ci: Adds sync tool for hack and charts

.pre-commit-config.yaml

@@ -45,6 +45,12 @@ repos:
     language: system
     files: "^(hack/addons/|charts/cluster-api-runtime-extensions-nutanix/templates/.+/manifests/|make/addons.mk$)"
     pass_filenames: false
+  - id: sync-helm-charts
+    name: helm-charts-sync
+    entry: make sync-helm-values
+    language: system
+    files: "^(hack/addons/|charts/cluster-api-runtime-extensions-nutanix/$).*"
+    pass_filenames: false
   - id: addons-repo-yaml
     name: addons-repo-yaml
     entry: make template-helm-repository
@@ -70,7 +76,7 @@ repos:
   - id: check-yaml
     args: ["-m", "--unsafe"]
     stages: [commit]
-    exclude: ^charts/.+/templates/
+    exclude: ^(charts/.+/(templates|addons)/|hack/addons/kustomize/).+\.ya?ml$
   - id: mixed-line-ending
     args: ["-f", "lf"]
     exclude: \.bat$
@@ -140,7 +146,7 @@ repos:
     name: License headers - YAML and Makefiles
     stages: [commit]
     files: (^Makefile|\.(ya?ml|mk))$
-    exclude: ^(internal/test|pkg/handlers/.+/embedded|examples|charts/cluster-api-runtime-extensions-nutanix/defaultclusterclasses)/.+\.ya?ml|docs/static/helm/index\.yaml|charts/cluster-api-runtime-extensions-nutanix/templates/helm-config.yaml$
+    exclude: ^(internal/test/.+\.yam?l|pkg/handlers/.+/embedded/.+\.yam?l|examples/.+\.yam?l|charts/cluster-api-runtime-extensions-nutanix/((defaultclusterclasses|addons)/.+\.ya?ml|templates/helm-config.yaml)|docs/static/helm/index\.yaml|hack/addons/kustomize/.+/(map|values)-template.yaml)$
     args:
       - --license-filepath
       - hack/license-header.txt

charts/cluster-api-runtime-extensions-nutanix/addons/ccm/aws/map-template.yaml

@@ -0,0 +1,7 @@
+# These values are a combination of a Helm template to create the dict for the k8s version to
+# CCM version map, and then including the non-templated values from the values-template.yaml.
+# This simplifies the templating required in the values-template.yaml.
+$k8sMinorVersionToCCMVersion := dict
+{{ range $k8sVersion, $ccmVersion := .Values.hooks.ccm.aws.k8sMinorVersionToCCMVersion -}}
+  "{{ $k8sVersion }}" "{{ $ccmVersion }}"
+{{ end -}}

charts/cluster-api-runtime-extensions-nutanix/addons/ccm/aws/values-template.yaml

@@ -0,0 +1,19 @@
+---
+# Starting in Kubernetes v1.29 the Kubelet no longer adds temporary addresses to the Node.
+# See https://github.com/kubernetes/kubernetes/pull/121028
+# This causes a deadlock with the AWS CCM and some CNI providers including Calico.
+# The Calico Pods won't start until some addresses are assigned,
+# but the AWS CCM that adds the addresses can't start until the Calico Pods are running.
+# Using hostNetworking allows the AWS CCM to start before the Calico Pods.
+# The upstream CAPA templates are also already using hostNetworking for the CCM Pods.
+hostNetworking: true
+
+args:
+  - --v=2
+  - --cloud-provider=aws
+  - --configure-cloud-routes=false
+
+{{ $clusterSemver := semver .Cluster.spec.topology.version }}
+{{ $ccmVersion := get $k8sMinorVersionToCCMVersion ( print $clusterSemver.Major "." $clusterSemver.Minor ) }}
+image:
+  tag: {{ $ccmVersion }}

charts/cluster-api-runtime-extensions-nutanix/addons/ccm/nutanix/values-template.yaml

@@ -0,0 +1,13 @@
+prismCentralEndPoint: {{ .PrismCentralHost }}
+prismCentralPort: {{ .PrismCentralPort }}
+prismCentralInsecure: {{ .PrismCentralInsecure }}
+{{- with .PrismCentralAdditionalTrustBundle }}
+prismCentralAdditionalTrustBundle: {{ printf "%q" . }}
+{{- end }}
+{{- with .ControlPlaneEndpointHost }}
+ignoredNodeIPs: [ {{ printf "%q" . }} ]
+{{- end }}
+
+# The Secret containing the credentials will be created by the handler.
+createSecret: false
+secretName: nutanix-ccm-credentials

charts/cluster-api-runtime-extensions-nutanix/addons/cluster-autoscaler/values-template.yaml

@@ -0,0 +1,36 @@
+---
+fullnameOverride: "cluster-autoscaler-{{ index .Cluster.Annotations "caren.nutanix.com/cluster-uuid" }}"
+
+cloudProvider: clusterapi
+
+# Always trigger a scale-out if replicas are less than the min.
+extraArgs:
+  enforce-node-group-min-size: true
+
+# Enable it to run in a 1 Node cluster.
+tolerations:
+  - effect: NoSchedule
+    key: node-role.kubernetes.io/control-plane
+
+# Limit a single cluster-autoscaler Deployment to a single Cluster.
+autoDiscovery:
+  clusterName: {{ .Cluster.Name }}
+  # The controller failed with an RBAC error trying to watch CAPI objects at the cluster scope without this.
+  labels:
+    - namespace: {{ .Cluster.Namespace }}
+
+# For workload clusters it is not possible to use the in-cluster client.
+# To simplify the configuration, use the admin kubeconfig generated by CAPI for all clusters.
+clusterAPIMode: kubeconfig-incluster
+clusterAPIWorkloadKubeconfigPath: /cluster/kubeconfig
+extraVolumeSecrets:
+  kubeconfig:
+    name: "{{ .Cluster.Name }}-kubeconfig"
+    mountPath: /cluster
+    readOnly: true
+    items:
+      - key: value
+        path: kubeconfig
+rbac:
+  # Create a Role instead of a ClusterRoles to update cluster-api objects
+  clusterScoped: false

charts/cluster-api-runtime-extensions-nutanix/addons/cni/calico/aws/values-template.yaml

@@ -0,0 +1,14 @@
+
+installation:
+  cni:
+    type: Calico
+  calicoNetwork:
+    bgp: Enabled
+    ipPools: {{ range $cidr := .Cluster.spec.clusterNetwork.pods.cidrBlocks }}
+    - cidr: "{{ $cidr }}"
+      encapsulation: None
+      natOutgoing: Enabled
+      nodeSelector: all(){{ end }}
+  nodeMetricsPort: 9091
+  typhaMetricsPort: 9093
+  registry: quay.io/

charts/cluster-api-runtime-extensions-nutanix/addons/cni/calico/docker/values-template.yaml

@@ -0,0 +1,13 @@
+
+installation:
+  cni:
+    type: Calico
+  calicoNetwork:
+    ipPools:{{ range $cidr := .Cluster.spec.clusterNetwork.pods.cidrBlocks }}
+    - cidr: "{{ $cidr }}"
+      encapsulation: None
+      natOutgoing: Enabled
+      nodeSelector: all(){{ end }}
+  nodeMetricsPort: 9091
+  typhaMetricsPort: 9093
+  registry: quay.io/

charts/cluster-api-runtime-extensions-nutanix/addons/cni/calico/nutanix/values-template.yaml

@@ -0,0 +1,14 @@
+
+installation:
+  cni:
+    type: Calico
+  calicoNetwork:
+    bgp: Enabled
+    ipPools:{{ range $cidr := .Cluster.spec.clusterNetwork.pods.cidrBlocks }}
+    - cidr: "{{ $cidr }}"
+      encapsulation: None
+      natOutgoing: Enabled
+      nodeSelector: all(){{ end }}
+  nodeMetricsPort: 9091
+  typhaMetricsPort: 9093
+  registry: quay.io/

charts/cluster-api-runtime-extensions-nutanix/addons/cni/cilium/values-template.yaml

@@ -0,0 +1,24 @@
+
+---
+cni:
+  chainingMode: portmap
+  exclusive: false
+hubble:
+  tls:
+    auto:
+      enabled: true               # enable automatic TLS certificate generation
+      method: cronJob             # auto generate certificates using cronJob method
+      certValidityDuration: 60    # certificates validity duration in days (default 2 months)
+      schedule: "0 0 1 * *"       # schedule on the 1st day regeneration of each month
+ipam:
+  mode: kubernetes
+image:
+  useDigest: false
+operator:
+  image:
+    useDigest: false
+certgen:
+  image:
+    useDigest: false
+socketLB:
+  hostNamespaceOnly: true

hack/addons/kustomize/aws-ebs-csi/helm-values.yaml → charts/cluster-api-runtime-extensions-nutanix/addons/csi/aws-ebs/values-template.yaml

@@ -1,6 +1,3 @@
-# Copyright 2024 Nutanix. All rights reserved.
-# SPDX-License-Identifier: Apache-2.0
-
 ---
 controller:
   affinity:

hack/addons/kustomize/local-path-provisioner-csi/helm-values.yaml → charts/cluster-api-runtime-extensions-nutanix/addons/csi/local-path/values-template.yaml

@@ -1,5 +1,3 @@
-# Copyright 2024 Nutanix. All rights reserved.
-# SPDX-License-Identifier: Apache-2.0
 
 ---
 storageClass:

charts/cluster-api-runtime-extensions-nutanix/addons/csi/nutanix/values-template.yaml

@@ -0,0 +1,18 @@
+
+# The Secret containing the credentials will be created by the handler.
+createPrismCentralSecret: false
+pcSecretName: nutanix-csi-credentials
+createSecret: false
+
+tolerations:
+  - key: CriticalAddonsOnly
+    operator: Exists
+  - effect: NoExecute
+    operator: Exists
+    tolerationSeconds: 300
+  - effect: NoSchedule
+    key: node-role.kubernetes.io/master
+    operator: Exists
+  - effect: NoSchedule
+    key: node-role.kubernetes.io/control-plane
+    operator: Exists

hack/addons/kustomize/snapshot-controller/helm-values.yaml → charts/cluster-api-runtime-extensions-nutanix/addons/csi/snapshot-controller/values-template.yaml

@@ -1,5 +1,3 @@
-# Copyright 2024 Nutanix. All rights reserved.
-# SPDX-License-Identifier: Apache-2.0
 
 controller:
   priorityClassName: system-cluster-critical

hack/addons/kustomize/nfd/helm-values.yaml → charts/cluster-api-runtime-extensions-nutanix/addons/nfd/values-template.yaml

@@ -1,7 +1,6 @@
-# Copyright 2023 Nutanix. All rights reserved.
-# SPDX-License-Identifier: Apache-2.0
 
----
+image:
+  tag: v0.16.1-minimal
 master:
   extraLabelNs:
     - nvidia.com

charts/cluster-api-runtime-extensions-nutanix/addons/serviceloadbalancer/metallb/values-template.yaml

@@ -0,0 +1,21 @@
+
+controller:
+  tolerations:
+    - key: node-role.kubernetes.io/control-plane
+      effect: NoSchedule
+      operator: Exists
+    - key: CriticalAddonsOnly
+      operator: Exists
+    - effect: NoExecute
+      operator: Exists
+      tolerationSeconds: 300
+speaker:
+  tolerations:
+    - key: node-role.kubernetes.io/control-plane
+      effect: NoSchedule
+      operator: Exists
+    - key: CriticalAddonsOnly
+      operator: Exists
+    - effect: NoExecute
+      operator: Exists
+      tolerationSeconds: 300

charts/cluster-api-runtime-extensions-nutanix/templates/ccm/aws/manifests/helm-addon-installation.yaml

@@ -8,27 +8,8 @@ metadata:
   name: '{{ .Values.hooks.ccm.aws.helmAddonStrategy.defaultValueTemplateConfigMap.name }}'
 data:
   values.yaml: |-
-    # Starting in Kubernetes v1.29 the Kubelet no longer adds temporary addresses to the Node.
-    # See https://github.com/kubernetes/kubernetes/pull/121028
-    # This causes a deadlock with the AWS CCM and some CNI providers including Calico.
-    # The Calico Pods won't start until some addresses are assigned,
-    # but the AWS CCM that adds the addresses can't start until the Calico Pods are running.
-    # Using hostNetworking allows the AWS CCM to start before the Calico Pods.
-    # The upstream CAPA templates are also already using hostNetworking for the CCM Pods.
-    hostNetworking: true
-
-    args:
-      - --v=2
-      - --cloud-provider=aws
-      - --configure-cloud-routes=false
-
-    {{ "{{" }} $k8sMinorVersionToCCMVersion := dict
-    {{ range $k8sVersion, $ccmVersion := .Values.hooks.ccm.aws.k8sMinorVersionToCCMVersion -}}
-      "{{ $k8sVersion }}" "{{ $ccmVersion }}"
-    {{ end -}}
+    {{ "{{" }}
+    {{ tpl (.Files.Get "addons/ccm/aws/map-template.yaml") . | nindent 4 }}
     {{ "}}" }}
-    {{ "{{" }}$clusterSemver := semver .Cluster.spec.topology.version {{ "}}" }}
-    {{ "{{" }}$ccmVersion := get $k8sMinorVersionToCCMVersion ( print $clusterSemver.Major "." $clusterSemver.Minor ) {{ "}}" }}
-    image:
-      tag: {{ "{{ " }} $ccmVersion {{ "}}" }}
+    {{ .Files.Get "addons/ccm/aws/values-template.yaml" | nindent 4 }}
 {{- end -}}

charts/cluster-api-runtime-extensions-nutanix/templates/ccm/nutanix/manifests/helm-addon-installation.yaml

@@ -8,18 +8,5 @@ metadata:
   name: '{{ .Values.hooks.ccm.nutanix.helmAddonStrategy.defaultValueTemplateConfigMap.name }}'
 data:
   values.yaml: |-
-    ---
-    prismCentralEndPoint: {{ `{{ .PrismCentralHost }}` }}
-    prismCentralPort: {{ `{{ .PrismCentralPort }}` }}
-    prismCentralInsecure: {{ `{{ .PrismCentralInsecure }}` }}
-    {{ `{{- with .PrismCentralAdditionalTrustBundle }}` }}
-    prismCentralAdditionalTrustBundle: {{ `{{ printf "%q" . }}` }}
-    {{ `{{- end }}` }}
-    {{ `{{- with .ControlPlaneEndpointHost }}` }}
-    ignoredNodeIPs: [ {{ `{{ printf "%q" . }}` }} ]
-    {{ `{{- end }}` }}
-
-    # The Secret containing the credentials will be created by the handler.
-    createSecret: false
-    secretName: nutanix-ccm-credentials
+    {{- .Files.Get "addons/ccm/nutanix/values-template.yaml" | nindent 4 }}
 {{- end -}}

charts/cluster-api-runtime-extensions-nutanix/templates/cluster-autoscaler/manifests/helm-addon-installation.yaml

@@ -8,40 +8,5 @@ metadata:
   name: '{{ .Values.hooks.clusterAutoscaler.helmAddonStrategy.defaultValueTemplateConfigMap.name }}'
 data:
   values.yaml: |-
-    ---
-    fullnameOverride: "cluster-autoscaler-{{ `{{ index .Cluster.Annotations "caren.nutanix.com/cluster-uuid" }}` }}"
-
-    cloudProvider: clusterapi
-
-    # Always trigger a scale-out if replicas are less than the min.
-    extraArgs:
-      enforce-node-group-min-size: true
-
-    # Enable it to run in a 1 Node cluster.
-    tolerations:
-      - effect: NoSchedule
-        key: node-role.kubernetes.io/control-plane
-
-    # Limit a single cluster-autoscaler Deployment to a single Cluster.
-    autoDiscovery:
-      clusterName: "{{ `{{ .Cluster.Name }}` }}"
-      # The controller failed with an RBAC error trying to watch CAPI objects at the cluster scope without this.
-      labels:
-        - namespace: "{{ `{{ .Cluster.Namespace }}` }}"
-
-    # For workload clusters it is not possible to use the in-cluster client.
-    # To simplify the configuration, use the admin kubeconfig generated by CAPI for all clusters.
-    clusterAPIMode: kubeconfig-incluster
-    clusterAPIWorkloadKubeconfigPath: /cluster/kubeconfig
-    extraVolumeSecrets:
-      kubeconfig:
-        name: "{{ `{{ .Cluster.Name }}` }}-kubeconfig"
-        mountPath: /cluster
-        readOnly: true
-        items:
-          - key: value
-            path: kubeconfig
-    rbac:
-      # Create a Role instead of a ClusterRoles to update cluster-api objects
-      clusterScoped: false
+    {{- .Files.Get "addons/cluster-autoscaler/values-template.yaml" | nindent 4 }}
 {{- end -}}

charts/cluster-api-runtime-extensions-nutanix/templates/cni/calico/manifests/aws/helm-addon-installation.yaml

@@ -1,4 +1,4 @@
-# Copyright 2023 Nutanix. All rights reserved.
+# Copyright 2024 Nutanix. All rights reserved.
 # SPDX-License-Identifier: Apache-2.0
 
 {{- if .Values.hooks.cni.calico.helmAddonStrategy.defaultValueTemplatesConfigMaps.AWSCluster.create }}
@@ -8,17 +8,5 @@ metadata:
   name: '{{ .Values.hooks.cni.calico.helmAddonStrategy.defaultValueTemplatesConfigMaps.AWSCluster.name }}'
 data:
   values.yaml: |-
-    installation:
-      cni:
-        type: Calico
-      calicoNetwork:
-        bgp: Enabled
-        ipPools:{{ printf "{{ range $cidr := .Cluster.spec.clusterNetwork.pods.cidrBlocks }}" }}
-        - cidr: {{ printf "{{ $cidr }}" }}
-          encapsulation: None
-          natOutgoing: Enabled
-          nodeSelector: all(){{ printf "{{ end }}" }}
-      nodeMetricsPort: 9091
-      typhaMetricsPort: 9093
-      registry: quay.io/
+    {{- .Files.Get "addons/cni/calico/aws/values-template.yaml" | nindent 4 }}
 {{- end -}}

charts/cluster-api-runtime-extensions-nutanix/templates/cni/calico/manifests/docker/helm-addon-installation.yaml

@@ -1,4 +1,4 @@
-# Copyright 2023 Nutanix. All rights reserved.
+# Copyright 2024 Nutanix. All rights reserved.
 # SPDX-License-Identifier: Apache-2.0
 
 {{- if .Values.hooks.cni.calico.helmAddonStrategy.defaultValueTemplatesConfigMaps.DockerCluster.create }}
@@ -8,16 +8,5 @@ metadata:
   name: '{{ .Values.hooks.cni.calico.helmAddonStrategy.defaultValueTemplatesConfigMaps.DockerCluster.name }}'
 data:
   values.yaml: |-
-    installation:
-      cni:
-        type: Calico
-      calicoNetwork:
-        ipPools:{{ printf "{{ range $cidr := .Cluster.spec.clusterNetwork.pods.cidrBlocks }}" }}
-        - cidr: {{ printf "{{ $cidr }}" }}
-          encapsulation: None
-          natOutgoing: Enabled
-          nodeSelector: all(){{ printf "{{ end }}" }}
-      nodeMetricsPort: 9091
-      typhaMetricsPort: 9093
-      registry: quay.io/
+    {{- .Files.Get "addons/cni/calico/docker/values-template.yaml" | nindent 4 }}
 {{- end -}}