Make CRDs installation and ServiceAccount name configurable (#1)

dobrerazvan · web-flow · commit 3d8c86c1b3cd · 2020-04-03T15:25:24.000+03:00
* Make kafka-operator helm chart compatibile with helm 3

* Make ServiceAccount name configurable and optional
diff --git a/charts/kafka-operator/crds/operator-kafka-crd.yaml b/charts/kafka-operator/crds/operator-kafka-crd.yaml
@@ -4,11 +4,10 @@ metadata:
   annotations:
     controller-gen.kubebuilder.io/version: v0.2.5
   labels:
-    app.kubernetes.io/name: {{ include "kafka-operator.name" . }}
-    helm.sh/chart: {{ include "kafka-operator.chart" . }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/managed-by: {{ .Release.Service }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
+    app.kubernetes.io/name: kafka-operator
+    helm.sh/chart: kafka-operator
+    app.kubernetes.io/instance: kafka-operator
+    app.kubernetes.io/managed-by: kafka-operator
     app.kubernetes.io/component: operator
   name: kafkaclusters.kafka.banzaicloud.io
 spec:
diff --git a/charts/kafka-operator/crds/operator-kafka-topic-crd.yaml b/charts/kafka-operator/crds/operator-kafka-topic-crd.yaml
@@ -2,14 +2,12 @@ apiVersion: apiextensions.k8s.io/v1beta1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    certmanager.k8s.io/inject-ca-from: {{ .Release.Namespace }}/{{ include "kafka-operator.fullname" . }}-server-cert
     controller-gen.kubebuilder.io/version: v0.2.5
   labels:
-    app.kubernetes.io/name: {{ include "kafka-operator.name" . }}
-    helm.sh/chart: {{ include "kafka-operator.chart" . }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/managed-by: {{ .Release.Service }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
+    app.kubernetes.io/name: kafka-operator
+    helm.sh/chart: kafka-operator
+    app.kubernetes.io/instance: kafka-operator
+    app.kubernetes.io/managed-by: kafka-operator
     app.kubernetes.io/component: operator
   name: kafkatopics.kafka.banzaicloud.io
 spec:
diff --git a/charts/kafka-operator/crds/operator-kafka-user-crd.yaml b/charts/kafka-operator/crds/operator-kafka-user-crd.yaml
@@ -4,11 +4,10 @@ metadata:
   annotations:
     controller-gen.kubebuilder.io/version: v0.2.5
   labels:
-    app.kubernetes.io/name: {{ include "kafka-operator.name" . }}
-    helm.sh/chart: {{ include "kafka-operator.chart" . }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/managed-by: {{ .Release.Service }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
+    app.kubernetes.io/name: kafka-operator
+    helm.sh/chart: kafka-operator
+    app.kubernetes.io/instance: kafka-operator
+    app.kubernetes.io/managed-by: kafka-operator
     app.kubernetes.io/component: operator
   name: kafkausers.kafka.banzaicloud.io
 spec:
diff --git a/charts/kafka-operator/templates/_helpers.tpl b/charts/kafka-operator/templates/_helpers.tpl
@@ -30,3 +30,14 @@ Create chart name and version as used by the chart label.
 {{- define "kafka-operator.chart" -}}
 {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
 {{- end -}}
+
+{{/*
+Compute operator deployment serviceAccountName key
+*/}}
+{{- define "operator.serviceAccountName" -}}
+{{- if .Values.operator.serviceAccount.create -}}
+{{ default "default" .Values.operator.serviceAccount.name }}
+{{- else -}}
+{{- printf "%s" "default" }}
+{{- end -}}
+{{- end -}}
diff --git a/charts/kafka-operator/templates/authproxy-rbac.yaml b/charts/kafka-operator/templates/authproxy-rbac.yaml
@@ -1,4 +1,4 @@
-{{- if and .Values.rbac.enabled .Values.prometheusMetrics.enabled .Values.prometheusMetrics.authProxy.enabled }}
+{{- if and .Values.prometheusMetrics.authProxy.serviceAccount.create .Values.prometheusMetrics.enabled .Values.prometheusMetrics.authProxy.enabled }}
 apiVersion: v1
 kind: ServiceAccount
 {{- if .Values.imagePullSecrets }}
@@ -8,7 +8,7 @@ imagePullSecrets:
 {{- end }}
 {{- end }}
 metadata:
-  name: {{ include "kafka-operator.fullname" . }}-authproxy
+  name: {{ .Values.prometheusMetrics.authProxy.serviceAccount.name }}
   namespace: {{ .Release.Namespace | quote }}
   labels:
     app.kubernetes.io/name: {{ include "kafka-operator.name" . }}
@@ -17,6 +17,8 @@ metadata:
     app.kubernetes.io/managed-by: {{ .Release.Service }}
     app.kubernetes.io/version: {{ .Chart.AppVersion }}
     app.kubernetes.io/component: authproxy
+{{- end }}
+{{- if and .Values.rbac.enabled .Values.prometheusMetrics.enabled .Values.prometheusMetrics.authProxy.enabled }}
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
@@ -56,6 +58,6 @@ roleRef:
   name: "{{ include "kafka-operator.fullname" . }}-authproxy"
 subjects:
 - kind: ServiceAccount
-  name: {{ include "kafka-operator.fullname" . }}-authproxy
+  name: {{ .Values.prometheusMetrics.authProxy.serviceAccount.name }}
   namespace: {{ .Release.Namespace }}
 {{- end }}
diff --git a/charts/kafka-operator/templates/crds.yaml b/charts/kafka-operator/templates/crds.yaml
@@ -0,0 +1,6 @@
+{{- if .Values.crd.enabled }}
+{{- range $path, $bytes := .Files.Glob "crds/*.yaml" }}
+{{ $.Files.Get $path }}
+---
+{{- end }}
+{{- end }}
diff --git a/charts/kafka-operator/templates/operator-deployment.yaml b/charts/kafka-operator/templates/operator-deployment.yaml
@@ -34,9 +34,7 @@ spec:
         app: prometheus
         component: alertmanager
     spec:
-      {{- if .Values.rbac.enabled }}
-      serviceAccountName: {{ include "kafka-operator.fullname" . }}-operator
-      {{- end }}
+      serviceAccountName: {{ include "operator.serviceAccountName" .}}
       volumes:
       {{- if .Values.webhook.enabled }}
         - name: serving-cert
diff --git a/charts/kafka-operator/templates/operator-rbac.yaml b/charts/kafka-operator/templates/operator-rbac.yaml
@@ -1,4 +1,4 @@
-{{- if .Values.rbac.enabled }}
+{{- if .Values.operator.serviceAccount.create }}
 apiVersion: v1
 kind: ServiceAccount
 {{- if .Values.imagePullSecrets }}
@@ -8,7 +8,7 @@ imagePullSecrets:
 {{- end }}
 {{- end }}
 metadata:
-  name: {{ include "kafka-operator.fullname" . }}-operator
+  name: {{ include "operator.serviceAccountName" . }}
   namespace: {{ .Release.Namespace | quote }}
   labels:
     app.kubernetes.io/name: {{ include "kafka-operator.name" . }}
@@ -17,6 +17,8 @@ metadata:
     app.kubernetes.io/managed-by: {{ .Release.Service }}
     app.kubernetes.io/version: {{ .Chart.AppVersion }}
     app.kubernetes.io/component: operator
+{{- end }}
+{{- if .Values.rbac.enabled }}
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
@@ -237,6 +239,6 @@ roleRef:
   name: {{ include "kafka-operator.fullname" . }}-operator
 subjects:
 - kind: ServiceAccount
-  name: {{ include "kafka-operator.fullname" . }}-operator
+  name: {{ include "operator.serviceAccountName" . }}
   namespace: {{ .Release.Namespace }}
 {{- end }}
diff --git a/charts/kafka-operator/values.yaml b/charts/kafka-operator/values.yaml
@@ -26,6 +26,9 @@ operator:
     requests:
       cpu: 100m
       memory: 128Mi
+  serviceAccount:
+    create: true
+    name: kafka-operator
 
 webhook:
   enabled: true
@@ -47,13 +50,20 @@ prometheusMetrics:
       repository: gcr.io/kubebuilder/kube-rbac-proxy
       tag: v0.4.0
       pullPolicy: IfNotPresent
+    serviceAccount:
+      create: true
+      name: kafka-operator-authproxy
+
 
 nameOverride: ""
 fullnameOverride: ""
 
 rbac:
   enabled: true
 
+crd:
+  enabled: false
+
 nodeSelector: {}
 
 tolerations: []
