Add helm chart

Signed-off-by: Xiaodong Ye <yeahdongcn@gmail.com>

Makefile

@@ -4,6 +4,7 @@ ifeq ($(shell uname),Darwin)
 else
 	SED := sed
 endif
+HELM ?= helm
 
 # VERSION defines the project version for the bundle.
 # Update this value when you upgrade the version of your project.
@@ -182,6 +183,11 @@ deploy-dry-run: manifests kustomize ## Dry run deploy (generate YAML file instea
 	cd config/manager && $(KUSTOMIZE) edit set image controller=${IMG}
 	$(KUSTOMIZE) build config/default --output deploy/manifests.yaml
 
+.PHONY: helm
+helm: deploy-dry-run kustohelmize
+	$(KUSTOHELMIZE) create --from=deploy/manifests.yaml deploy/chart/openloft
+	$(HELM) lint deploy/chart/openloft
+
 .PHONY: undeploy
 undeploy: ## Undeploy controller from the K8s cluster specified in ~/.kube/config. Call with ignore-not-found=true to ignore resource not found errors during deletion.
 	$(KUSTOMIZE) build config/default | kubectl delete --ignore-not-found=$(ignore-not-found) -f -
@@ -197,6 +203,8 @@ $(LOCALBIN):
 KUSTOMIZE ?= $(LOCALBIN)/kustomize
 CONTROLLER_GEN ?= $(LOCALBIN)/controller-gen
 ENVTEST ?= $(LOCALBIN)/setup-envtest
+KUBERNETES-SPLIT-YAML ?= $(LOCALBIN)/kubernetes-split-yaml
+KUSTOHELMIZE ?= $(LOCALBIN)/kustohelmize
 
 ## Tool Versions
 KUSTOMIZE_VERSION ?= v3.8.7
@@ -223,6 +231,16 @@ envtest: $(ENVTEST) ## Download envtest-setup locally if necessary.
 $(ENVTEST): $(LOCALBIN)
 	test -s $(LOCALBIN)/setup-envtest || GOBIN=$(LOCALBIN) go install sigs.k8s.io/controller-runtime/tools/setup-envtest@latest
 
+.PHONY: kubernetes-split-yaml
+kubernetes-split-yaml: $(KUBERNETES-SPLIT-YAML) ## Download kubernetes-split-yaml locally if necessary.
+$(KUBERNETES-SPLIT-YAML): $(LOCALBIN)
+	test -s $(LOCALBIN)/kubernetes-split-yaml || GOBIN=$(LOCALBIN) go install github.com/yeahdongcn/kubernetes-split-yaml@latest
+
+.PHONY: kustohelmize
+kustohelmize: $(KUSTOHELMIZE) ## Download kustohelmize locally if necessary.
+$(KUSTOHELMIZE): $(LOCALBIN)
+	test -s $(LOCALBIN)/kustohelmize || GOBIN=$(LOCALBIN) go install github.com/yeahdongcn/kustohelmize@latest
+
 .PHONY: operator-sdk
 OPERATOR_SDK ?= $(LOCALBIN)/operator-sdk
 operator-sdk: ## Download operator-sdk locally if necessary.

deploy/chart/openloft-generated/clusterdomains.storage.openloft.cn-crd.yaml

@@ -0,0 +1,50 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.11.1
+  creationTimestamp: null
+  name: clusterdomains.storage.openloft.cn
+spec:
+  group: storage.openloft.cn
+  names:
+    kind: ClusterDomain
+    listKind: ClusterDomainList
+    plural: clusterdomains
+    singular: clusterdomain
+  scope: Cluster
+  versions:
+  - additionalPrinterColumns:
+    - jsonPath: .metadata.creationTimestamp
+      name: Age
+      type: date
+    - jsonPath: .spec.domain
+      name: Domain
+      type: string
+    name: v1
+    schema:
+      openAPIV3Schema:
+        description: ClusterDomain is the Schema for the clusterdomains API
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: ClusterDomainSpec defines the desired state of ClusterDomain
+            properties:
+              domain:
+                type: string
+            type: object
+          status:
+            description: ClusterDomainStatus defines the observed state of ClusterDomain
+            type: object
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}

deploy/chart/openloft-generated/openloft-controller-manager-deployment.yaml

@@ -0,0 +1,101 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app.kubernetes.io/component: manager
+    app.kubernetes.io/created-by: openloft
+    app.kubernetes.io/instance: controller-manager
+    app.kubernetes.io/managed-by: kustomize
+    app.kubernetes.io/name: deployment
+    app.kubernetes.io/part-of: openloft
+    control-plane: controller-manager
+  name: openloft-controller-manager
+  namespace: openloft-system
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      control-plane: controller-manager
+  template:
+    metadata:
+      annotations:
+        kubectl.kubernetes.io/default-container: manager
+      labels:
+        control-plane: controller-manager
+    spec:
+      affinity:
+        nodeAffinity:
+          requiredDuringSchedulingIgnoredDuringExecution:
+            nodeSelectorTerms:
+            - matchExpressions:
+              - key: kubernetes.io/arch
+                operator: In
+                values:
+                - amd64
+                - arm64
+                - ppc64le
+                - s390x
+              - key: kubernetes.io/os
+                operator: In
+                values:
+                - linux
+      containers:
+      - args:
+        - --secure-listen-address=0.0.0.0:8443
+        - --upstream=http://127.0.0.1:8080/
+        - --logtostderr=true
+        - --v=0
+        image: gcr.io/kubebuilder/kube-rbac-proxy:v0.13.1
+        name: kube-rbac-proxy
+        ports:
+        - containerPort: 8443
+          name: https
+          protocol: TCP
+        resources:
+          limits:
+            cpu: 500m
+            memory: 128Mi
+          requests:
+            cpu: 5m
+            memory: 64Mi
+        securityContext:
+          allowPrivilegeEscalation: false
+          capabilities:
+            drop:
+            - ALL
+      - args:
+        - --health-probe-bind-address=:8081
+        - --metrics-bind-address=127.0.0.1:8080
+        - --leader-elect
+        command:
+        - /manager
+        image: ghcr.io/openloft/openloft:latest
+        livenessProbe:
+          httpGet:
+            path: /healthz
+            port: 8081
+          initialDelaySeconds: 15
+          periodSeconds: 20
+        name: manager
+        readinessProbe:
+          httpGet:
+            path: /readyz
+            port: 8081
+          initialDelaySeconds: 5
+          periodSeconds: 10
+        resources:
+          limits:
+            cpu: 500m
+            memory: 128Mi
+          requests:
+            cpu: 10m
+            memory: 64Mi
+        securityContext:
+          allowPrivilegeEscalation: false
+          capabilities:
+            drop:
+            - ALL
+      securityContext:
+        runAsNonRoot: true
+      serviceAccountName: openloft-controller-manager
+      terminationGracePeriodSeconds: 10

deploy/chart/openloft-generated/openloft-controller-manager-metrics-service-svc.yaml

@@ -0,0 +1,21 @@
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app.kubernetes.io/component: kube-rbac-proxy
+    app.kubernetes.io/created-by: openloft
+    app.kubernetes.io/instance: controller-manager-metrics-service
+    app.kubernetes.io/managed-by: kustomize
+    app.kubernetes.io/name: service
+    app.kubernetes.io/part-of: openloft
+    control-plane: controller-manager
+  name: openloft-controller-manager-metrics-service
+  namespace: openloft-system
+spec:
+  ports:
+  - name: https
+    port: 8443
+    protocol: TCP
+    targetPort: https
+  selector:
+    control-plane: controller-manager

deploy/chart/openloft-generated/openloft-controller-manager-sa.yaml

@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  labels:
+    app.kubernetes.io/component: rbac
+    app.kubernetes.io/created-by: openloft
+    app.kubernetes.io/instance: controller-manager
+    app.kubernetes.io/managed-by: kustomize
+    app.kubernetes.io/name: serviceaccount
+    app.kubernetes.io/part-of: openloft
+  name: openloft-controller-manager
+  namespace: openloft-system

deploy/chart/openloft-generated/openloft-leader-election-role-role.yaml

@@ -0,0 +1,44 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  labels:
+    app.kubernetes.io/component: rbac
+    app.kubernetes.io/created-by: openloft
+    app.kubernetes.io/instance: leader-election-role
+    app.kubernetes.io/managed-by: kustomize
+    app.kubernetes.io/name: role
+    app.kubernetes.io/part-of: openloft
+  name: openloft-leader-election-role
+  namespace: openloft-system
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - configmaps
+  verbs:
+  - get
+  - list
+  - watch
+  - create
+  - update
+  - patch
+  - delete
+- apiGroups:
+  - coordination.k8s.io
+  resources:
+  - leases
+  verbs:
+  - get
+  - list
+  - watch
+  - create
+  - update
+  - patch
+  - delete
+- apiGroups:
+  - ""
+  resources:
+  - events
+  verbs:
+  - create
+  - patch

deploy/chart/openloft-generated/openloft-leader-election-rolebinding-rb.yaml

@@ -0,0 +1,20 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  labels:
+    app.kubernetes.io/component: rbac
+    app.kubernetes.io/created-by: openloft
+    app.kubernetes.io/instance: leader-election-rolebinding
+    app.kubernetes.io/managed-by: kustomize
+    app.kubernetes.io/name: rolebinding
+    app.kubernetes.io/part-of: openloft
+  name: openloft-leader-election-rolebinding
+  namespace: openloft-system
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: openloft-leader-election-role
+subjects:
+- kind: ServiceAccount
+  name: openloft-controller-manager
+  namespace: openloft-system