From 91d7550cee70827cc7f11a5c09fa64f639fefa4b Mon Sep 17 00:00:00 2001 From: Christian Kruse Date: Tue, 20 Jan 2026 20:03:35 -0800 Subject: [PATCH 1/2] Use helm chart as source of install resources Adds the skupper helm chart to version control to be the primary source of Skupper controller installation resources. Replaces the skupper-deployment-generator scripts as the source of truth. Changes: - Breaking: Drops CRDs from skupper chart. - Adds new skupper-crds.yaml manifest release artifact - Adds skupper-crds helm chart - Updates skupper chart README with CRD installation instructions - Extends the skupper chart with templated values for user requested overrides: tolerations, affinity, resources, labels+annotations. - Update charts/README.md with quick start guide - Update kind-dev-cluster script to use helm install Signed-off-by: Christian Kruse --- .circleci/config.yml | 5 + .gitignore | 4 +- Makefile | 36 +- charts/README.md | 19 +- charts/skupper-crds/Chart.yaml | 9 + charts/skupper-crds/README.md | 47 +++ charts/skupper-crds/values.yaml | 2 + charts/skupper/Chart.yaml | 5 + charts/skupper/README.md | 58 ++-- charts/skupper/templates/NOTES.txt | 18 + charts/skupper/templates/_helper.tpl | 126 +++++++ charts/skupper/templates/configmap.yaml | 10 + charts/skupper/templates/deployment.yaml | 82 +++++ charts/skupper/templates/role.yaml | 157 +++++++++ charts/skupper/templates/rolebinding.yaml | 19 + charts/skupper/templates/serviceaccount.yaml | 8 + charts/skupper/values.yaml | 108 ++++++ config/hack/deploy/cluster/kustomization.yaml | 6 + config/hack/deploy/cluster/namespace.yaml | 4 + .../hack/deploy/namespace/kustomization.yaml | 4 + .../remove-helm-management-labels.yaml | 8 + ...e-helm-management-pod-template-labels.yaml | 6 + .../hack/helm/skupper-crds/kustomization.yaml | 10 + scripts/kind-dev-cluster | 62 +++- scripts/skupper-crds-chart-generator.sh | 39 +++ scripts/skupper-deployment-generator.sh | 326 +++--------------- scripts/skupper-helm-chart-generator.sh | 115 ------ 27 files changed, 844 insertions(+), 449 deletions(-) create mode 100644 charts/skupper-crds/Chart.yaml create mode 100644 charts/skupper-crds/README.md create mode 100644 charts/skupper-crds/values.yaml create mode 100644 charts/skupper/Chart.yaml create mode 100644 charts/skupper/templates/NOTES.txt create mode 100644 charts/skupper/templates/_helper.tpl create mode 100644 charts/skupper/templates/configmap.yaml create mode 100644 charts/skupper/templates/deployment.yaml create mode 100644 charts/skupper/templates/role.yaml create mode 100644 charts/skupper/templates/rolebinding.yaml create mode 100644 charts/skupper/templates/serviceaccount.yaml create mode 100644 charts/skupper/values.yaml create mode 100644 config/hack/deploy/cluster/kustomization.yaml create mode 100644 config/hack/deploy/cluster/namespace.yaml create mode 100644 config/hack/deploy/namespace/kustomization.yaml create mode 100644 config/hack/deploy/patches/remove-helm-management-labels.yaml create mode 100644 config/hack/deploy/patches/remove-helm-management-pod-template-labels.yaml create mode 100644 config/hack/helm/skupper-crds/kustomization.yaml create mode 100755 scripts/skupper-crds-chart-generator.sh delete mode 100755 scripts/skupper-helm-chart-generator.sh diff --git a/.circleci/config.yml b/.circleci/config.yml index ac64ccb50..0fbeb6fbd 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -268,6 +268,7 @@ jobs: - kubectl-install - oc-install - kind-install + - helm-install - attach_workspace: at: . - run: @@ -402,6 +403,8 @@ jobs: - run: make generate-network-observer - run: make generate-network-observer-httpbasic - run: make generate-network-observer-openshift + - run: make generate-skupper-crds + - run: make generate-skupper-crds-chart - run: mkdir skupper-setup - run: cp ./*.yaml skupper-setup - run: helm registry login -u ${QUAY_LOGIN} -p ${QUAY_PASSWORD} quay.io @@ -409,6 +412,8 @@ jobs: - run: helm push skupper-*.tgz oci://quay.io/skupper/helm - run: make pack-network-observer-helm-chart - run: helm push network-observer-*.tgz oci://quay.io/skupper/helm + - run: make pack-skupper-crds-helm-chart + - run: helm push skupper-crds-*.tgz oci://quay.io/skupper/helm - run: name: Verify skupper-setup Directory Contents command: | diff --git a/.gitignore b/.gitignore index e3adaedd4..b4367f58a 100644 --- a/.gitignore +++ b/.gitignore @@ -34,10 +34,10 @@ oci-archives/ skupper-cluster-scope.yaml skupper-namespace-scope.yaml skupper-network-observer*.yaml +skupper-crds.yaml +charts/skupper-crds/templates/ bundle.Dockerfile ./bundle/ -!charts/skupper/README.md -charts/skupper/ skupper-*.tgz artifacthub-repo.yml network-observer-*.tgz diff --git a/Makefile b/Makefile index 9100bf719..6f712ade0 100644 --- a/Makefile +++ b/Makefile @@ -157,16 +157,28 @@ generate-manifest: skupper generate-docs: generate-doc ./generate-doc ./doc/cli -generate-skupper-helm-chart: - ./scripts/skupper-helm-chart-generator.sh ${IMAGE_TAG} ${ROUTER_IMAGE_TAG} - generate-skupper-deployment-cluster-scoped: - ./scripts/skupper-deployment-generator.sh cluster ${IMAGE_TAG} ${ROUTER_IMAGE_TAG} false > skupper-cluster-scope.yaml + ./scripts/skupper-deployment-generator.sh cluster ${IMAGE_TAG} ${ROUTER_IMAGE_TAG} > skupper-cluster-scope.yaml generate-skupper-deployment-namespace-scoped: - ./scripts/skupper-deployment-generator.sh namespace ${IMAGE_TAG} ${ROUTER_IMAGE_TAG} false > skupper-namespace-scope.yaml - -pack-skupper-helm-chart: generate-skupper-helm-chart + ./scripts/skupper-deployment-generator.sh namespace ${IMAGE_TAG} ${ROUTER_IMAGE_TAG} > skupper-namespace-scope.yaml + +# vet skupper helm chart for release: makes sure buried chart attributes get updated with releases +vet-skupper-helm-chart: + @chart_router_tag=$$(grep -A10 '^skupperRouter:' charts/skupper/values.yaml | grep '^\s*tag:' | head -1 | cut -d: -f2 | tr -d ' "'); \ + if [ "$$chart_router_tag" != "$(ROUTER_IMAGE_TAG)" ]; then \ + echo "ERROR: ROUTER_IMAGE_TAG ($(ROUTER_IMAGE_TAG)) does not match skupperRouter.tag ($$chart_router_tag) in charts/skupper/values.yaml"; \ + exit 1; \ + fi; \ + if echo "$(IMAGE_TAG)" | grep -qE '^v?[0-9]+\.[0-9]+\.[0-9]+'; then \ + chart_app_version=$$(grep '^appVersion:' charts/skupper/Chart.yaml | cut -d: -f2 | tr -d ' "'); \ + if [ "$$chart_app_version" != "$(IMAGE_TAG)" ]; then \ + echo "ERROR: IMAGE_TAG ($(IMAGE_TAG)) does not match appVersion ($$chart_app_version) in charts/skupper/Chart.yaml"; \ + exit 1; \ + fi; \ + fi + +pack-skupper-helm-chart: vet-skupper-helm-chart helm package ./charts/skupper pack-network-observer-helm-chart: @@ -205,11 +217,21 @@ generate-network-observer-devel: --set extraArgs={"-cors-allow-all"} \ --set skipManagementLabels=true > skupper-network-observer-devel.yaml +generate-skupper-crds: + kubectl kustomize config/crd > skupper-crds.yaml + +generate-skupper-crds-chart: + ./scripts/skupper-crds-chart-generator.sh + +pack-skupper-crds-helm-chart: generate-skupper-crds-chart + helm package ./charts/skupper-crds + clean: rm -rf skupper controller kube-adaptor \ network-observer generate-doc \ cover.out oci-archives bundle bundle.Dockerfile \ skupper-*.tgz artifacthub-repo.yml \ network-observer-*.tgz skupper-*-scope.yaml \ + skupper-crds.yaml skupper-crds-*.tgz charts/skupper-crds/templates \ network-observer-operator \ must-gather.local.* diff --git a/charts/README.md b/charts/README.md index 84e5812e6..41f7b6cc4 100644 --- a/charts/README.md +++ b/charts/README.md @@ -1,10 +1,21 @@ ## Helm Charts in the Skupper Project -### Skupper chart +### Quick Start -[Instructions on how to deploy the Skupper chart](skupper/README.md) +```bash +# 1. Install CRDs (required) + helm install skupper-crds oci://quay.io/skupper/helm/skupper-crds +OR + kubectl apply -f https://github.com/skupperproject/skupper/releases/latest/download/skupper-crds.yaml -### Network-observer chart +# 2. Install Skupper controller +helm install skupper oci://quay.io/skupper/helm/skupper +``` -[Instructions on how to deploy the network-observer chart](network-observer/README.md) +### Charts +| Chart | Description | +|-------|-------------| +| [skupper-crds](skupper-crds/README.md) | Skupper Custom Resource Definitions (install first) | +| [skupper](skupper/README.md) | Skupper controller | +| [network-observer](network-observer/README.md) | Network observer for monitoring Skupper networks | diff --git a/charts/skupper-crds/Chart.yaml b/charts/skupper-crds/Chart.yaml new file mode 100644 index 000000000..dc7a4e2e8 --- /dev/null +++ b/charts/skupper-crds/Chart.yaml @@ -0,0 +1,9 @@ +apiVersion: v2 +name: skupper-crds +description: Skupper Custom Resource Definitions (CRDs) for Kubernetes +version: 2.2.0-dev +appVersion: v2-dev +type: application +home: https://skupper.io/ +sources: + - https://github.com/skupperproject/skupper diff --git a/charts/skupper-crds/README.md b/charts/skupper-crds/README.md new file mode 100644 index 000000000..f5cdc10a2 --- /dev/null +++ b/charts/skupper-crds/README.md @@ -0,0 +1,47 @@ +# Skupper CRDs Helm Chart + +This Helm chart installs Skupper Custom Resource Definitions (CRDs) for Kubernetes. + +## Overview + +The skupper-crds chart provides all CRDs required by Skupper. It is designed to be +installed separately from the main Skupper chart, allowing CRDs to persist across +Skupper upgrades and uninstalls. + +## Installation + +```bash +helm install skupper-crds oci://quay.io/skupper/helm/skupper-crds +``` + +## Uninstallation + +```bash +helm uninstall skupper-crds +``` + +**Note:** CRDs are annotated with `helm.sh/resource-policy: keep`, which means they +will NOT be deleted when the chart is uninstalled. This is intentional to prevent +accidental data loss. To remove CRDs, delete them manually: + +```bash +kubectl get crds -l app.kubernetes.io/name=skupper-crds -o name | xargs kubectl delete +``` + +## Important: Do Not Downgrade + +**Caution:** Do not downgrade this chart to a previous version. Downgrading CRDs can +remove fields from the schema that are in use by existing resources, potentially +causing data loss or unexpected behavior. Always ensure you are upgrading to the +same or a newer version of the skupper-crds chart. + +## Developer Notes + +The templates directory is generated and not versioned. The canonical source of CRD +definitions is `config/crd`. + +To regenerate the templates, run: + +```bash +make generate-skupper-crds-chart +``` diff --git a/charts/skupper-crds/values.yaml b/charts/skupper-crds/values.yaml new file mode 100644 index 000000000..9d50856a8 --- /dev/null +++ b/charts/skupper-crds/values.yaml @@ -0,0 +1,2 @@ +# Skupper CRDs have no configurable values. +# This chart installs CustomResourceDefinitions only. diff --git a/charts/skupper/Chart.yaml b/charts/skupper/Chart.yaml new file mode 100644 index 000000000..17fed1158 --- /dev/null +++ b/charts/skupper/Chart.yaml @@ -0,0 +1,5 @@ +apiVersion: v2 +name: skupper +description: Helm chart for setting up Skupper. +version: 2.2.0-dev +appVersion: v2-dev diff --git a/charts/skupper/README.md b/charts/skupper/README.md index 8a56c7739..3a59db9dc 100644 --- a/charts/skupper/README.md +++ b/charts/skupper/README.md @@ -12,12 +12,29 @@ manager. - Kubernetes 1.25+ - Helm 3 +- Skupper CRDs + +### Installing CRDs + +Install Skupper CRDs before deploying this chart. Choose one of the following methods: + +**Using the skupper-crds Helm chart:** +``` +helm install skupper-crds oci://quay.io/skupper/helm/skupper-crds +``` + +**Using kubectl:** +``` +kubectl apply -f https://github.com/skupperproject/skupper/releases/latest/download/skupper-crds.yaml +``` ## Using the chart Deploy a cluster-scoped Skupper controller in the current namespace: ``` -helm install skupper oci://quay.io/skupper/helm/skupper +helm install skupper oci://quay.io/skupper/helm/skupper \ + --namespace skupper \ + --create-namespace ``` If you want to deploy the controller in a specific namespace: @@ -27,28 +44,18 @@ helm install skupper oci://quay.io/skupper/helm/skupper \ --create-namespace ``` -Deploy a controller with namespace-scope in the current namespace using `--set scope=namespace`: +Deploy a controller with namespace-scope in the current namespace using `--set rbac.clusterScoped=false`: ``` helm install skupper oci://quay.io/skupper/helm/skupper \ - --set scope=namespace + --set rbac.clusterScoped=false ``` -### CRDs - -By default, the chart installs the Skupper CRDs required by the controller -to properly function. If you want to install CRDs separately from the Helm chart, use -the `--skip-crds` flag with `helm install`. - -### Image Overrides +### Configuration -The chart exposes overrides for the three images required to run a skupper site. +See [values.yaml](values.yaml) for the full list of configurable options. -Example values.yaml file: -``` -controllerImage: examplemirror.acme.com/skupper/controller:2.0.0 -kubeAdaptorImage: examplemirror.acme.com/skupper/kube-adaptor:2.0.0 -routerImage: examplemirror.acme.com/skupper/skupper-router:3.3.0 -``` +Common customizations include image repositories, pull policies, pod +tolerations, and resource limits. ## Alternative Installation Methods @@ -57,19 +64,12 @@ deploying both cluster and namespace-scoped controllers. ## Development -The skupper chart is generated from common config files, so you will need to run: -```asciidoc -make generate-skupper-helm-chart +Install the chart from the local source: ``` - -This action will create a `skupper` chart inside the `charts` directory, that -you can install with a clustered scope with: -``` -helm install skupper ./skupper --set scope=cluster +helm install skupper ./charts/skupper ``` -Other option is to install it in a namespaced scope: + +Or with namespace-scope: ``` -helm install skupper ./skupper --set scope=namespace +helm install skupper ./charts/skupper --set rbac.clusterScoped=false ``` - -Check the `values.yaml` to modify the image tag of the controller, kube-adaptor and router images. diff --git a/charts/skupper/templates/NOTES.txt b/charts/skupper/templates/NOTES.txt new file mode 100644 index 000000000..fd8e6bf3a --- /dev/null +++ b/charts/skupper/templates/NOTES.txt @@ -0,0 +1,18 @@ +{{- if eq (include "skupper.clusterScoped" .) "true" }} +Skupper controller installed in namespace "{{ .Release.Namespace }}" with cluster scope. +The controller will watch for Skupper resources in all namespaces. +{{- else }} +Skupper controller installed in namespace "{{ .Release.Namespace }}" with namespace scope. +The controller will only watch for Skupper resources in this namespace. +{{- end }} + +To create a site: +kubectl apply -f - < /dev/null 2>&1; then - verbose_log "This tool uses helm to enable some features. See https://helm.sh/ for installation."; + verbose_log "This tool uses helm install skupper. See https://helm.sh/ for installation."; echo "${HELM} not found, exiting"; exit 1 fi @@ -177,8 +177,29 @@ metadata: EOF } -skupper::cluster::controller() { - SKUPPER_TESTING=true "${REPO_ROOT}/scripts/skupper-deployment-generator.sh" cluster ${IMAGE_TAG} ${ROUTER_IMAGE_TAG} false +get_oci_repo() { + local full_ref="$1" + # strip potential digest @sha256:* + local no_digest="${full_ref%%@*}" + local maybe_tag="${no_digest##*:}" + if [[ "$maybe_tag" =~ / ]] || [[ "$maybe_tag" == "$no_digest" ]]; then + # maybe_tag is part of registry port i.e. localhost:5000/img + echo "$no_digest" + else + echo "${no_digest%:*}" + fi +} +get_oci_tag() { + local full_ref="$1" + local repo + repo=$(get_oci_repo "$full_ref") + + local remainder="${full_ref:${#repo}}" + if [[ -z "$remainder" ]]; then + echo "latest" + else + echo "${remainder#:}" + fi } main () { @@ -229,6 +250,7 @@ main () { ensure::kind ensure::container + ensure::helm if [ -z "${KUBECONFIG-}" ]; then export KUBECONFIG="$HOME/.kube/skupperdev-config-$CLUSTER" echo "(skdev) WARNING: KUBECONFIG not set. Defaulting to ${KUBECONFIG}" @@ -264,26 +286,44 @@ main () { ;; esac + HELM_DEBUG_FLAG="" + if [[ "${VERBOSE}" == "true" ]]; then + HELM_DEBUG_FLAG="--debug" + fi if [ "${METALLB}" == "true" ]; then - ensure::helm ensure::python echo "(skdev) deploying metallb to ${CLUSTER}" kind_subnet=$(container::network::subnet kind) - METALLB_DEBUG_FLAG="" - if [[ "${VERBOSE}" == "true" ]]; then - METALLB_DEBUG_FLAG="--debug" - fi "${HELM}" repo add metallb https://metallb.github.io/metallb "${HELM}" upgrade --install metallb metallb/metallb \ --namespace metallb-system --create-namespace \ --set speaker.ignoreExcludeLB=true \ --version 0.15.* \ - --wait ${METALLB_DEBUG_FLAG} # empty or --debug + --wait ${HELM_DEBUG_FLAG} "${KUBECTL}" apply -f <(metallb::l2::config "$kind_subnet" "$SUBNET") fi - echo "(skdev) configuring controller deployment" - skupper::cluster::controller | "${KUBECTL}" apply -f - + echo "(skdev) installing skupper CRDs" + "${KUBECTL}" kustomize "${REPO_ROOT}/config/crd" | "${KUBECTL}" apply -f - + echo "(skdev) installing skupper controller" + controller_repo=$(get_oci_repo "$SKUPPER_CONTROLLER_IMAGE") + controller_tag=$(get_oci_tag "$SKUPPER_CONTROLLER_IMAGE") + kubeadaptor_repo=$(get_oci_repo "$SKUPPER_KUBE_ADAPTOR_IMAGE") + kubeadaptor_tag=$(get_oci_tag "$SKUPPER_KUBE_ADAPTOR_IMAGE") + router_repo=$(get_oci_repo "$SKUPPER_ROUTER_IMAGE") + router_tag=$(get_oci_tag "$SKUPPER_ROUTER_IMAGE") + "${HELM}" upgrade --install skupper "${REPO_ROOT}/charts/skupper" \ + --namespace skupper --create-namespace \ + --set "controller.repository=$controller_repo" \ + --set "controller.tag=$controller_tag" \ + --set "controller.pullPolicy=Never" \ + --set "kubeAdaptor.repository=$kubeadaptor_repo" \ + --set "kubeAdaptor.tag=$kubeadaptor_tag" \ + --set "kubeAdaptor.pullPolicy=Never" \ + --set "skupperRouter.repository=$router_repo" \ + --set "skupperRouter.tag=$router_tag" \ + --set "skupperRouter.pullPolicy=IfNotPresent" \ + --wait ${HELM_DEBUG_FLAG} } main "$@" diff --git a/scripts/skupper-crds-chart-generator.sh b/scripts/skupper-crds-chart-generator.sh new file mode 100755 index 000000000..95f701a5d --- /dev/null +++ b/scripts/skupper-crds-chart-generator.sh @@ -0,0 +1,39 @@ +#!/usr/bin/env bash + +set -o errexit +set -o nounset +set -o pipefail + +readonly KUBECTL=${KUBECTL:-kubectl} + +SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" +REPO_ROOT="$(cd "${SCRIPT_DIR}/.." && pwd)" + +main () { + # Recreate templates directory + rm -rf "${REPO_ROOT}/charts/skupper-crds/templates" + mkdir -p "${REPO_ROOT}/charts/skupper-crds/templates" + + # Use kustomize to label and annotate chart CRDs + "${KUBECTL}" kustomize "${REPO_ROOT}/config/hack/helm/skupper-crds" > "${REPO_ROOT}/charts/skupper-crds/templates/crds.yaml" + + # Generate NOTES.txt + crd_names=$(grep "^ name:" "${REPO_ROOT}/charts/skupper-crds/templates/crds.yaml" | awk '{print $2}' | sort | sed 's/^/ - /') + cat << EOF > "${REPO_ROOT}/charts/skupper-crds/templates/NOTES.txt" +Skupper CRDs have been installed. + +The following CustomResourceDefinitions are now available: +${crd_names} + +To verify the installation: + kubectl get crds -l app.kubernetes.io/name=skupper-crds + +Note: CRDs are annotated with helm.sh/resource-policy: keep and will persist +after helm uninstall. To remove them, delete manually: + kubectl get crds -l app.kubernetes.io/name=skupper-crds -o name | xargs kubectl delete +EOF + + echo "Generated skupper-crds chart templates at ${REPO_ROOT}/charts/skupper-crds/templates" +} + +main "$@" diff --git a/scripts/skupper-deployment-generator.sh b/scripts/skupper-deployment-generator.sh index 5a2706e7d..5d2417e8f 100755 --- a/scripts/skupper-deployment-generator.sh +++ b/scripts/skupper-deployment-generator.sh @@ -5,313 +5,77 @@ set -o nounset set -o pipefail # Check if the script is executed with four arguments -if [ "$#" -ne 4 ]; then - echo "Usage: $0 " +if [ "$#" -ne 3 ]; then + echo "Usage: $0 " exit 1 fi -# if no arg, default scope to cluster readonly SCOPE="${1-cluster}" readonly SKUPPER_IMAGE_TAG="${2-v2-dev}" readonly SKUPPER_ROUTER_IMAGE_TAG="${3-main}" -readonly FOR_CHART="${4-false}" readonly KUBECTL=${KUBECTL:-kubectl} -readonly MIN_KUBE_VERSION=${MIN_KUBE_VERSION:-1.25.0} readonly SKUPPER_IMAGE_REGISTRY=${SKUPPER_IMAGE_REGISTRY:-quay.io/skupper} -readonly SKUPPER_ROUTER_IMAGE=${SKUPPER_ROUTER_IMAGE:-${SKUPPER_IMAGE_REGISTRY}/skupper-router:${SKUPPER_ROUTER_IMAGE_TAG}} -readonly SKUPPER_CONTROLLER_IMAGE=${SKUPPER_CONTROLLER_IMAGE:-${SKUPPER_IMAGE_REGISTRY}/controller:${SKUPPER_IMAGE_TAG}} -readonly SKUPPER_KUBE_ADAPTOR_IMAGE=${SKUPPER_KUBE_ADAPTOR_IMAGE:-${SKUPPER_IMAGE_REGISTRY}/kube-adaptor:${SKUPPER_IMAGE_TAG}} -readonly SKUPPER_CLI_IMAGE=${SKUPPER_CLI_IMAGE:-${SKUPPER_IMAGE_REGISTRY}/cli:${SKUPPER_IMAGE_TAG}} -readonly SKUPPER_NETWORK_OBSERVER_IMAGE=${SKUPPER_NETWORK_OBSERVER_IMAGE:-${SKUPPER_IMAGE_REGISTRY}/network-observer:${SKUPPER_IMAGE_TAG}} -readonly SKUPPER_TESTING=${SKUPPER_TESTING:-false} +readonly SKUPPER_ROUTER_IMAGE=${SKUPPER_ROUTER_IMAGE:-${SKUPPER_IMAGE_REGISTRY}/skupper-router} +readonly SKUPPER_CONTROLLER_IMAGE=${SKUPPER_CONTROLLER_IMAGE:-${SKUPPER_IMAGE_REGISTRY}/controller} +readonly SKUPPER_KUBE_ADAPTOR_IMAGE=${SKUPPER_KUBE_ADAPTOR_IMAGE:-${SKUPPER_IMAGE_REGISTRY}/kube-adaptor} DEBUG=${DEBUG:=false} SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" REPO_ROOT="$(cd "${SCRIPT_DIR}/.." && pwd)" -skupper::deployment::namespace() { - cat << EOF -apiVersion: v1 -kind: Namespace -metadata: - name: skupper -EOF -} - -skupper::deployment::configmap() { - cat << EOF -apiVersion: v1 -kind: ConfigMap -metadata: - name: skupper -data: - controller: skupper-controller -EOF -} - -skupper::deployment::serviceaccount-cluster() { - cat << EOF -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - application: skupper-controller - app.kubernetes.io/name: skupper-controller - name: skupper-controller - namespace: skupper -EOF -} - -skupper::deployment::serviceaccount-namespace() { - cat << EOF -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - application: skupper-controller - app.kubernetes.io/name: skupper-controller - name: skupper-controller -EOF -} - -skupper::deployment::add-crds() { - cat << EOF -- ../../config/crd -EOF -} +main () { + if [ ${SCOPE} != "cluster" ] && [ ${SCOPE} != "namespace" ]; then + echo "Scope: ${SCOPE} not recognized" + exit 1 + fi -skupper::deployment::deploy-cluster() { - cat << EOF -apiVersion: apps/v1 -kind: Deployment -metadata: - name: skupper-controller - namespace: skupper -spec: - replicas: 1 - selector: - matchLabels: - application: skupper-controller - template: - metadata: - labels: - app.kubernetes.io/part-of: skupper - application: skupper-controller - app.kubernetes.io/name: skupper-controller - skupper.io/component: controller - spec: - serviceAccountName: skupper-controller - # Prevent kubernetes from injecting env vars for grant service - # as these then collide with those that actually configure the - # controller: - enableServiceLinks: false - # Please ensure that you can use SeccompProfile and do not use - # if your project must work on old Kubernetes - # versions < 1.19 or on vendors versions which - # do NOT support this field by default - securityContext: - runAsNonRoot: true - seccompProfile: - type: RuntimeDefault - containers: - - name: controller - image: ${SKUPPER_CONTROLLER_IMAGE} - imagePullPolicy: Always - command: ["/app/controller"] - args: ["-enable-grants", "-grant-server-autoconfigure"] - ports: - - name: metrics - containerPort: 9000 - env: - - name: SKUPPER_KUBE_ADAPTOR_IMAGE - value: ${SKUPPER_KUBE_ADAPTOR_IMAGE} - - name: SKUPPER_KUBE_ADAPTOR_IMAGE_PULL_POLICY - value: Always - - name: SKUPPER_ROUTER_IMAGE - value: ${SKUPPER_ROUTER_IMAGE} - - name: SKUPPER_ROUTER_IMAGE_PULL_POLICY - value: Always - securityContext: - capabilities: - drop: - - ALL - runAsNonRoot: true - allowPrivilegeEscalation: false - volumeMounts: - - name: tls-credentials - mountPath: /etc/controller - volumes: - - name: tls-credentials - emptyDir: {} -EOF -} + ktempdir=$(mktemp -d --tmpdir="${REPO_ROOT}") + if [ "${DEBUG}" != "true" ]; then + trap 'rm -rf $ktempdir' EXIT + fi -skupper::deployment::deploy-namespace() { - cat << EOF -apiVersion: apps/v1 -kind: Deployment -metadata: - name: skupper-controller -spec: - replicas: 1 - selector: - matchLabels: - application: skupper-controller - template: - metadata: - labels: - app.kubernetes.io/part-of: skupper - application: skupper-controller - app.kubernetes.io/name: skupper-controller - skupper.io/component: controller - spec: - serviceAccountName: skupper-controller - # Prevent kubernetes from injecting env vars for grant service - # as these then collide with those that actually configure the - # controller: - enableServiceLinks: false - # Please ensure that you can use SeccompProfile and do not use - # if your project must work on old Kubernetes - # versions < 1.19 or on vendors versions which - # do NOT support this field by default - securityContext: - runAsNonRoot: true - seccompProfile: - type: RuntimeDefault - containers: - - name: controller - image: ${SKUPPER_CONTROLLER_IMAGE} - imagePullPolicy: Always - command: ["/app/controller"] - args: ["-enable-grants", "-grant-server-autoconfigure"] - ports: - - name: metrics - containerPort: 9000 - env: - - name: WATCH_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: SKUPPER_KUBE_ADAPTOR_IMAGE - value: ${SKUPPER_KUBE_ADAPTOR_IMAGE} - - name: SKUPPER_KUBE_ADAPTOR_IMAGE_PULL_POLICY - value: Always - - name: SKUPPER_ROUTER_IMAGE - value: ${SKUPPER_ROUTER_IMAGE} - - name: SKUPPER_ROUTER_IMAGE_PULL_POLICY - value: Always - securityContext: - capabilities: - drop: - - ALL - runAsNonRoot: true - allowPrivilegeEscalation: false - volumeMounts: - - name: tls-credentials - mountPath: /etc/controller - volumes: - - name: tls-credentials - emptyDir: {} -EOF -} + mkdir -p ${ktempdir}/manifests -skupper::deployment::kustomization-cluster() { - cat << EOF -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: -- namespace.yaml -- manager.yaml -- service_account.yaml -- ../../config/rbac/cluster -EOF -} + cp "${REPO_ROOT}/config/hack/deploy/patches"/*.yaml "${ktempdir}/manifests/" -skupper::deployment::kustomization-cluster-sans-ns() { - cat << EOF -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: -- manager.yaml -- service_account.yaml -- ../../config/rbac/cluster -EOF -} + IS_CLUSTER_SCOPED="false" + NAMESPACE_LINE="" + if [ ${SCOPE} == "cluster" ]; then + IS_CLUSTER_SCOPED="true" + NAMESPACE_LINE="namespace: skupper" + fi -skupper::deployment::kustomization-namespace() { - cat << EOF + cat << EOF > "${ktempdir}/manifests/kustomization.yaml" apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization +${NAMESPACE_LINE} resources: -- controller-cm.yaml -- manager.yaml -- service_account.yaml -- ../../config/rbac/namespace -EOF -} - -skupper::patch::imagePullPolicy() { - cat << EOF +- ../../config/hack/deploy/${SCOPE} +- manifest.yaml patches: -- patch: | - apiVersion: apps/v1 - kind: Deployment - spec: - template: - spec: - containers: - - name: controller - imagePullPolicy: Never - env: - - name: SKUPPER_KUBE_ADAPTOR_IMAGE_PULL_POLICY - value: Never - - name: SKUPPER_ROUTER_IMAGE_PULL_POLICY - value: IfNotPresent - metadata: - name: skupper-controller + - path: remove-helm-management-pod-template-labels.yaml + target: + kind: Deployment + labelSelector: app.kubernetes.io/managed-by=Helm + - path: remove-helm-management-labels.yaml + target: + labelSelector: app.kubernetes.io/managed-by=Helm EOF - if [ ${SCOPE} == "cluster" ]; then - echo " namespace: skupper" - fi -} - -main () { - ktempdir=$(mktemp -d --tmpdir="${REPO_ROOT}") - if [ "${DEBUG}" != "true" ]; then - trap 'rm -rf $ktempdir' EXIT - fi - - mkdir -p ${ktempdir}/manifests/bases - - if [ ${SCOPE} == "cluster" ]; then - skupper::deployment::deploy-cluster > ${ktempdir}/manifests/manager.yaml - skupper::deployment::serviceaccount-cluster > ${ktempdir}/manifests/service_account.yaml - if [ ${FOR_CHART} == "true" ]; then - skupper::deployment::kustomization-cluster-sans-ns > "${ktempdir}/manifests/kustomization.yaml" - else - skupper::deployment::namespace > ${ktempdir}/manifests/namespace.yaml - skupper::deployment::kustomization-cluster > "${ktempdir}/manifests/kustomization.yaml" - fi - elif [ ${SCOPE} == "namespace" ]; then - skupper::deployment::configmap > ${ktempdir}/manifests/controller-cm.yaml - skupper::deployment::deploy-namespace > ${ktempdir}/manifests/manager.yaml - skupper::deployment::serviceaccount-namespace > ${ktempdir}/manifests/service_account.yaml - skupper::deployment::kustomization-namespace > "${ktempdir}/manifests/kustomization.yaml" - else - echo "Scope: ${SCOPE} not recognized" - exit 1 - fi - - if [ ${FOR_CHART} != "true" ]; then - skupper::deployment::add-crds >> "${ktempdir}/manifests/kustomization.yaml" - fi - if [ "${SKUPPER_TESTING}" == "true" ]; then - skupper::patch::imagePullPolicy >> "${ktempdir}/manifests/kustomization.yaml" - fi - kubectl kustomize ${ktempdir}/manifests + helm template \ + --namespace skupper \ + skupper-controller ./charts/skupper \ + --set "rbac.clusterScoped=${IS_CLUSTER_SCOPED}" \ + --set "controller.repository=${SKUPPER_CONTROLLER_IMAGE}" \ + --set "controller.tag=${SKUPPER_IMAGE_TAG}" \ + --set "kubeAdaptor.repository=${SKUPPER_KUBE_ADAPTOR_IMAGE}" \ + --set "kubeAdaptor.tag=${SKUPPER_IMAGE_TAG}" \ + --set "skupperRouter.repository=${SKUPPER_ROUTER_IMAGE}" \ + --set "skupperRouter.tag=${SKUPPER_ROUTER_IMAGE_TAG}" > "${ktempdir}/manifests/manifest.yaml" + + "${KUBECTL}" kustomize ${ktempdir}/manifests } main "$@" diff --git a/scripts/skupper-helm-chart-generator.sh b/scripts/skupper-helm-chart-generator.sh deleted file mode 100755 index 544f971d1..000000000 --- a/scripts/skupper-helm-chart-generator.sh +++ /dev/null @@ -1,115 +0,0 @@ -#!/bin/bash - -# Check if the script is executed with two arguments -if [ "$#" -ne 2 ]; then - echo "Usage: $0 " - exit 1 -fi - - -VERSION="0.1.0-dev" -APP_VERSION="$1" -ROUTER_VERSION="$2" - -# Set chart name and directories -CHART_NAME="skupper" -CRD_DIR="$CHART_NAME/crds" -TEMPLATES_DIR="$CHART_NAME/templates" -DEST_DIR="./charts" -CURRENT_DIR="$PWD" - -cd "$DEST_DIR" || exit - -mkdir -p "$CRD_DIR" -mkdir -p "$TEMPLATES_DIR" - - -cat <"$CHART_NAME/Chart.yaml" -apiVersion: v2 -name: skupper -description: Helm chart for setting up Skupper. -version: $VERSION -appVersion: $APP_VERSION -EOF - - -cat <"$CHART_NAME/values.yaml" -controllerImage: quay.io/skupper/controller:$APP_VERSION -kubeAdaptorImage: quay.io/skupper/kube-adaptor:$APP_VERSION -routerImage: quay.io/skupper/skupper-router:$ROUTER_VERSION - -# available options: cluster, namespace -scope: cluster - -EOF - -cat <"$TEMPLATES_DIR/NOTES.txt" -{{- if eq .Values.scope "cluster"}} -=========================================================== - Skupper chart is now installed in the cluster. - Skupper controller was deployed in the namespace "{{ .Release.Namespace }}". - -=========================================================== -{{- end }} -{{- if eq .Values.scope "namespace"}} -=========================================================== - Skupper chart is now installed in your current namespace. -=========================================================== -{{- end }} -EOF - - - -CRD_SOURCE_DIR="../config/crd/bases" - - -if [ ! -d "$CRD_SOURCE_DIR" ]; then - echo "Source directory '$CRD_SOURCE_DIR' does not exist. Exiting." - exit 1 -fi - - - -cp "$CRD_SOURCE_DIR"/* "$CRD_DIR" - -CLUSTER_TEMPLATE="$TEMPLATES_DIR/cluster-controller-deployment.yaml" - -echo "{{ if eq .Values.scope \"cluster\" }}" > "$CLUSTER_TEMPLATE" # Add Helm conditional block -pushd ${CURRENT_DIR} -./scripts/skupper-deployment-generator.sh cluster ${APP_VERSION} ${ROUTER_VERSION} true >> ${DEST_DIR}/"$CLUSTER_TEMPLATE" # Append kustomize output -popd -if [ $? -eq 0 ]; then - echo "{{ end }}" >> "$CLUSTER_TEMPLATE" -else - echo "Failed to generate cluster scope templates. Please check your kustomize configuration." - exit 1 -fi - -# Generate namespace scope template -NAMESPACE_TEMPLATE="$TEMPLATES_DIR/namespace-controller-deployment.yaml" -echo "{{ if eq .Values.scope \"namespace\" }}" > "$NAMESPACE_TEMPLATE" # Add Helm conditional block -pushd ${CURRENT_DIR} -./scripts/skupper-deployment-generator.sh namespace ${APP_VERSION} ${ROUTER_VERSION} true >> ${DEST_DIR}/"$NAMESPACE_TEMPLATE" # Append kustomize output -popd -if [ $? -eq 0 ]; then - echo "{{ end }}" >> "$NAMESPACE_TEMPLATE" # Close Helm conditional block -else - echo "Failed to generate namespace scope templates. Please check your kustomize configuration." - exit 1 -fi - -# Substitute "namespace: " with "namespace: {{ .Release.Namespace }}" -sed -i 's/namespace: [a-zA-Z0-9.-]*/namespace: {{ .Release.Namespace }}/g' "$CLUSTER_TEMPLATE" - -sed -i -E 's|quay.io/skupper/controller:[a-zA-Z0-9.-]*|{{ .Values.controllerImage }}|' "$CLUSTER_TEMPLATE" -sed -i -E 's|quay.io/skupper/controller:[a-zA-Z0-9.-]*|{{ .Values.controllerImage }}|' "$NAMESPACE_TEMPLATE" - -sed -i -E 's|quay.io/skupper/skupper-router:[a-zA-Z0-9.-]*|{{ .Values.routerImage }}|' "$CLUSTER_TEMPLATE" -sed -i -E 's|quay.io/skupper/skupper-router:[a-zA-Z0-9.-]*|{{ .Values.routerImage }}|' "$NAMESPACE_TEMPLATE" - - -sed -i 's|quay.io/skupper/kube-adaptor:[a-zA-Z0-9.-]*|{{ .Values.kubeAdaptorImage }}|g' "$CLUSTER_TEMPLATE" -sed -i 's|quay.io/skupper/kube-adaptor:[a-zA-Z0-9.-]*|{{ .Values.kubeAdaptorImage }}|g' "$NAMESPACE_TEMPLATE" - - -echo "Helm chart directory structure created successfully for '$CHART_NAME' with version=$VERSION and appVersion=$APP_VERSION." \ No newline at end of file From a51b0dbd2d2678dd1b633b22f4e700002611860a Mon Sep 17 00:00:00 2001 From: Christian Kruse Date: Tue, 10 Feb 2026 16:32:22 -0800 Subject: [PATCH 2/2] spell Signed-off-by: Christian Kruse --- charts/skupper/values.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/skupper/values.yaml b/charts/skupper/values.yaml index dc4dbf60b..43e29f1d4 100644 --- a/charts/skupper/values.yaml +++ b/charts/skupper/values.yaml @@ -24,7 +24,7 @@ rbac: controller: # image repository repository: quay.io/skupper/controller - # overries the image tag from its default value Chart AppVersion. + # overrides the image tag from its default value Chart AppVersion. tag: "" # Digest for the image. When set, digest overrides the tag. digest: "" @@ -48,7 +48,7 @@ controller: kubeAdaptor: # image repository repository: quay.io/skupper/kube-adaptor - # overries the image tag from its default value Chart AppVersion. + # overrides the image tag from its default value Chart AppVersion. tag: "" # Digest for the image. When set, digest overrides the tag. digest: ""