fix(wherabouts): fix crd not being installed in helm

[f46b83ee9]

Fix whereabouts chart where it doesn't install CRD.

[brandond]

This seems to do the opposite of what you said - it makes it possible to NOT install them by setting the value to false? They are currently always installed.

[f46b83ee9]

They weren't installed as part of the Helm chart.

I just made the same thing that was done with the Multus Chart (with the manifests.customResourceDefinition value) but made it true by default.

If you test the actual state of the chart with : helm template --debug, it won't add by default the CRD.

[brandond]

Ah hmm. We only install this as a subchart of Multus, it is never used standalone by rke2. Does this change have any impact on that use case?

[f46b83ee9]

No, it just makes whereabouts usable, otherwise it will complain about CRD missing.

[f46b83ee9]

This is the result I mentionned without any modifications.

$ pwd
~/rke2-charts/packages/rke2-whereabouts/charts
$ helm template --debug .

---
# Source: whereabouts/templates/serviceaccount.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
  name: release-name-whereabouts
  namespace: kube-system
  labels:
    app: whereabouts
    helm.sh/chart: whereabouts-0.8.0
    app: whereabouts
    app.kubernetes.io/name: whereabouts
    app.kubernetes.io/instance: release-name
    app.kubernetes.io/version: "0.8.0"
    app.kubernetes.io/managed-by: Helm
---
# Source: whereabouts/templates/configmap.yaml
apiVersion: v1
kind: ConfigMap
metadata:
  name: release-name-whereabouts-config
  namespace: kube-system
  annotations:
    kubernetes.io/description: |
      Configmap containing user customizable cronjob schedule
data:
  cron-expression: "30 4 * * *" # Default schedule is once per day at 4:30am. Users may configure this value to their liking.
---
# Source: whereabouts/templates/cluster_role.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: release-name-whereabouts
rules:
- apiGroups:
  - whereabouts.cni.cncf.io
  resources:
  - ippools
  - overlappingrangeipreservations
  verbs:
  - get
  - list
  - watch
  - create
  - update
  - patch
  - delete
- apiGroups:
  - coordination.k8s.io
  resources:
  - leases
  verbs:
  - '*'
- apiGroups: [""]
  resources:
  - pods
  verbs:
  - list
  - watch
- apiGroups: [""]
  resources:
  - nodes
  verbs:
  - get
- apiGroups: ["k8s.cni.cncf.io"]
  resources:
  - network-attachment-definitions
  verbs:
  - get
  - list
  - watch
- apiGroups:
  - ""
  - events.k8s.io
  resources:
    - events
  verbs:
  - create
  - patch
  - update
  - get
---
# Source: whereabouts/templates/cluster_role_binding.yaml
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: release-name-whereabouts
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: release-name-whereabouts
subjects:
- kind: ServiceAccount
  name: release-name-whereabouts
  namespace: kube-system
---
# Source: whereabouts/templates/daemonset.yaml
apiVersion: apps/v1
kind: DaemonSet
metadata:
  name: release-name-whereabouts
  namespace: kube-system
  labels:
    app: whereabouts
    helm.sh/chart: whereabouts-0.8.0
    app: whereabouts
    app.kubernetes.io/name: whereabouts
    app.kubernetes.io/instance: release-name
    app.kubernetes.io/version: "0.8.0"
    app.kubernetes.io/managed-by: Helm
spec:
  selector:
    matchLabels:
      name: whereabouts
      app: whereabouts
      app.kubernetes.io/name: whereabouts
      app.kubernetes.io/instance: release-name
  updateStrategy:
    type: RollingUpdate
  template:
    metadata:
      labels:
        name: whereabouts
        app: whereabouts
        app.kubernetes.io/name: whereabouts
        app.kubernetes.io/instance: release-name
    spec:
      hostNetwork: true
      serviceAccountName: release-name-whereabouts
      securityContext: #TODO still needed?
        {}
      tolerations:
      - operator: Exists
        effect: NoSchedule
      containers:
        - name: whereabouts
          command: [ "/bin/sh" ]
          args:
            - -c
            - >
              SLEEP=false /install-cni.sh &&
              /ip-control-loop -log-level debug
          securityContext:
            privileged: true
          image: "rancher/hardened-whereabouts:v0.8.0-build20241011"
          imagePullPolicy: IfNotPresent
          env:
          - name: NODENAME
            valueFrom:
              fieldRef:
                apiVersion: v1
                fieldPath: spec.nodeName
          - name: WHEREABOUTS_NAMESPACE
            valueFrom:
              fieldRef:
                fieldPath: metadata.namespace
          - name: CNI_CONF_DIR
            value: /host/etc/cni/net.d
          - name: CNI_BIN_DIR
            value: /host/opt/cni/bin
          resources:
            requests:
              cpu: 100m
              memory: 100Mi
          volumeMounts:
          - name: cnibin
            mountPath: /host/opt/cni/bin
          - name: cni-net-dir
            mountPath: /host/etc/cni/net.d
          - name: cron-scheduler-configmap
            mountPath: /cron-schedule
      volumes:
        - name: cnibin
          hostPath:
            path: /opt/cni/bin
        - name: cni-net-dir
          hostPath:
            path: /etc/cni/net.d
        - name: cron-scheduler-configmap
          configMap:
            name: release-name-whereabouts-config
            defaultMode: 0744
            items:
            - key: "cron-expression"
              path: "config"
      nodeSelector:
        kubernetes.io/os: linux
      tolerations:
        - effect: NoSchedule
          operator: Exists

[manuelbuil]

@mgfritch

[brandond]

I don't know that we specifically intend for this to be usable as a standalone chart. It only exists here to be bundled into the multus chart, where it works fine. Ref:

rke2-charts/packages/rke2-whereabouts/package.yaml

Lines 4 to 5 in 4b73f86

	# whereabouts is only used as a dependency of multus
	doNotRelease: true

When deployed as part of multus, the ippools CRD is properly installed:

brandond@dev01:~$ kubectl explain ippools
GROUP:      whereabouts.cni.cncf.io
KIND:       IPPool
VERSION:    v1alpha1

DESCRIPTION:
    IPPool is the Schema for the ippools API

FIELDS:
  apiVersion	<string>
    APIVersion defines the versioned schema of this representation of an object.
    Servers should convert recognized schemas to the latest internal value, and
    may reject unrecognized values. More info:
    https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

  kind	<string>
    Kind is a string value representing the REST resource this object
    represents. Servers may infer this from the endpoint the client submits
    requests to. Cannot be updated. In CamelCase. More info:
    https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

  metadata	<ObjectMeta>
    Standard object's metadata. More info:
    https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

  spec	<Object>
    IPPoolSpec defines the desired state of IPPool