Skip to content

⚠️ WIP: move to Helm config #2110

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 55 commits into
base: main
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
55 commits
Select commit Hold shift + click to select a range
a2c952c
WIP: first pass helm config
tmshort Jul 18, 2025
267dd3c
WIP: fixup labels
tmshort Jul 18, 2025
3f07abc
WIP: Fix typo
tmshort Jul 18, 2025
05e8729
WIP: insert CRDs from source
tmshort Jul 18, 2025
82c9345
WIP: pulling in CRDs as files
tmshort Jul 18, 2025
c7ca3db
WIP: Update manifests
tmshort Jul 18, 2025
989e7c5
WIP: clean trailing whitespace
tmshort Jul 18, 2025
b14859a
WIP: more parameterization
tmshort Jul 18, 2025
0449f66
WIP: Add podArguments and service.annotations
tmshort Jul 21, 2025
ef7b65d
WIP: Initial moving of generated files to helm
tmshort Jul 21, 2025
6993116
WIP: Patch base for helm use
tmshort Jul 21, 2025
74d91e2
WIP: some cleanup
tmshort Jul 21, 2025
2d62802
WIP: change featureSet definition
tmshort Jul 21, 2025
4933e74
WIP: layer helm values files
tmshort Jul 21, 2025
5915d76
WIP: patch script fixups
tmshort Jul 21, 2025
b937551
WIP: Add support for updating clusterRoles/Roles
tmshort Jul 22, 2025
bdfd233
WIP: add deployment layer
tmshort Jul 22, 2025
944b303
WIP: Fix value arrays, add pod env, update image
tmshort Jul 23, 2025
b1f89f6
WIP: Fix some indents
tmshort Jul 23, 2025
343905e
WIP: update default-deny-all policy
tmshort Jul 23, 2025
9f9118b
WIP: Add support for podLabels and priorityClassName
tmshort Jul 23, 2025
cf38082
WIP: Add podAnnotations
tmshort Jul 23, 2025
9352c06
WIP: arg fixes, certManager, opcon
tmshort Jul 23, 2025
2dffcbf
WIP: Add helm version check
tmshort Jul 24, 2025
b49bdfe
WIP: Add helm to bingo
tmshort Jul 24, 2025
8eac83b
Revert "WIP: Add helm version check"
tmshort Jul 24, 2025
2383c93
WIP: fix e2e: had to rename networkpolicy
tmshort Jul 24, 2025
ad74ad3
WIP: use 1.24.3 for bingo
tmshort Jul 24, 2025
3185502
WIP: tilt support
tmshort Jul 24, 2025
4c3f03f
WIP: add kustomize dependency to prometheus
tmshort Jul 24, 2025
0b897d7
Revert "WIP: fix e2e: had to rename networkpolicy"
tmshort Jul 24, 2025
f23dfb7
WIP: redo default network policy
tmshort Jul 24, 2025
ee8fd54
WIP: Fix prefix
tmshort Jul 24, 2025
a2feff7
WIP: Add webhook annotations config
tmshort Jul 24, 2025
3b47559
WIP: fix webhook annotations
tmshort Jul 24, 2025
1d14342
WIP: rename standard values file to cert-manager
tmshort Jul 25, 2025
8bc11b6
WIP: Remove helm labels
tmshort Jul 29, 2025
b807314
WIP: add rotationPolicy to certs
tmshort Jul 29, 2025
4b7376f
WIP: Remove generation of rbac and webhooks
tmshort Jul 29, 2025
53f4c56
WIP: pull rbac/webhooks back into templates
tmshort Jul 29, 2025
1513221
WIP: reduced cert-manifests values file
tmshort Jul 29, 2025
bf81a14
WIP: Consolidate deployments; add downstream ns labels, nodeSelector,…
tmshort Jul 29, 2025
59563c6
WIP: Get rid of blank lines in generated manifests
tmshort Jul 29, 2025
1a26dd0
WIP: update volumes to be consistent with downstream
tmshort Jul 29, 2025
d03b6e4
WIP: use a list of feature-gates
tmshort Jul 29, 2025
352acf6
WIP: Update common component name
tmshort Jul 30, 2025
a011338
WIP: remove control-plane label
tmshort Jul 30, 2025
5ef762c
WIP: Add webhook annotation
tmshort Jul 30, 2025
37062fe
WIP: fix control-plane label for deployments
tmshort Jul 30, 2025
353b351
WIP: Update values locations; add build of tilt
tmshort Jul 30, 2025
6352532
WIP: Add comment to tilt.yaml
tmshort Jul 31, 2025
dadb202
WIP: Add openshift resources
tmshort Jul 31, 2025
c002f11
WIP: Integrate openshift resources
tmshort Aug 1, 2025
48519d3
WIP: remove CRD patching
tmshort Aug 1, 2025
5ae6a52
WIP: Update manifests
tmshort Aug 1, 2025
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 6 additions & 0 deletions .bingo/Variables.mk
Original file line number Diff line number Diff line change
Expand Up @@ -53,6 +53,12 @@ $(GORELEASER): $(BINGO_DIR)/goreleaser.mod
@echo "(re)installing $(GOBIN)/goreleaser-v1.26.2"
@cd $(BINGO_DIR) && GOWORK=off $(GO) build -mod=mod -modfile=goreleaser.mod -o=$(GOBIN)/goreleaser-v1.26.2 "github.com/goreleaser/goreleaser"

HELM := $(GOBIN)/helm-v3.18.4
$(HELM): $(BINGO_DIR)/helm.mod
@# Install binary/ries using Go 1.14+ build command. This is using bwplotka/bingo-controlled, separate go module with pinned dependencies.
@echo "(re)installing $(GOBIN)/helm-v3.18.4"
@cd $(BINGO_DIR) && GOWORK=off $(GO) build -mod=mod -modfile=helm.mod -o=$(GOBIN)/helm-v3.18.4 "helm.sh/helm/v3/cmd/helm"

KIND := $(GOBIN)/kind-v0.29.0
$(KIND): $(BINGO_DIR)/kind.mod
@# Install binary/ries using Go 1.14+ build command. This is using bwplotka/bingo-controlled, separate go module with pinned dependencies.
Expand Down
5 changes: 5 additions & 0 deletions .bingo/helm.mod
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
module _ // Auto generated by https://github.com/bwplotka/bingo. DO NOT EDIT

go 1.24.3

require helm.sh/helm/v3 v3.18.4 // cmd/helm
303 changes: 303 additions & 0 deletions .bingo/helm.sum

Large diffs are not rendered by default.

2 changes: 2 additions & 0 deletions .bingo/variables.env
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,8 @@ GOLANGCI_LINT="${GOBIN}/golangci-lint-v2.1.6"

GORELEASER="${GOBIN}/goreleaser-v1.26.2"

HELM="${GOBIN}/helm-v3.18.4"

KIND="${GOBIN}/kind-v0.29.0"

KUSTOMIZE="${GOBIN}/kustomize-v5.6.0"
Expand Down
2 changes: 1 addition & 1 deletion .tilt-support
Original file line number Diff line number Diff line change
Expand Up @@ -150,4 +150,4 @@ def deploy_repo(data, tags="", debug=True):
local_port = repo['starting_debug_port']
build_binary(reponame, repo['binary'], repo['deps'], repo['image'], tags, debug)
k8s_resource(repo['deployment'], port_forwards=['{}:30000'.format(local_port)])
process_yaml(kustomize(data['yaml']))
process_yaml(helm('helm/olmv1', name="olmv1", values=[data['yaml']]))
29 changes: 10 additions & 19 deletions Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -141,30 +141,21 @@ tidy:
go mod tidy

.PHONY: manifests
KUSTOMIZE_CATD_RBAC_DIR := config/base/catalogd/rbac
KUSTOMIZE_CATD_WEBHOOKS_DIR := config/base/catalogd/webhook
KUSTOMIZE_OPCON_RBAC_DIR := config/base/operator-controller/rbac
KUSTOMIZE_CATD_RBAC_DIR := helm/olmv1/base/catalogd/rbac
KUSTOMIZE_CATD_WEBHOOKS_DIR := helm/olmv1/base/catalogd/webhook
KUSTOMIZE_OPCON_RBAC_DIR := helm/olmv1/base/operator-controller/rbac
# Due to https://github.com/kubernetes-sigs/controller-tools/issues/837 we can't specify individual files
# So we have to generate them together and then move them into place
manifests: $(CONTROLLER_GEN) $(KUSTOMIZE) #EXHELP Generate WebhookConfiguration, ClusterRole, and CustomResourceDefinition objects.
manifests: $(CONTROLLER_GEN) $(HELM) #EXHELP Generate WebhookConfiguration, ClusterRole, and CustomResourceDefinition objects.
# Generate CRDs via our own generator
hack/tools/update-crds.sh
# Generate the remaining operator-controller standard manifests
$(CONTROLLER_GEN) --load-build-tags=$(GO_BUILD_TAGS),standard rbac:roleName=manager-role paths="./internal/operator-controller/..." output:rbac:artifacts:config=$(KUSTOMIZE_OPCON_RBAC_DIR)/standard
# Generate the remaining operator-controller experimental manifests
$(CONTROLLER_GEN) --load-build-tags=$(GO_BUILD_TAGS) rbac:roleName=manager-role paths="./internal/operator-controller/..." output:rbac:artifacts:config=$(KUSTOMIZE_OPCON_RBAC_DIR)/experimental
# Generate the remaining catalogd standard manifests
$(CONTROLLER_GEN) --load-build-tags=$(GO_BUILD_TAGS),standard rbac:roleName=manager-role paths="./internal/catalogd/..." output:rbac:artifacts:config=$(KUSTOMIZE_CATD_RBAC_DIR)/standard
$(CONTROLLER_GEN) --load-build-tags=$(GO_BUILD_TAGS),standard webhook paths="./internal/catalogd/..." output:webhook:artifacts:config=$(KUSTOMIZE_CATD_WEBHOOKS_DIR)/standard
# Generate the remaining catalogd experimental manifests
$(CONTROLLER_GEN) --load-build-tags=$(GO_BUILD_TAGS) rbac:roleName=manager-role paths="./internal/catalogd/..." output:rbac:artifacts:config=$(KUSTOMIZE_CATD_RBAC_DIR)/experimental
$(CONTROLLER_GEN) --load-build-tags=$(GO_BUILD_TAGS) webhook paths="./internal/catalogd/..." output:webhook:artifacts:config=$(KUSTOMIZE_CATD_WEBHOOKS_DIR)/experimental
# Generate manifests stored in source-control
mkdir -p $(MANIFEST_HOME)
$(KUSTOMIZE) build $(KUSTOMIZE_STANDARD_OVERLAY) > $(STANDARD_MANIFEST)
$(KUSTOMIZE) build $(KUSTOMIZE_STANDARD_E2E_OVERLAY) > $(STANDARD_E2E_MANIFEST)
$(KUSTOMIZE) build $(KUSTOMIZE_EXPERIMENTAL_OVERLAY) > $(EXPERIMENTAL_MANIFEST)
$(KUSTOMIZE) build $(KUSTOMIZE_EXPERIMENTAL_E2E_OVERLAY) > $(EXPERIMENTAL_E2E_MANIFEST)
$(HELM) template olmv1 helm/olmv1 --values helm/cert-manager.yaml > $(STANDARD_MANIFEST)
$(HELM) template olmv1 helm/olmv1 --values helm/cert-manager.yaml --values helm/e2e.yaml > $(STANDARD_E2E_MANIFEST)
$(HELM) template olmv1 helm/olmv1 --values helm/cert-manager.yaml --values helm/experimental.yaml > $(EXPERIMENTAL_MANIFEST)
$(HELM) template olmv1 helm/olmv1 --values helm/cert-manager.yaml --values helm/experimental.yaml --values helm/e2e.yaml > $(EXPERIMENTAL_E2E_MANIFEST)
$(HELM) template olmv1 helm/olmv1 --values helm/tilt.yaml > /dev/null

.PHONY: generate
generate: $(CONTROLLER_GEN) #EXHELP Generate code containing DeepCopy, DeepCopyInto, and DeepCopyObject method implementations.
Expand Down Expand Up @@ -284,7 +275,7 @@ test-experimental-e2e: run image-registry prometheus experimental-e2e e2e e2e-me
.PHONY: prometheus
prometheus: PROMETHEUS_NAMESPACE := olmv1-system
prometheus: PROMETHEUS_VERSION := v0.83.0
prometheus: #EXHELP Deploy Prometheus into specified namespace
prometheus: $(KUSTOMIZE) #EXHELP Deploy Prometheus into specified namespace
./hack/test/install-prometheus.sh $(PROMETHEUS_NAMESPACE) $(PROMETHEUS_VERSION) $(KUSTOMIZE) $(VERSION)

# The output alerts.out file contains any alerts, pending or firing, collected during a test run in json format.
Expand Down
2 changes: 1 addition & 1 deletion Tiltfile
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ olmv1 = {
'starting_debug_port': 30000,
},
},
'yaml': 'config/overlays/tilt-local-dev',
'yaml': 'helm/tilt.yaml',
}

deploy_repo(olmv1, '-tags containers_image_openpgp')
8 changes: 4 additions & 4 deletions docs/draft/api-reference/network-policies.md
Original file line number Diff line number Diff line change
Expand Up @@ -19,8 +19,8 @@ NetworkPolicy is implemented for both catalogd and operator-controller component

Each component has a dedicated NetworkPolicy that applies to its respective pod through label selectors:

* For catalogd: `control-plane=catalogd-controller-manager`
* For operator-controller: `control-plane=operator-controller-controller-manager`
* For catalogd: `app.kubernetes.io/name=catalogd`
* For operator-controller: `app.kubernetes.io/name=operator-controller`

### Catalogd NetworkPolicy

Expand Down Expand Up @@ -78,10 +78,10 @@ If you encounter network connectivity issues after deploying OLMv1, consider the

```bash
# Verify catalogd pod labels
kubectl get pods -n olmv1-system --selector=control-plane=catalogd-controller-manager
kubectl get pods -n olmv1-system --selector=apps.kubernetes.io/name=catalogd

# Verify operator-controller pod labels
kubectl get pods -n olmv1-system --selector=control-plane=operator-controller-controller-manager
kubectl get pods -n olmv1-system --selector=apps.kubernetes.io/name=operator-controller

# Compare with actual pod names
kubectl get pods -n olmv1-system | grep -E 'catalogd|operator-controller'
Expand Down
8 changes: 4 additions & 4 deletions docs/draft/howto/consuming-metrics.md
Original file line number Diff line number Diff line change
Expand Up @@ -226,7 +226,7 @@ apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
labels:
control-plane: operator-controller-controller-manager
apps.kubernetes.io/name: operator-controller
name: controller-manager-metrics-monitor
namespace: olmv1-system
spec:
Expand All @@ -251,7 +251,7 @@ spec:
key: tls.key
selector:
matchLabels:
control-plane: operator-controller-controller-manager
apps.kubernetes.io/name: operator-controller
EOF
```

Expand All @@ -268,7 +268,7 @@ apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
labels:
control-plane: catalogd-controller-manager
apps.kubernetes.io/name: catalogd
name: catalogd-metrics-monitor
namespace: olmv1-system
spec:
Expand Down Expand Up @@ -298,4 +298,4 @@ EOF
```

[prometheus-operator]: https://github.com/prometheus-operator/kube-prometheus
[rbac-k8s-docs]: https://kubernetes.io/docs/reference/access-authn-authz/rbac/
[rbac-k8s-docs]: https://kubernetes.io/docs/reference/access-authn-authz/rbac/
2 changes: 1 addition & 1 deletion docs/draft/howto/enable-helm-chart-support.md
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ To enable the Helm Chart support feature gate, you need to patch the `operator-c
2. **Wait for the controller manager pods to be ready:**

```bash
$ kubectl -n olmv1-system wait --for condition=ready pods -l control-plane=operator-controller-controller-manager
$ kubectl -n olmv1-system wait --for condition=ready pods -l apps.kubernetes.io/name=operator-controller
```

Once the above wait condition is met, the `HelmChartSupport` feature gate should be enabled in operator controller.
Expand Down
10 changes: 5 additions & 5 deletions docs/draft/howto/profiling_with_pprof.md
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ The following steps are examples to demonstrate the required changes to enable P
1. Run the following command to patch the Deployment and add the `--pprof-bind-address=:8082` flag:

```shell
kubectl patch deployment $(kubectl get deployments -n olmv1-system -l control-plane=operator-controller-controller-manager -o jsonpath='{.items[0].metadata.name}') \
kubectl patch deployment $(kubectl get deployments -n olmv1-system -l apps.kubernetes.io/name=operator-controller -o jsonpath='{.items[0].metadata.name}') \
-n olmv1-system --type='json' -p='[
{
"op": "add",
Expand Down Expand Up @@ -127,7 +127,7 @@ go tool pprof -http=:8080 ./operator-controller-profile.pprof
1. Run the following command to patch the Deployment and add the `--pprof-bind-address=:8083` flag:

```shell
kubectl patch deployment $(kubectl get deployments -n olmv1-system -l control-plane=catalogd-controller-manager -o jsonpath='{.items[0].metadata.name}') \
kubectl patch deployment $(kubectl get deployments -n olmv1-system -l apps.kubernetes.io/name=catalogd -o jsonpath='{.items[0].metadata.name}') \
-n olmv1-system --type='json' -p='[
{
"op": "add",
Expand Down Expand Up @@ -235,7 +235,7 @@ go tool pprof -http=:8080 ./catalogd-profile.pprof
1. Run the following command to bind to `--pprof-bind-address` the value `0` in order to disable the endpoint.

```shell
kubectl patch deployment $(kubectl get deployments -n olmv1-system -l control-plane=operator-controller-controller-manager -o jsonpath='{.items[0].metadata.name}') \
kubectl patch deployment $(kubectl get deployments -n olmv1-system -l apps.kubernetes.io/name=operator-controller -o jsonpath='{.items[0].metadata.name}') \
-n olmv1-system --type='json' -p='[
{
"op": "replace",
Expand Down Expand Up @@ -266,7 +266,7 @@ kubectl delete pod curl-oper-con-pprof -n olmv1-system

1. Run the following command to bind to `--pprof-bind-address` the value `0` in order to disable the endpoint.
```shell
kubectl patch deployment $(kubectl get deployments -n olmv1-system -l control-plane=catalogd-controller-manager -o jsonpath='{.items[0].metadata.name}') \
kubectl patch deployment $(kubectl get deployments -n olmv1-system -l apps.kubernetes.io/name=catalogd -o jsonpath='{.items[0].metadata.name}') \
-n olmv1-system --type='json' -p='[
{
"op": "replace",
Expand Down Expand Up @@ -294,4 +294,4 @@ re-start the deployment `kubectl rollout restart deployment -n olmv1-system cata
kubectl delete pod curl-catalogd-pprof -n olmv1-system
```

[pprof]: https://github.com/google/pprof/blob/main/doc/README.md
[pprof]: https://github.com/google/pprof/blob/main/doc/README.md
2 changes: 1 addition & 1 deletion hack/tools/update-crds.sh
Original file line number Diff line number Diff line change
Expand Up @@ -42,7 +42,7 @@ for b in ${!modules[@]}; do
# will not be generated for the standard channel - so we check the expected generated
# file exists before copying it.
FILE="${CRD_TMP}/${c}/${crds[${b}]}"
[[ -e "${FILE}" ]] && cp "${FILE}" config/base/${modules[${b}]}/crd/${c}
[[ -e "${FILE}" ]] && cp "${FILE}" helm/olmv1/base/${modules[${b}]}/crd/${c}
done
done

Expand Down
8 changes: 8 additions & 0 deletions helm/cert-manager.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
# Default values for OLMv1.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.

# List of components to include
options:
certManager:
enabled: true
8 changes: 8 additions & 0 deletions helm/e2e.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
# e2e values for OLMv1.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.

# List of components to include
options:
e2e:
enabled: true
22 changes: 22 additions & 0 deletions helm/experimental.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
# experimental values for OLMv1.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.

# List of enabled experimental features for operator-controller
# Use with {{- if has "FeatureGate" .Value.operatorControllerFeatures }}
# to pull in resources or additions
operatorControllerFeatures:
- WebhookProviderCertManager
- SingleOwnNamespaceInstallSupport
- PreflightPermissions
- HelmChartSupport

# List of enabled experimental features for catalogd
# Use with {{- if has "FeatureGate" .Value.catalogdFeatures }}
# to pull in resources or additions
catalogdFeatures:
- APIV1MetasHandler

# This can be one of: standard or experimental
options:
featureSet: experimental
23 changes: 23 additions & 0 deletions helm/olmv1/.helmignore
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*.orig
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/
24 changes: 24 additions & 0 deletions helm/olmv1/Chart.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
apiVersion: v2
name: olmv1
description: A Helm chart for OLMv1

# A chart can be either an 'application' or a 'library' chart.
#
# Application charts are a collection of templates that can be packaged into versioned archives
# to be deployed.
#
# Library charts provide useful utilities or functions for the chart developer. They're included as
# a dependency of application charts to inject those utilities and functions into the rendering
# pipeline. Library charts do not define any templates and therefore cannot be deployed.
type: application

# This is the chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version.
# Versions are expected to follow Semantic Versioning (https://semver.org/)
version: 0.1.0

# This is the version number of the application being deployed. This version number should be
# incremented each time you make changes to the application. Versions are not expected to
# follow Semantic Versioning. They should reflect the version the application is using.
# It is recommended to use it with quotes.
appVersion: "1.3.0"
Loading
Loading