Revise charts

Signed-off-by: Tamal Saha <[email protected]>

apis/installer/v1alpha1/cluster_auth_manager_types.go

@@ -53,14 +53,22 @@ type ClusterAuthManagerSpec struct {
 	Tag             string `json:"tag"`
 	ImagePullPolicy string `json:"imagePullPolicy"`
 	// +optional
-	KubeconfigSecretName string      `json:"kubeconfigSecretName"`
-	Kubectl              DockerImage `json:"kubectl"`
+	KubeconfigSecretName string `json:"kubeconfigSecretName"`
+	// +optional
+	AddonManagerNamespace string        `json:"addonManagerNamespace"`
+	Placement             PlacementSpec `json:"placement"`
+	Kubectl               DockerImage   `json:"kubectl"`
 }
 
 type DockerImage struct {
 	Image string `json:"image"`
 }
 
+type PlacementSpec struct {
+	Create bool   `json:"create"`
+	Name   string `json:"name"`
+}
+
 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
 
 // ClusterAuthManagerList is a list of ClusterAuthManagers

charts/cluster-auth-manager/README.md

@@ -45,16 +45,19 @@ The command removes all the Kubernetes components associated with the chart and
 
 The following table lists the configurable parameters of the `cluster-auth-manager` chart and their default values.
 
-|      Parameter       |                             Description                             |                      Default                      |
-|----------------------|---------------------------------------------------------------------|---------------------------------------------------|
-| nameOverride         |                                                                     | <code>""</code>                                   |
-| fullnameOverride     |                                                                     | <code>""</code>                                   |
-| registryFQDN         | Docker registry fqdn used to pull license-proxyserver docker images | <code>ghcr.io</code>                              |
-| image                |                                                                     | <code>ghcr.io/kluster-manager/cluster-auth</code> |
-| tag                  |                                                                     | <code>""</code>                                   |
-| imagePullPolicy      |                                                                     | <code>Always</code>                               |
-| kubeconfigSecretName |                                                                     | <code>""</code>                                   |
-| kubectl.image        |                                                                     | <code>ghcr.io/appscode/kubectl:1.25</code>        |
+|       Parameter       |                             Description                             |                      Default                       |
+|-----------------------|---------------------------------------------------------------------|----------------------------------------------------|
+| nameOverride          |                                                                     | <code>""</code>                                    |
+| fullnameOverride      |                                                                     | <code>""</code>                                    |
+| registryFQDN          | Docker registry fqdn used to pull license-proxyserver docker images | <code>ghcr.io</code>                               |
+| image                 |                                                                     | <code>ghcr.io/kluster-manager/cluster-auth</code>  |
+| tag                   |                                                                     | <code>""</code>                                    |
+| imagePullPolicy       |                                                                     | <code>Always</code>                                |
+| kubeconfigSecretName  |                                                                     | <code>""</code>                                    |
+| addonManagerNamespace |                                                                     | <code>open-cluster-management-cluster-auth</code>  |
+| placement.create      |                                                                     | <code>true</code>                                  |
+| placement.name        |                                                                     | <code>global</code>                                |
+| kubectl.image         |                                                                     | <code>ghcr.io/appscode/kubectl-nonroot:1.25</code> |
 
 
 Specify each parameter using the `--set key=value[,key=value]` argument to `helm upgrade -i`. For example:

charts/cluster-auth-manager/common/addon/clustermanagementaddon.yaml

@@ -11,5 +11,5 @@ spec:
   installStrategy:
     type: Placements
     placements:
-      - name: global
-        namespace: open-cluster-management-cluster-auth
+      - name: {{ .Values.placement.name }}
+        namespace: {{ include "cluster-auth-manager.namespace" . }}

charts/cluster-auth-manager/common/addon/clustersetbinding.yaml

@@ -1,7 +1,11 @@
+{{- if .Values.placement.create }}
+
 apiVersion: cluster.open-cluster-management.io/v1beta2
 kind: ManagedClusterSetBinding
 metadata:
   name: global
-  namespace: open-cluster-management-cluster-auth
+  namespace: {{ include "cluster-auth-manager.namespace" . }}
 spec:
   clusterSet: global
+
+{{- end }}

charts/cluster-auth-manager/common/addon/placement.yaml

@@ -1,8 +1,12 @@
+{{- if .Values.placement.create }}
+
 apiVersion: cluster.open-cluster-management.io/v1beta1
 kind: Placement
 metadata:
-  name: global
-  namespace: open-cluster-management-cluster-auth
+  name: {{ .Values.placement.name }}
+  namespace: {{ include "cluster-auth-manager.namespace" . }}
 spec:
   clusterSets:
-    - global
+    - global
+
+{{- end }}

charts/cluster-auth-manager/common/gateway_cluster_role.yaml

@@ -2,7 +2,7 @@
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
-  name: cluster-gateway-permission
+  name: open-cluster-management:cluster-auth:cluster-gateway
 rules:
   - apiGroups:
       - cluster.core.oam.dev

charts/cluster-auth-manager/common/work-agent/perm.yaml

@@ -1,8 +1,8 @@
 apiVersion: work.open-cluster-management.io/v1alpha1
 kind: ManifestWorkReplicaSet
 metadata:
-  name: clsuter-auth-agent-roles
-  namespace: open-cluster-management-cluster-auth
+  name: agent-roles
+  namespace: {{ include "cluster-auth-manager.namespace" $ }}
 spec:
   placementRefs:
     - name: global

charts/cluster-auth-manager/templates/_helpers.tpl

@@ -60,3 +60,10 @@ Create the name of the service account to use
 {{- default "default" .Values.serviceAccount.name }}
 {{- end }}
 {{- end }}
+
+{{/*
+Addon manager namespace
+*/}}
+{{- define "cluster-auth-manager.namespace" -}}
+{{ ternary .Release.Namespace (required "A valid .Values.addonManagerNamespace is required!" .Values.addonManagerNamespace) (empty .Values.kubeconfigSecretName) }}
+{{- end }}

charts/cluster-auth-manager/templates/deployment.yaml

@@ -2,7 +2,7 @@ kind: Deployment
 apiVersion: apps/v1
 metadata:
   name: cluster-auth-manager
-  namespace: {{ ternary "open-cluster-management-cluster-auth" .Release.Namespace (empty .Values.kubeconfigSecretName) }}
+  namespace: {{ .Release.Namespace }}
   labels:
     app: cluster-auth-manager
 spec:
@@ -31,6 +31,19 @@ spec:
             - --kubeconfig=/var/run/secrets/ocm/auth/kubeconfig
             {{- end }}
             - --registryFQDN={{ .Values.registryFQDN }}
+          env:
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: POD_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            {{- if .Values.kubeconfigSecretName }}
+            - name: NAMESPACE
+              value: {{ include "cluster-auth-manager.namespace" . }}
+            {{- end }}
           volumeMounts:
           {{- if .Values.kubeconfigSecretName }}
             - mountPath: /var/run/secrets/ocm/auth

charts/cluster-auth-manager/templates/k8s/cluster_role.yaml

@@ -3,7 +3,7 @@
 kind: ClusterRole
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
-  name: cluster-auth-manager
+  name: open-cluster-management:cluster-auth:addon-manager
 rules:
   - apiGroups: [""]
     resources: ["configmaps", "events", "namespaces", "secrets", "serviceaccounts"]

charts/cluster-auth-manager/templates/k8s/cluster_role_binding.yaml

@@ -3,14 +3,14 @@
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
-  name: cluster-auth-manager
+  name: open-cluster-management:cluster-auth:addon-manager
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
-  name: cluster-auth-manager
+  name: open-cluster-management:cluster-auth:addon-manager
 subjects:
   - kind: ServiceAccount
     name: cluster-auth-manager
-    namespace: open-cluster-management-cluster-auth
+    namespace: {{ .Release.Namespace }}
 
 {{- end }}

charts/cluster-auth-manager/templates/k8s/service_account.yaml

@@ -4,6 +4,6 @@ apiVersion: v1
 kind: ServiceAccount
 metadata:
   name: cluster-auth-manager
-  namespace: open-cluster-management-cluster-auth
+  namespace: {{ .Release.Namespace }}
 
 {{- end }}

charts/cluster-auth-manager/templates/ocm-mc/addon.yaml

@@ -24,10 +24,8 @@ spec:
           - -c
           - |
               sleep 2; \
+              kubectl --kubeconfig=auth/kubeconfig create ns namespace: {{ include "cluster-auth-manager.namespace" $ }} || true; \
               kubectl --kubeconfig=auth/kubeconfig apply -f - <<EOF
-              {{- $restpl := $.Files.Get "common/addon/namespace.yaml" -}}
-              {{- tpl $restpl $ | nindent 14 }}
-              ---
               {{- $restpl := $.Files.Get "common/addon/clustermanagementaddon.yaml" -}}
               {{- tpl $restpl $ | nindent 14 }}
               ---

charts/cluster-auth-manager/values.openapiv3_schema.yaml

@@ -1,4 +1,6 @@
 properties:
+  addonManagerNamespace:
+    type: string
   fullnameOverride:
     type: string
   image:
@@ -16,6 +18,16 @@ properties:
     type: object
   nameOverride:
     type: string
+  placement:
+    properties:
+      create:
+        type: boolean
+      name:
+        type: string
+    required:
+    - create
+    - name
+    type: object
   registryFQDN:
     type: string
   tag:
@@ -24,5 +36,6 @@ required:
 - image
 - imagePullPolicy
 - kubectl
+- placement
 - registryFQDN
 type: object

charts/cluster-auth-manager/values.yaml

@@ -9,6 +9,11 @@ tag: ""
 imagePullPolicy: Always
 
 kubeconfigSecretName: ""
+addonManagerNamespace: open-cluster-management-cluster-auth
+
+placement:
+  create: true
+  name: global
 
 kubectl:
-  image: ghcr.io/appscode/kubectl:1.25
+  image: ghcr.io/appscode/kubectl-nonroot:1.25

charts/cluster-proxy/Chart.yaml → charts/cluster-proxy-manager/Chart.yaml

@@ -3,4 +3,4 @@ name: cluster-proxy
 description: A Helm chart for Cluster-Proxy OCM Addon
 type: application
 version: v2024.2.25
-appVersion: 1.0.0
+appVersion: v0.3.0

charts/cluster-proxy/README.md → charts/cluster-proxy-manager/README.md

@@ -58,7 +58,7 @@ The following table lists the configurable parameters of the `cluster-proxy` cha
 | proxyServer.entrypointAddress      |                                        | <code>""</code>                                      |
 | proxyServer.port                   |                                        | <code>8091</code>                                    |
 | kubeconfigSecretName               | required for multicluster controlplane | <code>""</code>                                      |
-| kubectl.image                      |                                        | <code>ghcr.io/appscode/kubectl:1.23</code>           |
+| kubectl.image                      |                                        | <code>ghcr.io/appscode/kubectl-nonroot:1.25</code>   |
 
 
 Specify each parameter using the `--set key=value[,key=value]` argument to `helm upgrade -i`. For example:

charts/cluster-proxy/common/clustermanagementaddon.yaml → charts/cluster-proxy-manager/common/addon/clustermanagementaddon.yaml

@@ -6,6 +6,8 @@ spec:
   addOnMeta:
     displayName: cluster-proxy
     description: cluster-proxy
+  installStrategy:
+    type: Manual
   supportedConfigs:
   - group: proxy.open-cluster-management.io
     resource: managedproxyconfigurations