add helm charts with deps (#62)

* add helm charts with deps * add readme for installation * regenerate package and index * update manifests and helm chart for 0.0.5
Azure · Apr 29, 2020 · 9626a9b · 9626a9b
1 parent a0eaf15
commit 9626a9b
Show file tree

Hide file tree

Showing 13 changed files with 246 additions and 5 deletions.
diff --git a/README.md b/README.md
@@ -12,17 +12,28 @@ _WIP_
 
 This guide will walk you through the steps to configure and run the Azure Key Vault provider for Secret Store CSI driver on Kubernetes.
 
-### Install the Secrets Store CSI Driver 
+### Install the Secrets Store CSI Driver and the Azure Keyvault Provider
 **Prerequisites**
 
 Recommended Kubernetes version: 
 - For linux - v1.16.0+
 - For windows - v1.18.0+
 
-💡 Make sure you have followed the [Installation guide for the Secrets Store CSI Driver](https://github.com/kubernetes-sigs/secrets-store-csi-driver#usage) to install the driver.
+**Deployment using Helm**
+
+Follow [this guide to install using Helm](charts/csi-secrets-store-provider-azure/README.md)
+
+<details>
+<summary><strong>[ALTERNATIVE DEPLOYMENT OPTION] Using Deployment Yamls</strong></summary>
+
+### Install the Secrets Store CSI Driver
+
+💡 Follow the [Installation guide for the Secrets Store CSI Driver](https://github.com/kubernetes-sigs/secrets-store-csi-driver#usage) to install the driver.
+
 
 ### Install the Azure Key Vault Provider
 
+For linux nodes
 ```bash
 kubectl apply -f https://raw.githubusercontent.com/Azure/secrets-store-csi-driver-provider-azure/master/deployment/provider-azure-installer.yaml
 ```
@@ -45,6 +56,7 @@ NAME                                     READY   STATUS    RESTARTS   AGE
 csi-secrets-store-provider-azure-4ngf4   1/1     Running   0          8s
 csi-secrets-store-provider-azure-bxr5k   1/1     Running   0          8s
 ```
+</details>
 
 ### Using the Azure Key Vault Provider
 

diff --git a/charts/csi-secrets-store-provider-azure-0.0.5.tgz b/charts/csi-secrets-store-provider-azure-0.0.5.tgz
diff --git a/charts/csi-secrets-store-provider-azure/Chart.yaml b/charts/csi-secrets-store-provider-azure/Chart.yaml
@@ -0,0 +1,12 @@
+apiVersion: v1
+name: csi-secrets-store-provider-azure
+version: 0.0.5
+appVersion: 0.0.5
+kubeVersion: ">=1.16.0-0"
+description: A Helm chart to install the Secrets Store CSI Driver and the Azure Keyvault Provider inside a Kubernetes cluster.
+sources:
+  - https://github.com/Azure/secrets-store-csi-driver-provider-azure
+home: https://github.com/Azure/secrets-store-csi-driver-provider-azure
+maintainers:
+  - name: Anish Ramasekar
+    email: [email protected]
diff --git a/charts/csi-secrets-store-provider-azure/README.md b/charts/csi-secrets-store-provider-azure/README.md
@@ -0,0 +1,39 @@
+# csi-secrets-store-provider-azure
+
+Azure Key Vault provider for Secret Store CSI driver allows you to get secret contents stored in Azure Key Vault instance and use the Secret Store CSI driver interface to mount them into Kubernetes pods.
+
+## Installation
+
+Quick start instructions for the setup and configuration of secrets-store-csi-driver and azure keyvault provider using Helm.
+
+### Prerequisites
+
+- [Helm3](https://helm.sh/docs/intro/quickstart/#install-helm)
+
+### Installing the Chart
+
+- This chart installs the [secrets-store-csi-driver](https://github.com/kubernetes-sigs/secrets-store-csi-driver) and the azure keyvault provider for the driver
+
+```shell
+$ helm repo add csi-secrets-store-provider-azure https://raw.githubusercontent.com/Azure/secrets-store-csi-driver-provider-azure/master/charts
+$ helm install csi-secrets-store-provider-azure/csi-secrets-provider-azure --generate-name
+```
+
+### Configuration
+
+The following table lists the configurable parameters of the csi-secrets-store-provider-azure chart and their default values.
+
+| Parameter | Description | Default |
+| --------- | ----------- | ------- |
+| `nameOverride` | String to partially override csi-secrets-store-provider-azure.fullname template with a string (will prepend the release name) | `""` |
+| `fullnameOverride` | String to fully override csi-secrets-store-provider-azure.fullname template with a string | `""` |
+| `image.repository` | Image repository | `mcr.microsoft.com/k8s/csi/secrets-store/provider-azure` |
+| `image.pullPolicy` | Image pull policy | `IfNotPresent` |
+| `image.tag` | Azure Keyvault Provider image | `0.0.5` |
+| `linux.enabled` | Install azure keyvault provider on linux nodes | true |
+| `linux.resources` | Resource limit for provider pods on linux nodes | `requests.cpu: 50m`<br>`requests.memory: 100Mi`<br>`limits.cpu: 50m`<br>`limits.memory: 100Mi` |
+| `windows.enabled` | Install azure keyvault provider on windows nodes | false |
+| `windows.resources` | Resource limit for provider pods on windows nodes | `requests.cpu: 100m`<br>`requests.memory: 200Mi`<br>`limits.cpu: 100m`<br>`limits.memory: 200Mi` |
+| `secrets-store-csi-driver.install` | Install secrets-store-csi-driver with this chart | true |
+| `secrets-store-csi-driver.linux.enabled` | Install secrets-store-csi-driver on linux nodes | true |
+| `secrets-store-csi-driver.windows.enabled` | Install secrets-store-csi-driver on windows nodes | false |
diff --git a/charts/csi-secrets-store-provider-azure/requirements.lock b/charts/csi-secrets-store-provider-azure/requirements.lock
@@ -0,0 +1,6 @@
+dependencies:
+- name: secrets-store-csi-driver
+  repository: https://raw.githubusercontent.com/kubernetes-sigs/secrets-store-csi-driver/master/charts
+  version: 0.0.9
+digest: sha256:a3f8946d1dcbb91e02670a7d6fd9616af22f1177f1d21f029fd19e5ce62ecf0f
+generated: "2020-04-29T12:35:16.72393-07:00"
diff --git a/charts/csi-secrets-store-provider-azure/requirements.yaml b/charts/csi-secrets-store-provider-azure/requirements.yaml
@@ -0,0 +1,5 @@
+dependencies:
+- name: secrets-store-csi-driver
+  repository: https://raw.githubusercontent.com/kubernetes-sigs/secrets-store-csi-driver/master/charts
+  version: 0.0.9
+  condition: driver.install
diff --git a/charts/csi-secrets-store-provider-azure/templates/_helpers.tpl b/charts/csi-secrets-store-provider-azure/templates/_helpers.tpl
@@ -0,0 +1,34 @@
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "sscdpa.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "sscdpa.fullname" -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Standard labels for helm resources
+*/}}
+{{- define "sscdpa.labels" -}}
+labels:
+  heritage: "{{ .Release.Service }}"
+  release: "{{ .Release.Name }}"
+  revision: "{{ .Release.Revision }}"
+  chart: "{{ .Chart.Name }}"
+  chartVersion: "{{ .Chart.Version }}"
+  app: {{ template "sscdpa.name" . }}
+{{- end -}}
diff --git a/charts/csi-secrets-store-provider-azure/templates/provider-azure-installer-windows.yaml b/charts/csi-secrets-store-provider-azure/templates/provider-azure-installer-windows.yaml
@@ -0,0 +1,37 @@
+{{- if .Values.windows.enabled}}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ template "sscdpa.fullname" . }}-windows
+  namespace: {{ .Release.Namespace }}
+{{ include "sscdpa.labels" . | indent 2 }}
+spec:
+  updateStrategy:
+    type: RollingUpdate
+  selector:
+    matchLabels:
+      app: {{ template "sscdpa.name" . }}
+  template:
+    metadata:
+{{ include "sscdpa.labels" . | indent 6 }}
+    spec:
+      containers:
+        - name: provider-azure-installer
+          image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
+          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          resources:
+{{ toYaml .Values.windows.resources | indent 12 }}
+          env:
+            - name: TARGET_DIR
+              value: "C:\\k\\secrets-store-csi-providers"
+          volumeMounts:
+            - mountPath: "C:\\k\\secrets-store-csi-providers"
+              name: providervol
+      volumes:
+        - name: providervol
+          hostPath:
+            path: "C:\\k\\secrets-store-csi-providers"
+            type: DirectoryOrCreate
+      nodeSelector:
+        beta.kubernetes.io/os: windows
+{{- end -}}
diff --git a/charts/csi-secrets-store-provider-azure/templates/provider-azure-installer.yaml b/charts/csi-secrets-store-provider-azure/templates/provider-azure-installer.yaml
@@ -0,0 +1,36 @@
+{{- if .Values.linux.enabled}}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ template "sscdpa.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+{{ include "sscdpa.labels" . | indent 2 }}
+spec:
+  updateStrategy:
+    type: RollingUpdate
+  selector:
+    matchLabels:
+      app: {{ template "sscdpa.name" . }}
+  template:
+    metadata:
+{{ include "sscdpa.labels" . | indent 6 }}
+    spec:
+      containers:
+        - name: provider-azure-installer
+          image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
+          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          resources:
+{{ toYaml .Values.linux.resources | indent 12 }}
+          env:
+            - name: TARGET_DIR
+              value: "/etc/kubernetes/secrets-store-csi-providers"
+          volumeMounts:
+            - mountPath: "/etc/kubernetes/secrets-store-csi-providers"
+              name: providervol
+      volumes:
+        - name: providervol
+          hostPath:
+            path: "/etc/kubernetes/secrets-store-csi-providers"
+      nodeSelector:
+        beta.kubernetes.io/os: linux
+{{- end -}}
diff --git a/charts/csi-secrets-store-provider-azure/values.yaml b/charts/csi-secrets-store-provider-azure/values.yaml
@@ -0,0 +1,34 @@
+image:
+  repository: mcr.microsoft.com/k8s/csi/secrets-store/provider-azure
+  tag: 0.0.5
+  pullPolicy: IfNotPresent
+
+linux:
+  enabled: true
+  resources:
+    requests:
+      cpu: 50m
+      memory: 100Mi
+    limits:
+      cpu: 50m
+      memory: 100Mi
+
+windows:
+  enabled: false
+  resources:
+    requests:
+      cpu: 100m
+      memory: 200Mi
+    limits:
+      cpu: 100m
+      memory: 200Mi
+
+## Configuration values for the secrets-store-csi-driver dependency.
+## ref: https://github.com/kubernetes-sigs/secrets-store-csi-driver/tree/master/charts/secrets-store-csi-driver/README.md
+##
+secrets-store-csi-driver:
+  install: true
+  linux:
+    enabled: true
+  windows:
+    enabled: false
diff --git a/charts/index.yaml b/charts/index.yaml
@@ -0,0 +1,26 @@
+apiVersion: v1
+entries:
+  csi-secrets-store-provider-azure:
+  - apiVersion: v1
+    appVersion: 0.0.5
+    created: "2020-04-29T12:35:37.793794-07:00"
+    dependencies:
+    - condition: driver.install
+      name: secrets-store-csi-driver
+      repository: https://raw.githubusercontent.com/kubernetes-sigs/secrets-store-csi-driver/master/charts
+      version: 0.0.9
+    description: A Helm chart to install the Secrets Store CSI Driver and the Azure
+      Keyvault Provider inside a Kubernetes cluster.
+    digest: b1b4cfe79c87fd2139e5ee498040d78678ac480940c00b245711edbe6516451e
+    home: https://github.com/Azure/secrets-store-csi-driver-provider-azure
+    kubeVersion: '>=1.16.0-0'
+    maintainers:
+    - email: [email protected]
+      name: Anish Ramasekar
+    name: csi-secrets-store-provider-azure
+    sources:
+    - https://github.com/Azure/secrets-store-csi-driver-provider-azure
+    urls:
+    - https://raw.githubusercontent.com/Azure/secrets-store-csi-driver-provider-azure/master/charts/csi-secrets-store-provider-azure-0.0.5.tgz
+    version: 0.0.5
+generated: "2020-04-29T12:35:37.790031-07:00"
diff --git a/deployment/provider-azure-installer-windows.yaml b/deployment/provider-azure-installer-windows.yaml
@@ -3,7 +3,7 @@ kind: DaemonSet
 metadata:
   labels:
     app: csi-secrets-store-provider-azure
-  name: csi-secrets-store-provider-azure
+  name: csi-secrets-store-provider-azure-windows
 spec:
   updateStrategy:
     type: RollingUpdate
@@ -19,7 +19,7 @@ spec:
         beta.kubernetes.io/os: windows
       containers:
         - name: provider-azure-installer
-          image: mcr.microsoft.com/k8s/csi/secrets-store/provider-azure:0.0.4
+          image: mcr.microsoft.com/k8s/csi/secrets-store/provider-azure:0.0.5
           imagePullPolicy: Always
           resources:
             requests:

diff --git a/deployment/provider-azure-installer.yaml b/deployment/provider-azure-installer.yaml
@@ -17,7 +17,7 @@ spec:
     spec:
       containers:
         - name: provider-azure-installer
-          image: mcr.microsoft.com/k8s/csi/secrets-store/provider-azure:0.0.4
+          image: mcr.microsoft.com/k8s/csi/secrets-store/provider-azure:0.0.5
           imagePullPolicy: Always
           resources:
             requests: