Create Helm Chart to deploy the prefect-operator (#73)

* initial helm chart & deployment

* add operator role

* leader election perms

* rbac & kube rbac proxy

* remove yaml

* revert the spacing

* remove yamllint

* user roles

* remove if conditional on annotations

* service monitor, etc

* remove yaml

* move crds

* update gitignore

* fix pathing

* remove validate values & license ref

* add ---

* missing server permissions

* readd these files

* comment

* update chart & app version

* yaml lint

---------

Co-authored-by: jamie zieziula <[email protected]>

.gitignore

@@ -25,3 +25,8 @@ go.work
 *.swp
 *.swo
 *~
+
+# Helm lock files & local charts
+deploy/charts/*/charts
+requirements.lock
+Chart.lock

.mise.toml

@@ -3,9 +3,12 @@ actionlint = '1.7.1'
 ginkgo = '2.19.0'
 golang = '1.21'
 golangci-lint = '1.57.2'
+helm = '3.15'
+helm-ct = '3.11.0'
+helm-docs = '1.13.1'
 kube-controller-tools = '0.14.0'
 kubectl = '1.31'
 kustomize = '5.3.0'
-setup-envtest = '0.17.0'
-yamllint = '1.35.1'
 pre-commit = '3.8.0'
+setup-envtest = '0.17.0'
+yamllint = '1.35.1'

.pre-commit-config.yaml

@@ -6,21 +6,30 @@ repos:
     rev: v4.3.0
     hooks:
       - id: check-merge-conflict
-      - id: check-yaml
-        args:
-          - --allow-multiple-documents
       - id: detect-private-key
       - id: no-commit-to-branch
       - id: trailing-whitespace
 
+  - repo: https://github.com/rhysd/actionlint
+    rev: v1.7.1
+    hooks:
+      - id: actionlint
+
+  - repo: https://github.com/norwoodj/helm-docs
+    rev: v1.11.0
+    hooks:
+      - id: helm-docs
+        args:
+          - --template-files=README.md.gotmpl
+
+  - repo: https://github.com/gruntwork-io/pre-commit
+    rev: v0.1.17
+    hooks:
+      - id: helmlint
+
   - repo: https://github.com/adrienverge/yamllint.git
     rev: v1.28.0
     hooks:
       - id: yamllint
         args:
           - --strict
-
-  - repo: https://github.com/rhysd/actionlint
-    rev: v1.7.1
-    hooks:
-      - id: actionlint

.yamllint

@@ -3,6 +3,7 @@ extends: default
 
 ignore: |
   config/
+  deploy/
 
 rules:
   comments:

config/rbac/auth_proxy_client_clusterrole.yaml

@@ -1,3 +1,4 @@
+# this is the only file that hasn't been converted to a helm template
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:

deploy/charts/prefect-operator/.helmignore

@@ -0,0 +1,21 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj

deploy/charts/prefect-operator/Chart.yaml

@@ -0,0 +1,26 @@
+apiVersion: v2
+dependencies:
+  - name: common
+    repository: https://charts.bitnami.com/bitnami
+    tags:
+      - bitnami-common
+    version: 2.20.5
+description: Prefect Operator application bundle
+engine: gotpl
+home: https://github.com/PrefectHQ
+maintainers:
+  - name: jamiezieziula
+    email: [email protected]
+  - name: jimid27
+    email: [email protected]
+  - name: parkedwards
+    email: [email protected]
+  - name: mitchnielsen
+    email: [email protected]
+name: prefect-operator
+sources:
+  - https://github.com/PrefectHQ/prefect-operator
+type: application
+# The version and appVersion fields are set automatically by the release tool
+version: v0.0.0
+appVersion: v0.0.0

deploy/charts/prefect-operator/README.md

@@ -0,0 +1,77 @@
+# prefect-operator
+
+![Version: v0.0.0](https://img.shields.io/badge/Version-v0.0.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v0.0.0](https://img.shields.io/badge/AppVersion-v0.0.0-informational?style=flat-square)
+
+Prefect Operator application bundle
+
+**Homepage:** <https://github.com/PrefectHQ>
+
+## Maintainers
+
+| Name | Email | Url |
+| ---- | ------ | --- |
+| jamiezieziula | <[email protected]> |  |
+| jimid27 | <[email protected]> |  |
+| parkedwards | <[email protected]> |  |
+| mitchnielsen | <[email protected]> |  |
+
+## Source Code
+
+* <https://github.com/PrefectHQ/prefect-operator>
+
+## Requirements
+
+| Repository | Name | Version |
+|------------|------|---------|
+| https://charts.bitnami.com/bitnami | common | 2.20.5 |
+
+## Values
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| commonAnnotations | object | `{}` | annotations to add to all deployed objects |
+| commonLabels | object | `{"app.kubernetes.io/component":"operator"}` | labels to add to all deployed objects |
+| fullnameOverride | string | `"prefect-operator"` | fully override common.names.fullname |
+| kubeRbacProxy.create | bool | `true` | specifies whether the kube-rbac-proxy should be deployed to the cluster |
+| kubeRbacProxy.image | string | `"gcr.io/kubebuilder/kube-rbac-proxy:v0.16.0"` | the image of the kube-rbac-proxy to use |
+| kubeRbacProxy.name | string | `"kube-rbac-proxy"` | the name of the kube-rbac-proxy to use |
+| metrics.enabled | bool | `false` | enable the export of Prometheus metrics |
+| metrics.serviceMonitor.enabled | bool | `false` | creates a Prometheus Operator ServiceMonitor (also requires `metrics.enabled` to be `true`) |
+| nameOverride | string | `""` | partially overrides common.names.name |
+| namespaceOverride | string | `""` | fully override common.names.namespace |
+| operator.affinity | object | `{}` | affinity for operator pods assignment |
+| operator.containerSecurityContext.allowPrivilegeEscalation | bool | `false` | set operator containers' security context allowPrivilegeEscalation |
+| operator.containerSecurityContext.capabilities | object | `{"drop":["ALL"]}` | set operator container's security context capabilities |
+| operator.extraEnvVars | list | `[]` | array with environment variables to add to operator container |
+| operator.image.pullPolicy | string | `"IfNotPresent"` | operator image pull policy |
+| operator.image.pullSecrets | list | `[]` | operator image pull secrets |
+| operator.image.repository | string | `"prefecthq/prefect-operator"` | operator image repository |
+| operator.image.tag | string | `"latest"` | operator image tag (immutable tags are recommended) |
+| operator.livenessProbe.config.initialDelaySeconds | int | `15` | The number of seconds to wait before starting the first probe. |
+| operator.livenessProbe.config.periodSeconds | int | `20` | The number of seconds to wait between consecutive probes. |
+| operator.livenessProbe.enabled | bool | `true` |  |
+| operator.nodeSelector | object | `{}` | node labels for operator pods assignment |
+| operator.podAnnotations | object | `{}` | extra annotations for operator pod |
+| operator.podLabels | object | `{}` | extra labels for operator pod |
+| operator.podSecurityContext.runAsNonRoot | bool | `true` | set operator pod's security context runAsNonRoot |
+| operator.priorityClassName | string | `""` | priority class name to use for the operator pods; if the priority class is empty or doesn't exist, the operator pods are scheduled without a priority class |
+| operator.readinessProbe.config.initialDelaySeconds | int | `5` | The number of seconds to wait before starting the first probe. |
+| operator.readinessProbe.config.periodSeconds | int | `10` | The number of seconds to wait between consecutive probes. |
+| operator.readinessProbe.enabled | bool | `true` |  |
+| operator.replicaCount | int | `1` | number of operator replicas to deploy |
+| operator.resources.limits | object | `{"cpu":"500m","memory":"128Mi"}` | the requested limits for the operator container |
+| operator.resources.requests | object | `{"cpu":"10m","memory":"64Mi"}` | the requested resources for the operator container |
+| operator.terminationGracePeriodSeconds | int | `10` | seconds operator pod needs to terminate gracefully |
+| operator.tolerations | list | `[]` | tolerations for operator pods assignment |
+| operator.topologySpreadConstraints | list | `[]` | topology spread constraints for operator pod assignment spread across your cluster among failure-domains |
+| rbac.operator.create | bool | `true` | specifies whether the operator role & role binding should be created |
+| rbac.userRoles.prefectServer.editor.create | bool | `true` | specifies whether the server editor role should be created |
+| rbac.userRoles.prefectServer.viewer.create | bool | `true` | specifies whether the server viewer role should be created |
+| rbac.userRoles.prefectWorkpool.editor.create | bool | `true` | specifies whether the workpool editor role should be created |
+| rbac.userRoles.prefectWorkpool.viewer.create | bool | `true` | specifies whether the workpool viewer role should be created |
+| serviceAccount.annotations | object | `{}` | additional service account annotations (evaluated as a template) |
+| serviceAccount.create | bool | `true` | specifies whether a ServiceAccount should be created |
+| serviceAccount.name | string | `""` | the name of the ServiceAccount to use. if not set and create is true, a name is generated using the common.names.fullname template |
+
+----------------------------------------------
+Autogenerated from chart metadata using [helm-docs v1.13.1](https://github.com/norwoodj/helm-docs/releases/v1.13.1)