feat: adds a mindthegap container and deployment

.github/workflows/checks.yml

@@ -222,7 +222,8 @@ jobs:
           devbox run -- \
             kind load docker-image \
               --name chart-testing \
-              "ko.local/cluster-api-runtime-extensions-nutanix:$(devbox run -- gojq -r .version dist/metadata.json)"
+              "ko.local/cluster-api-runtime-extensions-nutanix:$(devbox run -- gojq -r .version dist/metadata.json)" \
+              "ghcr.io/nutanix-cloud-native/caren-helm-reg:$(devbox run -- gojq -r .version dist/metadata.json)"
 
       - if: steps.list-changed.outputs.changed == 'true'
         name: Setup Cluster API and cert-manager
@@ -238,7 +239,7 @@ jobs:
           devbox run -- \
             ct install \
               --config charts/ct-config.yaml \
-              --helm-extra-set-args "--set-string image.repository=ko.local/cluster-api-runtime-extensions-nutanix --set-string image.tag=$(devbox run -- gojq -r .version dist/metadata.json)"
+              --helm-extra-set-args "--set-string image.repository=ko.local/cluster-api-runtime-extensions-nutanix --set-string image.tag=$(devbox run -- gojq -r .version dist/metadata.json) --set-string helmRepositoryImage.tag=$(devbox run -- gojq -r .version dist/metadata.json)"
         env:
           KUBECONFIG: ct-kind-kubeconfig
 

.goreleaser.yml

@@ -42,6 +42,7 @@ before:
       $(helm template {{ .ProjectName }} ./charts/{{ .ProjectName }} \
         --namespace caren-system \
         --set-string image.tag=v{{ trimprefix .Version "v" }} \
+        --set-string helmRepositoryImage.tag=v{{ trimprefix .Version "v" }} \
         {{ if .IsSnapshot }}--set-string image.repository=ko.local/{{ .ProjectName }}{{ end }} \
       )
       EOF'
@@ -50,6 +51,8 @@ before:
       sh -ec 'gojq --yaml-input --yaml-output \
         ".releaseSeries |= (. + [{contract: \"v1beta1\", major: {{ .Major }}, minor: {{ .Minor }}}] | unique)" \
         metadata.yaml >release-metadata.yaml'
+    - make template-helm-repository
+
 
 builds:
   - id: cluster-api-runtime-extensions-nutanix
@@ -92,6 +95,15 @@ archives:
     builds:
       - cluster-api-runtime-extensions-nutanix
 
+dockers:
+  - id: helm-registry-container
+    use: buildx
+    dockerfile: ./hack/addons/mindthegap-helm-registry/Dockerfile
+    extra_files:
+      - hack/addons/mindthegap-helm-registry/repos.yaml
+    image_templates:
+      -  'ghcr.io/nutanix-cloud-native/caren-helm-reg:{{ .Version }}'
+
 kos:
   - id: cluster-api-runtime-extensions-nutanix
     build: cluster-api-runtime-extensions-nutanix

.pre-commit-config.yaml

@@ -34,11 +34,11 @@ repos:
     language: system
     files: "^(hack/addons/|charts/cluster-api-runtime-extensions-nutanix/templates/.+/manifests/|make/addons.mk$)"
     pass_filenames: false
-  - id: addons-configmap
-    name: addons-configmap
-    entry: make generate-helm-configmap
+  - id: addons-repo-yaml
+    name: addons-repo-yaml
+    entry: make template-helm-repository
     language: system
-    files: "^(hack/addons/|charts/cluster-api-runtime-extensions-nutanix/templates/.+|make/addons.mk$)"
+    files: "hack/addons/mindthegap-helm-registry/repos.yaml"
     pass_filenames: false
   - id: check-devbox-lock
     name: check-devbox-lock

charts/cluster-api-runtime-extensions-nutanix/README.md

@@ -32,6 +32,9 @@ A Helm chart for cluster-api-runtime-extensions-nutanix
 | deployment.replicas | int | `1` |  |
 | env | object | `{}` |  |
 | helmAddonsConfigMap | string | `"default-helm-addons-config"` |  |
+| helmRepositoryImage.pullPolicy | string | `"IfNotPresent"` |  |
+| helmRepositoryImage.repository | string | `"ghcr.io/nutanix-cloud-native/caren-helm-reg"` |  |
+| helmRepositoryImage.tag | string | `""` |  |
 | hooks.ccm.nutanix.helmAddonStrategy.defaultValueTemplateConfigMap.create | bool | `true` |  |
 | hooks.ccm.nutanix.helmAddonStrategy.defaultValueTemplateConfigMap.name | string | `"default-nutanix-ccm-helm-values-template"` |  |
 | hooks.clusterAutoscaler.crsStrategy.defaultInstallationConfigMap.name | string | `"cluster-autoscaler"` |  |
@@ -77,6 +80,7 @@ A Helm chart for cluster-api-runtime-extensions-nutanix
 | resources.requests.cpu | string | `"100m"` |  |
 | resources.requests.memory | string | `"128Mi"` |  |
 | securityContext.runAsUser | int | `65532` |  |
+| selfHostedRegistry | bool | `true` |  |
 | service.annotations | object | `{}` |  |
 | service.port | int | `443` |  |
 | service.type | string | `"ClusterIP"` |  |

charts/cluster-api-runtime-extensions-nutanix/templates/helm-config.yaml

@@ -10,39 +10,39 @@ data:
   cilium: |
     ChartName: cilium
     ChartVersion: 1.15.5
-    RepositoryURL: https://helm.cilium.io/
+    RepositoryURL: {{ if .Values.selfHostedRegistry }}oci://helm-repository.{{ .Release.Namespace }}.svc/charts{{ else }}https://helm.cilium.io/{{ end }}
   cluster-autoscaler: |
     ChartName: cluster-autoscaler
     ChartVersion: 9.37.0
-    RepositoryURL: https://kubernetes.github.io/autoscaler
+    RepositoryURL: {{ if .Values.selfHostedRegistry }}oci://helm-repository.{{ .Release.Namespace }}.svc/charts{{ else }}https://kubernetes.github.io/autoscaler{{ end }}
   local-path-provisioner-csi: |
     ChartName: local-path-provisioner
-    ChartVersion: v0.0.29
-    RepositoryURL: https://charts.containeroo.ch
+    ChartVersion: 0.0.29
+    RepositoryURL: {{ if .Values.selfHostedRegistry }}oci://helm-repository.{{ .Release.Namespace }}.svc/charts{{ else }}https://charts.containeroo.ch{{ end }}
   metallb: |
     ChartName: metallb
-    ChartVersion: v0.14.5
-    RepositoryURL: https://metallb.github.io/metallb
+    ChartVersion: 0.14.5
+    RepositoryURL: {{ if .Values.selfHostedRegistry }}oci://helm-repository.{{ .Release.Namespace }}.svc/charts{{ else }}https://metallb.github.io/metallb{{ end }}
   nfd: |
     ChartName: node-feature-discovery
     ChartVersion: 0.15.2
-    RepositoryURL: https://kubernetes-sigs.github.io/node-feature-discovery/charts
+    RepositoryURL: {{ if .Values.selfHostedRegistry }}oci://helm-repository.{{ .Release.Namespace }}.svc/charts{{ else }}https://kubernetes-sigs.github.io/node-feature-discovery/charts{{ end }}
   nutanix-ccm: |
     ChartName: nutanix-cloud-provider
     ChartVersion: 0.3.3
-    RepositoryURL: https://nutanix.github.io/helm/
+    RepositoryURL: {{ if .Values.selfHostedRegistry }}oci://helm-repository.{{ .Release.Namespace }}.svc/charts{{ else }}https://nutanix.github.io/helm/{{ end }}
   nutanix-snapshot-csi: |
     ChartName: nutanix-csi-snapshot
-    ChartVersion: v6.3.2
-    RepositoryURL: https://nutanix.github.io/helm/
+    ChartVersion: 6.3.2
+    RepositoryURL: {{ if .Values.selfHostedRegistry }}oci://helm-repository.{{ .Release.Namespace }}.svc/charts{{ else }}https://nutanix.github.io/helm/{{ end }}
   nutanix-storage-csi: |
     ChartName: nutanix-csi-storage
-    ChartVersion: v3.0.0-beta.1912
-    RepositoryURL: https://nutanix.github.io/helm-releases/
+    ChartVersion: 3.0.0-beta.1912
+    RepositoryURL: {{ if .Values.selfHostedRegistry }}oci://helm-repository.{{ .Release.Namespace }}.svc/charts{{ else }}https://nutanix.github.io/helm-releases/{{ end }}
   tigera-operator: |
     ChartName: tigera-operator
     ChartVersion: v3.28.0
-    RepositoryURL: https://docs.tigera.io/calico/charts
+    RepositoryURL: {{ if .Values.selfHostedRegistry }}oci://helm-repository.{{ .Release.Namespace }}.svc/charts{{ else }}https://docs.tigera.io/calico/charts{{ end }}
 kind: ConfigMap
 metadata:
   creationTimestamp: null

charts/cluster-api-runtime-extensions-nutanix/templates/helm-repository.yaml

@@ -0,0 +1,78 @@
+# Copyright 2024 Nutanix. All rights reserved.
+# SPDX-License-Identifier: Apache-2.0
+# This file contains the manifests to run a helmRepository deployment which contains helm charts for our addons.
+# The pod is built via goreleaser with configuration from hack/addons.
+#
+{{ if .Values.selfHostedRegistry }}
+apiVersion: cert-manager.io/v1
+kind: Issuer
+metadata:
+  name: helm-repository-selfsigned
+  namespace: {{ .Release.Namespace }}
+spec:
+  selfSigned: {}
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: helm-repository-tls
+  namespace: {{ .Release.Namespace }}
+spec:
+  dnsNames:
+  - helm-repository.{{ .Release.Namespace }}.svc
+  - helm-repository.{{ .Release.Namespace }}.svc.cluster.local
+  issuerRef:
+    name: helm-repository-selfsigned
+    kind: Issuer
+  secretName: helm-repository-tls
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: helm-repository
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app: helm-repository
+spec:
+  replicas: 1
+  strategy:
+    type: Recreate
+  selector:
+    matchLabels:
+      app: helm-repository   # deployment will track pods it generates because of this
+  template:
+    metadata:
+      labels:
+        app: helm-repository  # pods have this label, and Service and Deployment depend on it
+    spec:
+      containers:
+      - name: helm-repository
+        ports:
+          - name: serve
+            protocol: TCP
+            containerPort: 5000
+        image: "{{ .Values.helmRepositoryImage.repository }}:{{ .Values.helmRepositoryImage.tag | default $.Chart.AppVersion }}"
+        imagePullPolicy: "{{ .Values.image.pullPolicy }}"
+        volumeMounts:
+        - name: certs-vol
+          mountPath: "/certs"
+          readOnly: true
+        env:
+      volumes:
+      - name: certs-vol
+        secret:
+          secretName: helm-repository-tls
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: helm-repository
+  namespace: {{ .Release.Namespace }}
+spec:
+  selector:
+    app: helm-repository
+  ports:
+  - port: 443
+    targetPort: 5000
+  type: ClusterIP
+{{ end }}

charts/cluster-api-runtime-extensions-nutanix/values.yaml

@@ -84,6 +84,9 @@ hooks:
 
 helmAddonsConfigMap: default-helm-addons-config
 
+selfHostedRegistry: true
+
+
 deployDefaultClusterClasses: true
 
 deployment:
@@ -94,6 +97,11 @@ image:
   tag: ""
   pullPolicy: IfNotPresent
 
+helmRepositoryImage:
+  repository: ghcr.io/nutanix-cloud-native/caren-helm-reg
+  tag: ""
+  pullPolicy: IfNotPresent
+
 # -- Optional secrets used for pulling the container image
 imagePullSecrets: []
 # - name: Secret with Registry credentials