Migrate from plain manifests to helm charts in mesheryctl

[panyuenlau]

Description

This PR fixes the helm chart part of #4103
(The mesheryctl changes will be included in another PR to separate from the helm chart changes)

Notes for Reviewers
The current PR only fixes the existing issues related to serviceAccount, clusterRole, and clsuterRoleBInding within the helm charts, I've tested the basic installations for each adapter but need some help on testing the other functionalities

Note: all the adapters should just use the service account meshery-server to have the permission to perform certain operations, but some of the adapters had their own service accounts created in the helm charts

Signed commits

• Yes, I signed my commits.

>TODO: will be adding changes to the mesheryctl implementation to use the helm chart after making sure the charts are functioning properly

[codecov-commenter]

Codecov Report

Merging #4318 (e4c6cd7) into master (8c224b9) will not change coverage.
The diff coverage is n/a.

@@           Coverage Diff           @@
##           master    #4318   +/-   ##
=======================================
  Coverage   21.36%   21.36%           
=======================================
  Files          59       59           
  Lines        5046     5046           
=======================================
  Hits         1078     1078           
  Misses       3653     3653           
  Partials      315      315           

Flag	Coverage Δ
e2etests	∅ <ø> (?)
unittests	21.36% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 8c224b9...e4c6cd7. Read the comment docs.

[Aisuko]

Thanks, @panyuenlau, so cleanly work. Please add the code comment to the ClusterRole in order to clearly describe the permission we need to apply.

[Aisuko]

Please give any code comment for apiGroups' verbs if could what I mean we should sure which permissions we need to get.

[hexxdump]

Also, should the templates/NOTES.txt be modified to capture the recent changes?

[panyuenlau]

@Aisuko @hexxdump TBH, I am not familiar enough with the system to give a good explanation on why we need those permissions for the cluster role, I made the changes just based on the plain yaml manifests that we're currently using... reference: https://github.com/meshery/meshery-operator/blob/master/config/manifests/default.yaml#L273-L288

[leecalcote]

Good discussion. Given that the scope of these verbs is restricted to meshery.layer5.io resource groups, we shouldn't see any pushback from users given that the Meshery Operator should have full control over the lifecycle of its custom controllers.

[Aisuko]

Hi, @navendu-pottekkat, I remember the CI check was only triggered by the specific folder, right? Is that strategy keep working well? I saw there trigger so many CI includes UI, DOC, golangci-lint. please help us check the strategy if possible.

[s1ntaxe770r]

@navendu-pottekkat what's Meshery's health check path?

[piyushsingariya]

There is no specific health-check path but we can try hitting the version endpoint to get the surety that meshery is running properly.

[leecalcote]

A good item to create a new issue for follow up here.

[hexxdump]

Description

This PR fixes #4103

Notes for Reviewers The current PR only fixes the existing issues related to serviceAccount, clusterRole, and clsuterRoleBInding within the helm charts, I've tested the basic installations for each adapter but need some help on testing the other functionalities

Note: all the adapters should just use the service account meshery-server to have the permission to perform certain operations, but some of the adapters had their own service accounts created in the helm charts

Signed commits

• Yes, I signed my commits.

TODO: will be adding changes to the mesheryctl implementation to use the helm chart after making sure the charts are functioning properly

I feel, the mesheryctl changes(to move away from manifests) should be handled through a separate PR

[hexxdump]

@leecalcote, we do not have helm charts for meshery-nsm, meshery-tanzu-sm and meshery-app-mesh yet. Is there some limitation for these service meshes?

[panyuenlau]

@hexxdump I believe we do have the meshery-nsm helm chart: https://github.com/meshery/meshery/tree/master/install/kubernetes/helm/meshery/charts/meshery-nsm

But not the other two that you mentioned

[leecalcote]

Good question and answer. The other two adapters are alpha stage adapters, and so, charts haven't been created yet. We can go ahead and create those charts now, so long as we don't include their deployment by default.

[panyuenlau]

Description
This PR fixes #4103
Notes for Reviewers The current PR only fixes the existing issues related to serviceAccount, clusterRole, and clsuterRoleBInding within the helm charts, I've tested the basic installations for each adapter but need some help on testing the other functionalities

Note: all the adapters should just use the service account meshery-server to have the permission to perform certain operations, but some of the adapters had their own service accounts created in the helm charts

Signed commits

• Yes, I signed my commits.

TODO: will be adding changes to the mesheryctl implementation to use the helm chart after making sure the charts are functioning properly

I feel, the mesheryctl changes(to move away from manifests) should be handled through a separate PR

I agree, since separating the two into different PRs would help us identify potential issues more easily

[leecalcote]

@panyuenlau confirming: with this update, two service accounts will be created: meshery-server and meshery-operator?

[leecalcote]

Yikes!

[leecalcote]

Good discussion. Given that the scope of these verbs is restricted to meshery.layer5.io resource groups, we shouldn't see any pushback from users given that the Meshery Operator should have full control over the lifecycle of its custom controllers.

[leecalcote]

Unless I've missed something, this is a great step forward.

[panyuenlau]

@panyuenlau confirming: with this update, two service accounts will be created: meshery-server and meshery-operator?

@leecalcote correct, the meshery and all the adapters should share the meshery-server service account in order to use the UI to manage the corresponding service mesh; and meshery-operator service account is for the meshery-operator pod