Merge pull request #7069 from inteon/enable_helm_jsonschema

Enable Helm values.yaml jsonschema validation
2024-06-10 10:52:59 +00:00 · 2024-06-10 10:52:59 +00:00 · f74031fcf5
commit f74031fcf5
parent e85a8e3a29 ad09af884a
8 changed files with 2167 additions and 5 deletions
--- a/deploy/charts/cert-manager/README.template.md
+++ b/deploy/charts/cert-manager/README.template.md
@ -292,6 +292,14 @@ Override the namespace used to store DNS provider credentials etc. for ClusterIs
 > ```

 This namespace allows you to define where the services are installed into. If not set then they use the namespace of the release. This is helpful when installing cert manager as a chart dependency (sub chart).
+#### **fullnameOverride** ~ `string`
+
+Override the "cert-manager.fullname" value. This value is used as part of most of the names of the resources created by this Helm chart.
+
+#### **nameOverride** ~ `string`
+
+Override the "cert-manager.name" value, which is used to annotate some of the resources that are created by this Chart (using "app.kubernetes.io/name"). NOTE: There are some inconsitencies in the Helm chart when it comes to these annotations (some resources use eg. "cainjector.name" which resolves to the value "cainjector").
+
 #### **serviceAccount.create** ~ `bool`
 > Default value:
 > ```yaml
@ -661,6 +669,10 @@ resources. Additionally, a service is created which can be used together with yo
 > ```

 Create a ServiceMonitor to add cert-manager to Prometheus.
+#### **prometheus.servicemonitor.namespace** ~ `string`
+
+The namespace that the service monitor should live in, defaults to the cert-manager namespace.
+
 #### **prometheus.servicemonitor.prometheusInstance** ~ `string`
 > Default value:
 > ```yaml
@ -745,6 +757,10 @@ endpointAdditionalProperties:
 > ```

 Create a PodMonitor to add cert-manager to Prometheus.
+#### **prometheus.podmonitor.namespace** ~ `string`
+
+The namespace that the pod monitor should live in, defaults to the cert-manager namespace.
+
 #### **prometheus.podmonitor.prometheusInstance** ~ `string`
 > Default value:
 > ```yaml
@ -1845,7 +1861,7 @@ extraObjects:
    apiVersion: v1
    kind: ConfigMap
    metadata:
-      name: '{{ template "cert-manager.name" . }}-extra-configmap'
+      name: '{{ template "cert-manager.fullname" . }}-extra-configmap'
 ```

 <!-- /AUTO-GENERATED -->
--- a/deploy/charts/cert-manager/templates/_helpers.tpl
+++ b/deploy/charts/cert-manager/templates/_helpers.tpl
@ -152,7 +152,7 @@ Labels that should be added on each resource
 */}}
 {{- define "labels" -}}
 app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
-{{- if eq (default "helm" .Values.creator) "helm" }}
+{{- if eq .Values.creator "helm" }}
 app.kubernetes.io/managed-by: {{ .Release.Service }}
 helm.sh/chart: {{ include "chartName" . }}
 {{- end -}}
--- a/deploy/charts/cert-manager/templates/podmonitor.yaml
+++ b/deploy/charts/cert-manager/templates/podmonitor.yaml
@ -44,7 +44,7 @@ spec:
      interval: {{ .Values.prometheus.podmonitor.interval }}
      scrapeTimeout: {{ .Values.prometheus.podmonitor.scrapeTimeout }}
      honorLabels: {{ .Values.prometheus.podmonitor.honorLabels }}
-      {{- with .Values.prometheus.servicemonitor.endpointAdditionalProperties }}
+      {{- with .Values.prometheus.podmonitor.endpointAdditionalProperties }}
      {{- toYaml . | nindent 4 }}
      {{- end }}
 {{- end }}
--- a/deploy/charts/cert-manager/values.linter.exceptions
+++ b/deploy/charts/cert-manager/values.linter.exceptions
@ -0,0 +1,3 @@
+value missing from templates: crds.enabled
+value missing from templates: crds.keep
+value missing from templates: acmesolver.image.pullPolicy
--- a/deploy/charts/cert-manager/values.schema.json
+++ b/deploy/charts/cert-manager/values.schema.json
--- a/deploy/charts/cert-manager/values.yaml
+++ b/deploy/charts/cert-manager/values.yaml
@ -166,6 +166,19 @@ clusterResourceNamespace: ""
 # This is helpful when installing cert manager as a chart dependency (sub chart).
 namespace: ""

+# Override the "cert-manager.fullname" value. This value is used as part of
+# most of the names of the resources created by this Helm chart.
+# +docs:property
+# fullnameOverride: "my-cert-manager"
+
+# Override the "cert-manager.name" value, which is used to annotate some of
+# the resources that are created by this Chart (using "app.kubernetes.io/name").
+# NOTE: There are some inconsitencies in the Helm chart when it comes to
+# these annotations (some resources use eg. "cainjector.name" which resolves
+# to the value "cainjector").
+# +docs:property
+# nameOverride: "my-cert-manager"
+
 serviceAccount:
  # Specifies whether a service account should be created.
  create: true
@ -479,6 +492,11 @@ prometheus:
    # Create a ServiceMonitor to add cert-manager to Prometheus.
    enabled: false

+    # The namespace that the service monitor should live in, defaults
+    # to the cert-manager namespace.
+    # +docs:property
+    # namespace: cert-manager
+
    # Specifies the `prometheus` label on the created ServiceMonitor. This is
    # used when different Prometheus instances have label selectors matching
    # different ServiceMonitors.
@ -525,6 +543,11 @@ prometheus:
    # Create a PodMonitor to add cert-manager to Prometheus.
    enabled: false

+    # The namespace that the pod monitor should live in, defaults
+    # to the cert-manager namespace.
+    # +docs:property
+    # namespace: cert-manager
+
    # Specifies the `prometheus` label on the created PodMonitor. This is
    # used when different Prometheus instances have label selectors matching
    # different PodMonitors.
@ -1345,5 +1368,11 @@ startupapicheck:
 #     apiVersion: v1
 #     kind: ConfigMap
 #     metadata:
-#       name: '{{ template "cert-manager.name" . }}-extra-configmap'
+#       name: '{{ template "cert-manager.fullname" . }}-extra-configmap'
 extraObjects: []
+
+# Field used by our release pipeline to produce the static manifests.
+# The field defaults to "helm" but is set to "static" when we render
+# the static YAML manifests.
+# +docs:hidden
+creator: "helm"
--- a/make/ci.mk
+++ b/make/ci.mk
@ -67,6 +67,22 @@ generate-helm-docs: deploy/charts/cert-manager/README.template.md deploy/charts/

 shared_generate_targets += generate-helm-docs

+.PHONY: generate-helm-schema
+## Generate Helm chart schema.
+## @category [shared] Generate/ Verify
+generate-helm-schema: | $(NEEDS_HELM-TOOL) $(NEEDS_GOJQ)
+	$(HELM-TOOL) schema -i deploy/charts/cert-manager/values.yaml | $(GOJQ) > deploy/charts/cert-manager/values.schema.json
+
+shared_generate_targets += generate-helm-schema
+
+.PHONY: verify-helm-values
+## Verify Helm chart values using helm-tool.
+## @category [shared] Generate/ Verify
+verify-helm-values: | $(NEEDS_HELM-TOOL) $(NEEDS_GOJQ)
+	$(HELM-TOOL) lint -i deploy/charts/cert-manager/values.yaml -d deploy/charts/cert-manager/templates -e deploy/charts/cert-manager/values.linter.exceptions
+
+shared_verify_targets += verify-helm-values
+
 .PHONY: ci-presubmit
 ## Run all checks (but not Go tests) which should pass before any given pull
 ## request or change is merged.
--- a/make/manifests.mk
+++ b/make/manifests.mk
@ -86,7 +86,7 @@ $(bin_dir)/metadata/cert-manager-manifests.tar.gz.metadata.json: $(bin_dir)/rele

 # These targets provide for building and signing the cert-manager helm chart.

-$(bin_dir)/cert-manager-$(VERSION).tgz: $(bin_dir)/helm/cert-manager/README.md $(bin_dir)/helm/cert-manager/Chart.yaml $(bin_dir)/helm/cert-manager/values.yaml $(HELM_TEMPLATE_TARGETS) $(bin_dir)/helm/cert-manager/templates/NOTES.txt $(bin_dir)/helm/cert-manager/templates/_helpers.tpl $(bin_dir)/helm/cert-manager/templates/crds.yaml | $(NEEDS_HELM) $(bin_dir)/helm/cert-manager
+$(bin_dir)/cert-manager-$(VERSION).tgz: $(bin_dir)/helm/cert-manager/README.md $(bin_dir)/helm/cert-manager/Chart.yaml $(bin_dir)/helm/cert-manager/values.yaml $(bin_dir)/helm/cert-manager/values.schema.json $(HELM_TEMPLATE_TARGETS) $(bin_dir)/helm/cert-manager/templates/NOTES.txt $(bin_dir)/helm/cert-manager/templates/_helpers.tpl $(bin_dir)/helm/cert-manager/templates/crds.yaml | $(NEEDS_HELM) $(bin_dir)/helm/cert-manager
 	$(HELM) package --app-version=$(VERSION) --version=$(VERSION) --destination "$(dir $@)" ./$(bin_dir)/helm/cert-manager

 $(bin_dir)/cert-manager-$(VERSION).tgz.prov: $(bin_dir)/cert-manager-$(VERSION).tgz | $(NEEDS_CMREL) $(bin_dir)/helm/cert-manager
@ -110,6 +110,9 @@ $(bin_dir)/helm/cert-manager/templates/crds.yaml: $(CRDS_SOURCES) | $(bin_dir)/h
 $(bin_dir)/helm/cert-manager/values.yaml: deploy/charts/cert-manager/values.yaml | $(bin_dir)/helm/cert-manager
 	cp $< $@

+$(bin_dir)/helm/cert-manager/values.schema.json: deploy/charts/cert-manager/values.schema.json | $(bin_dir)/helm/cert-manager
+	cp $< $@
+
 $(bin_dir)/helm/cert-manager/README.md: deploy/charts/cert-manager/README.template.md | $(bin_dir)/helm/cert-manager
 	sed -e "s:{{RELEASE_VERSION}}:$(VERSION):g" < $< > $@