Static helm

Makefile

@@ -28,6 +28,7 @@ OPERATOR_IMAGE = ytsaurus/k8s-operator
 OPERATOR_TAG = 0.0.0-alpha
 
 OPERATOR_CHART = ytop-chart
+OPERATOR_CHART_CRDS = $(OPERATOR_CHART)/templates/crds
 OPERATOR_INSTANCE = ytsaurus-dev
 
 ## K8s namespace for YTsaurus operator.
@@ -292,8 +293,9 @@ docker-push: ## Push docker image with the manager.
 	docker push ${IMG}
 
 .PHONY: helm-chart
-helm-chart: manifests kustomize helmify ## Generate helm chart.
-	$(KUSTOMIZE) build config/default | $(HELMIFY) $(OPERATOR_CHART)
+helm-chart: manifests kustomize envsubst kubectl-slice ## Generate helm chart.
+	$(KUSTOMIZE) build config/helm | name="$(OPERATOR_CHART)" $(ENVSUBST) | $(KUBECTL_SLICE) -q -o $(OPERATOR_CHART_CRDS) -t "{{.metadata.name}}.yaml" --prune
+	name="$(OPERATOR_CHART)" version="$(RELEASE_VERSION)" $(ENVSUBST) < config/helm/Chart.yaml > $(OPERATOR_CHART)/Chart.yaml
 
 ##@ Deployment
 
@@ -332,8 +334,6 @@ release: kustomize ## Release operator docker image and helm chart.
 	docker push ghcr.io/$(OPERATOR_IMAGE):${RELEASE_VERSION}
 	cd config/manager && $(KUSTOMIZE) edit set image controller=$(OPERATOR_IMAGE):${RELEASE_VERSION}
 	$(MAKE) helm-chart
-	sed -iE "s/appVersion: \".*\"/appVersion: \"${RELEASE_VERSION}\"/" $(OPERATOR_CHART)/Chart.yaml
-	sed -iE "s/version:.*/version: ${RELEASE_VERSION}/" $(OPERATOR_CHART)/Chart.yaml
 	helm package $(OPERATOR_CHART)
 	helm push $(OPERATOR_CHART)-${RELEASE_VERSION}.tgz oci://registry-1.docker.io/ytsaurus
 	helm push $(OPERATOR_CHART)-${RELEASE_VERSION}.tgz oci://ghcr.io/ytsaurus
@@ -351,24 +351,26 @@ HELM ?= helm --kube-context $(KIND_KUBE_CONTEXT)
 KUSTOMIZE ?= $(LOCALBIN)/kustomize-$(KUSTOMIZE_VERSION)
 CONTROLLER_GEN ?= $(LOCALBIN)/controller-gen-$(CONTROLLER_GEN_VERSION)
 ENVTEST ?= $(LOCALBIN)/setup-envtest-$(ENVTEST_VERSION)
-HELMIFY ?= $(LOCALBIN)/helmify-$(HELMIFY_VERSION)
 GOLANGCI_LINT ?= $(LOCALBIN)/golangci-lint-$(GOLANGCI_LINT_VERSION)
 GINKGO ?= $(LOCALBIN)/ginkgo-$(GINKGO_VERSION)
 CRD_REF_DOCS ?= $(LOCALBIN)/crd-ref-docs-$(CRD_REF_DOCS_VERSION)
 KIND ?= $(LOCALBIN)/kind-$(KIND_VERSION)
+ENVSUBST ?= $(LOCALBIN)/envsubst-$(ENVSUBST_VERSION)
+KUBECTL_SLICE ?= $(LOCALBIN)/kubectl-slice-$(KUBECTL_SLICE_VERSION)
 
 # Tool Versions
 KUSTOMIZE_VERSION ?= v5.3.0
 CONTROLLER_GEN_VERSION ?= v0.14.0
 ENVTEST_VERSION ?= latest
-HELMIFY_VERSION ?= v0.4.5
 ## golangci-lint version.
 GOLANGCI_LINT_VERSION ?= v1.56.2
 GINKGO_VERSION ?= $(call go-get-version,github.com/onsi/ginkgo/v2)
 CRD_REF_DOCS_VERSION ?= v0.0.12
 ## kind version.
 KIND_VERSION ?= v0.22.0
 CERT_MANAGER_VERSION ?= v1.14.4
+ENVSUBST_VERSION ?= v1.4.2
+KUBECTL_SLICE_VERSION ?= v1.3.1
 
 .PHONY: kustomize
 kustomize: $(KUSTOMIZE) ## Download kustomize locally if necessary.
@@ -385,11 +387,6 @@ envtest: $(ENVTEST) ## Download envtest-setup locally if necessary.
 $(ENVTEST): $(LOCALBIN)
 	$(call go-install-tool,$(ENVTEST),sigs.k8s.io/controller-runtime/tools/setup-envtest,$(ENVTEST_VERSION))
 
-.PHONY: helmify
-helmify: $(HELMIFY) ## Download helmify locally if necessary.
-$(HELMIFY): $(LOCALBIN)
-	$(call go-install-tool,$(HELMIFY),github.com/arttor/helmify/cmd/helmify,$(HELMIFY_VERSION))
-
 .PHONY: golangci-lint
 golangci-lint: $(GOLANGCI_LINT) ## Download golangci-lint locally if necessary.
 $(GOLANGCI_LINT): $(LOCALBIN)
@@ -410,6 +407,16 @@ kind: $(KIND) ## Download kind locally if necessary.
 $(KIND): $(LOCALBIN)
 	$(call go-install-tool,$(KIND),sigs.k8s.io/kind,$(KIND_VERSION))
 
+.PHONY: envsubst
+envsubst: $(ENVSUBST) ## Download envsubst locally if necessary.
+$(ENVSUBST): $(LOCALBIN)
+	$(call go-install-tool,$(ENVSUBST),github.com/a8m/envsubst/cmd/envsubst,$(ENVSUBST_VERSION))
+
+.PHONY: kubectl-slice
+kubectl-slice: $(KUBECTL_SLICE) ## Download yq locally if necessary.
+$(KUBECTL_SLICE): $(LOCALBIN)
+	$(call go-install-tool,$(KUBECTL_SLICE),github.com/patrickdappollonio/kubectl-slice,$(KUBECTL_SLICE_VERSION))
+
 # go-install-tool will 'go install' any package with custom target and name of binary, if it doesn't exist
 # $1 - target path with name of binary (ideally with version)
 # $2 - package url which can be installed

config/crd/kustomization.yaml

@@ -9,23 +9,23 @@ resources:
 - bases/cluster.ytsaurus.tech_remoteexecnodes.yaml
 #+kubebuilder:scaffold:crdkustomizeresource
 
-patchesStrategicMerge:
+patches:
 # [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix.
 # patches here are for enabling the conversion webhook for each CRD
-- patches/webhook_in_ytsaurus.yaml
-- patches/webhook_in_spyts.yaml
-- patches/webhook_in_chyts.yaml
-#- patches/webhook_in_remoteytsauruses.yaml
-#- patches/webhook_in_remoteexecnodes.yaml
+- path: patches/webhook_in_ytsaurus.yaml
+- path: patches/webhook_in_spyts.yaml
+- path: patches/webhook_in_chyts.yaml
+- path: patches/webhook_in_remoteytsaurus.yaml
+- path: patches/webhook_in_remoteexecnodes.yaml
 #+kubebuilder:scaffold:crdkustomizewebhookpatch
 
 # [CERTMANAGER] To enable cert-manager, uncomment all the sections with [CERTMANAGER] prefix.
 # patches here are for enabling the CA injection for each CRD
-- patches/cainjection_in_ytsaurus.yaml
-- patches/cainjection_in_spyts.yaml
-- patches/cainjection_in_chyts.yaml
-#- patches/cainjection_in_remoteytsauruses.yaml
-#- patches/cainjection_in_remoteexecnodes.yaml
+- path: patches/cainjection_in_ytsaurus.yaml
+- path: patches/cainjection_in_spyts.yaml
+- path: patches/cainjection_in_chyts.yaml
+- path: patches/cainjection_in_remoteytsaurus.yaml
+- path: patches/cainjection_in_remoteexecnodes.yaml
 #+kubebuilder:scaffold:crdkustomizecainjectionpatch
 
 # the following config is for teaching kustomize how to do kustomization for CRDs.

config/crd/patches/cainjection_in_chyts.yaml

@@ -3,5 +3,5 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME)
+    cert-manager.io/inject-ca-from: $(WEBHOOK_CERTIFICATE_NAMESPACE)/$(WEBHOOK_CERTIFICATE_NAME)
   name: chyts.cluster.ytsaurus.tech

config/crd/patches/cainjection_in_remoteexecnodes.yaml

@@ -3,5 +3,5 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME)
+    cert-manager.io/inject-ca-from: $(WEBHOOK_CERTIFICATE_NAMESPACE)/$(WEBHOOK_CERTIFICATE_NAME)
   name: remoteexecnodes.cluster.ytsaurus.tech

config/crd/patches/cainjection_in_remoteytsauruses.yaml → config/crd/patches/cainjection_in_remoteytsaurus.yaml

@@ -3,5 +3,5 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME)
-  name: remoteytsauruses.cluster.ytsaurus.tech
+    cert-manager.io/inject-ca-from: $(WEBHOOK_CERTIFICATE_NAMESPACE)/$(WEBHOOK_CERTIFICATE_NAME)
+  name: remoteytsaurus.cluster.ytsaurus.tech

config/crd/patches/cainjection_in_spyts.yaml

@@ -3,5 +3,5 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME)
+    cert-manager.io/inject-ca-from: $(WEBHOOK_CERTIFICATE_NAMESPACE)/$(WEBHOOK_CERTIFICATE_NAME)
   name: spyts.cluster.ytsaurus.tech

config/crd/patches/webhook_in_remoteytsauruses.yaml → config/crd/patches/webhook_in_remoteytsaurus.yaml

@@ -2,7 +2,7 @@
 apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
-  name: remoteytsauruses.cluster.ytsaurus.tech
+  name: remoteytsaurus.cluster.ytsaurus.tech
 spec:
   conversion:
     strategy: Webhook

config/default/kustomization.yaml

@@ -8,7 +8,7 @@ namespace: ytsaurus-k8s-operator-system
 # field above.
 namePrefix: ytsaurus-k8s-operator-
 
-bases:
+resources:
 - ../crd
 - ../rbac
 - ../manager
@@ -20,24 +20,24 @@ bases:
 # [PROMETHEUS] To enable prometheus monitor, uncomment all sections with 'PROMETHEUS'.
 #- ../prometheus
 
-patchesStrategicMerge:
+patches:
 # Protect the /metrics endpoint by putting it behind auth.
 # If you want your controller-manager to expose the /metrics
 # endpoint w/o any authn/z, please comment the following line.
-- manager_auth_proxy_patch.yaml
+- path: manager_auth_proxy_patch.yaml
 
 # Mount the controller config file for loading manager configurations
 # through a ComponentConfig type
 #- manager_config_patch.yaml
 
 # [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in
 # crd/kustomization.yaml
-- manager_webhook_patch.yaml
+- path: manager_webhook_patch.yaml
 
 # [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER'.
 # Uncomment 'CERTMANAGER' sections in crd/kustomization.yaml to enable the CA injection in the admission webhooks.
 # 'CERTMANAGER' needs to be enabled to use ca injection
-- webhookcainjection_patch.yaml
+- path: webhookcainjection_patch.yaml
 
 # the following config is for teaching kustomize how to do var substitution
 vars:
@@ -76,7 +76,6 @@ vars:
     kind: Service
     version: v1
     name: webhook-service
-
 - name: METRICS_SECRET_NAME
   objref:
     kind: Certificate

config/helm/Chart.yaml

@@ -0,0 +1,8 @@
+apiVersion: v2
+name: ${name}
+description: A Helm chart for Kubernetes
+type: application
+version: "${version:-0.0.0-alpha}"
+appVersion: "${version:-0.0.0-alpha}"
+sources:
+  - https://github.com/ytsaurus/ytsaurus-k8s-operator

config/helm/kustomization.yaml

@@ -0,0 +1,10 @@
+resources:
+- ../crd
+
+patches:
+  - target:
+      kind: CustomResourceDefinition
+    path: patches/cainjection.yaml
+  - target:
+      kind: CustomResourceDefinition
+    path: patches/webhook.yaml

config/helm/patches/cainjection.yaml

@@ -0,0 +1,6 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: any
+  annotations:
+    cert-manager.io/inject-ca-from: '{{ .Release.Namespace }}/{{ include "${name}.fullname" . }}-webhook-cert'

config/helm/patches/webhook.yaml

@@ -0,0 +1,15 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: any
+spec:
+  conversion:
+    strategy: Webhook
+    webhook:
+      clientConfig:
+        service:
+          name: '{{ include "${name}.fullname" . }}-webhook-service'
+          namespace: '{{ .Release.Namespace }}'
+          path: /convert
+      conversionReviewVersions:
+      - v1

config/manager/manager.yaml

@@ -17,6 +17,7 @@ spec:
     matchLabels:
       control-plane: controller-manager
   replicas: 1
+  revisionHistoryLimit: 10
   template:
     metadata:
       annotations:

ytop-chart/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 name: ytop-chart
 description: A Helm chart for Kubernetes
 type: application
-version: 0.0.0-alpha
+version: "0.0.0-alpha"
 appVersion: "0.0.0-alpha"
 sources:
   - https://github.com/ytsaurus/ytsaurus-k8s-operator

ytop-chart/templates/chyt-crd.yaml → ytop-chart/templates/crds/chyts.cluster.ytsaurus.tech.yaml

@@ -1,13 +1,11 @@
 apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
-  name: chyts.cluster.ytsaurus.tech
   annotations:
     cert-manager.io/inject-ca-from: '{{ .Release.Namespace }}/{{ include "ytop-chart.fullname"
-      . }}-$(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME)'
+      . }}-webhook-cert'
     controller-gen.kubebuilder.io/version: v0.14.0
-  labels:
-  {{- include "ytop-chart.labels" . | nindent 4 }}
+  name: chyts.cluster.ytsaurus.tech
 spec:
   conversion:
     strategy: Webhook
@@ -101,8 +99,8 @@ spec:
                       format: date-time
                       type: string
                     message:
-                      description: message is a human readable message indicating details
-                        about the transition.
+                      description: message is a human readable message indicating
+                        details about the transition.
                       maxLength: 32768
                       type: string
                     observedGeneration:
@@ -148,9 +146,3 @@ spec:
     storage: true
     subresources:
       status: {}
-status:
-  acceptedNames:
-    kind: ""
-    plural: ""
-  conditions: []
-  storedVersions: []