Add cert-manager sub-chart as quick start (#115)

Also unify the feature switch name to `enabled`.

.gitignore

@@ -4,4 +4,8 @@
 .vscode
 chart/skywalking/charts/
 chart/skywalking/Chart.lock
+chart/operator/charts
+chart/operator/Chart.lock
+chart/adapter/charts
+chart/adapter/Chart.lock
 *.tgz

chart/operator/Chart.yaml

@@ -26,3 +26,8 @@ maintainers:
     email: [email protected]
   - name: dashanji
     email: [email protected]
+dependencies:
+  - name: cert-manager
+    version: 1.9.1
+    repository: https://charts.jetstack.io
+    condition: cert-manager.enabled

chart/operator/README.md

@@ -37,21 +37,22 @@ The command removes all the operator components associated with the chart and de
 
 The following table lists the configurable parameters of the operator chart and their default values.
 
-| Parameter                                                    | Description                                                                                      | Default                              |
-|--------------------------------------------------------------|--------------------------------------------------------------------------------------------------|--------------------------------------|
-| `fullnameOverride`                             | Override fullname                                          | `nil`                            |
-| `.replicaCount`                | The replicas of operator                               | `1`                                |
-| `.serviceAccountName`     | The service account name of operator                                        | `skywalking-swck-controller-manager` |
-| `.image.repository`               | Operator container image name                          | `docker.io/apache/skywalking-swck` |
-| `.image.pullPolicy`    | Operator container image pull policy                                        | `IfNotPresent`                  |
-| `.image.tag`                         | Operator container image tag                                     | `v0.7.0`                           |
-| `.metrics.service.port`              | The port for the operator metrics service                           | `8443`                             |
-| `.webhook.service.port`             | The port for the operator web hook service                   | `9443`                              |
-| `.resources.limits.cpu`      | The limits of cpu in the operator          | `200m`                                |
-| `.resources.limits.memory`   | The limits of memory in the operator       | `300Mi`                               |
-| `.resources.requests.cpu`    | The requests of cpu in the operator        | `200m`                                |
-| `.resources.requests.memory` | The requests of memory in the operator     | `300Mi`                        |
-| `.affinity`                   | The affinity policy of operator                            | `{}`                                 |
+| Parameter                    | Description                                                                                                                  | Default                              |
+|------------------------------|------------------------------------------------------------------------------------------------------------------------------|--------------------------------------|
+| `fullnameOverride`           | Override fullname                                                                                                            | `nil`                                |
+| `.replicaCount`              | The replicas of operator                                                                                                     | `1`                                  |
+| `.serviceAccountName`        | The service account name of operator                                                                                         | `skywalking-swck-controller-manager` |
+| `.image.repository`          | Operator container image name                                                                                                | `docker.io/apache/skywalking-swck`   |
+| `.image.pullPolicy`          | Operator container image pull policy                                                                                         | `IfNotPresent`                       |
+| `.image.tag`                 | Operator container image tag                                                                                                 | `v0.7.0`                             |
+| `.metrics.service.port`      | The port for the operator metrics service                                                                                    | `8443`                               |
+| `.webhook.service.port`      | The port for the operator web hook service                                                                                   | `9443`                               |
+| `.resources.limits.cpu`      | The limits of cpu in the operator                                                                                            | `200m`                               |
+| `.resources.limits.memory`   | The limits of memory in the operator                                                                                         | `300Mi`                              |
+| `.resources.requests.cpu`    | The requests of cpu in the operator                                                                                          | `200m`                               |
+| `.resources.requests.memory` | The requests of memory in the operator                                                                                       | `300Mi`                              |
+| `.affinity`                  | The affinity policy of operator                                                                                              | `{}`                                 |
+| `cert-manager.enabled`        | Whether to install demo cert-manager. DO NOT use this in production, this is for quick start.                               | `false`                              |
 
 Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example,
 

chart/operator/templates/_helpers.tpl

@@ -15,13 +15,6 @@ See the License for the specific language governing permissions and
 limitations under the License.
 */}}
 
-{{/*
-Expand the name of the chart.
-*/}}
-{{- define "operator.name" -}}
-{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
-{{- end }}
-
 {{/*
 Create a default fully qualified app name.
 We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
@@ -63,7 +56,7 @@ app.kubernetes.io/managed-by: {{ .Release.Service }}
 Selector labels
 */}}
 {{- define "operator.selectorLabels" -}}
-app.kubernetes.io/name: {{ include "operator.name" . }}
+app.kubernetes.io/name: {{ include "operator.fullname" . }}
 app.kubernetes.io/instance: {{ .Release.Name }}
 {{- end }}
 

chart/operator/templates/cert.yaml

@@ -13,12 +13,15 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-{{- if .Values.webhook.enable }}
+{{- if .Values.webhook.enabled }}
 apiVersion: cert-manager.io/v1
 kind: Certificate
 metadata:
   name: {{ include "operator.fullname" . }}-serving-cert
   namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": post-install,post-upgrade
+    "helm.sh/hook-weight": "2"
 spec:
   dnsNames:
   - {{ include "operator.fullname" . }}-webhook-service.{{ .Release.Namespace }}.svc
@@ -33,6 +36,9 @@ kind: Issuer
 metadata:
   name: {{ include "operator.fullname" . }}-selfsigned-issuer
   namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": post-install,post-upgrade
+    "helm.sh/hook-weight": "1"
 spec:
   selfSigned: {}
-{{- end }}
+{{- end }}

chart/operator/templates/configmap.yaml

@@ -41,14 +41,14 @@ data:
     kind: ControllerManagerConfig
     health:
       healthProbeBindAddress: :8081
-    {{- if .Values.webhook.enable }}
+    {{- if .Values.webhook.enabled }}
     metrics:
       bindAddress: 127.0.0.1:8080
     {{- end }}
-    {{- if .Values.webhook.enable }}
+    {{- if .Values.webhook.enabled }}
     webhook:
       port: {{ .Values.webhook.service.port }}
     {{- end }}
     leaderElection:
       leaderElect: true
-      resourceName: v1alpha1.swck.skywalking.apache.org
+      resourceName: v1alpha1.swck.skywalking.apache.org

chart/operator/templates/deployment.yaml

@@ -47,7 +47,7 @@ spec:
           initialDelaySeconds: 15
           periodSeconds: 20
         name: manager
-        {{- if .Values.webhook.enable }}
+        {{- if .Values.webhook.enabled }}
         ports:
         - containerPort: {{ .Values.webhook.service.port }}
           name: webhook-server
@@ -64,7 +64,7 @@ spec:
         securityContext:
           {{- toYaml .Values.securityContext | nindent 10 }}
         volumeMounts:
-        {{- if .Values.webhook.enable }}
+        {{- if .Values.webhook.enabled }}
         - mountPath: /tmp/k8s-webhook-server/serving-certs
           name: cert
           readOnly: true
@@ -73,15 +73,15 @@ spec:
           name: manager-config
           subPath: controller_manager_config.yaml
       - args:
-        {{- if .Values.metrics.enable }}
+        {{- if .Values.metrics.enabled }}
         - --secure-listen-address=0.0.0.0:{{ .Values.metrics.service.port }}
         {{- end }}
         - --upstream=http://127.0.0.1:8080/
         - --logtostderr=true
         - --v=10
         image: gcr.io/kubebuilder/kube-rbac-proxy:v0.8.0
         name: kube-rbac-proxy
-        {{- if .Values.metrics.enable }}
+        {{- if .Values.metrics.enabled }}
         ports:
         - containerPort: {{ .Values.metrics.service.port }}
           name: https
@@ -92,7 +92,7 @@ spec:
       serviceAccountName: {{ include "operator.fullname" . }}-controller-manager
       terminationGracePeriodSeconds: 10
       volumes:
-      {{- if .Values.webhook.enable }}
+      {{- if .Values.webhook.enabled }}
       - name: cert
         secret:
           defaultMode: 420
@@ -104,4 +104,4 @@ spec:
       {{- with .Values.affinity }}
       affinity:
         {{- toYaml . | nindent 8 }}
-      {{- end }}
+      {{- end }}

chart/operator/templates/java-agent-configmap.yaml

@@ -1,4 +1,4 @@
-{{- if .Values.webhook.enable }}
+{{- if .Values.webhook.enabled }}
 apiVersion: v1
 kind: ConfigMap
 metadata:
@@ -13,4 +13,4 @@ data:
     collector.backend_service=${SW_AGENT_COLLECTOR_BACKEND_SERVICES:127.0.0.1:11800}
 
     # Please refer to https://skywalking.apache.org/docs/skywalking-java/latest/en/setup/service-agent/java-agent/configurations/#table-of-agent-configuration-properties to get more details.
-{{- end }}
+{{- end }}

chart/operator/templates/service.yaml

@@ -13,7 +13,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-{{- if .Values.metrics.enable }}
+{{- if .Values.metrics.enabled }}
 apiVersion: v1
 kind: Service
 metadata:
@@ -31,7 +31,7 @@ spec:
     control-plane: {{ include "operator.fullname" . }}-controller-manager
 {{- end }}
 ---
-{{- if .Values.webhook.enable }}
+{{- if .Values.webhook.enabled }}
 apiVersion: v1
 kind: Service
 metadata:
@@ -44,4 +44,4 @@ spec:
     targetPort: {{ .Values.webhook.service.port }}
   selector:
     control-plane: {{ include "operator.fullname" . }}-controller-manager
-{{- end }}
+{{- end }}

chart/operator/templates/webhook.yaml

@@ -13,7 +13,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-{{- if .Values.webhook.enable }}
+{{- if .Values.webhook.enabled }}
 apiVersion: admissionregistration.k8s.io/v1
 kind: MutatingWebhookConfiguration
 metadata:
@@ -412,4 +412,4 @@ webhooks:
     resources:
     - uis
   sideEffects: None
-{{- end }}
+{{- end }}

chart/operator/values.yaml

@@ -27,7 +27,7 @@ image:
 securityContext:
   allowPrivilegeEscalation: false
 metrics:
-  enable: true
+  enabled: true
   service:
     port: 8443
 # install crds
@@ -36,7 +36,7 @@ crds:
 # enable webhook.
 webhook:
   # If set to false, java agent injector is disabled.
-  enable: true
+  enabled: true
   service:
     port: 9443
 resources:
@@ -51,3 +51,10 @@ resources:
     cpu: 200m
     memory: 300Mi
 affinity: {}
+
+nameOverride: ""
+fullnameOverride: ""
+
+cert-manager:
+  enabled: false
+  installCRDs: true

test/e2e/swck/e2e.yaml

@@ -40,6 +40,7 @@ setup:
           for: condition=Available       
     - name: Install operator
       command: |
+        helm dep up chart/operator
         helm install operator chart/operator --namespace=skywalking-swck-system \
                        --create-namespace \
                        --set fullnameOverride=skywalking-swck