Merge pull request #5 from mbaldessari/eso-operator

Switch to the ESO operator
validatedpatterns · Sep 27, 2024 · adb2d8b · adb2d8b
2 parents cc62382 + cea861c
commit adb2d8b
Show file tree

Hide file tree

Showing 9 changed files with 127 additions and 136 deletions.
diff --git a/Chart.yaml b/Chart.yaml
@@ -3,13 +3,7 @@ description: A Helm chart to configure the golang-based external-secrets.
 keywords:
 - pattern
 name: golang-external-secrets
-version: 0.1.2
-dependencies:
-  - name: external-secrets
-    version: "0.10.0"
-    repository: "https://charts.external-secrets.io"
-    #"https://external-secrets.github.io/kubernetes-external-secrets"
-
+version: 0.2.0
 home: https://github.com/validatedpatterns/golang-external-secrets-chart
 maintainers:
   - name: Validated Patterns Team

diff --git a/README.md b/README.md
@@ -4,7 +4,32 @@
 
 A Helm chart to configure the golang-based external-secrets.
 
-This chart is used by the Validated Patterns to set up the external secrets
+This chart is used by the Validated Patterns to set up the external secrets. This chart
+sets up the needed pieces for ESO to work with the Validated Patterns Framework.
+
+**Note** this version uses the ESO operator. Since we prefer using UBI images, we need
+to manually update the ESO UBI images in the `values.yaml` file when updating.
+This requires that the operator is installed via the VP subscriptions mechanism.
+
+Here is a full example:
+```yaml
+clusterGroup:
+  namespaces:
+    - golang-external-secrets
+  subscriptions:
+    golang-external-secrets:
+      channel: alpha
+      name: external-secrets-operator
+      namespace: golang-external-secrets
+      source: community-operators
+  applications:
+    golang-external-secrets:
+      name: golang-external-secrets
+      namespace: golang-external-secrets
+      project: hub
+      chart: golang-external-secrets
+      chartVersion: 0.2.*
+```
 
 **Homepage:** <https://github.com/validatedpatterns/golang-external-secrets-chart>
 
@@ -14,21 +39,12 @@ This chart is used by the Validated Patterns to set up the external secrets
 | ---- | ------ | --- |
 | Validated Patterns Team | <[email protected]> |  |
 
-## Requirements
-
-| Repository | Name | Version |
-|------------|------|---------|
-| https://charts.external-secrets.io | external-secrets | 0.10.0 |
-
 ## Values
 
 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
+| certController.image.tag | string | `"v0.10.4-ubi"` | Tag for the ESO certController image |
 | clusterGroup.isHubCluster | bool | `true` | The variable that defines when a cluster is the HUB |
-| external-secrets | object | depends on the individual settings | A few settings containing which images are being used |
-| external-secrets.certController.image.tag | string | `"v0.10.0-ubi"` | Tag for the ESO certController image |
-| external-secrets.image.tag | string | `"v0.10.0-ubi"` | Tag for the ESO main image |
-| external-secrets.webhook.image.tag | string | `"v0.10.0-ubi"` | Tag for the ESO webhook image |
 | global | object | depends on the individual settings | The global namespace containes some globally used variables used in patterns |
 | global.clusterDomain | string | `"foo.example.com"` | The DNS entry for the cluster the chart is being rendered on |
 | global.hubClusterDomain | string | `"hub.example.com"` | The DNS entry for the hub cluster |
@@ -52,21 +68,9 @@ This chart is used by the Validated Patterns to set up the external secrets
 | golangExternalSecrets.rbac.rolename | string | `"hub-role"` | The name of the vault role when connecting to the vault from the hub |
 | golangExternalSecrets.vault | object | depends on the individual settings | Some vault configuration entries |
 | golangExternalSecrets.vault.mountPath | string | `"hub"` | The vault secrets' path when connecting to it from the hub |
+| image | object | depends on the individual settings | A few settings containing which images are being used |
+| image.tag | string | `"v0.10.4-ubi"` | Tag for the ESO main image |
+| webhook.image.tag | string | `"v0.10.4-ubi"` | Tag for the ESO webhook image |
 
 ----------------------------------------------
 Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2)
-
-## Subchart Update
-
-When updating this sub-chart, please remember to tweak the image tag in values.yaml.
-That is because we want to use -ubi images if possible and there is no suffix option, so
-we just override the tag with the version + "-ubi"
-
-### Steps
-
-1. Edit the version in Chart.yaml
-2. Run `helm dependency update .`
-3. Run `./update-helm-dependency.sh`
-4. Tweak `values.yaml` with the new image versions
-5. Run `make test`
-6. Commit to Git
diff --git a/README.md.gotmpl b/README.md.gotmpl
@@ -5,7 +5,32 @@
 
 {{ template "chart.description" . }}
 
-This chart is used by the Validated Patterns to set up the external secrets
+This chart is used by the Validated Patterns to set up the external secrets. This chart
+sets up the needed pieces for ESO to work with the Validated Patterns Framework.
+
+**Note** this version uses the ESO operator. Since we prefer using UBI images, we need
+to manually update the ESO UBI images in the `values.yaml` file when updating.
+This requires that the operator is installed via the VP subscriptions mechanism.
+
+Here is a full example:
+```yaml
+clusterGroup:
+  namespaces:
+    - golang-external-secrets
+  subscriptions:
+    golang-external-secrets:
+      channel: alpha
+      name: external-secrets-operator
+      namespace: golang-external-secrets
+      source: community-operators
+  applications:
+    golang-external-secrets:
+      name: golang-external-secrets
+      namespace: golang-external-secrets
+      project: hub
+      chart: golang-external-secrets
+      chartVersion: 0.2.*
+```
 
 {{ template "chart.homepageLine" . }}
 
@@ -18,19 +43,3 @@ This chart is used by the Validated Patterns to set up the external secrets
 {{ template "chart.valuesSection" . }}
 
 {{ template "helm-docs.versionFooter" . }}
-
-
-## Subchart Update
-
-When updating this sub-chart, please remember to tweak the image tag in values.yaml.
-That is because we want to use -ubi images if possible and there is no suffix option, so
-we just override the tag with the version + "-ubi"
-
-### Steps
-
-1. Edit the version in Chart.yaml
-2. Run `helm dependency update .`
-3. Run `./update-helm-dependency.sh`
-4. Tweak `values.yaml` with the new image versions
-5. Run `make test`
-6. Commit to Git
diff --git a/charts/external-secrets-0.10.0.tgz b/charts/external-secrets-0.10.0.tgz
diff --git a/local-patches/0001-runasuser-comment-out.patch b/local-patches/0001-runasuser-comment-out.patch
diff --git a/templates/golang-external-secrets-operator-config.yaml b/templates/golang-external-secrets-operator-config.yaml
@@ -0,0 +1,31 @@
+# See https://github.com/external-secrets/external-secrets-helm-operator/blob/main/config/samples/operator_v1alpha1_operatorconfig.yaml
+# for a full definition
+apiVersion: operator.external-secrets.io/v1alpha1
+kind: OperatorConfig
+metadata:
+  name: golang-external-secrets
+  annotations:
+    # We need the OperatorConfig to be the first thing that gets deployed
+    # This is because we need to deploy the secret *after* the operatorconfig
+    # has created the golang-external-secret service account
+    argocd.argoproj.io/sync-wave: "-10"
+spec:
+  image:
+    tag: {{ .Values.image.tag }}
+  webhook:
+    image:
+      tag: {{ .Values.webhook.image.tag }}
+  certController:
+    image:
+      tag: {{ .Values.certController.image.tag }}
+  prometheus:
+    enabled: true
+    service:
+      port: 8080
+  resources:
+    requests:
+      cpu: 10m
+      memory: 96Mi
+    limits:
+      cpu: 100m
+      memory: 256Mi
diff --git a/tests/golang_external_secrets_operator_config.yaml b/tests/golang_external_secrets_operator_config.yaml
@@ -0,0 +1,31 @@
+suite: Test golang-external-secrets operatorconfig with default values
+templates:
+  - templates/golang-external-secrets-operator-config.yaml
+release:
+  name: release-test
+tests:
+  - it: should output default values for the OperatorConfig
+    asserts:
+      - containsDocument:
+          kind: OperatorConfig
+          apiVersion: v1
+          name: golang-external-secrets
+      - equal:
+          path: metadata.annotations["argocd.argoproj.io/sync-wave"]
+          value: "-10"
+
+  - it: should set the images to the default values for the OperatorConfig
+    asserts:
+      - containsDocument:
+          kind: OperatorConfig
+          apiVersion: v1
+          name: golang-external-secrets
+      - equal:
+          path: spec.image.tag
+          value: v0.10.4-ubi
+      - equal:
+          path: spec.webhook.image.tag
+          value: v0.10.4-ubi
+      - equal:
+          path: spec.certController.image.tag
+          value: v0.10.4-ubi
diff --git a/update-helm-dependency.sh b/update-helm-dependency.sh
diff --git a/values.yaml b/values.yaml
@@ -68,15 +68,14 @@ clusterGroup:
 
 # -- A few settings containing which images are being used
 # @default -- depends on the individual settings
-external-secrets:
+image:
+  # -- Tag for the ESO main image
+  tag: v0.10.4-ubi
+webhook:
   image:
-    # -- Tag for the ESO main image
-    tag: v0.10.0-ubi
-  webhook:
-    image:
     # -- Tag for the ESO webhook image
-      tag: v0.10.0-ubi
-  certController:
-    image:
+    tag: v0.10.4-ubi
+certController:
+  image:
     # -- Tag for the ESO certController image
-      tag: v0.10.0-ubi
+    tag: v0.10.4-ubi