chart: make webhook optional

.github/workflows/chart-lint.yml

@@ -18,6 +18,9 @@ jobs:
         uses: azure/setup-helm@v1
         with:
           version: v3.4.0
+      - name: Add dependency chart repos
+        run: |
+          helm repo add cert-manager https://charts.jetstack.io
 
       - name: Set up chart-testing
         uses: helm/[email protected]

.github/workflows/release.yml

@@ -24,10 +24,13 @@ jobs:
         uses: azure/setup-helm@v1
         with:
           version: v3.4.0
+      - name: Add dependency chart repos
+        run: |
+          helm repo add cert-manager https://charts.jetstack.io
 
       - name: Set up chart-testing
         uses: helm/[email protected]
-      
+
       - name: Run chart-testing (lint)
         run: ct lint --all --config ct.yaml
 

.gitignore

@@ -5,7 +5,6 @@
 *.dll
 *.so
 *.dylib
-*.tgz
 bin
 testbin/*
 tmp
@@ -42,7 +41,6 @@ test/*_gen.yaml
 # Helm packages
 charts/index.yaml
 charts/*.tgz
-charts/milvus-operator/charts/*.tgz
 
 # output
 out/

Makefile

@@ -12,7 +12,7 @@ KIND_CLUSTER ?= kind
 
 # Produce remove descriptions, it's too long
 CRD_OPTIONS ?= "crd:maxDescLen=0"
-# cert-manager 
+# cert-manager
 CERT_MANAGER_MANIFEST ?= "https://github.com/jetstack/cert-manager/releases/download/v1.5.3/cert-manager.yaml"
 
 # Get the currently used golang install path (in GOPATH/bin, unless GOBIN is set)
@@ -100,13 +100,12 @@ build-config-tool:
 build-release: build-config-tool
 	mkdir -p out
 	CGO_ENABLED=0 go build -ldflags="$(BUILD_LDFLAGS)" -o out/manager main.go
-	CGO_ENABLED=0 go build -ldflags="-s -w" -o out/checker ./tool/checker
 
 run: manifests generate fmt vet ## Run a controller from your host.
 	go run ./main.go
 
 docker-build: ## Build docker image with the manager.
-	docker build -t ${IMG} . 
+	docker build -t ${IMG} .
 
 docker-push: ## Push docker image with the manager.
 	docker push ${IMG}
@@ -148,7 +147,7 @@ docker-tool-push:
 	docker manifest push ${TOOL_RELEASE_IMG}
 
 docker-local-build:
-	docker build -t ${IMG} -f local.Dockerfile . 
+	docker build -t ${IMG} -f local.Dockerfile .
 
 docker-local: build-release docker-local-build
 
@@ -274,12 +273,11 @@ sit-deploy: sit-load-and-cleanup-images
 	$(HELM) -n milvus-operator install --set image.repository=milvus-operator,image.tag=sit,resources.requests.cpu=10m --create-namespace milvus-operator ./charts/milvus-operator
 	kubectl -n milvus-operator describe pods
 	@echo "Waiting for operator to be ready"
-	kubectl -n milvus-operator wait --for=condition=complete job/milvus-operator-checker --timeout=6m
 	kubectl -n milvus-operator rollout restart deploy/milvus-operator
 	kubectl -n milvus-operator wait --timeout=3m --for=condition=available deployments/milvus-operator
 	sleep 5 #wait for the service to be ready
 
-sit-test: 
+sit-test:
 	./test/sit.sh ${test_mode}
 
 cleanup-sit:
@@ -340,8 +338,7 @@ $(CHARTS_DIRECTORY)/milvus-operator-$(VERSION).tgz: $(CHART_MILVUS_OPERATOR)/tem
 	$(wildcard $(CHART_MILVUS_OPERATOR)/assets/*) \
 	$(CHART_TEMPLATE_PATH)/role.yaml $(CHART_TEMPLATE_PATH)/clusterrole.yaml \
 	$(CHART_TEMPLATE_PATH)/rolebinding.yaml $(CHART_TEMPLATE_PATH)/clusterrolebinding.yaml \
-	$(CHART_TEMPLATE_PATH)/mutatingwebhookconfiguration.yaml $(CHART_TEMPLATE_PATH)/validatingwebhookconfiguration.yaml \
-	$(CHART_TEMPLATE_PATH)/deployment.yaml
+	$(CHART_TEMPLATE_PATH)/mutatingwebhookconfiguration.yaml $(CHART_TEMPLATE_PATH)/validatingwebhookconfiguration.yaml
 	$(HELM) package $(CHART_MILVUS_OPERATOR) \
 		--version $(VERSION) \
 		--app-version $(VERSION) \
@@ -354,13 +351,6 @@ $(CHART_MILVUS_OPERATOR)/templates/crds.yaml: kustomize config/crd/bases
 	sed "s/'\({{[^}}]*}}\)'/\1/g">> '$@'
 	echo '{{- end -}}' >> '$@'
 
-$(CHART_TEMPLATE_PATH)/deployment.yaml: kustomize $(wildcard config/helm/deployment/*) $(wildcard config/manager/*) $(wildcard config/config/*)
-	echo '{{- /* $(DO_NOT_EDIT) */ -}}' > $(CHART_TEMPLATE_PATH)/deployment.yaml
-	$(KUSTOMIZE) build --reorder legacy config/helm/deployment | \
-	$(KUSTOMIZE) cfg grep --annotate=false 'kind=Deployment' | \
-	sed "s/'\({{[^}}]*}}\)'/\1/g" \
-		>> $(CHART_TEMPLATE_PATH)/deployment.yaml
-
 $(CHART_TEMPLATE_PATH)/role.yaml: kustomize $(wildcard config/helm/rbac/*) $(wildcard config/rbac/*)
 	echo '{{- /* $(DO_NOT_EDIT) */ -}}' > $(CHART_TEMPLATE_PATH)/role.yaml
 	echo '{{- if .Values.rbac.create }}' >> $(CHART_TEMPLATE_PATH)/role.yaml
@@ -403,23 +393,26 @@ $(CHART_TEMPLATE_PATH)/clusterrolebinding.yaml: kustomize $(wildcard config/helm
 
 $(CHART_TEMPLATE_PATH)/validatingwebhookconfiguration.yaml: kustomize $(wildcard config/helm/webhook/*) $(wildcard config/webhook/*)
 	echo '{{- /* $(DO_NOT_EDIT) */ -}}' > $(CHART_TEMPLATE_PATH)/validatingwebhookconfiguration.yaml
+	echo '{{- if .Values.enableWebhook }}' >> $(CHART_TEMPLATE_PATH)/validatingwebhookconfiguration.yaml
 	$(KUSTOMIZE) build --reorder legacy config/helm/webhook | \
 	$(KUSTOMIZE) cfg grep --annotate=false 'kind=ValidatingWebhookConfiguration' | \
 	sed "s/'\({{[^}}]*}}\)'/\1/g" \
 		>> $(CHART_TEMPLATE_PATH)/validatingwebhookconfiguration.yaml
+	echo '{{- end -}}' >> $(CHART_TEMPLATE_PATH)/validatingwebhookconfiguration.yaml
 
 $(CHART_TEMPLATE_PATH)/mutatingwebhookconfiguration.yaml: kustomize $(wildcard config/helm/webhook/*) $(wildcard config/webhook/*)
 	echo '{{- /* $(DO_NOT_EDIT) */ -}}' > $(CHART_TEMPLATE_PATH)/mutatingwebhookconfiguration.yaml
+	echo '{{- if .Values.enableWebhook }}' >> $(CHART_TEMPLATE_PATH)/mutatingwebhookconfiguration.yaml
 	$(KUSTOMIZE) build --reorder legacy config/helm/webhook | \
 	$(KUSTOMIZE) cfg grep --annotate=false 'kind=MutatingWebhookConfiguration' | \
 	sed "s/'\({{[^}}]*}}\)'/\1/g" \
 		>> $(CHART_TEMPLATE_PATH)/mutatingwebhookconfiguration.yaml
+	echo '{{- end -}}' >> $(CHART_TEMPLATE_PATH)/mutatingwebhookconfiguration.yaml
 
 deploy-by-manifest: sit-prepare-operator-images sit-load-operator-images sit-generate-manifest
 	@echo "Deploying Milvus Operator"
 	kubectl apply -f ./test/test_gen.yaml
 	@echo "Waiting for the operator to be ready..."
-	kubectl -n milvus-operator wait --for=condition=complete job/milvus-operator-checker --timeout=6m
 	kubectl -n milvus-operator rollout restart deploy/milvus-operator
 	kubectl -n milvus-operator wait --timeout=3m --for=condition=available deployments/milvus-operator
 	sleep 5 #wait for the service to be ready

apis/milvus.io/v1beta1/milvus_types.go

@@ -21,7 +21,7 @@ import (
 	"time"
 
 	"github.com/coreos/go-semver/semver"
-	"github.com/milvus-io/milvus-operator/pkg/provisioner"
+	"github.com/milvus-io/milvus-operator/pkg/util"
 	"github.com/pkg/errors"
 	appsv1 "k8s.io/api/apps/v1"
 	corev1 "k8s.io/api/core/v1"
@@ -119,7 +119,7 @@ func (ms MilvusSpec) GetMilvusVersionByImage() (*semver.Version, error) {
 	if len(splited) != 2 {
 		return nil, errors.Errorf("unknown version of image[%s]", splited[0])
 	}
-	return provisioner.GetSemanticVersion(splited[1])
+	return util.GetSemanticVersion(splited[1])
 }
 
 func (ms *MilvusSpec) GetPersistenceConfig() *Persistence {

charts/milvus-operator/Chart.lock

@@ -0,0 +1,6 @@
+dependencies:
+- name: cert-manager
+  repository: https://charts.jetstack.io
+  version: v1.5.3
+digest: sha256:ded312c59e9aee73e5dc268bad53029e6d7187d6ce17219b8b5d2b0ca3d0c577
+generated: "2024-11-19T17:22:07.833644+08:00"

charts/milvus-operator/Chart.yaml

@@ -26,6 +26,14 @@ version: 1.1.3
 # It is recommended to use it with quotes.
 appVersion: "1.1.3"
 
+dependencies:
+  - name: cert-manager
+    version: 1.5.3
+    repository: https://charts.jetstack.io
+    condition: cert-manager.enabled
+    tags:
+      - cert-manager
+
 maintainers:
 - name: zilliztech
   email: [email protected]

charts/milvus-operator/ci/default-values.yaml

@@ -1,11 +0,0 @@
-# check and install the dependencies when enabled, this need an extra service account with privileged clusterroles
-installDependencies:
-  enable: true
-  serviceAccount:
-    # serviceAccount.create -- Specifies whether a service account should be created
-    create: true
-    # serviceAccount.annotations -- Annotations to add to the service account
-    annotations: {}
-    # serviceAccount.name -- The name of the service account to use.
-    # If not set and create is true, a name is generated using the fullname template
-    name: "milvus-dep-sa"

charts/milvus-operator/templates/NOTES.txt

@@ -1,5 +1,4 @@
 Milvus Operator Is Starting, use `kubectl get -n {{ .Release.Namespace }} deploy/{{ .Release.Name }}` to check if its successfully installed
-If Operator not started successfully, check the checker's log with `kubectl -n {{ .Release.Namespace }} logs job/{{ .Release.Name }}-checker`
 Full Installation doc can be found in https://github.com/zilliztech/milvus-operator/blob/main/docs/installation/installation.md
 Quick start with `kubectl apply -f https://raw.githubusercontent.com/zilliztech/milvus-operator/main/config/samples/milvus_minimum.yaml`
 More samples can be found in https://github.com/zilliztech/milvus-operator/tree/main/config/samples

charts/milvus-operator/templates/_helpers.tpl

@@ -61,13 +61,3 @@ Create the name of the service account to use
 {{- default "default" .Values.serviceAccount.name }}
 {{- end }}
 {{- end }}
-
-{{- define "chart.checkerServiceAccountName" -}}
-{{- if .Values.installDependencies.enable }}
-{{- if .Values.installDependencies.serviceAccount.create }}
-{{- default (printf "%s-checker" (include "chart.fullname" .)) .Values.installDependencies.serviceAccount.name }}
-{{- else }}
-{{- default "default" .Values.serviceAccount.name }}
-{{- end }}
-{{- end }}
-{{- end }}

charts/milvus-operator/templates/certificate.yaml

@@ -0,0 +1,23 @@
+{{- if .Values.enableWebhook -}}
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: '{{ include "chart.fullname" . }}-serving-cert'
+  namespace: {{ .Release.Namespace }}
+spec:
+  dnsNames:
+  - milvus-operator-webhook-service.{{ .Release.Namespace }}.svc
+  - milvus-operator-webhook-service.{{ .Release.Namespace }}.svc.cluster.local
+  issuerRef:
+    kind: Issuer
+    name: '{{ include "chart.fullname" . }}-selfsigned-issuer'
+  secretName: '{{ include "chart.fullname" . }}-webhook-cert'
+---
+apiVersion: cert-manager.io/v1
+kind: Issuer
+metadata:
+  name: '{{ include "chart.fullname" . }}-selfsigned-issuer'
+  namespace: {{ .Release.Namespace }}
+spec:
+  selfSigned: {}
+{{- end -}}