rework helm

oliverbaehler · oliverbaehler · commit 8698a19d669e · 2024-05-27T12:17:47.000+02:00
diff --git a/charts/capsule/README.md b/charts/capsule/README.md
@@ -16,34 +16,22 @@ Use the Capsule Operator for easily implementing, managing, and maintaining mult
 
 * A [`kubeconfig`](https://kubernetes.io/docs/concepts/configuration/organize-cluster-access-kubeconfig/) file accessing the Kubernetes cluster with cluster admin permissions.
 
-## Breaking Changes
+## Major Changes
 
 In the following sections you see actions which are required when you are upgrading to a specific version.
 
-### 0.7.x
+### Upgrading to 0.7.x
 
 Introduces a new methode to manage all capsule CRDs and their lifecycle. We are no longer relying on the [native CRD hook with the Helm Chart](https://helm.sh/docs/chart_best_practices/custom_resource_definitions/#some-caveats-and-explanations). The hook only allows to manage CRDs on install and uninstall but we can't deliver updates to the CRDs.
-When you newly install the chart we recommend to set  `crds.install` to `true`. This will manage the CRDs with the Helm Chart.
-
-**NOTE**: We recommend creating a dedicated release for the CRDs. This will allow you to manage the CRDs independently from the Operator.[See the Installation section](#installation)
-
-If you are upgrading to this release, you can choose to set `crds.install` to `true` (by default `false`). However you need to add metadata to the existing CRDs so they can be correctly managed with the new flow. Run the following commands:
-
-```bash
-kubectl label crd/capsuleconfigurations.capsule.clastix.io crd/globaltenantresources.capsule.clastix.io crd/tenantresources.capsule.clastix.io crd/tenants.capsule.clastix.io  app.kubernetes.io/managed-by=Helm
-kubectl annotate crd/capsuleconfigurations.capsule.clastix.io crd/globaltenantresources.capsule.clastix.io crd/tenantresources.capsule.clastix.io crd/tenants.capsule.clastix.io  meta.helm.sh/release-namespace=capsule-system # might be different
-kubectl annotate crd/capsuleconfigurations.capsule.clastix.io crd/globaltenantresources.capsule.clastix.io crd/tenantresources.capsule.clastix.io crd/tenants.capsule.clastix.io  meta.helm.sh/release-name=capsule-crds # might be different
-```
-
-With the new CRD management we can release update CRDs bundled with the chart. The Chart can be uninstalled and the CRDs are still kept.
+When you newly install the chart we recommend to set  `crds.install` to `true`. This will manage the CRDs with the Helm Chart. This behavior is the new default.
 
 #### Changed Values
 
 The following Values have changed key or Value:
 
   * All values from previous releases under `webhooks` have moved to `webhooks.hooks`.
-  *  `mutatingWebhooksTimeoutSeconds` has moved to `webhooks.mutatingWebhooksTimeoutSeconds`
-  *  `validatingWebhooksTimeoutSeconds` has moved to `webhooks.validatingWebhooksTimeoutSeconds`
+  * `mutatingWebhooksTimeoutSeconds` has moved to `webhooks.mutatingWebhooksTimeoutSeconds`
+  * `validatingWebhooksTimeoutSeconds` has moved to `webhooks.validatingWebhooksTimeoutSeconds`
 
 ## Installation
 
@@ -54,27 +42,15 @@ The Capsule Operator Chart can be used to instantly deploy the Capsule Operator
 
         $ helm repo add projectcapsule https://projectcapsule.github.io/charts
 
-3. Install CRDs:
-
-        $ helm install capsule-crds projectcapsule/capsule --version 0.7.0 -n capsule-system --set crds.install=true --set crds.exclusive=true
-
-        or
-
-        $ helm install capsule-crds oci://ghcr.io/projectcapsule/charts/capsule --version 0.7.0 -n capsule-system --set crds.install=true --set crds.exclusive=true
-
-3. Show the status:
-
-        $ helm status capsule-crds -n capsule-system
-
-4. Install Controller:
+2. Install Capsule:
 
         $ helm install capsule projectcapsule/capsule --version 0.7.0 -n capsule-system --create-namespace
 
         or
 
         $ helm install capsule oci://ghcr.io/projectcapsule/charts/capsule --version 0.7.0  -n capsule-system --create-namespace
 
-5. Show the status:
+3. Show the status:
 
         $ helm status capsule -n capsule-system
 
@@ -90,98 +66,6 @@ The Capsule Operator Chart can be used to instantly deploy the Capsule Operator
 
         $ helm uninstall capsule -n capsule-system
 
-## Upgrading
-
-Intsructions to upgrade the chart the versions, which may remove features or introduce breaking changes. Generally you would perform upgrades in the same order as you install the charts.
-
-```
-1. Upgrade Helm repositories
-
-        $ helm repo update
-
-2. Upgrade the CRDs
-
-        $ helm upgrade --install capsule-crds projectcapsule/capsule --version 0.7.1 -n capsule-system --set crds.install=true --set crds.exclusive=true
-
-3. Show the status:
-
-        $ helm status capsule-crds -n capsule-system
-
-4. Install Controller:
-
-        $ helm install upgrade --install projectcapsule/capsule --version 0.7.1 -n capsule-system --create-namespace
-
-        or
-
-        $ helm install upgrade --install oci://ghcr.io/projectcapsule/charts/capsule --version 0.7.1  -n capsule-system --create-namespace
-
-5. Show the status:
-
-        $ helm status capsule -n capsule-system
-```
-
-## Gitops
-
-See how you can deploy Capsule with GitOps tools like FluxCD or ArgoCD.
-
-### FluxCD
-
-Here's an example manifest how you would deploy Capsule via [FluxCD Helmreleases](https://fluxcd.io/flux/components/helm/helmreleases/):
-
-```yaml
----
-apiVersion: source.toolkit.fluxcd.io/v1beta2
-kind: HelmRepository
-metadata:
-  name:  projectcapsule
-spec:
-  type: "oci"
-  interval: 24h0m0s
-  url: oci://ghcr.io/projectcapsule/charts/
----
-apiVersion: helm.toolkit.fluxcd.io/v2beta1
-kind: HelmRelease
-metadata:
-  name: capsule-crds
-spec:
-  interval: 10m
-  targetNamespace: capsule-system
-  releaseName: "capsule-crds"
-  chart:
-    spec:
-      chart: capsule
-      version: "0.7.0"
-      sourceRef:
-        kind: HelmRepository
-        name: projectcapsule
-      interval: 24h
-  values:
-    crds:
-      install: true
-      exclusive: true
----
-apiVersion: helm.toolkit.fluxcd.io/v2beta1
-kind: HelmRelease
-metadata:
-  name: capsule
-spec:
-  interval: 10m
-  dependsOn:
-    - name: capsule-crds
-  targetNamespace: capsule-system
-  releaseName: "capsule"
-  chart:
-    spec:
-      chart: capsule
-      version: "0.7.0"
-      sourceRef:
-        kind: HelmRepository
-        name: projectcapsule
-      interval: 24h
-```
-
-### ArgoCD
-
 ## Customize the installation
 
 There are two methods for specifying overrides of values during chart installation: `--values` and `--set`.
@@ -206,8 +90,7 @@ Here the values you can override:
 |-----|------|---------|-------------|
 | crds.annnotations | object | `{}` | Extra Annotations for CRDs |
 | crds.exclusive | bool | `false` | Only install the CRDs, no other primitives |
-| crds.install | bool | `false` | Install the CustomResourceDefinitions (This also manages the lifecycle of the CRDs for update operations) |
-| crds.keep | bool | `true` | Keep the CustomResourceDefinitions (when the chart is deleted) |
+| crds.install | bool | `true` | Install the CustomResourceDefinitions (This also manages the lifecycle of the CRDs for update operations) |
 | crds.labels | object | `{}` | Extra Labels for CRDs |
 
 ### General Parameters
@@ -228,6 +111,7 @@ Here the values you can override:
 | jobs.nodeSelector | object | `{}` | Set the node selector |
 | jobs.podSecurityContext | object | `{"seccompProfile":{"type":"RuntimeDefault"}}` | Security context for the job pods. |
 | jobs.priorityClassName | string | `""` | Set a pod priorityClassName |
+| jobs.resources | object | `{}` | Job resources |
 | jobs.restartPolicy | string | `"Never"` | Set the restartPolicy |
 | jobs.securityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"readOnlyRootFilesystem":true,"runAsGroup":1002,"runAsNonRoot":true,"runAsUser":1002}` | Security context for the job containers. |
 | jobs.tolerations | list | `[]` | Set list of tolerations |
@@ -292,6 +176,7 @@ Here the values you can override:
 
 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
+| webhooks.exclusive | bool | `false` | When `crds.exclusive` is `true` the webhooks will be installed |
 | webhooks.hooks.cordoning.failurePolicy | string | `"Fail"` |  |
 | webhooks.hooks.cordoning.namespaceSelector.matchExpressions[0].key | string | `"capsule.clastix.io/tenant"` |  |
 | webhooks.hooks.cordoning.namespaceSelector.matchExpressions[0].operator | string | `"Exists"` |  |
@@ -324,7 +209,6 @@ Here the values you can override:
 | webhooks.hooks.services.namespaceSelector.matchExpressions[0].operator | string | `"Exists"` |  |
 | webhooks.hooks.tenantResourceObjects.failurePolicy | string | `"Fail"` |  |
 | webhooks.hooks.tenants.failurePolicy | string | `"Fail"` |  |
-| webhooks.inclusive | bool | `false` | When `crds.exclusive` is `true` but `inclusive` is `true` the webhooks will be installed |
 | webhooks.mutatingWebhooksTimeoutSeconds | int | `30` | Timeout in seconds for mutating webhooks |
 | webhooks.service.caBundle | string | `""` | CABundle for the webhook service |
 | webhooks.service.name | string | `""` | Custom service name for the webhook service |
diff --git a/charts/capsule/README.md.gotmpl b/charts/capsule/README.md.gotmpl
@@ -16,34 +16,22 @@ Use the Capsule Operator for easily implementing, managing, and maintaining mult
 
 * A [`kubeconfig`](https://kubernetes.io/docs/concepts/configuration/organize-cluster-access-kubeconfig/) file accessing the Kubernetes cluster with cluster admin permissions.
 
-## Breaking Changes 
+## Major Changes 
 
 In the following sections you see actions which are required when you are upgrading to a specific version.
 
 ### Upgrading to 0.7.x
 
 Introduces a new methode to manage all capsule CRDs and their lifecycle. We are no longer relying on the [native CRD hook with the Helm Chart](https://helm.sh/docs/chart_best_practices/custom_resource_definitions/#some-caveats-and-explanations). The hook only allows to manage CRDs on install and uninstall but we can't deliver updates to the CRDs.
-When you newly install the chart we recommend to set  `crds.install` to `true`. This will manage the CRDs with the Helm Chart.
-
-**NOTE**: We recommend creating a dedicated release for the CRDs. This will allow you to manage the CRDs independently from the Operator.[See the Installation section](#installation)
-
-If you are upgrading to this release, you can choose to set `crds.install` to `true` (by default `false`). However you need to add metadata to the existing CRDs so they can be correctly managed with the new flow. Run the following commands:
-
-```bash
-kubectl label crd/capsuleconfigurations.capsule.clastix.io crd/globaltenantresources.capsule.clastix.io crd/tenantresources.capsule.clastix.io crd/tenants.capsule.clastix.io  app.kubernetes.io/managed-by=Helm
-kubectl annotate crd/capsuleconfigurations.capsule.clastix.io crd/globaltenantresources.capsule.clastix.io crd/tenantresources.capsule.clastix.io crd/tenants.capsule.clastix.io  meta.helm.sh/release-namespace=capsule-system # might be different
-kubectl annotate crd/capsuleconfigurations.capsule.clastix.io crd/globaltenantresources.capsule.clastix.io crd/tenantresources.capsule.clastix.io crd/tenants.capsule.clastix.io  meta.helm.sh/release-name=capsule-crds # might be different
-```
-
-With the new CRD management we can release update CRDs bundled with the chart. The Chart can be uninstalled and the CRDs are still kept.
+When you newly install the chart we recommend to set  `crds.install` to `true`. This will manage the CRDs with the Helm Chart. This behavior is the new default.
 
 #### Changed Values 
 
 The following Values have changed key or Value:
 
   * All values from previous releases under `webhooks` have moved to `webhooks.hooks`.
-  *  `mutatingWebhooksTimeoutSeconds` has moved to `webhooks.mutatingWebhooksTimeoutSeconds`
-  *  `validatingWebhooksTimeoutSeconds` has moved to `webhooks.validatingWebhooksTimeoutSeconds`
+  * `mutatingWebhooksTimeoutSeconds` has moved to `webhooks.mutatingWebhooksTimeoutSeconds`
+  * `validatingWebhooksTimeoutSeconds` has moved to `webhooks.validatingWebhooksTimeoutSeconds`
 
 
 ## Installation
@@ -55,27 +43,15 @@ The Capsule Operator Chart can be used to instantly deploy the Capsule Operator
 
         $ helm repo add projectcapsule https://projectcapsule.github.io/charts
 
-3. Install CRDs:
-
-        $ helm install capsule-crds projectcapsule/capsule --version 0.7.0 -n capsule-system --set crds.install=true --set crds.exclusive=true
-
-        or
-
-        $ helm install capsule-crds oci://ghcr.io/projectcapsule/charts/capsule --version 0.7.0 -n capsule-system --set crds.install=true --set crds.exclusive=true
-
-3. Show the status:
-
-        $ helm status capsule-crds -n capsule-system
-
-4. Install Controller:
+2. Install Capsule:
 
         $ helm install capsule projectcapsule/capsule --version 0.7.0 -n capsule-system --create-namespace
 
         or
 
         $ helm install capsule oci://ghcr.io/projectcapsule/charts/capsule --version 0.7.0  -n capsule-system --create-namespace
 
-5. Show the status:
+3. Show the status:
 
         $ helm status capsule -n capsule-system
 
@@ -91,101 +67,6 @@ The Capsule Operator Chart can be used to instantly deploy the Capsule Operator
 
         $ helm uninstall capsule -n capsule-system
 
-## Upgrading
-
-Intsructions to upgrade the chart the versions, which may remove features or introduce breaking changes. Generally you would perform upgrades in the same order as you install the charts.
-
-```
-1. Upgrade Helm repositories
-
-        $ helm repo update
-
-2. Upgrade the CRDs
-
-        $ helm upgrade --install capsule-crds projectcapsule/capsule --version 0.7.1 -n capsule-system --set crds.install=true --set crds.exclusive=true
-
-3. Show the status:
-
-        $ helm status capsule-crds -n capsule-system
-
-4. Install Controller:
-
-        $ helm install upgrade --install projectcapsule/capsule --version 0.7.1 -n capsule-system --create-namespace
-
-        or
-
-        $ helm install upgrade --install oci://ghcr.io/projectcapsule/charts/capsule --version 0.7.1  -n capsule-system --create-namespace
-
-5. Show the status:
-
-        $ helm status capsule -n capsule-system
-```
-
-## Gitops 
-
-See how you can deploy Capsule with GitOps tools like FluxCD or ArgoCD.
-
-### FluxCD
-
-Here's an example manifest how you would deploy Capsule via [FluxCD Helmreleases](https://fluxcd.io/flux/components/helm/helmreleases/):
-
-```yaml
----
-apiVersion: source.toolkit.fluxcd.io/v1beta2
-kind: HelmRepository
-metadata:
-  name:  projectcapsule
-spec:
-  type: "oci"
-  interval: 24h0m0s
-  url: oci://ghcr.io/projectcapsule/charts/
----
-apiVersion: helm.toolkit.fluxcd.io/v2beta1
-kind: HelmRelease
-metadata:
-  name: capsule-crds
-spec:
-  interval: 10m
-  targetNamespace: capsule-system
-  releaseName: "capsule-crds"
-  chart:
-    spec:
-      chart: capsule
-      version: "0.7.0"
-      sourceRef:
-        kind: HelmRepository
-        name: projectcapsule
-      interval: 24h
-  values:
-    crds:
-      install: true
-      exclusive: true
----
-apiVersion: helm.toolkit.fluxcd.io/v2beta1
-kind: HelmRelease
-metadata:
-  name: capsule
-spec:
-  interval: 10m
-  dependsOn:
-    - name: capsule-crds
-  targetNamespace: capsule-system
-  releaseName: "capsule"
-  chart:
-    spec:
-      chart: capsule
-      version: "0.7.0"
-      sourceRef:
-        kind: HelmRepository
-        name: projectcapsule
-      interval: 24h
-```
-
-### ArgoCD
-
-
-
-
 ## Customize the installation
 
 There are two methods for specifying overrides of values during chart installation: `--values` and `--set`.
