diff --git a/.github/configs/ct.yaml b/.github/configs/ct.yaml new file mode 100644 index 00000000..baeed962 --- /dev/null +++ b/.github/configs/ct.yaml @@ -0,0 +1,10 @@ +remote: origin +target-branch: master +chart-dirs: + - charts +helm-extra-args: "--timeout 600s" +validate-chart-schema: false +validate-maintainers: false +validate-yaml: true +exclude-deprecated: true +check-version-increment: false \ No newline at end of file diff --git a/.github/configs/lintconf.yaml b/.github/configs/lintconf.yaml new file mode 100644 index 00000000..722451a3 --- /dev/null +++ b/.github/configs/lintconf.yaml @@ -0,0 +1,43 @@ + +--- +rules: + braces: + min-spaces-inside: 0 + max-spaces-inside: 0 + min-spaces-inside-empty: -1 + max-spaces-inside-empty: -1 + brackets: + min-spaces-inside: 0 + max-spaces-inside: 0 + min-spaces-inside-empty: -1 + max-spaces-inside-empty: -1 + colons: + max-spaces-before: 0 + max-spaces-after: 1 + commas: + max-spaces-before: 0 + min-spaces-after: 1 + max-spaces-after: 1 + comments: + require-starting-space: true + min-spaces-from-content: 1 + document-end: disable + document-start: disable # No --- to start a file + empty-lines: + max: 2 + max-start: 0 + max-end: 0 + hyphens: + max-spaces-after: 1 + indentation: + spaces: consistent + indent-sequences: whatever # - list indentation will handle both indentation and without + check-multi-line-strings: false + key-duplicates: enable + line-length: disable # Lines can be any length + new-line-at-end-of-file: enable + new-lines: + type: unix + trailing-spaces: enable + truthy: + level: warning \ No newline at end of file diff --git a/.github/workflows/helm.yml b/.github/workflows/helm.yml index e4def215..0a0a6101 100644 --- a/.github/workflows/helm.yml +++ b/.github/workflows/helm.yml @@ -12,11 +12,42 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v2 + with: + fetch-depth: 0 - uses: azure/setup-helm@v1 with: version: 3.3.4 - name: Linting Chart run: helm lint ./charts/capsule + - name: Setup Chart Linting + id: lint + uses: helm/chart-testing-action@v2.3.0 + - name: Run chart-testing (list-changed) + id: list-changed + run: | + changed=$(ct list-changed --config ./.github/configs/ct.yaml) + if [[ -n "$changed" ]]; then + echo "::set-output name=changed::true" + fi + - name: Run chart-testing (lint) + run: ct lint --debug --config ./.github/configs/ct.yaml --lint-conf ./.github/configs/lintconf.yaml + # Create KIND Cluster + - name: Create kind cluster + uses: helm/kind-action@v1.2.0 + if: steps.list-changed.outputs.changed == 'true' + # Install Required Operators/CRDs + - name: Prepare Cluster Operators/CRDs + run: | + # Cert-Manager CRDs + kubectl create -f https://github.com/cert-manager/cert-manager/releases/download/v1.9.1/cert-manager.crds.yaml + + # Prometheus CRDs + kubectl create -f https://github.com/prometheus-operator/prometheus-operator/releases/download/v0.58.0/bundle.yaml + if: steps.list-changed.outputs.changed == 'true' + # Install Charts + - name: Run chart-testing (install) + run: ct install --debug --config ./.github/configs/ct.yaml + if: steps.list-changed.outputs.changed == 'true' release: if: startsWith(github.ref, 'refs/tags/helm-v') runs-on: ubuntu-latest diff --git a/Makefile b/Makefile index 6a291919..fe7d8244 100644 --- a/Makefile +++ b/Makefile @@ -81,6 +81,22 @@ generate: controller-gen apidoc: apidocs-gen $(APIDOCS_GEN) crdoc --resources config/crd/bases --output docs/content/general/tenant-crd.md --template docs/template/reference-cr.tmpl +# Helm +SRC_ROOT = $(shell git rev-parse --show-toplevel) + +helm-docs: HELMDOCS_VERSION := v1.11.0 +helm-docs: docker + @docker run -v "$(SRC_ROOT):/helm-docs" jnorwood/helm-docs:$(HELMDOCS_VERSION) --chart-search-root /helm-docs + +helm-lint: docker + @docker run -v "$(SRC_ROOT):/workdir" --entrypoint /bin/sh quay.io/helmpack/chart-testing:v3.3.1 -c cd /workdir && ct lint --config .github/configs/ct.yaml --lint-conf .github/configs/lintconf.yaml --all --debug + +docker: + @hash docker 2>/dev/null || {\ + echo "You need docker" &&\ + exit 1;\ + } + # Setup development env # Usage: # LAPTOP_HOST_IP= make dev-setup diff --git a/README.md b/README.md index 17b7cc35..79467d4a 100644 --- a/README.md +++ b/README.md @@ -72,12 +72,20 @@ Capsule is Open Source with Apache 2 license and any contribution is welcome. ## Chart Development -The documentation for each chart is done with [helm-docs](https://github.com/norwoodj/helm-docs). This way we can ensure that values are consistent with the chart documentation. +### Chart Linting -We have a script on the repository which will execute the helm-docs docker container, so that you don't have to worry about downloading the binary etc. Simply execute the script (Bash compatible): +The chart is linted with [ct](https://github.com/helm/chart-testing). You can run the linter locally with this command: ``` -bash scripts/helm-docs.sh +make helm-lint +``` + +### Chart Documentation + +The documentation for each chart is done with [helm-docs](https://github.com/norwoodj/helm-docs). This way we can ensure that values are consistent with the chart documentation. Run this anytime you make changes to a `values.yaml` file: + +``` +make helm-docs ``` ## Community diff --git a/charts/capsule/Makefile b/charts/capsule/Makefile deleted file mode 100644 index a191fe4c..00000000 --- a/charts/capsule/Makefile +++ /dev/null @@ -1,9 +0,0 @@ -docs: HELMDOCS_VERSION := v1.8.1 -docs: docker - @docker run --rm -v "$$(pwd):/helm-docs" -u $$(id -u) jnorwood/helm-docs:$(HELMDOCS_VERSION) - -docker: - @hash docker 2>/dev/null || {\ - echo "You need docker" &&\ - exit 1;\ - } diff --git a/charts/capsule/README.md b/charts/capsule/README.md index c6a909ae..a4772e96 100644 --- a/charts/capsule/README.md +++ b/charts/capsule/README.md @@ -64,8 +64,8 @@ Here the values you can override: |-----|------|---------|-------------| | affinity | object | `{}` | Set affinity rules for the Capsule pod | | certManager.generateCertificates | bool | `false` | Specifies whether capsule webhooks certificates should be generated using cert-manager | -| customAnnotations | object | `{}` | Additional annotations which will be added to all resources created by Capsule helm chart | -| customLabels | object | `{}` | Additional labels which will be added to all resources created by Capsule helm chart | +| customAnnotations | object | `{}` | Additional annotations which will be added to all resources created by Capsule helm chart | +| customLabels | object | `{}` | Additional labels which will be added to all resources created by Capsule helm chart | | jobs.image.pullPolicy | string | `"IfNotPresent"` | Set the image pull policy of the helm chart job | | jobs.image.repository | string | `"quay.io/clastix/kubectl"` | Set the image repository of the helm chart job | | jobs.image.tag | string | `""` | Set the image tag of the helm chart job | @@ -88,18 +88,18 @@ Here the values you can override: | Key | Type | Default | Description | |-----|------|---------|-------------| -| manager.hostNetwork | bool | `false` | Specifies if the container should be started in hostNetwork mode. Required for use in some managed kubernetes clusters (such as AWS EKS) with custom CNI (such as calico), because control-plane managed by AWS cannot communicate with pods' IP CIDR and admission webhooks are not working | +| manager.hostNetwork | bool | `false` | Specifies if the container should be started in hostNetwork mode. Required for use in some managed kubernetes clusters (such as AWS EKS) with custom CNI (such as calico), because control-plane managed by AWS cannot communicate with pods' IP CIDR and admission webhooks are not working | | manager.image.pullPolicy | string | `"IfNotPresent"` | Set the image pull policy. | | manager.image.repository | string | `"clastix/capsule"` | Set the image repository of the capsule. | | manager.image.tag | string | `""` | Overrides the image tag whose default is the chart appVersion. | -| manager.imagePullSecrets | list | `[]` | Configuration for `imagePullSecrets` so that you can use a private images registry. | -| manager.kind | string | `"Deployment"` | Set the controller deployment mode as `Deployment` or `DaemonSet`. | -| manager.livenessProbe | object | `{"httpGet":{"path":"/healthz","port":10080}}` | Configure the liveness probe using Deployment probe spec | -| manager.options.capsuleUserGroups | list | `["capsule.clastix.io"]` | Override the Capsule user groups | +| manager.imagePullSecrets | list | `[]` | Configuration for `imagePullSecrets` so that you can use a private images registry. | +| manager.kind | string | `"Deployment"` | Set the controller deployment mode as `Deployment` or `DaemonSet`. | +| manager.livenessProbe | object | `{"httpGet":{"path":"/healthz","port":10080}}` | Configure the liveness probe using Deployment probe spec | +| manager.options.capsuleUserGroups | list | `["capsule.clastix.io"]` | Override the Capsule user groups | | manager.options.forceTenantPrefix | bool | `false` | Boolean, enforces the Tenant owner, during Namespace creation, to name it using the selected Tenant name as prefix, separated by a dash | | manager.options.generateCertificates | bool | `true` | Specifies whether capsule webhooks certificates should be generated by capsule operator | | manager.options.logLevel | string | `"4"` | Set the log verbosity of the capsule with a value from 1 to 10 | -| manager.options.protectedNamespaceRegex | string | `""` | If specified, disallows creation of namespaces matching the passed regexp | +| manager.options.protectedNamespaceRegex | string | `""` | If specified, disallows creation of namespaces matching the passed regexp | | manager.readinessProbe | object | `{"httpGet":{"path":"/readyz","port":10080}}` | Configure the readiness probe using Deployment probe spec | | manager.resources.limits.cpu | string | `"200m"` | | | manager.resources.limits.memory | string | `"128Mi"` | | diff --git a/charts/capsule/values.yaml b/charts/capsule/values.yaml index 7c84c636..8885801a 100644 --- a/charts/capsule/values.yaml +++ b/charts/capsule/values.yaml @@ -14,7 +14,7 @@ tls: # Manager Options manager: - # -- Set the controller deployment mode as `Deployment` or `DaemonSet`. + # -- Set the controller deployment mode as `Deployment` or `DaemonSet`. kind: Deployment image: @@ -25,7 +25,7 @@ manager: # -- Overrides the image tag whose default is the chart appVersion. tag: '' - # -- Configuration for `imagePullSecrets` so that you can use a private images registry. + # -- Configuration for `imagePullSecrets` so that you can use a private images registry. imagePullSecrets: [] # -- Specifies if the container should be started in hostNetwork mode. @@ -41,19 +41,19 @@ manager: logLevel: '4' # -- Boolean, enforces the Tenant owner, during Namespace creation, to name it using the selected Tenant name as prefix, separated by a dash forceTenantPrefix: false - # -- Override the Capsule user groups + # -- Override the Capsule user groups capsuleUserGroups: ["capsule.clastix.io"] - # -- If specified, disallows creation of namespaces matching the passed regexp + # -- If specified, disallows creation of namespaces matching the passed regexp protectedNamespaceRegex: "" # -- Specifies whether capsule webhooks certificates should be generated by capsule operator generateCertificates: true - # -- Configure the liveness probe using Deployment probe spec + # -- Configure the liveness probe using Deployment probe spec livenessProbe: httpGet: path: /healthz port: 10080 - + # -- Configure the readiness probe using Deployment probe spec readinessProbe: httpGet: @@ -75,7 +75,7 @@ podAnnotations: {} # scheduler.alpha.kubernetes.io/critical-pod: '' # -- Set the priority class name of the Capsule pod -priorityClassName: '' #system-cluster-critical +priorityClassName: '' # system-cluster-critical # -- Set the node selector for the Capsule pod nodeSelector: {} @@ -83,10 +83,10 @@ nodeSelector: {} # -- Set list of tolerations for the Capsule pod tolerations: [] -#- key: CriticalAddonsOnly -# operator: Exists -#- effect: NoSchedule -# key: node-role.kubernetes.io/master +# - key: CriticalAddonsOnly +# operator: Exists +# - effect: NoSchedule +# key: node-role.kubernetes.io/master # -- Set the replica count for capsule pod replicaCount: 1 @@ -120,10 +120,10 @@ certManager: # -- Specifies whether capsule webhooks certificates should be generated using cert-manager generateCertificates: false -# -- Additional labels which will be added to all resources created by Capsule helm chart +# -- Additional labels which will be added to all resources created by Capsule helm chart customLabels: {} -# -- Additional annotations which will be added to all resources created by Capsule helm chart +# -- Additional annotations which will be added to all resources created by Capsule helm chart customAnnotations: {} # Webhooks configurations diff --git a/scripts/helm-docs.sh b/scripts/helm-docs.sh deleted file mode 100644 index a9ee92d1..00000000 --- a/scripts/helm-docs.sh +++ /dev/null @@ -1,11 +0,0 @@ -#!/bin/bash -## Reference: https://github.com/norwoodj/helm-docs -set -eux -CHART_DIR="$(cd "$(dirname "$0")/.." && pwd)" -echo "$CHART_DIR" - -echo "Running Helm-Docs" -docker run \ - -v "$CHART_DIR:/helm-docs" \ - -u $(id -u) \ - jnorwood/helm-docs:latest \ No newline at end of file