CLOUDP-299786: Removed helm-charts as submodule. Added helm-charts as a simple folder (#2209)

* Removed helm-charts as submodule. Added helm-charts as a simple folder

* Bumped up helm charts

* Added a way to verify if CRDs helm chart is synced with the bundle

* Added job to sync helm-charts after every merged PR

* Modified commit message

Author: igor-karpukhin

.github/workflows/sync-helm-charts.yaml

@@ -0,0 +1,109 @@
+name: Sync helm-charts
+
+on:
+  workflow_call:
+  workflow_dispatch:
+  pull_request:
+    types:
+      - closed
+
+jobs:
+  verify-helm-changes:
+    if: github.event.pull_request.merged == true && !startsWith(github.event.pull_request.title, 'dependabot')
+    name: Verify if AKO helm charts need updates
+    runs-on: ubuntu-latest
+    environment: release
+    permissions:
+      contents: write
+      pull-requests: write
+    steps:
+      - name: Checkout AKO repo
+        uses: actions/checkout@v4
+
+      - name: Install devbox
+        uses: jetify-com/[email protected]
+        with:
+          enable-cache: "true"
+
+      - name: Generate GitHub App Token
+        id: generate_token
+        uses: actions/create-github-app-token@v1
+        with:
+          app-id: ${{ secrets.AKO_RELEASER_APP_ID }}
+          private-key: ${{ secrets.AKO_RELEASER_RSA_KEY }}
+          owner: ${{ github.repository_owner }}
+          repositories: |
+            mongodb-atlas-kubernetes
+            helm-charts
+
+      - name: Checkout Helm charts repo
+        uses: actions/checkout@v4
+        with:
+          repository: mongodb/helm-charts
+          token: ${{ steps.generate_token.outputs.token }}
+          path: helm-charts-cloned
+          persist-credentials: true
+
+      - name: Patch original AKO chart dependencies
+        run: |
+          sed -i 's|repository: "file://../../helm-charts/atlas-operator-crds"|repository: "https://mongodb.github.io/helm-charts"|' helm-charts/atlas-operator/Chart.yaml
+
+      - name: Generate AKO bundle
+        env:
+          VERSION: "1.0.0"
+        run: |
+          devbox run -- "make generate bundle"
+
+      - name: Verify if CRDs were changed
+        id: crd-check
+        env:
+          HELM_CRDS_PATH: "./helm-charts-cloned/charts/atlas-operator-crds/templates"
+        run: |
+          devbox run -- "make helm-upd-crds"
+
+      - name: Verify if RBAC were changed
+        id: rbac-check
+        env:
+          HELM_RBAC_FILE: "./helm-charts-cloned/charts/atlas-operator/rbac.yaml"
+        run: |
+          devbox run -- "make helm-upd-rbac"
+
+      - name: Verify if helm-charts need to be synced
+        run: |
+          for $dir in $(ls ./helm-charts); do
+            if [[ -d "./helm-charts-cloned/charts/$dir" ]]; then
+              if [[ -n $(diff -r ./helm-charts/$dir ./helm-charts-cloned/charts/$dir) ]]; then
+                echo "Changes detected for the Chart: $dir"
+                cp -r ./helm-charts/$dir ./helm-charts-cloned/charts/$dir
+              fi
+            fi
+          done    
+
+      - name: Create PR for helm-charts repo
+        env:
+          GH_TOKEN: ${{ steps.generate_token.outputs.token }}
+        run: |
+          cd ./helm-charts-cloned
+
+          if [[ -n $(git status --porcelain) ]]; then
+            jobname=${{ github.run_id }}
+            if [[ -n "${{ github.event.pull_request.title }}" ]]; then
+              jobname=$(echo "${{ github.event.pull_request.title }}" | tr -c '[:alnum:]-_' '_')
+            fi
+
+            BRANCH_NAME=ako-helm-update-"${jobname}"
+            COMMIT_MSG="[autogenerated] update AKO helm-charts ${jobname}"
+            echo "Changes detected. Creating PR"
+
+            git config --local user.email "[email protected]"
+            git config --local user.name "ako-releaser"
+
+            git checkout -b "${BRANCH_NAME}"
+            git add .
+            git commit -m "${COMMIT_MSG}"
+
+            git push origin "${BRANCH_NAME}"
+
+            gh pr create --base main --head "${BRANCH_NAME}" --title "${COMMIT_MSG}" --body "${COMMIT_MSG}"
+          fi
+          echo "Nothing to commit"

.github/workflows/update-helm.yaml

@@ -3,9 +3,10 @@ name: Helm update
 on:
   workflow_call:
   workflow_dispatch:
-  pull_request:
-    types:
-      - closed
+# TODO: remove after the job "Sync helm-charts" is applied to the main branch
+#  pull_request:
+#    types:
+#      - closed
 
 jobs:
   verify-helm-changes:

.gitmodules

@@ -1,3 +0,0 @@
-[submodule "helm-charts"]
-	path = helm-charts
-	url = [email protected]:mongodb/helm-charts.git

Makefile

@@ -287,6 +287,23 @@ endif
 validate-manifests: generate manifests
 	$(MAKE) check-missing-files
 
+.PHONE: sync-crds-chart
+sync-crds-chart:
+	@cp -r bundle/manifests/atlas.mongodb.com_* helm-charts/atlas-operator-crds/templates/
+
+.PHONY: validate-crds-chart
+validate-crds-chart: ## Validate the CRDs in the Helm chart
+	@echo "Validating CRDs in the Helm chart"
+	@for file in bundle/manifests/atlas.mongodb.com_*.yaml; do \
+		helm_file=helm-charts/atlas-operator-crds/templates/$$(basename $$file); \
+		if ! cmp -s $$file $$helm_file; then \
+			echo "CRD files do not match: $$file and $$helm_file"; \
+			exit 1; \
+		fi; \
+	done
+	@echo "All CRD files match"
+	@cd helm-charts/atlas-operator-crds && helm template . > /dev/null
+
 .PHONY: bundle
 bundle: manifests  ## Generate bundle manifests and metadata, then validate generated files.
 	@echo "Building bundle $(VERSION)"

helm-charts

@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/

helm-charts/atlas-advanced/.helmignore

@@ -0,0 +1,18 @@
+apiVersion: v2
+name: atlas-advanced
+description: This chart showcases Atlas Advanced (dedicated) deployment
+
+type: application
+
+version: 1.0.0
+
+keywords:
+  - mongodb
+  - database
+  - nosql
+home: https://github.com/mongodb/mongodb-atlas-kubernetes
+icon: https://webimages.mongodb.com/_com_assets/cms/kuyjf3vea2hg34taa-horizontal_default_slate_blue.svg
+appVersion: "2.4.1"
+maintainers:
+  - name: MongoDB
+    email: [email protected]

helm-charts/atlas-advanced/Chart.yaml

@@ -0,0 +1,86 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "atlas-advanced.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "atlas-advanced.fullname" -}}
+{{- if .Values.deployment.name }}
+{{- .Values.deployment.name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.deployment.name }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{- define "atlas-advanced.projectfullname" -}}
+{{- if .Values.project.name }}
+{{- .Values.project.name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.project.name }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "atlas-advanced.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "atlas-advanced.labels" -}}
+helm.sh/chart: {{ include "atlas-advanced.chart" . }}
+{{ include "atlas-advanced.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "atlas-advanced.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "atlas-advanced.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{- define "generateRandomString" -}}
+{{ randAlphaNum 5 }}
+{{- end }}
+
+{{- define "getInstanceSizeOrFail" -}}
+{{- $arg := . -}}
+{{ $instances := list "M10" "M20" "M30" "M40" "M50" "M60" "M80" "M100" "M140" "M200" "M300" "R40" "R50" "R60" "R80" "R200" "R300" "R400" "R700" "M40_NVME" "M50_NVME" "M60_NVME" "M80_NVME" "M200_NVME" "M400_NVME" }}
+{{- if not (has (toString $arg) $instances)}}
+{{- fail (printf "Instance size can only be one of: %s " (join "," $instances)) }}
+{{- end }}
+{{- $arg -}}
+{{- end }}
+
+{{- define "getProviderNameOrFail" -}}
+{{- $arg := . -}}
+{{ $providers := list "AWS" "GCP" "AZURE" }}
+{{- if not (has (toString $arg) $providers) }}
+{{- fail (printf "Provider name can only be one of: %s. Got %s" (join "," $providers) $arg) }}
+{{- end }}
+{{- $arg -}}
+{{- end }}

helm-charts/atlas-advanced/templates/_helpers.tpl

@@ -0,0 +1,33 @@
+apiVersion: atlas.mongodb.com/v1
+kind: AtlasDeployment
+metadata:
+  name: {{ include "atlas-advanced.fullname" $ }}
+  labels:
+    {{- include "atlas-advanced.labels" $ | nindent 4 }}
+  namespace: {{ $.Release.Namespace }}
+spec:
+  projectRef:
+    name: {{ include "atlas-advanced.projectfullname" $ }}
+    namespace: {{ $.Release.Namespace }}
+  deploymentSpec:
+    name: {{ include "atlas-advanced.fullname" $ }}
+    clusterType: REPLICASET
+    replicationSpecs:
+      - zoneName: Zone 1
+        regionConfigs:
+        {{- range $idx, $val := index .Values.deployment.regions }}
+          - regionName: {{ $val.name }}
+            electableSpecs:
+              instanceSize: {{ include "getInstanceSizeOrFail" $val.instanceSize }}
+              nodeCount: {{ $val.nodeCount }}
+            providerName: {{ include "getProviderNameOrFail" $val.providerName }}
+            backingProviderName: {{ include "getProviderNameOrFail" $val.providerName }}
+            priority: {{ $val.priority }}
+            {{- if $val.autoscaling.enabled }}
+            autoScaling:
+              compute:
+                enabled: true
+                minInstanceSize: {{ include "getInstanceSizeOrFail" $val.autoscaling.min }}
+                maxInstanceSize: {{ include "getInstanceSizeOrFail" $val.autoscaling.max }}
+            {{- end }}
+        {{- end }}

helm-charts/atlas-advanced/templates/atlas-deployment.yaml

@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ include "atlas-advanced.fullname" $ }}-{{ .Values.dbUser.name }}
+  namespace: {{ $.Release.Namespace }}
+  labels:
+    atlas.mongodb.com/type: "credentials"
+    {{- include "atlas-advanced.labels" $ | nindent 4 }}
+type: Opaque
+stringData:
+  password: {{ .Values.dbUser.password | default (randAlphaNum 32 | b64enc)| quote }}

helm-charts/atlas-advanced/templates/atlas-mongodb-user-secret.yaml

@@ -0,0 +1,18 @@
+apiVersion: atlas.mongodb.com/v1
+kind: AtlasDatabaseUser
+metadata:
+  name: {{ include "atlas-advanced.fullname" $ }}-{{ .Values.dbUser.name }}
+  namespace: {{ $.Release.Namespace }}
+  labels:
+    {{- include "atlas-advanced.labels" $ | nindent 4 }}
+spec:
+  username: {{ .Values.dbUser.name }}
+  databaseName: {{ .Values.dbUser.databaseName }}
+  passwordSecretRef:
+    name: {{ include "atlas-advanced.fullname" $ }}-{{ .Values.dbUser.name }}
+  projectRef:
+    name: {{ include "atlas-advanced.projectfullname" $ }}
+    namespace: {{ $.Release.Namespace }}
+  roles:
+    - roleName: "readWriteAnyDatabase"
+      databaseName: "admin"

helm-charts/atlas-advanced/templates/atlas-mongodb-user.yaml

@@ -0,0 +1,15 @@
+apiVersion: atlas.mongodb.com/v1
+kind: AtlasProject
+metadata:
+  name: {{ include "atlas-advanced.projectfullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "atlas-advanced.labels" . | nindent 4 }}
+spec:
+  name: {{ include "atlas-advanced.projectfullname" . }}
+  connectionSecretRef:
+    name: {{ include "atlas-advanced.fullname" . }}-secret
+    namespace: {{ $.Release.Namespace }}
+  projectIpAccessList:
+    - comment: "Example"
+      cidrBlock: {{ .Values.project.cidrEntry }}

helm-charts/atlas-advanced/templates/atlas-project.yaml

@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: Secret
+type: Opaque
+metadata:
+  name: {{ include "atlas-advanced.fullname" . }}-secret
+  namespace: {{ .Release.Namespace }}
+  labels:
+    atlas.mongodb.com/type: "credentials"
+data:
+  orgId: {{ .Values.secret.orgID | b64enc }}
+  publicApiKey: {{ .Values.secret.publicKey | b64enc }}
+  privateApiKey: {{ .Values.secret.privateKey | b64enc }}