feat: Extract CAAPH values templates to files (#896)

This simplifies the Helm templating directives by not requiring
inception-style escaping of templating braces, e.g. `{{ "{{" }}``
which are very hard to read and can introduce bugs.

This PR also removes the duplicate helm values files currently being
used
to generate the CRS configmaps, and instead references the helm values
that are in the charts directory, which ends up with a reduction in LOC
in
the project to maintain.

I feel this is a simpler way to achieve the same goals as #819 but
without
duplicating files and keeping all chart source files in the charts
directory.

Blocked by #895.

Author: jimmidyson

.pre-commit-config.yaml

@@ -70,7 +70,7 @@ repos:
   - id: check-yaml
     args: ["-m", "--unsafe"]
     stages: [commit]
-    exclude: ^charts/.+/templates/
+    exclude: ^charts/.+/(templates|addons)/.+\.ya?ml$
   - id: mixed-line-ending
     args: ["-f", "lf"]
     exclude: \.bat$
@@ -140,7 +140,7 @@ repos:
     name: License headers - YAML and Makefiles
     stages: [commit]
     files: (^Makefile|\.(ya?ml|mk))$
-    exclude: ^(internal/test|pkg/handlers/.+/embedded|examples|charts/cluster-api-runtime-extensions-nutanix/defaultclusterclasses)/.+\.ya?ml|docs/static/helm/index\.yaml|charts/cluster-api-runtime-extensions-nutanix/templates/helm-config.yaml$
+    exclude: ^(internal/test|pkg/handlers/.+/embedded|examples|charts/cluster-api-runtime-extensions-nutanix/(defaultclusterclasses|addons))/.+\.ya?ml|docs/static/helm/index\.yaml|charts/cluster-api-runtime-extensions-nutanix/templates/helm-config.yaml$
     args:
       - --license-filepath
       - hack/license-header.txt

charts/cluster-api-runtime-extensions-nutanix/addons/ccm/aws/image-selection.yaml

@@ -0,0 +1,4 @@
+{{ $clusterSemver := semver .Cluster.spec.topology.version }}
+{{ $ccmVersion := get $k8sMinorVersionToCCMVersion ( print $clusterSemver.Major "." $clusterSemver.Minor ) }}
+image:
+  tag: "{{ $ccmVersion }}"

charts/cluster-api-runtime-extensions-nutanix/addons/ccm/aws/map-template.yaml

@@ -0,0 +1,4 @@
+$k8sMinorVersionToCCMVersion := dict
+{{ range $k8sVersion, $ccmVersion := .Values.hooks.ccm.aws.k8sMinorVersionToCCMVersion -}}
+  "{{ $k8sVersion }}" "{{ $ccmVersion }}"
+{{ end -}}

hack/addons/kustomize/aws-ccm/helm-values.yaml renamed to charts/cluster-api-runtime-extensions-nutanix/addons/ccm/aws/values-template.yaml

@@ -1,7 +1,3 @@
-# Copyright 2024 Nutanix. All rights reserved.
-# SPDX-License-Identifier: Apache-2.0
-
----
 # Starting in Kubernetes v1.29 the Kubelet no longer adds temporary addresses to the Node.
 # See https://github.com/kubernetes/kubernetes/pull/121028
 # This causes a deadlock with the AWS CCM and some CNI providers including Calico.
@@ -17,8 +13,8 @@ args:
   - --configure-cloud-routes=false
 
 tolerations:
-- key: node.cloudprovider.kubernetes.io/uninitialized
-  value: "true"
-  effect: NoSchedule
-- key: node-role.kubernetes.io/control-plane
-  effect: NoSchedule
+  - key: node.cloudprovider.kubernetes.io/uninitialized
+    value: "true"
+    effect: NoSchedule
+  - key: node-role.kubernetes.io/control-plane
+    effect: NoSchedule

charts/cluster-api-runtime-extensions-nutanix/addons/ccm/nutanix/values-template.yaml

@@ -0,0 +1,13 @@
+prismCentralEndPoint: {{ .PrismCentralHost }}
+prismCentralPort: {{ .PrismCentralPort }}
+prismCentralInsecure: {{ .PrismCentralInsecure }}
+{{- with .PrismCentralAdditionalTrustBundle }}
+prismCentralAdditionalTrustBundle: "{{ . }}"
+{{- end }}
+{{- with .ControlPlaneEndpointHost }}
+ignoredNodeIPs: [ {{ printf "%q" . }} ]
+ {{- end }}
+
+# The Secret containing the credentials will be created by the handler.
+createSecret: false
+secretName: nutanix-ccm-credentials

hack/addons/kustomize/cluster-autoscaler/helm-values.yaml renamed to charts/cluster-api-runtime-extensions-nutanix/addons/cluster-autoscaler/values-template.yaml

@@ -1,11 +1,4 @@
-# Copyright 2023 Nutanix. All rights reserved.
-# SPDX-License-Identifier: Apache-2.0
-
----
-# This is a hack, but because a single cluster-autoscaler deployment can only monitor a single Kubernetes cluster
-# we expect 'tmpl-clustername-tmpl' and 'tmpl-clusternamespace-tmpl'
-# to be replaced with the Cluster's name and namespace.
-fullnameOverride: cluster-autoscaler-tmpl-clusteruuid-tmpl
+fullnameOverride: "cluster-autoscaler-{{ index .Cluster.Annotations "caren.nutanix.com/cluster-uuid" }}"
 
 cloudProvider: clusterapi
 
@@ -20,18 +13,18 @@ tolerations:
 
 # Limit a single cluster-autoscaler Deployment to a single Cluster.
 autoDiscovery:
-  clusterName: tmpl-clustername-tmpl
+  clusterName: "{{ .Cluster.Name }}"
   # The controller failed with an RBAC error trying to watch CAPI objects at the cluster scope without this.
   labels:
-    - namespace: tmpl-clusternamespace-tmpl
+    - namespace: "{{ .Cluster.Namespace }}"
 
 # For workload clusters it is not possible to use the in-cluster client.
 # To simplify the configuration, use the admin kubeconfig generated by CAPI for all clusters.
 clusterAPIMode: kubeconfig-incluster
 clusterAPIWorkloadKubeconfigPath: /cluster/kubeconfig
 extraVolumeSecrets:
   kubeconfig:
-    name: tmpl-clustername-tmpl-kubeconfig
+    name: "{{ .Cluster.Name }}-kubeconfig"
     mountPath: /cluster
     readOnly: true
     items:

charts/cluster-api-runtime-extensions-nutanix/addons/cni/calico/aws/values-template.yaml

@@ -0,0 +1,13 @@
+installation:
+  cni:
+    type: Calico
+  calicoNetwork:
+    bgp: Enabled
+    ipPools: {{ range $cidr := .Cluster.spec.clusterNetwork.pods.cidrBlocks }}
+    - cidr: "{{ $cidr }}"
+      encapsulation: None
+      natOutgoing: Enabled
+      nodeSelector: all(){{ end }}
+  nodeMetricsPort: 9091
+  typhaMetricsPort: 9093
+  registry: quay.io/

charts/cluster-api-runtime-extensions-nutanix/addons/cni/calico/docker/values-template.yaml

@@ -0,0 +1,12 @@
+installation:
+  cni:
+    type: Calico
+  calicoNetwork:
+    ipPools:{{ range $cidr := .Cluster.spec.clusterNetwork.pods.cidrBlocks }}
+    - cidr: "{{ $cidr }}"
+      encapsulation: None
+      natOutgoing: Enabled
+      nodeSelector: all(){{ end }}
+  nodeMetricsPort: 9091
+  typhaMetricsPort: 9093
+  registry: quay.io/

charts/cluster-api-runtime-extensions-nutanix/addons/cni/calico/nutanix/values-template.yaml

@@ -0,0 +1,13 @@
+installation:
+  cni:
+    type: Calico
+  calicoNetwork:
+    bgp: Enabled
+    ipPools:{{ range $cidr := .Cluster.spec.clusterNetwork.pods.cidrBlocks }}
+    - cidr: "{{ $cidr }}"
+      encapsulation: None
+      natOutgoing: Enabled
+      nodeSelector: all(){{ end }}
+  nodeMetricsPort: 9091
+  typhaMetricsPort: 9093
+  registry: quay.io/

charts/cluster-api-runtime-extensions-nutanix/addons/cni/cilium/values-template.yaml

@@ -0,0 +1,27 @@
+cni:
+  chainingMode: portmap
+  exclusive: false
+hubble:
+  enabled: true
+  tls:
+    auto:
+      enabled: true               # enable automatic TLS certificate generation
+      method: cronJob             # auto generate certificates using cronJob method
+      certValidityDuration: 60    # certificates validity duration in days (default 2 months)
+      schedule: "0 0 1 * *"       # schedule on the 1st day regeneration of each month
+  relay:
+    enabled: true
+    image:
+      useDigest: false
+ipam:
+  mode: kubernetes
+image:
+  useDigest: false
+operator:
+  image:
+    useDigest: false
+certgen:
+  image:
+    useDigest: false
+socketLB:
+  hostNamespaceOnly: true