alauda / captain Goto Github PK

View Code? Open in Web Editor NEW

187.0 187.0 46.0 7.37 MB

A Helm 3 Controller

License: Apache License 2.0

Dockerfile 0.66% Makefile 1.14% Shell 3.77% Go 94.43%

docker helm helm-charts helm-controller kubernetes kubernetes-controller kubernetes-operator

captain's Introduction

alauda

A command-line interface for the Alauda Container Platform.

Usage

$ alauda
Alauda CLI

Usage:
  alauda [command]

Available Commands:
  help        Help about any command
  kubectl     kubectl controls the Kubernetes cluster manager
  version     Display version of Alauda CLI

Flags:
  -h, --help   help for alauda

Use "alauda [command] --help" for more information about a command.

Building alauda

To build and install the alauda CLI:

make build

To uninstall:

make clean

Testing alauda

Place a valid kubeconfig file named config in the $HOME/.kube directory.
Run:

make test

captain's People

Contributors

Stargazers

Watchers

captain's Issues

add a cluster selector or regular expression in spec.

#add new feature#

For now Captain CRD helmrequst can either use spec.clusterName to install chart on one specific cluster or use spec.installToAllClusters to install chart on all clusters.

So maybe add a cluster selector or Regular Expression make it more flexible.

Are created resources also watched?

does this operator watch resources created by the helm charts? In other words if a chart created a deployment and some user changes the deployment spec, will this chart restored the desired version as defined by the chart?

Have to periodically restart captain pod to refresh Webhook TLS

Issue seems related to #39 but can be fixed by restarting the captain pod:

2020/05/06 09:37:27 http: TLS handshake error from 10.154.0.39:42920: remote error: tls: bad certificate
2020/05/06 09:37:27 http: TLS handshake error from 10.154.0.39:42922: remote error: tls: bad certificate
E0506 09:37:27.292953       1 controller.go:275] error syncing 'default/nginx-ingress': Internal error occurred: failed calling webhook "mutate-helmrequest.app.alauda.io": Post https://captain-webhook.captain-system.svc:443/mutate?timeout=30s: x509: certificate signed by unknown authority, requeuing
2020-05-06T09:37:27.293Z	DEBUG	controller-runtime.manager.events	Warning	{"object": {"kind":"HelmRequest","namespace":"default","name":"nginx-ingress","uid":"913adf6e-3f7c-4224-9cd6-58b442798a46","apiVersion":"app.alauda.io/v1alpha1","resourceVersion":"485785"}, "reason": "FailedDelete", "message": "Delete HelmRequest nginx-ingress error : Internal error occurred: failed calling webhook \"mutate-helmrequest.app.alauda.io\": Post https://captain-webhook.captain-system.svc:443/mutate?timeout=30s: x509: certificate signed by unknown authority"}

Deployed from manifest https://github.com/alauda/captain/blob/v1.0.1/artifacts/all/deploy.yaml after editing the captain image to use v1.0.1.

通过hr安装apisix日志显示异常

apisix的chart版本为2.5.0，apisix镜像版本为3.5.0-centos，apisix-ingress-controller版本为1.7.0，使用helm命令行安装时没有问题，但通过captain的hr安装时，apisix-ingress-controller的pod日志如下所示：

奇怪的是，虽然日志报错了，但pod状态正常，但通过apisix创建的stream_route没法正常访问（helm命令行安装时能正常访问）：

请教一下可能是哪里的问题

webhook certificate

kubectl apply -f nginx.yml --insecure-skip-tls-verify=true
Error from server (InternalError): error when creating "nginx.yml": Internal error occurred: failed calling webhook "mutate-helmrequest.app.alauda.io": Post https://captain-webhook.captain-system.svc:443/mutate?timeout=30s: x509: certificate signed by unknown authority

Annotation的值为空时，会正常下发HR，状态为Synced（不符合预期，原生helm会直接报错）

当某个CR的Annotation在渲染后为空值时，Captain会正常下发HR，并且会丢失掉所有Annotation；而原生Helm在这种情况下是不会下发的，会在下发时直接报错Error: INSTALLATION FAILED: unable to build kubernetes objects from release manifest: error validating "": error validating data: unknown object type "nil" in xxxxxx

captain安装失败

根据官方的介绍，需要根据 https://raw.githubusercontent.com/alauda/captain/master/artifacts/all/deploy.yaml进行kubectl apply操作。
但是https://raw.githubusercontent.com这个域名无法访问，请教一下解决的方法，谢谢！

HelmRquest创建成功，相应的资源没有被创建

您好，我根据https://blog.csdn.net/weixin_43296313/article/details/123209381的思路，通过JAVA API的方式成功创建了HelmRequest，但是K8S中被没有任何的资源被创建，谢谢！

captain有计划升级helm版本吗

目前看到captain依赖的helm版本为fork的3.6.4，新版的[email protected]作了一些更改，会导致本地渲染成功而captain渲染失败的情况

Service resource upgrade issue

2019/08/28 03:01:06 Cannot patch Service: "istio-galley" (Service "istio-galley" is invalid: spec.clusterIP: Invalid value: "": field is immutable)
2019/08/28 03:01:06 Deleted Service: "istio-galley"
2019/08/28 03:01:06 Created a new Service called "istio-galley"

删除hr时报错

首先我创建了一个hr资源文件（3-install-vela-core.yaml）用于安装vela：

可以看到这个文件于四天前执行并且成功了：

现在我想要根据yaml删除安装的vela，于是报错了：

查看了deploy的状态也是正常的：

多次尝试删除也是同样的错，于是我再次apply该文件，并且显示创建成功了，但pod和deploy还是4天前创建的那个：

然后再次尝试删除，成功了。。

虽然pod和deploy被删除了，但hr任然存在，这会导致从java端通过apply安装vela-core时报错：

what do they mean in release:chartData、configData、hooksData、manifestData

Post https://captain.captain.svc:443/mutate?timeout=30s: x509: certificate signed by unknown authority

kubernetes 1.16.2
captain docker: docker.io/alaudapublic/captain:v0.9.4
cert-manager-cainjector:v0.11.0
captain install with the chart https://github.com/alauda/captain/tree/master/charts/captain
than kubectl create -f /captain/helmrequest.yaml

apiVersion: app.alauda.io/v1alpha1
kind: HelmRequest
metadata:
  name: mysql
 namespace: default
spec:
  chart: stable/mysql
  namespace: default
  releaseName: mysql
  clusterName: ""
  installToAllClusters: false
  values:
    mysqlRootPassword: root
    mysqlUser: mysql
    mysqlPassword: mysql
    mysqlDatabase: mydb

Show Error from server (InternalError): error when creating "/captain/helmrequest.yaml": Internal error occurred: failed calling webhook "mutate-helmrequest.app.alauda.io": Post https://captain.captain.svc:443/mutate?timeout=30s: x509: certificate signed by unknown authority

apiVersion: admissionregistration.k8s.io/v1
kind: ValidatingWebhookConfiguration
metadata:
  creationTimestamp: "2019-11-27T03:32:10Z"
  generation: 23
  name: captain
  resourceVersion: "27431066"
  selfLink: /apis/admissionregistration.k8s.io/v1/validatingwebhookconfigurations/captain
  uid: 127aa15d-a7a4-45f6-a9c9-6461e2915fd8
webhooks:
- admissionReviewVersions:
  - v1beta1
  clientConfig:
    caBundle: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURjVENDQWxtZ0F3SUJBZ0lRZWs4bDNSZHlQVk9aK2RUUlFRZ1VtakFOQmdrcWhraUc5dzBCQVFzRkFEQTEKTVJVd0V3WURWUVFLRXd4alpYSjBMVzFoYm1GblpYSXhIREFhQmdOVkJBTVRFMk5oY0hSaGFXNHVZMkZ3ZEdGcApiaTV6ZG1Nd0hoY05NVGt4TVRJNE1UVXlNak14V2hjTk1qQXdNakkyTVRVeU1qTXhXakExTVJVd0V3WURWUVFLCkV3eGpaWEowTFcxaGJtRm5aWEl4SERBYUJnTlZCQU1URTJOaGNIUmhhVzR1WTJGd2RHRnBiaTV6ZG1Nd2dnRWkKTUEwR0NTcUdTSWIzRFFFQkFRVUFBNElCRHdBd2dnRUtBb0lCQVFEWThOa2sycXo2bnpFQkhJcTQ5ZDFGTUhJSwp1c0hBbWJGellXTVptM0syd3FreXFRMVptRHhlM1QyVmlYSDVIMm5FQnBwc1FxUW83OVpWMzNTcmxNVkJ3OUFuCm5kZityN3VabW1kSjJFY1VrZy9lU0ZWck0wbkgwQXJOZmN3SnMwd2FBa2pST1FDZjFKQ2NROGkrajJYVFA1ZVMKVkx5TU4wTFZVZ1lZTzhudE41YndJcVdUZXJHUmRWNnIwVUpVNkFieTNpWkNtTEpYZ2lzZHNYY3ZyM2tkbU1TNgpvellMSWY2ZmprckxEbU0wdlNhRkV2Sm9jV0NhWEdqTU1NUWlRajRTM1BPUHN2UjFYMjkyM21pSnl3amdOd2h6CktLSEVwbXRDamdCOWl6Z1VQdGZJVkc3L2xhZXNOMkhJZDJ3M1FabUFSb2h3M2Z0TnhPdHEyMUU2TW1rNUFnTUIKQUFHamZUQjdNQTRHQTFVZER3RUIvd1FFQXdJRm9EQU1CZ05WSFJNQkFmOEVBakFBTUZzR0ExVWRFUVJVTUZLQwpFMk5oY0hSaGFXNHVZMkZ3ZEdGcGJpNXpkbU9DSVdOaGNIUmhhVzR1WTJGd2RHRnBiaTV6ZG1NdVkyeDFjM1JsCmNpNXNiMk5oYklJUFkyRndkR0ZwYmk1allYQjBZV2x1Z2dkallYQjBZV2x1TUEwR0NTcUdTSWIzRFFFQkN3VUEKQTRJQkFRQzJJbG5ybktRdXJJeWNFdmhDb004SlRkU3VOL052OFRLRGhRR3pjSWxZY0Y3SXNtQk5KQ29SOU1mcQprY1MrVlU1S2d6RWZnZVdxZi9vZUEvWUVEbWozb1Z0REdOK0JlQUE1SzBwd0tKWENGbWJ0VHdBcEdtbUc5Z0ttCnZrbU9SM0JkMVhZRUl5QkJLU1RFMHliUWhkaGdEc3NERFl5bVUzVnVnRlZmSi81VXR4Tmd0WVQ5WVVkbkZuUGYKWlQ1ODhkNGdRWVdCUHArQk5xbTU5ZThHcUt3c2FldDRnUzFlamhydjRrcDZzaVprSFYrNE1sM0ZmVzJTTCs3NwpMekgxMVl6SGpGSjgxM0trd3picXRrSU90dFJMN1NGK1NPekpaaHVXZ3RSYzQ3dllhaG5kUDNucWovUUV0VDB1CkpGQm1WenVYbzgza0ZhWFlydFdGeW04UzlUTUcKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
    service:
      name: captain
      namespace: captain
      path: /mutate
      port: 443
  failurePolicy: Fail
  matchPolicy: Exact
  name: validate-helmrequest.app.alauda.io
  namespaceSelector: {}
  objectSelector: {}
  rules:
  - apiGroups:
    - app.alauda.io
    apiVersions:
    - v1alpha1
    operations:
    - CREATE
    - UPDATE
    resources:
    - helmrequests
    scope: '*'
  sideEffects: Unknown
  timeoutSeconds: 30

apiVersion: cert-manager.io/v1alpha2
kind: Certificate
metadata:
  creationTimestamp: '2019-11-28T15:19:57Z'
  generation: 3
  labels:
    app: captain
  name: captain-serving-cert
  namespace: captain
  resourceVersion: '27430216'
  selfLink: >-
    /apis/cert-manager.io/v1alpha2/namespaces/captain/certificates/captain-serving-cert
  uid: c9db34eb-7955-421b-8111-3d426b136653
spec:
  commonName: captain.captain.svc
  dnsNames:
    - captain.captain.svc
    - captain.captain.svc.cluster.local
    - captain.captain
    - captain
  issuerRef:
    kind: Issuer
    name: captain-selfsigned-issuer
  secretName: captain-webhook-cert
status:
  conditions:
    - lastTransitionTime: '2019-11-28T15:22:31Z'
      message: Certificate is up to date and has not expired
      reason: Ready
      status: 'True'
      type: Ready
  notAfter: '2020-02-26T15:22:31Z'

apiVersion: cert-manager.io/v1alpha2
kind: Issuer
metadata:
  creationTimestamp: '2019-11-28T15:18:58Z'
  generation: 1
  labels:
    app: captain
  name: captain-selfsigned-issuer
  namespace: captain
  resourceVersion: '27427658'
  selfLink: >-
    /apis/cert-manager.io/v1alpha2/namespaces/captain/issuers/captain-selfsigned-issuer
  uid: 26b91cb6-64ea-4649-be46-a43a4cced2c9
spec:
  selfSigned: {}
status:
  conditions:
    - lastTransitionTime: '2019-11-28T15:18:58Z'
      reason: IsReady
      status: 'True'
      type: Ready

kind: Secret
apiVersion: v1
metadata:
  name: captain-webhook-cert
  namespace: captain
  selfLink: /api/v1/namespaces/captain/secrets/captain-webhook-cert
  uid: b833003f-a6c4-41c9-b722-38c5ae66c6ec
  resourceVersion: '27430214'
  creationTimestamp: '2019-11-28T15:22:31Z'
  annotations:
    cert-manager.io/alt-names: >-
      captain.captain.svc,captain.captain.svc.cluster.local,captain.captain,captain
    cert-manager.io/certificate-name: captain-serving-cert
    cert-manager.io/common-name: captain.captain.svc
    cert-manager.io/ip-sans: ''
    cert-manager.io/issuer-kind: Issuer
    cert-manager.io/issuer-name: captain-selfsigned-issuer
    cert-manager.io/uri-sans: ''
data:
  ca.crt: >-
    LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURjVENDQWxtZ0F3SUJBZ0lRZWs4bDNSZHlQVk9aK2RUUlFRZ1VtakFOQmdrcWhraUc5dzBCQVFzRkFEQTEKTVJVd0V3WURWUVFLRXd4alpYSjBMVzFoYm1GblpYSXhIREFhQmdOVkJBTVRFMk5oY0hSaGFXNHVZMkZ3ZEdGcApiaTV6ZG1Nd0hoY05NVGt4TVRJNE1UVXlNak14V2hjTk1qQXdNakkyTVRVeU1qTXhXakExTVJVd0V3WURWUVFLCkV3eGpaWEowTFcxaGJtRm5aWEl4SERBYUJnTlZCQU1URTJOaGNIUmhhVzR1WTJGd2RHRnBiaTV6ZG1Nd2dnRWkKTUEwR0NTcUdTSWIzRFFFQkFRVUFBNElCRHdBd2dnRUtBb0lCQVFEWThOa2sycXo2bnpFQkhJcTQ5ZDFGTUhJSwp1c0hBbWJGellXTVptM0syd3FreXFRMVptRHhlM1QyVmlYSDVIMm5FQnBwc1FxUW83OVpWMzNTcmxNVkJ3OUFuCm5kZityN3VabW1kSjJFY1VrZy9lU0ZWck0wbkgwQXJOZmN3SnMwd2FBa2pST1FDZjFKQ2NROGkrajJYVFA1ZVMKVkx5TU4wTFZVZ1lZTzhudE41YndJcVdUZXJHUmRWNnIwVUpVNkFieTNpWkNtTEpYZ2lzZHNYY3ZyM2tkbU1TNgpvellMSWY2ZmprckxEbU0wdlNhRkV2Sm9jV0NhWEdqTU1NUWlRajRTM1BPUHN2UjFYMjkyM21pSnl3amdOd2h6CktLSEVwbXRDamdCOWl6Z1VQdGZJVkc3L2xhZXNOMkhJZDJ3M1FabUFSb2h3M2Z0TnhPdHEyMUU2TW1rNUFnTUIKQUFHamZUQjdNQTRHQTFVZER3RUIvd1FFQXdJRm9EQU1CZ05WSFJNQkFmOEVBakFBTUZzR0ExVWRFUVJVTUZLQwpFMk5oY0hSaGFXNHVZMkZ3ZEdGcGJpNXpkbU9DSVdOaGNIUmhhVzR1WTJGd2RHRnBiaTV6ZG1NdVkyeDFjM1JsCmNpNXNiMk5oYklJUFkyRndkR0ZwYmk1allYQjBZV2x1Z2dkallYQjBZV2x1TUEwR0NTcUdTSWIzRFFFQkN3VUEKQTRJQkFRQzJJbG5ybktRdXJJeWNFdmhDb004SlRkU3VOL052OFRLRGhRR3pjSWxZY0Y3SXNtQk5KQ29SOU1mcQprY1MrVlU1S2d6RWZnZVdxZi9vZUEvWUVEbWozb1Z0REdOK0JlQUE1SzBwd0tKWENGbWJ0VHdBcEdtbUc5Z0ttCnZrbU9SM0JkMVhZRUl5QkJLU1RFMHliUWhkaGdEc3NERFl5bVUzVnVnRlZmSi81VXR4Tmd0WVQ5WVVkbkZuUGYKWlQ1ODhkNGdRWVdCUHArQk5xbTU5ZThHcUt3c2FldDRnUzFlamhydjRrcDZzaVprSFYrNE1sM0ZmVzJTTCs3NwpMekgxMVl6SGpGSjgxM0trd3picXRrSU90dFJMN1NGK1NPekpaaHVXZ3RSYzQ3dllhaG5kUDNucWovUUV0VDB1CkpGQm1WenVYbzgza0ZhWFlydFdGeW04UzlUTUcKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
  tls.crt: >-
    LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURjVENDQWxtZ0F3SUJBZ0lRZWs4bDNSZHlQVk9aK2RUUlFRZ1VtakFOQmdrcWhraUc5dzBCQVFzRkFEQTEKTVJVd0V3WURWUVFLRXd4alpYSjBMVzFoYm1GblpYSXhIREFhQmdOVkJBTVRFMk5oY0hSaGFXNHVZMkZ3ZEdGcApiaTV6ZG1Nd0hoY05NVGt4TVRJNE1UVXlNak14V2hjTk1qQXdNakkyTVRVeU1qTXhXakExTVJVd0V3WURWUVFLCkV3eGpaWEowTFcxaGJtRm5aWEl4SERBYUJnTlZCQU1URTJOaGNIUmhhVzR1WTJGd2RHRnBiaTV6ZG1Nd2dnRWkKTUEwR0NTcUdTSWIzRFFFQkFRVUFBNElCRHdBd2dnRUtBb0lCQVFEWThOa2sycXo2bnpFQkhJcTQ5ZDFGTUhJSwp1c0hBbWJGellXTVptM0syd3FreXFRMVptRHhlM1QyVmlYSDVIMm5FQnBwc1FxUW83OVpWMzNTcmxNVkJ3OUFuCm5kZityN3VabW1kSjJFY1VrZy9lU0ZWck0wbkgwQXJOZmN3SnMwd2FBa2pST1FDZjFKQ2NROGkrajJYVFA1ZVMKVkx5TU4wTFZVZ1lZTzhudE41YndJcVdUZXJHUmRWNnIwVUpVNkFieTNpWkNtTEpYZ2lzZHNYY3ZyM2tkbU1TNgpvellMSWY2ZmprckxEbU0wdlNhRkV2Sm9jV0NhWEdqTU1NUWlRajRTM1BPUHN2UjFYMjkyM21pSnl3amdOd2h6CktLSEVwbXRDamdCOWl6Z1VQdGZJVkc3L2xhZXNOMkhJZDJ3M1FabUFSb2h3M2Z0TnhPdHEyMUU2TW1rNUFnTUIKQUFHamZUQjdNQTRHQTFVZER3RUIvd1FFQXdJRm9EQU1CZ05WSFJNQkFmOEVBakFBTUZzR0ExVWRFUVJVTUZLQwpFMk5oY0hSaGFXNHVZMkZ3ZEdGcGJpNXpkbU9DSVdOaGNIUmhhVzR1WTJGd2RHRnBiaTV6ZG1NdVkyeDFjM1JsCmNpNXNiMk5oYklJUFkyRndkR0ZwYmk1allYQjBZV2x1Z2dkallYQjBZV2x1TUEwR0NTcUdTSWIzRFFFQkN3VUEKQTRJQkFRQzJJbG5ybktRdXJJeWNFdmhDb004SlRkU3VOL052OFRLRGhRR3pjSWxZY0Y3SXNtQk5KQ29SOU1mcQprY1MrVlU1S2d6RWZnZVdxZi9vZUEvWUVEbWozb1Z0REdOK0JlQUE1SzBwd0tKWENGbWJ0VHdBcEdtbUc5Z0ttCnZrbU9SM0JkMVhZRUl5QkJLU1RFMHliUWhkaGdEc3NERFl5bVUzVnVnRlZmSi81VXR4Tmd0WVQ5WVVkbkZuUGYKWlQ1ODhkNGdRWVdCUHArQk5xbTU5ZThHcUt3c2FldDRnUzFlamhydjRrcDZzaVprSFYrNE1sM0ZmVzJTTCs3NwpMekgxMVl6SGpGSjgxM0trd3picXRrSU90dFJMN1NGK1NPekpaaHVXZ3RSYzQ3dllhaG5kUDNucWovUUV0VDB1CkpGQm1WenVYbzgza0ZhWFlydFdGeW04UzlUTUcKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
  tls.key: >-
    LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcEFJQkFBS0NBUUVBMlBEWkpOcXMrcDh4QVJ5S3VQWGRSVEJ5Q3JyQndKbXhjMkZqR1p0eXRzS3BNcWtOCldaZzhYdDA5bFlseCtSOXB4QWFhYkVLa0tPL1dWZDkwcTVURlFjUFFKNTNYL3ErN21acG5TZGhIRkpJUDNraFYKYXpOSng5QUt6WDNNQ2JOTUdnSkkwVGtBbjlTUW5FUEl2bzlsMHorWGtsUzhqRGRDMVZJR0dEdko3VGVXOENLbAprM3F4a1hWZXE5RkNWT2dHOHQ0bVFwaXlWNElySGJGM0w2OTVIWmpFdXFNMkN5SCtuNDVLeXc1ak5MMG1oUkx5CmFIRmdtbHhvekRERUlrSStFdHp6ajdMMGRWOXZkdDVvaWNzSTREY0ljeWloeEtaclFvNEFmWXM0RkQ3WHlGUnUKLzVXbnJEZGh5SGRzTjBHWmdFYUljTjM3VGNUcmF0dFJPakpwT1FJREFRQUJBb0lCQVFDR1M0S0F1QVpCRjI4RQpteUNkSTBhWTRFYVlzY2ZqYk1GWEJjQ05SNWVaMzZOU1F5aUtnQjFQTkhJOU1kcW1OM1lIN1hhRzhqSWhUV2RICnZZN0I4TlN6dzM0R0tFWmYyWFd1dnRDVi9CYjBldjdyd2Fkdk4wN0RMTnlqSE83RVNvUWZ6YTQ2SnFsbVIvWkYKWmdqTlBvUHdZL3Qya0pJdjByM0N4SVlWVmwzSVJHOWZaRFZCbUcvbENqYlNUM01uOGdvcGdZc2tNVkxYWVFRLwpKZzRzdjlsdVd2c2ZSR3RaMy9xU2hyVnlacjQrR1Z2VjBSYlRta1hYUVlGYlZIaEJ4Z2FJbXgvT25TVWRjUkxiCnAzeFpYRDQvMUUzejNwaEJhRFVrRGxCT1hVRittWmkxZExJTVJ3ZzVhYjZ3Q3hLTnZjc0laZS9zK2VldnNSaTgKREttRGJ1Q3BBb0dCQVBWVGZHTFgrb2ozOXlxamNDaUF2K1NpTnVKYUxRUk1UU2Zhcm1TYkRQM0kwNXYzQ0NJaApvV2JYazh5eWVMQUd1b0lNVGZZNExtTjNCN2h2TEdFS29OeStSREU1K0lFRnF6QndEdTlnc0xLZlZoQmJscVJKCk1CcGZ4bEpvZytaMEdIWWNyc3pBTEczdlJEMmltYk9JWnk0T0VrTHd3MURVRlNiTUUvbTRkZWRMQW9HQkFPSmgKTXRIb3p4YWJSWkNaS3pEZ2dSNDkyZWZvbUNqTzYrVFZZUFZQTXNyTWk2Y0crWi9IanUwME1EUkMxZnVqcnVoNQpjZlAzNnhmSU91QjNWTTRzUC8wTDhkRW5FTW1EeUJWTXZKRjVhZktIU0g1aDB1aFJlTkxzSDFNakVLSW4zM1hvCkZyYXNjVUxzT1ovSit1N3VsVFN5MmVWK09ZNVBSeVRxM3BRTGk4c0xBb0dBTkZ5UlcvZUZQZDdQSG9hcjFibEYKTytOem0zUnJ6MU1KMU12VUZSMFM5TWY4Z25tRGZ1VjJzYUNwcHpNZ2wxR1lWVkdUQWs2VGVCOWJ3bjNZRnc1UgpyMHZjK2pUSldhQ0FIV0tOallJeHRLNVZqRUJBTXVoOEgrVDVTM1dMVVpETjk4ZS9kMnc5RDJuV1F1R0Z0TkFVClZid2pJYTZKd2FMQ3NQazEra0xveDJrQ2dZRUF2b25qRld5bmlUYU5tY1JoNXhTL2VLM0VqLzVrdTh4V0hsZysKOEpxRmZNNG5LU0drejRoTzAzWWVzSTRrdjFXbzdVRHkyYzZzMEdxV3E4R2szcGUrRUFXU3RtRDBMemk5R3Jobwo2dVRQZVBQRzM2RUV2TWQrTThITUo5U1d0blZyRHptV2pKQ2VFQjcxN1hrNnZRcVJDVGNVVWFZcFdZOStxU01LCnpuN2RYYnNDZ1lCL2dVU0ZjZjZDa3dWRFlZL3FHbGlxNHUwNnl2dFYwZU8wSENHMjdkcnpWb0ZPL0crcDBFVTgKUVRTRW40azdCbit2WVlrbXZ4TVQ0VmpMQjI0TTZmMlBGMVl4TlJCaEhpeXdlcnZmSnlNYlRJd1V3SzBaOHRyRgo1V0VITXl2dmVlV0Q2TmNTU0wvQVJTdUZEMDQvbTgyRG50bE9qaGpkd1NsRkhQc01vaFdYT0E9PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo=
type: kubernetes.io/tls

HelmReques创建成功后，怎么查看具体创建了哪些k8s的资源？

当前HelmReques创建成功后，并没有生成helm的实例，无法通过helm命令管理，那么HelmReques将chart包中包含的pod、pvc、svc等资源创建成功后，如何查看这个HelmReques具体创建了哪些k8s的资源呢？

Failed to install mysql-operator with wrong url

I tried to install mysql-operator, but failed, it seemded helm-controller used wrong address to download chart package.

chartrepo

apiVersion: app.alauda.io/v1alpha1
kind: ChartRepo
metadata:
  name: presslabs
  namespace: captain-system
spec:
  url: https://presslabs.github.io/charts

heml request

Name:         mysql-operator
Namespace:    default
Labels:       <none>
Annotations:  kubectl.kubernetes.io/last-applied-configuration:
                {"apiVersion":"app.alauda.io/v1alpha1","kind":"HelmRequest","metadata":{"annotations":{},"name":"mysql-operator","namespace":"default"},"s...
API Version:  app.alauda.io/v1alpha1
Kind:         HelmRequest
Metadata:
  Creation Timestamp:  2020-02-17T09:38:51Z
  Finalizers:
    captain.cpaas.io
  Generation:        1
  Resource Version:  31048
  Self Link:         /apis/app.alauda.io/v1alpha1/namespaces/default/helmrequests/mysql-operator
  UID:               9ce1521f-c4bc-4c61-9c48-240c01f21b4a
Spec:
  Chart:         presslabs/mysql-operator
  Namespace:     presslabs
  Release Name:  mysql-operator
  Values:
    Extra Args:
      --metrics-exporter-image=registry.bluven.me:5000/bluven/mysqld-exporter:v0.11.0
    Image:  registry.bluven.me:5000/bluven/mysql-operator:0.3.8
    Orchestrator:
      Image:        registry.bluven.me:5000/bluven/mysql-operator-orchestrator:0.3.8
    Replicas:       1
    Sidecar Image:  registry.bluven.me:5000/bluven/mysql-operator-sidecar:0.3.8
Status:
  Phase:  Failed
Events:
  Type     Reason      Age                  From     Message
  ----     ------      ----                 ----     -------
  Warning  FailedSync  15m (x23 over 104m)  captain  failed to fetch https://presslabs.github.io/charts/https://presslabs.github.io/charts/mysql-operator-0.3.8.tgz : 404 Not Found

ChartRepo改为使用OCI后，无法正确部署Chart

以用之前Repo方式时，可以正常部署，因为安全问题升级Repo为OCI，代码也按照文档进行了相应的修改，用之前Chart包进行测试，发现无法正确部署，使用kubectl get hr -n test查看显示Failed，使用kubectl describe hr test-server -n test查看显示如下信息：
Name: test-server
Namespace: test
Labels:
Annotations:
API Version: app.alauda.io/v1
Kind: HelmRequest
Metadata:
Creation Timestamp: 2024-02-26T07:11:33Z
Finalizers:
captain.cpaas.io
Generation: 1
Managed Fields:
API Version: app.alauda.io/v1
Fields Type: FieldsV1
fieldsV1:
f:metadata:
f:annotations:
.:
f:kubectl.kubernetes.io/last-applied-configuration:
f:spec:
.:
f:namespace:
f:releaseName:
f:source:
.:
f:oci:
.:
f:repo:
f:secretRef:
f:version:
Manager: kubectl-client-side-apply
Operation: Update
Time: 2024-02-26T07:11:33Z
API Version: app.alauda.io/v1
Fields Type: FieldsV1
fieldsV1:
f:metadata:
f:finalizers:
.:
v:"captain.cpaas.io":
f:status:
.:
f:phase:
f:reason:
Manager: manager
Operation: Update
Time: 2024-02-27T01:54:38Z
Resource Version: 120895991
Self Link: /apis/app.alauda.io/v1/namespaces/abc-dev/helmrequests/test-server
UID: 61579eaf-3457-4fb3-9a88-9cc4c5b56821
Spec:
Namespace: test
Release Name: test-server
Source:
Oci:
Repo: devtest.chartrepo.com/chart-lh/test-server
Secret Ref: secretocirepo
Version: 0.1.8
Status:
Phase: Failed
Reason: manifest does not contain a layer with mediatype application/tar+gzip
Events:
Type Reason Age From Message

Warning FailedSync 59s (x85 over 18h) captain manifest does not contain a layer with mediatype application/tar+gzip

create HelmRequest error

captain-controller-manager: 1.3.1
描述：我按照 README.md 中描述的方式安装，以及替换默认的 helmrepo 仓库地址为 https://charts.bitnami.com/bitnami
根据 captain-controller-manager 的日志中可以看到同步 https://charts.bitnami.com/bitnami 下面的 helm repo 都成功了；但是有以条日志一直在间隔时间出现 “W0712 05:24:29.042097 1 info.go:62] no cluster found:the server could not find the requested resource (get clusters.clusterregistry.k8s.io)
W0712 05:24:29.042175 1 cluster.go:33] No cluster crd found, disable multi cluster supportthe server could not find the requested resource (get clusters.clusterregistry.k8s.io)”
当我安装你们提供的示例文件去安装 nginx 的时候出现失败
提示：'parse error at (nginx/charts/common/templates/_secrets.tpl:84): function
"lookup" not defined'
我还需要怎么做才可以消除这个错误
！谢谢

How to upgrade and rollback HelmRequest ?

How to upgrade and rollback HelmRequest ?
I use Java Client. Can I update the HelmRequest yaml to do this?

Adjust crd fields order in kubectl get

Remove reosurce requirement in charts

no need

use harbor for helm server

Warning FailedSync 33s captain chartrepos.app.alauda.io "harbor_chart" not found

how to fix it ?

controller-manager restart 69

root@master:/home/kylin# kubectl get pod -A
NAMESPACE        NAME                                                     READY   STATUS    RESTARTS   AGE
captain-system   captain-controller-manager-787dfdcb6d-4qrd5              1/1     Running   69         17h
ingress-nginx    nginx-ingress-controller-54b45947b7-6zfxr                1/1     Running   0          17h
ingress-nginx    nginx-ingress-controller-54b45947b7-tjxnb                1/1     Running   0          17h

17h. restart 69

arch	arm64
image	alaudapublic/captain:v1.2.2-arm64 alaudapublic/captain-cert-init:v1.0-arm64
k8s	1.15

elastic error log

pod	时间	内容
captain-controller-manager-787dfdcb6d-4qrd5	2020/9/9 9:16	2020-09-09T01:16:47.969Z ERROR setup problem running manager {"error": "leader election lost"}
captain-controller-manager-787dfdcb6d-4qrd5	2020/9/9 8:53	2020-09-09T00:53:43.267Z ERROR setup problem running manager {"error": "leader election lost"}
captain-controller-manager-787dfdcb6d-4qrd5	2020/9/9 8:53	github.com/go-logr/zapr.(*zapLogger).Error
captain-controller-manager-787dfdcb6d-4qrd5	2020/9/9 8:52	2020-09-09T00:52:32.968Z ERROR setup problem running manager {"error": "leader election lost"}
captain-controller-manager-787dfdcb6d-4qrd5	2020/9/9 8:52	github.com/go-logr/zapr.(*zapLogger).Error
captain-controller-manager-787dfdcb6d-4qrd5	2020/9/9 8:47	2020-09-09T00:47:52.267Z ERROR setup problem running manager {"error": "leader election lost"}
captain-controller-manager-787dfdcb6d-4qrd5	2020/9/9 8:47	github.com/go-logr/zapr.(*zapLogger).Error
captain-controller-manager-787dfdcb6d-4qrd5	2020/9/9 8:36	2020-09-09T00:36:24.475Z ERROR controllers.ChartRepo sync chartrepo failed {"chartrepo": "captain-system/stable", "error": "error unmarshaling JSON: while decoding JSON: parsing time ""2020-09-08T23:29:11.7048529"" as ""2006-01-02T15:04:05Z07:00"": cannot parse """ as "Z07:00""}
captain-controller-manager-787dfdcb6d-4qrd5	2020/9/9 8:36	github.com/go-logr/zapr.(*zapLogger).Error
captain-controller-manager-787dfdcb6d-4qrd5	2020/9/9 8:29	2020-09-09T00:29:18.667Z ERROR setup problem running manager {"error": "leader election lost"}
captain-controller-manager-787dfdcb6d-4qrd5	2020/9/9 8:29	github.com/go-logr/zapr.(*zapLogger).Error
captain-controller-manager-787dfdcb6d-4qrd5	2020/9/9 8:28	2020-09-09T00:28:23.868Z ERROR setup problem running manager {"error": "leader election lost"}
captain-controller-manager-787dfdcb6d-4qrd5	2020/9/9 8:28	github.com/go-logr/zapr.(*zapLogger).Error
captain-controller-manager-787dfdcb6d-4qrd5	2020/9/9 7:51	2020-09-08T23:51:47.468Z ERROR setup problem running manager {"error": "leader election lost"}
captain-controller-manager-787dfdcb6d-4qrd5	2020/9/9 7:51	github.com/go-logr/zapr.(*zapLogger).Error
captain-controller-manager-787dfdcb6d-4qrd5	2020/9/9 7:17	2020-09-08T23:17:05.867Z ERROR setup problem running manager {"error": "leader election lost"}
captain-controller-manager-787dfdcb6d-4qrd5	2020/9/9 7:17	github.com/go-logr/zapr.(*zapLogger).Error
captain-controller-manager-787dfdcb6d-4qrd5	2020/9/9 7:00	2020-09-08T23:00:24.467Z ERROR setup problem running manager {"error": "leader election lost"}
captain-controller-manager-787dfdcb6d-4qrd5	2020/9/9 7:00	github.com/go-logr/zapr.(*zapLogger).Error
captain-controller-manager-787dfdcb6d-4qrd5	2020/9/9 6:49	2020-09-08T22:49:58.867Z ERROR setup problem running manager {"error": "leader election lost"}

helmrequest更新

以mongodb为例：
修改HelmRequest的密码为123456（原先的密码为admin123123），CRD的内容已经更新。

与之对应的保密字典中的密码还是之前的（解码后仍为admin123123）

mongodb用新密码或旧密码都无法连接。

通过hr安装vela-core异常

1.我的HelmRequest如下所示：

2.如果部署成功，将会创建如下pod（这是之前通过hr成功创建的结果）：

3.但是现在执行了hr后，得到的却是如下的pod，并且一直创建不成功:

4.查看captain-controller-manager日志如下：

日志提示“failed pre-install: timed out waiting for the condition”，是有什么条件不满足吗？还是其他什么问题

如何用captain来upgrade一个subchart呢？

如果我们想要ugprade一个umbrella chart底下的一个subchart，来实现只更新一个subservice而不对其它已经deploy的service产生影响。我们要怎么用captain实现以前的helm upgrade command?

是需要改变spec.values里的值，然后运行kubectl replace -f xx.yaml吗？

generate Java codes from CustomResourceDefinition error

hello。

我们公司的开发语言是java。目前使用的是官方的sdk。https://github.com/kubernetes-client/java

官方对众多编程语言的sdk是通过openapi规范来自动生成的。昨天我找到了官方指导怎样生成crd对应的object实体类的文章。https://github.com/kubernetes-client/java/blob/e679a13248cfdf437460292cab0635c5cd54adcc/docs/generate-model-from-third-party-resources.md

然后我按照官方的指导方法进行了测试。下面是生成的类文件。

weihai@deepin:~/Desktop/java$ tree
.
├── src
│   └── main
│       └── java
│           └── io
│               └── kubernetes
│                   └── client
│                       └── models
│                           ├── ComCoreosMonitoringV1AlertmanagerList.java
│                           ├── ComCoreosMonitoringV1PodMonitorList.java
│                           ├── ComCoreosMonitoringV1PrometheusList.java
│                           ├── ComCoreosMonitoringV1PrometheusRuleList.java
│                           ├── ComCoreosMonitoringV1PrometheusRuleListMetadata.java
│                           ├── ComCoreosMonitoringV1ServiceMonitorList.java
│                           ├── IoAlaudaAppV1alpha1ChartList.java
│                           ├── IoAlaudaAppV1alpha1ChartRepoList.java
│                           ├── IoAlaudaAppV1alpha1HelmRequestList.java
│                           └── IoAlaudaAppV1alpha1ReleaseList.java
└── swagger.json

关于captain相关的只有list相关的类，没有具体的类文件。

然后我回过头读官方的说明

TL;DR: This document will be useful when you extend third-party resources into your kubernetes cluster e.g. CustomResourceDefinition and try to program java to operate the extended APIs. The generation process requires your CRD to be defined with structral-schema.

我认为可能是crd定义不是特别严格的原因。我对比了官方示例(crontabs.stable.example.com)和HelmRequest(helmrequests.app.alauda.io)的定义的yaml文件。

很大的嫌疑应该是这里

##helmrequests

  validation:
    # openAPIV3Schema is the schema for validating custom objects.
    openAPIV3Schema:
      properties:
        spec:
          required:
            - chart

##crontabs.stable.example.com

validation:
    openAPIV3Schema:
      type: object
      properties:
        spec:
          type: object
          properties:
            cronSpec:
              type: string
            image:
              type: string
            replicas:
              type: integer

然后我按照官方的demo执行了一次。一共生成了3个文件

ComExampleStableV1CronTab.java
ComExampleStableV1CronTabList.java
ComExampleStableV1CronTabSpec.java

然后再查看ComExampleStableV1CronTabSpec.java文件。里面的三个属性就是crd定义中validation.openAPIV3Schema.properties.spec里面的内容

/*
 * Kubernetes
 * No description provided (generated by Openapi Generator https://github.com/openapitools/openapi-generator)
 *
 * The version of the OpenAPI document: v1.15.5
 * 
 *
 * NOTE: This class is auto generated by OpenAPI Generator (https://openapi-generator.tech).
 * https://openapi-generator.tech
 * Do not edit the class manually.
 */


package io.kubernetes.client.models;

import org.apache.commons.lang3.builder.EqualsBuilder;
import org.apache.commons.lang3.builder.HashCodeBuilder;
import java.util.Objects;
import java.util.Arrays;
import com.google.gson.TypeAdapter;
import com.google.gson.annotations.JsonAdapter;
import com.google.gson.annotations.SerializedName;
import com.google.gson.stream.JsonReader;
import com.google.gson.stream.JsonWriter;
import io.swagger.annotations.ApiModel;
import io.swagger.annotations.ApiModelProperty;
import java.io.IOException;

/**
 * ComExampleStableV1CronTabSpec
 */
@javax.annotation.Generated(value = "org.openapitools.codegen.languages.JavaClientCodegen", date = "2020-02-29T02:41:11.514Z[Etc/UTC]")
public class ComExampleStableV1CronTabSpec {
  public static final String SERIALIZED_NAME_CRON_SPEC = "cronSpec";
  @SerializedName(SERIALIZED_NAME_CRON_SPEC)
  private String cronSpec;

  public static final String SERIALIZED_NAME_IMAGE = "image";
  @SerializedName(SERIALIZED_NAME_IMAGE)
  private String image;

  public static final String SERIALIZED_NAME_REPLICAS = "replicas";
  @SerializedName(SERIALIZED_NAME_REPLICAS)
  private Integer replicas;


  public ComExampleStableV1CronTabSpec cronSpec(String cronSpec) {
    
    this.cronSpec = cronSpec;
    return this;
  }

   /**
   * Get cronSpec
   * @return cronSpec
  **/
  @javax.annotation.Nullable
  @ApiModelProperty(value = "")

  public String getCronSpec() {
    return cronSpec;
  }


  public void setCronSpec(String cronSpec) {
    this.cronSpec = cronSpec;
  }


  public ComExampleStableV1CronTabSpec image(String image) {
    
    this.image = image;
    return this;
  }

   /**
   * Get image
   * @return image
  **/
  @javax.annotation.Nullable
  @ApiModelProperty(value = "")

  public String getImage() {
    return image;
  }


  public void setImage(String image) {
    this.image = image;
  }


  public ComExampleStableV1CronTabSpec replicas(Integer replicas) {
    
    this.replicas = replicas;
    return this;
  }

   /**
   * Get replicas
   * @return replicas
  **/
  @javax.annotation.Nullable
  @ApiModelProperty(value = "")

  public Integer getReplicas() {
    return replicas;
  }


  public void setReplicas(Integer replicas) {
    this.replicas = replicas;
  }


  @Override
  public boolean equals(java.lang.Object o) {
    return EqualsBuilder.reflectionEquals(this, o);
  }

  @Override
  public int hashCode() {
    return HashCodeBuilder.reflectionHashCode(this);
  }


  @Override
  public String toString() {
    StringBuilder sb = new StringBuilder();
    sb.append("class ComExampleStableV1CronTabSpec {\n");
    sb.append("    cronSpec: ").append(toIndentedString(cronSpec)).append("\n");
    sb.append("    image: ").append(toIndentedString(image)).append("\n");
    sb.append("    replicas: ").append(toIndentedString(replicas)).append("\n");
    sb.append("}");
    return sb.toString();
  }

  /**
   * Convert the given object to string with each line indented by 4 spaces
   * (except the first line).
   */
  private String toIndentedString(java.lang.Object o) {
    if (o == null) {
      return "null";
    }
    return o.toString().replace("\n", "\n    ");
  }

}

所以，希望官方可以把crd的validation补充的更详细一点，然后就可以生成各种语言的sdk了。

Issues with charts does not have default versions

If a HelmRequest does not specify a version field, and the charts does not have a default version in the repo, the HelmRequest will failed