: In + values: + - {{ template "kube-arangodb.name" . }} + - key: app.kubernetes.io/instance + operator: In + values: + - {{ .Release.Name }} + hostNetwork: false + hostPID: false + hostIPC: false + securityContext: + runAsNonRoot: true + runAsUser: {{ .Values.operator.securityContext.runAsUser }} + containers: + - name: operator + imagePullPolicy: {{ .Values.operator.imagePullPolicy }} + image: {{ .Values.operator.image }} + args: + - --scope={{ .Values.operator.scope }} +{{- if .Values.operator.features.deployment }} + - --operator.deployment +{{- end -}} +{{ if .Values.operator.features.deploymentReplications }} + - --operator.deployment-replication +{{- end -}} +{{ if .Values.operator.features.storage }} + - --operator.storage +{{- end }} +{{ if .Values.operator.features.backup }} + - --operator.backup +{{- end }} +{{- if or .Values.operator.debug (eq ( int .Values.operator.replicaCount) 1) }} + - --mode.single +{{- end }} +{{ if .Values.operator.features.apps }} + - --operator.apps +{{- end }} +{{ if .Values.operator.features.ml }} + - --operator.ml +{{- end }} +{{ if .Values.operator.features.analytics }} + - --operator.analytics +{{- end }} +{{ if .Values.operator.features.k8sToK8sClusterSync }} + - --operator.k2k-cluster-sync +{{- end }} + - --chaos.allowed={{ .Values.operator.allowChaos }} +{{- if .Values.operator.args }} +{{- range .Values.operator.args }} + - {{ . | quote }} +{{- end }} +{{- end }} + env: + - name: MY_POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: MY_POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: MY_CONTAINER_NAME + value: "operator" + - name: MY_POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP +{{- if .Values.operator.features.apps }} + - name: ARANGOJOB_SA_NAME + value: "{{ template "kube-arangodb.operatorName" . }}-job" +{{- end }} + ports: + - name: metrics + containerPort: 8528 + securityContext: + privileged: false + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + capabilities: + drop: + - 'ALL' +{{- if .Values.operator.debug }} + add: + - 'SYS_PTRACE' +{{- end }} +{{- if .Values.operator.resources }} + resources: +{{ toYaml .Values.operator.resources | indent 22 }} +{{- end }} +{{- if not .Values.operator.debug }} + livenessProbe: + httpGet: + path: /health + port: 8528 + scheme: HTTPS + initialDelaySeconds: 5 + periodSeconds: 10 + readinessProbe: + httpGet: + path: /ready + port: 8528 + scheme: HTTPS + initialDelaySeconds: 5 + periodSeconds: 10 +{{- end }} + tolerations: + - key: "node.kubernetes.io/unreachable" + operator: "Exists" + effect: "NoExecute" + tolerationSeconds: 5 + - key: "node.kubernetes.io/not-ready" + operator: "Exists" + effect: "NoExecute" + tolerationSeconds: 5 +{{- if .Values.operator.tolerations }} +{{ toYaml .Values.operator.tolerations | indent 16 }} +{{- end }} diff --git a/chart/kube-arangodb-enterprise/templates/k2k-cluster-sync-operator/cluster-role-binding.yaml b/chart/kube-arangodb-enterprise/templates/k2k-cluster-sync-operator/cluster-role-binding.yaml new file mode 100644 index 000000000..c8cef6a03 --- /dev/null +++ b/chart/kube-arangodb-enterprise/templates/k2k-cluster-sync-operator/cluster-role-binding.yaml @@ -0,0 +1,26 @@ +{{ if .Values.rbac.enabled -}} +{{ if not (eq .Values.operator.scope "namespaced") -}} +{{ if .Values.operator.features.k8sToK8sClusterSync -}} + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "kube-arangodb.rbac-cluster" . }}-k2kclustersync + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "kube-arangodb.rbac-cluster" . }}-k2kclustersync +subjects: + - kind: ServiceAccount + name: {{ template "kube-arangodb.operatorName" . }} + namespace: {{ .Release.Namespace }} + +{{- end }} +{{- end }} +{{- end }} diff --git a/chart/kube-arangodb-enterprise/templates/k2k-cluster-sync-operator/cluster-role.yaml b/chart/kube-arangodb-enterprise/templates/k2k-cluster-sync-operator/cluster-role.yaml new file mode 100644 index 000000000..17f1a73f3 --- /dev/null +++ b/chart/kube-arangodb-enterprise/templates/k2k-cluster-sync-operator/cluster-role.yaml @@ -0,0 +1,22 @@ +{{ if .Values.rbac.enabled -}} +{{ if not (eq .Values.operator.scope "namespaced") -}} +{{ if .Values.operator.features.k8sToK8sClusterSync -}} + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "kube-arangodb.rbac-cluster" . }}-k2kclustersync + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} +rules: + - apiGroups: ["apiextensions.k8s.io"] + resources: ["customresourcedefinitions"] + verbs: ["get", "list", "watch"] + +{{- end }} +{{- end }} +{{- end }} diff --git a/chart/kube-arangodb-enterprise/templates/k2k-cluster-sync-operator/role-binding.yaml b/chart/kube-arangodb-enterprise/templates/k2k-cluster-sync-operator/role-binding.yaml new file mode 100644 index 000000000..c4399917d --- /dev/null +++ b/chart/kube-arangodb-enterprise/templates/k2k-cluster-sync-operator/role-binding.yaml @@ -0,0 +1,25 @@ +{{ if .Values.rbac.enabled -}} +{{ if .Values.operator.features.k8sToK8sClusterSync -}} + +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ template "kube-arangodb.rbac" . }}-k2kclustersync + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ template "kube-arangodb.rbac" . }}-k2kclustersync +subjects: + - kind: ServiceAccount + name: {{ template "kube-arangodb.operatorName" . }} + namespace: {{ .Release.Namespace }} + +{{- end }} +{{- end }} diff --git a/chart/kube-arangodb-enterprise/templates/k2k-cluster-sync-operator/role.yaml b/chart/kube-arangodb-enterprise/templates/k2k-cluster-sync-operator/role.yaml new file mode 100644 index 000000000..d308f9111 --- /dev/null +++ b/chart/kube-arangodb-enterprise/templates/k2k-cluster-sync-operator/role.yaml @@ -0,0 +1,33 @@ +{{ if .Values.rbac.enabled -}} +{{ if .Values.operator.features.k8sToK8sClusterSync -}} + +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ template "kube-arangodb.rbac" . }}-k2kclustersync + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} +rules: + - apiGroups: [""] + resources: ["pods", "services", "endpoints"] + verbs: ["get", "update"] + - apiGroups: [""] + resources: ["events"] + verbs: ["*"] + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get"] + - apiGroups: ["apps"] + resources: ["deployments", "replicasets"] + verbs: ["get"] + - apiGroups: ["database.arangodb.com"] + resources: ["arangodeployments", "arangoclustersynchronizations"] + verbs: ["get", "list", "watch"] + +{{- end }} +{{- end }} diff --git a/chart/kube-arangodb-enterprise/templates/ml-operator/cluster-role-binding.yaml b/chart/kube-arangodb-enterprise/templates/ml-operator/cluster-role-binding.yaml new file mode 100644 index 000000000..85d3cdc05 --- /dev/null +++ b/chart/kube-arangodb-enterprise/templates/ml-operator/cluster-role-binding.yaml @@ -0,0 +1,26 @@ +{{ if .Values.rbac.enabled -}} +{{ if not (eq .Values.operator.scope "namespaced") -}} +{{ if .Values.operator.features.ml -}} + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "kube-arangodb.rbac-cluster" . }}-ml + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "kube-arangodb.rbac-cluster" . }}-ml +subjects: + - kind: ServiceAccount + name: {{ template "kube-arangodb.operatorName" . }} + namespace: {{ .Release.Namespace }} + +{{- end }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/chart/kube-arangodb-enterprise/templates/ml-operator/cluster-role.yaml b/chart/kube-arangodb-enterprise/templates/ml-operator/cluster-role.yaml new file mode 100644 index 000000000..4e6a92385 --- /dev/null +++ b/chart/kube-arangodb-enterprise/templates/ml-operator/cluster-role.yaml @@ -0,0 +1,22 @@ +{{ if .Values.rbac.enabled -}} +{{ if not (eq .Values.operator.scope "namespaced") -}} +{{ if .Values.operator.features.ml -}} + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "kube-arangodb.rbac-cluster" . }}-ml + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} +rules: + - apiGroups: ["apiextensions.k8s.io"] + resources: ["customresourcedefinitions"] + verbs: ["get", "list", "watch"] + +{{- end }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/chart/kube-arangodb-enterprise/templates/ml-operator/role-binding.yaml b/chart/kube-arangodb-enterprise/templates/ml-operator/role-binding.yaml new file mode 100644 index 000000000..a7a666189 --- /dev/null +++ b/chart/kube-arangodb-enterprise/templates/ml-operator/role-binding.yaml @@ -0,0 +1,25 @@ +{{ if .Values.rbac.enabled -}} +{{ if .Values.operator.features.ml -}} + +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ template "kube-arangodb.rbac" . }}-ml + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ template "kube-arangodb.rbac" . }}-ml +subjects: + - kind: ServiceAccount + name: {{ template "kube-arangodb.operatorName" . }} + namespace: {{ .Release.Namespace }} + +{{- end }} +{{- end }} \ No newline at end of file diff --git a/chart/kube-arangodb-enterprise/templates/ml-operator/role.yaml b/chart/kube-arangodb-enterprise/templates/ml-operator/role.yaml new file mode 100644 index 000000000..bc628afa4 --- /dev/null +++ b/chart/kube-arangodb-enterprise/templates/ml-operator/role.yaml @@ -0,0 +1,68 @@ +{{ if .Values.rbac.enabled -}} +{{ if .Values.operator.features.ml -}} + +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ template "kube-arangodb.rbac" . }}-ml + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} +rules: + - apiGroups: + - "ml.arangodb.com" + resources: + - "arangomlextensions" + - "arangomlextensions/status" + - "arangomlbatchjobs" + - "arangomlbatchjobs/status" + - "arangomlcronjobs" + - "arangomlcronjobs/status" + - "arangomlstorages" + - "arangomlstorages/status" + verbs: + - "*" + - apiGroups: + - "scheduler.arangodb.com" + resources: + - "arangoprofiles" + - "arangoprofiles/status" + verbs: + - "*" + - apiGroups: + - "database.arangodb.com" + resources: + - "arangodeployments" + verbs: + - "get" + - "list" + - "watch" + - apiGroups: + - "rbac.authorization.k8s.io" + resources: + - "roles" + - "rolebindings" + verbs: ["*"] + - apiGroups: + - "batch" + resources: + - "cronjobs" + - "jobs" + verbs: ["*"] + - apiGroups: ["apps"] + resources: + - "statefulsets" + verbs: ["*"] + - apiGroups: [""] + resources: + - "pods" + - "secrets" + - "services" + - "serviceaccounts" + verbs: ["*"] +{{- end }} +{{- end }} \ No newline at end of file diff --git a/chart/kube-arangodb-enterprise/templates/service-account.yaml b/chart/kube-arangodb-enterprise/templates/service-account.yaml new file mode 100644 index 000000000..3c102d1a7 --- /dev/null +++ b/chart/kube-arangodb-enterprise/templates/service-account.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "kube-arangodb.operatorName" . }} + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} +{{- if .Values.operator.imagePullSecrets }} +imagePullSecrets: +{{- range .Values.operator.imagePullSecrets }} + - name: {{ . }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/chart/kube-arangodb-enterprise/templates/service.yaml b/chart/kube-arangodb-enterprise/templates/service.yaml new file mode 100644 index 000000000..2005e2f07 --- /dev/null +++ b/chart/kube-arangodb-enterprise/templates/service.yaml @@ -0,0 +1,36 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ template "kube-arangodb.operatorName" . }} + namespace: {{ .Release.Namespace }} +{{- if .Values.operator.annotations }} + annotations: +{{ toYaml .Values.operator.annotations | indent 8 }} +{{- end }} + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} +spec: + ports: + - name: server + port: 8528 + protocol: TCP + targetPort: 8528 + - name: http-api + port: 8628 + protocol: TCP + targetPort: 8628 + - name: grpc-api + port: 8728 + protocol: TCP + targetPort: 8728 + selector: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} + role: leader + type: {{ .Values.operator.service.type }} \ No newline at end of file diff --git a/chart/kube-arangodb-enterprise/templates/storage-operator/cluster-role-binding.yaml b/chart/kube-arangodb-enterprise/templates/storage-operator/cluster-role-binding.yaml new file mode 100644 index 000000000..cfaaff455 --- /dev/null +++ b/chart/kube-arangodb-enterprise/templates/storage-operator/cluster-role-binding.yaml @@ -0,0 +1,24 @@ +{{ if .Values.rbac.enabled -}} +{{ if .Values.operator.features.storage -}} + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "kube-arangodb.rbac-cluster" . }}-storage + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "kube-arangodb.rbac-cluster" . }}-storage +subjects: + - kind: ServiceAccount + name: {{ template "kube-arangodb.operatorName" . }} + namespace: {{ .Release.Namespace }} + +{{- end }} +{{- end }} \ No newline at end of file diff --git a/chart/kube-arangodb-enterprise/templates/storage-operator/cluster-role.yaml b/chart/kube-arangodb-enterprise/templates/storage-operator/cluster-role.yaml new file mode 100644 index 000000000..8109978b3 --- /dev/null +++ b/chart/kube-arangodb-enterprise/templates/storage-operator/cluster-role.yaml @@ -0,0 +1,32 @@ +{{ if .Values.rbac.enabled -}} +{{ if .Values.operator.features.storage -}} + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "kube-arangodb.rbac-cluster" . }}-storage + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} +rules: + - apiGroups: [""] + resources: ["persistentvolumes", "persistentvolumeclaims", "endpoints", "events", "services"] + verbs: ["*"] + - apiGroups: ["apiextensions.k8s.io"] + resources: ["customresourcedefinitions"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["namespaces", "nodes"] + verbs: ["get", "list", "watch"] + - apiGroups: ["storage.k8s.io"] + resources: ["storageclasses"] + verbs: ["*"] + - apiGroups: ["storage.arangodb.com"] + resources: ["arangolocalstorages"] + verbs: ["*"] + +{{- end }} +{{- end }} \ No newline at end of file diff --git a/chart/kube-arangodb-enterprise/templates/storage-operator/crd.yaml b/chart/kube-arangodb-enterprise/templates/storage-operator/crd.yaml new file mode 100644 index 000000000..487dec10f --- /dev/null +++ b/chart/kube-arangodb-enterprise/templates/storage-operator/crd.yaml @@ -0,0 +1,32 @@ +{{ if .Values.operator.features.storage -}} + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: arangolocalstorages.storage.arangodb.com + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} +spec: + group: storage.arangodb.com + names: + kind: ArangoLocalStorage + listKind: ArangoLocalStorageList + plural: arangolocalstorages + shortNames: + - arangostorage + singular: arangolocalstorage + scope: Cluster + versions: + - name: v1alpha + served: true + storage: true + schema: + openAPIV3Schema: + type: object + x-kubernetes-preserve-unknown-fields: true + +{{- end }} \ No newline at end of file diff --git a/chart/kube-arangodb-enterprise/templates/storage-operator/role-binding.yaml b/chart/kube-arangodb-enterprise/templates/storage-operator/role-binding.yaml new file mode 100644 index 000000000..5e120f06b --- /dev/null +++ b/chart/kube-arangodb-enterprise/templates/storage-operator/role-binding.yaml @@ -0,0 +1,26 @@ +{{ if .Values.rbac.enabled -}} +{{ if .Values.operator.features.storage -}} + +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ template "kube-arangodb.rbac" . }}-storage + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ template "kube-arangodb.rbac" . }}-storage +subjects: + - kind: ServiceAccount + name: {{ template "kube-arangodb.operatorName" . }} + namespace: {{ .Release.Namespace }} + + +{{- end }} +{{- end }} \ No newline at end of file diff --git a/chart/kube-arangodb-enterprise/templates/storage-operator/role.yaml b/chart/kube-arangodb-enterprise/templates/storage-operator/role.yaml new file mode 100644 index 000000000..47553bb0a --- /dev/null +++ b/chart/kube-arangodb-enterprise/templates/storage-operator/role.yaml @@ -0,0 +1,30 @@ +{{ if .Values.rbac.enabled -}} +{{ if .Values.operator.features.storage -}} + +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ template "kube-arangodb.rbac" . }}-storage + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} +rules: + - apiGroups: [""] + resources: ["pods"] + verbs: ["get", "update", "watch", "list"] + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get"] + - apiGroups: ["apps"] + resources: ["daemonsets"] + verbs: ["*"] + - apiGroups: ["apps"] + resources: ["deployments", "replicasets"] + verbs: ["get"] + +{{- end }} +{{- end }} \ No newline at end of file diff --git a/chart/kube-arangodb-enterprise/values.yaml b/chart/kube-arangodb-enterprise/values.yaml new file mode 100644 index 000000000..37005013f --- /dev/null +++ b/chart/kube-arangodb-enterprise/values.yaml @@ -0,0 +1,44 @@ +operator: + image: arangodb/kube-arangodb-enterprise:1.2.41 + imagePullPolicy: IfNotPresent + imagePullSecrets: [] + scope: legacy + architectures: + - arm64 + debug: false + args: [] + service: + type: ClusterIP + annotations: {} + resources: + limits: + cpu: 1 + memory: 512Mi + requests: + cpu: 250m + memory: 256Mi + securityContext: + runAsUser: 1000 + replicaCount: 1 + updateStrategy: + type: Recreate + allowChaos: false + nodeSelector: {} + enableCRDManagement: true + features: + deployment: true + deploymentReplications: true + storage: false + backup: false + apps: false + k8sToK8sClusterSync: false + ml: false + analytics: false + tolerations: [] +rbac: + enabled: true + extensions: + monitoring: true + acs: true + at: true + debug: false diff --git a/docs/dashboards.md b/docs/dashboards.md deleted file mode 100644 index b03f6836b..000000000 --- a/docs/dashboards.md +++ /dev/null @@ -1,9 +0,0 @@ ---- -layout: page -nav_order: 20 -title: Operator dashboard ---- - -# Deployment Operator Dashboards - -### Dashboard UI now is deprecated and will be removed in next minor version diff --git a/internal/platforms.yaml b/internal/platforms.yaml index 2459575f1..ea6fd5ca8 100644 --- a/internal/platforms.yaml +++ b/internal/platforms.yaml @@ -1,18 +1,18 @@ platforms: - name: "Google GKE" versions: - - kubernetesVersion: "1.21-1.28" + - kubernetesVersion: "1.25-1.30" arangoDBVersion: ">= 3.8.0" state: "Production" remarks: "Don't use micro nodes " - name: "Azure AKS" versions: - - kubernetesVersion: "1.21-1.28" + - kubernetesVersion: "1.25-1.30" arangoDBVersion: ">= 3.8.0" state: "Production" - name: "Amazon EKS" versions: - - kubernetesVersion: "1.21-1.28" + - kubernetesVersion: "1.25-1.30" arangoDBVersion: ">= 3.8.0" state: "Production" providerRemarks: "[Amazon EKS](./docs/providers/eks)" @@ -22,7 +22,7 @@ platforms: arangoDBVersion: ">= 3.8.0" state: "Deprecated" remarks: "Support will be dropped in Operator 1.5.0" - - kubernetesVersion: "1.21-1.28" + - kubernetesVersion: "1.25-1.30" arangoDBVersion: ">= 3.8.0" state: "Production" - name: "OpenShift" @@ -40,16 +40,16 @@ platforms: arangoDBVersion: ">= 3.8.0" state: "Deprecated" remarks: "Support will be dropped in Operator 1.5.0" - - kubernetesVersion: "1.21-1.28" + - kubernetesVersion: "1.25-1.30" arangoDBVersion: ">= 3.8.0" state: "Production" - name: "Minikube" versions: - - kubernetesVersion: "1.21-1.28" + - kubernetesVersion: "1.25-1.30" arangoDBVersion: ">= 3.8.0" state: "Devel Only" - name: "Other" versions: - - kubernetesVersion: "1.21-1.28" + - kubernetesVersion: "1.25-1.30" arangoDBVersion: ">= 3.8.0" state: "Devel Only" diff --git a/scripts/patch_chart.sh b/scripts/patch_chart.sh index a5bda529d..47371a970 100755 --- a/scripts/patch_chart.sh +++ b/scripts/patch_chart.sh @@ -17,7 +17,7 @@ function replaceInFile { sed -i --expression "${EXPR}" ${FILE} } -for f in kube-arangodb kube-arangodb-crd; do +for f in kube-arangodb kube-arangodb-enterprise kube-arangodb-arm64 kube-arangodb-enterprise-arm64 kube-arangodb-crd; do replaceInFile "s@^version: .*\$@version: ${VERSION}@g" "chart/${f}/Chart.yaml" if [[ -f "chart/${f}/values.yaml" ]]; then replaceInFile "s@^ image: .*\$@ image: ${IMAGE}@g" "chart/${f}/values.yaml"