add support to separate out CRDs in crd folder for helm chart

Makefile

@@ -149,18 +149,30 @@ validate-cainjection-files:
 	@./scripts/validate-cainjection-files.sh
 
 # Generate manifests for helm and package them up
-helm-chart-manifests: manifests
+helm-chart-manifests: generate
+	# remove generated files
+	rm -rf charts/azure-service-operator/templates/generated/
+	rm -rf charts/azure-service-operator/crds
+	# create directory for generated files
 	mkdir charts/azure-service-operator/templates/generated
+	mkdir charts/azure-service-operator/crds
+	# generate files using kustomize
 	kustomize build ./config/default -o ./charts/azure-service-operator/templates/generated
-	rm charts/azure-service-operator/templates/generated/~g_v1_namespace_azureoperator-system.yaml
-	sed -i '' -e 's@controller:latest@{{ .Values.image.repository }}@' ./charts/azure-service-operator/templates/generated/apps_v1_deployment_azureoperator-controller-manager.yaml
-	find ./charts/azure-service-operator/templates/generated/ -type f -exec sed -i '' -e 's@namespace: azureoperator-system@namespace: {{ .Values.namespace }}@' {} \;
+	# move CRD definitions to crd folder
+	find ./charts/azure-service-operator/templates/generated/*_customresourcedefinition_* -exec mv '{}' ./charts/azure-service-operator/crds \;
+	# remove namespace as we will let Helm manage it
+	rm charts/azure-service-operator/templates/generated/*_namespace_*
+	# replace hard coded ASO image with Helm templating
+	perl -pi -e s,controller:latest,"{{ .Values.image.repository }}",g ./charts/azure-service-operator/templates/generated/*_deployment_*
+	# replace hard coded namespace with Helm templating
+	find ./charts/azure-service-operator/templates/generated/ -type f -exec perl -pi -e s,azureoperator-system,"{{ .Release.Namespace }}",g {} \;
+	# create unique names so each instance of the operator has its own role binding 
+	find ./charts/azure-service-operator/templates/generated/ -name *clusterrole* -exec perl -pi -e 's/$$/-{{ .Release.Namespace }}/ if /name: azure/' {} \;
+	# package the necessary files into a tar file
 	helm package ./charts/azure-service-operator -d ./charts
+	# update Chart.yaml for Helm Repository
 	helm repo index ./charts
 
-delete-helm-gen-manifests:
-	rm -rf charts/azure-service-operator/templates/generated/
-
 # Generate manifests e.g. CRD, RBAC etc.
 manifests: controller-gen
 	$(CONTROLLER_GEN) $(CRD_OPTIONS) rbac:roleName=manager-role webhook paths="./..." output:crd:artifacts:config=config/crd/bases

README.md

@@ -86,7 +86,7 @@ Do you want to quickly deploy the latest version of Azure Service Operator on yo
     Note that the ServicePrincipal you pass to the command below needs to have access to create resources in your subscription.
 
     ```console
-    helm install aso ./azure-service-operator \
+    helm install aso ./azure-service-operator -n azureoperator-system --create-namespace \
         --set azureSubscriptionID=$AZURE_SUBSCRIPTION_ID \
         --set azureTenantID=$AZURE_TENANT_ID \
         --set azureClientID=$AZURE_CLIENT_ID \

azure-pipelines.yml

@@ -216,7 +216,7 @@ steps:
       # replace hard coded ASO image with Helm templating
       sed -i -e 's/controller:latest/{{ .Values.image.repository }}/' ./charts/azure-service-operator/templates/generated/*_deployment_*
       # replace hard coded namespace with Helm templating
-      find ./charts/azure-service-operator/templates/generated/ -type f -exec sed -i '' -e 's@namespace: azureoperator-system@namespace: {{ .Values.namespace }}@' {} \;
+      find ./charts/azure-service-operator/templates/generated/ -type f -exec sed -i '' -e 's@namespace: azureoperator-system@namespace: {{ .Release.Namespace }}@' {} \;
       # package the necessary files into a tar file
       helm package ./charts/azure-service-operator -d ./charts
       # update Chart.yaml for Helm Repository
@@ -234,18 +234,16 @@ steps:
         imagename="$(PIPELINE_CONTAINER_REGISTRY_NAME)/$(IMAGE_NAME):$(MAJOR_VERSION).$(MINOR_VERSION).$(PATCH_VERSION)"
         echo $imagename
         make install
-        helm upgrade --install aso charts/azure-service-operator-0.1.0.tgz \
+        helm upgrade --install aso charts/azure-service-operator-0.1.0.tgz -n azureoperator-system --create-namespace \
             --set azureSubscriptionID=$(AZURE_SUBSCRIPTION_ID) \
             --set azureTenantID=$(AZURE_TENANT_ID) \
             --set azureClientID=$(AZURE_CLIENT_ID) \
             --set azureClientSecret=$(AZURE_CLIENT_SECRET) \
             --set azureUseMI=true \
             --set azureOperatorKeyvault=$(AZURE_OPERATOR_KEYVAULT) \
-            --set createNamespace=true \
             --set aad-pod-identity.azureIdentity.resourceID="/subscriptions/$(AZURE_SUBSCRIPTION_ID)/resourcegroups/resourcegroup-azure-operators/providers/Microsoft.ManagedIdentity/userAssignedIdentities/$(ASO-DEVOPS-MI)" \
             --set aad-pod-identity.azureIdentity.clientID=$(POD-IDENTITY-CLIENTID) \
-            --set image.repository=$imagename \
-            --set namespace=$(OPERATOR_NAMESPACE)
+            --set image.repository=$imagename 
         kubectl get namespace
         kubectl get pods -n $(OPERATOR_NAMESPACE)
         kubectl describe pods -n $(OPERATOR_NAMESPACE)

charts/azure-service-operator/README.md

@@ -69,30 +69,45 @@ azureOperatorKeyvault: OperatorSecretKeyVault
 
 ### Install Chart
 
-If you are deploying into an already created namespace, be sure to set the following variable to false:
+#### Pre-Install
+
+Prior to installing the Helm Chart, we recommend updating your CRDs, as Helm will not remove or update them if they already exist on the cluster.
+
+##### Default Namespace
+
+If you do not need a custom namespace, run the command below to update your CRDs:
+```
+kubectl apply -f ./charts/azure-service-operator/crds/
 ```
-createNamespace: False
+
+##### Custom Namespace
+
+If installing to a custom namespace, some additional variable replacement will need to be done on the CRDs. Run the command below, replacing `your-namespace` with the desired custom namespace:
+```
+NAMESPACE=your-namespace
+find ./charts/azure-service-operator/crds/ -type f -exec perl -pi -e s,azureoperator-system,$NAMESPACE,g {} \;
 ```
 
-and specify the namespace name:
+Then, apply the CRDs:
 ```
-namespace: your-namespace
+kubectl apply -f ./charts/azure-service-operator/crds/
 ```
 
+#### Install
+
 Finally, install the chart with your added values. The chart can be installed by using a values file or environment variables.
 ```
-helm upgrade --install aso azureserviceoperator/azure-service-operator -f values.yaml
+helm upgrade --install aso azureserviceoperator/azure-service-operator -n azureoperator-system --create-namespace -f values.yaml
 ```
 
 ```
-helm upgrade --install aso azureserviceoperator/azure-service-operator \
+helm upgrade --install aso azureserviceoperator/azure-service-operator -n azureoperator-system --create-namespace \
     --set azureSubscriptionID=$AZURE_SUBSCRIPTION_ID \
     --set azureTenantID=$AZURE_TENANT_ID \
     --set azureClientID=$AZURE_CLIENT_ID \
     --set azureClientSecret=$AZURE_CLIENT_SECRET \
     --set azureUseMI=$AZURE_USE_MI \
-    --set azureOperatorKeyvault=$AZURE_OPERATOR_KEYVAULT \
-    --set createNamespace=False
+    --set azureOperatorKeyvault=$AZURE_OPERATOR_KEYVAULT
 ```
 
 ## Configuration
@@ -109,7 +124,5 @@ The following table lists the configurable parameters of the azure-service-opera
 | `azureOperatorKeyvault`  | Set this value with the name of your Azure Key Vault resource if you prefer to store secrets in Key Vault rather than as Kubernetes secrets (default) | `` |
 | `image.repository`  | Image repository | `mcr.microsoft.com/k8s/azure-service-operator:0.0.20258` |
 | `cloudEnvironment`  | Set the cloud environment, possible values include: AzurePublicCloud, AzureUSGovernmentCloud, AzureChinaCloud, AzureGermanCloud | `AzurePublicCloud` |
-| `createNamespace`  | Set to True if you would like the namespace autocreated, otherwise False if you have an existing namespace. If using an existing namespace, the `namespace` field must also be updated | `True` |
-| `namespace`  | Configure a custom namespace to deploy the operator into | `azureoperator-system` |
 | `aad-pod-identity.azureIdentity.resourceID`  | The resource ID for your managed identity | `` |
-| `aad-pod-identity.azureIdentity.clientID`  | The client ID for your managed identity | `` |
+| `aad-pod-identity.azureIdentity.clientID`  | The client ID for your managed identity | `` |

charts/azure-service-operator/crds/apiextensions.k8s.io_v1beta1_customresourcedefinition_apimgmtapis.azure.microsoft.com.yaml

@@ -0,0 +1,185 @@
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.2.5
+  creationTimestamp: null
+  name: apimgmtapis.azure.microsoft.com
+spec:
+  additionalPrinterColumns:
+  - JSONPath: .status.provisioned
+    name: Provisioned
+    type: string
+  - JSONPath: .status.message
+    name: Message
+    type: string
+  group: azure.microsoft.com
+  names:
+    kind: APIMgmtAPI
+    listKind: APIMgmtAPIList
+    plural: apimgmtapis
+    singular: apimgmtapi
+  scope: Namespaced
+  subresources:
+    status: {}
+  validation:
+    openAPIV3Schema:
+      properties:
+        apiVersion:
+          description: 'APIVersion defines the versioned schema of this representation
+            of an object. Servers should convert recognized schemas to the latest
+            internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+          type: string
+        kind:
+          description: 'Kind is a string value representing the REST resource this
+            object represents. Servers may infer this from the endpoint the client
+            submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+          type: string
+        metadata:
+          type: object
+        spec:
+          description: APIMgmtSpec defines the desired state of APIMgmt
+          properties:
+            apiId:
+              type: string
+            apiService:
+              type: string
+            location:
+              type: string
+            properties:
+              properties:
+                apiRevision:
+                  description: APIRevision - Describes the Revision of the Api. If
+                    no value is provided, default revision 1 is created
+                  type: string
+                apiRevisionDescription:
+                  description: APIRevisionDescription - Description of the Api Revision.
+                  type: string
+                apiVersion:
+                  description: APIVersion - Indicates the Version identifier of the
+                    API if the API is versioned
+                  type: string
+                apiVersionDescription:
+                  description: APIVersionDescription - Description of the Api Version.
+                  type: string
+                apiVersionSetId:
+                  description: APIVersionSetID - A resource identifier for the related
+                    ApiVersionSet.
+                  type: string
+                apiVersionSets:
+                  description: APIVersionSet - APIVersionSetContractDetails an API
+                    Version Set contains the common configuration for a set of API
+                    versions.
+                  properties:
+                    description:
+                      description: Description - Description of API Version Set.
+                      type: string
+                    id:
+                      description: ID - Identifier for existing API Version Set. Omit
+                        this value to create a new Version Set.
+                      type: string
+                    name:
+                      description: Name - The display Name of the API Version Set.
+                      type: string
+                  type: object
+                description:
+                  description: Description - Description of the API. May include HTML
+                    formatting tags.
+                  type: string
+                displayName:
+                  description: DisplayName - API name. Must be 1 to 300 characters
+                    long.
+                  type: string
+                format:
+                  description: " Format - Format of the Content in which the API is
+                    getting imported. Possible values include: \t'WadlXML', 'WadlLinkJSON',
+                    'SwaggerJSON', 'SwaggerLinkJSON', 'Wsdl', 'WsdlLink', 'Openapi',
+                    'Openapijson', 'OpenapiLink'"
+                  type: string
+                isCurrent:
+                  description: IsCurrent - Indicates if API revision is current api
+                    revision.
+                  type: boolean
+                isOnline:
+                  description: IsOnline - READ-ONLY; Indicates if API revision is
+                    accessible via the gateway.
+                  type: boolean
+                path:
+                  description: " Path - Relative URL uniquely identifying this API
+                    and all of its resource paths within the API Management service
+                    instance. \tIt is appended to the API endpoint base URL specified
+                    during the service instance creation to form a public URL for
+                    this API."
+                  type: string
+                protocols:
+                  description: Protocols - Describes on which protocols the operations
+                    in this API can be invoked.
+                  items:
+                    type: string
+                  type: array
+                serviceUrl:
+                  description: ServiceURL - Absolute URL of the backend service implementing
+                    this API. Cannot be more than 2000 characters long.
+                  type: string
+                sourceApiId:
+                  description: SourceAPIID - API identifier of the source API.
+                  type: string
+                subscriptionRequired:
+                  description: SubscriptionRequired - Specifies whether an API or
+                    Product subscription is required for accessing the API.
+                  type: boolean
+              type: object
+            resourceGroup:
+              type: string
+          required:
+          - apiId
+          - apiService
+          - location
+          - properties
+          - resourceGroup
+          type: object
+        status:
+          description: ASOStatus (AzureServiceOperatorsStatus) defines the observed
+            state of resource actions
+          properties:
+            completed:
+              format: date-time
+              type: string
+            containsUpdate:
+              type: boolean
+            failedProvisioning:
+              type: boolean
+            flattenedSecrets:
+              type: boolean
+            message:
+              type: string
+            output:
+              type: string
+            pollingUrl:
+              type: string
+            provisioned:
+              type: boolean
+            provisioning:
+              type: boolean
+            requested:
+              format: date-time
+              type: string
+            resourceId:
+              type: string
+            specHash:
+              type: string
+            state:
+              type: string
+          type: object
+      type: object
+  version: v1alpha1
+  versions:
+  - name: v1alpha1
+    served: true
+    storage: true
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []