Merge pull request #212 from james-milligan/helm-ns

fix: added namespace configuration for helm install using -n

Author: james-milligan

.github/workflows/release-please.yml

@@ -115,7 +115,7 @@ jobs:
             make update-flagd
             go mod tidy
             make controller-gen
-            make helm-package
+            IMG=ghcr.io/open-feature/open-feature-operator:${{ needs.release-please.outputs.release_tag_name }} make helm-package
             IMG=ghcr.io/open-feature/open-feature-operator:${{ needs.release-please.outputs.release_tag_name }} make release-manifests
 
         - uses: anchore/sbom-action@v0

Makefile

@@ -1,9 +1,12 @@
 
 # Image URL to use all building/pushing image targets
 IMG ?= controller:latest
+# customize overlay to be used in the build, DEFAULT or HELM
+KUSTOMIZE_OVERLAY ?= DEFAULT
 # ENVTEST_K8S_VERSION refers to the version of kubebuilder assets to be downloaded by envtest binary.
 FLAGD_VERSION=v0.2.5
 CHART_VERSION=v0.2.16# x-release-please-version
+CHART_VERSION=v0.2.16# x-release-please-version
 ENVTEST_K8S_VERSION = 1.23
 
 # Get the currently used golang install path (in GOPATH/bin, unless GOBIN is set)
@@ -105,7 +108,14 @@ uninstall: manifests kustomize ## Uninstall CRDs from the K8s cluster specified
 release-manifests: manifests kustomize
 	cd config/manager && $(KUSTOMIZE) edit set image controller=${IMG}
 	mkdir -p config/rendered/
-	$(KUSTOMIZE) build config/default > config/rendered/release.yaml
+	@if [ ${KUSTOMIZE_OVERLAY} = DEFAULT ]; then\
+		echo building default overlay;\
+        $(KUSTOMIZE) build config/default > config/rendered/release.yaml;\
+    fi
+	@if [ ${KUSTOMIZE_OVERLAY} = HELM ]; then\
+		echo building helm overlay;\
+        $(KUSTOMIZE) build config/overlays/helm > chart/templates/rendered.yaml;\
+    fi
 
 .PHONY: deploy
 deploy: generate manifests kustomize ## Deploy controller to the K8s cluster specified in ~/.kube/config.
@@ -166,8 +176,11 @@ $(HELM): $(LOCALBIN)
 	[ -e "$(HELM)" ] && rm -rf "$(HELM)" || true
 	cd $(LOCALBIN) && curl -s $(HELM_INSTALLER) | tar -xzf - -C $(LOCALBIN)
 
-helm-package: generate release-manifests helm
-	cp config/rendered/release.yaml chart/templates/rendered.yaml
+.PHONY: set-helm-overlay
+set-helm-overlay:
+	${eval KUSTOMIZE_OVERLAY = HELM}
+
+helm-package: set-helm-overlay generate release-manifests helm
 	$(HELM) package --version $(CHART_VERSION) chart 
 	mkdir -p charts && mv ofo-*.tgz charts
 	$(HELM) repo index --url https://open-feature.github.io/open-feature-operator/charts charts

chart/templates/_helpers.tpl

@@ -0,0 +1,11 @@
+{{/*
+Define the chart.namespace variable. If no namespace is defined via the command line then the default value 
+provided in .Values.defaultNamespace is used
+*/}}
+{{- define "chart.namespace" -}}
+{{- if eq .Release.Namespace "default" -}}
+{{- .Values.defaultNamespace -}}
+{{- else -}}
+{{- .Release.Namespace -}}
+{{- end -}}
+{{- end -}}

chart/templates/namespace.yaml

@@ -0,0 +1,10 @@
+# Only deploy the namespace if the default is being used (helm install should fail if the namespace isnt present)
+# when one is defined with -n
+{{ if eq ( include "chart.namespace" . ) .Values.defaultNamespace }}
+apiVersion: v1
+kind: Namespace
+metadata:
+  labels:
+    control-plane: controller-manager
+  name: '{{ include "chart.namespace" . }}'
+{{ end }}

chart/templates/rendered.yaml

@@ -1,10 +1,3 @@
-apiVersion: v1
-kind: Namespace
-metadata:
-  labels:
-    control-plane: controller-manager
-  name: open-feature-operator-system
----
 apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
@@ -262,13 +255,13 @@ apiVersion: v1
 kind: ServiceAccount
 metadata:
   name: open-feature-operator-controller-manager
-  namespace: open-feature-operator-system
+  namespace: '{{ include "chart.namespace" . }}'
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
   name: open-feature-operator-leader-election-role
-  namespace: open-feature-operator-system
+  namespace: '{{ include "chart.namespace" . }}'
 rules:
 - apiGroups:
   - ""
@@ -419,15 +412,15 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
   name: open-feature-operator-leader-election-rolebinding
-  namespace: open-feature-operator-system
+  namespace: '{{ include "chart.namespace" . }}'
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: Role
   name: open-feature-operator-leader-election-role
 subjects:
 - kind: ServiceAccount
   name: open-feature-operator-controller-manager
-  namespace: open-feature-operator-system
+  namespace: '{{ include "chart.namespace" . }}'
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
@@ -441,7 +434,7 @@ subjects:
 - apiGroup: ""
   kind: ServiceAccount
   name: open-feature-operator-controller-manager
-  namespace: system
+  namespace: '{{ include "chart.namespace" . }}'
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
@@ -454,7 +447,7 @@ roleRef:
 subjects:
 - kind: ServiceAccount
   name: open-feature-operator-controller-manager
-  namespace: open-feature-operator-system
+  namespace: '{{ include "chart.namespace" . }}'
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
@@ -467,7 +460,7 @@ roleRef:
 subjects:
 - kind: ServiceAccount
   name: open-feature-operator-controller-manager
-  namespace: open-feature-operator-system
+  namespace: '{{ include "chart.namespace" . }}'
 ---
 apiVersion: v1
 data:
@@ -486,15 +479,15 @@ data:
 kind: ConfigMap
 metadata:
   name: open-feature-operator-manager-config
-  namespace: open-feature-operator-system
+  namespace: '{{ include "chart.namespace" . }}'
 ---
 apiVersion: v1
 kind: Service
 metadata:
   labels:
     control-plane: controller-manager
   name: open-feature-operator-controller-manager-metrics-service
-  namespace: open-feature-operator-system
+  namespace: '{{ include "chart.namespace" . }}'
 spec:
   ports:
   - name: https
@@ -510,7 +503,7 @@ metadata:
   annotations:
     cert-manager.io/inject-ca-from: open-feature-operator-system/webhook-cert
   name: open-feature-operator-webhook-service
-  namespace: open-feature-operator-system
+  namespace: '{{ include "chart.namespace" . }}'
 spec:
   ports:
   - port: 443
@@ -525,7 +518,7 @@ metadata:
   labels:
     control-plane: controller-manager
   name: open-feature-operator-controller-manager
-  namespace: open-feature-operator-system
+  namespace: '{{ include "chart.namespace" . }}'
 spec:
   replicas: 1
   selector:
@@ -612,11 +605,11 @@ apiVersion: cert-manager.io/v1
 kind: Certificate
 metadata:
   name: open-feature-operator-serving-cert
-  namespace: open-feature-operator-system
+  namespace: '{{ include "chart.namespace" . }}'
 spec:
   dnsNames:
-  - open-feature-operator-webhook-service.open-feature-operator-system.svc
-  - open-feature-operator-webhook-service.open-feature-operator-system.svc.cluster.local
+  - open-feature-operator-webhook-service.{{ include "chart.namespace" . }}.svc
+  - open-feature-operator-webhook-service.{{ include "chart.namespace" . }}.svc.cluster.local
   issuerRef:
     kind: Issuer
     name: open-feature-operator-selfsigned-issuer
@@ -626,23 +619,23 @@ apiVersion: cert-manager.io/v1
 kind: Issuer
 metadata:
   name: open-feature-operator-selfsigned-issuer
-  namespace: open-feature-operator-system
+  namespace: '{{ include "chart.namespace" . }}'
 spec:
   selfSigned: {}
 ---
 apiVersion: admissionregistration.k8s.io/v1
 kind: MutatingWebhookConfiguration
 metadata:
   annotations:
-    cert-manager.io/inject-ca-from: open-feature-operator-system/open-feature-operator-serving-cert
+    cert-manager.io/inject-ca-from: '{{ include "chart.namespace" . }}/open-feature-operator-serving-cert'
   name: open-feature-operator-mutating-webhook-configuration
 webhooks:
 - admissionReviewVersions:
   - v1
   clientConfig:
     service:
       name: open-feature-operator-webhook-service
-      namespace: open-feature-operator-system
+      namespace: '{{ include "chart.namespace" . }}'
       path: /mutate-v1-pod
   failurePolicy: Ignore
   name: mutate.openfeature.dev
@@ -662,15 +655,15 @@ apiVersion: admissionregistration.k8s.io/v1
 kind: ValidatingWebhookConfiguration
 metadata:
   annotations:
-    cert-manager.io/inject-ca-from: open-feature-operator-system/open-feature-operator-serving-cert
+    cert-manager.io/inject-ca-from: '{{ include "chart.namespace" . }}/open-feature-operator-serving-cert'
   name: open-feature-operator-validating-webhook-configuration
 webhooks:
 - admissionReviewVersions:
   - v1
   clientConfig:
     service:
       name: open-feature-operator-webhook-service
-      namespace: open-feature-operator-system
+      namespace: '{{ include "chart.namespace" . }}'
       path: /validate-v1alpha1-featureflagconfiguration
   failurePolicy: Fail
   name: validate.featureflagconfiguration.openfeature.dev

chart/values.yaml

@@ -1,3 +1,5 @@
+# If this namespace is changed the value must be reflected in /chart/values.yaml
+defaultNamespace: open-feature-operator-system
 controllerManager:
   kubeRbacProxy:
     image:

config/default/kustomization.yaml

@@ -1,4 +1,4 @@
-# Adds namespace to all resources.
+# Adds namespace to all resources. If this namespace is changed the value must be reflected in /chart/values.yaml
 namespace: open-feature-operator-system
 
 # Value of this field is prepended to the

config/overlays/helm/exclude-ns.yaml

@@ -0,0 +1,5 @@
+$patch: delete
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: system

config/overlays/helm/kustomization.yaml

@@ -0,0 +1,15 @@
+# import the default deployment as the base
+bases:
+  - ../../default
+
+# replace the default namespace with {{ include "chart.namespace" . }}
+# .Release.Namespace has not been used so that a custom _helpers.tpl file can maintain the expected behaviour of
+# helm install -n
+namespace: |-
+  {{ include "chart.namespace" . }}
+
+# merge the exclude-ns.yaml with the existing namespace definition, this contains the `$patch: delete` directive allowing 
+# for the helm chart to define the namespace conditionally (only deploys when no namespace is provided and the default 
+# (open-feature-operator-system) is used
+patchesStrategicMerge:
+  - exclude-ns.yaml