fix: added rbac to create and update events, automated chart upgrade … (

#34)

* fix: added rbac to create and update events, automated chart upgrade and image pull secrets

* fix:per PR feedback, changing the image pull secrets to global list

Co-authored-by: Sangeetha Madamanchi <[email protected]>

charts/overwhelm/Chart.yaml

@@ -1,6 +1,6 @@
 apiVersion: v2
 name: overwhelm
-version: 1.2.0
+version: 1.2.2
 maintainers:
     - name: "Expedia Group"
       url: "https://github.com/ExpediaGroup/overwhelm"

charts/overwhelm/crds/applications.core.expediagroup.com-crd.yaml

@@ -61,20 +61,20 @@ spec:
                 type: object
               preRenderer:
                 description: PreRenderer holds custom templating delimiters and a
-                  flag. By default, standard delimiters \{\{ and }} will be used to
+                  flag. By default, standard delimiters {{ and }} will be used to
                   render values within. If specified then the custom delimiters will
                   be used.
                 properties:
                   closeDelimiter:
                     description: Custom non white-spaced and non alpha-numeric close
                       delimiter used for go templating action to pre-render. For e.g.,
-                      %>. Default is  }}
+                      %>. Default is }}
                     maxLength: 2
                     minLength: 2
                     type: string
                   enableHelmTemplating:
                     description: Enable to allow Helm Templating to interpolate values
-                      within the delimiters \{\{ }}. Defaults to false allowing the
+                      within the delimiters {{ }}. Defaults to false allowing the
                       pre-renderer to do interpolation within the default delimiters.
                       If both helm templating and pre-rendering are desired, then
                       enable EnableHelmTemplating and specify custom delimiters as
@@ -83,8 +83,7 @@ spec:
                   openDelimiter:
                     description: Custom non white-spaced and non alpha-numeric open
                       delimiter used for go templating action to pre-render. For e.g.,
-                      <%. Default is \{\{
-                    maxLength: 2
+                      <%. Default is {{ maxLength: 2
                     minLength: 2
                     type: string
                 type: object

charts/overwhelm/templates/overwhelm-controller-manager-deployment.yaml

@@ -17,6 +17,12 @@ spec:
       labels: 
 {{ toYaml .Values.deployment.labels  | indent 8 }}
     spec:
+      {{- if .Values.global.imagePullSecrets }}
+      imagePullSecrets:
+      {{- range .Values.global.imagePullSecrets }}
+        - name: {{ . }}
+      {{- end }}
+      {{- end }}
       containers:
       - args:
         - --health-probe-bind-address=:8081
@@ -62,9 +68,5 @@ spec:
             memory: 64Mi
       securityContext:
         runAsNonRoot: true
-      {{- if .Values.deployment.image.pullSecret }}
-      imagePullSecrets:
-        - name: {{ .Values.deployment.image.pullSecret }}
-      {{- end }}
       serviceAccountName: overwhelm-controller-manager
       terminationGracePeriodSeconds: 10

charts/overwhelm/templates/overwhelm-manager-role-cr.yaml

@@ -37,8 +37,10 @@ rules:
   resources:
   - events
   verbs:
+  - create
   - get
   - list
+  - update
   - watch
 - apiGroups:
   - ""

config/helm-manifest/kustomization.yaml

@@ -19,7 +19,22 @@ patchesJson6902:
     patch: |-
       - op: replace
         path: /spec/template/spec/containers/0/resources
-        value: <GOTEMPLATE> toYaml .Values.deployment.resources  | indent 10 </GOTEMPLATE>
+        value: "{{ toYaml .Values.deployment.resources  | indent 10 }}"
+  - target: # We use Json6902 patches for inline replacement patches  which are not possible with Strategic Merge patches
+      group: apps
+      version: v1
+      kind: Deployment
+      name: overwhelm-controller-manager
+    patch: |-
+      - op: replace
+        path: /spec/template/spec/
+        value: |
+          {{- if .Values.global.imagePullSecrets }}
+          imagePullSecrets:
+          {{- range .Values.global.imagePullSecrets }}
+            - name: {{ . }}
+          {{- end }}
+          {{- end }}
   - target:
       group: apiextensions.k8s.io
       version: v1

config/helm-manifest/manager_deployment_patch.yaml

@@ -1,19 +1,18 @@
-# Use <GOTEMPLATE></GOTEMPLATE> tags for Go template delimiters to be inserted by the script/helm-charts/update.go script
 apiVersion: apps/v1
 kind: Deployment
 metadata:
   name: overwhelm-controller-manager
   namespace: overwhelm-system
 spec:
-  replicas: <GOTEMPLATE> .Values.deployment.replicas </GOTEMPLATE>
+  replicas: "{{ .Values.deployment.replicas }}"
   template:
     metadata:
       $patch: replace
-      annotations: <GOTEMPLATE> toYaml .Values.deployment.annotations  | indent 8 </GOTEMPLATE>
-      labels: <GOTEMPLATE> toYaml .Values.deployment.labels  | indent 8 </GOTEMPLATE>
+      annotations: "{{ toYaml .Values.deployment.annotations  | indent 8 }}"
+      labels: "{{ toYaml .Values.deployment.labels  | indent 8 }}"
     spec:
       containers:
       - name: manager
-        image: <GOTEMPLATE> .Values.deployment.image.manager.repository </GOTEMPLATE>:<GOTEMPLATE> .Values.deployment.image.manager.tag </GOTEMPLATE>
+        image: "{{ .Values.deployment.image.manager.repository }}:{{ .Values.deployment.image.manager.tag }}"
       - name: kube-rbac-proxy
-        image: <GOTEMPLATE> .Values.deployment.image.kubeRbacProxy.repository </GOTEMPLATE>:<GOTEMPLATE> .Values.deployment.image.kubeRbacProxy.tag </GOTEMPLATE>
+        image: "{{ .Values.deployment.image.kubeRbacProxy.repository }}:{{ .Values.deployment.image.kubeRbacProxy.tag }}"

scripts/helm-charts/update.go

@@ -1,7 +1,10 @@
 package main
 
 import (
+	"bufio"
+	"fmt"
 	"os"
+	"regexp"
 	"strings"
 )
 
@@ -10,12 +13,49 @@ func main() {
 	if err != nil {
 		panic(err)
 	}
+
 	data := string(d)
-	data = strings.ReplaceAll(data, "{{", "\\{\\{")
-	data = strings.ReplaceAll(data, "<GOTEMPLATE>", "{{")
-	data = strings.ReplaceAll(data, "</GOTEMPLATE>", "}}")
+	//if condition string patch. The kustomize created a sub element to spec element since we cant add this block to the spec key directly. This bit
+	//will remove the sub element and indent this block back to the spec element
+
+	ifString := regexp.MustCompile("{{- if(.|\n)+{{- end }}").FindString(data)
+	ifIndentPatch := regexp.MustCompile("\n\\s\\s").ReplaceAllString(ifString, "\n")
+	data = regexp.MustCompile("\"\": \\|-\\s+").ReplaceAllString(data, "")
+	data = regexp.MustCompile("{{- if(.|\n)+({{- end }})").ReplaceAllString(data, ifIndentPatch)
+
+	data = strings.ReplaceAll(data, "'{{", "{{")
+	data = strings.ReplaceAll(data, "}}'", "}}")
 	data = strings.ReplaceAll(data, "{{ toYaml", "\n{{ toYaml")
+	data = regexp.MustCompile("{{\\s+").ReplaceAllString(data, "{{ ")
+	data = regexp.MustCompile("\\s+}}").ReplaceAllString(data, " }}")
+
 	if err = os.WriteFile("charts/tmp.yaml", []byte(data), 0644); err != nil {
 		panic(err)
 	}
+
+	c, err := os.ReadFile("charts/overwhelm/Chart.yaml")
+	if err != nil {
+		panic(err)
+	}
+	chart := string(c)
+	chartVersion := regexp.MustCompile("(version: )(.+)(\n)").FindSubmatch(c)[2]
+	scanner := bufio.NewScanner(os.Stdin)
+	fmt.Printf("The current chart version is %s. Provide the new version in the form of x.x.x if applicable or type NA if not upgrade is needed \n", chartVersion)
+	scanner.Scan()
+	text := scanner.Text()
+	if strings.ToLower(text) != "na" {
+		fmt.Printf("The new version will be version: %s. Type Yes to confirm: ", text)
+		scanner.Scan()
+		confirm := scanner.Text()
+		if strings.ToLower(confirm) != "yes" {
+			fmt.Printf("Ok, abandoning chart upgrade \n")
+		} else {
+			newVersion := "version: " + text
+			chart = strings.ReplaceAll(chart, "version: "+string(chartVersion), newVersion)
+			if err = os.WriteFile("charts/overwhelm/Chart.yaml", []byte(chart), 0644); err != nil {
+				panic(err)
+			}
+			fmt.Printf("Chart version upgraded to %s \n", text)
+		}
+	}
 }