feat: chart testing and docs improvements

.github/configs/ct.yaml

@@ -0,0 +1,10 @@
+remote: origin
+target-branch: master
+chart-dirs:
+  - charts
+helm-extra-args: "--timeout 600s"  
+validate-chart-schema: false
+validate-maintainers: false
+validate-yaml: true
+exclude-deprecated: true
+check-version-increment: false

.github/configs/lintconf.yaml

@@ -0,0 +1,43 @@
+
+---
+rules:
+  braces:
+    min-spaces-inside: 0
+    max-spaces-inside: 0
+    min-spaces-inside-empty: -1
+    max-spaces-inside-empty: -1
+  brackets:
+    min-spaces-inside: 0
+    max-spaces-inside: 0
+    min-spaces-inside-empty: -1
+    max-spaces-inside-empty: -1
+  colons:
+    max-spaces-before: 0
+    max-spaces-after: 1
+  commas:
+    max-spaces-before: 0
+    min-spaces-after: 1
+    max-spaces-after: 1
+  comments:
+    require-starting-space: true
+    min-spaces-from-content: 1
+  document-end: disable
+  document-start: disable # No --- to start a file
+  empty-lines:
+    max: 2
+    max-start: 0
+    max-end: 0
+  hyphens:
+    max-spaces-after: 1
+  indentation:
+    spaces: consistent
+    indent-sequences: whatever # - list indentation will handle both indentation and without
+    check-multi-line-strings: false
+  key-duplicates: enable
+  line-length: disable # Lines can be any length
+  new-line-at-end-of-file: enable
+  new-lines:
+    type: unix
+  trailing-spaces: enable
+  truthy:
+    level: warning

.github/workflows/helm.yml

@@ -12,11 +12,42 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v2
+        with:
+          fetch-depth: 0
       - uses: azure/setup-helm@v1
         with:
           version: 3.3.4
       - name: Linting Chart
         run: helm lint ./charts/capsule
+      - name: Setup Chart Linting
+        id: lint
+        uses: helm/chart-testing-action@v2.3.0
+      - name: Run chart-testing (list-changed)
+        id: list-changed
+        run: |
+          changed=$(ct list-changed --config ./.github/configs/ct.yaml)
+          if [[ -n "$changed" ]]; then
+            echo "::set-output name=changed::true"
+          fi
+      - name: Run chart-testing (lint)
+        run: ct lint --debug --config ./.github/configs/ct.yaml --lint-conf ./.github/configs/lintconf.yaml
+      # Create KIND Cluster
+      - name: Create kind cluster
+        uses: helm/kind-action@v1.2.0
+        if: steps.list-changed.outputs.changed == 'true'
+      # Install Required Operators/CRDs
+      - name: Prepare Cluster Operators/CRDs
+        run: |
+          # Cert-Manager CRDs
+          kubectl create -f https://github.com/cert-manager/cert-manager/releases/download/v1.9.1/cert-manager.crds.yaml
+          
+          # Prometheus CRDs
+          kubectl create -f https://github.com/prometheus-operator/prometheus-operator/releases/download/v0.58.0/bundle.yaml
+        if: steps.list-changed.outputs.changed == 'true'
+      # Install Charts
+      - name: Run chart-testing (install)
+        run: ct install --debug --config ./.github/configs/ct.yaml
+        if: steps.list-changed.outputs.changed == 'true'
   release:
     if: startsWith(github.ref, 'refs/tags/helm-v')
     runs-on: ubuntu-latest

Makefile

@@ -81,6 +81,22 @@ generate: controller-gen
 apidoc: apidocs-gen
 	$(APIDOCS_GEN) crdoc --resources config/crd/bases --output docs/content/general/tenant-crd.md --template docs/template/reference-cr.tmpl
 
+# Helm
+SRC_ROOT = $(shell git rev-parse --show-toplevel)
+
+helm-docs: HELMDOCS_VERSION := v1.11.0
+helm-docs: docker
+	@docker run -v "$(SRC_ROOT):/helm-docs" jnorwood/helm-docs:$(HELMDOCS_VERSION) --chart-search-root /helm-docs
+
+helm-lint: docker
+	@docker run -v "$(SRC_ROOT):/workdir" --entrypoint /bin/sh quay.io/helmpack/chart-testing:v3.3.1 -c cd /workdir && ct lint --config .github/configs/ct.yaml --lint-conf .github/configs/lintconf.yaml --all --debug
+
+docker:
+	@hash docker 2>/dev/null || {\
+		echo "You need docker" &&\
+		exit 1;\
+	}
+
 # Setup development env
 # Usage: 
 # 	LAPTOP_HOST_IP=<YOUR_LAPTOP_IP> make dev-setup

README.md

@@ -72,12 +72,20 @@ Capsule is Open Source with Apache 2 license and any contribution is welcome.
 
 ## Chart Development
 
-The documentation for each chart is done with [helm-docs](https://github.com/norwoodj/helm-docs). This way we can ensure that values are consistent with the chart documentation.
+### Chart Linting
 
-We have a script on the repository which will execute the helm-docs docker container, so that you don't have to worry about downloading the binary etc. Simply execute the script (Bash compatible):
+The chart is linted with [ct](https://github.com/helm/chart-testing). You can run the linter locally with this command:
 
 ```
-bash scripts/helm-docs.sh
+make helm-lint
+```
+
+### Chart Documentation
+
+The documentation for each chart is done with [helm-docs](https://github.com/norwoodj/helm-docs). This way we can ensure that values are consistent with the chart documentation. Run this anytime you make changes to a `values.yaml` file:
+
+```
+make helm-docs
 ```
 
 ## Community

charts/capsule/Makefile

@@ -1,9 +0,0 @@
-docs: HELMDOCS_VERSION := v1.8.1
-docs: docker
-	@docker run --rm -v "$$(pwd):/helm-docs" -u $$(id -u) jnorwood/helm-docs:$(HELMDOCS_VERSION)
-
-docker:
-	@hash docker 2>/dev/null || {\
-		echo "You need docker" &&\
-		exit 1;\
-	}

charts/capsule/README.md

@@ -64,8 +64,8 @@ Here the values you can override:
 |-----|------|---------|-------------|
 | affinity | object | `{}` | Set affinity rules for the Capsule pod |
 | certManager.generateCertificates | bool | `false` | Specifies whether capsule webhooks certificates should be generated using cert-manager |
-| customAnnotations | object | `{}` | Additional annotations which will be added to all resources created by Capsule helm chart  |
-| customLabels | object | `{}` | Additional labels which will be added to all resources created by Capsule helm chart  |
+| customAnnotations | object | `{}` | Additional annotations which will be added to all resources created by Capsule helm chart |
+| customLabels | object | `{}` | Additional labels which will be added to all resources created by Capsule helm chart |
 | jobs.image.pullPolicy | string | `"IfNotPresent"` | Set the image pull policy of the helm chart job |
 | jobs.image.repository | string | `"quay.io/clastix/kubectl"` | Set the image repository of the helm chart job |
 | jobs.image.tag | string | `""` | Set the image tag of the helm chart job |
@@ -88,18 +88,18 @@ Here the values you can override:
 
 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
-| manager.hostNetwork | bool | `false` | Specifies if the container should be started in hostNetwork mode. Required for use in some managed kubernetes clusters (such as AWS EKS) with custom CNI (such as calico), because control-plane managed by AWS cannot communicate with pods' IP CIDR and admission webhooks are not working |
+| manager.hostNetwork | bool | `false` | Specifies if the container should be started in hostNetwork mode.  Required for use in some managed kubernetes clusters (such as AWS EKS) with custom CNI (such as calico), because control-plane managed by AWS cannot communicate with pods' IP CIDR and admission webhooks are not working |
 | manager.image.pullPolicy | string | `"IfNotPresent"` | Set the image pull policy. |
 | manager.image.repository | string | `"clastix/capsule"` | Set the image repository of the capsule. |
 | manager.image.tag | string | `""` | Overrides the image tag whose default is the chart appVersion. |
-| manager.imagePullSecrets | list | `[]` | Configuration for `imagePullSecrets` so that you can use a private images registry.   |
-| manager.kind | string | `"Deployment"` | Set the controller deployment mode as `Deployment` or `DaemonSet`.  |
-| manager.livenessProbe | object | `{"httpGet":{"path":"/healthz","port":10080}}` | Configure the liveness probe using Deployment probe spec    |
-| manager.options.capsuleUserGroups | list | `["capsule.clastix.io"]` | Override the Capsule user groups   |
+| manager.imagePullSecrets | list | `[]` | Configuration for `imagePullSecrets` so that you can use a private images registry. |
+| manager.kind | string | `"Deployment"` | Set the controller deployment mode as `Deployment` or `DaemonSet`. |
+| manager.livenessProbe | object | `{"httpGet":{"path":"/healthz","port":10080}}` | Configure the liveness probe using Deployment probe spec |
+| manager.options.capsuleUserGroups | list | `["capsule.clastix.io"]` | Override the Capsule user groups |
 | manager.options.forceTenantPrefix | bool | `false` | Boolean, enforces the Tenant owner, during Namespace creation, to name it using the selected Tenant name as prefix, separated by a dash |
 | manager.options.generateCertificates | bool | `true` | Specifies whether capsule webhooks certificates should be generated by capsule operator |
 | manager.options.logLevel | string | `"4"` | Set the log verbosity of the capsule with a value from 1 to 10 |
-| manager.options.protectedNamespaceRegex | string | `""` | If specified, disallows creation of namespaces matching the passed regexp    |
+| manager.options.protectedNamespaceRegex | string | `""` | If specified, disallows creation of namespaces matching the passed regexp |
 | manager.readinessProbe | object | `{"httpGet":{"path":"/readyz","port":10080}}` | Configure the readiness probe using Deployment probe spec |
 | manager.resources.limits.cpu | string | `"200m"` |  |
 | manager.resources.limits.memory | string | `"128Mi"` |  |

charts/capsule/values.yaml

@@ -14,7 +14,7 @@ tls:
 # Manager Options
 manager:
 
-  # -- Set the controller deployment mode as `Deployment` or `DaemonSet`. 
+  # -- Set the controller deployment mode as `Deployment` or `DaemonSet`.
   kind: Deployment
 
   image:
@@ -25,7 +25,7 @@ manager:
     # -- Overrides the image tag whose default is the chart appVersion.
     tag: ''
 
-  # -- Configuration for `imagePullSecrets` so that you can use a private images registry.  
+  # -- Configuration for `imagePullSecrets` so that you can use a private images registry.
   imagePullSecrets: []
 
   # -- Specifies if the container should be started in hostNetwork mode.
@@ -41,19 +41,19 @@ manager:
     logLevel: '4'
     # -- Boolean, enforces the Tenant owner, during Namespace creation, to name it using the selected Tenant name as prefix, separated by a dash
     forceTenantPrefix: false
-    # -- Override the Capsule user groups  
+    # -- Override the Capsule user groups
     capsuleUserGroups: ["capsule.clastix.io"]
-    # -- If specified, disallows creation of namespaces matching the passed regexp   
+    # -- If specified, disallows creation of namespaces matching the passed regexp
     protectedNamespaceRegex: ""
     # -- Specifies whether capsule webhooks certificates should be generated by capsule operator
     generateCertificates: true
 
-  # -- Configure the liveness probe using Deployment probe spec   
+  # -- Configure the liveness probe using Deployment probe spec
   livenessProbe:
     httpGet:
       path: /healthz
       port: 10080
-  
+
   # -- Configure the readiness probe using Deployment probe spec
   readinessProbe:
     httpGet:
@@ -75,7 +75,7 @@ podAnnotations: {}
 #    scheduler.alpha.kubernetes.io/critical-pod: ''
 
 # -- Set the priority class name of the Capsule pod
-priorityClassName: '' #system-cluster-critical
+priorityClassName: '' # system-cluster-critical
 
 # -- Set the node selector for the Capsule pod
 nodeSelector: {}
@@ -83,10 +83,10 @@ nodeSelector: {}
 
 # -- Set list of tolerations for the Capsule pod
 tolerations: []
-#- key: CriticalAddonsOnly
-#  operator: Exists
-#- effect: NoSchedule
-#  key: node-role.kubernetes.io/master
+# - key: CriticalAddonsOnly
+#   operator: Exists
+# - effect: NoSchedule
+#   key: node-role.kubernetes.io/master
 
 # -- Set the replica count for capsule pod
 replicaCount: 1
@@ -120,10 +120,10 @@ certManager:
   # -- Specifies whether capsule webhooks certificates should be generated using cert-manager
   generateCertificates: false
 
-# -- Additional labels which will be added to all resources created by Capsule helm chart 
+# -- Additional labels which will be added to all resources created by Capsule helm chart
 customLabels: {}
 
-# -- Additional annotations which will be added to all resources created by Capsule helm chart 
+# -- Additional annotations which will be added to all resources created by Capsule helm chart
 customAnnotations: {}
 
 # Webhooks configurations

scripts/helm-docs.sh

@@ -1,11 +0,0 @@
-#!/bin/bash
-## Reference: https://github.com/norwoodj/helm-docs
-set -eux
-CHART_DIR="$(cd "$(dirname "$0")/.." && pwd)"
-echo "$CHART_DIR"
-
-echo "Running Helm-Docs"
-docker run \
-    -v "$CHART_DIR:/helm-docs" \
-    -u $(id -u) \
-    jnorwood/helm-docs:latest