From d3a2a7c383c4ce65008d93f44238cce5e3594758 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Oliver=20B=C3=A4hler?= Date: Thu, 6 Feb 2025 13:31:17 +0100 Subject: [PATCH] chore(repo): rework makefile and add renovate mangers for pre-commit and makefile binaries MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Oliver Bähler --- .github/configs/lintconf.yaml | 6 +- .github/workflows/check-commit.yml | 9 +- .github/workflows/docker-build.yml | 45 ++++++ .github/workflows/helm-test.yml | 30 +++- .github/workflows/lint.yml | 14 +- .github/workflows/seccomp.yaml | 13 +- .pre-commit-config.yaml | 51 +++---- Makefile | 204 +++++++++++++++------------- README.md | 26 +--- charts/capsule/.helmignore | 1 + charts/capsule/Chart.yaml | 6 +- charts/capsule/README.md | 2 + charts/capsule/README.md.gotmpl | 6 +- charts/capsule/artifacthub-repo.yml | 4 + charts/capsule/values.schema.json | 16 +++ 15 files changed, 267 insertions(+), 166 deletions(-) create mode 100644 .github/workflows/docker-build.yml create mode 100644 charts/capsule/artifacthub-repo.yml diff --git a/.github/configs/lintconf.yaml b/.github/configs/lintconf.yaml index 947c50284..9deeeabea 100644 --- a/.github/configs/lintconf.yaml +++ b/.github/configs/lintconf.yaml @@ -1,6 +1,8 @@ - --- rules: + truthy: + level: warning + check-keys: false braces: min-spaces-inside: 0 max-spaces-inside: 0 @@ -39,5 +41,3 @@ rules: new-lines: type: unix trailing-spaces: enable - truthy: - level: warning diff --git a/.github/workflows/check-commit.yml b/.github/workflows/check-commit.yml index b7fc37ce3..5c8ed7e35 100644 --- a/.github/workflows/check-commit.yml +++ b/.github/workflows/check-commit.yml @@ -3,14 +3,15 @@ permissions: {} on: push: - branches: [ "*" ] + branches: + - "*" pull_request: - branches: [ "*" ] + branches: + - "*" concurrency: group: ${{ github.workflow }}-${{ github.ref }} cancel-in-progress: true - jobs: commit_lint: runs-on: ubuntu-24.04 @@ -19,5 +20,3 @@ jobs: with: fetch-depth: 0 - uses: wagoid/commitlint-github-action@b948419dd99f3fd78a6548d48f94e3df7f6bf3ed # v6.2.1 - with: - firstParent: true diff --git a/.github/workflows/docker-build.yml b/.github/workflows/docker-build.yml new file mode 100644 index 000000000..b70d2c543 --- /dev/null +++ b/.github/workflows/docker-build.yml @@ -0,0 +1,45 @@ +name: Build images +permissions: {} +on: + pull_request: + branches: + - "*" + paths: + - '.github/workflows/docker-*.yml' + - 'api/**' + - 'controllers/**' + - 'pkg/**' + - 'e2e/*' + - '.ko.yaml' + - 'go.*' + - 'main.go' + - 'Makefile' + +jobs: + build-images: + runs-on: ubuntu-latest + permissions: + security-events: write + actions: read + contents: read + steps: + - name: Checkout + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - name: ko build + run: VERSION=${{ github.ref_name }} make ko-build-all + - name: Trivy Scan Image + uses: aquasecurity/trivy-action@18f2510ee396bbf400402947b394f2dd8c87dbb0 # v0.29.0 + with: + scan-type: 'fs' + ignore-unfixed: true + format: 'sarif' + output: 'trivy-results.sarif' + severity: 'CRITICAL,HIGH' + env: + # Trivy is returning TOOMANYREQUESTS + # See: https://github.com/aquasecurity/trivy-action/issues/389#issuecomment-2385416577 + TRIVY_DB_REPOSITORY: 'public.ecr.aws/aquasecurity/trivy-db:2' + - name: Upload Trivy scan results to GitHub Security tab + uses: github/codeql-action/upload-sarif@v3 + with: + sarif_file: 'trivy-results.sarif' diff --git a/.github/workflows/helm-test.yml b/.github/workflows/helm-test.yml index ae7c126ae..f1591bcca 100644 --- a/.github/workflows/helm-test.yml +++ b/.github/workflows/helm-test.yml @@ -3,13 +3,25 @@ permissions: {} on: pull_request: - branches: [ "main" ] + branches: + - "main" concurrency: group: ${{ github.workflow }}-${{ github.ref }} cancel-in-progress: true jobs: + linter-artifacthub: + runs-on: ubuntu-latest + container: + image: artifacthub/ah + options: --user root + steps: + - name: Checkout + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - name: Run ah lint + working-directory: ./charts/ + run: ah lint lint: runs-on: ubuntu-24.04 steps: @@ -31,7 +43,7 @@ jobs: fi - name: Run chart-testing (lint) run: ct lint --debug --config ./.github/configs/ct.yaml --lint-conf ./.github/configs/lintconf.yaml - + - name: Run docs-testing (helm-docs) id: helm-docs run: | @@ -43,7 +55,17 @@ jobs: else echo -e '\033[0;32mDocumentation up to date\033[0m ✔' fi - + - name: Run schema-testing (helm-schema) + id: helm-schema + run: | + make helm-schema + if [[ $(git diff --stat) != '' ]]; then + echo -e '\033[0;31mSchema outdated! (Run make helm-schema locally and commit)\033[0m ❌' + git diff --color + exit 1 + else + echo -e '\033[0;32mSchema up to date\033[0m ✔' + fi - name: Run chart-testing (install) run: HELM_KIND_CONFIG="./hack/kind-cluster.yml" make helm-test - if: steps.list-changed.outputs.changed == 'true' \ No newline at end of file + if: steps.list-changed.outputs.changed == 'true' diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index 943a62ece..dcdad0e29 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -3,15 +3,25 @@ permissions: {} on: push: - branches: [ "*" ] + branches: + - "*" pull_request: - branches: [ "*" ] + branches: + - "*" concurrency: group: ${{ github.workflow }}-${{ github.ref }} cancel-in-progress: true jobs: + yamllint: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - name: Install yamllint + run: pip install yamllint + - name: Lint YAML files + run: yamllint --strict -c=.github/configs/lintconf.yaml golangci: name: lint runs-on: ubuntu-24.04 diff --git a/.github/workflows/seccomp.yaml b/.github/workflows/seccomp.yaml index c4435583e..2498a1125 100644 --- a/.github/workflows/seccomp.yaml +++ b/.github/workflows/seccomp.yaml @@ -3,14 +3,16 @@ permissions: {} on: pull_request: - branches: [ "*" ] + branches: + - "*" paths: - '.github/workflows/e2e.yml' - 'api/**' - 'controllers/**' - 'pkg/**' - 'e2e/*' - - 'Dockerfile' + - '.ko.yaml' + - 'Dockerfile.tracing' - 'go.*' - 'main.go' - 'Makefile' @@ -25,10 +27,8 @@ jobs: strategy: fail-fast: false matrix: - # differently from the e2e workflow - # we don't need all the versions of kubernetes - # to generate the seccomp profile. - k8s-version: [ 'v1.30.0' ] + k8s-version: + - "v1.30.0" runs-on: ubuntu-latest steps: - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 @@ -51,4 +51,3 @@ jobs: with: name: capsule-seccomp path: capsule-seccomp.json - diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 3f347e5b1..4f0a5f413 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -2,9 +2,9 @@ repos: - repo: https://github.com/alessandrojcm/commitlint-pre-commit-hook rev: v9.20.0 hooks: - - id: commitlint - stages: [commit-msg] - additional_dependencies: ['@commitlint/config-conventional', 'commitlint-plugin-function-rules'] + - id: commitlint + stages: [commit-msg] + additional_dependencies: ['@commitlint/config-conventional', 'commitlint-plugin-function-rules'] - repo: https://github.com/pre-commit/pre-commit-hooks rev: v3.2.0 hooks: @@ -13,28 +13,33 @@ repos: - id: double-quote-string-fixer - id: end-of-file-fixer - id: trailing-whitespace +- repo: https://github.com/adrienverge/yamllint + rev: v1.29.0 + hooks: + - id: yamllint + args: [--strict, -c=.github/configs/lintconf.yaml] - repo: local hooks: - - id: run-helm-docs - name: Execute helm-docs - entry: make helm-docs - language: system - files: ^charts/ - - id: run-helm-schema - name: Execute helm-schema - entry: make helm-schema - language: system - files: ^charts/ - - id: run-helm-lint - name: Execute helm-lint - entry: make helm-lint - language: system - files: ^charts/ - - id: golangci-lint - name: Execute golangci-lint - entry: make golint - language: system - files: \.go$ + - id: run-helm-docs + name: Execute helm-docs + entry: make helm-docs + language: system + files: ^charts/ + - id: run-helm-schema + name: Execute helm-schema + entry: make helm-schema + language: system + files: ^charts/ + - id: run-helm-lint + name: Execute helm-lint + entry: make helm-lint + language: system + files: ^charts/ + - id: golangci-lint + name: Execute golangci-lint + entry: make golint + language: system + files: \.go$ - repo: https://github.com/tekwizely/pre-commit-golang rev: v1.0.0-rc.1 hooks: diff --git a/Makefile b/Makefile index 3ad94f3b9..497c9c6a4 100644 --- a/Makefile +++ b/Makefile @@ -68,15 +68,14 @@ generate: controller-gen # Helm SRC_ROOT = $(shell git rev-parse --show-toplevel) -helm-docs: HELMDOCS_VERSION := v1.11.0 -helm-docs: docker - @docker run -v "$(SRC_ROOT):/helm-docs" jnorwood/helm-docs:$(HELMDOCS_VERSION) --chart-search-root /helm-docs +helm-docs: helm-doc + $(HELM_DOCS) --chart-search-root ./charts -helm-lint: docker - @docker run -v "$(SRC_ROOT):/workdir" --entrypoint /bin/sh quay.io/helmpack/chart-testing:$(CT_VERSION) -c "cd /workdir; ct lint --config .github/configs/ct.yaml --lint-conf .github/configs/lintconf.yaml --all --debug" +helm-lint: ct + @$(CT) lint --config .github/configs/ct.yaml --validate-yaml=false --all --debug helm-schema: helm-plugin-schema - cd charts/capsule && $(HELM) schema + cd charts/capsule && $(HELM) schema -output values.schema.json helm-test: HELM_KIND_CONFIG ?= "" helm-test: kind ct ko-build-all @@ -89,9 +88,9 @@ helm-test-exec: kind $(MAKE) docker-build-capsule-trace $(MAKE) e2e-load-image CLUSTER_NAME=capsule-charts IMAGE=$(CAPSULE_IMG) VERSION=latest $(MAKE) e2e-load-image CLUSTER_NAME=capsule-charts IMAGE=$(CAPSULE_IMG) VERSION=tracing - @kubectl create ns capsule-system || true - @kubectl apply --server-side=true -f https://github.com/cert-manager/cert-manager/releases/download/v1.9.1/cert-manager.crds.yaml - @kubectl apply --server-side=true -f https://github.com/prometheus-operator/prometheus-operator/releases/download/v0.58.0/bundle.yaml + @$(KUBECTL) create ns capsule-system || true + @$(KUBECTL) apply --server-side=true -f https://github.com/cert-manager/cert-manager/releases/download/v1.9.1/cert-manager.crds.yaml + @$(KUBECTL) apply --server-side=true -f https://github.com/prometheus-operator/prometheus-operator/releases/download/v0.58.0/bundle.yaml @$(CT) install --config $(SRC_ROOT)/.github/configs/ct.yaml --namespace=capsule-system --all --debug docker: @@ -123,7 +122,6 @@ IP.1 = $(LAPTOP_HOST_IP) endef export TLS_CNF dev-setup: - kubectl -n capsule-system scale deployment capsule-controller-manager --replicas=0 || true mkdir -p /tmp/k8s-webhook-server/serving-certs echo "$${TLS_CNF}" > _tls.cnf openssl req -newkey rsa:4096 -days 3650 -nodes -x509 \ @@ -132,13 +130,13 @@ dev-setup: -config _tls.cnf \ -keyout /tmp/k8s-webhook-server/serving-certs/tls.key \ -out /tmp/k8s-webhook-server/serving-certs/tls.crt - kubectl create secret tls capsule-tls -n capsule-system \ + $(KUBECTL) create secret tls capsule-tls -n capsule-system \ --cert=/tmp/k8s-webhook-server/serving-certs/tls.crt\ --key=/tmp/k8s-webhook-server/serving-certs/tls.key || true rm -f _tls.cnf export WEBHOOK_URL="https://$${LAPTOP_HOST_IP}:9443"; \ export CA_BUNDLE=`openssl base64 -in /tmp/k8s-webhook-server/serving-certs/tls.crt | tr -d '\n'`; \ - helm upgrade \ + $(HELM) upgrade \ --dependency-update \ --debug \ --install \ @@ -151,6 +149,7 @@ dev-setup: --set "webhooks.service.caBundle=$${CA_BUNDLE}" \ capsule \ ./charts/capsule + $(KUBECTL) -n capsule-system scale deployment capsule-controller-manager --replicas=0 || true #################### # -- Docker @@ -209,91 +208,11 @@ ko-publish-capsule: ko-login ## Build and publish kyvernopre image (with ko) .PHONY: ko-publish-all ko-publish-all: ko-publish-capsule - -#################### -# -- Helm Plugins -#################### - -HELM_SCHEMA_VERSION := "" -helm-plugin-schema: - $(HELM) plugin install https://github.com/losisin/helm-values-schema-json.git --version $(HELM_SCHEMA_VERSION) || true - -#################### -# -- Binaries -#################### - -CONTROLLER_GEN := $(shell pwd)/bin/controller-gen -CONTROLLER_GEN_VERSION := v0.16.1 -controller-gen: ## Download controller-gen locally if necessary. - $(call go-install-tool,$(CONTROLLER_GEN),sigs.k8s.io/controller-tools/cmd/controller-gen@$(CONTROLLER_GEN_VERSION)) - -GINKGO := $(shell pwd)/bin/ginkgo -ginkgo: ## Download ginkgo locally if necessary. - $(call go-install-tool,$(GINKGO),github.com/onsi/ginkgo/v2/ginkgo) - -CT := $(shell pwd)/bin/ct -CT_VERSION := v3.10.1 -ct: ## Download ct locally if necessary. - $(call go-install-tool,$(CT),github.com/helm/chart-testing/v3/ct@$(CT_VERSION)) - -KIND := $(shell pwd)/bin/kind -KIND_VERSION := v0.17.0 -kind: ## Download kind locally if necessary. - $(call go-install-tool,$(KIND),sigs.k8s.io/kind/cmd/kind@$(KIND_VERSION)) - -KUSTOMIZE := $(shell pwd)/bin/kustomize -KUSTOMIZE_VERSION := 3.8.7 -kustomize: ## Download kustomize locally if necessary. - $(call install-kustomize,$(KUSTOMIZE),$(KUSTOMIZE_VERSION)) - -KO = $(shell pwd)/bin/ko -KO_VERSION = v0.14.1 -ko: - $(call go-install-tool,$(KO),github.com/google/ko@$(KO_VERSION)) - -HARPOON := $(shell pwd)/bin/harpoon -HARPOON_VERSION := v0.9.4 -harpoon: ## Download harpoon locally if necessary. - @mkdir $(shell pwd)/bin - @curl -s https://raw.githubusercontent.com/alegrey91/harpoon/main/install | \ - sudo bash -s -- --install-version $(HARPOON_VERSION) --install-dir $(shell pwd)/bin - -#################### -# -- Helpers -#################### -pull-upstream: - git remote add upstream https://github.com/capsuleproject/capsule.git - git fetch --all && git pull upstream - -define install-kustomize -@[ -f $(1) ] || { \ -set -e ;\ -echo "Installing v$(2)" ;\ -cd bin ;\ -wget "https://raw.githubusercontent.com/kubernetes-sigs/kustomize/master/hack/install_kustomize.sh" ;\ -bash ./install_kustomize.sh $(2) ;\ -} -endef - -# go-install-tool will 'go install' any package $2 and install it to $1. -PROJECT_DIR := $(shell dirname $(abspath $(lastword $(MAKEFILE_LIST)))) -define go-install-tool -@[ -f $(1) ] || { \ -set -e ;\ -GOBIN=$(PROJECT_DIR)/bin go install $(2) ;\ -} -endef - # Sorting imports .PHONY: goimports goimports: goimports -w -l -local "github.com/projectcapsule/capsule" . -GOLANGCI_LINT = $(shell pwd)/bin/golangci-lint -GOLANGCI_LINT_VERSION = v1.56.2 -golangci-lint: ## Download golangci-lint locally if necessary. - $(call go-install-tool,$(GOLANGCI_LINT),github.com/golangci/golangci-lint/cmd/golangci-lint@$(GOLANGCI_LINT_VERSION)) - # Linting code as PR is expecting .PHONY: golint golint: golangci-lint @@ -310,8 +229,8 @@ e2e-build: kind $(MAKE) e2e-install .PHONY: e2e-install -e2e-install: - helm upgrade \ +e2e-install: e2e-load-image + $(HELM) upgrade \ --dependency-update \ --debug \ --install \ @@ -326,7 +245,7 @@ e2e-install: ./charts/capsule .PHONY: trace-install -trace-install: +trace-install: helm upgrade \ --dependency-update \ --debug \ @@ -349,7 +268,7 @@ trace-e2e: kind $(MAKE) e2e-exec $(KIND) delete cluster --name capsule-tracing -.PHONY: trace-unit +.PHONY: trace-unit trace-unit: harpoon $(HARPOON) analyze -e .git/ -e assets/ -e charts/ -e config/ -e docs/ -e e2e/ -e hack/ --directory /tmp/artifacts/ --save $(HARPOON) hunt -D /tmp/results -F harpoon-report.yml --include-cmd-stdout --save @@ -359,7 +278,6 @@ seccomp: $(HARPOON) build --add-syscall-sets=dynamic,docker -D /tmp/results --name capsule-seccomp.json --save .PHONY: e2e-load-image -e2e-load-image: LOAD_IMAGE ?= $(IMAGE):$(VERSION) e2e-load-image: kind ko-build-all $(KIND) load docker-image $(IMAGE):$(VERSION) --name $(CLUSTER_NAME) @@ -374,3 +292,95 @@ e2e-destroy: kind SPELL_CHECKER = npx spellchecker-cli docs-lint: cd docs/content && $(SPELL_CHECKER) -f "*.md" "*/*.md" "!general/crds-apis.md" -d dictionary.txt + +#################### +# -- Helpers +#################### +pull-upstream: + git remote add upstream https://github.com/capsuleproject/capsule.git + git fetch --all && git pull upstream + +## Location to install dependencies to +LOCALBIN ?= $(shell pwd)/bin +$(LOCALBIN): + mkdir -p $(LOCALBIN) + +#################### +# -- Helm Plugins +#################### + +HELM_SCHEMA_VERSION := "" +helm-plugin-schema: + @$(HELM) plugin install https://github.com/losisin/helm-values-schema-json.git --version $(HELM_SCHEMA_VERSION) || true + +HELM_DOCS := $(LOCALBIN)/helm-docs +HELM_DOCS_VERSION := v1.14.1 +HELM_DOCS_LOOKUP := norwoodj/helm-docs +helm-doc: + @test -s $(HELM_DOCS) || \ + $(call go-install-tool,$(HELM_DOCS),github.com/$(HELM_DOCS_LOOKUP)/cmd/helm-docs@$(HELM_DOCS_VERSION)) + +#################### +# -- Tools +#################### +CONTROLLER_GEN := $(LOCALBIN)/controller-gen +CONTROLLER_GEN_VERSION := v0.16.3 +CONTROLLER_GEN_LOOKUP := kubernetes-sigs/controller-tools +controller-gen: + @test -s $(CONTROLLER_GEN) && $(CONTROLLER_GEN) --version | grep -q $(CONTROLLER_GEN_VERSION) || \ + $(call go-install-tool,$(CONTROLLER_GEN),sigs.k8s.io/controller-tools/cmd/controller-gen@$(CONTROLLER_GEN_VERSION)) + +GINKGO := $(LOCALBIN)/ginkgo +ginkgo: + $(call go-install-tool,$(GINKGO),github.com/onsi/ginkgo/v2/ginkgo) + +CT := $(LOCALBIN)/ct +CT_VERSION := v3.11.0 +CT_LOOKUP := helm/chart-testing +ct: + @test -s $(CT) && $(CT) version | grep -q $(CT_VERSION) || \ + $(call go-install-tool,$(CT),github.com/$(CT_LOOKUP)/v3/ct@$(CT_VERSION)) + +KIND := $(LOCALBIN)/kind +KIND_VERSION := v0.17.0 +KIND_LOOKUP := kubernetes-sigs/kind +kind: + @test -s $(KIND) && $(KIND) --version | grep -q $(KIND_VERSION) || \ + $(call go-install-tool,$(KIND),sigs.k8s.io/kind/cmd/kind@$(KIND_VERSION)) + +KO := $(LOCALBIN)/ko +KO_VERSION := v0.14.1 +KO_LOOKUP := google/ko +ko: + @test -s $(KO) && $(KO) -h | grep -q $(KO_VERSION) || \ + $(call go-install-tool,$(KO),github.com/$(KO_LOOKUP)@$(KO_VERSION)) + +GOLANGCI_LINT := $(LOCALBIN)/golangci-lint +GOLANGCI_LINT_VERSION := v1.63.4 +GOLANGCI_LINT_LOOKUP := golangci/golangci-lint +golangci-lint: ## Download golangci-lint locally if necessary. + @test -s $(GOLANGCI_LINT) && $(GOLANGCI_LINT) -h | grep -q $(GOLANGCI_LINT_VERSION) || \ + $(call go-install-tool,$(GOLANGCI_LINT),github.com/$(GOLANGCI_LINT_LOOKUP)/cmd/golangci-lint@$(GOLANGCI_LINT_VERSION)) + +APIDOCS_GEN := $(LOCALBIN)/crdoc +APIDOCS_GEN_VERSION := v0.6.2 +APIDOCS_GEN_LOOKUP := fybrik/crdoc +apidocs-gen: ## Download crdoc locally if necessary. + @test -s $(APIDOCS_GEN) && $(APIDOCS_GEN) --version | grep -q $(APIDOCS_GEN_VERSION) || \ + $(call go-install-tool,$(APIDOCS_GEN),fybrik.io/crdoc@$(APIDOCS_GEN_VERSION)) + +HARPOON := $(LOCALBIN)/harpoon +HARPOON_VERSION := v0.9.4 +HARPOON_LOOKUP := alegrey91/harpoon +harpoon: + @curl -s https://raw.githubusercontent.com/alegrey91/harpoon/main/install | \ + sudo bash -s -- --install-version $(HARPOON_VERSION) --install-dir $(LOCALBIN) + +# go-install-tool will 'go install' any package $2 and install it to $1. +PROJECT_DIR := $(shell dirname $(abspath $(lastword $(MAKEFILE_LIST)))) +define go-install-tool +[ -f $(1) ] || { \ + set -e ;\ + GOBIN=$(LOCALBIN) go install $(2) ;\ +} +endef diff --git a/README.md b/README.md index 7206edbab..3ceb93565 100644 --- a/README.md +++ b/README.md @@ -82,24 +82,6 @@ Please, check the project [documentation](https://projectcapsule.dev) for the co Capsule is Open Source with Apache 2 license and any contribution is welcome. -## Chart Development - -### Chart Linting - -The chart is linted with [ct](https://github.com/helm/chart-testing). You can run the linter locally with this command: - -``` -make helm-lint -``` - -### Chart Documentation - -The documentation for each chart is done with [helm-docs](https://github.com/norwoodj/helm-docs). This way we can ensure that values are consistent with the chart documentation. Run this anytime you make changes to a `values.yaml` file: - -``` -make helm-docs -``` - ## Community meeting Join the community, share and learn from it. You can find all the resources to how to contribute code and docs, connect with people in the [community repository](https://github.com/projectcapsule/capsule-community). @@ -118,6 +100,12 @@ You can find how the Capsule project is governed [here](https://projectcapsule.d Please, refer to the maintainers file available [here](.github/maintainers.yaml). +## CLOMonitor + +CLOMonitor is a tool that periodically checks open source projects repositories to verify they meet certain project health best practices. + +[![CloMonitor report summary](https://clomonitor.io/api/projects/cncf/capsule/report-summary?theme=light)](https://clomonitor.io/projects/cncf/capsule) + ### Changelog Read how we log changes [here](CHANGELOG.md) @@ -142,4 +130,4 @@ All OCI release artifacts include a Software Bill of Materials (SBOM) in Cyclone - Q. Do you provide commercial support? - A. Yes, we're available to help and provide commercial support. [Clastix](https://clastix.io) is the company behind Capsule. Please, contact us for a quote. + A. Yes, we're available to help and provide commercial support. [Clastix](https://clastix.io) is the company behind Capsule. Please, contact us for a quote. diff --git a/charts/capsule/.helmignore b/charts/capsule/.helmignore index ced94a2f2..39045fab2 100644 --- a/charts/capsule/.helmignore +++ b/charts/capsule/.helmignore @@ -22,3 +22,4 @@ *.tmproj .vscode/ README.md.gotmpl +artifacthub-repo.yml diff --git a/charts/capsule/Chart.yaml b/charts/capsule/Chart.yaml index 81964a60e..86b8d4a2d 100644 --- a/charts/capsule/Chart.yaml +++ b/charts/capsule/Chart.yaml @@ -40,7 +40,5 @@ annotations: - name: Documentation url: https://projectcapsule.dev/ artifacthub.io/changes: | - - kind: fixed - description: added scope for mutating webhook configurations - - kind: changed - description: moved job configuration from jobs to global.jobs.kubectl + - kind: added + description: oci chart reference diff --git a/charts/capsule/README.md b/charts/capsule/README.md index 50f743fa0..5a9a2d330 100644 --- a/charts/capsule/README.md +++ b/charts/capsule/README.md @@ -35,6 +35,8 @@ The following Values have changed key or Value: ## Installation +**When using OCI we recommend our dedicated [OCI Repository](https://artifacthub.io/packages/helm/capsule/capsule) for this chart** + The Capsule Operator requires it's CRDs to be installed before the operator itself. Since the Helm CRD lifecycle has limitations, we recommend to install the CRDs separately. Our chart supports the installation of crds via a dedicated Release. The Capsule Operator Chart can be used to instantly deploy the Capsule Operator on your Kubernetes cluster. diff --git a/charts/capsule/README.md.gotmpl b/charts/capsule/README.md.gotmpl index e6d3849e8..e3b46784c 100644 --- a/charts/capsule/README.md.gotmpl +++ b/charts/capsule/README.md.gotmpl @@ -16,7 +16,7 @@ Use the Capsule Operator for easily implementing, managing, and maintaining mult * A [`kubeconfig`](https://kubernetes.io/docs/concepts/configuration/organize-cluster-access-kubeconfig/) file accessing the Kubernetes cluster with cluster admin permissions. -## Major Changes +## Major Changes In the following sections you see actions which are required when you are upgrading to a specific version. @@ -25,7 +25,7 @@ In the following sections you see actions which are required when you are upgrad Introduces a new methode to manage all capsule CRDs and their lifecycle. We are no longer relying on the [native CRD hook with the Helm Chart](https://helm.sh/docs/chart_best_practices/custom_resource_definitions/#some-caveats-and-explanations). The hook only allows to manage CRDs on install and uninstall but we can't deliver updates to the CRDs. When you newly install the chart we recommend to set `crds.install` to `true`. This will manage the CRDs with the Helm Chart. This behavior is the new default. -#### Changed Values +#### Changed Values The following Values have changed key or Value: @@ -36,6 +36,8 @@ The following Values have changed key or Value: ## Installation +**When using OCI we recommend our dedicated [OCI Repository](https://artifacthub.io/packages/helm/capsule/capsule) for this chart** + The Capsule Operator requires it's CRDs to be installed before the operator itself. Since the Helm CRD lifecycle has limitations, we recommend to install the CRDs separately. Our chart supports the installation of crds via a dedicated Release. The Capsule Operator Chart can be used to instantly deploy the Capsule Operator on your Kubernetes cluster. diff --git a/charts/capsule/artifacthub-repo.yml b/charts/capsule/artifacthub-repo.yml new file mode 100644 index 000000000..3e059d2e4 --- /dev/null +++ b/charts/capsule/artifacthub-repo.yml @@ -0,0 +1,4 @@ +repositoryID: 783775bb-96c2-4915-8c7d-ba4a1118323c +owners: + - name: capsule-maintainers + email: cncf-capsule-maintainers@lists.cncf.io diff --git a/charts/capsule/values.schema.json b/charts/capsule/values.schema.json index c8dbddda8..252236b3a 100644 --- a/charts/capsule/values.schema.json +++ b/charts/capsule/values.schema.json @@ -171,6 +171,9 @@ "hostNetwork": { "type": "boolean" }, + "hostPID": { + "type": "boolean" + }, "image": { "properties": { "pullPolicy": { @@ -312,6 +315,16 @@ }, "type": "object" }, + "securityContext": { + "properties": {}, + "type": "object" + }, + "volumeMounts": { + "type": "array" + }, + "volumes": { + "type": "array" + }, "webhookPort": { "type": "integer" } @@ -348,6 +361,9 @@ }, "type": "object" }, + "ports": { + "type": "array" + }, "priorityClassName": { "type": "string" },