fix: adds TLS for mindthegap

Author: faiq

api/v1alpha1/zz_generated.deepcopy.go

@@ -9,36 +9,36 @@ apiVersion: v1
 data:
   cilium: |
     ChartName: cilium
-    ChartVersion: 1.15.0
-    RepositoryURL: {{ if .Values.selfHostedRegistry }}{{ .Values.selfHostedRegistryURI }}{{ else }}https://helm.cilium.io/{{ end }}
+    ChartVersion: 1.15.5
+    RepositoryURL: {{ if .Values.selfHostedRegistry }}oci://mindthegap.{{ .Release.Namespace }}.svc/charts{{ else }}https://helm.cilium.io/{{ end }}
   cluster-autoscaler: |
     ChartName: cluster-autoscaler
     ChartVersion: 9.37.0
-    RepositoryURL: {{ if .Values.selfHostedRegistry }}{{ .Values.selfHostedRegistryURI }}{{ else }}https://kubernetes.github.io/autoscaler{{ end }}
+    RepositoryURL: {{ if .Values.selfHostedRegistry }}oci://mindthegap.{{ .Release.Namespace }}.svc/charts{{ else }}https://kubernetes.github.io/autoscaler{{ end }}
   metallb: |
     ChartName: metallb
     ChartVersion: v0.14.5
-    RepositoryURL: {{ if .Values.selfHostedRegistry }}{{ .Values.selfHostedRegistryURI }}{{ else }}https://metallb.github.io/metallb{{ end }}
+    RepositoryURL: {{ if .Values.selfHostedRegistry }}oci://mindthegap.{{ .Release.Namespace }}.svc/charts{{ else }}https://metallb.github.io/metallb{{ end }}
   nfd: |
     ChartName: node-feature-discovery
     ChartVersion: 0.15.2
-    RepositoryURL: {{ if .Values.selfHostedRegistry }}{{ .Values.selfHostedRegistryURI }}{{ else }}https://kubernetes-sigs.github.io/node-feature-discovery/charts{{ end }}
+    RepositoryURL: {{ if .Values.selfHostedRegistry }}oci://mindthegap.{{ .Release.Namespace }}.svc/charts{{ else }}https://kubernetes-sigs.github.io/node-feature-discovery/charts{{ end }}
   nutanix-ccm: |
     ChartName: nutanix-cloud-provider
     ChartVersion: 0.3.3
-    RepositoryURL: {{ if .Values.selfHostedRegistry }}{{ .Values.selfHostedRegistryURI }}{{ else }}https://nutanix.github.io/helm/{{ end }}
+    RepositoryURL: {{ if .Values.selfHostedRegistry }}oci://mindthegap.{{ .Release.Namespace }}.svc/charts{{ else }}https://nutanix.github.io/helm/{{ end }}
   nutanix-snapshot-csi: |
     ChartName: nutanix-csi-snapshot
     ChartVersion: 6.3.2
-    RepositoryURL: {{ if .Values.selfHostedRegistry }}{{ .Values.selfHostedRegistryURI }}{{ else }}https://nutanix.github.io/helm/{{ end }}
+    RepositoryURL: {{ if .Values.selfHostedRegistry }}oci://mindthegap.{{ .Release.Namespace }}.svc/charts{{ else }}https://nutanix.github.io/helm/{{ end }}
   nutanix-storage-csi: |
     ChartName: nutanix-csi-storage
     ChartVersion: 3.0.0-beta.1912
-    RepositoryURL: {{ if .Values.selfHostedRegistry }}{{ .Values.selfHostedRegistryURI }}{{ else }}https://nutanix.github.io/helm-releases/{{ end }}
+    RepositoryURL: {{ if .Values.selfHostedRegistry }}oci://mindthegap.{{ .Release.Namespace }}.svc/charts{{ else }}https://nutanix.github.io/helm-releases/{{ end }}
   tigera-operator: |
     ChartName: tigera-operator
     ChartVersion: v3.28.0
-    RepositoryURL: {{ if .Values.selfHostedRegistry }}{{ .Values.selfHostedRegistryURI }}{{ else }}https://docs.tigera.io/calico/charts{{ end }}
+    RepositoryURL: {{ if .Values.selfHostedRegistry }}oci://mindthegap.{{ .Release.Namespace }}.svc/charts{{ else }}https://docs.tigera.io/calico/charts{{ end }}
 kind: ConfigMap
 metadata:
   creationTimestamp: null

charts/cluster-api-runtime-extensions-nutanix/templates/helm-config.yaml

@@ -84,8 +84,7 @@ hooks:
 
 helmAddonsConfigMap: default-helm-addons-config
 
-selfHostedRegistry: false
-selfHostedRegistryURI: oci://mindthegap.{{ .Release.Namespace }}.svc/charts
+selfHostedRegistry: true
 
 
 deployDefaultClusterClasses: true

charts/cluster-api-runtime-extensions-nutanix/values.yaml

@@ -10,7 +10,7 @@ repositories:
     repoURL: https://helm.cilium.io/
     charts:
       cilium:
-      - 1.15.0
+      - 1.15.5
   cluster-autoscaler:
     repoURL: https://kubernetes.github.io/autoscaler
     charts:
@@ -45,4 +45,4 @@ repositories:
     repoURL: https://docs.tigera.io/calico/charts
     charts:
       tigera-operator:
-      - v3.26.4
+      - v3.28.0

hack/addons/mindthegap-helm-registry/repos.yaml

@@ -65,4 +65,4 @@ generate-mindthegap-repofile: generate-helm-configmap ; $(info $(M) generating h
 
 .PHONY: template-mindthegap
 template-mindthegap: generate-mindthegap-repofile ## this is used by gorealeaser to set the helm value to this.
-	sed -i '/RepositoryURL:/s#\(RepositoryURL: *\)\(.*\)#\1{{ if .Values.selfHostedRegistry }}{{ .Values.selfHostedRegistryURI }}{{ else }}\2{{ end }}#'  "./charts/cluster-api-runtime-extensions-nutanix/templates/helm-config.yaml"
+	sed -i '/RepositoryURL:/s#\(RepositoryURL: *\)\(.*\)#\1{{ if .Values.selfHostedRegistry }}oci://mindthegap.{{ .Release.Namespace }}.svc/charts{{ else }}\2{{ end }}#'  "./charts/cluster-api-runtime-extensions-nutanix/templates/helm-config.yaml"

make/addons.mk

@@ -149,7 +149,7 @@ func (p *provider) Apply(
 			ValuesTemplate:   values,
 		},
 	}
-
+	lifecycleutils.SetTLSConfigForHelmChartProxyIfNeeded(hcp)
 	if err = controllerutil.SetOwnerReference(cluster, hcp, p.client.Scheme()); err != nil {
 		return fmt.Errorf(
 			"failed to set owner reference on nutanix-ccm installation HelmChartProxy: %w",

pkg/handlers/generic/lifecycle/ccm/nutanix/handler.go

@@ -103,6 +103,7 @@ func (s helmAddonStrategy) apply(
 		},
 	}
 
+	lifecycleutils.SetTLSConfigForHelmChartProxyIfNeeded(hcp)
 	if err = controllerutil.SetOwnerReference(&req.Cluster, hcp, s.client.Scheme()); err != nil {
 		return fmt.Errorf(
 			"failed to set owner reference on cluster-autoscaler installation HelmChartProxy: %w",

pkg/handlers/generic/lifecycle/clusterautoscaler/strategy_helmaddon.go

@@ -102,7 +102,7 @@ func (s helmAddonStrategy) apply(
 			ValuesTemplate:   values,
 		},
 	}
-
+	lifecycleutils.SetTLSConfigForHelmChartProxyIfNeeded(hcp)
 	if err := controllerutil.SetOwnerReference(&req.Cluster, hcp, s.client.Scheme()); err != nil {
 		return fmt.Errorf(
 			"failed to set owner reference on Calico CNI installation HelmChartProxy: %w",

pkg/handlers/generic/lifecycle/cni/calico/strategy_helmaddon.go

@@ -87,6 +87,7 @@ func (s helmAddonStrategy) apply(
 		},
 	}
 
+	lifecycleutils.SetTLSConfigForHelmChartProxyIfNeeded(hcp)
 	if err := controllerutil.SetOwnerReference(&req.Cluster, hcp, s.client.Scheme()); err != nil {
 		return fmt.Errorf(
 			"failed to set owner reference on Cilium CNI installation HelmChartProxy: %w",

pkg/handlers/generic/lifecycle/cni/cilium/strategy_helmaddon.go

@@ -183,6 +183,7 @@ func (n *NutanixCSI) handleHelmAddonApply(
 		},
 	}
 
+	lifecycleutils.SetTLSConfigForHelmChartProxyIfNeeded(storageChartProxy)
 	snapshotChartProxy := &caaphv1.HelmChartProxy{
 		TypeMeta: metav1.TypeMeta{
 			APIVersion: caaphv1.GroupVersion.String(),
@@ -203,7 +204,7 @@ func (n *NutanixCSI) handleHelmAddonApply(
 			Version:          snapshotChart.Version,
 		},
 	}
-
+	lifecycleutils.SetTLSConfigForHelmChartProxyIfNeeded(snapshotChartProxy)
 	// We use a slice of pointers to satisfy the gocritic linter rangeValCopy check.
 	for _, cp := range []*caaphv1.HelmChartProxy{storageChartProxy, snapshotChartProxy} {
 		if err = controllerutil.SetOwnerReference(&req.Cluster, cp, n.client.Scheme()); err != nil {

pkg/handlers/generic/lifecycle/csi/nutanix-csi/handler.go

@@ -93,6 +93,7 @@ image:
 		},
 	}
 
+	lifecycleutils.SetTLSConfigForHelmChartProxyIfNeeded(hcp)
 	if err := controllerutil.SetOwnerReference(&req.Cluster, hcp, s.client.Scheme()); err != nil {
 		return fmt.Errorf(
 			"failed to set owner reference on NFD installation HelmChartProxy: %w",

pkg/handlers/generic/lifecycle/nfd/strategy_helmaddon.go

@@ -140,6 +140,7 @@ func (n *MetalLB) Apply(
 		},
 	}
 
+	lifecycleutils.SetTLSConfigForHelmChartProxyIfNeeded(hcp)
 	if err = controllerutil.SetOwnerReference(cluster, hcp, n.client.Scheme()); err != nil {
 		return fmt.Errorf(
 			"failed to set owner reference on MetalLB installation HelmChartProxy: %w",

pkg/handlers/generic/lifecycle/serviceloadbalancer/metallb/handler.go

@@ -6,6 +6,7 @@ package utils
 import (
 	"context"
 	"fmt"
+	"strings"
 
 	corev1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
@@ -17,6 +18,7 @@ import (
 	ctrlclient "sigs.k8s.io/controller-runtime/pkg/client"
 	"sigs.k8s.io/controller-runtime/pkg/controller/controllerutil"
 
+	caaphv1 "github.com/nutanix-cloud-native/cluster-api-runtime-extensions-nutanix/api/external/sigs.k8s.io/cluster-api-addon-provider-helm/api/v1alpha1"
 	"github.com/nutanix-cloud-native/cluster-api-runtime-extensions-nutanix/common/pkg/k8s/client"
 )
 
@@ -219,3 +221,13 @@ func CreateConfigMapForCRS(configMapName, configMapNamespace string,
 	cm.Data[defaultCRSConfigMapKey] = string(utilyaml.JoinYaml(l...))
 	return cm, nil
 }
+
+func SetTLSConfigForHelmChartProxyIfNeeded(hcp *caaphv1.HelmChartProxy) {
+	if strings.Contains(hcp.Spec.RepoURL, "mindthegap") {
+		hcp.Spec.TLSConfig = &caaphv1.TLSConfig{
+			CASecretRef: &corev1.SecretReference{
+				Name: "mindthegap-tls",
+			},
+		}
+	}
+}