move e2e-setup feature gate splitting into Helm chart

Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
cert-manager · May 23, 2023 · 918a13c · 918a13c
1 parent acf0741
commit 918a13c
Show file tree

Hide file tree

Showing 6 changed files with 46 additions and 21 deletions.
diff --git a/deploy/charts/cert-manager/templates/_helpers.tpl b/deploy/charts/cert-manager/templates/_helpers.tpl
@@ -172,3 +172,38 @@ https://github.com/helm/helm/issues/5358
 {{- define "cert-manager.namespace" -}}
     {{ .Values.namespace | default .Release.Namespace }}
 {{- end -}}
+
+{{- define "featureGatesController" -}}
+{{- $featureGatesController := list "AllAlpha" "AllBeta" "AdditionalCertificateOutputFormats" "ValidateCAA" "ExperimentalCertificateSigningRequestControllers" "ExperimentalGatewayAPISupport" "ServerSideApply" "LiteralCertificateSubject" "UseCertificateRequestBasicConstraints" "SecretsFilteredCaching" -}}
+{{- include "featureGates" (list $.Values.featureGates $featureGatesController) -}}
+{{- end -}}
+
+{{- define "featureGatesWebhook" -}}
+{{- $featureGatesWebhook := list "AllAlpha" "AllBeta" "AdditionalCertificateOutputFormats" "LiteralCertificateSubject" -}}
+{{- include "featureGates" (list $.Values.featureGates $featureGatesWebhook) -}}
+{{- end -}}
+
+{{- define "featureGatesCAInjector" -}}
+{{- $featureGatesCAInjector := list "AllAlpha" "AllBeta" "ServerSideApply" -}}
+{{- include "featureGates" (list $.Values.featureGates $featureGatesCAInjector) -}}
+{{- end -}}
+
+{{- define "featureGates" -}}
+{{- $featureGatesString := index . 0 -}}
+{{- $featureGates := index . 1 -}}
+{{- $featureGatesAll := list "AllAlpha" "AllBeta" "AdditionalCertificateOutputFormats" "ValidateCAA" "ExperimentalCertificateSigningRequestControllers" "ExperimentalGatewayAPISupport" "ServerSideApply" "LiteralCertificateSubject" "UseCertificateRequestBasicConstraints" "SecretsFilteredCaching" -}}
+{{- /**/ -}}
+{{- $flags := list -}}
+{{- range $gate := split "," $featureGatesString -}}
+{{-     $gateName := (split "=" $gate)._0 -}}
+{{-     $gateValue := (split "=" $gate)._1 -}}
+{{-     if not (has $gateName $featureGatesAll) -}}
+{{-         fail (printf "The featureGate %s is unknown." $gateName) -}}
+{{-     end -}}
+{{-     if has $gateName $featureGates -}}
+{{-         $flags = append $flags (printf "%s=%s" $gateName $gateValue) -}}
+{{-     end -}}
+{{- end -}}
+{{- /**/ -}}
+{{- $flags | join "," -}}
+{{- end -}}
diff --git a/deploy/charts/cert-manager/templates/cainjector-deployment.yaml b/deploy/charts/cert-manager/templates/cainjector-deployment.yaml
@@ -74,6 +74,9 @@ spec:
           - --leader-election-retry-period={{ .retryPeriod }}
           {{- end }}
           {{- end }}
+          {{- with (include "featureGatesCAInjector" $) }}
+          - --feature-gates={{ . }}
+          {{- end }}
           {{- with .Values.cainjector.extraArgs }}
           {{- toYaml . | nindent 10 }}
           {{- end }}

diff --git a/deploy/charts/cert-manager/templates/deployment.yaml b/deploy/charts/cert-manager/templates/deployment.yaml
@@ -107,8 +107,8 @@ spec:
           - --default-issuer-group={{ .defaultIssuerGroup }}
           {{- end }}
           {{- end }}
-          {{- if .Values.featureGates }}
-          - --feature-gates={{ .Values.featureGates }}
+          {{- with (include "featureGatesController" $) }}
+          - --feature-gates={{ . }}
           {{- end }}
           {{- if .Values.maxConcurrentChallenges }}
           - --max-concurrent-challenges={{ .Values.maxConcurrentChallenges }}

diff --git a/deploy/charts/cert-manager/templates/webhook-deployment.yaml b/deploy/charts/cert-manager/templates/webhook-deployment.yaml
@@ -71,8 +71,8 @@ spec:
           {{ if not $config.securePort -}}
           - --secure-port={{ .Values.webhook.securePort }}
           {{- end }}
-          {{- if .Values.featureGates }}
-          - --feature-gates={{ .Values.webhook.featureGates }}
+          {{- with (include "featureGatesWebhook" $) }}
+          - --feature-gates={{ . }}
           {{- end }}
           {{- $tlsConfig := default $config.tlsConfig "" }}
           {{ if or (not $config.tlsConfig) (and (not $tlsConfig.dynamic) (not $tlsConfig.filesystem) ) -}}

diff --git a/deploy/charts/cert-manager/values.yaml b/deploy/charts/cert-manager/values.yaml
@@ -70,7 +70,7 @@ podDisruptionBudget:
   # or a percentage value (e.g. 25%)
 
 # Comma separated list of feature gates that should be enabled on the
-# controller pod.
+# controller pod, webhook pod and/ or cainjector pod.
 featureGates: ""
 
 # The maximum number of challenges that can be scheduled as 'processing' at once
@@ -341,10 +341,6 @@ webhook:
   # Path to a file containing a WebhookConfiguration object used to configure the webhook
   # - --config=<path-to-config-file>
 
-  # Comma separated list of feature gates that should be enabled on the
-  # webhok pod.
-  featureGates: ""
-
   resources: {}
     # requests:
     #   cpu: 10m

diff --git a/make/e2e-setup.mk b/make/e2e-setup.mk
@@ -227,17 +227,10 @@ $(E2E_SETUP_OPTION_BESTPRACTICE_HELM_VALUES_FILE): | $(BINDIR)/scratch
 # supplied E2E_SETUP_OPTION_ variables.
 E2E_SETUP_OPTION_DEPENDENCIES := $(if $(E2E_SETUP_OPTION_BESTPRACTICE),e2e-setup-kyverno $(E2E_SETUP_OPTION_BESTPRACTICE_HELM_VALUES_FILE))
 
-# In make, there is no way to escape commas or spaces. So we use the
-# variables $(space) and $(comma) instead.
-null  =
-space = $(null) #
-comma = ,
-
 # Helm's "--set" interprets commas, which means we want to escape commas
 # for "--set featureGates". That's why we have "\$(comma)".
-feature_gates_controller := $(subst $(space),\$(comma),$(filter AllAlpha=% AllBeta=% AdditionalCertificateOutputFormats=% ValidateCAA=% ExperimentalCertificateSigningRequestControllers=% ExperimentalGatewayAPISupport=% ServerSideApply=% LiteralCertificateSubject=% UseCertificateRequestBasicConstraints=% SecretsFilteredCaching=%, $(subst $(comma),$(space),$(FEATURE_GATES))))
-feature_gates_webhook := $(subst $(space),\$(comma),$(filter AllAlpha=% AllBeta=% AdditionalCertificateOutputFormats=% LiteralCertificateSubject=%,   $(subst $(comma),$(space),$(FEATURE_GATES))))
-feature_gates_cainjector := $(subst $(space),\$(comma),$(filter AllAlpha=% AllBeta=% ServerSideApply=%, $(subst $(comma),$(space),$(FEATURE_GATES))))
+comma = ,
+feature_gates := $(subst $(comma),\$(comma),$(FEATURE_GATES))
 
 # Install cert-manager with E2E specific images and deployment settings.
 # The values.best-practice.yaml file is applied for compliance with the
@@ -268,10 +261,8 @@ e2e-setup-certmanager: $(BINDIR)/cert-manager.tgz $(foreach binaryname,controlle
 		--set acmesolver.image.tag="$(TAG)" \
 		--set startupapicheck.image.tag="$(TAG)" \
 		--set installCRDs=true \
-		--set featureGates="$(feature_gates_controller)" \
+		--set featureGates="$(feature_gates)" \
 		--set "extraArgs={--kube-api-qps=9000,--kube-api-burst=9000,--concurrent-workers=200}" \
-		--set webhook.featureGates="$(feature_gates_webhook)" \
-		--set "cainjector.extraArgs={--feature-gates=$(feature_gates_cainjector)}" \
 		--set "dns01RecursiveNameservers=$(SERVICE_IP_PREFIX).16:53" \
 		--set "dns01RecursiveNameserversOnly=true" \
 		$(if $(E2E_SETUP_OPTION_BESTPRACTICE),--values=$(E2E_SETUP_OPTION_BESTPRACTICE_HELM_VALUES_FILE)) \