feat: Add helm chart (#10)

Author: jimmidyson

.github/workflows/checks.yml

@@ -52,11 +52,6 @@ jobs:
         with:
           asdf_branch: v0.11.0
 
-      - name: Set up QEMU
-        uses: docker/setup-qemu-action@v2
-        with:
-          platforms: arm64
-
       - name: Run e2e tests
         run: make e2e-test
         env:
@@ -99,6 +94,14 @@ jobs:
         with:
           shfmt-version: ${{ fromJson(steps.versions.outputs.tools).shfmt }}
 
+      - name: Install asdf
+        uses: asdf-vm/actions/setup@master
+        with:
+          asdf_branch: v0.11.0
+
+      - name: Install helm-docs
+        run: make install-tool.helm-docs
+
       - uses: pre-commit/[email protected]
         with:
           extra_args: --all-files --show-diff-on-failure

.github/workflows/goreleaser.yaml

@@ -43,6 +43,7 @@ jobs:
         uses: actions/setup-go@v3
         with:
           go-version: ${{ fromJson(steps.versions.outputs.tools).golang }}
+          check-latest: false
           cache: true
 
       - name: Run goreleaser

.pre-commit-config.yaml

@@ -22,6 +22,7 @@ repos:
   - id: check-yaml
     args: ["-m", "--unsafe"]
     stages: [commit]
+    exclude: ^charts/.+/templates/
   - id: mixed-line-ending
     args: ["-f", "lf"]
     exclude: \.bat$
@@ -58,13 +59,13 @@ repos:
   hooks:
   - id: shellcheck
     stages: [commit]
-    args: ["-e", "SC2211"]
+    args: ["-e", "SC2211", "-x"]
 - repo: https://github.com/igorshubovych/markdownlint-cli
   rev: v0.33.0
   hooks:
   - id: markdownlint
     stages: [commit]
-    exclude: ^CHANGELOG.md$
+    exclude: ^(CHANGELOG.md|charts/.+/README.md)$
 - repo: https://github.com/Lucas-C/pre-commit-hooks
   rev: v1.4.2
   hooks:
@@ -84,6 +85,7 @@ repos:
     args:
       - --license-filepath
       - header.txt
+    exclude: ^pkg/addons/templates/.+\.yaml$
   - id: insert-license
     name: License headers - Markdown
     stages: [commit]
@@ -94,3 +96,10 @@ repos:
       - header.txt
       - --comment-style
       - <!--|| -->
+- repo: https://github.com/norwoodj/helm-docs
+  rev: v1.2.0
+  hooks:
+  - id: helm-docs
+    args:
+      # Make the tool search for charts only under the `example-charts` directory
+      - --chart-search-root=charts

.tool-versions

@@ -1,13 +1,16 @@
+clusterctl 1.3.3
+gcloud 416.0.0
+gcloud 416.0.0
 ginkgo 2.8.0
 gojq 0.12.11
 golang 1.19.5
 golangci-lint 1.50.1
 goreleaser 1.15.0
 helm 3.11.0
+helm-docs 1.11.0
 kube-controller-tools 0.11.2
+kubectl 1.26.1
 kustomize 4.5.7
 pre-commit 3.0.2
 shfmt 3.6.0
 upx 4.0.2
-gcloud 416.0.0
-kubectl 1.26.1

charts/capi-runtime-extensions/Chart.yaml

@@ -0,0 +1,19 @@
+# Copyright 2023 D2iQ, Inc. All rights reserved.
+# SPDX-License-Identifier: Apache-2.0
+
+apiVersion: v1
+
+name: capi-runtime-extensions
+type: application
+description: A Helm chart for capi-runtime-extensions
+
+home: https://github.com/d2iq-labs/capi-runtime-extensions
+maintainers:
+- name: Jimmi Dyson
+  email: [email protected]
+  url: https://eng.d2iq.com
+sources:
+- https://github.com/d2iq-labs/capi-runtime-extensions
+
+appVersion: v0.0.0-dev
+version: v0.0.0-dev

charts/capi-runtime-extensions/README.md

@@ -0,0 +1,46 @@
+<!--
+ Copyright 2023 D2iQ, Inc. All rights reserved.
+ SPDX-License-Identifier: Apache-2.0
+ -->
+
+# capi-runtime-extensions
+
+![Version: v0.0.0-dev](https://img.shields.io/badge/Version-v0.0.0--dev-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v0.0.0-dev](https://img.shields.io/badge/AppVersion-v0.0.0--dev-informational?style=flat-square)
+
+A Helm chart for capi-runtime-extensions
+
+**Homepage:** <https://github.com/d2iq-labs/capi-runtime-extensions>
+
+## Maintainers
+
+| Name | Email | Url |
+| ---- | ------ | --- |
+| Jimmi Dyson | <[email protected]> | <https://eng.d2iq.com> |
+
+## Source Code
+
+* <https://github.com/d2iq-labs/capi-runtime-extensions>
+
+## Values
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| certificate.issuer.kind | string | `"Issuer"` |  |
+| certificate.issuer.name | string | `nil` |  |
+| certificate.issuer.selfSigned | bool | `true` |  |
+| env | object | `{}` |  |
+| image.pullPolicy | string | `"IfNotPresent"` |  |
+| image.repository | string | `"ghcr.io/d2iq-labs/capi-runtime-extensions"` |  |
+| image.tag | string | `nil` |  |
+| imagePullSecrets | list | `[]` | Optional secrets used for pulling the container image |
+| nodeSelector | object | `{}` |  |
+| priorityClassName | string | `""` | Optional priority class to be used for the pod. |
+| resources.limits.cpu | string | `"100m"` |  |
+| resources.limits.memory | string | `"256Mi"` |  |
+| resources.requests.cpu | string | `"100m"` |  |
+| resources.requests.memory | string | `"128Mi"` |  |
+| securityContext.runAsUser | int | `65532` |  |
+| service.annotations | object | `{}` |  |
+| service.port | int | `443` |  |
+| service.type | string | `"ClusterIP"` |  |
+| tolerations | list | `[]` |  |

charts/capi-runtime-extensions/README.md.gotmpl

@@ -0,0 +1,21 @@
+<!--
+ Copyright 2023 D2iQ, Inc. All rights reserved.
+ SPDX-License-Identifier: Apache-2.0
+ -->
+
+{{ template "chart.header" . }}
+{{ template "chart.deprecationWarning" . }}
+
+{{ template "chart.badgesSection" . }}
+
+{{ template "chart.description" . }}
+
+{{ template "chart.homepageLine" . }}
+
+{{ template "chart.maintainersSection" . }}
+
+{{ template "chart.sourcesSection" . }}
+
+{{ template "chart.requirementsSection" . }}
+
+{{ template "chart.valuesSection" . }}

charts/capi-runtime-extensions/templates/_helpers.tpl

@@ -0,0 +1,50 @@
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "chart.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "chart.fullname" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Common labels
+*/}}
+{{- define "chart.labels" -}}
+app.kubernetes.io/name: {{ include "chart.name" . }}
+helm.sh/chart: {{ include "chart.fullname" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end -}}
+
+{{/*
+Selector labels
+*/}}
+{{- define "chart.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "chart.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{/*
+Certificate issuer name
+*/}}
+{{- define "chart.issuerName" -}}
+{{- if .Values.certificate.issuer.selfSigned -}}
+{{- if .Values.certificate.issuer.name -}}
+{{ .Values.certificate.issuer.name }}
+{{- else -}}
+{{ template "chart.name" . }}-issuer
+{{- end -}}
+{{- else -}}
+{{ required "A valid .Values.certificates.issuer.name is required!" .Values.certificate.issuer.name }}
+{{- end -}}
+{{- end -}}

charts/capi-runtime-extensions/templates/certificate.yaml

@@ -0,0 +1,18 @@
+# Copyright 2023 D2iQ, Inc. All rights reserved.
+# SPDX-License-Identifier: Apache-2.0
+
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: {{ template "chart.name" . }}-tls
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "chart.labels" . | nindent 4 }}
+spec:
+  dnsNames:
+    - {{ template "chart.name" . }}.{{ .Release.Namespace }}.svc
+    - {{ template "chart.name" . }}.{{ .Release.Namespace }}.svc.cluster.local
+  issuerRef:
+    kind: {{ .Values.certificate.issuer.kind }}
+    name: {{ template "chart.issuerName" . }}
+  secretName: {{ template "chart.name" . }}-tls

charts/capi-runtime-extensions/templates/clusterrole.yaml

@@ -0,0 +1,23 @@
+# Copyright 2023 D2iQ, Inc. All rights reserved.
+# SPDX-License-Identifier: Apache-2.0
+
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  labels:
+{{ include "chart.labels" . | indent 4 }}
+  name: {{ include "chart.name" . }}
+rules:
+- apiGroups: [""]
+  resources: ["secrets"]
+  verbs: ["watch", "list", "get"]
+- apiGroups:
+    - addons.cluster.x-k8s.io
+    - bootstrap.cluster.x-k8s.io
+    - clusterctl.cluster.x-k8s.io
+    - controlplane.cluster.x-k8s.io
+    - infrastructure.cluster.x-k8s.io
+    - ipam.cluster.x-k8s.io
+    - runtime.cluster.x-k8s.io
+  resources: ["*"]
+  verbs: ["watch", "list", "get"]

charts/capi-runtime-extensions/templates/clusterrolebinding.yaml

@@ -0,0 +1,17 @@
+# Copyright 2023 D2iQ, Inc. All rights reserved.
+# SPDX-License-Identifier: Apache-2.0
+
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  labels:
+{{ include "chart.labels" . | indent 4 }}
+  name: {{ include "chart.name" . }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ include "chart.name" . }}
+subjects:
+- kind: ServiceAccount
+  name: {{ include "chart.name" . }}
+  namespace: {{ .Release.Namespace }}

charts/capi-runtime-extensions/templates/deployment.yaml

@@ -0,0 +1,72 @@
+# Copyright 2023 D2iQ, Inc. All rights reserved.
+# SPDX-License-Identifier: Apache-2.0
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    {{- include "chart.labels" . | nindent 4 }}
+  name: {{ template "chart.name" . }}
+  namespace: {{ .Release.Namespace }}
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      {{- include "chart.selectorLabels" . | nindent 6 }}
+  template:
+    metadata:
+      labels:
+        {{- include "chart.selectorLabels" . | nindent 8 }}
+    spec:
+      nodeSelector:
+        {{- toYaml .Values.commonNodeSelector | nindent 8 }}
+      tolerations:
+        {{- toYaml .Values.commonTolerations | nindent 8 }}
+      serviceAccountName: {{ template "chart.name" . }}
+      terminationGracePeriodSeconds: 10
+      containers:
+      - name: webhook
+        image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default $.Chart.AppVersion }}"
+        imagePullPolicy: "{{ .Values.image.pullPolicy }}"
+{{- if .Values.env }}
+        env:
+{{- range $key, $value := .Values.env }}
+        - name: "{{ $key }}"
+          value: "{{ $value }}"
+{{- end }}
+{{- end }}
+        args:
+        - --webhook-cert-dir=/certs/
+        {{- range $key, $value := .Values.extraArgs }}
+        - --{{ $key }}={{ $value }}
+        {{- end }}
+        ports:
+        - containerPort: 9443
+          name: https
+          protocol: TCP
+        resources:
+          {{ with .Values.resources }}
+          {{- toYaml . | nindent 10 }}
+          {{- end }}
+        volumeMounts:
+        - mountPath: /certs
+          name: cert
+          readOnly: true
+        # livenessProbe:
+        #   httpGet:
+        #     port: 9443
+        #     scheme: HTTPS
+        #     path: /healthz
+        # readinessProbe:
+        #   httpGet:
+        #     port: 9443
+        #     scheme: HTTPS
+        #     path: /readyz
+      securityContext:
+        {{ with .Values.securityContext }}
+        {{- toYaml . | nindent 8}}
+        {{- end }}
+      volumes:
+      - name: cert
+        secret:
+          defaultMode: 420
+          secretName: {{ template "chart.name" . }}-tls

charts/capi-runtime-extensions/templates/extensionconfig.yaml

@@ -0,0 +1,16 @@
+# Copyright 2023 D2iQ, Inc. All rights reserved.
+# SPDX-License-Identifier: Apache-2.0
+
+apiVersion: runtime.cluster.x-k8s.io/v1alpha1
+kind: ExtensionConfig
+metadata:
+  annotations:
+    runtime.cluster.x-k8s.io/inject-ca-from-secret: {{ .Release.Namespace }}/{{ template "chart.name" . }}-tls
+  name: {{ template "chart.name" . }}
+  namespace: {{ .Release.Namespace }}
+spec:
+  clientConfig:
+    service:
+      name: {{ template "chart.name" . }}
+      namespace: {{ .Release.Namespace }}
+      port: {{ .Values.service.port }}