feat(helm): init helm chart

Signed-off-by: PINCHON Benjamin <[email protected]>

.github/ci/ct.yaml

@@ -0,0 +1,7 @@
+remote: origin
+target-branch: main
+validate-maintainers: false
+check-version-increment: false
+chart-dirs:
+  - charts
+helm-extra-args: "--timeout=5m"

.github/workflows/helm.yml

@@ -0,0 +1,93 @@
+name: Helm Chart
+
+on:
+  push:
+    branches:
+      - main
+      - release-*
+    paths:
+      - charts/powerdns-operator/Chart.yaml
+
+  workflow_dispatch: {}
+
+permissions:
+  contents: read
+
+jobs:
+  lint-and-test:
+    name: Lint and Test
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          fetch-depth: 0
+
+      - name: Configure Git
+        run: |
+          git config user.name "$GITHUB_ACTOR"
+          git config user.email "[email protected]"
+
+      - name: Set up Helm
+        uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814 # v4.2.0
+
+      - name: Set up Python
+        uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0
+        with:
+          python-version: 3.x
+
+      - name: Set up Helm Chart Testing
+        uses: helm/chart-testing-action@e6669bcd63d7cb57cb4380c33043eebe5d111992 # v2.6.1
+
+      - name: Set up Artifact Hub
+        run: |
+          curl --fail --location https://github.com/artifacthub/hub/releases/download/v1.19.0/ah_1.19.0_linux_amd64.tar.gz --output /tmp/ah.tar.gz
+          echo "0e430493521ce387ca04d79b26646a86f92886dbcceb44985bb71082a9530ca5  /tmp/ah.tar.gz" | shasum --check
+          sudo tar --extract --file /tmp/ah.tar.gz --directory /usr/local/bin ah
+
+      - name: Lint chart
+        run: |
+          ct lint --config .github/ci/.ct.yaml
+          ah lint --path charts/powerdns-operator
+
+      - name: Install chart unittest
+        run: |
+          helm env
+          helm plugin install https://github.com/helm-unittest/helm-unittest
+
+      - name: Run unitests
+        run: make helm-test
+
+  release:
+    name: Release
+    runs-on: ubuntu-latest
+
+    permissions:
+      contents: write
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          fetch-depth: 0
+
+      - name: Configure Git
+        run: |
+          git config user.name "$GITHUB_ACTOR"
+          git config user.email "[email protected]"
+
+      - name: Set up Helm
+        uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814 # v4.2.0
+
+      - name: Run chart-releaser
+        uses: helm/chart-releaser-action@a917fd15b20e8b64b94d9158ad54cd6345335584 # v1.6.0
+        if: |
+          github.ref == 'refs/heads/main' ||
+          startsWith(github.ref, 'refs/heads/release-')
+        env:
+          CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
+          CR_RELEASE_NAME_TEMPLATE: helm-chart-{{ .Version }}
+          CR_SKIP_EXISTING: true
+        with:
+          charts_dir: charts

Makefile

@@ -1,8 +1,22 @@
 # Image URL to use all building/pushing image targets
 IMG ?= controller:latest
+
+## Tool Versions
+KUSTOMIZE_VERSION ?= v5.4.3
+CONTROLLER_TOOLS_VERSION ?= v0.16.2
+ENVTEST_VERSION ?= release-0.19
+GOLANGCI_LINT_VERSION ?= v1.61.0
+
 # ENVTEST_K8S_VERSION refers to the version of kubebuilder assets to be downloaded by envtest binary.
 ENVTEST_K8S_VERSION = 1.31.0
 
+# Helm
+HELM_UNITTEST_VERSION = 3.16.1-0.6.2
+HELM_DOCS_VERSION = v1.14.2
+HELM_DIR ?= charts/powerdns-operator
+
+OUTPUT_DIR ?= bin
+
 # Get the currently used golang install path (in GOPATH/bin, unless GOBIN is set)
 ifeq (,$(shell go env GOBIN))
 GOBIN=$(shell go env GOPATH)/bin
@@ -67,7 +81,7 @@ help: ## Display this help.
 
 ##@ Conformance
 .PHONY: reviewable
-reviewable: generate manifests lint ## Ensure a PR is ready for review.
+reviewable: generate manifests helm-docs lint ## Ensure a PR is ready for review.
 	@go mod tidy
 
 .PHONY: check-diff
@@ -81,6 +95,7 @@ check-diff: reviewable ## Ensure branch is clean.
 .PHONY: manifests
 manifests: controller-gen ## Generate WebhookConfiguration, ClusterRole and CustomResourceDefinition objects.
 	$(CONTROLLER_GEN) rbac:roleName=manager-role crd webhook paths="./..." output:crd:artifacts:config=config/crd/bases
+	$(CONTROLLER_GEN) rbac:roleName=manager-role crd webhook paths="./..." output:crd:artifacts:config=charts/powerdns-operator/crds
 
 .PHONY: generate
 generate: controller-gen ## Generate code containing DeepCopy, DeepCopyInto, and DeepCopyObject method implementations.
@@ -189,16 +204,26 @@ undeploy: kustomize ## Undeploy controller from the K8s cluster specified in ~/.
 	$(KUSTOMIZE) build config/default | $(KUBECTL) delete --ignore-not-found=$(ignore-not-found) -f -
 
 
-##@ Packaging
-HELMIFY ?= $(LOCALBIN)/helmify
+##@ Helm
+helm-docs:
+	@cd $(HELM_DIR); \
+	docker run --rm -v $(shell pwd)/$(HELM_DIR):/helm-docs -u $(shell id -u) jnorwood/helm-docs:$(HELM_DOCS_VERSION)
 
-.PHONY: helmify
-helmify: $(HELMIFY) ## Download helmify locally if necessary.
-$(HELMIFY): $(LOCALBIN)
-	test -s $(LOCALBIN)/helmify || GOBIN=$(LOCALBIN) go install github.com/arttor/helmify/cmd/helmify@latest
+HELM_VERSION ?= $(shell helm show chart $(HELM_DIR) | grep '^version:' | sed 's/version: //g')
 
-helm: manifests kustomize helmify
-	$(KUSTOMIZE) build config/default | $(HELMIFY) -crd-dir -image-pull-secrets
+helm-build:
+	@$(INFO) helm package
+	@helm package $(HELM_DIR) --dependency-update --destination $(OUTPUT_DIR)/chart
+	@mv $(OUTPUT_DIR)/chart/powerdns-operator-$(HELM_VERSION).tgz $(OUTPUT_DIR)/chart/powerdns-operator.tgz
+	@$(OK) helm package
+
+helm-test:
+	@cd $(HELM_DIR); \
+	docker run --rm -ti -v $(shell pwd)/$(HELM_DIR):/apps -u $(shell id -u) helmunittest/helm-unittest:$(HELM_UNITTEST_VERSION) .
+
+helm-test-update:
+	@cd $(HELM_DIR); \
+	docker run --rm -ti -v $(shell pwd)/$(HELM_DIR):/apps -u $(shell id -u) helmunittest/helm-unittest:$(HELM_UNITTEST_VERSION) -u .
 
 ##@ Dependencies
 
@@ -214,12 +239,6 @@ CONTROLLER_GEN ?= $(LOCALBIN)/controller-gen-$(CONTROLLER_TOOLS_VERSION)
 ENVTEST ?= $(LOCALBIN)/setup-envtest-$(ENVTEST_VERSION)
 GOLANGCI_LINT = $(LOCALBIN)/golangci-lint-$(GOLANGCI_LINT_VERSION)
 
-## Tool Versions
-KUSTOMIZE_VERSION ?= v5.4.3
-CONTROLLER_TOOLS_VERSION ?= v0.16.2
-ENVTEST_VERSION ?= release-0.19
-GOLANGCI_LINT_VERSION ?= v1.61.0
-
 .PHONY: kustomize
 kustomize: $(KUSTOMIZE) ## Download kustomize locally if necessary.
 $(KUSTOMIZE): $(LOCALBIN)

charts/powerdns-operator/.helmignore

@@ -0,0 +1,30 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
+
+# CRD Readme.md
+templates/crds/README.md
+
+tests/
+README.md.gotmpl
+.helmignore

charts/powerdns-operator/Chart.yaml

@@ -0,0 +1,36 @@
+apiVersion: v2
+name: powerdns-operator
+description: Manage PowerDNS resources with Kubernetes
+type: application
+version: 0.1.0
+appVersion: 0.1.0
+kubeVersion: '>= 1.21.0-0'
+keywords:
+  - powerdns-operator
+  - powerdns
+  - dns
+home: https://orange-opensource.github.io/PowerDNS-Operator
+icon: https://github.com/Orange-OpenSource/PowerDNS-Operator/blob/main/docs/assets/favicon.png?raw=true
+maintainers:
+- name: antrema
+- name: mydoomfr
+sources:
+  - https://github.com/Orange-OpenSource/PowerDNS-Operator
+annotations:
+  artifacthub.io/crds: |
+    - kind: Zone
+      version: v1alpha1
+      name: zone.dns.cav.enablers.ob
+      displayName: Zone
+      description: |
+        A Zone is a collection of records that are managed together. Zones can
+        be used to represent a domain, a subdomain, or a set of records that are
+        managed together.
+    - kind: RRset
+      version: v1alpha1
+      name: rrset.dns.cav.enablers.ob
+      displayName: RRset
+      description: |
+        An RRset is a collection of records that share the same name and type.
+        RRsets can be used to represent a collection of records that are managed
+        together.

charts/powerdns-operator/README.md

@@ -0,0 +1,105 @@
+# PowerDNS Operator
+
+[//]: # (README.md generated by gotmpl. DO NOT EDIT.)
+
+![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![Version: 0.1.0](https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square)
+
+Manage PowerDNS resources with Kubernetes
+
+## TL;DR
+```bash
+helm repo add orange-opensource https://orange-opensource.github.io/PowerDNS-Operator
+helm install powerdns-operator orange-opensource/powerdns-operator
+```
+
+## Installing the Chart
+To install the chart with the release name `powerdns-operator`:
+```bash
+helm install powerdns-operator orange-opensource/powerdns-operator
+```
+
+## Uninstalling the Chart
+To uninstall the `powerdns-operator` deployment:
+```bash
+helm uninstall powerdns-operator
+```
+The command removes all the Kubernetes components associated with the chart and deletes the release.
+
+## Values
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| affinity | object | `{}` |  |
+| annotations | object | `{}` | Annotations to add to the controller deployment. |
+| commonLabels | object | `{}` |  |
+| credentials.data.PDNS_API_KEY | string | `"secret"` | Specifies the PowerDNS API key used to authenticate |
+| credentials.data.PDNS_API_URL | string | `"http://powerdns.powerdns.svc:8081"` | Specifies the PowerDNS API URL PDNS_API_URL: "https://powerdns.example.local:8081" |
+| credentials.data.PDNS_API_VHOST | string | `"localhost"` | Specifies the PowerDNS VHOST |
+| credentials.existingSecret | string | `""` | Specifies whether to use an existing secret. |
+| credentials.name | string | `""` | Specifies the secret name to create if `existingSecret` is empty. |
+| dnsConfig | object | `{}` | Specifies `dnsOptions` to deployment |
+| dnsPolicy | string | `"ClusterFirst"` | Specifies `dnsPolicy` to deployment |
+| fullnameOverride | string | `""` |  |
+| global.affinity | object | `{}` |  |
+| global.compatibility.openshift.adaptSecurityContext | string | `"auto"` | Manages the securityContext properties to make them compatible with OpenShift. Possible values: auto - Apply configurations if it is detected that OpenShift is the target platform. force - Always apply configurations. disabled - No modification applied. |
+| global.nodeSelector | object | `{}` |  |
+| global.tolerations | list | `[]` |  |
+| global.topologySpreadConstraints | list | `[]` |  |
+| hostNetwork | bool | `false` | Run the controller on the host network |
+| image.pullPolicy | string | `"IfNotPresent"` |  |
+| image.repository | string | `"ghcr.io/orange-opensource/powerdns-operator"` |  |
+| image.tag | string | `""` |  |
+| imagePullSecrets | list | `[]` | Optional array of imagePullSecrets containing private registry credentials # Ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ |
+| labels | object | `{}` | Extra Labels to add to the controller deployment. |
+| livenessProbe.httpGet.path | string | `"/healthz"` |  |
+| livenessProbe.httpGet.port | int | `8081` |  |
+| livenessProbe.initialDelaySeconds | int | `15` |  |
+| livenessProbe.periodSeconds | int | `20` |  |
+| metrics.service.annotations | object | `{}` |  |
+| metrics.service.enabled | bool | `true` |  |
+| metrics.service.ipFamilies | list | `[]` | Sets the families that should be supported and the order in which they should be applied to ClusterIP as well. Can be IPv4 and/or IPv6. |
+| metrics.service.ipFamilyPolicy | string | `""` | Set the ip family policy to configure dual-stack see [Configure dual-stack](https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services) |
+| metrics.service.port | int | `8080` |  |
+| metrics.serviceMonitor.additionalLabels | object | `{}` |  |
+| metrics.serviceMonitor.annotations | object | `{}` |  |
+| metrics.serviceMonitor.enabled | bool | `true` |  |
+| metrics.serviceMonitor.labels | object | `{}` |  |
+| metrics.serviceMonitor.metricRelabelings | list | `[]` |  |
+| metrics.serviceMonitor.namespace | string | `""` |  |
+| metrics.serviceMonitor.relabelings | list | `[]` |  |
+| metrics.serviceMonitor.scheme | string | `"http"` |  |
+| metrics.serviceMonitor.scrapeInterval | string | `"15s"` |  |
+| metrics.serviceMonitor.scrapeTimeout | string | `"10s"` |  |
+| metrics.serviceMonitor.tlsConfig | object | `{}` |  |
+| nameOverride | string | `""` |  |
+| namespaceOverride | string | `""` |  |
+| nodeSelector | object | `{}` |  |
+| podAnnotations | object | `{}` | Extra annotations to add to the pod. |
+| podLabels | object | `{}` | Extra labels to add to the pod. |
+| podSecurityContext.enabled | bool | `true` |  |
+| podSecurityContext.runAsNonRoot | bool | `true` |  |
+| priorityClassName | string | `""` | Pod priority class name. |
+| rbac.create | bool | `true` |  |
+| readinessProbe.httpGet.path | string | `"/readyz"` |  |
+| readinessProbe.httpGet.port | int | `8081` |  |
+| readinessProbe.initialDelaySeconds | int | `5` |  |
+| readinessProbe.periodSeconds | int | `10` |  |
+| replicaCount | int | `1` |  |
+| resources.limits.cpu | string | `"500m"` |  |
+| resources.limits.memory | string | `"128Mi"` |  |
+| resources.requests.cpu | string | `"10m"` |  |
+| resources.requests.memory | string | `"64Mi"` |  |
+| securityContext.allowPrivilegeEscalation | bool | `false` |  |
+| securityContext.capabilities.drop[0] | string | `"ALL"` |  |
+| securityContext.enabled | bool | `true` |  |
+| securityContext.readOnlyRootFilesystem | bool | `true` |  |
+| securityContext.runAsNonRoot | bool | `true` |  |
+| securityContext.runAsUser | int | `1000` |  |
+| securityContext.seccompProfile.type | string | `"RuntimeDefault"` |  |
+| serviceAccount.annotations | object | `{}` | Annotations to add to the service account. |
+| serviceAccount.create | bool | `true` | Specifies whether a service account should be created. |
+| serviceAccount.extraLabels | object | `{}` | Extra Labels to add to the service account. |
+| serviceAccount.name | string | `""` | The name of the service account to use. If not set and create is true, a name is generated using the fullname template. |
+| terminationGracePeriodSeconds | int | `10` |  |
+| tolerations | list | `[]` |  |
+| topologySpreadConstraints | list | `[]` |  |

charts/powerdns-operator/README.md.gotmpl

@@ -0,0 +1,30 @@
+{{- $chartRepo := "https://orange-opensource.github.io/PowerDNS-Operator" -}}
+{{- $org := "orange-opensource" -}}
+# PowerDNS Operator
+
+[//]: # (README.md generated by gotmpl. DO NOT EDIT.)
+
+{{ template "chart.typeBadge" . }}{{ template "chart.versionBadge" . }}
+
+{{ template "chart.description" . }}
+
+## TL;DR
+```bash
+helm repo add {{ $org }} {{ $chartRepo }}
+helm install powerdns-operator {{ $org }}/{{ template "chart.name" . }}
+```
+
+## Installing the Chart
+To install the chart with the release name `{{ template "chart.name" . }}`:
+```bash
+helm install {{ template "chart.name" . }} {{ $org }}/{{ template "chart.name" . }}
+```
+
+## Uninstalling the Chart
+To uninstall the `{{ template "chart.name" . }}` deployment:
+```bash
+helm uninstall {{ template "chart.name" . }}
+```
+The command removes all the Kubernetes components associated with the chart and deletes the release.
+
+{{ template "chart.valuesSection" . }}