Optionally configure nodes to use NTP instead of systemd-timesyncd (#142

) * Modify makefile's `generate` Target to allow for crd code-gen Signed-off-by: Niclas Schad <niclas.schad@stackit.cloud> * Introduce os-coreos config API type Signed-off-by: Niclas Schad <niclas.schad@stackit.cloud> * Use new os-coreos config API in controller and add ntp config into node reconcile step Signed-off-by: Niclas Schad <niclas.schad@stackit.cloud> * Modify os-coreos chart to allow to mount the new config API custom resource Signed-off-by: Niclas Schad <niclas.schad@stackit.cloud> * modify os-coreos test Signed-off-by: Niclas Schad <niclas.schad@stackit.cloud> * make tidy Signed-off-by: Niclas Schad <niclas.schad@stackit.cloud> * fix ntpd service name Signed-off-by: Niclas Schad <niclas.schad@stackit.cloud> * fix chart Signed-off-by: Niclas Schad <niclas.schad@stackit.cloud> * add validation for ExtensionConfig Signed-off-by: Niclas Schad <niclas.schad@stackit.cloud> * add simple test-case for enabled ntpd.service Signed-off-by: Niclas Schad <niclas.schad@stackit.cloud> * improve description in config API Signed-off-by: Niclas Schad <niclas.schad@stackit.cloud> * remove left-over println Signed-off-by: Niclas Schad <niclas.schad@stackit.cloud> * fix: add config API validation to controller start-up Signed-off-by: Niclas Schad <niclas.schad@stackit.cloud> * move Validate function and make run not part of options struct Signed-off-by: Niclas Schad <niclas.schad@stackit.cloud> * use filepath.Separator instead of hardcoded rune Signed-off-by: Niclas Schad <niclas.schad@stackit.cloud> * update type for gardener 1.108 Signed-off-by: Niclas Schad <niclas.schad@stackit.cloud> * PR review: use codegen.sh from gardener Signed-off-by: Niclas Schad <niclas.schad@stackit.cloud> * PR review: refactor helm-chart Signed-off-by: Niclas Schad <niclas.schad@stackit.cloud> * PR review: modify generate target; build docs Signed-off-by: Niclas Schad <niclas.schad@stackit.cloud> * PR review: rename healthOptions to heartbeatOptions; move Validate() function to bottom of file for clarity Signed-off-by: Niclas Schad <niclas.schad@stackit.cloud> * PR review: create Complete() func for options; move heartbatCtrlOptions into Options Signed-off-by: Niclas Schad <niclas.schad@stackit.cloud> * PR review: refactor API; add validation and tests Signed-off-by: Niclas Schad <niclas.schad@stackit.cloud> * PR review: refactor actuator.go reflect changes in API; improve-tests Signed-off-by: Niclas Schad <niclas.schad@stackit.cloud> * regen controller-registration Signed-off-by: Niclas Schad <niclas.schad@stackit.cloud> * update DOCS Signed-off-by: Niclas Schad <niclas.schad@stackit.cloud> * PR review: remove duplicate VGOPATH target in Makefile Signed-off-by: Niclas Schad <niclas.schad@stackit.cloud> * use coreos.name instead of coreos.fullname for chart Signed-off-by: Niclas Schad <niclas.schad@stackit.cloud> * add checksum to secret so the Deployment automatically restarts on config change Signed-off-by: Niclas Schad <niclas.schad@stackit.cloud> --------- Signed-off-by: Niclas Schad <niclas.schad@stackit.cloud>
gardener · Nov 27, 2024 · bb5c534 · bb5c534
1 parent d90ce7c
commit bb5c534
Show file tree

Hide file tree

Showing 31 changed files with 924 additions and 118 deletions.
diff --git a/charts/gardener-extension-os-coreos/templates/_helpers.tpl b/charts/gardener-extension-os-coreos/templates/_helpers.tpl
@@ -1,7 +1,4 @@
-{{- define "name" -}}
-gardener-extension-os-coreos
-{{- end -}}
-
+{{/* vim: set filetype=mustache: */}}
 {{-  define "image" -}}
   {{- if hasPrefix "sha256:" .Values.image.tag }}
   {{- printf "%s@%s" .Values.image.repository .Values.image.tag }}
@@ -10,6 +7,61 @@ gardener-extension-os-coreos
   {{- end }}
 {{- end }}
 
-{{- define "deploymentversion" -}}
-apps/v1
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "coreos.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "coreos.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "coreos.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
 {{- end -}}
+
+{{/*
+Selector labels
+*/}}
+{{- define "coreos.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "coreos.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "coreos.labels" -}}
+helm.sh/chart: {{ include "coreos.chart" . }}
+{{ include "coreos.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Get checksum of config secret or configMap
+*/}}
+{{- define "coreos.configChecksum" -}}
+{{- include (print $.Template.BasePath "/secret-config.yaml") . | sha256sum -}}
+{{- end -}}
diff --git a/charts/gardener-extension-os-coreos/templates/deployment.yaml b/charts/gardener-extension-os-coreos/templates/deployment.yaml
@@ -1,37 +1,34 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
-  name: gardener-extension-os-coreos
+  name: {{ include "coreos.name" . }}
   namespace: {{ .Release.Namespace }}
   labels:
-    app.kubernetes.io/name: gardener-extension-os-coreos
-    helm.sh/chart: gardener-extension-os-coreos
-    app.kubernetes.io/instance: {{ .Release.Name }}
+    {{- include "coreos.labels" . | nindent 4 }}
     high-availability-config.resources.gardener.cloud/type: controller
 spec:
   revisionHistoryLimit: 0
   replicas: {{ .Values.replicaCount }}
   selector:
     matchLabels:
-      app.kubernetes.io/name: gardener-extension-os-coreos
-      app.kubernetes.io/instance: {{ .Release.Name }}
+      {{- include "coreos.selectorLabels" . | nindent 6 }}
   template:
     metadata:
       {{- if and .Values.metrics.enableScraping }}
       annotations:
+        checksum/config: {{ include "coreos.configChecksum" . }}
         prometheus.io/name: "{{ .Release.Name }}"
         prometheus.io/scrape: "true"
         # default metrics endpoint in controller-runtime
         prometheus.io/port: "{{ .Values.metrics.port }}"
       {{- end }}
       labels:
-        app.kubernetes.io/name: gardener-extension-os-coreos
-        app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- include "coreos.labels" . | nindent 8 }}
         networking.gardener.cloud/to-runtime-apiserver: allowed
         networking.gardener.cloud/to-dns: allowed
     spec:
       priorityClassName: gardener-system-900
-      serviceAccountName: gardener-extension-os-coreos
+      serviceAccountName: {{ include "coreos.name" . }}
       containers:
       - name: gardener-extension-os-coreos
         image: {{ include "image" . }}
@@ -44,6 +41,7 @@ spec:
         - --disable-controllers={{ .Values.disableControllers | join "," }}
         - --ignore-operation-annotation={{ .Values.controllers.ignoreOperationAnnotation }}
         - --gardener-version={{ .Values.gardener.version }}
+        - --config=/config/config.yaml
         - --metrics-bind-address=:{{ .Values.metrics.port }}
         env:
         - name: LEADER_ELECTION_NAMESPACE
@@ -54,3 +52,13 @@ spec:
         resources:
 {{ toYaml .Values.resources | nindent 10 }}
 {{- end }}
+        volumeMounts:
+          - name: config
+            mountPath: /config
+            readOnly: true
+      volumes:
+        - name: config
+          secret:
+            secretName: {{ include "coreos.name" . }}-config
+            defaultMode: 420
+
diff --git a/charts/gardener-extension-os-coreos/templates/poddisruptionbudget.yaml b/charts/gardener-extension-os-coreos/templates/poddisruptionbudget.yaml
@@ -1,17 +1,15 @@
 apiVersion: policy/v1
 kind: PodDisruptionBudget
 metadata:
-  name: gardener-extension-os-coreos
+  name: {{ include "coreos.name" . }}
   namespace: {{ .Release.Namespace }}
   labels:
-    app.kubernetes.io/name: gardener-extension-os-coreos
-    app.kubernetes.io/instance: {{ .Release.Name }}
+    {{- include "coreos.labels" . | nindent 4 }}
 spec:
   maxUnavailable: 1
   selector:
     matchLabels:
-      app.kubernetes.io/name: gardener-extension-os-coreos
-      app.kubernetes.io/instance: {{ .Release.Name }}
+      {{- include "coreos.selectorLabels" . | nindent 6}}
 {{- if semverCompare ">= 1.26-0" .Capabilities.KubeVersion.Version }}
   unhealthyPodEvictionPolicy: AlwaysAllow
 {{- end }}
diff --git a/charts/gardener-extension-os-coreos/templates/rbac.yaml b/charts/gardener-extension-os-coreos/templates/rbac.yaml
@@ -2,11 +2,9 @@
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
-  name: gardener-extension-os-coreos
+  name: {{ include "coreos.name" . }}
   labels:
-    app.kubernetes.io/name: gardener-extension-os-coreos
-    helm.sh/chart: gardener-extension-os-coreos
-    app.kubernetes.io/instance: {{ .Release.Name }}
+    {{- include "coreos.labels" . | nindent 4 }}
 rules:
 - apiGroups:
   - extensions.gardener.cloud
@@ -79,9 +77,7 @@ kind: ClusterRoleBinding
 metadata:
   name: gardener-extension-os-coreos
   labels:
-    app.kubernetes.io/name: gardener-extension-os-coreos
-    helm.sh/chart: gardener-extension-os-coreos
-    app.kubernetes.io/instance: {{ .Release.Name }}
+    {{- include "coreos.labels" . | nindent 4 }}
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole

diff --git a/charts/gardener-extension-os-coreos/templates/secret-config.yaml b/charts/gardener-extension-os-coreos/templates/secret-config.yaml
@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ include "coreos.name" . }}-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "coreos.labels" . | nindent 4 }}
+type: Opaque
+stringData:
+  config.yaml: |
+    {{- .Values.config | toYaml | nindent 4 }}
diff --git a/charts/gardener-extension-os-coreos/templates/service.yaml b/charts/gardener-extension-os-coreos/templates/service.yaml
@@ -1,7 +1,7 @@
 apiVersion: v1
 kind: Service
 metadata:
-  name: gardener-extension-os-coreos
+  name: {{ include "coreos.name" . }}
   namespace: {{ .Release.Namespace }}
   annotations:
     networking.resources.gardener.cloud/from-all-seed-scrape-targets-allowed-ports: '[{"port":{{ .Values.metrics.port }},"protocol":"TCP"}]'
@@ -11,14 +11,11 @@ metadata:
     networking.resources.gardener.cloud/from-policy-pod-label-selector: all-seed-scrape-targets
     networking.resources.gardener.cloud/from-policy-allowed-ports: '[{"port":{{ .Values.metrics.port }},"protocol":"TCP"}]'
   labels:
-    app.kubernetes.io/name: gardener-extension-os-coreos
-    helm.sh/chart: gardener-extension-os-coreos
-    app.kubernetes.io/instance: {{ .Release.Name }}
+    {{- include "coreos.labels" . | nindent 4 }}
 spec:
   type: ClusterIP
   selector:
-    app.kubernetes.io/name: gardener-extension-os-coreos
-    app.kubernetes.io/instance: {{ .Release.Name }}
+    {{- include "coreos.selectorLabels" . | nindent 4 }}
   ports:
   - name: metrics
     port: {{ .Values.metrics.port }}

diff --git a/charts/gardener-extension-os-coreos/templates/serviceaccount.yaml b/charts/gardener-extension-os-coreos/templates/serviceaccount.yaml
@@ -1,10 +1,8 @@
 apiVersion: v1
 kind: ServiceAccount
 metadata:
-  name: gardener-extension-os-coreos
+  name: {{ include "coreos.name" . }}
   namespace: {{ .Release.Namespace }}
   labels:
-    app.kubernetes.io/name: gardener-extension-os-coreos
-    helm.sh/chart: gardener-extension-os-coreos
-    app.kubernetes.io/instance: {{ .Release.Name }}
+    {{- include "coreos.labels" . | nindent 4 }}
 automountServiceAccountToken: false
diff --git a/charts/gardener-extension-os-coreos/templates/vpa.yaml b/charts/gardener-extension-os-coreos/templates/vpa.yaml
@@ -2,8 +2,10 @@
 apiVersion: autoscaling.k8s.io/v1
 kind: VerticalPodAutoscaler
 metadata:
-  name: {{ include "name" . }}-vpa
+  name: {{ include "coreos.name" . }}
   namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "coreos.labels" . | nindent 4 }}
 spec:
   {{- if .Values.vpa.resourcePolicy }}
   resourcePolicy:
@@ -15,7 +17,7 @@ spec:
   targetRef:
     apiVersion: apps/v1
     kind: Deployment
-    name: {{ include "name" . }}
+    name: {{ include "coreos.name" . }}
   updatePolicy:
     updateMode: {{ .Values.vpa.updatePolicy.updateMode }}
 {{- end }}
diff --git a/charts/gardener-extension-os-coreos/values.yaml b/charts/gardener-extension-os-coreos/values.yaml
@@ -5,6 +5,8 @@ image:
 
 resources: {}
 
+config: {}
+
 vpa:
   enabled: true
   resourcePolicy: