[50] Helm-chart initial commit (#78)

.github/workflows/helm-publish.yaml

@@ -0,0 +1,60 @@
+name: Helm publish
+
+on:
+  push:
+    # Publish semver tags as releases.
+    tags: [ 'v*.*.*' ]
+
+env:
+  REGISTRY: ghcr.io
+  CHARTS_REPOSITORY: ${{ github.repository_owner }}/charts
+  CHART_NAME: etcd-operator
+
+
+jobs:
+  build:
+    runs-on: ubuntu-22.04
+    permissions:
+      contents: read
+      packages: write
+      # This is used to complete the identity challenge
+      # with sigstore/fulcio when running outside of PRs.
+      id-token: write
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4.1.1
+
+      - name: Install Helm
+        uses: azure/setup-helm@v4.1.0
+        with:
+          version: 'v3.14.3'
+
+      - name: Get latest tag
+        run: |
+          TAG=${{ github.ref_name }}
+          echo "Tag for packaging chart is $TAG"
+          echo "LATEST_TAG=${TAG}" >> $GITHUB_ENV
+          echo "LATEST_TAG_TRIMMED_V=${TAG#v}" >> $GITHUB_ENV
+
+      - name: Helm login registry
+        working-directory: charts
+        run: |
+          helm registry login \
+            --username ${{ github.actor }} \
+            --password ${{ secrets.GITHUB_TOKEN }} \
+            ${{ env.REGISTRY }}/${{ env.CHARTS_REPOSITORY }}
+
+      - name: Helm package chart
+        working-directory: charts
+        run: |
+          helm package ${{ env.CHART_NAME }} \
+            --version ${LATEST_TAG_TRIMMED_V} \
+            --app-version ${LATEST_TAG} \
+            --dependency-update
+
+      - name: Helm push chart
+        working-directory: charts
+        run: |
+          helm push ${{ env.CHART_NAME }}-${LATEST_TAG_TRIMMED_V}.tgz \
+              oci://${{ env.REGISTRY }}/${{ env.CHARTS_REPOSITORY }}

.pre-commit-config.yaml

@@ -6,6 +6,7 @@ repos:
   hooks:
     - id: trailing-whitespace
     - id: end-of-file-fixer
+      exclude: "^charts/etcd-operator/(values.schema.json|README.md)$"
     - id: check-added-large-files
 - repo: local
   hooks:
@@ -23,3 +24,18 @@ repos:
       entry: sh -c "make lint-fix"
       language: system
       require_serial: true
+    - id: make-helm-lint
+      name: make-helm-lint
+      entry: sh -c "make helm-lint"
+      language: system
+      require_serial: true
+    - id: make-helm-schema-run
+      name: make-helm-schema-run
+      entry: sh -c "make helm-schema-run"
+      language: system
+      require_serial: true
+    - id: make-helm-docs-run
+      name: make-helm-docs-run
+      entry: sh -c "make helm-docs-run"
+      language: system
+      require_serial: true

Makefile

@@ -77,6 +77,18 @@ lint: golangci-lint ## Run golangci-lint linter & yamllint
 lint-fix: golangci-lint ## Run golangci-lint linter and perform fixes
 	$(GOLANGCI_LINT) run --fix
 
+.PHONY: helm-lint
+helm-lint: helm ## Run helm lint over chart
+	$(HELM) lint charts/etcd-operator
+
+.PHONY: helm-schema-run
+helm-schema-run: helm-schema ## Run helm schema over chart
+	$(HELM) schema -input charts/etcd-operator/values.yaml -output charts/etcd-operator/values.schema.json
+
+.PHONY: helm-docs-run
+helm-docs-run: helm-docs ## Run helm schema over chart
+	$(HELM_DOCS)
+
 ##@ Build
 
 .PHONY: build
@@ -185,22 +197,34 @@ LOCALBIN ?= $(shell pwd)/bin
 $(LOCALBIN):
 	mkdir -p $(LOCALBIN)
 
+HELM_PLUGINS ?= $(LOCALBIN)/helm-plugins
+export HELM_PLUGINS
+$(HELM_PLUGINS):
+	mkdir -p $(HELM_PLUGINS)
+
 ## Tool Binaries
 KUBECTL ?= kubectl
 KUSTOMIZE ?= $(LOCALBIN)/kustomize
 CONTROLLER_GEN ?= $(LOCALBIN)/controller-gen
 ENVTEST ?= $(LOCALBIN)/setup-envtest
-GOLANGCI_LINT = $(LOCALBIN)/golangci-lint
+GOLANGCI_LINT ?= $(LOCALBIN)/golangci-lint
 KIND ?= $(LOCALBIN)/kind
+HELM ?= $(LOCALBIN)/helm
+HELM_DOCS ?= $(LOCALBIN)/helm-docs
 
 ## Tool Versions
 KUSTOMIZE_VERSION ?= v5.3.0
 CONTROLLER_TOOLS_VERSION ?= v0.14.0
 ENVTEST_VERSION ?= latest
 GOLANGCI_LINT_VERSION ?= v1.54.2
 KIND_VERSION ?= v0.22.0
+HELM_VERSION ?= v3.14.3
+HELM_SCHEMA_VERSION ?= v1.2.2
+HELM_DOCS_VERSION ?= v1.13.1
 
+## Tool install scripts
 KUSTOMIZE_INSTALL_SCRIPT ?= "https://raw.githubusercontent.com/kubernetes-sigs/kustomize/master/hack/install_kustomize.sh"
+HELM_INSTALL_SCRIPT ?= "https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3"
 
 .PHONY: kustomize
 kustomize: $(LOCALBIN)
@@ -226,3 +250,24 @@ golangci-lint: $(LOCALBIN)
 kind: $(LOCALBIN)
 	@test -x $(KIND) && $(KIND) version | grep -q $(KIND_VERSION) || \
 	GOBIN=$(LOCALBIN) go install sigs.k8s.io/kind@$(KIND_VERSION)
+
+.PHONY: helm
+helm: $(LOCALBIN)
+	@if test -x $(HELM) && ! $(HELM) version | grep -q $(HELM_VERSION); then \
+		rm -f $(HELM); \
+	fi
+	@test -x $(HELM) || { curl -Ss $(HELM_INSTALL_SCRIPT) | sed "s|/usr/local/bin|$(LOCALBIN)|" | PATH="$(LOCALBIN):$(PATH)" bash -s -- --no-sudo --version $(HELM_VERSION); }
+
+.PHONY: helm-schema
+helm-schema: helm $(HELM_PLUGINS)
+	@if ! $(HELM) plugin list | grep schema | grep -q $(subst v,,$(HELM_SCHEMA_VERSION)); then \
+		if $(HELM) plugin list | grep -q schema ; then \
+			$(HELM) plugin uninstall schema; \
+		fi; \
+		$(HELM) plugin install https://github.com/losisin/helm-values-schema-json --version=$(HELM_SCHEMA_VERSION); \
+	fi
+
+.PHONY: helm-docs
+helm-docs: $(LOCALBIN)
+	@test -x $(HELM_DOCS) && $(HELM_DOCS) version | grep -q $(HELM_DOCS_VERSION) || \
+	GOBIN=$(LOCALBIN) go install github.com/norwoodj/helm-docs/cmd/helm-docs@$(HELM_DOCS_VERSION)

charts/etcd-operator/.helmignore

@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/

charts/etcd-operator/Chart.yaml

@@ -0,0 +1,5 @@
+apiVersion: v2
+name: etcd-operator
+type: application
+version: 0.0.0 # Placeholder, the actual version will be set in the release pipeline.
+appVersion: "v0.0.0" # Placeholder, the actual version will be set in the release pipeline.

charts/etcd-operator/README.md

@@ -0,0 +1,63 @@
+# etcd-operator
+
+![Version: 0.0.0](https://img.shields.io/badge/Version-0.0.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v0.0.0](https://img.shields.io/badge/AppVersion-v0.0.0-informational?style=flat-square)
+
+## Values
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| affinity | object | `{}` |  |
+| etcdOperator.args[0] | string | `"--health-probe-bind-address=:8081"` |  |
+| etcdOperator.args[1] | string | `"--metrics-bind-address=127.0.0.1:8080"` |  |
+| etcdOperator.args[2] | string | `"--leader-elect"` |  |
+| etcdOperator.envVars | object | `{}` |  |
+| etcdOperator.image.pullPolicy | string | `"IfNotPresent"` |  |
+| etcdOperator.image.repository | string | `"ghcr.io/aenix-io/etcd-operator"` |  |
+| etcdOperator.image.tag | string | `""` |  |
+| etcdOperator.livenessProbe.httpGet.path | string | `"/healthz"` |  |
+| etcdOperator.livenessProbe.httpGet.port | int | `8081` |  |
+| etcdOperator.livenessProbe.initialDelaySeconds | int | `15` |  |
+| etcdOperator.livenessProbe.periodSeconds | int | `20` |  |
+| etcdOperator.readinessProbe.httpGet.path | string | `"/readyz"` |  |
+| etcdOperator.readinessProbe.httpGet.port | int | `8081` |  |
+| etcdOperator.readinessProbe.initialDelaySeconds | int | `5` |  |
+| etcdOperator.readinessProbe.periodSeconds | int | `10` |  |
+| etcdOperator.resources.limits.cpu | string | `"500m"` |  |
+| etcdOperator.resources.limits.memory | string | `"128Mi"` |  |
+| etcdOperator.resources.requests.cpu | string | `"100m"` |  |
+| etcdOperator.resources.requests.memory | string | `"64Mi"` |  |
+| etcdOperator.securityContext.allowPrivilegeEscalation | bool | `false` |  |
+| etcdOperator.securityContext.capabilities.drop[0] | string | `"ALL"` |  |
+| etcdOperator.service.port | int | `9443` |  |
+| etcdOperator.service.type | string | `"ClusterIP"` |  |
+| fullnameOverride | string | `""` |  |
+| imagePullSecrets | list | `[]` |  |
+| kubeRbacProxy.args[0] | string | `"--secure-listen-address=0.0.0.0:8443"` |  |
+| kubeRbacProxy.args[1] | string | `"--upstream=http://127.0.0.1:8080/"` |  |
+| kubeRbacProxy.args[2] | string | `"--logtostderr=true"` |  |
+| kubeRbacProxy.args[3] | string | `"--v=0"` |  |
+| kubeRbacProxy.image.pullPolicy | string | `"IfNotPresent"` |  |
+| kubeRbacProxy.image.repository | string | `"gcr.io/kubebuilder/kube-rbac-proxy"` |  |
+| kubeRbacProxy.image.tag | string | `"v0.15.0"` |  |
+| kubeRbacProxy.livenessProbe | object | `{}` |  |
+| kubeRbacProxy.readinessProbe | object | `{}` |  |
+| kubeRbacProxy.resources.limits.cpu | string | `"500m"` |  |
+| kubeRbacProxy.resources.limits.memory | string | `"128Mi"` |  |
+| kubeRbacProxy.resources.requests.cpu | string | `"100m"` |  |
+| kubeRbacProxy.resources.requests.memory | string | `"64Mi"` |  |
+| kubeRbacProxy.securityContext.allowPrivilegeEscalation | bool | `false` |  |
+| kubeRbacProxy.securityContext.capabilities.drop[0] | string | `"ALL"` |  |
+| kubeRbacProxy.service.port | int | `8443` |  |
+| kubeRbacProxy.service.type | string | `"ClusterIP"` |  |
+| kubernetesClusterDomain | string | `"cluster.local"` |  |
+| nameOverride | string | `""` |  |
+| nodeSelector | object | `{}` |  |
+| podAnnotations | object | `{}` |  |
+| podLabels | object | `{}` |  |
+| podSecurityContext | object | `{}` |  |
+| replicaCount | int | `1` |  |
+| securityContext.runAsNonRoot | bool | `true` |  |
+| serviceAccount.annotations | object | `{}` |  |
+| serviceAccount.create | bool | `true` |  |
+| tolerations | list | `[]` |  |
+