Added helm charts (#65)

- network-resource-info     
- network-dependencies-webhook
- network-resource-info
- provider-kubernetes

.github/workflows/release.yml

@@ -24,6 +24,11 @@ jobs:
         with:
           node-version: "lts/*"
 
+      - name: Setup helm
+        uses: azure/setup-helm@v3
+        with:
+          version: "v3.11.1"
+
       - name: Release
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
@@ -32,7 +37,5 @@ jobs:
           #!/bin/bash
           set -e
           # add more plugins: https://semantic-release.gitbook.io/semantic-release/extending/plugins-list
-          npm install @semantic-release/exec @eclass/semantic-release-docker @semantic-release/git -D
-          # the ... || true is to prevent the script from failing caused by a bug in semantic-release regarding 
-          # rate limit changes on github. See https://github.com/semantic-release/github/pull/487
-          npx -c semantic-release || true
+          npm install @semantic-release/exec @eclass/semantic-release-docker @semantic-release/git semantic-release-helm3 -D
+          npx -c semantic-release

.releaserc.json

@@ -201,18 +201,56 @@
         "prepareCmd": "sed -i \"s#ghcr.io/edgefarm/edgefarm.network/xfn-log2webhook:.*#ghcr.io/edgefarm/edgefarm.network/xfn-log2webhook:${nextRelease.version}#g\" crossplane-functions/log2webhook/Readme.md"
       }
     ],
+    [
+      "semantic-release-helm3",
+      {
+        "chartPath": "./charts/network-compositions-helm",
+        "registry": "ghcr.io/edgefarm/edgefarm.network"
+      }
+    ],
+    [
+      "semantic-release-helm3",
+      {
+        "chartPath": "./charts/network-dependencies-webhook-helm",
+        "registry": "ghcr.io/edgefarm/edgefarm.network"
+      }
+    ],
+    [
+      "semantic-release-helm3",
+      {
+        "chartPath": "./charts/network-resource-info-helm",
+        "registry": "ghcr.io/edgefarm/edgefarm.network"
+      }
+    ],
+    [
+      "semantic-release-helm3",
+      {
+        "chartPath": "./charts/provider-kubernetes-helm",
+        "registry": "ghcr.io/edgefarm/edgefarm.network"
+      }
+    ],
     [
       "@semantic-release/git",
       {
         "assets": [
           "deploy/compositions/network.streams.network.edgefarm.io/composition-networks.yaml",
           "deploy/network-resource-info/deployment.yaml",
-          "deploy/network-dependencies-webhook/deployment.yaml"
+          "deploy/network-dependencies-webhook/deployment.yaml",
+          "charts/network-compositions-helm/Chart.yaml",
+          "charts/network-dependencies-webhook-helm/Chart.yaml",
+          "charts/network-resource-info-helm/Chart.yaml",
+          "charts/provider-kubernetes-helm/Chart.yaml"
         ],
         "message": "chore(release): ${nextRelease.version} [skip ci]\n\n${nextRelease.notes}"
       }
     ],
     "@semantic-release/release-notes-generator",
-    "@semantic-release/github"
+    [
+      "@semantic-release/github",
+      {
+        "successComment": false,
+        "failTitle": false
+      }
+    ]
   ]
 }

charts/edgefarm-network/Chart.lock

@@ -0,0 +1,27 @@
+dependencies:
+- name: provider-kubernetes
+  repository: file://../provider-kubernetes
+  version: 0.1.0
+- name: network-resource-info
+  repository: file://../network-resource-info
+  version: 0.1.0
+- name: network-compositions
+  repository: file://../network-compositions
+  version: 0.1.0
+- name: edgenetwork-operator
+  repository: file://../edgenetwork-operator
+  version: 0.1.0
+- name: provider-nats
+  repository: file://../provider-nats
+  version: 0.1.0
+- name: provider-natssecrets
+  repository: file://../provider-natssecrets
+  version: 0.1.0
+- name: network-dependencies-webhook
+  repository: file://../network-dependencies-webhook
+  version: 0.1.0
+- name: nats
+  repository: https://nats-io.github.io/k8s/helm/charts/
+  version: 1.0.0-rc.0
+digest: sha256:05db8f71bb857e38d396bedd44b45c0fbd908e18f8ca615d612d5a0b915e9474
+generated: "2023-07-07T08:54:05.131453431+02:00"

charts/edgefarm-network/Chart.yaml

@@ -0,0 +1,48 @@
+apiVersion: v2
+name: edgefarm-network
+description: A Helm chart for edgefarm.network. Note that you need to have metacontroller, crossplane, vault with installed to be able to install this chart.
+
+type: application
+version: 0.1.0
+appVersion: "2.1.0"
+
+keywords:
+  - edgefarm.network
+  - crd
+  - metacontroller
+  - crossplane
+  - nats
+  - credentials
+
+sources:
+  - https://github.com/edgefarm/edgefarm.network
+
+maintainers:
+  - name: Armin Schlegel
+    email: [email protected]
+
+dependencies:
+  - name: provider-kubernetes
+    version: 0.1.0
+    repository: "file://../provider-kubernetes"
+  - name: network-resource-info
+    version: 0.1.0
+    repository: "file://../network-resource-info"
+  - name: network-compositions
+    version: 0.1.0
+    repository: "file://../network-compositions"
+  - name: edgenetwork-operator
+    version: 0.1.0
+    repository: "file://../edgenetwork-operator"
+  - name: provider-nats
+    version: 0.1.0
+    repository: "file://../provider-nats"
+  - name: provider-natssecrets
+    version: 0.1.0
+    repository: "file://../provider-natssecrets"
+  - name: network-dependencies-webhook
+    version: 0.1.0
+    repository: "file://../network-dependencies-webhook"
+  - name: nats
+    version: 1.0.0-rc.0
+    repository: https://nats-io.github.io/k8s/helm/charts/

charts/edgefarm-network/README.md

@@ -0,0 +1,89 @@
+# edgefarm.network
+
+This helm chart installs edgefarm.network components. It installs several components:
+  - provider-kubernetes
+  - provider-nats
+  - provider-natssecrets
+  - network-compositions
+  - network-resource-info
+  - edgenetwork-operator
+  - network-dependencies-webhook
+  - nats
+
+## Prerequisites
+
+    Kubernetes 1.22+
+    Helm 3.2.0+
+    Crossplane 1.11.3+
+    Vault with vault-plugin-secrets-nats 1.3.2+
+
+# Needed Vault configuration
+
+To be able to make this work a few things things have to be done in the vault configuration
+
+## 1. configure kubernetes auth
+
+See https://developer.hashicorp.com/vault/docs/auth/kubernetes and 
+https://developer.hashicorp.com/vault/docs/auth/kubernetes#use-local-service-account-token-as-the-reviewer-jwt for more information.
+
+If your Vault service runs in the same cluster, you simply can put the `kubernetes_host` to `https://10.96.0.1`.
+
+```
+$ KUBE_CA_CERT=$(kubectl config view --raw --minify --flatten --output='jsonpath={.clusters[].cluster.certificate-authority-data}' | base64 --decode)
+$ vault write auth/kubernetes/config kubernetes_host=https://10.96.0.1 kubernetes_ca_cert="$KUBE_CA_CERT" disable_local_ca_jwt="true"
+```
+
+Otherwise, you need to modify `kubernetes_host` and pass the correct CA cert.
+
+## 2. create policy 
+
+Replace each occurance of `<operatorName>` with the name of your operator:
+
+```console
+vault policy write nats-auth-config - <<EOF
+path "nats-secrets/jwt/operator/<operatorName>" {
+   capabilities = ["read"]
+}
+path "nats-secrets/nkey/operator/<operatorName>/account/sys" {
+   capabilities = ["read"]
+}
+path "nats-secrets/jwt/operator/<operatorName>/account/sys" { 
+   capabilities = ["read"]
+}
+EOF
+```
+
+## 3. create role
+
+By creating the kubernetes role, the service account for `nats-auth-config` is allowed to access paths specified in the policy `nats-auth-config`.
+
+``` console
+vault write auth/kubernetes/role/nats-auth-config  bound_service_account_names=nats-auth-config  bound_service_account_namespaces="*" policies=nats-auth-config ttl=24h
+```
+
+# Chart configuration 
+
+You can deploy backend and core components independently by enabling/disabling them:
+
+| Component                 | Description                                                      | Default value |
+| ------------------------- | ---------------------------------------------------------------- | ------------- |
+| operatorName              | Specifies the name of the nats operator                          | true          |
+| natsAuthConfig.enabled    | Specifies if the backend cluster parts should be deployed        | true          |
+| networkBaseConfig.enabled | Specifies if the network base config configmap should be created | true          |
+| operator.enabled          | Specifies if the operator should be created                      | true          |
+| sysAccount.enabled        | Specifies if the sys-account should be created                   | true          |
+
+
+## natsAuthConfig configuration
+
+| Component                                              | Description                                                                   | Default value                  |
+| ------------------------------------------------------ | ----------------------------------------------------------------------------- | ------------------------------ |
+| natsAuthConfig.resolver.address                        | Specifies the address of the nats server                                      | "nats://nats.default.svc:4222" |
+| natsAuthConfig.resolver.config.type                    | Specifies the type of the nats resolver                                       | full                           |
+| natsAuthConfig.resolver.config.dir                     | Specifies the directory to cache JWTs                                         | "/data/jwt"                    |
+| natsAuthConfig.resolver.config.allow_delete            | Specifies if account information can be deleted                               | true                           |
+| natsAuthConfig.resolver.config.interval                | Specifies the resolver interval                                               | "2m"                           |
+| natsAuthConfig.resolver.config.timeout                 | Specifies the resolver timeout                                                | "1.9s"                         |
+| natsAuthConfig.nats.authConfigmapDestination.name      | Specifies the name of the configmap where the auth config will be stored      | nats-auth-config               |
+| natsAuthConfig.nats.authConfigmapDestination.namespace | Specifies the namespace of the configmap where the auth config will be stored | nats                           |
+