publish KubeArmorOperator Helm charts

Signed-off-by: Rudraksh Pareek <[email protected]>

.github/workflows/ci-latest-helm-chart-release.yaml

@@ -23,17 +23,19 @@ jobs:
       - name: Update Chart.yaml
         run: |
           STABLE_VERSION=`cat STABLE-RELEASE`
-          sed -i -e "s/appVersion:.*/appVersion: $STABLE_VERSION/g" deployments/helm/Chart.yaml
-          sed -i -e "s/version:.*/version: $STABLE_VERSION/g" deployments/helm/Chart.yaml
+          sed -i -e "s/appVersion:.*/appVersion: $STABLE_VERSION/g" deployments/helm/*/Chart.yaml
+          sed -i -e "s/version:.*/version: $STABLE_VERSION/g" deployments/helm/*/Chart.yaml
 
       - name: Publish Helm chart
         uses: stefanprodan/helm-gh-pages@master
         with:
           # Access token which can push to a different repo in the same org
           token: ${{ secrets.GH_ACCESS_TOKEN }}
-          charts_dir: deployments
+          charts_dir: deployments/helm
           # repo where charts would be published
           owner: kubearmor
           repository: charts
           branch: gh-pages
           charts_url: https://kubearmor.github.io/charts
+          commit_username: "github-actions[bot]"
+          commit_email: "github-actions[bot]@users.noreply.github.com"

.github/workflows/ci-latest-release.yml

@@ -53,7 +53,7 @@ jobs:
 
       - name: Deploy KubeArmor into Kubernetes
         run: |
-          helm upgrade --install kubearmor ./deployments/helm \
+          helm upgrade --install kubearmor ./deployments/helm/KubeArmor \
           --values ./KubeArmor/build/kubearmor-helm-test-values.yaml \
           --set kubearmor.image.tag=${{ steps.vars.outputs.tag }} \
           --set kubearmorInit.image.tag=${{ steps.vars.outputs.tag }} \

.github/workflows/ci-stable-release.yml

@@ -51,16 +51,20 @@ jobs:
         id: update
         run: |
           STABLE_VERSION=`cat STABLE-RELEASE`
-          sed -i -e "s/appVersion:.*/appVersion: $STABLE_VERSION/g" deployments/helm/Chart.yaml
-          sed -i -e "s/version:.*/version: $STABLE_VERSION/g" deployments/helm/Chart.yaml
+
+          sed -i -e "s/appVersion:.*/appVersion: $STABLE_VERSION/g" deployments/helm/*/Chart.yaml
+          sed -i -e "s/version:.*/version: $STABLE_VERSION/g" deployments/helm/*/Chart.yaml
+
           echo "STABLE_VERSION=$STABLE_VERSION" >> $GITHUB_OUTPUT
 
       - name: Create PR to update Helm chart version in KubeArmor repo
         uses: peter-evans/create-pull-request@v5
         with:
           branch: update-helm-${{ steps.update.outputs.STABLE_VERSION }}
-          add-paths: "deployments/helm/Chart.yaml"
+          add-paths: "deployments/helm/*/Chart.yaml"
           commit-message: "[skip ci] Update Helm Chart To ${{ steps.update.outputs.STABLE_VERSION }}"
+          committer: "github-actions[bot] <github-actions[bot]@users.noreply.github.com>"
+          author: "github-actions[bot] <github-actions[bot]@users.noreply.github.com>"
           title: "[skip ci] Update Helm Chart To ${{ steps.update.outputs.STABLE_VERSION }}"
           base: main
           signoff: true

.github/workflows/ci-systemd-release.yml

@@ -11,6 +11,7 @@ permissions:
 jobs:
   goreleaser:
     runs-on: ubuntu-20.04
+    if: github.repository == 'kubearmor/kubearmor'
     steps:
       - uses: actions/checkout@v3
         with:

.github/workflows/ci-test-controllers.yml

@@ -29,7 +29,7 @@ jobs:
       - name: Install KubeArmor Latest and KubeArmorController using Helm
         run: |
           # install kubearmor latest and controller built in this PR
-          helm upgrade --install kubearmor ./deployments/helm \
+          helm upgrade --install kubearmor ./deployments/helm/KubeArmor \
           --values ./KubeArmor/build/kubearmor-helm-test-values.yaml \
           --set kubearmorController.imagePullPolicy=Never \
           --set kubearmor.imagePullPolicy=Always \

.github/workflows/ci-test-ginkgo.yml

@@ -48,14 +48,13 @@ jobs:
       - name: Generate KubeArmor artifacts
         run: |
           GITHUB_SHA=$GITHUB_SHA ./KubeArmor/build/build_kubearmor.sh
-      
+
       - name: Build Kubearmor-Operator
         working-directory: pkg/KubeArmorOperator
         run: |
           make docker-build
 
       - name: Run KubeArmor
-        working-directory: pkg/KubeArmorOperator
         run: |
           if [ ${{ matrix.runtime }} == "containerd" ]; then
             docker save kubearmor/kubearmor-init:latest | sudo k3s ctr images import -
@@ -68,10 +67,10 @@ jobs:
               sudo podman pull docker-daemon:kubearmor/kubearmor-operator:latest
             fi
           fi
-          helm upgrade --install kubearmor-operator ./deployments/helm -n kube-system
+          helm upgrade --install kubearmor-operator ./deployments/helm/KubeArmorOperator -n kube-system
           kubectl wait --for=condition=ready --timeout=5m -n kube-system pod -l kubearmor-app=kubearmor-operator
           kubectl get pods -A
-          kubectl apply -f ./config/samples/kubearmor-test.yaml
+          kubectl apply -f pkg/KubeArmorOperator/config/samples/kubearmor-test.yaml
           kubectl wait -n kube-system --timeout=5m --for=jsonpath='{.status.phase}'=Running kubearmorconfigs/kubearmorconfig-test
           kubectl wait --timeout=5m --for=condition=ready pod -l kubearmor-app,kubearmor-app!=kubearmor-snitch -n kube-system
           kubectl get pods -A

.github/workflows/ci-test-helm-charts.yml

@@ -31,7 +31,8 @@ jobs:
 
       - name: helm lint
         run: |
-          helm lint ./deployments/helm
+          helm lint ./deployments/helm/KubeArmor
+          helm lint ./deployments/helm/KubeArmorOperator
 
       - name: Validate helm environment template values
         run: |

.github/workflows/helm-validate-values.sh

@@ -7,7 +7,7 @@ envs=("docker" "crio" "k3s" "microk8s" "minikube" "GKE" "BottleRocket" "EKS" "ge
 echo "Testing environment specific helm templates..."
 for env in ${envs[@]}; do
 	echo "Generating templates for $env..."
-	helm template kubearmor ./deployments/helm --set environment.name=$env > $env.yml
+	helm template kubearmor ./deployments/helm/KubeArmor --set environment.name=$env > $env.yml
 	if [[ "$?" -eq 1 ]]
 	then
 		echo "Failed to generate template for $env!"

contribution/development_guide.md

@@ -292,12 +292,9 @@ Here, we briefly give you an overview of KubeArmor's directories.
     controller              - Deployments for installing KubeArmorController alongwith cert-manager
     CRD                     - KubeArmorPollicy and KubeArmorHostPolicy CRDs
     get                     - Stores source code for deploygen, a tool used for specifying kubearmor deployments
-    helm/                   - KubeArmor's helm chart
-        templates/          - Deployment templates
-        Chart.yaml          - Chart metadata
-        values.yaml         - Values for the helm chart
-        values.aws.yaml     - Values specific to AWS
-        values.oke.yaml     - Values specific to OKE
+    helm/
+        KubeArmor           - KubeArmor's Helm chart
+        KubeArmorOperator   - KubeArmorOperator's Helm chart
   ```
 
 * Files for testing

deployments/helm/README.md → deployments/helm/KubeArmor/README.md

@@ -8,7 +8,7 @@ helm upgrade --install kubearmor kubearmor/kubearmor -n kube-system
 
 Install KubeArmor using Helm charts locally (for testing)
 ```
-cd deployments/helm
+cd deployments/helm/KubeArmor
 helm upgrade --install kubearmor . -n kube-system
 ```
 

deployments/helm/templates/RBAC/bindings.yaml → deployments/helm/KubeArmor/templates/RBAC/bindings.yaml

@@ -28,7 +28,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
   name: {{ .Values.kubearmorController.name }}-leader-election-rolebinding
-  namespace: kube-system
+  namespace: {{.Release.Namespace}}
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: Role

pkg/KubeArmorOperator/deployments/helm/Chart.yaml → deployments/helm/KubeArmorOperator/Chart.yaml

@@ -13,9 +13,9 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.1.0
+version: v0.10.2
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
-appVersion: "0.1.0"
+appVersion: v0.10.2

pkg/KubeArmorOperator/Makefile

@@ -1,7 +1,10 @@
 # SPDX-License-Identifier: Apache-2.0
 # Copyright 2021 Authors of KubeArmor
 
-CURDIR := $(shell pwd)
+CURDIR    := $(shell pwd)
+DEPLOYDIR := $(realpath $(CURDIR)/../../deployments)
+CHARTDIR  := $(realpath $(DEPLOYDIR)/helm/KubeArmorOperator)
+CRDDIR    := $(realpath $(CHARTDIR)/crds)
 
 # Image URL to use all building/pushing image targets
 IMG ?= kubearmor/kubearmor-operator
@@ -106,7 +109,7 @@ install: manifests kustomize ## Install CRDs into the K8s cluster specified in ~
 
 .PHONY: uninstall
 uninstall: manifests kustomize ## Uninstall CRDs from the K8s cluster specified in ~/.kube/config. Call with ignore-not-found=true to ignore resource not found errors during deletion.
-	$(KUSTOMIZE) build config/crd | kubectl delete --ignore-not-found=$(ignore-not-found) -f -	
+	$(KUSTOMIZE) build config/crd | kubectl delete --ignore-not-found=$(ignore-not-found) -f -
 
 .PHONY: deploy
 deploy: kustomize ## Deploy Operator Deployment, ClusterRole and ServiceAccount objects.
@@ -119,9 +122,10 @@ undeploy: ## Undeploy controller from the K8s cluster specified in ~/.kube/confi
 .PHONY: manifests
 manifests: controller-gen kustomize## Generate WebhookConfiguration, ClusterRole and CustomResourceDefinition objects.
 	go mod tidy; $(CONTROLLER_GEN) $(CRD_OPTIONS) rbac:roleName=manager-role webhook paths="./..." output:crd:artifacts:config=config/crd/bases
-	rm -r deployments/helm/crds/* && cp config/crd/bases/* deployments/helm/crds/	
-	$(KUSTOMIZE) build config/default | tee deployments/operator.yaml
-
+
+	rm -r $(CRDDIR)/* && cp config/crd/bases/* $(CRDDIR)/
+	$(KUSTOMIZE) build config/default | tee $(DEPLOYDIR)/operator/operator.yaml
+
 .PHONY: generate
 generate: controller-gen ## Generate code containing DeepCopy, DeepCopyInto, and DeepCopyObject method implementations.
 	go mod tidy; $(CONTROLLER_GEN) object:headerFile="hack/boilerplate.go.txt" paths="./..."
@@ -140,12 +144,12 @@ client/gen:
 	GOPATH= GOROOT= ./tmp/code-generator/generate-groups.sh "all" github.com/kubearmor/KubeArmor/pkg/KubeArmorOperator/client github.com/kubearmor/KubeArmor/pkg/KubeArmorOperator/api operator.kubearmor.com:v1 --go-header-file hack/boilerplate.go.txt
 	# check generated client at ./pkg/client
 	@cp -r ./github.com/kubearmor/KubeArmor/pkg/KubeArmorOperator/client/* ./client/
-	@rm -rf ./github.com ./tmp/code-generator		
+	@rm -rf ./github.com ./tmp/code-generator
 
 .PHONY: bundle
 bundle: operator-sdk
 	${OPERATOR_SDK} generate bundle --version ${BUNDLE_VER} --input-dir ./config --output-dir ./bundle --package ${BUNDLE_PKG}
 
 .PHONY: clean
 clean:
-	rm snitch kubearmor-operator
+	rm snitch kubearmor-operator