Helm Charts

[didierofrivia]

This PR introduces a way to manage a DNS Operator Helm Chart. This is not meant to replace the way we are building and delivering our manifests (Kustomize, OLM) but to provide an alternative (complementary) way of delivering the operator.

This early implementation uses Kustomize to create the chart template, instead of creating and maintaining new ones with Helm, to later customize the Helm only settings with its values.yaml

NOTES

• This chart (and every other operator chart we package in the future: Limitador, Authorino, etc) bundles only the operator in the same fashion OLM does.
• The operator version matches the chart version
• This first release doesn't use helm templating, it provides only the manifests previously built by Kustomize.
• The sole repository for all our operator charts will be hosted in Kuadrant/helm-charts.
• The "source of truth" (source code and releasing logic) will be provided in each operator repo, not in the helm charts repository above.
• The helm charts repository is Kuadrant/helm-charts
• Documentation will be provided once the repository and other operator charts are tested.
• The steps to try out the repository will be provided in the kuadrant helm charts repo.
• For the release of the package, it will be tested once merged with alpha pre releases.
• This particular chart has as dependencies the DNS, Limitador and Authorino as helm chart dependencies, so those need to be release first in order to work.
• Dependencies are installed in their default namespaces, maybe we could extend this with values.yaml
• Another way of packing the chart would be without managing the dependencies and install them in the same fashion of cert-manager

TODO

• Limitador Operator Chart - Hello helm limitador-operator#137
• Authorino Operator Chart - Helm charts authorino-operator#184
• DNS Operator Chart - Helm charts dns-operator#179
• Release alpha versions of each to populate the Repo (https://github.com/Kuadrant/helm-charts)
• After Merge: Release alpha version of kuadrant-operator

Verification Steps

0. Install helm locally

make helm

1. Create a local kind cluster

kind create cluster --name kuadrant-local

2. Install required dependency cert-manager

kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.12.1/cert-manager.crds.yaml

# Add the Jetstack Helm repository
bin/helm repo add jetstack https://charts.jetstack.io --force-update

# Install the cert-manager helm chart
bin/helm install cert-manager --namespace cert-manager --version v1.12.1 jetstack/cert-manager --create-namespace

You should see it installed:

kubectl get deployments -n cert-manager
NAME                      READY   UP-TO-DATE   AVAILABLE   AGE
cert-manager              1/1     1            1           7m32s
cert-manager-cainjector   1/1     1            1           7m32s
cert-manager-webhook      1/1     1            1           7m32s

Since this chart has dependencies (authorino-operator, limitador-operator and dns-operator) that in the main branch are pointing to non existing chart versions, we need to build a version of the kuadrant-operator chart with already built and deployed dependency versions. Steps 4 and 5 won't be needed when installing the released chart

3. Subscribe to Kuadrant Helm Charts repo

bin/helm repo add kuadrant https://kuadrant.io/helm-charts --force-update

4. Build kuadrant operator chart

make helm-build \
    VERSION=0.9.0-alpha1 IMAGE_TAG=v0.9.0-alpha1 \
    AUTHORINO_OPERATOR_VERSION=0.12.0-alpha1 \
    LIMITADOR_OPERATOR_VERSION=0.10.0-alpha3 \
    DNS_OPERATOR_VERSION=0.4.0-alpha1 \
    WASM_SHIM_VERSION=0.4.0

5. Fetch the dependencies listed in the chart

make helm-dependency-build

6. Deploy (install) the built Kuadrant operator chart in step 4 (0.9.0-alpha1)

make helm-install

OR

bin/helm install kuadrant-operator charts/kuadrant-operator

7. Verify the installed operator image:
   To verify, we will check deployments and CRDs from dependencies that should be installed.

kubectl get deployments -A
NAMESPACE                   NAME                                    READY   UP-TO-DATE   AVAILABLE   AGE
authorino-operator          authorino-operator                      1/1     1            1           6m50s
authorino-operator          authorino-webhooks                      1/1     1            1           6m50s
cert-manager                cert-manager                            1/1     1            1           6h9m
cert-manager                cert-manager-cainjector                 1/1     1            1           6h9m
cert-manager                cert-manager-webhook                    1/1     1            1           6h9m
dns-operator-system         dns-operator-controller-manager         1/1     1            1           6m50s
kuadrant-system             kuadrant-operator-controller-manager    0/1     1            0           6m50s
kube-system                 coredns                                 2/2     2            2           6h13m
limitador-operator-system   limitador-operator-controller-manager   1/1     1            1           6m50s
local-path-storage          local-path-provisioner                  1/1     1            1           6h13m

Note: The kuadrant-operator-controller-manager is not ready because the image is not built (ImagePullBackOff).

kubectl get crds
NAME                                        CREATED AT
authconfigs.authorino.kuadrant.io           2024-07-24T18:22:15Z
authorinos.operator.authorino.kuadrant.io   2024-07-24T18:22:15Z
authpolicies.kuadrant.io                    2024-07-24T18:22:15Z
certificaterequests.cert-manager.io         2024-07-24T12:18:52Z
certificates.cert-manager.io                2024-07-24T12:18:52Z
challenges.acme.cert-manager.io             2024-07-24T12:18:52Z
clusterissuers.cert-manager.io              2024-07-24T12:18:52Z
dnspolicies.kuadrant.io                     2024-07-24T18:22:15Z
dnsrecords.kuadrant.io                      2024-07-24T18:22:15Z
issuers.cert-manager.io                     2024-07-24T12:18:53Z
kuadrants.kuadrant.io                       2024-07-24T18:22:15Z
limitadors.limitador.kuadrant.io            2024-07-24T18:22:15Z
managedzones.kuadrant.io                    2024-07-24T18:22:15Z
orders.acme.cert-manager.io                 2024-07-24T12:18:53Z
ratelimitpolicies.kuadrant.io               2024-07-24T18:22:15Z
tlspolicies.kuadrant.io                     2024-07-24T18:22:15Z

8. For uninstalling the chart, run:

make helm-uninstall

This will uninstall the kuadrant operator and listed dependencies in Chart.yaml only.

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 81.84%. Comparing base (ece13e8) to head (5d78dfc).
Report is 149 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff             @@
##             main     #728      +/-   ##
==========================================
+ Coverage   80.20%   81.84%   +1.63%     
==========================================
  Files          64       77      +13     
  Lines        4492     6206    +1714     
==========================================
+ Hits         3603     5079    +1476     
- Misses        600      768     +168     
- Partials      289      359      +70     

Flag	Coverage Δ
bare-k8s-integration	4.41% <ø> (?)
controllers-integration	71.59% <ø> (?)
gatewayapi-integration	10.99% <ø> (?)
integration	?
istio-integration	55.32% <ø> (?)
unit	31.69% <ø> (+1.65%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

Components	Coverage Δ
api/v1beta1 (u)	71.42% <ø> (ø)
api/v1beta2 (u)	85.35% <88.31%> (-6.08%)	⬇️
pkg/common (u)	88.13% <ø> (-0.70%)	⬇️
pkg/istio (u)	72.50% <ø> (-1.41%)	⬇️
pkg/log (u)	94.73% <ø> (ø)
pkg/reconcilers (u)	∅ <ø> (∅)
pkg/rlptools (u)	83.64% <ø> (+4.19%)	⬆️
controllers (i)	82.39% <84.10%> (+5.59%)	⬆️

see 45 files with indirect coverage changes

[ehearneRedHat]

@didierofrivia when I run make helm-dependency-build I get met with this error make: *** No rule to make target 'helm-dependency-build'. Stop. .

I didn't see a target helm-dependency-build in the Makefile nor the make/helm.mk . Is this a target meant to be added ?

[didierofrivia]

@ehearneRedHat oops, you're right, forgot to push latest changes :S

[didierofrivia]

@ehearneRedHat Give it another try, I've updated the description too.

[ehearneRedHat]

Thanks @didierofrivia ! Will do .

[ehearneRedHat]

Verification steps ran successfully.

The critique on the kuadrant-operator folder isn't too major for me, but something I'm more so curious about. It could lead to an inception of kuadrant-operator 's ! 😸

LGTM but would still like to know about the workflow files before giving 👍 .

[ehearneRedHat]

LGTM now that I understand /kuadrant-operator and workflows, and why it can't be verified until merge for deploying release.