feat(manifests): Generate static manifests from the Helm Chart (#610)

Signed-off-by: Frank Jogeleit <frank.jogeleit@web.de>

Makefile

@@ -125,6 +125,38 @@ kind-load: $(KIND) ko-build ## Build playground image and load it in kind cluste
 # CODEGEN #
 ###########
 
+.PHONY: codegen-static-manifests
+codegen-static-manifests: $(HELM) ## Generate helm docs
+	@echo Generate static manifests... >&2
+	@$(HELM) template policy-reporter ./charts/policy-reporter \
+		--set static=true \
+		--set metrics.enabled=true \
+		--set rest.enabled=true \
+		-n policy-reporter \
+		--create-namespace > manifests/policy-reporter/install.yaml
+	@$(HELM) template policy-reporter ./charts/policy-reporter \
+		--set static=true \
+		--set metrics.enabled=true \
+		--set ui.enabled=true \
+		-n policy-reporter \
+		--create-namespace > manifests/policy-reporter-ui/install.yaml
+	@$(HELM) template policy-reporter ./charts/policy-reporter --set static=true \
+		--set metrics.enabled=true \
+		--set ui.enabled=true \
+		--set plugin.kyverno.enabled=true \
+		-n policy-reporter \
+		--create-namespace > manifests/policy-reporter-kyverno-ui/install.yaml
+	@$(HELM) template policy-reporter ./charts/policy-reporter \
+		--set static=true \
+		--set metrics.enabled=true \
+		--set ui.enabled=true \
+		--set plugin.kyverno.enabled=true \
+		--set replicaCount=2 \
+		--set ui.replicaCount=2 \
+		--set plugin.kyverno.replicaCount=2 \
+		-n policy-reporter \
+		--create-namespace > manifests/policy-reporter-kyverno-ui-ha/install.yaml
+
 .PHONY: codegen-helm-docs
 codegen-helm-docs: ## Generate helm docs
 	@echo Generate helm docs... >&2

charts/policy-reporter/templates/_helpers.tpl

@@ -29,14 +29,16 @@ Create chart name and version as used by the chart label.
 Common labels
 */}}
 {{- define "policyreporter.labels" -}}
-helm.sh/chart: {{ include "policyreporter.chart" . }}
 {{ include "policyreporter.selectorLabels" . }}
 {{- if .Chart.AppVersion }}
 app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
 {{- end }}
 app.kubernetes.io/component: reporting
-app.kubernetes.io/managed-by: {{ .Release.Service }}
 app.kubernetes.io/part-of: policy-reporter
+{{- if not .Values.static }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+helm.sh/chart: {{ include "policyreporter.chart" . }}
+{{- end }}
 {{- with .Values.global.labels }}
 {{ toYaml . }}
 {{- end -}}
@@ -46,9 +48,11 @@ app.kubernetes.io/part-of: policy-reporter
 Pod labels
 */}}
 {{- define "policyreporter.podLabels" -}}
-helm.sh/chart: {{ include "policyreporter.chart" . }}
 app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
 app.kubernetes.io/part-of: policy-reporter
+{{- if not .Values.static }}
+helm.sh/chart: {{ include "policyreporter.chart" . }}
+{{- end }}
 {{- end }}
 
 {{/*

charts/policy-reporter/templates/cluster-secret.yaml

@@ -1,3 +1,4 @@
+{{- if .Values.ui.enabled -}}
 apiVersion: v1
 kind: Secret
 metadata:
@@ -23,4 +24,5 @@ data:
   {{- if .Values.plugin.trivy.enabled }}
   {{- $host := printf "http://%s:%d/vulnr" (include "trivy-plugin.fullname" .) (.Values.plugin.trivy.service.port | int) }}
   plugin.trivy: {{ (printf "{\"host\":\"%s\", \"name\":\"Trivy Vulnerability\", \"username\":\"%s\", \"password\":\"%s\"}" $host $username $password) | b64enc }}
-  {{- end }}
+  {{- end }}
+{{- end }}

charts/policy-reporter/templates/monitoring/_helpers.tpl

@@ -23,13 +23,17 @@ Create chart name and version as used by the chart label.
 Common labels
 */}}
 {{- define "monitoring.labels" -}}
+{{- if not .Values.static }}
 helm.sh/chart: {{ include "monitoring.chart" . }}
+{{- end -}}
 {{ include "monitoring.selectorLabels" . }}
 {{- if .Chart.AppVersion }}
 app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
 {{- end }}
 app.kubernetes.io/component: monitoring
+{{- if not .Values.static }}
 app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
 app.kubernetes.io/part-of: kyverno
 {{- with .Values.global.labels }}
 {{ toYaml . }}

charts/policy-reporter/templates/monitoring/clusterpolicy-details.dashboard.yaml

@@ -1,3 +1,4 @@
+{{- if and .Values.monitoring.enabled }}
 {{ $root := .Values.monitoring }}
 
 {{- if and $root.grafana.dashboards.enabled $root.grafana.dashboards.enable.clusterPolicyReportDetails }}
@@ -932,3 +933,4 @@ data:
     "version": 1
     }
 {{- end }}
+{{- end }}

charts/policy-reporter/templates/monitoring/clusterpolicy-details.grafanadashboard.yaml

@@ -1,4 +1,4 @@
-{{- if and .Values.monitoring.grafana.dashboards.enabled .Values.monitoring.grafana.dashboards.enable.clusterPolicyReportDetails .Values.monitoring.grafana.grafanaDashboard.enabled }}
+{{- if and .Values.monitoring.enabled .Values.monitoring.grafana.dashboards.enabled .Values.monitoring.grafana.dashboards.enable.clusterPolicyReportDetails .Values.monitoring.grafana.grafanaDashboard.enabled }}
 apiVersion: grafana.integreatly.org/v1beta1
 kind: GrafanaDashboard
 metadata:

charts/policy-reporter/templates/monitoring/overview.dashboard.yaml

@@ -1,3 +1,4 @@
+{{- if and .Values.monitoring.enabled }}
 {{ $root := .Values.monitoring }}
 
 {{- if and $root.grafana.dashboards.enabled $root.grafana.dashboards.enable.overview }}
@@ -688,3 +689,4 @@ data:
     "version": 1
     }
 {{- end }}
+{{- end }}

charts/policy-reporter/templates/monitoring/overview.grafanadashboard.yaml

@@ -1,4 +1,4 @@
-{{- if and .Values.monitoring.grafana.dashboards.enabled .Values.monitoring.grafana.dashboards.enable.overview .Values.monitoring.grafana.grafanaDashboard.enabled }}
+{{- if and .Values.monitoring.enabled .Values.monitoring.grafana.dashboards.enabled .Values.monitoring.grafana.dashboards.enable.overview .Values.monitoring.grafana.grafanaDashboard.enabled }}
 apiVersion: grafana.integreatly.org/v1beta1
 kind: GrafanaDashboard
 metadata:

charts/policy-reporter/templates/monitoring/policy-details.dashboard.yaml

@@ -1,3 +1,4 @@
+{{- if and .Values.monitoring.enabled }}
 {{ $root := .Values.monitoring }}
 
 {{- if and $root.grafana.dashboards.enabled $root.grafana.dashboards.enable.policyReportDetails }}
@@ -971,3 +972,4 @@ data:
     "version": 1
     }
 {{- end }}
+{{- end }}

charts/policy-reporter/templates/monitoring/policy-details.grafanadashboard.yaml

@@ -1,4 +1,4 @@
-{{- if and .Values.monitoring.grafana.dashboards.enabled .Values.monitoring.grafana.dashboards.enable.policyReportDetails .Values.monitoring.grafana.grafanaDashboard.enabled }}
+{{- if and .Values.monitoring.enabled .Values.monitoring.grafana.dashboards.enabled .Values.monitoring.grafana.dashboards.enable.policyReportDetails .Values.monitoring.grafana.grafanaDashboard.enabled }}
 apiVersion: grafana.integreatly.org/v1beta1
 kind: GrafanaDashboard
 metadata:

charts/policy-reporter/templates/plugins/kyverno/_helpers.tpl

@@ -25,12 +25,14 @@ Create chart name and version as used by the chart label.
 Common labels
 */}}
 {{- define "kyverno-plugin.labels" -}}
-helm.sh/chart: {{ include "kyverno-plugin.chart" . }}
 {{ include "kyverno-plugin.selectorLabels" . }}
 {{- if .Chart.AppVersion }}
 app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
 {{- end }}
+{{- if not .Values.static }}
 app.kubernetes.io/managed-by: {{ .Release.Service }}
+helm.sh/chart: {{ include "kyverno-plugin.chart" . }}
+{{- end -}}
 {{- with .Values.global.labels }}
 {{ toYaml . }}
 {{- end -}}

charts/policy-reporter/templates/plugins/trivy/_helpers.tpl

@@ -25,12 +25,14 @@ Create chart name and version as used by the chart label.
 Common labels
 */}}
 {{- define "trivy-plugin.labels" -}}
-helm.sh/chart: {{ include "trivy-plugin.chart" . }}
 {{ include "trivy-plugin.selectorLabels" . }}
 {{- if .Chart.AppVersion }}
 app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
 {{- end }}
+{{- if not .Values.static }}
 app.kubernetes.io/managed-by: {{ .Release.Service }}
+helm.sh/chart: {{ include "trivy-plugin.chart" . }}
+{{- end }}
 {{- with .Values.global.labels }}
 {{ toYaml . }}
 {{- end -}}

charts/policy-reporter/templates/ui/_helpers.tpl

@@ -25,12 +25,14 @@ Create chart name and version as used by the chart label.
 Common labels
 */}}
 {{- define "ui.labels" -}}
-helm.sh/chart: {{ include "ui.chart" . }}
 {{ include "ui.selectorLabels" . }}
 {{- if .Chart.AppVersion }}
 app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
 {{- end }}
+{{- if not .Values.static }}
 app.kubernetes.io/managed-by: {{ .Release.Service }}
+helm.sh/chart: {{ include "ui.chart" . }}
+{{- end }}
 {{- with .Values.global.labels }}
 {{ toYaml . }}
 {{- end -}}

manifests/README.md

@@ -0,0 +1,37 @@
+# Installation Manifests for Policy Reporter
+
+You can use this manifests to install Policy Reporter without additional tools like Helm or Kustomize. The manifests are structured into five installations.
+
+The installation requires to be in the `policy-reporter` namespace. As its the configured namespaces for RBAC resources.
+
+## Policy Reporter
+
+The `policy-reporter` folder is a basic installation for Policy Reporter without the UI or other components. It runs with the REST API and Metrics Endpoint enabled.
+
+```bash
+kubectl apply -f https://raw.githubusercontent.com/kyverno/policy-reporter/main/manifests/policy-reporter/install.yaml
+```
+
+## Policy Reporter UI
+
+The `policy-reporter-ui` folder installs Policy Reporter together with the Policy Reporter UI components and Metrics enabled.
+
+```bash
+kubectl apply -f https://raw.githubusercontent.com/kyverno/policy-reporter/main/manifests/policy-reporter-ui/install.yaml
+```
+
+## Policy Reporter UI + Kyverno Plugin
+
+The `policy-reporter-kyverno-ui` folder installs Policy Reporter together with the Policy Reporter UI, Kyverno Plugin components and Metrics enabled.
+
+```bash
+kubectl apply -f https://raw.githubusercontent.com/kyverno/policy-reporter/main/manifests/policy-reporter-kyverno-ui/install.yaml
+```
+
+## Policy Reporter UI + Kyverno Plugin in HA Mode
+
+The `policy-reporter-kyverno-ui-ha` installs the same compoments as `policy-reporter-kyverno-ui` but runs all components in HA mode (2 replicas) and creates additional resources for leader elections.
+
+```bash
+kubectl apply -f https://raw.githubusercontent.com/kyverno/policy-reporter/main/manifests/policy-reporter-kyverno-ui-ha/install.yaml
+```