How to install authorino-operator with Helm ?

[eshepelyuk]

Hello

In source code I see that helm chart exists, but there's no any mention about where it's published and how to access it.
Also Helm chart is not listed in https://artifacthub.io

[guicassolato]

cc @didierofrivia

[eshepelyuk]

Hello @guicassolato @didierofrivia

Not sure where should I open an issue, so duplicating also here

Kuadrant/helm-charts#14

I am following README. but receiving this error

helm repo add kuadrant https://kuadrant.io/helm-charts/ --force-update
helm install limitador-operator kuadrant/limitador-operator

Error: INSTALLATION FAILED: chart "limitador-operator" matching  not found in kuadrant index. (try 'helm repo update'): no chart version found for limitador-operator-

helm search also doesn't return any results

helm search repo authorino
No results found

[didierofrivia]

Hi there @eshepelyuk, first, thanks a lot for being interested in our Kuadrant services! Second, I'm really sorry that it's not straight forward at the moment... It's a bit beta currently, but will be fully documented in our GA soon ;)

Buuuut... answering your question, you'll need to pass the --devel flag in order to see and install the non GA releases as so:

⇒  helm search repo authorino --devel
NAME                       	CHART VERSION	APP VERSION	DESCRIPTION
kuadrant/authorino-operator	0.12.0-alpha1	           	Kubernetes operator for managing Authorino inst...
kuadrant/kuadrant-operator 	0.9.0-alpha1 	           	The Operator to install and manage the lifecycl...
⇒  helm search repo limitador --devel
NAME                       	CHART VERSION	APP VERSION	DESCRIPTION
kuadrant/limitador-operator	0.10.0-alpha3	           	Kubernetes operator for managing Limitador inst...
kuadrant/kuadrant-operator 	0.9.0-alpha1 	           	The Operator to install and manage the lifecycl...

Very soon we'll be updating the docs and publishing the new charts, thanks again!

[eshepelyuk]

Hello,
But authorino-operator is not RC, it's a regular version 0.12.0 and should be listed by default.

[didierofrivia]

You are correct, can you force update the helm repo and check again?

 ⇒  helm search repo authorino
NAME                       	CHART VERSION	APP VERSION	DESCRIPTION
kuadrant/authorino-operator	0.12.0       	           	Kubernetes operator for managing Authorino inst...

[eshepelyuk]

You are correct, can you force update the helm repo and check again?

 ⇒  helm search repo authorino
NAME                       	CHART VERSION	APP VERSION	DESCRIPTION
kuadrant/authorino-operator	0.12.0       	           	Kubernetes operator for managing Authorino inst...

Yes, currently it works

[eshepelyuk]

May I ask why don't you use OCI registry to publish Helm charts ?
Github, Quay and DockerHub already supports this.

[didierofrivia]

@eshepelyuk There are many things that we are considering before making public the Kuadrant helm charts, one of them is OCI. We want to be consistent before subscribing our repo to artifacthub.io

[eshepelyuk]

Hello, another comment partially related to #41

Currently chart includes mqnifewt of namespace creation.
This brings a lot of issues when working with helm and helm based tools.

The idea of namesapce creation in Helm that it is handled by helm itself, before applying any manifests from chart.
There are too flags in Helm responsible for that --namespace and `--create-namespace.

Those flags are passed to Helm CLI or Helm libraries based tools, so namespace ia created before applying manifests.

Currently, namespace is rendere and applied as a regular resource, so it is annotated by special Helm annotations, to mark NS as a part of chart release.

First of all this disallows installing a chart into arbitrary namespace by passing above-mentioned flags. Second, when flags are omitted the NS is annotated with release-namespace of the current namespece, i.e. where from Helm CLI was invoked. So next time when upgrading a chart if CLI is called from different namespace, installation fails.

Basically the namespace manifest should be removed from chart and namespace should be created by Helm itself, as it commonly done in Helm charts. Also namespace should be removed from the metadata of all other resources included into a chart, so all of them will be created inthe namespace provided via Helm CLI, allowing installation into arbitrary namespace via regular Helm flow\approach.

[guicassolato]

@eshepelyuk

wrt operator namespace, I believe the main problem with it is the configuration of the webhook in the CRD, which has to match the operator's namespace. This includes the reference to the service in the client config and the certificate request and injection at least.

Then there's the reference to the operator's ServiceAccount in the RBAC resources.

I don't remember how Kuadrant handles these TBH. Maybe @didierofrivia does.

Hopefully there's a way to do it in Helm.

[eshepelyuk]

I understand thst installation into arbitrary namespace may be harder, and IMO it requires manual Helm template creation that would leverage {{ .Release.Namespace }}.

But more painful issue is a Namespace resource manifest, it should be removed and namespace creation should be delegated to Helm.

[eshepelyuk]

I assume somewhere near this line the build scripts can be adjusted to remove Namespace from generated Helm chart ?

authorino-operator/make/helm.mk

Line 8 in d40dba0

$(KUSTOMIZE) build config/helm > charts/authorino-operator/templates/manifests.yaml

[eshepelyuk]

As a proposal - naive command line that

• removes Namespace from Helm manifests
• uses namespace provided by Helm's --namespace flag insteaf of harcoded

FL='charts/authorino-operator/templates/manifests.yaml'
yq -i 'select(.kind!="Namespace")' ${FL}
sed -i 's/namespace:\sauthorino-operator/namespace: {{ .Release.Namespace }}/g' ${FL}

After applying this "patch" one call helm template -n myns . and namespace in rendered manifests will be equal to myns

[guicassolato]

As a proposal - naive command line that

* removes `Namespace` from Helm manifests

* uses namespace provided by Helm's `--namespace` flag insteaf of harcoded

FL='charts/authorino-operator/templates/manifests.yaml'
yq -i 'select(.kind!="Namespace")' ${FL}
sed -i 's/namespace:\sauthorino-operator/namespace: {{ .Release.Namespace }}/g' ${FL}

After applying this "patch" one call helm template -n myns . and namespace in rendered manifests will be equal to myns

@eshepelyuk, that's not bad. However, I may have found a different approach that takes care of delegating the creation of the namespace to Helm as you want, without having to edit the template file with yq (which messes with the indentation of the file), and, at the same time, solving for the Certificate resource as well.

Please let me know if that would work for you.

[eshepelyuk]

Please let me know if that would work for you.

This approach looks better and if it generates proper chart - that would be great improvement.

[eshepelyuk]

Checked with v0.13.0 - namespace are working fine.