Improve config, tests and docs

.github/CODEOWNERS.md

@@ -0,0 +1 @@
+* @ThomasVitale

.github/ISSUE_TEMPLATE/bug-report.md

@@ -2,7 +2,7 @@
 name: Bug report
 about: Tell us about a problem you are experiencing
 title: ''
-labels: bug
+labels: bug, triage
 assignees: ''
 
 ---
@@ -19,10 +19,8 @@ assignees: ''
 **Anything else you would like to add:**
 [Additional information that will assist in solving the issue.]
 
-**Additional context:**
-Add any other context about the problem here.
-
 **Environment:**
 
-- Kubernetes version (execute `kubectl version`): 
-- kapp-controller version (execute `kubectl get deployment -n kapp-controller kapp-controller -o yaml` and the annotation is `kbld.k14s.io/images`): 
+* Kubernetes version (execute `kubectl version`):
+* kctrl version (execute `kctrl version`):
+* kapp-controller version (execute `kubectl get deployment -n kapp-controller kapp-controller -o yaml` and the annotation is `kbld.k14s.io/images`):

.github/ISSUE_TEMPLATE/feature-request.md

@@ -2,7 +2,7 @@
 name: Feature request
 about: Suggest an idea for this project
 title: ''
-labels: enhancement
+labels: enhancement, triage
 assignees: ''
 
 ---

.github/ISSUE_TEMPLATE/other-request.md

@@ -0,0 +1,8 @@
+---
+name: Other issue or question
+about: Free form issue or question
+title: ''
+labels: triage
+assignees: ''
+
+---

.github/workflows/release.yml

@@ -18,6 +18,6 @@ jobs:
       registry-server: ghcr.io
       registry-username: ${{ github.actor }}
       image: ${{ github.repository }}
-      version: 0.6.2+kadras.1
+      version: 0.6.2+kadras.2
     secrets:
       pull-request-token: ${{ secrets.GH_ORG_PAT }}

.github/workflows/test.yml

@@ -8,14 +8,15 @@ jobs:
     name: Configuration Tests
     permissions:
       contents: read
-    uses: kadras-io/github-reusable-workflows/.github/workflows/package-test-config.yml@main
-    with:
-      command: make test-config
+    uses: kadras-io/github-reusable-workflows/.github/workflows/carvel-package-test-config.yml@main
 
   test-integration:
     name: Integration Tests
+    strategy:
+      matrix:
+        k8s_version: [v1.24, v1.25, v1.26]
     permissions:
       contents: read
-    uses: kadras-io/github-reusable-workflows/.github/workflows/package-test-integration.yml@main
+    uses: kadras-io/github-reusable-workflows/.github/workflows/carvel-package-test-integration.yml@main
     with:
-      command: make test-integration
+      k8s_version: ${{ matrix.k8s_version }}

.gitignore

@@ -1,6 +1,12 @@
 ### Carvel ###
 carvel-artifacts/
 repo/
+schema-openapi.yml
+
+### KUTTL ###
+test/integration/kubeconfig
+test/integration/kuttl-artifacts
+kubeconfig
 
 # Binaries for programs and plugins
 *.exe

MAINTAINERS.md

@@ -0,0 +1,3 @@
+# Maintainers
+
+* Thomas Vitale | [ThomasVitale](https://github.com/ThomasVitale)

Makefile

@@ -1,12 +1,35 @@
+K8S_VERSION=v1.26
+
+# Build package configuration
+build: package
+	cd package && kctrl package init
+
+# Prepare cluster for development workflow
+prepare: test/setup
+	ytt -f test/setup/assets/namespace.yml | kapp deploy -a ns -f- -y
+	ytt -f test/setup/assets/rbac.yml | kapp deploy -a rbac -f- -y
+	kubectl config set-context --current --namespace=tests
+
+# Inner development loop
+dev: package
+	cd package && kctrl dev -f package-resources.yml --local -y
+
+# Clean development environment
+clean:
+	cd package && kctrl dev -f package-resources.yml --local -y --delete 
+
+# Process the configuration manifests with ytt
+ytt:
+	ytt --file package/config
+
 # Use ytt to generate an OpenAPI specification
 schema:
-	ytt -f package/config/values-schema.yml --data-values-schema-inspect -o openapi-v3 > package/config/schema-openapi.yml
+	ytt -f package/config/values-schema.yml --data-values-schema-inspect -o openapi-v3 > schema-openapi.yml
 
-# Check the ytt-annotated Kubernetes configuration
+# Check the ytt-annotated Kubernetes configuration and its validation
 test-config:
-	ytt --file package/config
+	ytt -f package/config | kubeconform -ignore-missing-schemas -summary
 
-# Run package tests
-test-integration: test/test.sh
-	chmod +x test/test.sh
-	./test/test.sh
+# Run package integration tests
+test-integration: test/integration
+	kubectl kuttl test --config test/integration/kuttl-test.yml --kind-config test/setup/kind/$(K8S_VERSION)/kind-config.yml

README.md

@@ -1,127 +1,121 @@
 # Metrics Server
 
-<a href="https://slsa.dev/spec/v0.1/levels"><img src="https://slsa.dev/images/gh-badge-level3.svg" alt="The SLSA Level 3 badge"></a>
+![Test Workflow](https://github.com/kadras-io/package-for-kpack/actions/workflows/test.yml/badge.svg)
+![Release Workflow](https://github.com/kadras-io/package-for-kpack/actions/workflows/release.yml/badge.svg)
+[![The SLSA Level 3 badge](https://slsa.dev/images/gh-badge-level3.svg)](https://slsa.dev/spec/v0.1/levels)
+[![The Apache 2.0 license badge](https://img.shields.io/badge/License-Apache_2.0-blue.svg)](https://opensource.org/licenses/Apache-2.0)
+[![Follow us on Twitter](https://img.shields.io/static/v1?label=Twitter&message=Follow&color=1DA1F2)](https://twitter.com/kadrasIO)
 
-This project provides a [Carvel package](https://carvel.dev/kapp-controller/docs/latest/packaging) for [Metrics Server](https://github.com/kubernetes-sigs/metrics-server), a scalable and efficient source of container resource metrics for Kubernetes built-in autoscaling pipelines.
+A Carvel package for [Metrics Server](https://github.com/kubernetes-sigs/metrics-server), a scalable and efficient source of container resource metrics for Kubernetes built-in autoscaling pipelines.
 
-## Prerequisites
+## 🚀&nbsp; Getting Started
+
+### Prerequisites
 
 * Kubernetes 1.24+
 * Carvel [`kctrl`](https://carvel.dev/kapp-controller/docs/latest/install/#installing-kapp-controller-cli-kctrl) CLI.
 * Carvel [kapp-controller](https://carvel.dev/kapp-controller) deployed in your Kubernetes cluster. You can install it with Carvel [`kapp`](https://carvel.dev/kapp/docs/latest/install) (recommended choice) or `kubectl`.
 
   ```shell
   kapp deploy -a kapp-controller -y \
-    -f https://github.com/vmware-tanzu/carvel-kapp-controller/releases/latest/download/release.yml
+    -f https://github.com/carvel-dev/kapp-controller/releases/latest/download/release.yml
   ```
 
-## Installation
+### Installation
 
-First, add the [Kadras package repository](https://github.com/kadras-io/kadras-packages) to your Kubernetes cluster.
+Add the Kadras [package repository](https://github.com/kadras-io/kadras-packages) to your Kubernetes cluster:
 
   ```shell
   kubectl create namespace kadras-packages
-  kctrl package repository add -r kadras-repo \
+  kctrl package repository add -r kadras-packages \
     --url ghcr.io/kadras-io/kadras-packages \
     -n kadras-packages
   ```
 
-Then, install the Metrics Server package.
+<details><summary>Installation without package repository</summary>
+The recommended way of installing the Metrics Server package is via the Kadras <a href="https://github.com/kadras-io/kadras-packages">package repository</a>. If you prefer not using the repository, you can add the package definition directly using <a href="https://carvel.dev/kapp/docs/latest/install"><code>kapp</code></a> or <code>kubectl</code>.
 
   ```shell
-  kctrl package install -i metrics-server \
-    -p metrics-server.packages.kadras.io \
-    -v 0.6.2+kadras.1 \
-    -n kadras-packages
+  kubectl create namespace kadras-packages
+  kapp deploy -a metrics-server-package -n kadras-packages -y \
+    -f https://github.com/kadras-io/package-for-metrics-server/releases/latest/download/metadata.yml \
+    -f https://github.com/kadras-io/package-for-metrics-server/releases/latest/download/package.yml
   ```
+</details>
 
-### Verification
-
-You can verify the list of installed Carvel packages and their status.
+Install the Metrics Server package:
 
   ```shell
-  kctrl package installed list -n kadras-packages
+  kctrl package install -i metrics-server \
+    -p metrics-server.packages.kadras.io \
+    -v ${VERSION} \
+    -n kadras-packages
   ```
 
-### Version
+> **Note**
+> You can find the `${VERSION}` value by retrieving the list of package versions available in the Kadras package repository installed on your cluster.
+> 
+>   ```shell
+>   kctrl package available list -p metrics-server.packages.kadras.io -n kadras-packages
+>   ```
 
-You can get the list of Metrics Server versions available in the Kadras package repository.
+Verify the installed packages and their status:
 
   ```shell
-  kctrl package available list -p metrics-server.packages.kadras.io -n kadras-packages
+  kctrl package installed list -n kadras-packages
   ```
 
-## Configuration
+## 📙&nbsp; Documentation
 
-The Metrics Server package has the following configurable properties.
+Documentation, tutorials and examples for this package are available in the [docs](docs) folder.
+For documentation specific to Metrics Server, check out [github.com/kubernetes-sigs/metrics-server](https://github.com/kubernetes-sigs/metrics-server).
 
-| Value | Required/Optional | Description |
-|-------|-------------------|-------------|
-| `metricsServer.createNamespace` | Optional | Whether to create namespace specified for metrics-server. Default value is `true`. |
-| `metricsServer.namespace` | Optional | The namespace value used by older templates, will be overwriten if top level namespace is present, kept for backward compatibility. Default value is `null`. |
-| `metricsServer.config.securePort` | Optional | TThe HTTPS secure port used by metrics-server. Default: `4443`. |
-| `metricsServer.config.updateStrategy` | Optional | TThe update strategy of the metrics-server deployment. Default: `RollingUpdate` |
-| `metricsServer.config.probe.failureThreshold` | Optional | Probe failureThreshold of metrics-server deployment. Default: `3`. |
-| `metricsServer.config.probe.periodSeconds` | Optional | Probe period of metrics-server deployment. Default: `10` . |
-| `metricsServer.config.apiServiceInsecureTLS`| Optional | Whether to enable insecure TLS for metrics-server api service. Default: `True`. |
+## 🎯&nbsp; Configuration
 
-You can define your configuration in a `values.yml` file.
+The Metrics Server package can be customized via a `values.yml` file.
 
   ```yaml
   metricsServer:
     config:
       securePort: 4443
   ```
 
-Then, reference it from the `kctrl` command when installing or upgrading the package.
+Reference the `values.yml` file from the `kctrl` command when installing or upgrading the package.
 
   ```shell
   kctrl package install -i metrics-server \
     -p metrics-server.packages.kadras.io \
-    -v 0.6.2+kadras.1 \
+    -v ${VERSION} \
     -n kadras-packages \
     --values-file values.yml
   ```
 
-## Upgrading
-
-You can upgrade an existing package to a newer version using `kctrl`.
+### Values
 
-  ```shell
-  kctrl package installed update -i metrics-server \
-    -v <new-version> \
-    -n kadras-packages
-  ```
-
-You can also update an existing package with a newer `values.yml` file.
-
-  ```shell
-  kctrl package installed update -i metrics-server \
-    -n kadras-packages \
-    --values-file values.yml
-  ```
-
-## Other
+The Metrics Server package has the following configurable properties.
 
-The recommended way of installing the Metrics Server package is via the [Kadras package repository](https://github.com/kadras-io/kadras-packages). If you prefer not using the repository, you can install the package by creating the necessary Carvel `PackageMetadata` and `Package` resources directly using [`kapp`](https://carvel.dev/kapp/docs/latest/install) or `kubectl`.
+<details><summary>Configurable properties</summary>
 
-  ```shell
-  kubectl create namespace kadras-packages
-  kapp deploy -a metrics-server-package -n kadras-packages -y \
-    -f https://github.com/kadras-io/package-for-metrics-server/releases/latest/download/metadata.yml \
-    -f https://github.com/kadras-io/package-for-metrics-server/releases/latest/download/package.yml
-  ```
+| Value | Required/Optional | Description |
+|-------|-------------------|-------------|
+| `metricsServer.createNamespace` | Optional | Whether to create namespace specified for metrics-server. Default value is `true`. |
+| `metricsServer.namespace` | Optional | The namespace value used by older templates, will be overwriten if top level namespace is present, kept for backward compatibility. Default value is `null`. |
+| `metricsServer.config.securePort` | Optional | TThe HTTPS secure port used by metrics-server. Default: `4443`. |
+| `metricsServer.config.updateStrategy` | Optional | TThe update strategy of the metrics-server deployment. Default: `RollingUpdate` |
+| `metricsServer.config.probe.failureThreshold` | Optional | Probe failureThreshold of metrics-server deployment. Default: `3`. |
+| `metricsServer.config.probe.periodSeconds` | Optional | Probe period of metrics-server deployment. Default: `10` . |
+| `metricsServer.config.apiServiceInsecureTLS`| Optional | Whether to enable insecure TLS for metrics-server api service. Default: `True`. |
 
-## Support and Documentation
+</details>
 
-For support and documentation specific to Metrics Server, check out [https://github.com/kubernetes-sigs/metrics-server](https://github.com/kubernetes-sigs/metrics-server).
+## 🛡️&nbsp; Security
 
-## References
+The security process for reporting vulnerabilities is described in [SECURITY.md](SECURITY.md).
 
-This package is based on the original Metrics Server package used in [Tanzu Community Edition](https://github.com/vmware-tanzu/community-edition) before its retirement.
+## 🖊️&nbsp; License
 
-## Supply Chain Security
+This project is licensed under the **Apache License 2.0**. See [LICENSE](LICENSE) for more information.
 
-This project is compliant with level 3 of the [SLSA Framework](https://slsa.dev).
+## 🙏&nbsp; Acknowledgments
 
-<img src="https://slsa.dev/images/SLSA-Badge-full-level3.svg" alt="The SLSA Level 3 badge" width=200>
+This package is inspired by the original kpack package used in the [Tanzu Community Edition](https://github.com/vmware-tanzu/community-edition) project before its retirement.

SECURITY.md

@@ -0,0 +1,5 @@
+# Security Policy
+
+## Reporting a Vulnerability
+
+If you know of a vulnerability in this project, please reach out to security@kadras.io and we will get back to you as soon as possible.

docs/verify-release.md

@@ -0,0 +1,37 @@
+# Verifying the Tekton Pipelines Package Release
+
+This package is published as an OCI artifact, signed with Sigstore [Cosign](https://docs.sigstore.dev/cosign/overview), and associated with a [SLSA Provenance](https://slsa.dev/provenance) attestation.
+
+Using `cosign`, you can display the supply chain security related artifacts for the `ghcr.io/kadras-io/package-for-metrics-server` images. Use the specific digest you'd like to verify.
+
+```shell
+cosign tree ghcr.io/kadras-io/package-for-metrics-server
+```
+
+The result:
+
+```shell
+📦 Supply Chain Security Related artifacts for an image: ghcr.io/kadras-io/package-for-metrics-server
+└── 💾 Attestations for an image tag: ghcr.io/kadras-io/package-for-metrics-server:sha256-57a109b45ad86ffd9f47f3626800fed777f94ba4fbb5eb1ca1a9a4286f66c9ed.att
+   └── 🍒 sha256:55cbf5575b996f11aa5d5ead0eb862b9818fff38b96d8bfe1618df393c377d89
+└── 🔐 Signatures for an image tag: ghcr.io/kadras-io/package-for-metrics-server:sha256-57a109b45ad86ffd9f47f3626800fed777f94ba4fbb5eb1ca1a9a4286f66c9ed.sig
+   └── 🍒 sha256:7a74656a666a70f6e79274cec2aad64fdfc7af13e255fe85f50dadbebb688529
+```
+
+You can verify the signature and its claims:
+
+```shell
+cosign verify \
+   --certificate-identity-regexp https://github.com/kadras-io \
+   --certificate-oidc-issuer https://token.actions.githubusercontent.com \
+   ghcr.io/kadras-io/package-for-metrics-server | jq
+```
+
+You can also verify the SLSA Provenance attestation associated with the image.
+
+```shell
+cosign verify-attestation --type slsaprovenance \
+   --certificate-identity-regexp https://github.com/slsa-framework \
+   --certificate-oidc-issuer https://token.actions.githubusercontent.com \
+   ghcr.io/kadras-io/package-for-metrics-server | jq .payload -r | base64 --decode | jq
+```

package/config/kapp-config.yml

@@ -6,6 +6,7 @@ minimumRequiredVersion: 0.50.0
 #! Rebase rules explicitly define how kapp should merge resources during an update.
 #! See more about the resource merge method: https://carvel.dev/kapp/docs/latest/merge-method.
 rebaseRules:
+
   - path: [spec, caBundle]
     type: remove
     resourceMatchers:

package/config/overlays/api-service.yml

@@ -1,7 +1,7 @@
 #@ load("@ytt:data", "data")
 #@ load("@ytt:overlay", "overlay")
 
-#@overlay/match by=overlay.subset({"kind": "APIService"})
+#@overlay/match by=overlay.subset({"kind":"APIService"})
 ---
 spec:
   insecureSkipTLSVerify: #@ data.values.metricsServer.config.apiServiceInsecureTLS

package/config/overlays/deployment.yml

@@ -1,7 +1,7 @@
 #@ load("@ytt:data", "data")
-#@ load("@ytt:yaml", "yaml")
 #@ load("@ytt:overlay", "overlay")
 #@ load("@ytt:template", "template")
+#@ load("@ytt:yaml", "yaml")
 
 #@ def is_toleration_specified(toleration):
 #@   return toleration in yaml.decode(yaml.encode(data.values.metricsServer.config.tolerations))
@@ -14,7 +14,7 @@
 #@   default_tolerations += [{"effect":"NoSchedule", "key":"node-role.kubernetes.io/control-plane"}]
 #@ end
 
-#@overlay/match by=overlay.subset({"kind": "Deployment", "metadata": {"name": "metrics-server"}})
+#@overlay/match by=overlay.subset({"kind":"Deployment", "metadata":{"name":"metrics-server"}})
 ---
 spec:
   #@overlay/match-child-defaults missing_ok=True