AB#2583: deploy autoscaler via helm (#438)

cli/internal/helm/testdata/Azure/constellation-services/charts/autoscaler/templates/azure-deployment.yaml

@@ -0,0 +1,79 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: constellation-cluster-autoscaler
+  namespace: testNamespace
+  labels:
+    app.kubernetes.io/instance: constellation
+    app.kubernetes.io/managed-by: Constellation
+    app.kubernetes.io/name: cluster-autoscaler
+spec:
+  replicas: 0
+  selector:
+    matchLabels:
+      app.kubernetes.io/instance: constellation
+      app.kubernetes.io/name: cluster-autoscaler
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/instance: constellation
+        app.kubernetes.io/name: cluster-autoscaler
+    spec:
+      containers:
+        - name: cluster-autoscaler
+          image: autoscalerImage
+          imagePullPolicy: IfNotPresent
+          livenessProbe:
+            httpGet:
+              path: /health-check
+              port: 8085
+          ports:
+            - containerPort: 8085
+          env:
+            - name: ARM_SUBSCRIPTION_ID
+              valueFrom:
+                secretKeyRef:
+                  key: SubscriptionID
+                  name: cluster-autoscaler-azure
+            - name: ARM_RESOURCE_GROUP
+              valueFrom:
+                secretKeyRef:
+                  key: ResourceGroup
+                  name: cluster-autoscaler-azure
+            - name: ARM_TENANT_ID
+              valueFrom:
+                secretKeyRef:
+                  key: TenantID
+                  name: cluster-autoscaler-azure
+            - name: ARM_CLIENT_ID
+              valueFrom:
+                secretKeyRef:
+                  key: ClientID
+                  name: cluster-autoscaler-azure
+            - name: ARM_CLIENT_SECRET
+              valueFrom:
+                secretKeyRef:
+                  key: ClientSecret
+                  name: cluster-autoscaler-azure
+            - name: ARM_VM_TYPE
+              valueFrom:
+                secretKeyRef:
+                  key: VMType
+                  name: cluster-autoscaler-azure
+          resources: {}
+      dnsPolicy: ClusterFirst
+      nodeSelector:
+        node-role.kubernetes.io/control-plane: ""
+      priorityClassName: system-cluster-critical
+      serviceAccountName: constellation-cluster-autoscaler
+      tolerations:
+        - effect: NoSchedule
+          key: node-role.kubernetes.io/master
+          operator: Exists
+        - effect: NoSchedule
+          key: node-role.kubernetes.io/control-plane
+          operator: Exists
+        - effect: NoSchedule
+          key: node.cloudprovider.kubernetes.io/uninitialized
+          operator: Equal
+          value: "true"

cli/internal/helm/testdata/Azure/constellation-services/charts/autoscaler/templates/azure-secret.yaml

@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: cluster-autoscaler-azure
+  namespace: testNamespace
+data:
+  ClientID: QXBwQ2xpZW50SUQ=
+  ClientSecret: Q2xpZW50U2VjcmV0VmFsdWU=
+  ResourceGroup: cmVzb3VyY2VHcm91cA==
+  SubscriptionID: c3Vic2NyaXB0aW9uSUQ=
+  TenantID: VGVuYW50SUQ=
+  # b64encode("vmss")
+  VMType: dm1zcw==

cli/internal/helm/testdata/Azure/constellation-services/charts/autoscaler/templates/clusterrole.yaml

@@ -0,0 +1,138 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: constellation-cluster-autoscaler
+  labels:
+    app.kubernetes.io/instance: constellation
+    app.kubernetes.io/managed-by: Constellation
+    app.kubernetes.io/name: cluster-autoscaler
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - events
+  - endpoints
+  verbs:
+  - create
+  - patch
+- apiGroups:
+  - ""
+  resources:
+  - pods/eviction
+  verbs:
+  - create
+- apiGroups:
+  - ""
+  resources:
+  - pods/status
+  verbs:
+  - update
+- apiGroups:
+  - ""
+  resourceNames:
+  - cluster-autoscaler
+  resources:
+  - endpoints
+  verbs:
+  - get
+  - update
+- apiGroups:
+  - ""
+  resources:
+  - nodes
+  verbs:
+  - watch
+  - list
+  - get
+  - update
+- apiGroups:
+  - ""
+  resources:
+  - namespaces
+  - pods
+  - services
+  - replicationcontrollers
+  - persistentvolumeclaims
+  - persistentvolumes
+  verbs:
+  - watch
+  - list
+  - get
+- apiGroups:
+  - batch
+  resources:
+  - jobs
+  - cronjobs
+  verbs:
+  - watch
+  - list
+  - get
+- apiGroups:
+  - batch
+  - extensions
+  resources:
+  - jobs
+  verbs:
+  - get
+  - list
+  - patch
+  - watch
+- apiGroups:
+  - extensions
+  resources:
+  - replicasets
+  - daemonsets
+  verbs:
+  - watch
+  - list
+  - get
+- apiGroups:
+  - policy
+  resources:
+  - poddisruptionbudgets
+  verbs:
+  - watch
+  - list
+- apiGroups:
+  - apps
+  resources:
+  - daemonsets
+  - replicasets
+  - statefulsets
+  verbs:
+  - watch
+  - list
+  - get
+- apiGroups:
+  - storage.k8s.io
+  resources:
+  - storageclasses
+  - csinodes
+  - csidrivers
+  - csistoragecapacities
+  verbs:
+  - watch
+  - list
+  - get
+- apiGroups:
+  - ""
+  resources:
+  - configmaps
+  verbs:
+  - list
+  - watch
+- apiGroups:
+  - coordination.k8s.io
+  resources:
+  - leases
+  verbs:
+  - create
+- apiGroups:
+  - coordination.k8s.io
+  resourceNames:
+  - cluster-autoscaler
+  resources:
+  - leases
+  verbs:
+  - get
+  - update

cli/internal/helm/testdata/Azure/constellation-services/charts/autoscaler/templates/clusterrolebinding.yaml

@@ -0,0 +1,17 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: constellation-cluster-autoscaler
+  namespace: testNamespace
+  labels:
+    app.kubernetes.io/instance: constellation
+    app.kubernetes.io/managed-by: Constellation
+    app.kubernetes.io/name: cluster-autoscaler
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: constellation-cluster-autoscaler
+subjects:
+- kind: ServiceAccount
+  name: constellation-cluster-autoscaler
+  namespace: testNamespace

cli/internal/helm/testdata/Azure/constellation-services/charts/autoscaler/templates/poddisruptionbudget.yaml

@@ -0,0 +1,15 @@
+apiVersion: policy/v1
+kind: PodDisruptionBudget
+metadata:
+  name: constellation-cluster-autoscaler
+  namespace: testNamespace
+  labels:
+    app.kubernetes.io/instance: constellation
+    app.kubernetes.io/managed-by: Constellation
+    app.kubernetes.io/name: cluster-autoscaler
+spec:
+  maxUnavailable: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/instance: constellation
+      app.kubernetes.io/name: cluster-autoscaler

cli/internal/helm/testdata/Azure/constellation-services/charts/autoscaler/templates/role.yaml

@@ -0,0 +1,26 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: constellation-cluster-autoscaler
+  namespace: testNamespace
+  labels:
+    app.kubernetes.io/instance: constellation
+    app.kubernetes.io/managed-by: Constellation
+    app.kubernetes.io/name: cluster-autoscaler
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - configmaps
+  verbs:
+  - create
+- apiGroups:
+  - ""
+  resourceNames:
+  - cluster-autoscaler-status
+  resources:
+  - configmaps
+  verbs:
+  - delete
+  - get
+  - update

cli/internal/helm/testdata/Azure/constellation-services/charts/autoscaler/templates/rolebinding.yaml

@@ -0,0 +1,17 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: constellation-cluster-autoscaler
+  namespace: testNamespace
+  labels:
+    app.kubernetes.io/instance: constellation
+    app.kubernetes.io/managed-by: Constellation
+    app.kubernetes.io/name: cluster-autoscaler
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: constellation-cluster-autoscaler
+subjects:
+- kind: ServiceAccount
+  name: constellation-cluster-autoscaler
+  namespace: kube-system

cli/internal/helm/testdata/Azure/constellation-services/charts/autoscaler/templates/service.yaml

@@ -0,0 +1,19 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: constellation-cluster-autoscaler
+  namespace: testNamespace
+  labels:
+    app.kubernetes.io/instance: constellation
+    app.kubernetes.io/managed-by: Constellation
+    app.kubernetes.io/name: cluster-autoscaler
+spec:
+  ports:
+  - name: http
+    port: 8085
+    protocol: TCP
+    targetPort: 8085
+  selector:
+    app.kubernetes.io/instance: constellation
+    app.kubernetes.io/name: cluster-autoscaler
+  type: ClusterIP

cli/internal/helm/testdata/Azure/constellation-services/charts/autoscaler/templates/serviceaccount.yaml

@@ -0,0 +1,10 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: constellation-cluster-autoscaler
+  namespace: testNamespace
+  labels:
+    app.kubernetes.io/instance: constellation
+    app.kubernetes.io/managed-by: Constellation
+    app.kubernetes.io/name: cluster-autoscaler
+automountServiceAccountToken: true

cli/internal/helm/testdata/Azure/constellation-services/charts/ccm/templates/azure-daemonset.yaml

@@ -1,4 +1,3 @@
-
 apiVersion: apps/v1
 kind: DaemonSet
 metadata:
@@ -16,31 +15,31 @@ spec:
         k8s-app: cloud-controller-manager
     spec:
       containers:
-      - name: cloud-controller-manager
-        image: ccmImageForAzure
-        command:
-        - cloud-controller-manager
-        - --cloud-provider=azure
-        - --leader-elect=true
-        - -v=2
-        - --controllers=*,-cloud-node
-        - --cloud-config=/etc/azure/azure.json
-        - --allocate-node-cidrs=false
-        - --configure-cloud-routes=false
-        resources: {}
-        volumeMounts:
-        - name: etckubernetes
-          mountPath: /etc/kubernetes
-          readOnly: true
-        - name: etcssl
-          mountPath: /etc/ssl
-          readOnly: true
-        - name: etcpki
-          mountPath: /etc/pki
-          readOnly: true
-        - name: azureconfig
-          mountPath: /etc/azure
-          readOnly: true
+        - name: cloud-controller-manager
+          image: ccmImageForAzure
+          command:
+          - cloud-controller-manager
+          - --cloud-provider=azure
+          - --leader-elect=true
+          - -v=2
+          - --controllers=*,-cloud-node
+          - --cloud-config=/etc/azure/azure.json
+          - --allocate-node-cidrs=false
+          - --configure-cloud-routes=false
+          volumeMounts:
+          - name: etckubernetes
+            mountPath: /etc/kubernetes
+            readOnly: true
+          - name: etcssl
+            mountPath: /etc/ssl
+            readOnly: true
+          - name: etcpki
+            mountPath: /etc/pki
+            readOnly: true
+          - name: azureconfig
+            mountPath: /etc/azure
+            readOnly: true
+          resources: {}
       nodeSelector:
         node-role.kubernetes.io/control-plane: ""
       serviceAccountName: cloud-controller-manager

cli/internal/helm/testdata/Azure/constellation-services/charts/ccm/templates/azure-secret.yaml

@@ -1,4 +1,3 @@
-
 apiVersion: v1
 kind: Secret
 metadata:
@@ -6,4 +5,3 @@ metadata:
   namespace: testNamespace
 data:
   azure.json: YmFhYWFhYWQ=
-

cli/internal/helm/testdata/GCP/constellation-services/charts/autoscaler/templates/clusterrole.yaml

@@ -0,0 +1,138 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: constellation-cluster-autoscaler
+  labels:
+    app.kubernetes.io/instance: constellation
+    app.kubernetes.io/managed-by: Constellation
+    app.kubernetes.io/name: cluster-autoscaler
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - events
+  - endpoints
+  verbs:
+  - create
+  - patch
+- apiGroups:
+  - ""
+  resources:
+  - pods/eviction
+  verbs:
+  - create
+- apiGroups:
+  - ""
+  resources:
+  - pods/status
+  verbs:
+  - update
+- apiGroups:
+  - ""
+  resourceNames:
+  - cluster-autoscaler
+  resources:
+  - endpoints
+  verbs:
+  - get
+  - update
+- apiGroups:
+  - ""
+  resources:
+  - nodes
+  verbs:
+  - watch
+  - list
+  - get
+  - update
+- apiGroups:
+  - ""
+  resources:
+  - namespaces
+  - pods
+  - services
+  - replicationcontrollers
+  - persistentvolumeclaims
+  - persistentvolumes
+  verbs:
+  - watch
+  - list
+  - get
+- apiGroups:
+  - batch
+  resources:
+  - jobs
+  - cronjobs
+  verbs:
+  - watch
+  - list
+  - get
+- apiGroups:
+  - batch
+  - extensions
+  resources:
+  - jobs
+  verbs:
+  - get
+  - list
+  - patch
+  - watch
+- apiGroups:
+  - extensions
+  resources:
+  - replicasets
+  - daemonsets
+  verbs:
+  - watch
+  - list
+  - get
+- apiGroups:
+  - policy
+  resources:
+  - poddisruptionbudgets
+  verbs:
+  - watch
+  - list
+- apiGroups:
+  - apps
+  resources:
+  - daemonsets
+  - replicasets
+  - statefulsets
+  verbs:
+  - watch
+  - list
+  - get
+- apiGroups:
+  - storage.k8s.io
+  resources:
+  - storageclasses
+  - csinodes
+  - csidrivers
+  - csistoragecapacities
+  verbs:
+  - watch
+  - list
+  - get
+- apiGroups:
+  - ""
+  resources:
+  - configmaps
+  verbs:
+  - list
+  - watch
+- apiGroups:
+  - coordination.k8s.io
+  resources:
+  - leases
+  verbs:
+  - create
+- apiGroups:
+  - coordination.k8s.io
+  resourceNames:
+  - cluster-autoscaler
+  resources:
+  - leases
+  verbs:
+  - get
+  - update

cli/internal/helm/testdata/GCP/constellation-services/charts/autoscaler/templates/clusterrolebinding.yaml

@@ -0,0 +1,17 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: constellation-cluster-autoscaler
+  namespace: testNamespace
+  labels:
+    app.kubernetes.io/instance: constellation
+    app.kubernetes.io/managed-by: Constellation
+    app.kubernetes.io/name: cluster-autoscaler
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: constellation-cluster-autoscaler
+subjects:
+- kind: ServiceAccount
+  name: constellation-cluster-autoscaler
+  namespace: testNamespace

cli/internal/helm/testdata/GCP/constellation-services/charts/autoscaler/templates/gcp-deployment.yaml

@@ -0,0 +1,59 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: constellation-cluster-autoscaler
+  namespace: testNamespace
+  labels:
+    app.kubernetes.io/instance: constellation
+    app.kubernetes.io/managed-by: Constellation
+    app.kubernetes.io/name: cluster-autoscaler
+spec:
+  replicas: 0
+  selector:
+    matchLabels:
+      app.kubernetes.io/instance: constellation
+      app.kubernetes.io/name: cluster-autoscaler
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/instance: constellation
+        app.kubernetes.io/name: cluster-autoscaler
+    spec:
+      containers:
+      - name: cluster-autoscaler
+        image: autoscalerImage
+        imagePullPolicy: IfNotPresent
+        livenessProbe:
+          httpGet:
+            path: /health-check
+            port: 8085
+        ports:
+          - containerPort: 8085
+        resources: {}
+        volumeMounts:
+          - mountPath: /var/secrets/google
+            name: gcekey
+            readOnly: true
+        env:
+          - name: GOOGLE_APPLICATION_CREDENTIALS
+            value: /var/secrets/google/key.json
+      dnsPolicy: ClusterFirst
+      nodeSelector:
+        node-role.kubernetes.io/control-plane: ""
+      priorityClassName: system-cluster-critical
+      serviceAccountName: constellation-cluster-autoscaler
+      tolerations:
+        - effect: NoSchedule
+          key: node-role.kubernetes.io/master
+          operator: Exists
+        - effect: NoSchedule
+          key: node-role.kubernetes.io/control-plane
+          operator: Exists
+        - effect: NoSchedule
+          key: node.cloudprovider.kubernetes.io/uninitialized
+          operator: Equal
+          value: "true"
+      volumes:
+        - name: gcekey
+          secret:
+            secretName: gcekey

cli/internal/helm/testdata/GCP/constellation-services/charts/autoscaler/templates/poddisruptionbudget.yaml

@@ -0,0 +1,15 @@
+apiVersion: policy/v1
+kind: PodDisruptionBudget
+metadata:
+  name: constellation-cluster-autoscaler
+  namespace: testNamespace
+  labels:
+    app.kubernetes.io/instance: constellation
+    app.kubernetes.io/managed-by: Constellation
+    app.kubernetes.io/name: cluster-autoscaler
+spec:
+  maxUnavailable: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/instance: constellation
+      app.kubernetes.io/name: cluster-autoscaler

cli/internal/helm/testdata/GCP/constellation-services/charts/autoscaler/templates/role.yaml

@@ -0,0 +1,26 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: constellation-cluster-autoscaler
+  namespace: testNamespace
+  labels:
+    app.kubernetes.io/instance: constellation
+    app.kubernetes.io/managed-by: Constellation
+    app.kubernetes.io/name: cluster-autoscaler
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - configmaps
+  verbs:
+  - create
+- apiGroups:
+  - ""
+  resourceNames:
+  - cluster-autoscaler-status
+  resources:
+  - configmaps
+  verbs:
+  - delete
+  - get
+  - update

cli/internal/helm/testdata/GCP/constellation-services/charts/autoscaler/templates/rolebinding.yaml

@@ -0,0 +1,17 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: constellation-cluster-autoscaler
+  namespace: testNamespace
+  labels:
+    app.kubernetes.io/instance: constellation
+    app.kubernetes.io/managed-by: Constellation
+    app.kubernetes.io/name: cluster-autoscaler
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: constellation-cluster-autoscaler
+subjects:
+- kind: ServiceAccount
+  name: constellation-cluster-autoscaler
+  namespace: kube-system

cli/internal/helm/testdata/GCP/constellation-services/charts/autoscaler/templates/service.yaml

@@ -0,0 +1,19 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: constellation-cluster-autoscaler
+  namespace: testNamespace
+  labels:
+    app.kubernetes.io/instance: constellation
+    app.kubernetes.io/managed-by: Constellation
+    app.kubernetes.io/name: cluster-autoscaler
+spec:
+  ports:
+  - name: http
+    port: 8085
+    protocol: TCP
+    targetPort: 8085
+  selector:
+    app.kubernetes.io/instance: constellation
+    app.kubernetes.io/name: cluster-autoscaler
+  type: ClusterIP

cli/internal/helm/testdata/GCP/constellation-services/charts/autoscaler/templates/serviceaccount.yaml

@@ -0,0 +1,10 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: constellation-cluster-autoscaler
+  namespace: testNamespace
+  labels:
+    app.kubernetes.io/instance: constellation
+    app.kubernetes.io/managed-by: Constellation
+    app.kubernetes.io/name: cluster-autoscaler
+automountServiceAccountToken: true

cli/internal/helm/testdata/GCP/constellation-services/charts/ccm/templates/gcp-cm.yaml

@@ -1,4 +1,3 @@
-
 apiVersion: v1
 kind: ConfigMap
 metadata:
@@ -6,4 +5,3 @@ metadata:
   namespace: testNamespace
 data:
   gce.conf: "[global]\nproject-id = 42424242424242\nuse-metadata-server = true\nnode-tags = constellation-242424242424\n"
-

cli/internal/helm/testdata/GCP/constellation-services/charts/ccm/templates/gcp-daemonset.yaml

@@ -1,4 +1,3 @@
-
 apiVersion: apps/v1
 kind: DaemonSet
 metadata:
@@ -30,9 +29,6 @@ spec:
           - --cidr-allocator-type=CloudAllocator
           - --allocate-node-cidrs=true
           - --configure-cloud-routes=false
-          env:
-            - name: GOOGLE_APPLICATION_CREDENTIALS
-              value: /var/secrets/google/key.json
           volumeMounts:
             - mountPath: /etc/kubernetes
               name: etckubernetes
@@ -50,6 +46,9 @@ spec:
               name: gcekey
               readOnly: true
           resources: {}
+          env:
+            - name: GOOGLE_APPLICATION_CREDENTIALS
+              value: /var/secrets/google/key.json
       serviceAccountName: cloud-controller-manager
       nodeSelector:
         node-role.kubernetes.io/control-plane: ""

cli/internal/helm/testdata/GCP/constellation-services/charts/ccm/templates/gcp-secret.yaml

@@ -1,4 +1,3 @@
-
 apiVersion: v1
 kind: Secret
 metadata:
@@ -6,4 +5,3 @@ metadata:
   namespace: testNamespace
 data:
   key.json: YmFhYWFhYWQ=
-