generate a helm chart for hypershift

Signed-off-by: Gerd Oberlechner <goberlec@redhat.com>

hypershiftoperator/Makefile

@@ -10,64 +10,35 @@ AZURE_TENANT_ID ?= $(shell az account show --query tenantId --output tsv)
 AZURE_SUBSCRIPTION_ID ?= $(shell az account show --query id --output tsv)
 
 HO_IMAGE ?= ${ARO_HCP_IMAGE_ACR}.azurecr.io/acm-d/rhtap-hypershift-operator:99a256f
-EDO_IMAGE ?= ${ARO_HCP_IMAGE_ACR}.azurecr.io/external-dns/external-dns:v0.14.2
-
-create-edo-azure-creds:
-	@echo '{' > deploy/overlays/dev/edo-azure-credentials.json
-	@echo '  "tenantId": "${AZURE_TENANT_ID}",' >> deploy/overlays/dev/edo-azure-credentials.json
-	@echo '  "subscriptionId": "${AZURE_SUBSCRIPTION_ID}",' >> deploy/overlays/dev/edo-azure-credentials.json
-	@echo '  "resourceGroup": "${REGIONAL_RESOURCEGROUP}",' >> deploy/overlays/dev/edo-azure-credentials.json
-	@echo '  "useWorkloadIdentityExtension": true,' >> deploy/overlays/dev/edo-azure-credentials.json
-	@echo '  "userAssignedIdentityID": "${EXTERNAL_DNS_OPERATOR_MI_CLIENT_ID}"' >> deploy/overlays/dev/edo-azure-credentials.json
-	@echo '}' >> deploy/overlays/dev/edo-azure-credentials.json
-
-create-edo-sa-patch:
-	@echo '[{"op": "add", "path": "/metadata/annotations/azure.workload.identity~1client-id", "value": "${EXTERNAL_DNS_OPERATOR_MI_CLIENT_ID}"}]' > deploy/overlays/dev/patch-serviceaccount-external-dns.json
-
-create-domain-file:
-	@echo "${ZONE_NAME}" > deploy/overlays/dev/domain.txt
-
-create-txt-owner-id-file:
-	@echo "${RESOURCEGROUP}" > deploy/overlays/dev/txt_owner_id.txt
-
-deploy: create-edo-azure-creds create-edo-sa-patch create-domain-file create-txt-owner-id-file
-	kubectl apply --server-side --force-conflicts -k deploy/crds
-	kubectl apply --server-side --force-conflicts -k deploy/overlays/dev
+ED_IMAGE ?= ${ARO_HCP_IMAGE_ACR}.azurecr.io/external-dns/external-dns:v0.14.2
+HO_CHART_DIR = deploy/helm/charts/hypershift-operator
 
 # run this task whenever HO_IMAGE or EDO_IMAGE is updated
 # commit the changes to deploy/base to the repo since we don't have podman or docker in CI
-prepare-ho-manifests:
-	@curl -sfLo - "https://github.com/patrickdappollonio/kubectl-slice/releases/download/v1.3.1/kubectl-slice_${shell uname -s | tr '[:upper:]' '[:lower:]'}_${shell uname -m}.tar.gz" | tar xzf - kubectl-slice
-	@rm deploy/base/*
-	curl https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/main/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml -o deploy/base/customresourcedefinition-monitoring.coreos.com_servicemonitors.yaml
-	curl https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/main/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml -o deploy/base/customresourcedefinition-monitoring.coreos.com_prometheusrules.yaml
-	curl https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/main/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml -o deploy/base/customresourcedefinition-monitoring.coreos.com_podmonitors.yaml
-	curl https://raw.githubusercontent.com/openshift/api/master/route/v1/zz_generated.crd-manifests/routes-Default.crd.yaml -o deploy/base/customresourcedefinition-routes-default.crd.yaml
-	# Currently the hypershift install render command prints an error out to stdout if there is no available kubeconfig
-	# TODO: Get a fix into the hypershift install render command so we don't have to do this
-	@podman run -it --rm ${HO_IMAGE} install render \
-		--hypershift-image ${HO_IMAGE} \
+build-helm-chart:
+	@rm -rf ${HO_CHART_DIR}
+	@mkdir -p ${HO_CHART_DIR}/crds
+	@curl https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/main/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml -o ${HO_CHART_DIR}/crds/customresourcedefinition-monitoring.coreos.com_servicemonitors.yaml
+	@curl https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/main/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml -o ${HO_CHART_DIR}/crds/customresourcedefinition-monitoring.coreos.com_prometheusrules.yaml
+	@curl https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/main/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml -o ${HO_CHART_DIR}/crds/customresourcedefinition-monitoring.coreos.com_podmonitors.yaml
+	@curl https://raw.githubusercontent.com/openshift/api/master/route/v1/zz_generated.crd-manifests/routes-Default.crd.yaml -o ${HO_CHART_DIR}/crds/customresourcedefinition-routes-default.crd.yaml
+	@podman run -it --rm ${HO_IMAGE} install helm \
 		--enable-conversion-webhook=false \
-		--external-dns-provider azure \
-		--external-dns-secret external-dns-azure \
-		--external-dns-domain-filter \$$\(DOMAIN\) \
-		--external-dns-image ${EDO_IMAGE} \
-		--external-dns-txt-owner-id \$$\(TXT_OWNER_ID\) \
 		--managed-service ARO-HCP \
-		| tail -n +2 \
-		| ./kubectl-slice -f - -o deploy/base
-	@rm deploy/crds/*
-	@mkdir -p deploy/crds
-	@mv deploy/base/customresourcedefinition*.yaml deploy/crds
-
-	@echo "apiVersion: kustomize.config.k8s.io/v1beta1" > deploy/crds/kustomization.yml
-	@echo "kind: Kustomization" >> deploy/crds/kustomization.yml
-	@echo "resources:" >> deploy/crds/kustomization.yml
-	@find deploy/crds -type f -name "customresourcedefinition*.yaml" ! -name "kustomization.yml" | sed 's/^deploy\/crds\//  - /' >> deploy/crds/kustomization.yml
-
-	@echo "apiVersion: kustomize.config.k8s.io/v1beta1" > deploy/base/kustomization.yml
-	@echo "kind: Kustomization" >> deploy/base/kustomization.yml
-	@echo "resources:" >> deploy/base/kustomization.yml
-	@find deploy/base -type f -name "*.yaml" ! -name "kustomization.yml" | sed 's/^deploy\/base\//  - /' >> deploy/base/kustomization.yml
-
-.PHONY: create-edo-azure-creds create-edo-sa-patch create-domain-file create-txt-owner-id-file deploy unpack-ho-manifests
+		--pull-secret pull-secret.json \
+		--output-dir=${HO_CHART_DIR}
+
+deploy:
+	helm upgrade --install maestro-server deploy/helm/server \
+		--namespace hypershift \
+		--set hypershift-operator.image=${HO_IMAGE} \
+		--set hypershift-operator.registryOverrides=quay.io/openshift-release-dev/ocp-v4.0-art-dev=${ARO_HCP_IMAGE_ACR}.azurecr.io/openshift/release,quay.io/openshift-release-dev/ocp-release=${ARO_HCP_IMAGE_ACR}.azurecr.io/openshift/release-images,${ARO_HCP_IMAGE_ACR}.redhat.io/redhat=arohcpdev.azurecr.io/redhat \
+		--set exgernal-dns.image=${ED_IMAGE} \
+		--set exgernal-dns.txtOwnerId=${RESOURCEGROUP} \
+		--set exgernal-dns.domain=${ZONE_NAME} \
+		--set exgernal-dns.credentials.tenantId=${AZURE_TENANT_ID} \
+		--set exgernal-dns.credentials.subscriptionId=${AZURE_SUBSCRIPTION_ID} \
+		--set exgernal-dns.credentials.resourceGroup=${REGIONAL_RESOURCEGROUP} \
+		--set exgernal-dns.credentials.userAssignedIdentityID=${EXTERNAL_DNS_OPERATOR_MI_CLIENT_ID}
+
+.PHONY: build-helm-chart create-edo-azure-creds create-edo-sa-patch create-domain-file create-txt-owner-id-file deploy unpack-ho-manifests

hypershiftoperator/README.md

@@ -1,3 +1,3 @@
 # HyperShift Operator
 
-To promote HyperShift Operator, increment the `HO_IMAGE` variable in the Makefile, then run `make prepare-ho-manifests` to generate the corresponding manifests for that image.
+To promote HyperShift Operator, increment the `HO_IMAGE` variable in the Makefile, then run `make build-helm-chart` to generate the corresponding manifests for that image.

hypershiftoperator/deploy/helm/Chart.yaml

@@ -0,0 +1,5 @@
+apiVersion: v2
+description: A Helm chart to install the Hypershift Operator and deps for ARO
+name: aor-hcp-hypershift-operator
+type: application
+version: 0.1.0

hypershiftoperator/deploy/helm/charts/exgernal-dns/Chart.yaml

@@ -0,0 +1,5 @@
+apiVersion: v2
+description: A Helm chart for External DNS
+name: external-dns
+type: application
+version: 0.14.2

hypershiftoperator/deploy/base/deployment-external-dns.yaml → hypershiftoperator/deploy/helm/charts/exgernal-dns/templates/deployment-external-dns.yaml

@@ -3,7 +3,7 @@ kind: Deployment
 metadata:
   creationTimestamp: null
   name: external-dns
-  namespace: hypershift
+  namespace: '{{ .Release.Namespace }}'
 spec:
   replicas: 1
   selector:
@@ -17,23 +17,24 @@ spec:
         app: external-dns
         hypershift.openshift.io/operator-component: external-dns
         name: external-dns
+        azure.workload.identity/use: true
     spec:
       containers:
       - args:
         - --source=service
         - --source=openshift-route
-        - --domain-filter=$(DOMAIN)
+        - --domain-filter={{ .Values.domain }}
         - --provider=azure
         - --registry=txt
         - --txt-suffix=-external-dns
-        - --txt-owner-id=$(TXT_OWNER_ID)
+        - --txt-owner-id={{ .Values.txtOwnerId }}
         - --label-filter=hypershift.openshift.io/route-visibility!=private
         - --interval=1m
         - --txt-cache-interval=1h
         - --azure-config-file=/etc/provider/credentials
         command:
-        - /external-dns
-        image: arohcpdev.azurecr.io/external-dns/external-dns:v0.14.2
+        - /ko-app/external-dns
+        image: {{ .Values.image }}
         imagePullPolicy: IfNotPresent
         livenessProbe:
           failureThreshold: 5
@@ -59,12 +60,10 @@ spec:
         volumeMounts:
         - mountPath: /etc/provider
           name: credentials
-      imagePullSecrets:
-      - name: pull-secret
       priorityClassName: hypershift-operator
       serviceAccountName: external-dns
       volumes:
       - name: credentials
         secret:
           secretName: external-dns-azure
-status: {}
+status: {}

hypershiftoperator/deploy/base/podmonitor-external-dns.yaml → hypershiftoperator/deploy/helm/charts/exgernal-dns/templates/podmonitor-external-dns.yaml

@@ -3,7 +3,7 @@ kind: PodMonitor
 metadata:
   creationTimestamp: null
   name: external-dns
-  namespace: hypershift
+  namespace: '{{ .Release.Namespace }}'
 spec:
   jobLabel: component
   namespaceSelector: {}
@@ -14,4 +14,4 @@ spec:
     port: metrics
   selector:
     matchLabels:
-      name: external-dns
+      name: external-dns

hypershiftoperator/deploy/helm/charts/exgernal-dns/templates/secret-external-dns-azure.yaml

@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: external-dns-azure
+  namespace: '{{ .Release.Namespace }}'
+type: Opaque
+stringData:
+  credentials: |
+    {
+      "tenantId": "{{ .Values.credentials.tenantId }}",
+      "subscriptionId": "{{ .Values.credentials.subscriptionId }}",
+      "resourceGroup": "{{ .Values.credentials.resourceGroup }}",
+      "useWorkloadIdentityExtension": true,
+      "userAssignedIdentityID": "{{ .Values.credentials.userAssignedIdentityID }}"
+    }

hypershiftoperator/deploy/helm/charts/exgernal-dns/templates/serviceaccount-external-dns.yaml

@@ -0,0 +1,8 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  creationTimestamp: null
+  name: external-dns
+  namespace: '{{ .Release.Namespace }}'
+  annotations:
+    azure.workload.identity~1client-id: '{{ .Values.credentials.userAssignedIdentityID }}'

hypershiftoperator/deploy/helm/charts/exgernal-dns/values.yaml

@@ -0,0 +1,8 @@
+image: ""
+txtOwnerId: ""
+domain: ""
+credentials:
+  tenantId: ""
+  subscriptionId: ""
+  resourceGroup: ""
+  userAssignedIdentityID: ""

hypershiftoperator/deploy/helm/charts/hypershift-operator/Chart.yaml

@@ -0,0 +1,6 @@
+apiVersion: v2
+appVersion: faaf4d1f01b8b22dc23e58e2269701030dacd197
+description: A Helm chart for the HyperShift Operator
+name: hypershift-operator
+type: application
+version: 0.1.0