feat: chart proposal

Signed-off-by: Oliver Bähler <[email protected]>
projectcapsule · May 3, 2024 · 4b02a61 · 4b02a61
1 parent 60170c9
commit 4b02a61
Show file tree

Hide file tree

Showing 10 changed files with 57 additions and 2,516 deletions.
diff --git a/Makefile b/Makefile
@@ -112,7 +112,7 @@ IP.1   = $(LAPTOP_HOST_IP)
 endef
 export TLS_CNF
 dev-setup:
-	kubectl -n capsule-system scale deployment capsule-controller-manager --replicas=0
+	kubectl -n capsule-system scale deployment capsule-controller-manager --replicas=0 || true
 	mkdir -p /tmp/k8s-webhook-server/serving-certs
 	echo "$${TLS_CNF}" > _tls.cnf
 	openssl req -newkey rsa:4096 -days 3650 -nodes -x509 \
@@ -124,35 +124,18 @@ dev-setup:
 	rm -f _tls.cnf 
 	export WEBHOOK_URL="https://$${LAPTOP_HOST_IP}:9443"; \
 	export CA_BUNDLE=`openssl base64 -in /tmp/k8s-webhook-server/serving-certs/tls.crt | tr -d '\n'`; \
-	kubectl patch MutatingWebhookConfiguration capsule-mutating-webhook-configuration \
-		--type='json' -p="[\
-		    {'op': 'replace', 'path': '/webhooks/0/clientConfig', 'value':{'url':\"$${WEBHOOK_URL}/defaults\",'caBundle':\"$${CA_BUNDLE}\"}},\
-			{'op': 'replace', 'path': '/webhooks/1/clientConfig', 'value':{'url':\"$${WEBHOOK_URL}/defaults\",'caBundle':\"$${CA_BUNDLE}\"}},\
-			{'op': 'replace', 'path': '/webhooks/2/clientConfig', 'value':{'url':\"$${WEBHOOK_URL}/defaults\",'caBundle':\"$${CA_BUNDLE}\"}},\
-			{'op': 'replace', 'path': '/webhooks/3/clientConfig', 'value':{'url':\"$${WEBHOOK_URL}/namespace-owner-reference\",'caBundle':\"$${CA_BUNDLE}\"}}\
-		]" && \
-	kubectl patch ValidatingWebhookConfiguration capsule-validating-webhook-configuration \
-		--type='json' -p="[\
-			{'op': 'replace', 'path': '/webhooks/0/clientConfig', 'value':{'url':\"$${WEBHOOK_URL}/cordoning\",'caBundle':\"$${CA_BUNDLE}\"}},\
-			{'op': 'replace', 'path': '/webhooks/1/clientConfig', 'value':{'url':\"$${WEBHOOK_URL}/ingresses\",'caBundle':\"$${CA_BUNDLE}\"}},\
-			{'op': 'replace', 'path': '/webhooks/2/clientConfig', 'value':{'url':\"$${WEBHOOK_URL}/namespaces\",'caBundle':\"$${CA_BUNDLE}\"}},\
-			{'op': 'replace', 'path': '/webhooks/3/clientConfig', 'value':{'url':\"$${WEBHOOK_URL}/networkpolicies\",'caBundle':\"$${CA_BUNDLE}\"}},\
-			{'op': 'replace', 'path': '/webhooks/4/clientConfig', 'value':{'url':\"$${WEBHOOK_URL}/nodes\",'caBundle':\"$${CA_BUNDLE}\"}},\
-			{'op': 'replace', 'path': '/webhooks/5/clientConfig', 'value':{'url':\"$${WEBHOOK_URL}/pods\",'caBundle':\"$${CA_BUNDLE}\"}},\
-			{'op': 'replace', 'path': '/webhooks/6/clientConfig', 'value':{'url':\"$${WEBHOOK_URL}/persistentvolumeclaims\",'caBundle':\"$${CA_BUNDLE}\"}},\
-			{'op': 'replace', 'path': '/webhooks/7/clientConfig', 'value':{'url':\"$${WEBHOOK_URL}/services\",'caBundle':\"$${CA_BUNDLE}\"}},\
-			{'op': 'replace', 'path': '/webhooks/8/clientConfig', 'value':{'url':\"$${WEBHOOK_URL}/tenantresource-objects\",'caBundle':\"$${CA_BUNDLE}\"}},\
-			{'op': 'replace', 'path': '/webhooks/9/clientConfig', 'value':{'url':\"$${WEBHOOK_URL}/tenants\",'caBundle':\"$${CA_BUNDLE}\"}}\
-		]" && \
-	kubectl patch crd tenants.capsule.clastix.io \
-		--type='json' -p="[\
-			{'op': 'replace', 'path': '/spec/conversion/webhook/clientConfig', 'value':{'url': \"$${WEBHOOK_URL}\", 'caBundle': \"$${CA_BUNDLE}\"}}\
-		]" && \
-	kubectl patch crd capsuleconfigurations.capsule.clastix.io \
-		--type='json' -p="[\
-			{'op': 'replace', 'path': '/spec/conversion/webhook/clientConfig', 'value':{'url': \"$${WEBHOOK_URL}\", 'caBundle': \"$${CA_BUNDLE}\"}}\
-		]";
-
+	helm upgrade \
+	    --dependency-update \
+		--debug \
+		--install \
+		--namespace capsule-system \
+		--set 'crds.install=true' \
+		--set 'crds.exclusive=true'\
+		--set "webhooks.inclusive=true"\
+		--set "webhooks.service.url=$${WEBHOOK_URL}" \
+		--set "webhooks.service.caBundle=$${CA_BUNDLE}" \
+		capsule-crds \
+		./charts/capsule
 
 ####################
 # -- Docker
@@ -323,7 +306,7 @@ e2e-install-crds:
 		--create-namespace \
 		--set 'crds.install=true' \
 		--set 'crds.exclusive=true'\
-		capsule \
+		capsule-crds \
 		./charts/capsule
 
 

diff --git a/charts/capsule/README.md b/charts/capsule/README.md
@@ -322,6 +322,7 @@ Here the values you can override:
 | webhooks.hooks.services.namespaceSelector.matchExpressions[0].operator | string | `"Exists"` |  |
 | webhooks.hooks.tenantResourceObjects.failurePolicy | string | `"Fail"` |  |
 | webhooks.hooks.tenants.failurePolicy | string | `"Fail"` |  |
+| webhooks.inclusive | bool | `false` | When `crds.exclusive` is `true` but `inclusive` is `true` the webhooks will be installed |
 | webhooks.mutatingWebhooksTimeoutSeconds | int | `30` | Timeout in seconds for mutating webhooks |
 | webhooks.service.caBundle | string | `""` | CABundle for the webhook service |
 | webhooks.service.name | string | `""` | Custom service name for the webhook service |
@@ -354,10 +355,6 @@ And optionally, depending on the values set:
 * RBAC ClusterRole and RoleBinding for pod security policy
 * RBAC Role and Rolebinding for metrics scrape
 
-## Notes on installing Custom Resource Definitions with Helm3
-
-Capsule, as many other add-ons, defines its own set of Custom Resource Definitions (CRDs). Helm3 removed the old CRDs installation method for a more simple methodology. In the Helm Chart, there is now a special directory called `crds` to hold the CRDs. These CRDs are not templated, but will be installed by default when running a `helm install` for the chart. If the CRDs already exist (for example, you already executed `helm install`), it will be skipped with a warning. When you wish to skip the CRDs installation, and do not see the warning, you can pass the `--skip-crds` flag to the `helm install` command.
-
 ## Cert-Manager integration
 
 You can enable the generation of certificates using `cert-manager` as follows.

diff --git a/charts/capsule/crd/capsule.clastix.io_capsuleconfigurations.patch b/charts/capsule/crd/capsule.clastix.io_capsuleconfigurations.patch
@@ -8,9 +8,7 @@ spec:
     strategy: Webhook
     webhook:
       clientConfig:
-        service:
-          {{- include "capsule.webhooks.endpoint" $ | nindent 10 }}
-          path: /convert
+        {{- include "capsule.webhooks.service" (dict "path" "/convert" "ctx" $) | nindent 8 }}
       conversionReviewVersions:
         - v1beta1
         - v1beta2
diff --git a/charts/capsule/crd/capsule.clastix.io_tenants.patch b/charts/capsule/crd/capsule.clastix.io_tenants.patch
@@ -8,9 +8,7 @@ spec:
     strategy: Webhook
     webhook:
       clientConfig:
-        service:
-          {{- include "capsule.webhooks.endpoint" $ | nindent 10 }}
-          path: /convert
+        {{- include "capsule.webhooks.service" (dict "path" "/convert" "ctx" $) | nindent 8 }}
       conversionReviewVersions:
         - v1beta1
         - v1beta2