fix: use pre-install helm hook to prepare rancher for turtles

Signed-off-by: Carlos Salas <carlos.salas@suse.com>
rancher · Oct 6, 2023 · 47f5148 · 47f5148
1 parent 41bb647
commit 47f5148
Show file tree

Hide file tree

Showing 3 changed files with 120 additions and 0 deletions.
diff --git a/.github/workflows/test_chart.yaml b/.github/workflows/test_chart.yaml
@@ -8,6 +8,8 @@ env:
   MANIFEST_IMG: controller
   CONTROLLER_IMG: controller
   PULL_POLICY: Never
+  CERT_MANAGER_VERSION: v1.12.3
+  RANCHER_VERSION: v2.7.5
 
 jobs:
   lint-test:
@@ -54,10 +56,23 @@ jobs:
         uses: helm/kind-action@v1.8.0
         with:
           cluster_name: kind
+          node_image: kindest/node:v1.26.3
 
       - name: Add local docker image
         run: kind load docker-image ${{ env.MANIFEST_IMG }}:${{ env.TAG }}
 
+      - name: Add cert-manager chart repo
+        run: helm repo add jetstack https://charts.jetstack.io
+
+      - name: Add rancher chart repo
+        run: helm repo add rancher-stable https://releases.rancher.com/server-charts/stable
+
+      - name: Install cert-manager
+        run: helm install cert-manager jetstack/cert-manager --namespace cert-manager --create-namespace --version ${{ env.CERT_MANAGER_VERSION }} --set installCRDs=true --wait
+
+      - name: Install Rancher
+        run: helm install rancher rancher-stable/rancher --namespace cattle-system --create-namespace --set bootstrapPassword=rancheradmin --set replicas=1 --set hostname="e2e.dev.rancher" --set 'extraEnv[0].name=CATTLE_FEATURES' --set global.cattle.psp.enabled=false --version ${{ env.RANCHER_VERSION }} --wait
+
       - name: Run chart-testing (install)
         run: helm install rancher-turtles out/charts/rancher-turtles/ -n rancher-turtles-system --create-namespace --wait --set cluster-api-operator.cluster-api.enabled=false --set cluster-api-operator.enabled=false
 

diff --git a/charts/rancher-turtles/templates/pre-install-job.yaml b/charts/rancher-turtles/templates/pre-install-job.yaml
@@ -0,0 +1,99 @@
+{{- if index .Values "rancherTurtles" "features" "embedded-capi" "disabled" }}
+---
+apiVersion: management.cattle.io/v3
+kind: Feature
+metadata:
+  name: embedded-cluster-api
+  annotations:
+    "helm.sh/hook": pre-install
+    "helm.sh/hook-weight": "1"
+spec:
+  value: false
+{{- end }}
+{{- if index .Values "rancherTurtles" "features" "rancher-webhook" "cleanup" }}
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: pre-install-job
+  namespace: rancher-turtles-system
+  annotations:
+    "helm.sh/hook": pre-install
+    "helm.sh/hook-weight": "1"
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: pre-install-job-delete-webhooks
+  annotations:
+    "helm.sh/hook": pre-install
+    "helm.sh/hook-weight": "1"
+rules:
+- apiGroups:
+  - admissionregistration.k8s.io
+  resources:
+  - validatingwebhookconfigurations
+  - mutatingwebhookconfigurations
+  verbs:
+  - delete
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: pre-install-job-webhook-cleanup
+  annotations:
+    "helm.sh/hook": pre-install
+    "helm.sh/hook-weight": "1"
+subjects:
+  - kind: ServiceAccount
+    name: pre-install-job
+    namespace: rancher-turtles-system
+roleRef:
+  kind: ClusterRole
+  name: pre-install-job-delete-webhooks
+  apiGroup: rbac.authorization.k8s.io
+---
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: rancher-mutatingwebhook-cleanup
+  annotations:
+    "helm.sh/hook": pre-install
+    "helm.sh/hook-weight": "2"
+spec:
+  ttlSecondsAfterFinished: 300
+  template:
+    spec:
+      serviceAccountName: pre-install-job
+      containers:
+        - name: rancher-mutatingwebhook-cleanup
+          image: {{ index .Values "rancherTurtles" "features" "rancher-webhook" "kubectlImage" }}:{{ .Capabilities.KubeVersion }}
+          args:
+          - delete
+          - mutatingwebhookconfigurations.admissionregistration.k8s.io
+          - mutating-webhook-configuration
+          - --ignore-not-found=true
+      restartPolicy: Never
+---
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: rancher-validatingwebhook-cleanup
+  annotations:
+    "helm.sh/hook": pre-install
+    "helm.sh/hook-weight": "2"
+spec:
+  ttlSecondsAfterFinished: 300
+  template:
+    spec:
+      serviceAccountName: pre-install-job
+      containers:
+        - name: rancher-validatingwebhook-cleanup
+          image: {{ index .Values "rancherTurtles" "features" "rancher-webhook" "kubectlImage" }}:{{ .Capabilities.KubeVersion }}
+          args:
+          - delete
+          - validatingwebhookconfigurations.admissionregistration.k8s.io
+          - validating-webhook-configuration
+          - --ignore-not-found=true
+      restartPolicy: Never
+{{- end }}
diff --git a/charts/rancher-turtles/values.yaml b/charts/rancher-turtles/values.yaml
@@ -5,6 +5,12 @@ rancherTurtles:
   namespace: rancher-turtles-system
   managerArguments: {}
   imagePullSecrets: []
+  features:
+    embedded-capi:
+      disabled: true
+    rancher-webhook:
+      cleanup: true
+      kubectlImage: rancher/kubectl
 cluster-api-operator:
   enabled: true
   cert-manager: