Helm chart update

[EronWright]

Proposed changes

Updates the Helm chart to install PKOv2, as similarly as possible to operator/config/default.

Details:

• adds an aggregation role (view/edit) for the Pulumi API groups
• tweaks the controller's resources such that limits equals resources to have "guaranteed" qos
• exposes the metrics port and the fileserver port
• supports two rbac modes for the controller - ClusterRole and Role

To install:

helm upgrade --install pulumi-kubernetes-operator ./deploy/helm/pulumi-operator

Related issues (optional)

Closes #684

[codecov]

Codecov Report

Attention: Patch coverage is 0% with 1 line in your changes missing coverage. Please review.

Project coverage is 49.23%. Comparing base (3c0c7a9) to head (fb5b455).
Report is 1 commits behind head on v2.

Files with missing lines	Patch %	Lines
...r/internal/controller/pulumi/program_controller.go	0.00%	1 Missing ⚠️

Additional details and impacted files

@@           Coverage Diff           @@
##               v2     #695   +/-   ##
=======================================
  Coverage   49.23%   49.23%           
=======================================
  Files          26       26           
  Lines        2890     2890           
=======================================
  Hits         1423     1423           
  Misses       1290     1290           
  Partials      177      177           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[EronWright]

Rationale for changing the version info:

• appVersion is used as the image tag in deployment.yaml and should match our normal version string. The prerelease target will replace the value with the tag.
• version is the chart version, and I would advocate for doing a major bump.

[EronWright]

Update: I think I know the original purpose of the ClusterRole, it was to grant admin-level access to the Pulumi program and its Kubernetes Provider, not simply to grant the requisite access to the operator. Now I have repurposed it to support a cluster-wide installation of the operator. The Pulumi program runs in its own service account and user-controlled bindings.

So createClusterRole and clusterRoleRules are obsolete. Under the new rbac section there's some flags related to the operator's rbac.

[EronWright]

one either creates a clusterrole or a role for the controller manager, depending on whether you want a namepaced installation of the operator. There's still some follow-up work needed (#690), but the helm piece is in place.

[EronWright]

Rationale for changing the resources is to ensure that the pod is assigned the "Guaranteed" QoS class.

[rquitales]

LGTM

I assume users will also need to manually apply the new CRDs first before running: helm upgrade --install pulumi-kubernetes-operator ./deploy/helm/pulumi-operator?

[blampe]

Awesome!

Obviously not something that we need to resolve now but it would be nice to more easily keep this in sync with the generated configs. There's kubernetes-sigs/kubebuilder#3074 which took me to https://github.com/arttor/helmify which looks interesting.

[rquitales]

Awesome!

Obviously not something that we need to resolve now but it would be nice to more easily keep this in sync with the generated configs. There's kubernetes-sigs/kubebuilder#3074 which took me to https://github.com/arttor/helmify which looks interesting.

@blampe the original helm chart for v1 was actually scaffolded using helmify.