From a83d11922234c0181ae0f8cad572ff49e81c4426 Mon Sep 17 00:00:00 2001 From: Mikhail Fedosin Date: Wed, 8 May 2024 22:40:35 +0200 Subject: [PATCH 1/2] breaking: remove cert-manager support from helm chart Right now we have experimental support for Cert Manager installation in the chart. As part of this, we store Cert Manager CRDs in the "crds" folder. If you install the chart with Helm, everything works fine, resources are only installed if they don't exist in the cluster. But if we use Argo, we always install CRDs even if they already exist by overwriting them. Since we can't get around this limitation, we decided to remove Cert Manager support from the chart. We recommend using the clusterctl plugin for local development and testing that retains support for installing Cert Manager. In the case of the chart, users must manage Cert Manager installation themselves. --- Makefile | 1 - hack/charts/cluster-api-operator/Chart.yaml | 5 -- .../templates/cert-manager.namespace.yaml | 8 --- hack/charts/cluster-api-operator/values.yaml | 7 --- hack/inject-cert-manager-chart-version.sh | 58 ------------------- 5 files changed, 79 deletions(-) delete mode 100644 hack/charts/cluster-api-operator/templates/cert-manager.namespace.yaml delete mode 100755 hack/inject-cert-manager-chart-version.sh diff --git a/Makefile b/Makefile index 1e9a4be08..c4c8deb8d 100644 --- a/Makefile +++ b/Makefile @@ -480,7 +480,6 @@ release-manifests: $(KUSTOMIZE) $(RELEASE_DIR) ## Builds the manifests to publis release-chart: $(HELM) $(KUSTOMIZE) $(RELEASE_DIR) $(CHART_DIR) $(CHART_PACKAGE_DIR) ## Builds the chart to publish with a release cp -rf $(ROOT)/hack/charts/cluster-api-operator/. $(CHART_DIR) $(KUSTOMIZE) build ./config/chart > $(CHART_DIR)/templates/operator-components.yaml - $(ROOT)/hack/inject-cert-manager-chart-version.sh $(CERT_MANAGER_VERSION) $(HELM) package $(CHART_DIR) --app-version=$(HELM_CHART_TAG) --version=$(HELM_CHART_TAG) --destination=$(CHART_PACKAGE_DIR) .PHONY: release-staging diff --git a/hack/charts/cluster-api-operator/Chart.yaml b/hack/charts/cluster-api-operator/Chart.yaml index 9a296212e..25a474d7f 100644 --- a/hack/charts/cluster-api-operator/Chart.yaml +++ b/hack/charts/cluster-api-operator/Chart.yaml @@ -4,8 +4,3 @@ description: Cluster API Operator type: application version: 0.0.0 appVersion: "0.0.0" -dependencies: - - name: cert-manager - version: "0.0.0" - repository: https://charts.jetstack.io - condition: cert-manager.enabled diff --git a/hack/charts/cluster-api-operator/templates/cert-manager.namespace.yaml b/hack/charts/cluster-api-operator/templates/cert-manager.namespace.yaml deleted file mode 100644 index 4a5fc8d3b..000000000 --- a/hack/charts/cluster-api-operator/templates/cert-manager.namespace.yaml +++ /dev/null @@ -1,8 +0,0 @@ -{{- if index .Values "cert-manager" "enabled" }} -apiVersion: v1 -kind: Namespace -metadata: - annotations: - "helm.sh/hook": "pre-install" - name: {{ index .Values "cert-manager" "namespace" }} -{{- end }} diff --git a/hack/charts/cluster-api-operator/values.yaml b/hack/charts/cluster-api-operator/values.yaml index d818f9fc3..3522dfd5a 100644 --- a/hack/charts/cluster-api-operator/values.yaml +++ b/hack/charts/cluster-api-operator/values.yaml @@ -1,11 +1,4 @@ --- -# Cert Manager options -# Full list of supported values is available at https://artifacthub.io/packages/helm/cert-manager/cert-manager -cert-manager: - enabled: false - fullnameOverride: "cert-manager" - namespace: "cert-manager" - installCRDs: true # --- # Cluster API provider options core: "" diff --git a/hack/inject-cert-manager-chart-version.sh b/hack/inject-cert-manager-chart-version.sh deleted file mode 100755 index 915032320..000000000 --- a/hack/inject-cert-manager-chart-version.sh +++ /dev/null @@ -1,58 +0,0 @@ -#!/bin/bash - -# Copyright 2023 The Kubernetes Authors. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# This script injects cert-manager dependency in the helm chart. -# Usage: ./inject-cert-manager-helm.sh -# Example: ./inject-cert-manager-helm.sh v1.12.2 - -set -o errexit -set -o nounset -set -o pipefail - -REPO_ROOT=$(dirname "${BASH_SOURCE}")/.. -CHART_DIR=${REPO_ROOT}/out/charts/cluster-api-operator - -# Validate version input - matches "vX.Y.Z" (e.g. v1.0.0) -if [[ ! "$1" =~ ^v([0-9]+)\.([0-9]+)\.([0-9]+)$ ]]; then - echo "Please provide a valid version in the semver format (e.g. v1.0.0)" - exit 1 -fi - -VERSION=$1 - -# Create the output directory if it doesn't exist -mkdir -p "$CHART_DIR" - -# Modify version in Chart.yaml -CHART_FILE="${CHART_DIR}/Chart.yaml" -if [[ ! -f "$CHART_FILE" ]]; then - echo "Chart.yaml not found in the chart folder." - exit 2 -fi - -# Update cert-manager dependency version in Chart.yaml -if [[ "$OSTYPE" == "darwin"* ]]; then - # macOS - sed -i "" "/dependencies:/,/alias: cert-manager/ s/\(^ *version: *\).*\$/\1$VERSION/" "$CHART_FILE" -else - # Linux - sed -i "/dependencies:/,/alias: cert-manager/ s/\(^ *version: *\).*\$/\1$VERSION/" "$CHART_FILE" -fi - -# Fetch dependencies with Helm -helm dependency update ${CHART_DIR} - -echo "Updated cert-manager dependency version in Chart.yaml to ${VERSION}" From 4123e888180afa2cbd3056591f78a8e9d88e56e0 Mon Sep 17 00:00:00 2001 From: Mikhail Fedosin Date: Mon, 13 May 2024 15:03:08 +0200 Subject: [PATCH 2/2] docs: update documentation on cert manager removal from helm chart --- docs/README.md | 14 +++++++------- docs/book/src/01_user/02_quick-start.md | 3 ++- docs/book/src/02_installation/01_prerequisites.md | 11 +++++++++++ .../02_installation/02_manifest-installation.md | 15 --------------- ...-installation.md => 02_plugin-installation.md} | 0 .../02_installation/03_manifest-installation.md | 7 +++++++ ...tallation.md => 04_helm-chart-installation.md} | 4 ---- docs/book/src/04_developer/02_guide.md | 2 +- 8 files changed, 28 insertions(+), 28 deletions(-) create mode 100644 docs/book/src/02_installation/01_prerequisites.md delete mode 100644 docs/book/src/02_installation/02_manifest-installation.md rename docs/book/src/02_installation/{01_plugin-installation.md => 02_plugin-installation.md} (100%) create mode 100644 docs/book/src/02_installation/03_manifest-installation.md rename docs/book/src/02_installation/{03_helm-chart-installation.md => 04_helm-chart-installation.md} (75%) diff --git a/docs/README.md b/docs/README.md index 35a89834b..74ee21f39 100644 --- a/docs/README.md +++ b/docs/README.md @@ -57,9 +57,9 @@ The lexicon used in this document is described in more detail [here](https://git ## Installation -### Method 1: Apply Manifests from Release Assets +### Prerequisites -Before installing the Cluster API Operator this way, you must first ensure that cert-manager is installed, as the operator does not manage cert-manager installations. To install cert-manager, run the following command: +Before installing the Cluster API Operator, you must first ensure that cert-manager is installed, as the operator does not manage cert-manager installations. To install cert-manager, run the following command: ```bash kubectl apply -f https://github.com/jetstack/cert-manager/releases/latest/download/cert-manager.yaml @@ -67,7 +67,11 @@ kubectl apply -f https://github.com/jetstack/cert-manager/releases/latest/downlo Wait for cert-manager to be ready before proceeding. -After cert-manager is successfully installed, you can install the Cluster API operator directly by applying the latest release assets: +After cert-manager is successfully installed, you can proceed installing the Cluster API operator. + +### Method 1: Apply Manifests from Release Assets + +You can install the Cluster API operator directly by applying the latest release assets: ```bash kubectl apply -f https://github.com/kubernetes-sigs/cluster-api-operator/releases/latest/download/operator-components.yaml @@ -83,10 +87,6 @@ helm repo update helm install capi-operator capi-operator/cluster-api-operator --create-namespace -n capi-operator-system ``` -#### Installing cert-manager using Helm chart - -CAPI operator Helm chart supports provisioning of cert-manager as a dependency. It is disabled by default, but you can enable it with `--set cert-manager.enabled=true` option to `helm install` command or inside of `cert-manager` section in [values.yaml](https://github.com/kubernetes-sigs/cluster-api-operator/blob/main/hack/charts/cluster-api-operator/values.yaml) file. Additionally you can define other [parameters](https://artifacthub.io/packages/helm/cert-manager/cert-manager#configuration) provided by the cert-manager chart. - #### Installing providers using Helm chart The operator Helm chart supports a "quickstart" option for bootstrapping a management cluster. The user experience is relatively similar to [clusterctl init](https://cluster-api.sigs.k8s.io/clusterctl/commands/init.html?highlight=init#clusterctl-init): diff --git a/docs/book/src/01_user/02_quick-start.md b/docs/book/src/01_user/02_quick-start.md index 5101804aa..7e8c61e04 100644 --- a/docs/book/src/01_user/02_quick-start.md +++ b/docs/book/src/01_user/02_quick-start.md @@ -8,6 +8,7 @@ For more detailed information, please refer to the full documentation. - [Running Kubernetes cluster](https://cluster-api.sigs.k8s.io/user/quick-start#install-andor-configure-a-kubernetes-cluster). - [kubectl](https://kubernetes.io/docs/tasks/tools/install-kubectl/) for interacting with the management cluster. +- [Cert Manager](https://cert-manager.io/docs/installation/) for managing operator certificates. - [Helm](https://helm.sh/docs/intro/install/) for installing operator on the cluster (optional). ## Install and configure Cluster API Operator @@ -37,7 +38,7 @@ helm repo update Deploy Cluster API components with docker provider using a single command during operator installation ```bash -helm install capi-operator capi-operator/cluster-api-operator --create-namespace -n capi-operator-system --set infrastructure=docker --set cert-manager.enabled=true --set configSecret.name=${CREDENTIALS_SECRET_NAME} --set configSecret.namespace=${CREDENTIALS_SECRET_NAMESPACE} --wait --timeout 90s +helm install capi-operator capi-operator/cluster-api-operator --create-namespace -n capi-operator-system --set infrastructure=docker --set configSecret.name=${CREDENTIALS_SECRET_NAME} --set configSecret.namespace=${CREDENTIALS_SECRET_NAMESPACE} --wait --timeout 90s ``` Docker provider can be replaced by any provider supported by [clusterctl](https://cluster-api.sigs.k8s.io/reference/providers.html#infrastructure). diff --git a/docs/book/src/02_installation/01_prerequisites.md b/docs/book/src/02_installation/01_prerequisites.md new file mode 100644 index 000000000..2f1e93f84 --- /dev/null +++ b/docs/book/src/02_installation/01_prerequisites.md @@ -0,0 +1,11 @@ +# Prerequisites + +Before installing the Cluster API Operator, you must first ensure that cert-manager is installed, as the operator does not manage cert-manager installations. To install cert-manager, run the following command: + +```bash +kubectl apply -f https://github.com/jetstack/cert-manager/releases/latest/download/cert-manager.yaml +``` + +Wait for cert-manager to be ready before proceeding. + +After cert-manager is successfully installed, you can proceed installing the Cluster API operator. \ No newline at end of file diff --git a/docs/book/src/02_installation/02_manifest-installation.md b/docs/book/src/02_installation/02_manifest-installation.md deleted file mode 100644 index c30b8c853..000000000 --- a/docs/book/src/02_installation/02_manifest-installation.md +++ /dev/null @@ -1,15 +0,0 @@ -# Using Manifests from Release Assets - -Before installing the Cluster API Operator this way, you must first ensure that cert-manager is installed, as the operator does not manage cert-manager installations. To install cert-manager, run the following command: - -```bash -kubectl apply -f https://github.com/jetstack/cert-manager/releases/latest/download/cert-manager.yaml -``` - -Wait for cert-manager to be ready before proceeding. - -After cert-manager is successfully installed, you can install the Cluster API operator directly by applying the latest release assets: - -```bash -kubectl apply -f https://github.com/kubernetes-sigs/cluster-api-operator/releases/latest/download/operator-components.yaml -``` diff --git a/docs/book/src/02_installation/01_plugin-installation.md b/docs/book/src/02_installation/02_plugin-installation.md similarity index 100% rename from docs/book/src/02_installation/01_plugin-installation.md rename to docs/book/src/02_installation/02_plugin-installation.md diff --git a/docs/book/src/02_installation/03_manifest-installation.md b/docs/book/src/02_installation/03_manifest-installation.md new file mode 100644 index 000000000..04cb3fdbb --- /dev/null +++ b/docs/book/src/02_installation/03_manifest-installation.md @@ -0,0 +1,7 @@ +# Using Manifests from Release Assets + +You can install the Cluster API operator directly by applying the latest release assets: + +```bash +kubectl apply -f https://github.com/kubernetes-sigs/cluster-api-operator/releases/latest/download/operator-components.yaml +``` diff --git a/docs/book/src/02_installation/03_helm-chart-installation.md b/docs/book/src/02_installation/04_helm-chart-installation.md similarity index 75% rename from docs/book/src/02_installation/03_helm-chart-installation.md rename to docs/book/src/02_installation/04_helm-chart-installation.md index fe5ca7e4f..4a9594958 100644 --- a/docs/book/src/02_installation/03_helm-chart-installation.md +++ b/docs/book/src/02_installation/04_helm-chart-installation.md @@ -8,10 +8,6 @@ helm repo update helm install capi-operator capi-operator/cluster-api-operator --create-namespace -n capi-operator-system ``` -#### Installing cert-manager using Helm chart - -CAPI operator Helm chart supports provisioning of cert-manager as a dependency. It is disabled by default, but you can enable it with `--set cert-manager.enabled=true` option to `helm install` command or inside of `cert-manager` section in [values.yaml](https://github.com/kubernetes-sigs/cluster-api-operator/blob/main/hack/charts/cluster-api-operator/values.yaml) file. Additionally you can define other [parameters](https://artifacthub.io/packages/helm/cert-manager/cert-manager#configuration) provided by the cert-manager chart. - #### Installing providers using Helm chart The operator Helm chart supports a "quickstart" option for bootstrapping a management cluster. The user experience is relatively similar to [clusterctl init](https://cluster-api.sigs.k8s.io/clusterctl/commands/init.html?highlight=init#clusterctl-init): diff --git a/docs/book/src/04_developer/02_guide.md b/docs/book/src/04_developer/02_guide.md index 0c068a60e..161e01a64 100644 --- a/docs/book/src/04_developer/02_guide.md +++ b/docs/book/src/04_developer/02_guide.md @@ -67,7 +67,7 @@ kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/ Ensure the cert-manager webhook service is ready before creating the Cluster API Operator components. This can be done by following instructions for [manual verification](https://cert-manager.io/docs/installation/verify/#manual-verification) -from the [cert-manager] web site. +from the [cert-manager] website. Note: make sure to follow instructions for the release of cert-manager you are installing. [cert-manager]: https://github.com/cert-manager/cert-manager