From 83baf338e87d96172903ec906469cf0f3e1d0782 Mon Sep 17 00:00:00 2001 From: SzymonSAP Date: Wed, 18 Jun 2025 18:00:43 +0200 Subject: [PATCH 1/6] Addopt helm charts for remote use case --- .github/workflows/publish-chart.yml | 7 ++++++- dist/chart/templates/manager/manager.yaml | 19 +++++++++++++++++-- dist/chart/values.yaml | 1 + 3 files changed, 24 insertions(+), 3 deletions(-) diff --git a/.github/workflows/publish-chart.yml b/.github/workflows/publish-chart.yml index 61c429ca..e9339c08 100644 --- a/.github/workflows/publish-chart.yml +++ b/.github/workflows/publish-chart.yml @@ -55,6 +55,10 @@ jobs: fi echo "version=$CHART_VERSION" >> $GITHUB_OUTPUT + - name: Package Helm chart with crds folder in template + run: | + helm package dist/chart --version ${{ steps.chart_version.outputs.version }}-crds + - name: Install Kustomize run: | curl -s "https://raw.githubusercontent.com/kubernetes-sigs/kustomize/master/hack/install_kustomize.sh" | bash @@ -66,7 +70,7 @@ jobs: kustomize build config/default | yq ea 'select(.kind == "CustomResourceDefinition")' > dist/chart/crds/crds.yaml rm -rf dist/chart/templates/crd - - name: Package Helm chart + - name: Package Helm chart with removed crds folder from template folder run: | helm package dist/chart --version ${{ steps.chart_version.outputs.version }} @@ -77,3 +81,4 @@ jobs: - name: Push Helm chart to GHCR run: | helm push boot-operator-${{ steps.chart_version.outputs.version }}.tgz oci://ghcr.io/${{ github.repository_owner }}/charts + helm push boot-operator-${{ steps.chart_version.outputs.version }}-crds.tgz oci://ghcr.io/${{ github.repository_owner }}/charts diff --git a/dist/chart/templates/manager/manager.yaml b/dist/chart/templates/manager/manager.yaml index e0ea1d6f..0750d3df 100644 --- a/dist/chart/templates/manager/manager.yaml +++ b/dist/chart/templates/manager/manager.yaml @@ -1,3 +1,4 @@ +{{- if .Values.controllerManager.enable }} apiVersion: apps/v1 kind: Deployment metadata: @@ -51,28 +52,42 @@ spec: {{- toYaml .Values.controllerManager.manager.resources | nindent 12 }} securityContext: {{- toYaml .Values.controllerManager.manager.containerSecurityContext | nindent 12 }} - {{- if and .Values.certmanager.enable (or .Values.webhook.enable .Values.metrics.enable) }} + {{- if or (and .Values.certmanager.enable (or .Values.webhook.enable .Values.metrics.enable)) + .Values.controllerManager.manager.volumes }} volumeMounts: {{- if and .Values.metrics.enable .Values.certmanager.enable }} - name: metrics-certs mountPath: /tmp/k8s-metrics-server/metrics-certs readOnly: true {{- end }} + {{- range $volume := .Values.controllerManager.manager.volumes }} + - name: {{ $volume.name }} + mountPath: {{ $volume.mountPath }} + {{- if $volume.readOnly }} + readOnly: true + {{- end }} + {{- end }} {{- end }} securityContext: {{- toYaml .Values.controllerManager.podSecurityContext | nindent 8 }} serviceAccountName: {{ .Values.controllerManager.serviceAccountName }} hostNetwork: {{ .Values.controllerManager.hostNetwork }} terminationGracePeriodSeconds: {{ .Values.controllerManager.terminationGracePeriodSeconds }} - {{- if and .Values.certmanager.enable (or .Values.webhook.enable .Values.metrics.enable) }} + {{- if or (and .Values.certmanager.enable (or .Values.webhook.enable .Values.metrics.enable)) + .Values.controllerManager.manager.volumes }} volumes: {{- if and .Values.metrics.enable .Values.certmanager.enable }} - name: metrics-certs secret: secretName: metrics-server-cert {{- end }} + {{- range $volume := .Values.controllerManager.manager.volumes }} + - name: {{ $volume.name }} + {{- toYaml $volume.source | nindent 8 }} + {{- end }} {{- end }} {{- if .Values.controllerManager.tolerations }} tolerations: {{- toYaml .Values.controllerManager.tolerations | nindent 8 }} {{- end }} +{{- end }} diff --git a/dist/chart/values.yaml b/dist/chart/values.yaml index d354602b..7f871119 100644 --- a/dist/chart/values.yaml +++ b/dist/chart/values.yaml @@ -1,5 +1,6 @@ # [MANAGER]: Manager Deployment Configurations controllerManager: + enable: true replicas: 1 manager: image: From 0b3d6854845044d12e0c7b5620020ffc98d2472d Mon Sep 17 00:00:00 2001 From: SzymonSAP Date: Thu, 19 Jun 2025 09:37:39 +0200 Subject: [PATCH 2/6] Fix make helm --- Makefile | 2 +- .../boot.ironcore.dev_httpbootconfigs.yaml | 2 +- .../boot.ironcore.dev_ipxebootconfigs.yaml | 2 +- .../templates/rbac/metrics_auth_role.yaml | 21 +++++++++++++++++++ .../rbac/metrics_auth_role_binding.yaml | 16 ++++++++++++++ .../templates/rbac/metrics_reader_role.yaml | 13 ++++++++++++ 6 files changed, 53 insertions(+), 3 deletions(-) create mode 100755 dist/chart/templates/rbac/metrics_auth_role.yaml create mode 100755 dist/chart/templates/rbac/metrics_auth_role_binding.yaml create mode 100755 dist/chart/templates/rbac/metrics_reader_role.yaml diff --git a/Makefile b/Makefile index d25be786..9eb48004 100644 --- a/Makefile +++ b/Makefile @@ -191,7 +191,7 @@ GOLANGCI_LINT = $(LOCALBIN)/golangci-lint ADDLICENSE ?= $(LOCALBIN)/addlicense GOIMPORTS ?= $(LOCALBIN)/goimports GEN_CRD_API_REFERENCE_DOCS ?= $(LOCALBIN)/gen-crd-api-reference-docs -KUBEBUILDER ?= $(LOCALBIN)/kubebuilder-$(KUBEBUILDER_VERSION) +KUBEBUILDER ?= $(LOCALBIN)/kubebuilder ## Tool Versions KUSTOMIZE_VERSION ?= v5.5.0 diff --git a/dist/chart/templates/crd/boot.ironcore.dev_httpbootconfigs.yaml b/dist/chart/templates/crd/boot.ironcore.dev_httpbootconfigs.yaml index 31bdbbbc..68472673 100755 --- a/dist/chart/templates/crd/boot.ironcore.dev_httpbootconfigs.yaml +++ b/dist/chart/templates/crd/boot.ironcore.dev_httpbootconfigs.yaml @@ -9,7 +9,7 @@ metadata: {{- if .Values.crd.keep }} "helm.sh/resource-policy": keep {{- end }} - controller-gen.kubebuilder.io/version: v0.16.0 + controller-gen.kubebuilder.io/version: v0.17.1 name: httpbootconfigs.boot.ironcore.dev spec: group: boot.ironcore.dev diff --git a/dist/chart/templates/crd/boot.ironcore.dev_ipxebootconfigs.yaml b/dist/chart/templates/crd/boot.ironcore.dev_ipxebootconfigs.yaml index 7056daa3..f6721eec 100755 --- a/dist/chart/templates/crd/boot.ironcore.dev_ipxebootconfigs.yaml +++ b/dist/chart/templates/crd/boot.ironcore.dev_ipxebootconfigs.yaml @@ -9,7 +9,7 @@ metadata: {{- if .Values.crd.keep }} "helm.sh/resource-policy": keep {{- end }} - controller-gen.kubebuilder.io/version: v0.16.0 + controller-gen.kubebuilder.io/version: v0.17.1 name: ipxebootconfigs.boot.ironcore.dev spec: group: boot.ironcore.dev diff --git a/dist/chart/templates/rbac/metrics_auth_role.yaml b/dist/chart/templates/rbac/metrics_auth_role.yaml new file mode 100755 index 00000000..8909f10d --- /dev/null +++ b/dist/chart/templates/rbac/metrics_auth_role.yaml @@ -0,0 +1,21 @@ +{{- if and .Values.rbac.enable .Values.metrics.enable }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + {{- include "chart.labels" . | nindent 4 }} + name: boot-operator-metrics-auth-role +rules: +- apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create +- apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create +{{- end -}} diff --git a/dist/chart/templates/rbac/metrics_auth_role_binding.yaml b/dist/chart/templates/rbac/metrics_auth_role_binding.yaml new file mode 100755 index 00000000..b2cb97f0 --- /dev/null +++ b/dist/chart/templates/rbac/metrics_auth_role_binding.yaml @@ -0,0 +1,16 @@ +{{- if and .Values.rbac.enable .Values.metrics.enable }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + {{- include "chart.labels" . | nindent 4 }} + name: boot-operator-metrics-auth-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: boot-operator-metrics-auth-role +subjects: +- kind: ServiceAccount + name: {{ .Values.controllerManager.serviceAccountName }} + namespace: {{ .Release.Namespace }} +{{- end -}} diff --git a/dist/chart/templates/rbac/metrics_reader_role.yaml b/dist/chart/templates/rbac/metrics_reader_role.yaml new file mode 100755 index 00000000..e0a52c71 --- /dev/null +++ b/dist/chart/templates/rbac/metrics_reader_role.yaml @@ -0,0 +1,13 @@ +{{- if and .Values.rbac.enable .Values.metrics.enable }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + {{- include "chart.labels" . | nindent 4 }} + name: boot-operator-metrics-reader +rules: +- nonResourceURLs: + - "/metrics" + verbs: + - get +{{- end -}} From 729b1feb13dfa6f2bd5e2c45cb867b843e87fae0 Mon Sep 17 00:00:00 2001 From: SzymonSAP Date: Thu, 19 Jun 2025 09:42:20 +0200 Subject: [PATCH 3/6] Add check codegen workflow --- .github/workflows/check-codegen.yml | 30 +++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) create mode 100644 .github/workflows/check-codegen.yml diff --git a/.github/workflows/check-codegen.yml b/.github/workflows/check-codegen.yml new file mode 100644 index 00000000..e9699f64 --- /dev/null +++ b/.github/workflows/check-codegen.yml @@ -0,0 +1,30 @@ +name: Check Codegen + +on: + pull_request: + paths-ignore: + - 'docs/**' + - '**/*.md' + +jobs: + check-codegen: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - uses: actions/setup-go@v5 + with: + go-version-file: 'go.mod' + - name: Run make generate + run: make generate + - name: Run make docs + run: make docs + - name: Run make helm + run: make helm + - name: Compare the expected and actual generated/* directories + run: | + if [ "$(git diff | wc -l)" -gt "0" ]; then + echo "Detected uncommitted changes after build. Consider running 'make generate && make docs && make helm'." + echo "See status below:" + git diff + exit 1 + fi From d2b869069f757f31c537ff1ead184dc6e40c0f1a Mon Sep 17 00:00:00 2001 From: SzymonSAP Date: Thu, 19 Jun 2025 15:13:24 +0200 Subject: [PATCH 4/6] Fix indentation --- dist/chart/templates/manager/manager.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/dist/chart/templates/manager/manager.yaml b/dist/chart/templates/manager/manager.yaml index 0750d3df..d7763acb 100644 --- a/dist/chart/templates/manager/manager.yaml +++ b/dist/chart/templates/manager/manager.yaml @@ -8,7 +8,7 @@ metadata: {{- include "chart.labels" . | nindent 4 }} control-plane: controller-manager spec: - replicas: {{ .Values.controllerManager.replicas }} + replicas: {{ .Values.controllerManager.replicas }} strategy: type: {{ .Values.controllerManager.strategy.type | quote }} selector: @@ -83,7 +83,7 @@ spec: {{- end }} {{- range $volume := .Values.controllerManager.manager.volumes }} - name: {{ $volume.name }} - {{- toYaml $volume.source | nindent 8 }} + {{- toYaml $volume.source | nindent 10 }} {{- end }} {{- end }} {{- if .Values.controllerManager.tolerations }} From a7261eef503f6076842c5cf928439ff9b23eaaaa Mon Sep 17 00:00:00 2001 From: SzymonSAP Date: Thu, 19 Jun 2025 15:25:21 +0200 Subject: [PATCH 5/6] Add ports to manager --- dist/chart/templates/manager/manager.yaml | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/dist/chart/templates/manager/manager.yaml b/dist/chart/templates/manager/manager.yaml index d7763acb..81b03bec 100644 --- a/dist/chart/templates/manager/manager.yaml +++ b/dist/chart/templates/manager/manager.yaml @@ -44,6 +44,14 @@ spec: value: {{ $value }} {{- end }} {{- end }} + {{- if .Values.controllerManager.manager.ports }} + ports: + {{- range $port := .Values.controllerManager.manager.ports }} + - name: {{ $port.name }} + containerPort: {{ $port.containerPort }} + protocol: {{ $port.protocol | default "TCP" }} + {{- end }} + {{- end }} livenessProbe: {{- toYaml .Values.controllerManager.manager.livenessProbe | nindent 12 }} readinessProbe: From 5b0f8559a6efd6b82103cec0adbcc76912a3a33b Mon Sep 17 00:00:00 2001 From: SzymonSAP Date: Thu, 19 Jun 2025 15:33:49 +0200 Subject: [PATCH 6/6] Quote env vars --- dist/chart/templates/manager/manager.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dist/chart/templates/manager/manager.yaml b/dist/chart/templates/manager/manager.yaml index 81b03bec..5008e85c 100644 --- a/dist/chart/templates/manager/manager.yaml +++ b/dist/chart/templates/manager/manager.yaml @@ -41,7 +41,7 @@ spec: env: {{- range $key, $value := .Values.controllerManager.manager.env }} - name: {{ $key }} - value: {{ $value }} + value: {{ $value | quote }} {{- end }} {{- end }} {{- if .Values.controllerManager.manager.ports }}