UPSTREAM: <carry>: Use Helm charts for openshift manifests

Signed-off-by: Todd Short <[email protected]>

Author: tmshort

openshift/.bingo/Variables.mk

@@ -29,6 +29,12 @@ $(GOLANGCI_LINT): $(BINGO_DIR)/golangci-lint.mod
 	@echo "(re)installing $(GOBIN)/golangci-lint-v2.1.6"
 	@cd $(BINGO_DIR) && GOWORK=off $(GO) build -mod=mod -modfile=golangci-lint.mod -o=$(GOBIN)/golangci-lint-v2.1.6 "github.com/golangci/golangci-lint/v2/cmd/golangci-lint"
 
+HELM := $(GOBIN)/helm-v3.18.4
+$(HELM): $(BINGO_DIR)/helm.mod
+	@# Install binary/ries using Go 1.14+ build command. This is using bwplotka/bingo-controlled, separate go module with pinned dependencies.
+	@echo "(re)installing $(GOBIN)/helm-v3.18.4"
+	@cd $(BINGO_DIR) && GOWORK=off $(GO) build -mod=mod -modfile=helm.mod -o=$(GOBIN)/helm-v3.18.4 "helm.sh/helm/v3/cmd/helm"
+
 KUSTOMIZE := $(GOBIN)/kustomize-v5.0.1
 $(KUSTOMIZE): $(BINGO_DIR)/kustomize.mod
 	@# Install binary/ries using Go 1.14+ build command. This is using bwplotka/bingo-controlled, separate go module with pinned dependencies.

openshift/.bingo/helm.mod

@@ -0,0 +1,5 @@
+module _ // Auto generated by https://github.com/bwplotka/bingo. DO NOT EDIT
+
+go 1.24.3
+
+require helm.sh/helm/v3 v3.18.4 // cmd/helm

openshift/.bingo/helm.sum

@@ -12,6 +12,8 @@ GO_BINDATA="${GOBIN}/go-bindata-v3.1.2+incompatible"
 
 GOLANGCI_LINT="${GOBIN}/golangci-lint-v2.1.6"
 
+HELM="${GOBIN}/helm-v3.18.4"
+
 KUSTOMIZE="${GOBIN}/kustomize-v5.0.1"
 
 YQ="${GOBIN}/yq-v4.34.2"

openshift/.bingo/variables.env

@@ -24,16 +24,14 @@ verify: ## Run downstream-specific verify
 	git diff --exit-code
 
 .PHONY: manifests
-manifests: $(KUSTOMIZE) $(YQ)
-	$(DIR)/operator-controller/generate-manifests.sh
-	$(DIR)/catalogd/generate-manifests.sh
+manifests: $(YQ) $(HELM)
+	$(DIR)/helm/generate-manifests.sh
 	# Make a single file of each manifest for comparison purposes
 	cat $(DIR)/operator-controller/manifests/*.yml > $(DIR)/operator-controller/manifests.yaml
 	cat $(DIR)/operator-controller/manifests-experimental/*.yml > $(DIR)/operator-controller/manifests-experimental.yaml
 	cat $(DIR)/catalogd/manifests/*.yml > $(DIR)/catalogd/manifests.yaml
 	cat $(DIR)/catalogd/manifests-experimental/*.yml > $(DIR)/catalogd/manifests-experimental.yaml
 
-
 .PHONY: verify-manifests
 verify-manifests: manifests
 	git diff --exit-code

openshift/Makefile

@@ -12,6 +12,9 @@ COPY --from=builder /build/bin/catalogd /catalogd
 COPY openshift/catalogd/cp-manifests /cp-manifests
 COPY openshift/catalogd/manifests /openshift/manifests
 COPY openshift/catalogd/manifests-experimental /openshift/manifests-experimental
+COPY helm/olmv1 /openshift/helm/olmv1
+COPY openshift/helm/experimental.yaml /openshift/helm
+COPY openshift/helm/catalogd.yaml /openshift/helm/openshift.yaml
 
 LABEL io.k8s.display-name="OpenShift Operator Lifecycle Manager Catalog Controller" \
       io.k8s.description="This is a component of OpenShift Container Platform that provides operator catalog support."

openshift/catalogd.Dockerfile

@@ -17,3 +17,8 @@ if [ -d /openshift/manifests-experimental ]; then
     cp -a /openshift/manifests-experimental "${DEST}/experimental/catalogd"
 fi
 
+if [ -d /openshift/helm ]; then
+    mkdir -p "${DEST}/helm/catalogd"
+    cp -a /openshift/helm "${DEST}/helm/catalogd"
+fi
+

openshift/catalogd/cp-manifests

@@ -0,0 +1,44 @@
+# Default values for OLMv1.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+
+# List of components to include
+options:
+  catalogd:
+    enabled: true
+    deployment:
+      image: ${CATALOGD_IMAGE}
+  operatorController:
+    enabled: false
+  openshift:
+    enabled: true
+
+# The set of namespaces
+namespaces:
+  olmv1:
+    name: openshift-catalogd
+
+# Deployment values for catalogd
+deployments:
+  templateSpec:
+    priorityClassName: system-cluster-critical
+    securityContext:
+      seLinuxOptions:
+        type: spc_t
+    nodeSelector:
+      node-role.kubernetes.io/master: ""
+    tolerations:
+      - effect: NoSchedule
+        key: node-role.kubernetes.io/control-plane
+        operator: Exists
+      - effect: NoSchedule
+        key: node-role.kubernetes.io/master
+        operator: Exists
+      - effect: NoExecute
+        key: node.kubernetes.io/unreachable
+        operator: Exists
+        tolerationSeconds: 120
+      - effect: NoExecute
+        key: node.kubernetes.io/not-ready
+        operator: Exists
+        tolerationSeconds: 120

openshift/helm/catalogd.yaml

@@ -0,0 +1,25 @@
+# experimental values for OLMv1.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+
+# List of enabled experimental features for operator-controller
+# Use with {{- if has "FeatureGate" .Value.operatorControllerFeatures }}
+# to pull in resources or additions
+operatorControllerFeatures:
+  - WebhookProviderOpenshiftServiceCA
+  - SingleOwnNamespaceInstallSupport
+  - PreflightPermissions
+
+# Not yet supported
+#  - HelmChartSupport
+#  - BoxcutterRuntime
+
+# List of enabled experimental features for catalogd
+# Use with {{- if has "FeatureGate" .Value.catalogdFeatures }}
+# to pull in resources or additions
+catalogdFeatures:
+  - APIV1MetasHandler
+
+# This can be one of: standard or experimental
+options:
+  featureSet: experimental

openshift/helm/experimental.yaml

@@ -0,0 +1,110 @@
+#!/usr/bin/env bash
+
+set -o errexit
+set -o nounset
+set -o pipefail
+
+##################################################
+# You shouldn't need to change anything below here
+##################################################
+
+# Know where the repo root is so we can reference things relative to it
+REPO_ROOT="$(cd "$(dirname "${BASH_SOURCE[0]}")/../.." && pwd)"
+
+# Source bingo so we can use kustomize and yq
+. "${REPO_ROOT}/openshift/.bingo/variables.env"
+
+# This function generates the manifests
+generate () {
+    values=()
+    OUTPUT_DIR=""
+    local OPTIND
+    while getopts "v:o:n:c:i:" arg; do
+          case ${arg} in
+              v)
+                  values+=(${OPTARG})
+                  ;;
+              o)
+                  OUTPUT_DIR=${OPTARG}
+                  ;;
+              *)
+                  echo "bad argument ${arg}"
+                  exit 1
+                  ;;
+          esac
+    done
+
+    DOWNSTREAM="${REPO_ROOT}/openshift/helm"
+
+    VALUES=""
+    for i in "${values[@]}"; do
+        VALUES="${VALUES} --values ${DOWNSTREAM}/${i}"
+    done
+
+    # We're going to do file manipulation, so let's work in a temp dir
+    TMP_ROOT="$(mktemp -p . -d 2>/dev/null || mktemp -d ./tmpdir.XXXXXXX)"
+    # Make sure to delete the temp dir when we exit
+    trap 'rm -rf $TMP_ROOT' EXIT
+
+    # Copy upstream chart to temp
+    cp -a "${REPO_ROOT}/helm" "${TMP_ROOT}/helm"
+
+    # Create a temp dir for manifests
+    TMP_MANIFEST_DIR="${TMP_ROOT}/manifests"
+    mkdir -p "$TMP_MANIFEST_DIR"
+
+    # Run helm template, which emits a single yaml file
+    TMP_HELM_OUTPUT="${TMP_MANIFEST_DIR}/temp.yaml"
+    ${HELM} template olmv1 "${TMP_ROOT}/helm/olmv1" ${VALUES} > "${TMP_HELM_OUTPUT}"
+
+    # Use yq to split the single yaml file into 1 per document.
+    # Naming convention: $index-$kind-$namespace-$name. If $namespace is empty, just use the empty string.
+    (
+        cd "$TMP_MANIFEST_DIR"
+
+        # shellcheck disable=SC2016
+        ${YQ} -s '$index +"-"+ (.kind|downcase) +"-"+ (.metadata.namespace // "") +"-"+ .metadata.name' temp.yaml
+    )
+
+    # Delete the single yaml file
+    rm "${TMP_HELM_OUTPUT}"
+
+    # Delete and recreate the actual manifests directory
+    MANIFEST_DIR="${REPO_ROOT}/openshift/${OUTPUT_DIR}"
+    rm -rf "${MANIFEST_DIR}"
+    mkdir -p "${MANIFEST_DIR}"
+
+    # Copy everything we just generated and split into the actual manifests directory
+    cp "$TMP_MANIFEST_DIR"/* "$MANIFEST_DIR"/
+
+    # Update file names to be in the format nn-$kind-$namespace-$name
+    (
+        cd "$MANIFEST_DIR"
+
+        for f in *; do
+            # Get the numeric prefix from the filename
+            index=$(echo "$f" | cut -d '-' -f 1)
+            # Keep track of the full file name without the leading number and dash
+            name_without_index=${f#$index-}
+            # Fix the double dash in cluster-scoped names
+            name_without_index=${name_without_index//--/-}
+            # Reformat the name so the leading number is always padded to 2 digits
+            new_name=$(printf "%02d" "$index")-$name_without_index
+            # Some file names (namely CRDs) don't end in .yml - make them
+            if ! [[ "$new_name" =~ yml$ ]]; then
+                new_name="${new_name}".yml
+            fi
+            if [[ "$f" != "$new_name" ]]; then
+                # Rename
+                mv "$f" "${new_name}"
+            fi
+        done
+    )
+    rm -rf "$TMP_ROOT"
+}
+
+#Generate the manifests
+generate -v operator-controller.yaml -o operator-controller/manifests
+generate -v operator-controller.yaml -v experimental.yaml -o operator-controller/manifests-experimental
+generate -v catalogd.yaml -o catalogd/manifests
+generate -v catalogd.yaml -v experimental.yaml -o catalogd/manifests-experimental