feat(cert-manager): add helm chart for cert manager (#2192)

Signed-off-by: Moritz Wiesinger <moritz.wiesinger@dynatrace.com>
Signed-off-by: odubajDT <ondrej.dubaj@dynatrace.com>
Co-authored-by: odubajDT <ondrej.dubaj@dynatrace.com>

.github/actions/deploy-klt-on-cluster/action.yml

@@ -94,7 +94,7 @@ runs:
       run: |
         echo "Installing Keptn using helm"
         helm version
-        helm install -n keptn-lifecycle-toolkit-system --create-namespace toolkit ./helm/chart  \
+        helm install -n keptn-lifecycle-toolkit-system --create-namespace toolkit ./helm/chart \
           --set schedulingGatesEnabled=${{ inputs.scheduling-gates }} \
           --set scheduler.scheduler.imagePullPolicy=Never \
           --set scheduler.scheduler.image.tag=${{ inputs.runtime_tag }} \
@@ -108,7 +108,9 @@ runs:
           --set metricsOperator.manager.image.repository="localhost:5000/keptn/metrics-operator" \
           --set lifecycleOperator.manager.env.functionRunnerImage=localhost:5000/keptn/deno-runtime:${{ inputs.runtime_tag }} \
           --set lifecycleOperator.manager.env.pythonRunnerImage=localhost:5000/keptn/python-runtime:${{ inputs.runtime_tag }} \
-          --set certificateOperator.manager.imagePullPolicy=Never \
-          --set certificateOperator.manager.image.tag=${{ inputs.runtime_tag }} \
-          --set certificateOperator.manager.image.repository="localhost:5000/keptn/certificate-operator" \
+
+        helm install -n keptn-lifecycle-toolkit-system --create-namespace cert-manager ./klt-cert-manager/chart \
+          --set imagePullPolicy=Never \
+          --set image.tag=${{ inputs.runtime_tag }} \
+          --set image.repository="localhost:5000/keptn/certificate-operator" \
           --debug --wait --timeout 1m

.github/scripts/.helm-tests/default/result.yaml

@@ -2,23 +2,6 @@
 # Source: klt/templates/deployment.yaml
 apiVersion: v1
 kind: ServiceAccount
-metadata:
-  name: certificate-operator
-  namespace: "helmtests"
-  labels:
-    app.kuberentes.io/instance: certificate-operator
-    app.kubernetes.io/component: rbac
-    app.kubernetes.io/created-by: certificate-operator
-    app.kubernetes.io/part-of: keptn-lifecycle-toolkit
-    helm.sh/chart: klt-0.2.6
-    app.kubernetes.io/name: klt
-    app.kubernetes.io/instance: release-name
-    app.kubernetes.io/version: "v0.8.2"
-    app.kubernetes.io/managed-by: Helm
----
-# Source: klt/templates/deployment.yaml
-apiVersion: v1
-kind: ServiceAccount
 metadata:
   name: keptn-scheduler
   namespace: "helmtests"
@@ -6445,58 +6428,6 @@ spec:
     subresources:
       status: {}
 ---
-# Source: klt/templates/certificate-operator-rbac.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: certificate-operator-role
-  namespace: "helmtests"
-  labels:
-    helm.sh/chart: klt-0.2.6
-    app.kubernetes.io/name: klt
-    app.kubernetes.io/instance: release-name
-    app.kubernetes.io/version: "v0.8.2"
-    app.kubernetes.io/managed-by: Helm
-rules:
-- apiGroups:
-  - admissionregistration.k8s.io
-  resources:
-  - mutatingwebhookconfigurations
-  verbs:
-  - get
-  - list
-  - patch
-  - update
-  - watch
-- apiGroups:
-  - admissionregistration.k8s.io
-  resources:
-  - validatingwebhookconfigurations
-  verbs:
-  - get
-  - list
-  - patch
-  - update
-  - watch
-- apiGroups:
-  - apiextensions.k8s.io
-  resources:
-  - customresourcedefinitions
-  verbs:
-  - get
-  - list
-  - patch
-  - update
-  - watch
-- apiGroups:
-  - apps
-  resources:
-  - deployments
-  verbs:
-  - get
-  - list
-  - watch
----
 # Source: klt/templates/keptn-scheduler-rbac.yaml
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
@@ -7213,30 +7144,6 @@ rules:
   verbs:
   - '*'
 ---
-# Source: klt/templates/certificate-operator-rbac.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: certificate-operator-rolebinding
-  namespace: "helmtests"
-  labels:
-    app.kubernetes.io/component: rbac
-    app.kubernetes.io/created-by: certificate-operator
-    app.kubernetes.io/part-of: keptn-lifecycle-toolkit
-    helm.sh/chart: klt-0.2.6
-    app.kubernetes.io/name: klt
-    app.kubernetes.io/instance: release-name
-    app.kubernetes.io/version: "v0.8.2"
-    app.kubernetes.io/managed-by: Helm
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: 'certificate-operator-role'
-subjects:
-- kind: ServiceAccount
-  name: 'certificate-operator'
-  namespace: 'helmtests'
----
 # Source: klt/templates/hpa-controller-keptn-metrics-rbac.yaml
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
@@ -7363,38 +7270,6 @@ subjects:
   name: 'metrics-operator'
   namespace: 'helmtests'
 ---
-# Source: klt/templates/certificate-operator-rbac.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
-  name: certificate-operator-role
-  namespace: "helmtests"
-  labels:
-    helm.sh/chart: klt-0.2.6
-    app.kubernetes.io/name: klt
-    app.kubernetes.io/instance: release-name
-    app.kubernetes.io/version: "v0.8.2"
-    app.kubernetes.io/managed-by: Helm
-rules:
-- apiGroups:
-  - ""
-  resources:
-  - secrets
-  verbs:
-  - create
-  - list
-  - watch
-- apiGroups:
-  - ""
-  resourceNames:
-  - klt-certs
-  resources:
-  - secrets
-  verbs:
-  - get
-  - patch
-  - update
----
 # Source: klt/templates/leader-election-rbac.yaml
 apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
@@ -7533,54 +7408,6 @@ rules:
   - create
   - patch
 ---
-# Source: klt/templates/certificate-operator-leader-election-rbac.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: certificate-operator-leader-election-rolebinding
-  namespace: "helmtests"
-  labels:
-    app.kubernetes.io/component: rbac
-    app.kubernetes.io/created-by: certificate-operator
-    app.kubernetes.io/part-of: keptn-lifecycle-toolkit
-    helm.sh/chart: klt-0.2.6
-    app.kubernetes.io/name: klt
-    app.kubernetes.io/instance: release-name
-    app.kubernetes.io/version: "v0.8.2"
-    app.kubernetes.io/managed-by: Helm
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: Role
-  name: 'leader-election-role'
-subjects:
-- kind: ServiceAccount
-  name: 'certificate-operator'
-  namespace: 'helmtests'
----
-# Source: klt/templates/certificate-operator-role-binding-rbac.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: certificate-operator-role-binding
-  namespace: "helmtests"
-  labels:
-    app.kubernetes.io/component: rbac
-    app.kubernetes.io/created-by: certificate-operator
-    app.kubernetes.io/part-of: keptn-lifecycle-toolkit
-    helm.sh/chart: klt-0.2.6
-    app.kubernetes.io/name: klt
-    app.kubernetes.io/instance: release-name
-    app.kubernetes.io/version: "v0.8.2"
-    app.kubernetes.io/managed-by: Helm
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: Role
-  name: 'certificate-operator-role'
-subjects:
-- kind: ServiceAccount
-  name: 'certificate-operator'
-  namespace: 'helmtests'
----
 # Source: klt/templates/extension-apiserver-authentication-reader-rbac.yaml
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
@@ -7792,92 +7619,6 @@ spec:
 # Source: klt/templates/deployment.yaml
 apiVersion: apps/v1
 kind: Deployment
-metadata:
-  name: certificate-operator
-  namespace: "helmtests"
-  labels:
-    app.kubernetes.io/component: manager
-    app.kubernetes.io/created-by: certificate-operator
-    app.kubernetes.io/part-of: keptn-lifecycle-toolkit
-    control-plane: certificate-operator
-    helm.sh/chart: klt-0.2.6
-    app.kubernetes.io/name: klt
-    app.kubernetes.io/instance: release-name
-    app.kubernetes.io/version: "v0.8.2"
-    app.kubernetes.io/managed-by: Helm
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      control-plane: certificate-operator
-      app.kubernetes.io/name: klt
-      app.kubernetes.io/instance: release-name
-  template:
-    metadata:
-      labels:
-        control-plane: certificate-operator
-        app.kubernetes.io/name: klt
-        app.kubernetes.io/instance: release-name
-      annotations:
-        kubectl.kubernetes.io/default-container: manager
-    spec:
-      containers:
-      - args:
-        - --leader-elect
-        command:
-        - /manager
-        env:
-        - name: NAMESPACE
-          valueFrom:
-            fieldRef:
-              fieldPath: metadata.namespace
-        - name: LABEL_SELECTOR_KEY
-          value: "keptn.sh/inject-cert"
-        - name: LABEL_SELECTOR_VALUE
-          value: "true"
-        - name: KUBERNETES_CLUSTER_DOMAIN
-          value: cluster.local
-        image: ghcr.io/keptn/certificate-operator:v1.1.0
-        imagePullPolicy: Always
-        name: manager
-        resources:
-          limits:
-            cpu: 25m
-            memory: 64Mi
-          requests:
-            cpu: 5m
-            memory: 16Mi
-        securityContext:
-          allowPrivilegeEscalation: false
-          capabilities:
-            drop:
-            - ALL
-          readOnlyRootFilesystem: true
-          runAsGroup: 65532
-          runAsUser: 65532
-          seccompProfile:
-            type: RuntimeDefault
-        livenessProbe:
-          httpGet:
-            path: /healthz
-            port: 8081
-          initialDelaySeconds: 15
-          periodSeconds: 20
-        readinessProbe:
-          httpGet:
-            path: /readyz
-            port: 8081
-          initialDelaySeconds: 5
-          periodSeconds: 10
-      imagePullSecrets: []
-      securityContext:
-        runAsNonRoot: true
-      serviceAccountName: certificate-operator
-      terminationGracePeriodSeconds: 10
----
-# Source: klt/templates/deployment.yaml
-apiVersion: apps/v1
-kind: Deployment
 metadata:
   name: lifecycle-operator
   namespace: "helmtests"

.github/scripts/.helm-tests/default/values.yaml

@@ -1,45 +1,3 @@
-certificateOperator:
-  manager:
-    containerSecurityContext:
-      allowPrivilegeEscalation: false
-      capabilities:
-        drop:
-        - ALL
-      readOnlyRootFilesystem: true
-      runAsGroup: 65532
-      runAsUser: 65532
-      seccompProfile:
-        type: RuntimeDefault
-    env:
-      labelSelectorKey: keptn.sh/inject-cert
-      labelSelectorValue: "true"
-    image:
-      repository: ghcr.io/keptn/certificate-operator
-      tag: v1.1.0
-    imagePullPolicy: Always
-    livenessProbe:
-      httpGet:
-        path: /healthz
-        port: 8081
-      initialDelaySeconds: 15
-      periodSeconds: 20
-    readinessProbe:
-      httpGet:
-        path: /readyz
-        port: 8081
-      initialDelaySeconds: 5
-      periodSeconds: 10
-    resources:
-      limits:
-        cpu: 25m
-        memory: 64Mi
-      requests:
-        cpu: 5m
-        memory: 16Mi
-  nodeSelector: {}
-  replicas: 1
-  tolerations: []
-  topologySpreadConstraints: []
 imagePullSecrets: []
 kubernetesClusterDomain: cluster.local
 lifecycleManagerConfig:

.github/scripts/generate-helm-docs.sh

@@ -27,5 +27,10 @@ fi
 echo "Generating readme now..."
 cat ./helm/chart/values.yaml ./helm/chart/doc.yaml > ./helm/chart/rendered.yaml
 readme-generator --values=./helm/chart/rendered.yaml --readme=./helm/chart/README.md
+rm ./helm/chart/rendered.yaml
+
+cat ./klt-cert-manager/chart/values.yaml ./klt-cert-manager/chart/doc.yaml > ./klt-cert-manager/chart/rendered.yaml
+readme-generator --values=./klt-cert-manager/chart/rendered.yaml --readme=./klt-cert-manager/chart/README.md
+rm ./klt-cert-manager/chart/rendered.yaml
 
 # Please be aware, the readme file needs to exist and needs to have a Parameters section, as only this section will be re-generated

.yamllint

@@ -14,6 +14,7 @@ ignore: |
   metrics-operator/config/rbac/role.yaml
   klt-cert-manager/config/rbac/role.yaml
   helm/chart
+  klt-cert-manager/chart
   .github/scripts/.helm-tests
 
 rules:

helm/.gitignore

@@ -1 +1,2 @@
 *.tgz
+chart/rendered.yaml