feat: Helm Charts created (#1042)

* initial commit for the helm charts

* Update helm/netobserv/templates/clusterRole.yaml

Co-authored-by: Joel Takvorian <[email protected]>

* Update helm/netobserv/templates/deployment.yaml

Co-authored-by: Joel Takvorian <[email protected]>

* Update helm/netobserv/templates/deployment.yaml

Co-authored-by: Joel Takvorian <[email protected]>

* Update helm/netobserv/templates/deployment.yaml

Co-authored-by: Joel Takvorian <[email protected]>

* Update helm/netobserv/templates/flows.netobserv.io_flowmetrics.yaml

Co-authored-by: Joel Takvorian <[email protected]>

* Update helm/netobserv/templates/role.yaml

Co-authored-by: Joel Takvorian <[email protected]>

* Update helm/netobserv/Chart.yaml

Co-authored-by: Joel Takvorian <[email protected]>

* Update helm/netobserv/Chart.yaml

Co-authored-by: Joel Takvorian <[email protected]>

* Partially revert last commit, add certificate

* Reintroduce rbac + service account

* Allow configuring a custom certificate issuer instead of self-signed

---------

Co-authored-by: Joel Takvorian <[email protected]>
Co-authored-by: Joel Takvorian <[email protected]>

helm/netobserv/Chart.yaml

@@ -0,0 +1,24 @@
+apiVersion: v2
+name: Netobserv
+description: A Helm chart to install Network Observability Operator on k8s
+
+# A chart can be either an 'application' or a 'library' chart.
+#
+# Application charts are a collection of templates that can be packaged into versioned archives
+# to be deployed.
+#
+# Library charts provide useful utilities or functions for the chart developer. They're included as
+# a dependency of application charts to inject those utilities and functions into the rendering
+# pipeline. Library charts do not define any templates and therefore cannot be deployed.
+type: application
+
+# This is the chart version. This version number should be incremented each time you make changes
+# to the chart and its templates, including the app version.
+# Versions are expected to follow Semantic Versioning (https://semver.org/)
+version: 0.0.1
+
+# This is the version number of the application being deployed. This version number should be
+# incremented each time you make changes to the application. Versions are not expected to
+# follow Semantic Versioning. They should reflect the version the application is using.
+# It is recommended to use it with quotes.
+appVersion: "1.6.2-community"

helm/netobserv/templates/certificate.yaml

@@ -0,0 +1,28 @@
+# The following manifests contain a certificate CR and possibly a self-signed issuer.
+# More document can be found at https://docs.cert-manager.io
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: serving-cert
+spec:
+  secretName: webhook-server-cert
+  dnsNames:
+  - netobserv-webhook-service.{{ .Release.Namespace }}.svc
+  - netobserv-webhook-service.{{ .Release.Namespace }}.svc.cluster.local
+{{ if .Values.certManager.existingIssuer.name }}
+  issuerRef:
+    kind: {{ .Values.certManager.existingIssuer.kind }}
+    name: {{ .Values.certManager.existingIssuer.name }}
+{{ else }}
+  issuerRef:
+    kind: Issuer
+    name: self-signed
+---
+apiVersion: cert-manager.io/v1
+kind: Issuer
+metadata:
+  name: self-signed
+spec:
+  selfSigned: {}
+---
+{{ end }}

helm/netobserv/templates/deployment.yaml

@@ -0,0 +1,86 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: netobserv-controller-manager
+  labels:
+    app: netobserv-operator
+    control-plane: controller-manager
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: netobserv-operator
+      control-plane: controller-manager
+  strategy: {}
+  template:
+    metadata:
+      labels:
+        app: netobserv-operator
+        control-plane: controller-manager
+    spec:
+      containers:
+      - args:
+        - --health-probe-bind-address=:8081
+        - --metrics-bind-address=127.0.0.1:8080
+        - --leader-elect
+        - --ebpf-agent-image=$(RELATED_IMAGE_EBPF_AGENT)
+        - --flowlogs-pipeline-image=$(RELATED_IMAGE_FLOWLOGS_PIPELINE)
+        - --console-plugin-image=$(RELATED_IMAGE_CONSOLE_PLUGIN)
+        - --downstream-deployment=$(DOWNSTREAM_DEPLOYMENT)
+        - --profiling-bind-address=$(PROFILING_BIND_ADDRESS)
+        command:
+        - /manager
+        env:
+        - name: RELATED_IMAGE_EBPF_AGENT
+          value: quay.io/netobserv/netobserv-ebpf-agent:v1.6.2-community
+        - name: RELATED_IMAGE_FLOWLOGS_PIPELINE
+          value: quay.io/netobserv/flowlogs-pipeline:v1.6.2-community
+        - name: RELATED_IMAGE_CONSOLE_PLUGIN
+          value: quay.io/netobserv/network-observability-console-plugin:v1.6.2-community
+        - name: DOWNSTREAM_DEPLOYMENT
+          value: "false"
+        - name: PROFILING_BIND_ADDRESS
+        image: quay.io/netobserv/network-observability-operator:1.6.2-community
+        imagePullPolicy: Always
+        livenessProbe:
+          httpGet:
+            path: /healthz
+            port: 8081
+          initialDelaySeconds: 15
+          periodSeconds: 20
+        name: manager
+        ports:
+        - containerPort: 9443
+          name: webhook-server
+          protocol: TCP
+        readinessProbe:
+          httpGet:
+            path: /readyz
+            port: 8081
+          initialDelaySeconds: 5
+          periodSeconds: 10
+        resources:
+          limits:
+            memory: 400Mi
+          requests:
+            cpu: 100m
+            memory: 100Mi
+        securityContext:
+          allowPrivilegeEscalation: false
+          capabilities:
+            drop:
+            - ALL
+          readOnlyRootFilesystem: true
+        volumeMounts:
+        - mountPath: /tmp/k8s-webhook-server/serving-certs
+          name: cert
+          readOnly: true
+      securityContext:
+        runAsNonRoot: true
+      serviceAccountName: netobserv-controller-manager
+      terminationGracePeriodSeconds: 10
+      volumes:
+      - name: cert
+        secret:
+          defaultMode: 420
+          secretName: webhook-server-cert