diff options
Diffstat (limited to 'vnfs/DAaaS/operator/charts/sparkoperator/templates')
9 files changed, 324 insertions, 0 deletions
diff --git a/vnfs/DAaaS/operator/charts/sparkoperator/templates/_helpers.tpl b/vnfs/DAaaS/operator/charts/sparkoperator/templates/_helpers.tpl new file mode 100644 index 00000000..741b500d --- /dev/null +++ b/vnfs/DAaaS/operator/charts/sparkoperator/templates/_helpers.tpl @@ -0,0 +1,48 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "sparkoperator.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + {{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "sparkoperator.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + {{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "sparkoperator.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + {{/* +Create the name of the service account to use +*/}} +{{- define "sparkoperator.serviceAccountName" -}} +{{- if .Values.serviceAccounts.sparkoperator.create -}} + {{ default (include "sparkoperator.fullname" .) .Values.serviceAccounts.sparkoperator.name }} +{{- else -}} + {{ default "default" .Values.serviceAccounts.sparkoperator.name }} +{{- end -}} +{{- end -}} +{{- define "spark.serviceAccountName" -}} +{{- if .Values.serviceAccounts.spark.create -}} + {{ $sparkServiceaccount := printf "%s-%s" .Release.Name "spark" }} + {{ default $sparkServiceaccount .Values.serviceAccounts.spark.name }} +{{- else -}} + {{ default "default" .Values.serviceAccounts.spark.name }} +{{- end -}} +{{- end -}} diff --git a/vnfs/DAaaS/operator/charts/sparkoperator/templates/spark-operator-deployment.yaml b/vnfs/DAaaS/operator/charts/sparkoperator/templates/spark-operator-deployment.yaml new file mode 100755 index 00000000..fdfc51a2 --- /dev/null +++ b/vnfs/DAaaS/operator/charts/sparkoperator/templates/spark-operator-deployment.yaml @@ -0,0 +1,79 @@ +# If the admission webhook is enabled, then a post-install step is required +# to generate and install the secret in the operator namespace. + +# In the post-install hook, the token corresponding to the operator service account +# is used to authenticate with the Kubernetes API server to install the secret bundle. + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "sparkoperator.fullname" . }} + labels: + app.kubernetes.io/name: {{ include "sparkoperator.name" . }} + helm.sh/chart: {{ include "sparkoperator.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: {{ include "sparkoperator.name" . }} + app.kubernetes.io/version: {{ .Values.operatorVersion }} + strategy: + type: Recreate + template: + metadata: + {{- if .Values.enableMetrics }} + annotations: + prometheus.io/scrape: "true" + prometheus.io/port: "{{ .Values.metricsPort }}" + prometheus.io/path: {{ .Values.metricsEndpoint }} + {{- end }} + labels: + app.kubernetes.io/name: {{ include "sparkoperator.name" . }} + app.kubernetes.io/version: {{ .Values.operatorVersion }} + initializers: + pending: [] + spec: + serviceAccountName: {{ include "sparkoperator.serviceAccountName" . }} + {{- if .Values.enableWebhook }} + volumes: + - name: webhook-certs + secret: + secretName: spark-webhook-certs + {{- end }} + containers: + - name: sparkoperator + image: {{ .Values.operatorImageName }}:{{ .Values.operatorVersion }} + imagePullPolicy: {{ .Values.imagePullPolicy }} + {{- if .Values.enableWebhook }} + volumeMounts: + - name: webhook-certs + mountPath: /etc/webhook-certs + {{- end }} + {{- if .Values.enableMetrics }} + ports: + - containerPort: {{ .Values.metricsPort }} + {{ end }} + args: + - -v=2 + - -namespace={{ .Values.sparkJobNamespace }} + - -ingress-url-format={{ .Values.ingressUrlFormat }} + - -install-crds={{ .Values.installCrds }} + - -controller-threads={{ .Values.controllerThreads }} + - -resync-interval={{ .Values.resyncInterval }} + - -logtostderr + {{- if .Values.enableMetrics }} + - -enable-metrics=true + - -metrics-labels=app_type + - -metrics-port={{ .Values.metricsPort }} + - -metrics-endpoint={{ .Values.metricsEndpoint }} + - -metrics-prefix={{ .Values.metricsPrefix }} + {{- end }} + {{- if .Values.enableWebhook }} + - -enable-webhook=true + - -webhook-svc-namespace={{ .Release.Namespace }} + - -webhook-port={{ .Values.webhookPort }} + - -webhook-svc-name={{ .Release.Name }}-webhook + - -webhook-config-name={{ include "sparkoperator.fullname" . }}-webhook-config + {{- end }} diff --git a/vnfs/DAaaS/operator/charts/sparkoperator/templates/spark-operator-rbac.yaml b/vnfs/DAaaS/operator/charts/sparkoperator/templates/spark-operator-rbac.yaml new file mode 100755 index 00000000..bd5fd3fe --- /dev/null +++ b/vnfs/DAaaS/operator/charts/sparkoperator/templates/spark-operator-rbac.yaml @@ -0,0 +1,55 @@ +{{- if .Values.rbac.create }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "sparkoperator.fullname" . }}-cr + labels: + app.kubernetes.io/name: {{ include "sparkoperator.name" . }} + helm.sh/chart: {{ include "sparkoperator.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} +rules: +- apiGroups: [""] + resources: ["pods"] + verbs: ["*"] +- apiGroups: [""] + resources: ["services", "configmaps", "secrets"] + verbs: ["create", "get", "delete"] +- apiGroups: ["extensions"] + resources: ["ingresses"] + verbs: ["create", "get", "delete"] +- apiGroups: [""] + resources: ["nodes"] + verbs: ["get"] +- apiGroups: [""] + resources: ["events"] + verbs: ["create", "update", "patch"] +- apiGroups: ["apiextensions.k8s.io"] + resources: ["customresourcedefinitions"] + verbs: ["create", "get", "update", "delete"] +- apiGroups: ["admissionregistration.k8s.io"] + resources: ["mutatingwebhookconfigurations"] + verbs: ["create", "get", "update", "delete"] +- apiGroups: ["sparkoperator.k8s.io"] + resources: ["sparkapplications", "scheduledsparkapplications"] + verbs: ["*"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ include "sparkoperator.fullname" . }}-crb + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ include "sparkoperator.name" . }} + helm.sh/chart: {{ include "sparkoperator.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} +subjects: + - kind: ServiceAccount + name: {{ include "sparkoperator.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} +roleRef: + kind: ClusterRole + name: {{ include "sparkoperator.fullname" . }}-cr + apiGroup: rbac.authorization.k8s.io +{{- end }} diff --git a/vnfs/DAaaS/operator/charts/sparkoperator/templates/spark-operator-serviceaccount.yaml b/vnfs/DAaaS/operator/charts/sparkoperator/templates/spark-operator-serviceaccount.yaml new file mode 100755 index 00000000..5216f8dd --- /dev/null +++ b/vnfs/DAaaS/operator/charts/sparkoperator/templates/spark-operator-serviceaccount.yaml @@ -0,0 +1,11 @@ +{{- if .Values.serviceAccounts.sparkoperator.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "sparkoperator.serviceAccountName" . }} + labels: + app.kubernetes.io/name: {{ include "sparkoperator.name" . }} + helm.sh/chart: {{ include "sparkoperator.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} diff --git a/vnfs/DAaaS/operator/charts/sparkoperator/templates/spark-rbac.yaml b/vnfs/DAaaS/operator/charts/sparkoperator/templates/spark-rbac.yaml new file mode 100755 index 00000000..fa066053 --- /dev/null +++ b/vnfs/DAaaS/operator/charts/sparkoperator/templates/spark-rbac.yaml @@ -0,0 +1,44 @@ +{{- if and (.Values.rbac.create) (ne .Values.sparkJobNamespace "") }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + namespace: {{ .Values.sparkJobNamespace }} + name: spark-role + labels: + app.kubernetes.io/name: {{ include "sparkoperator.name" . }} + helm.sh/chart: {{ include "sparkoperator.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} +rules: +- apiGroups: + - "" # "" indicates the core API group + resources: + - "pods" + verbs: + - "*" +- apiGroups: + - "" # "" indicates the core API group + resources: + - "services" + verbs: + - "*" +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: spark-role-binding + namespace: {{ .Values.sparkJobNamespace }} + labels: + app.kubernetes.io/name: {{ include "sparkoperator.name" . }} + helm.sh/chart: {{ include "sparkoperator.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} +subjects: +- kind: ServiceAccount + name: {{ include "spark.serviceAccountName" . }} + namespace: {{ .Values.sparkJobNamespace }} +roleRef: + kind: Role + name: spark-role + apiGroup: rbac.authorization.k8s.io +{{- end }} diff --git a/vnfs/DAaaS/operator/charts/sparkoperator/templates/spark-serviceaccount.yaml b/vnfs/DAaaS/operator/charts/sparkoperator/templates/spark-serviceaccount.yaml new file mode 100755 index 00000000..bb0e55ea --- /dev/null +++ b/vnfs/DAaaS/operator/charts/sparkoperator/templates/spark-serviceaccount.yaml @@ -0,0 +1,12 @@ +{{- if .Values.serviceAccounts.spark.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "spark.serviceAccountName" . }} + namespace: {{ .Values.sparkJobNamespace }} + labels: + app.kubernetes.io/name: {{ include "sparkoperator.name" . }} + helm.sh/chart: {{ include "sparkoperator.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} diff --git a/vnfs/DAaaS/operator/charts/sparkoperator/templates/webhook-cleanup-job.yaml b/vnfs/DAaaS/operator/charts/sparkoperator/templates/webhook-cleanup-job.yaml new file mode 100755 index 00000000..d6d9df7c --- /dev/null +++ b/vnfs/DAaaS/operator/charts/sparkoperator/templates/webhook-cleanup-job.yaml @@ -0,0 +1,32 @@ +{{ if .Values.enableWebhook }} +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ include "sparkoperator.fullname" . }}-cleanup + annotations: + "helm.sh/hook": pre-delete, pre-upgrade + "helm.sh/hook-delete-policy": hook-succeeded + labels: + app.kubernetes.io/name: {{ include "sparkoperator.name" . }} + helm.sh/chart: {{ include "sparkoperator.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} +spec: + template: + spec: + serviceAccountName: {{ include "sparkoperator.serviceAccountName" . }} + restartPolicy: OnFailure + containers: + - name: main + image: {{ .Values.operatorImageName }}:{{ .Values.operatorVersion }} + imagePullPolicy: {{ .Values.imagePullPolicy }} + command: + - "/bin/sh" + - "-c" + - "curl -ik \ + -X DELETE \ + -H \"Authorization: Bearer $(cat /var/run/secrets/kubernetes.io/serviceaccount/token)\" \ + -H \"Accept: application/json\" \ + -H \"Content-Type: application/json\" \ + https://kubernetes.default.svc/api/v1/namespaces/{{ .Release.Namespace }}/secrets/spark-webhook-certs" +{{ end }} diff --git a/vnfs/DAaaS/operator/charts/sparkoperator/templates/webhook-init-job.yaml b/vnfs/DAaaS/operator/charts/sparkoperator/templates/webhook-init-job.yaml new file mode 100755 index 00000000..a42c3097 --- /dev/null +++ b/vnfs/DAaaS/operator/charts/sparkoperator/templates/webhook-init-job.yaml @@ -0,0 +1,24 @@ +{{ if .Values.enableWebhook }} +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ include "sparkoperator.fullname" . }}-init + annotations: + "helm.sh/hook": post-install, post-upgrade + "helm.sh/hook-delete-policy": hook-succeeded + labels: + app.kubernetes.io/name: {{ include "sparkoperator.name" . }} + helm.sh/chart: {{ include "sparkoperator.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} +spec: + template: + spec: + serviceAccountName: {{ include "sparkoperator.serviceAccountName" . }} + restartPolicy: OnFailure + containers: + - name: main + image: {{ .Values.operatorImageName }}:{{ .Values.operatorVersion }} + imagePullPolicy: {{ .Values.imagePullPolicy }} + command: ["/usr/bin/gencerts.sh", "-n", "{{ .Release.Namespace }}", "-s", "{{ .Release.Name }}-webhook", "-p"] +{{ end }} diff --git a/vnfs/DAaaS/operator/charts/sparkoperator/templates/webhook-service.yaml b/vnfs/DAaaS/operator/charts/sparkoperator/templates/webhook-service.yaml new file mode 100755 index 00000000..42c5bc62 --- /dev/null +++ b/vnfs/DAaaS/operator/charts/sparkoperator/templates/webhook-service.yaml @@ -0,0 +1,19 @@ +{{ if .Values.enableWebhook }} +kind: Service +apiVersion: v1 +metadata: + name: {{ .Release.Name }}-webhook + labels: + app.kubernetes.io/name: {{ include "sparkoperator.name" . }} + helm.sh/chart: {{ include "sparkoperator.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} +spec: + ports: + - port: 443 + targetPort: 8080 + name: webhook + selector: + app.kubernetes.io/name: {{ include "sparkoperator.name" . }} + app.kubernetes.io/version: {{ .Values.operatorVersion }} +{{ end }} |