kubedb · tamalsaha · Apr 30, 2018 · Apr 30, 2018
diff --git a/chart/kubedb/README.md b/chart/kubedb/README.md
@@ -23,6 +23,7 @@ To install the chart with the release name `my-release`:
 ```console
 $ helm install appscode/kubedb --name my-release
 ```
+
 The command deploys KubeDB operator on the Kubernetes cluster in the default configuration. The [configuration](#configuration) section lists the parameters that can be configured during installation.
 
 > **Tip**: List all releases using `helm list`
@@ -39,26 +40,27 @@ The command removes all the Kubernetes components associated with the chart and
 
 ## Configuration
 
-The following tables lists the configurable parameters of the KubeDB chart and their default values.
-
-
-| Parameter                          | Description                                                        | Default            |
-| -----------------------------------| ------------------------------------------------------------------ | ------------------ |
-| `replicaCount`                     | Number of kubedb operator replicas to create (only 1 is supported) | `1`                |
-| `dockerRegistry`                   | Docker registry used to pull KubeDB related images                 | `kubedb`           |
-| `imageTags.operator`               | Tag of KubeDB operator image                                       | `0.8.0-beta.2`     |
-| `imageTags.exporter`               | Tag of KubeDB operator image                                       | `0.8.0-beta.2`     |
-| `imageTags.apiserver`              | Tag of KubeDB server image                                         | `0.1.0-beta.2`     |
-| `imagePullSecrets`                 | Specify image pull secrets                                         | `nil` (does not add image pull secrets to deployed pods) |
-| `imagePullPolicy`                  | Image pull policy                                                  | `IfNotPresent`     |
-| `criticalAddon`                    | If true, installs KubeDB operator as critical addon                | `false`            |
-| `rbac.create`                      | If `true`, create and use RBAC resources                           | `true`             |
-| `serviceAccount.create`            | If `true`, create a new service account                            | `true`             |
-| `serviceAccount.name`              | Service account to be used. If not set and `serviceAccount.create` is `true`, a name is generated using the fullname template | `` |
-| `apiserver.groupPriorityMinimum`   | The minimum priority the group should have.                        | 10000              |
-| `apiserver.versionPriority`        | The ordering of this API inside of the group.                      | 15                 |
-| `apiserver.enableAdmissionWebhook` | Configure apiserver as admission webhooks for KubeDB CRDs          | false              |
-| `apiserver.ca`                     | CA certificate used by main Kubernetes api server                  | ``                 |
+The following table lists the configurable parameters of the KubeDB chart and their default values.
+
+
+| Parameter                           | Description                                                        | Default            |
+| ----------------------------------- | ------------------------------------------------------------------ | ------------------ |
+| `replicaCount`                      | Number of kubedb operator replicas to create (only 1 is supported) | `1`                |
+| `kubedb.registry`                   | Docker registry used to pull Kubedb operator image                 | `kubedb`           |
+| `kubedb.repository`                 | Kubedb operator container image                                    | `operator`         |
+| `kubedb.tag`                        | Kubedb operator container image tag                                | `0.8.0-beta.2`     |
+| `imagePullSecrets`                  | Specify image pull secrets                                         | `nil` (does not add image pull secrets to deployed pods) |
+| `imagePullPolicy`                   | Image pull policy                                                  | `IfNotPresent`     |
+| `criticalAddon`                     | If true, installs KubeDB operator as critical addon                | `false`            |
+| `rbac.create`                       | If `true`, create and use RBAC resources                           | `true`             |
+| `serviceAccount.create`             | If `true`, create a new service account                            | `true`             |
+| `serviceAccount.name`               | Service account to be used. If not set and `serviceAccount.create` is `true`, a name is generated using the fullname template | `` |
+| `apiserver.groupPriorityMinimum`    | The minimum priority the group should have.                        | 10000              |
+| `apiserver.versionPriority`         | The ordering of this API inside of the group.                      | 15                 |
+| `apiserver.enableValidatingWebhook` | Enable validating webhooks for KubeDB CRDs                         | false              |
+| `apiserver.enableMutatingWebhook`   | Enable mutating webhooks for KubeDB CRDs                           | false              |
+| `apiserver.ca`                      | CA certificate used by main Kubernetes api server                  | ``                 |
+| `enableAnalytics`                   | Send usage events to Google Analytics                              | `true`             |
 
 
 Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example:
@@ -79,7 +81,7 @@ By default the chart will not install the recommended RBAC roles and rolebinding
 
 You need to have the flag `--authorization-mode=RBAC` on the api server. See the following document for how to enable [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/).
 
-To determine if your cluster supports RBAC, run the the following command:
+To determine if your cluster supports RBAC, run the following command:
 
 ```console
 $ kubectl api-versions | grep rbac

diff --git a/chart/kubedb/templates/apiregistration.yaml b/chart/kubedb/templates/apiregistration.yaml
@@ -6,14 +6,33 @@
 apiVersion: apiregistration.k8s.io/v1beta1
 kind: APIService
 metadata:
-  name: v1alpha1.admission.kubedb.com
+  name: v1alpha1.validators.kubedb.com
   labels:
     chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
     app: "{{ template "kubedb.name" . }}"
     heritage: "{{ .Release.Service }}"
     release: "{{ .Release.Name }}"
 spec:
-  group: admission.kubedb.com
+  group: validators.kubedb.com
+  version: v1alpha1
+  service:
+    namespace: {{ .Release.Namespace }}
+    name: {{ template "kubedb.fullname" . }}
+  caBundle: {{ b64enc $ca.Cert }}
+  groupPriorityMinimum: {{ .Values.apiserver.groupPriorityMinimum }}
+  versionPriority: {{ .Values.apiserver.versionPriority }}
+---
+apiVersion: apiregistration.k8s.io/v1beta1
+kind: APIService
+metadata:
+  name: v1alpha1.mutators.kubedb.com
+  labels:
+    chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
+    app: "{{ template "kubedb.name" . }}"
+    heritage: "{{ .Release.Service }}"
+    release: "{{ .Release.Name }}"
+spec:
+  group: mutators.kubedb.com
   version: v1alpha1
   service:
     namespace: {{ .Release.Namespace }}
@@ -26,6 +45,7 @@ apiVersion: v1
 kind: Secret
 metadata:
   name: {{ template "kubedb.fullname" . }}-apiserver-cert
+  namespace: {{ .Release.Namespace }}
   labels:
     chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
     app: "{{ template "kubedb.name" . }}"

diff --git a/chart/kubedb/templates/deployment.yaml b/chart/kubedb/templates/deployment.yaml
@@ -2,13 +2,12 @@ apiVersion: apps/v1beta1
 kind: Deployment
 metadata:
   name: {{ template "kubedb.fullname" . }}
+  namespace: {{ .Release.Namespace }}
   labels:
     chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
     app: "{{ template "kubedb.name" . }}"
     heritage: "{{ .Release.Service }}"
     release: "{{ .Release.Name }}"
-  initializers:
-    pending: []
 spec:
   replicas: {{ .Values.replicaCount }}
   selector:
@@ -32,31 +31,26 @@ spec:
       {{- end }}
       containers:
       - name: operator
-        image: {{ .Values.dockerRegistry }}/operator:{{ .Values.imageTags.operator }}
+        image: {{ .Values.kubedb.registry }}/{{ .Values.kubedb.repository }}:{{ .Values.kubedb.tag }}
         imagePullPolicy: {{ .Values.imagePullPolicy  }}
         args:
         - run
         - --v=3
-        - --docker-registry={{ .Values.dockerRegistry }}
-        - --exporter-tag={{ .Values.imageTags.exporter }}
+        - --docker-registry={{ .Values.kubedb.registry }}
+        - --exporter-tag={{ .Values.kubedb.tag }}
         - --governing-service=kubedb
         - --rbac={{ .Values.rbac.create }}
+        - --secure-port=8443
+        - --audit-log-path=-
+        - --tls-cert-file=/var/serving-cert/tls.crt
+        - --tls-private-key-file=/var/serving-cert/tls.key
+        - --enable-analytics={{ .Values.enableAnalytics }}
         env:
         - name: OPERATOR_NAMESPACE
           valueFrom:
             fieldRef:
               apiVersion: v1
               fieldPath: metadata.namespace
-      - name: server
-        image: {{ .Values.dockerRegistry }}/kubedb-server:{{ .Values.imageTags.apiserver }}
-        imagePullPolicy: {{ .Values.imagePullPolicy  }}
-        args:
-        - run
-        - --v=3
-        - --secure-port=8443
-        - --audit-log-path=-
-        - --tls-cert-file=/var/serving-cert/tls.crt
-        - --tls-private-key-file=/var/serving-cert/tls.key
         ports:
         - containerPort: 8443
         volumeMounts:

diff --git a/chart/kubedb/templates/mutating-webhook.yaml b/chart/kubedb/templates/mutating-webhook.yaml
@@ -0,0 +1,103 @@
+{{- if .Values.apiserver.enableMutatingWebhook }}
+apiVersion: admissionregistration.k8s.io/v1beta1
+kind: MutatingWebhookConfiguration
+metadata:
+  name: mutators.kubedb.com
+  labels:
+    chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
+    app: "{{ template "kubedb.name" . }}"
+    heritage: "{{ .Release.Service }}"
+    release: "{{ .Release.Name }}"
+webhooks:
+- name: elasticsearch.mutators.kubedb.com
+  clientConfig:
+    service:
+      namespace: default
+      name: kubernetes
+      path: /apis/mutators.kubedb.com/v1alpha1/elasticsearchs
+    caBundle: {{ b64enc .Values.apiserver.ca }}
+  rules:
+  - apiGroups: ["kubedb.com"]
+    apiVersions: ["*"]
+    resources: ["elasticsearches"]
+    operations: ["CREATE", "UPDATE", "DELETE"]
+  failurePolicy: Fail
+- name: postgres.mutators.kubedb.com
+  clientConfig:
+    service:
+      namespace: default
+      name: kubernetes
+      path: /apis/mutators.kubedb.com/v1alpha1/postgress
+    caBundle: {{ b64enc .Values.apiserver.ca }}
+  rules:
+  - apiGroups: ["kubedb.com"]
+    apiVersions: ["*"]
+    resources: ["postgreses"]
+    operations: ["CREATE", "UPDATE", "DELETE"]
+  failurePolicy: Fail
+- name: mysql.mutators.kubedb.com
+  clientConfig:
+    service:
+      namespace: default
+      name: kubernetes
+      path: /apis/mutators.kubedb.com/v1alpha1/mysqls
+    caBundle: {{ b64enc .Values.apiserver.ca }}
+  rules:
+  - apiGroups: ["kubedb.com"]
+    apiVersions: ["*"]
+    resources: ["mysqls"]
+    operations: ["CREATE", "UPDATE", "DELETE"]
+  failurePolicy: Fail
+- name: mongodb.mutators.kubedb.com
+  clientConfig:
+    service:
+      namespace: default
+      name: kubernetes
+      path: /apis/mutators.kubedb.com/v1alpha1/mongodbs
+    caBundle: {{ b64enc .Values.apiserver.ca }}
+  rules:
+  - apiGroups: ["kubedb.com"]
+    apiVersions: ["*"]
+    resources: ["mongodbs"]
+    operations: ["CREATE", "UPDATE", "DELETE"]
+  failurePolicy: Fail
+- name: redis.mutators.kubedb.com
+  clientConfig:
+    service:
+      namespace: default
+      name: kubernetes
+      path: /apis/mutators.kubedb.com/v1alpha1/rediss
+    caBundle: {{ b64enc .Values.apiserver.ca }}
+  rules:
+  - apiGroups: ["kubedb.com"]
+    apiVersions: ["*"]
+    resources: ["redises"]
+    operations: ["CREATE", "UPDATE", "DELETE"]
+  failurePolicy: Fail
+- name: memcached.mutators.kubedb.com
+  clientConfig:
+    service:
+      namespace: default
+      name: kubernetes
+      path: /apis/mutators.kubedb.com/v1alpha1/memcacheds
+    caBundle: {{ b64enc .Values.apiserver.ca }}
+  rules:
+  - apiGroups: ["kubedb.com"]
+    apiVersions: ["*"]
+    resources: ["memcacheds"]
+    operations: ["CREATE", "UPDATE", "DELETE"]
+  failurePolicy: Fail
+- name: snapshot.mutators.kubedb.com
+  clientConfig:
+    service:
+      namespace: default
+      name: kubernetes
+      path: /apis/mutators.kubedb.com/v1alpha1/snapshots
+    caBundle: {{ b64enc .Values.apiserver.ca }}
+  rules:
+  - apiGroups: ["kubedb.com"]
+    apiVersions: ["*"]
+    resources: ["snapshots"]
+    operations: ["CREATE", "UPDATE"]
+  failurePolicy: Fail
+{{ end }}
diff --git a/chart/kubedb/templates/service-account.yaml b/chart/kubedb/templates/service-account.yaml
@@ -3,6 +3,7 @@ apiVersion: v1
 kind: ServiceAccount
 metadata:
   name: {{ template "kubedb.serviceAccountName" . }}
+  namespace: {{ .Release.Namespace }}
   labels:
     chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
     app: "{{ template "kubedb.name" . }}"

diff --git a/chart/kubedb/templates/service.yaml b/chart/kubedb/templates/service.yaml
@@ -2,6 +2,7 @@ apiVersion: v1
 kind: Service
 metadata:
   name: {{ template "kubedb.fullname" . }}
+  namespace: {{ .Release.Namespace }}
   labels:
     app: "{{ template "kubedb.name" . }}"
     chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"

diff --git a/...tes/validating-webhook-configuration.yaml → .../kubedb/templates/validating-webhook.yaml b/...tes/validating-webhook-configuration.yaml → .../kubedb/templates/validating-webhook.yaml
@@ -1,98 +1,98 @@
-{{- if .Values.apiserver.enableAdmissionWebhook }}
+{{- if .Values.apiserver.enableValidatingWebhook }}
 apiVersion: admissionregistration.k8s.io/v1beta1
 kind: ValidatingWebhookConfiguration
 metadata:
-  name: admission.kubedb.com
+  name: validators.kubedb.com
   labels:
     chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
     app: "{{ template "kubedb.name" . }}"
     heritage: "{{ .Release.Service }}"
     release: "{{ .Release.Name }}"
 webhooks:
-- name: elasticsearch.admission.kubedb.com
+- name: elasticsearch.validators.kubedb.com
   clientConfig:
     service:
       namespace: default
       name: kubernetes
-      path: /apis/admission.kubedb.com/v1alpha1/elasticsearchreviews
+      path: /apis/validators.kubedb.com/v1alpha1/elasticsearchs
     caBundle: {{ b64enc .Values.apiserver.ca }}
   rules:
   - apiGroups: ["kubedb.com"]
     apiVersions: ["*"]
     resources: ["elasticsearches"]
     operations: ["CREATE", "UPDATE", "DELETE"]
   failurePolicy: Fail
-- name: postgres.admission.kubedb.com
+- name: postgres.validators.kubedb.com
   clientConfig:
     service:
       namespace: default
       name: kubernetes
-      path: /apis/admission.kubedb.com/v1alpha1/postgresreviews
+      path: /apis/validators.kubedb.com/v1alpha1/postgress
     caBundle: {{ b64enc .Values.apiserver.ca }}
   rules:
   - apiGroups: ["kubedb.com"]
     apiVersions: ["*"]
     resources: ["postgreses"]
     operations: ["CREATE", "UPDATE", "DELETE"]
   failurePolicy: Fail
-- name: mysql.admission.kubedb.com
+- name: mysql.validators.kubedb.com
   clientConfig:
     service:
       namespace: default
       name: kubernetes
-      path: /apis/admission.kubedb.com/v1alpha1/mysqlreviews
+      path: /apis/validators.kubedb.com/v1alpha1/mysqls
     caBundle: {{ b64enc .Values.apiserver.ca }}
   rules:
   - apiGroups: ["kubedb.com"]
     apiVersions: ["*"]
     resources: ["mysqls"]
     operations: ["CREATE", "UPDATE", "DELETE"]
   failurePolicy: Fail
-- name: mongodb.admission.kubedb.com
+- name: mongodb.validators.kubedb.com
   clientConfig:
     service:
       namespace: default
       name: kubernetes
-      path: /apis/admission.kubedb.com/v1alpha1/mongodbreviews
+      path: /apis/validators.kubedb.com/v1alpha1/mongodbs
     caBundle: {{ b64enc .Values.apiserver.ca }}
   rules:
   - apiGroups: ["kubedb.com"]
     apiVersions: ["*"]
     resources: ["mongodbs"]
     operations: ["CREATE", "UPDATE", "DELETE"]
   failurePolicy: Fail
-- name: redis.admission.kubedb.com
+- name: redis.validators.kubedb.com
   clientConfig:
     service:
       namespace: default
       name: kubernetes
-      path: /apis/admission.kubedb.com/v1alpha1/redisreviews
+      path: /apis/validators.kubedb.com/v1alpha1/rediss
     caBundle: {{ b64enc .Values.apiserver.ca }}
   rules:
   - apiGroups: ["kubedb.com"]
     apiVersions: ["*"]
     resources: ["redises"]
     operations: ["CREATE", "UPDATE", "DELETE"]
   failurePolicy: Fail
-- name: memcached.admission.kubedb.com
+- name: memcached.validators.kubedb.com
   clientConfig:
     service:
       namespace: default
       name: kubernetes
-      path: /apis/admission.kubedb.com/v1alpha1/memcachedreviews
+      path: /apis/validators.kubedb.com/v1alpha1/memcacheds
     caBundle: {{ b64enc .Values.apiserver.ca }}
   rules:
   - apiGroups: ["kubedb.com"]
     apiVersions: ["*"]
     resources: ["memcacheds"]
     operations: ["CREATE", "UPDATE", "DELETE"]
   failurePolicy: Fail
-- name: snapshot.admission.kubedb.com
+- name: snapshot.validators.kubedb.com
   clientConfig:
     service:
       namespace: default
       name: kubernetes
-      path: /apis/admission.kubedb.com/v1alpha1/snapshotreviews
+      path: /apis/validators.kubedb.com/v1alpha1/snapshots
     caBundle: {{ b64enc .Values.apiserver.ca }}
   rules:
   - apiGroups: ["kubedb.com"]