Created
June 14, 2022 01:32
-
-
Save bgrant0607/cfc9c5b5e1e7ade8e0fcd0df2f003acc to your computer and use it in GitHub Desktop.
Create a namespace blueprint by forking an existing helm chart
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Fork https://github.com/nghnam/kube-common-setup | |
git clone https://github.com/<user>/kube-common-setup | |
git remote add upstream https://github.com/nghnam/kube-common-setup | |
git remote set-url --push upstream no-push | |
git checkout -b patched –no-track | |
cd templates | |
vi namespace.yaml | |
Copy 6 labels lines and change to annotations: .,$s/labels/annotations/ | |
git commit -a | |
git push origin patched | |
Create new repo ns-values | |
git clone https://github.com/<user>/ns-values | |
cd ns-values | |
git remote -v | |
cp ../kube-common-setup/values.yaml . | |
more values.yaml | |
What does isolated mean? dockerconfigjson? | |
grep isolated templates/*.yaml | |
grep dockerconfigjson templates/*.yaml | |
cd .. | |
helm template test kube-common-setup -f ns-values/values.yaml --output-dir test | |
ls test/k8s-common/templates/ | |
cat test/k8s-common/templates/isolate-network-policies.yaml | |
cat test/k8s-common/templates/regcreds.yaml | |
rm -rf test | |
Change ns-values/values.yaml to backend[123] with label istio-injection: enabled and annotation network-type: mesh. Also 3 service accounts, 1 for each namespace and rolebinding | |
helm template test kube-common-setup -f ns-values/values.yaml --output-dir test | |
ls test/k8s-common/templates/ | |
cat test/k8s-common/templates/namespaces.yaml | |
cat test/k8s-common/templates/role-bindings.yaml | |
There’s a bug – refers to the iam namespace in the subject. That was hardcoded in the template. Also, the name is app-admin-app-admin. Redundant. Fixing that would require more significant changes. For now, will just change to same namespace as the RoleBinding. Also, the chart uses an old API version for the RoleBinding. Update it to v1. | |
cd kube-common-setup/templates | |
vi role-bindings.yaml | |
Change iam to {{ .namespace }} | |
git commit -a | |
git push origin patched | |
cd ../.. | |
rm -rf test | |
helm template test kube-common-setup -f ns-values/values.yaml --output-dir test | |
cd test/k8s-common/templates/ | |
cat role-bindings.yaml | |
cd - | |
cd ns-values | |
git status | |
git add values.yaml | |
git commit | |
git push origin main | |
cd .. | |
helm install mysetup kube-common-setup -f ns-values/values.yaml | |
Could set up GitOps instead. For now, will have to helm upgrade by hand. | |
Can see the namespaces in the dashboard. | |
cd ns-values | |
Remove all namespaces and SAs from values.yaml by making empty lists | |
git commit -a | |
git push origin main | |
cd .. | |
helm upgrade mysetup kube-common-setup -f ns-values/values.yaml | |
helm uninstall mysetup |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment