Add Helm support for Nephe (#158)

We decided to put CRD in sub-charts for 2 reasons. We wanted to install CRDs before any config and secondly we wanted CRD to support templates which is required for webhooks. https://helm.sh/docs/chart_best_practices/custom_resource_definitions/#method-2-separate-charts We havent supported generation of manifests for helm automatically. Its a manual process to copy the yamls in the helm chart directory. Also CI is not updated to use helm chart way of installation. Signed-off-by: Rahul Jain <[email protected]>
antrea-io · Mar 20, 2023 · d47da7b · d47da7b
1 parent 64862a0
commit d47da7b
Show file tree

Hide file tree

Showing 34 changed files with 1,278 additions and 3 deletions.
diff --git a/.github/workflows/go.yml b/.github/workflows/go.yml
@@ -112,3 +112,12 @@ jobs:
       run: |
         sudo npm install -g [email protected]
         make markdownlint
+    - name: Checking whether autogenerated Helm chart documentation is up-to-date
+      working-directory: build/charts/
+      run: |
+        make helm-docs
+        DIFF=$(git diff .)
+        if [ -n "$DIFF" ]; then
+          echo "The Helm chart documentation is out-of-date; please run 'make helm-docs' in 'build/charts/' and commit the changes"
+          exit 1
+        fi
diff --git a/.github/workflows/process_release.yml b/.github/workflows/process_release.yml
@@ -26,3 +26,23 @@ jobs:
         GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
       with:
         asset_paths: '["./assets/*"]'
+
+  update-website:
+    name: Trigger website update for release
+    needs: upload-release-assets
+    runs-on: ubuntu-latest
+    steps:
+    - id: get-version
+      env:
+        TAG: ${{ github.ref }}
+      run: |
+        version=${TAG:10}
+        echo "version=$version" >> $GITHUB_OUTPUT
+    - name: Update Helm index with Nephe archive
+      uses: benc-uk/workflow-dispatch@v1
+      with:
+        repo: antrea-io/website
+        ref: refs/heads/main
+        workflow: Update Helm index
+        token: ${{ secrets.ANTREA_WEBSITE_WORKFLOW_DISPATCH_PAT }}
+        inputs: ${{ format('{{ "archive-url":"https://github.com/antrea-io/nephe/releases/download/{0}/nephe-chart.tgz" }}', steps.get-version.outputs.version) }}
diff --git a/build/charts/Makefile b/build/charts/Makefile
@@ -0,0 +1,12 @@
+USERID  := $(shell id -u)
+GRPID   := $(shell id -g)
+
+VERSION := $(shell head -n 1 ../../VERSION | cut -c 2-)
+
+.PHONY: helm-docs
+helm-docs:
+	docker run --rm --volume "$(CURDIR):/helm-docs" --user=$(USERID):$(GRPID) jnorwood/helm-docs:v1.7.0
+	sed -i.bak "s/0\.0\.0/$(VERSION)/g" nephe/README.md # replace version placeholder
+	sed -i.bak "s/-dev-informational/--dev-informational/g" nephe/README.md # fix img.shields.io badge URLs
+	sed -i.bak "s/0\.0\.0/$(VERSION)/g" nephe/charts/crds/README.md # replace version placeholder
+	sed -i.bak "s/-dev-informational/--dev-informational/g"  nephe/charts/crds/README.md # fix img.shields.io badge URLs
diff --git a/build/charts/nephe/.helmignore b/build/charts/nephe/.helmignore
@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
diff --git a/build/charts/nephe/Chart.lock b/build/charts/nephe/Chart.lock
@@ -0,0 +1,6 @@
+dependencies:
+- name: crds
+  repository: ""
+  version: 0.0.0
+digest: sha256:16cbbceffe2a6946ae7cbb20b5a8313267bc77f4669caba20fffb3ff64a773a6
+generated: "2023-03-13T23:32:57.459036359-07:00"
diff --git a/build/charts/nephe/Chart.yaml b/build/charts/nephe/Chart.yaml
@@ -0,0 +1,29 @@
+apiVersion: v2
+name: nephe
+type: application
+displayName: Nephe
+home: https://antrea.io/
+version: 0.0.0
+appVersion: latest
+kubeVersion: ">= 1.16.0-0"
+icon: https://raw.githubusercontent.com/antrea-io/antrea/main/docs/assets/logo/antrea_logo.svg
+description: Antrea managed security policies in the public cloud
+dependencies:
+- name: crds
+  condition: crds.enabled
+  version: 0.0.0
+keywords:
+  - Kubernetes
+  - CNCF
+  - Networking
+  - Antrea
+  - Security
+  - Public Cloud
+  - AWS
+  - Azure
+sources:
+  - https://github.com/antrea-io/nephe
+annotations:
+  artifacthub.io/license: Apache-2.0
+  artifacthub.io/operator: "false"
+  artifacthub.io/prerelease: "false"
diff --git a/build/charts/nephe/README.md b/build/charts/nephe/README.md
@@ -0,0 +1,31 @@
+# nephe
+
+![Version: 0.4.0-dev](https://img.shields.io/badge/Version-0.4.0--dev-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: latest](https://img.shields.io/badge/AppVersion-latest-informational?style=flat-square)
+
+Antrea managed security policies in the public cloud
+
+**Homepage:** <https://antrea.io/>
+
+## Source Code
+
+* <https://github.com/antrea-io/nephe>
+
+## Requirements
+
+Kubernetes: `>= 1.16.0-0`
+
+| Repository | Name | Version |
+|------------|------|---------|
+|  | crds | 0.4.0-dev |
+
+## Values
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| cloudResourcePrefix | string | `"nephe"` | Specifies the prefix to be used while creating cloud resources. |
+| cloudSyncInterval | int | `300` | Specifies the interval (in seconds) to be used for syncing cloud resources with controller. |
+| crds | object | `{"enabled":true}` | Enable/Disable Nephe CRDs dependent chart. |
+| image | object | `{"pullPolicy":"IfNotPresent","repository":"projects.registry.vmware.com/antrea/nephe","tag":""}` | Container image to use for Nephe Controller. |
+
+----------------------------------------------
+Autogenerated from chart metadata using [helm-docs v1.7.0](https://github.com/norwoodj/helm-docs/releases/v1.7.0)
diff --git a/build/charts/nephe/charts/crds/.helmignore b/build/charts/nephe/charts/crds/.helmignore
@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
diff --git a/build/charts/nephe/charts/crds/Chart.yaml b/build/charts/nephe/charts/crds/Chart.yaml
@@ -0,0 +1,16 @@
+apiVersion: v2
+name: crds
+type: application
+displayName: Nephe CRDs
+home: https://antrea.io/
+version: 0.0.0
+appVersion: latest
+kubeVersion: ">= 1.16.0-0"
+icon: https://raw.githubusercontent.com/antrea-io/antrea/main/docs/assets/logo/antrea_logo.svg
+description: Nephe CRDs
+sources:
+  - https://github.com/antrea-io/nephe
+annotations:
+  artifacthub.io/license: Apache-2.0
+  artifacthub.io/operator: "false"
+  artifacthub.io/prerelease: "false"
diff --git a/build/charts/nephe/charts/crds/README.md b/build/charts/nephe/charts/crds/README.md
@@ -0,0 +1,18 @@
+# crds
+
+![Version: 0.4.0-dev](https://img.shields.io/badge/Version-0.4.0--dev-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: latest](https://img.shields.io/badge/AppVersion-latest-informational?style=flat-square)
+
+Nephe CRDs
+
+**Homepage:** <https://antrea.io/>
+
+## Source Code
+
+* <https://github.com/antrea-io/nephe>
+
+## Requirements
+
+Kubernetes: `>= 1.16.0-0`
+
+----------------------------------------------
+Autogenerated from chart metadata using [helm-docs v1.7.0](https://github.com/norwoodj/helm-docs/releases/v1.7.0)
diff --git a/build/charts/nephe/charts/crds/templates/cloudentityselector.yaml b/build/charts/nephe/charts/crds/templates/cloudentityselector.yaml
@@ -0,0 +1,119 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/serving-cert
+    controller-gen.kubebuilder.io/version: v0.8.0
+    helm.sh/resource-policy: keep
+  name: cloudentityselectors.crd.cloud.antrea.io
+spec:
+  conversion:
+    strategy: Webhook
+    webhook:
+      clientConfig:
+        caBundle: Cg==
+        service:
+          name: nephe-controller-webhook-service
+          namespace: {{ .Release.Namespace }}
+          path: /convert
+      conversionReviewVersions:
+      - v1
+      - v1beta1
+  group: crd.cloud.antrea.io
+  names:
+    kind: CloudEntitySelector
+    listKind: CloudEntitySelectorList
+    plural: cloudentityselectors
+    shortNames:
+    - ces
+    singular: cloudentityselector
+  preserveUnknownFields: false
+  scope: Namespaced
+  versions:
+  - name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        description: CloudEntitySelector is the Schema for the cloudentityselectors
+          API.
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: CloudEntitySelectorSpec defines the desired state of CloudEntitySelector.
+            properties:
+              accountName:
+                description: AccountName specifies cloud account in this CloudProvider.
+                type: string
+              vmSelector:
+                description: VMSelector selects the VirtualMachines the user has modify
+                  privilege. VMSelector is mandatory, at least one selector under
+                  VMSelector is required. It is an array, VirtualMachines satisfying
+                  any item on VMSelector are selected(ORed).
+                items:
+                  description: VirtualMachineSelector specifies VirtualMachine match
+                    criteria. VirtualMachines must satisfy all fields(ANDed) in a
+                    VirtualMachineSelector in order to satisfy match.
+                  properties:
+                    agented:
+                      description: Agented specifies if VM runs in agented mode, default
+                        is false.
+                      type: boolean
+                    vmMatch:
+                      description: VMMatch specifies VirtualMachines to match. It
+                        is an array, match satisfying any item on VMMatch is selected(ORed).
+                        If it is not specified, all VirtualMachines matching VpcMatch
+                        are selected.
+                      items:
+                        description: EntityMatch specifies match conditions to cloud
+                          entities. Cloud entities must satisfy all fields(ANDed)
+                          in EntityMatch to satisfy EntityMatch.
+                        properties:
+                          matchID:
+                            description: MatchID matches cloud entities' identifier.
+                              If not specified, it matches any cloud entities.
+                            type: string
+                          matchName:
+                            description: MatchName matches cloud entities' name. If
+                              not specified, it matches any cloud entities.
+                            type: string
+                        type: object
+                      type: array
+                    vpcMatch:
+                      description: VpcMatch specifies the virtual private cloud to
+                        which VirtualMachines belong. VpcMatch is ANDed with VMMatch.
+                        If it is not specified, VirtualMachines may belong to any
+                        virtual private cloud.
+                      properties:
+                        matchID:
+                          description: MatchID matches cloud entities' identifier.
+                            If not specified, it matches any cloud entities.
+                          type: string
+                        matchName:
+                          description: MatchName matches cloud entities' name. If
+                            not specified, it matches any cloud entities.
+                          type: string
+                      type: object
+                  type: object
+                type: array
+            required:
+            - vmSelector
+            type: object
+        type: object
+    served: true
+    storage: true
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []