Remove yamlgen. Refactor deployment and yaml generation to use Helm templating

[jpmcb]

Issue number:

Closes #126

Description of changes:

Refactors deployment and yaml templating to use Helm. Still a work in progress. Using this draft PR as a staging area for early feedback

Testing done:

Able to:

• make images
• helm install brupop-crd deploy/charts/bottlerocket-shadow
• helm install brupop deploy/charts/bottlerocket-update-operator

Terms of contribution:

By submitting this pull request, I agree that this contribution is dual-licensed under the terms of both the Apache License, version 2.0, and the MIT license.

[jpmcb]

Force pushed to update certificate resources that changed with #340 - Ran through successful updates using:

$ helm install brupop-crd --create-namespace deploy/charts/bottlerocket-shadow
$ helm install brupop deploy/charts/bottlerocket-update-operator

[jpmcb]

Force pushed:

• fixed build errors
• resolved merge conflict (with Cargo.lock update)
• Updated READMEs with documentation on how to install brupop via helm
• added make manifest target that can be used to generate manifest at root of repository
• Removed .env file (in favor of helm values yaml file)
• Added logic to create / delete brupop namespace in integration tests

Marking this as ready for review.

There are no big things left to do here and I'd love to start getting some feedback from the community. I'm sure there are little things left here since this is a bigger refactor, but we can continue to tackle those in the coming weeks!

We'll also want to think about doing a one off change to the new release workflow to ensure that works for releases. Aka, we can change that to trigger on each push to develop and ensure it's working properly. That workflow is designed to push a helm repo to a github page hosted in this repository. We'll also need to ensure we have the right access right associated with that so it can be created on release automatically.

[stmcginnis]

Looks good to me. There are a lot of changes here, but with the noted testing done I feel comfortable with the change.

Looks like there is a merge conflict to be resolved now. Since an update is needed anyway, a couple small things pointed out.

[cbgbt]

Since we're still using dotenv as a development tool, should we leave the .env file around with some comments for what it can do?

[jpmcb]

Hmmmm that's a good point - I think this means we'll have to yes. Let me circle back and look at that.

[jpmcb]

The new workflow should become:

1. Create a values.yaml file (maybe we can create a top level one for development purposes and git ignore it)
2. Populate it with necessary values. For example:

namespace: "my-custom-ns"

3. Pass the values yaml file to be used during install either via:

• helm install -f values.yaml ... (to install to a cluster)
• helm template -f values.yaml ... > file.yaml (to template into the yaml)

I think there's some better dev UX to tease out here, especially with how the integration tests work into this flow: currently, the integration tests will just read from bottlerocket-update-operator.yaml and apply that to the cluster but there's opportunity here to make this more seamless.

[cbgbt]

This is awesome, nice work @jpmcb! 🚀

[cbgbt]

Whoops, forgot to hit send on these.

[jpmcb]

Force pushed to correct for Cargo.lock merge conflict.

Going to do another round of iteration here based on comments and a few TODO lines left.

[jpmcb]

Force pushed to add the following:

• Snapshot testing of our generated yaml CRDs. This way, if something changes under the hood in our rust CRD definitions, we can have a signal to accept/reject those changes. This mechanism can also be used as an indicator to update the CRD templates in the helm chart.
  • cargo test to run snapshot tests via insta. And cargo insta review to accept new snapshots.
  • make check-crd-golden-diff to compare the rust generated CRD yaml to the helm chart template.
• Remove const declaration of namespace. With the helm chart, removes the requirement that users deploy into the bottlerocket-aws namespace we had hard coded. Now, we infer the current in cluster namespace from configs.
• Update docs based on feedback

---

Integration tests still looking 👍🏼

❯ k get bottlerocketshadows -A
NAMESPACE                 NAME                                                STATE   VERSION   TARGET STATE   TARGET VERSION   CRASH COUNT
brupop-bottlerocket-aws   brs-ip-192-168-142-119.us-west-2.compute.internal   Idle    1.11.1    Idle                            0
brupop-bottlerocket-aws   brs-ip-192-168-144-207.us-west-2.compute.internal   Idle    1.11.1    Idle                            0
brupop-bottlerocket-aws   brs-ip-192-168-156-62.us-west-2.compute.internal    Idle    1.11.1    Idle                            0

[jpmcb]

Force pushed to template a few remaining references to brupop-bottlerocket-aws - getting close!!

[cbgbt]

Looks good! Just a few minor changes that I'd like to see and a few nits that I could take or leave.

[jpmcb]

Force pushed to address merge conflicts - addressing comments next!

[jpmcb]

Force pushed to address above comments

[jpmcb]

Force push to address Sean's comments around infering the namespace throughout. Now, when the various client configs are created, we pass down the namespace into subsequent constructors that require namespaced resources. It didn't make sense to have to create a new client config with each query to namespaced resources. That would be a frequent, costly operation. Instead, we can now access the namespace data member built from new.

[cbgbt]

Super clean! Nice work John! 🚀 🎉

[webern]

About 1/3 coverage from me. A few questions of ignorance on my part. Looks good.

[webern]

If the user can configure the namespace of their choice, how is it that you get that from the kubeconfig?

[jpmcb]

Good question: the config.default_namespace property is the namespace defined by the loaded client config. This is typically the namespace of where the execution is currently happening.

So, in the case of the controller, it reads the in-cluster config and infers that it is in the "bottlerocket-aws" (or whatever the namespace was set during deploy).

This case in the integration tests is abit different in that we aren't inferring a in-cluster client config, we load one explicitly from eksctl. But the principle is the same - it infers the default namespace to deploy some stuff to (and in this case, it is actually "default")

It's abit confusing because the name "default" is overloaded. Most of the time, from the controllers perspective, we are simply attempting to infer what namespace the current context is executing from.

[jpmcb]

Force pushed to rename the insta Rust test file in order to be abit more clear what's happening. The name of this file should now be insta_test__generated_crds.snap which is the <test-filename>__<test-name>.snap

FYI - this will also need a hefty rebase and abit of additonal legwork to get in once the cron PR merges

[nalshamaajc]

I hope this helm chart gets ready soon! 🙏 😄

[lsobowalejc]

Yes! this is definitely a needed feature. Can't wait!

[maxres-ch]

Hi there. Just wanted to check if there's any insight on when this might be merged?

[jpmcb]

Force pushed with large rebase (which included integrating the work for the scheduler cron) and some docs updates. The biggest thing you'll notice is different is the templates now include the scheduler_cron_expression template value.

diff --git a/bottlerocket-update-operator.yaml b/bottlerocket-update-operator.yaml
index cf982ec..a96c65a 100644
--- a/bottlerocket-update-operator.yaml
+++ b/bottlerocket-update-operator.yaml
@@ -711,10 +711,8 @@ spec:
                   fieldPath: spec.nodeName
             - name: MAX_CONCURRENT_UPDATE
               value: "1"
-            - name: UPDATE_WINDOW_START
-              value: "0:0:0"
-            - name: UPDATE_WINDOW_STOP
-              value: "0:0:0"
+            - name: SCHEDULER_CRON_EXPRESSION
+              value: "* * * * * * *"
           image: public.ecr.aws/bottlerocket/bottlerocket-update-operator:v1.0.0
           name: brupop
       priorityClassName: brupop-controller-high-priority

Testing

1. Deployed new nodegroup to a k8s cluster

2. Installed shadow CRD successfully:

$ helm install brupop-crd deploy/charts/bottlerocket-shadow
...

$ kubectl get crds
NAME                                          CREATED AT
bottlerocketshadows.brupop.bottlerocket.aws   2023-06-01T18:24:49Z
...

3. Installed the controller stack:

$ kubectl create namespace brupop-bottlerocket-aws
$ helm install brupop deploy/charts/bottlerocket-update-operator
...

4. Nodes update as expected.

This should be ready to go in now

[gthao313]

Follow the instruction above, it works perfectly on my side! nice work!!!

[stmcginnis]

Overall looks good, and I think it would be great to get this in and available to get more usages/feedback.

[stmcginnis]

Thanks! Looks like the checks might just need a re-run to get by a transient error.

[jpmcb]

Force pushed to rebase on develop which now has fixes for problems caused by #461

[stmcginnis]

Let's gooooo!! 🥳