Merge pull request #322 from fluxcd/enhancement/tmpl-refactor

install: rename files and resource names
fluxcd · Mar 2, 2020 · c3ea824 · c3ea824
2 parents 8b99349 + 1baacd6
commit c3ea824
Show file tree

Hide file tree

Showing 18 changed files with 131 additions and 157 deletions.
diff --git a/chart/helm-operator/README.md b/chart/helm-operator/README.md
@@ -18,7 +18,7 @@ helm repo add fluxcd https://charts.fluxcd.io
 Install the HelmRelease CRD:
 
 ```sh
-kubectl apply -f https://raw.githubusercontent.com/fluxcd/helm-operator/master/deploy/flux-helm-release-crd.yaml
+kubectl apply -f https://raw.githubusercontent.com/fluxcd/helm-operator/master/deploy/crds.yaml
 ```
 
 Install Helm Operator for Tiller in the fluxcd namespace:

diff --git a/deploy/helm-operator-crds.yaml → deploy/crds.yaml b/deploy/helm-operator-crds.yaml → deploy/crds.yaml
diff --git a/deploy/helm-operator-deployment.yaml → deploy/deployment.yaml b/deploy/helm-operator-deployment.yaml → deploy/deployment.yaml
@@ -2,22 +2,23 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
-  name: flux-helm-operator
+  name: helm-operator
+  namespace: flux
 spec:
   replicas: 1
   selector:
     matchLabels:
-      name: flux-helm-operator
+      name: helm-operator
   strategy:
     type: Recreate
   template:
     metadata:
       labels:
-        name: flux-helm-operator
+        name: helm-operator
       annotations:
         prometheus.io/scrape: "true"
     spec:
-      serviceAccountName: flux-helm-operator
+      serviceAccountName: helm-operator
       volumes:
       #
       # You will need these two volumes if you want to establish validated TLS
@@ -30,7 +31,7 @@ spec:
       # Secret type kubernetes.io/tls
       # - name: flux-helm-tls-cert
       #   secret:
-      #     secretName: flux-helm-tls-cert
+      #     secretName: tiller-tls-cert
       #     defaultMode: 0400
       #
       # The following volume is for using a customised known_hosts file,
@@ -72,7 +73,7 @@ spec:
       #   emptyDir: {}
 
       containers:
-      - name: flux-helm-operator
+      - name: helm-operator
         # There are no ":latest" images for helm-operator. Find the most recent
         # release or image version at https://hub.docker.com/r/weaveworks/helm-operator/tags
         # and replace the tag here.
@@ -126,4 +127,3 @@ spec:
         # - --tiller-tls-verify=true
         # - --tiller-tls-ca-cert-path=/etc/fluxd/helm-ca/ca.crt
 
-
diff --git a/deploy/kustomization.yaml b/deploy/kustomization.yaml
@@ -1,4 +1,5 @@
 resources:
-  - flux-helm-operator-account.yaml
-  - helm-operator-crds.yaml
-  - helm-operator-deployment.yaml
+  - namespace.yaml
+  - crds.yaml
+  - rbac.yaml
+  - deployment.yaml
diff --git a/deploy/namespace.yaml b/deploy/namespace.yaml
@@ -0,0 +1,5 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: flux
diff --git a/deploy/flux-helm-operator-account.yaml → deploy/rbac.yaml b/deploy/flux-helm-operator-account.yaml → deploy/rbac.yaml
@@ -1,19 +1,18 @@
 ---
-# The service account, cluster roles, and cluster role binding are
-# only needed for Kubernetes with role-based access control (RBAC).
 apiVersion: v1
 kind: ServiceAccount
 metadata:
   labels:
-    name: flux-helm-operator
-  name: flux-helm-operator
+    name: helm-operator
+  name: helm-operator
+  namespace: flux
 ---
 apiVersion: rbac.authorization.k8s.io/v1beta1
 kind: ClusterRole
 metadata:
   labels:
-    name: flux-helm-operator
-  name: flux-helm-operator
+    name: helm-operator
+  name: helm-operator
 rules:
   - apiGroups: ['*']
     resources: ['*']
@@ -25,13 +24,13 @@ apiVersion: rbac.authorization.k8s.io/v1beta1
 kind: ClusterRoleBinding
 metadata:
   labels:
-    name: flux-helm-operator
-  name: flux-helm-operator
+    name: helm-operator
+  name: helm-operator
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
-  name: flux-helm-operator
+  name: helm-operator
 subjects:
   - kind: ServiceAccount
-    name: flux-helm-operator
-    namespace: default
+    name: helm-operator
+    namespace: flux
diff --git a/...weave-cloud-helm-operator-deployment.yaml → deploy/weave-cloud-deployment.yaml b/...weave-cloud-helm-operator-deployment.yaml → deploy/weave-cloud-deployment.yaml
@@ -1,23 +1,23 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
-  name: flux-helm-operator
+  name: helm-operator
   namespace: weave
   labels:
-    app: flux-helm-operator
+    app: helm-operator
     weave-cloud-component: helm-operator
 spec:
   strategy:
     type: Recreate
   selector:
     matchLabels:
-      app: flux-helm-operator
+      app: helm-operator
   template:
     metadata:
       annotations:
         prometheus.io/scrape: "false"
       labels:
-        app: flux-helm-operator
+        app: helm-operator
     spec:
       serviceAccountName: weave-flux
       volumes:
@@ -26,7 +26,7 @@ spec:
             defaultMode: 256
             secretName: flux-git-deploy
       containers:
-        - name: flux-helm-operator
+        - name: helm-operator
           image: docker.io/fluxcd/helm-operator:1.0.0-rc9
           imagePullPolicy: IfNotPresent
           args:

diff --git a/docs/references/helmrelease-custom-resource.md b/docs/references/helmrelease-custom-resource.md
@@ -2,7 +2,7 @@
 
 Each release of a chart is declared by a `HelmRelease`
 resource. The schema for these resources is given in [the custom
-resource definition](https://github.com/fluxcd/helm-operator/blob/master/deploy/flux-helm-release-crd.yaml). They
+resource definition](https://github.com/fluxcd/helm-operator/blob/master/deploy/crds.yaml). They
 look like this:
 
 ```yaml

diff --git a/hack/update/generate-crds.sh b/hack/update/generate-crds.sh
@@ -55,7 +55,7 @@ bin/controller-gen \
   paths=./pkg/apis/...
 
 echo "Forging CRD template for \`pkg/install\` from generated chart CRDs"
-out="./pkg/install/templates/helm-operator-crds.yaml.tmpl"
+out="./pkg/install/templates/crds.yaml.tmpl"
 rm "$out" || true
 touch "$out"
 for file in $(find "${CRD_DIR}" -type f | sort -V); do

diff --git a/pkg/install/generate.go b/pkg/install/generate.go
@@ -37,7 +37,7 @@ func main() {
 			log.Fatalln(err)
 		}
 	case "deploy":
-		manifests, err := install.FillInTemplates(install.TemplateParameters{})
+		manifests, err := install.FillInTemplates(install.TemplateParameters{Namespace: "flux"})
 		if err != nil {
 			fmt.Fprintf(os.Stderr, "error: failed to fill in templates: %s\n", err)
 			os.Exit(1)

diff --git a/pkg/install/generated_templates.gogen.go b/pkg/install/generated_templates.gogen.go
diff --git a/pkg/install/install.go b/pkg/install/install.go
@@ -12,18 +12,28 @@ import (
 	"github.com/shurcooL/httpfs/vfsutil"
 )
 
+const (
+	defaultNamespace       = "default"
+	defaultTillerNamespace = "kube-system"
+)
+
 type TemplateParameters struct {
-	Namespace               string
-	TillerNamespace         string
-	SSHSecretName           string
-	EnableTillerTLS         bool
-	TillerTLSCACertContent  string
-	TillerTLSCertSecretName string
-	HelmVersions            string
-	AdditionalArgs          []string
+	Namespace       string
+	TillerNamespace string
+	SSHSecretName   string
+	HelmVersions    string
+	AdditionalArgs  []string
 }
 
 func FillInTemplates(params TemplateParameters) (map[string][]byte, error) {
+	if params.Namespace == "" {
+		// Set the default namespace
+		params.Namespace = defaultNamespace
+	}
+	if params.TillerNamespace == "" {
+		// Set the default Tiller namespace
+		params.TillerNamespace = defaultTillerNamespace
+	}
 	result := map[string][]byte{}
 	err := vfsutil.WalkFiles(templates, "/", func(path string, info os.FileInfo, rs io.ReadSeeker, err error) error {
 		if err != nil {

diff --git a/pkg/install/install_test.go b/pkg/install/install_test.go
@@ -37,10 +37,7 @@ func TestFillInTemplates(t *testing.T) {
 		Namespace:               "flux",
 		TillerNamespace:         "tiller",
 		SSHSecretName:           "mysshsecretname",
-		EnableTillerTLS:         true,
-		TillerTLSCACertContent:  "foo\nbar\n",
-		TillerTLSCertSecretName: "mytlssecretname",
-	}, 4)
+	}, 3)
 }
 
 func TestFillInTemplatesEmpty(t *testing.T) {

diff --git a/...ll/templates/helm-operator-crds.yaml.tmpl → pkg/install/templates/crds.yaml.tmpl b/...ll/templates/helm-operator-crds.yaml.tmpl → pkg/install/templates/crds.yaml.tmpl
diff --git a/...plates/helm-operator-deployment.yaml.tmpl → pkg/install/templates/deployment.yaml.tmpl b/...plates/helm-operator-deployment.yaml.tmpl → pkg/install/templates/deployment.yaml.tmpl
@@ -2,32 +2,26 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
-  name: flux-helm-operator{{ if .Namespace }}
-  namespace: {{ .Namespace }}{{ end }}
+  name: helm-operator
+{{- if .Namespace }}
+  namespace: {{ .Namespace }}
+{{- end }}
 spec:
   replicas: 1
   selector:
     matchLabels:
-      name: flux-helm-operator
+      name: helm-operator
   strategy:
     type: Recreate
   template:
     metadata:
       labels:
-        name: flux-helm-operator
+        name: helm-operator
       annotations:
         prometheus.io/scrape: "true"
     spec:
-      serviceAccountName: flux-helm-operator
-      volumes:{{ if .EnableTillerTLS }}
-        - name: helm-tls-ca
-          configMap:
-            name: flux-helm-tls-ca-config
-            defaultMode: 0600
-        - name: helm-tls-certs
-          secret:
-            secretName: {{ if .TillerTLSCertSecretName }}{{ .TillerTLSCertSecretName }}{{ else }}flux-helm-tls-cert{{ end }}
-            defaultMode: 0400{{ else }}
+      serviceAccountName: helm-operator
+      volumes:
       #
       # You will need these two volumes if you want to establish validated TLS
       # connections against Tiller
@@ -39,9 +33,9 @@ spec:
       # Secret type kubernetes.io/tls
       # - name: flux-helm-tls-cert
       #   secret:
-      #     secretName: {{ if .TillerTLSCertSecretName }}{{ .TillerTLSCertSecretName }}{{ else }}flux-helm-tls-cert{{ end }}
+      #     secretName: tiller-tls-cert
       #     defaultMode: 0400
-      #{{end}}
+      #
       # The following volume is for using a customised known_hosts file,
       # which you will need to do if you host your own git repo rather
       # than using github or the like. You'll also need to mount it
@@ -55,14 +49,14 @@ spec:
       # - name: sshdir
       #   configMap:
       #     name: flux-ssh-config
-      #     defaultMode: 0400{{ if .SSHSecretName }}
-
+      #     defaultMode: 0400
+{{- if .SSHSecretName }}
       # SSH key to access the Git repository
         - name: git-key
           secret:
             secretName: {{ .SSHSecretName }}
             defaultMode: 0400 # when mounted read-only, we won't be able to chmod
-{{ else }}
+{{- else }}
       #
       # You will need this volume if you're using a git repo that
       # needs an SSH key for access; e.g., a GitHub deploy key. If
@@ -76,7 +70,8 @@ spec:
       #   secret:
       #     secretName: flux-git-deploy
       #     defaultMode: 0400 # when mounted read-only, we won't be able to chmod
-      #{{end}}
+      #
+{{- end}}
       # These two volumes are for mounting a repositories.yaml file,
       # and providing a cache directory. The latter is needed because
       # mounting the former will make the cache/ directory read-only.
@@ -88,7 +83,7 @@ spec:
       #   emptyDir: {}
 
       containers:
-      - name: flux-helm-operator
+      - name: helm-operator
         # There are no ":latest" images for helm-operator. Find the most recent
         # release or image version at https://hub.docker.com/r/weaveworks/helm-operator/tags
         # and replace the tag here.
@@ -118,52 +113,38 @@ spec:
         # file; you'll also need the volume declared above.
         # - name: sshdir
         #   mountPath: /root/.ssh
-        #   readOnly: true{{ if .SSHSecretName }}
-
+        #   readOnly: true
+{{- if .SSHSecretName }}
           - name: git-key
             mountPath: /etc/fluxd/ssh
-{{ else }}
+{{- else }}
         # - name: git-key
-        #   mountPath: /etc/fluxd/ssh{{ end }}
+        #   mountPath: /etc/fluxd/ssh
+{{- end }}
         # - name: repositories-yaml
         #   mountPath: /var/fluxd/helm/repository
         # - name: repositories-cache
-        #   mountPath: /var/fluxd/helm/repository/cache{{ if .EnableTillerTLS }}
-
-          - name: helm-tls-certs
-            mountPath: /etc/fluxd/helm
-            readOnly: true
-          - name: helm-tls-ca
-            mountPath: /etc/fluxd/helm-ca
-            readOnly: true
-{{ else }}
+        #   mountPath: /var/fluxd/helm/repository/cache
         # - name: helm-tls-certs
         #   mountPath: /etc/fluxd/helm
         #   readOnly: true
         # - name: helm-tls-ca
         #   mountPath: /etc/fluxd/helm-ca
-        #   readOnly: true{{ end }}
+        #   readOnly: true
         args:
         # How to find Tiller
-        - --tiller-namespace={{ if .TillerNamespace }}{{ .TillerNamespace }}{{ else }}kube-system{{ end }}{{ if .EnableTillerTLS }}
-        # TLS configuration
-        - --tiller-tls-ca-cert-path=/etc/fluxd/helm-ca/ca.crt
-        - --tiller-tls-enable=true
-        - --tiller-tls-key-path=/etc/fluxd/helm/tls.key
-        - --tiller-tls-cert-path=/etc/fluxd/helm/tls.crt
-        - --tiller-tls-verify=true
-        - --tiller-tls-ca-cert-path=/etc/fluxd/helm-ca/ca.crt{{ else }}
+        - --tiller-namespace={{ .TillerNamespace }}
         # Comment out to to establish validated TLS connections against Tiller
         # - --tiller-tls-ca-cert-path=/etc/fluxd/helm-ca/ca.crt
         # - --tiller-tls-enable=true
         # - --tiller-tls-key-path=/etc/fluxd/helm/tls.key
         # - --tiller-tls-cert-path=/etc/fluxd/helm/tls.crt
         # - --tiller-tls-verify=true
-        # - --tiller-tls-ca-cert-path=/etc/fluxd/helm-ca/ca.crt{{ end }}
+        # - --tiller-tls-ca-cert-path=/etc/fluxd/helm-ca/ca.crt
 {{ if .HelmVersions }}
         - --enabled-helm-versions={{ .HelmVersions }}
-{{ end }}
-{{ if .AdditionalArgs }}
+{{- end }}
+{{- if .AdditionalArgs }}
         # Additional arguments{{ range .AdditionalArgs }}
         - {{ . }}{{ end }}
-{{ end }}
+{{- end }}