feat: add helm support

Author: jaime merino

charts/sysbox/.helmignore

@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/

charts/sysbox/Chart.yaml

@@ -0,0 +1,24 @@
+apiVersion: v2
+name: sysbox
+description: A Helm chart for Kubernetes
+
+# A chart can be either an 'application' or a 'library' chart.
+#
+# Application charts are a collection of templates that can be packaged into versioned archives
+# to be deployed.
+#
+# Library charts provide useful utilities or functions for the chart developer. They're included as
+# a dependency of application charts to inject those utilities and functions into the rendering
+# pipeline. Library charts do not define any templates and therefore cannot be deployed.
+type: application
+
+# This is the chart version. This version number should be incremented each time you make changes
+# to the chart and its templates, including the app version.
+# Versions are expected to follow Semantic Versioning (https://semver.org/)
+version: 0.1.0
+
+# This is the version number of the application being deployed. This version number should be
+# incremented each time you make changes to the application. Versions are not expected to
+# follow Semantic Versioning. They should reflect the version the application is using.
+# It is recommended to use it with quotes.
+appVersion: "v0.6.7-0"

charts/sysbox/templates/NOTES.txt

@@ -0,0 +1,20 @@
+Sysbox has been installed!
+
+1. Check that the Sysbox DaemonSet is running on your nodes:
+   kubectl get pods -n {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "sysbox.name" . }}" -o wide
+
+2. Verify that the RuntimeClass has been created:
+   kubectl get runtimeclass sysbox-runc
+
+3. You can now deploy pods using Sysbox by adding the runtimeClassName:
+   
+   apiVersion: v1
+   kind: Pod
+   metadata:
+     name: my-sysbox-pod
+   spec:
+     runtimeClassName: sysbox-runc
+     containers:
+     - name: system-container
+       image: ubuntu
+       command: ["sleep", "inf"]

charts/sysbox/templates/_helpers.tpl

@@ -0,0 +1,62 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "sysbox.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "sysbox.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "sysbox.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "sysbox.labels" -}}
+helm.sh/chart: {{ include "sysbox.chart" . }}
+{{ include "sysbox.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "sysbox.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "sysbox.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "sysbox.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create }}
+{{- default (include "sysbox.fullname" .) .Values.serviceAccount.name }}
+{{- else }}
+{{- default "default" .Values.serviceAccount.name }}
+{{- end }}
+{{- end }}

charts/sysbox/templates/config_map.yaml

@@ -0,0 +1,8 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: sysbox-operational-attributes
+  namespace: kube-system
+data:
+  SYSBOX_MGR_CONFIG: ""
+  SYSBOX_FS_CONFIG: ""

charts/sysbox/templates/daemon_set.yaml

@@ -0,0 +1,130 @@
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ include "sysbox.fullname" . }}
+  namespace: kube-system
+spec:
+  selector:
+      matchLabels:
+        sysbox-install: "yes"
+  template:
+    metadata:
+        labels:
+          sysbox-install: "yes"
+    spec:
+      serviceAccountName: sysbox-label-node
+      nodeSelector:
+        sysbox-install: "yes"
+      tolerations:
+      - key: "sysbox-runtime"
+        operator: "Equal"
+        value: "not-running"
+        effect: "NoSchedule"
+      containers:
+      - name: sysbox-deploy-k8s
+        image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
+        imagePullPolicy: {{ .Values.image.pullPolicy }}
+        command: [ "bash", "-c", "/opt/sysbox/scripts/sysbox-deploy-k8s.sh ce install" ]
+        env:
+        - name: NODE_NAME
+          valueFrom:
+            fieldRef:
+              fieldPath: spec.nodeName
+        - name: SYSBOX_MGR_CONFIG
+          valueFrom:
+            configMapKeyRef:
+              name: sysbox-operational-attributes
+              key: SYSBOX_MGR_CONFIG
+        - name: SYSBOX_FS_CONFIG
+          valueFrom:
+            configMapKeyRef:
+              name: sysbox-operational-attributes
+              key: SYSBOX_FS_CONFIG
+        securityContext:
+          privileged: true
+        volumeMounts:
+        - name: host-etc
+          mountPath: /mnt/host/etc
+        - name: host-osrelease
+          mountPath: /mnt/host/os-release
+        - name: host-dbus
+          mountPath: /var/run/dbus
+        - name: host-run-systemd
+          mountPath: /run/systemd
+        - name: host-lib-systemd
+          mountPath: /mnt/host/lib/systemd/system
+        - name: host-etc-systemd
+          mountPath: /mnt/host/etc/systemd/system
+        - name: host-lib-sysctl
+          mountPath: /mnt/host/lib/sysctl.d
+        - name: host-opt-lib-sysctl
+          mountPath: /mnt/host/opt/lib/sysctl.d
+        - name: host-usr-bin
+          mountPath: /mnt/host/usr/bin
+        - name: host-opt-bin
+          mountPath: /mnt/host/opt/bin
+        - name: host-usr-local-bin
+          mountPath: /mnt/host/usr/local/bin
+        - name: host-opt-local-bin
+          mountPath: /mnt/host/opt/local/bin
+        - name: host-usr-lib-mod-load
+          mountPath: /mnt/host/usr/lib/modules-load.d
+        - name: host-opt-lib-mod-load
+          mountPath: /mnt/host/opt/lib/modules-load.d
+        - name: host-run
+          mountPath: /mnt/host/run
+        - name: host-var-lib
+          mountPath: /mnt/host/var/lib
+      volumes:
+        - name: host-etc
+          hostPath:
+            path: /etc
+        - name: host-osrelease
+          hostPath:
+            path: /etc/os-release
+        - name: host-dbus
+          hostPath:
+            path: /var/run/dbus
+        - name: host-run-systemd
+          hostPath:
+            path: /run/systemd
+        - name: host-lib-systemd
+          hostPath:
+            path: /lib/systemd/system
+        - name: host-etc-systemd
+          hostPath:
+            path: /etc/systemd/system
+        - name: host-lib-sysctl
+          hostPath:
+            path: /lib/sysctl.d
+        - name: host-opt-lib-sysctl
+          hostPath:
+            path: /opt/lib/sysctl.d
+        - name: host-usr-bin
+          hostPath:
+            path: /usr/bin/
+        - name: host-opt-bin
+          hostPath:
+            path: /opt/bin/
+        - name: host-usr-local-bin
+          hostPath:
+            path: /usr/local/bin/
+        - name: host-opt-local-bin
+          hostPath:
+            path: /opt/local/bin/
+        - name: host-usr-lib-mod-load
+          hostPath:
+            path: /usr/lib/modules-load.d
+        - name: host-opt-lib-mod-load
+          hostPath:
+            path: /opt/lib/modules-load.d
+        - name: host-run
+          hostPath:
+            path: /run
+        - name: host-var-lib
+          hostPath:
+            path: /var/lib
+  updateStrategy:
+    rollingUpdate:
+      maxUnavailable: 1
+    type: RollingUpdate

charts/sysbox/templates/roles.yaml

@@ -0,0 +1,24 @@
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: sysbox-node-labeler
+rules:
+  - apiGroups: [""]
+    resources: ["nodes"]
+    verbs: ["get", "patch"]
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs: ["get", "list", "delete", "watch"]
+---
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: sysbox-label-node-rb
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: sysbox-node-labeler
+subjects:
+  - kind: ServiceAccount
+    name: sysbox-label-node
+    namespace: kube-system

charts/sysbox/templates/runtime.yaml

@@ -0,0 +1,8 @@
+apiVersion: node.k8s.io/v1
+kind: RuntimeClass
+metadata:
+  name: sysbox-runc
+handler: sysbox-runc
+scheduling:
+  nodeSelector:
+    sysbox-runtime: running

charts/sysbox/templates/service_account.yaml

@@ -0,0 +1,5 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: sysbox-label-node
+  namespace: kube-system

charts/sysbox/values.yaml

@@ -0,0 +1,10 @@
+image:
+  repository: registry.nestybox.com/nestybox/sysbox-deploy-k8s
+  tag: "v0.6.7-0"
+  pullPolicy: Always
+
+httpRoute:
+  enabled: false
+
+ingress:
+  enabled: false