fix: Partially revert changes from #654

Author: Techassi

.gitignore

@@ -13,6 +13,7 @@ result
 image.tar
 
 tilt_options.json
+local_values.yaml
 
 .direnv/
 .direnvrc

Makefile

@@ -105,7 +105,6 @@ compile-chart: version crds config
 
 chart-clean:
 	rm -rf "deploy/helm/${OPERATOR_NAME}/configs"
-	rm -rf "deploy/helm/${OPERATOR_NAME}/crds"
 
 version:
 	cat "deploy/helm/${OPERATOR_NAME}/Chart.yaml" | yq ".version = \"${VERSION}\" | .appVersion = \"${VERSION}\"" > "deploy/helm/${OPERATOR_NAME}/Chart.yaml.new"
@@ -117,9 +116,11 @@ config:
 		cp -r deploy/config-spec/* "deploy/helm/${OPERATOR_NAME}/configs";\
 	fi
 
+# We generate a crds.yaml, so that the effect of code changes are visible.
+# The operator will take care of the CRD rollout itself.
 crds:
-	mkdir -p deploy/helm/"${OPERATOR_NAME}"/crds
-	cargo run --bin stackable-"${OPERATOR_NAME}" -- crd | yq eval '.metadata.annotations["helm.sh/resource-policy"]="keep"' - > "deploy/helm/${OPERATOR_NAME}/crds/crds.yaml"
+	mkdir -p extra
+	cargo run --bin stackable-"${OPERATOR_NAME}" -- crd > extra/crds.yaml
 
 chart-lint: compile-chart
 	docker run -it -v $(shell pwd):/build/helm-charts -w /build/helm-charts quay.io/helmpack/chart-testing:v3.5.0  ct lint --config deploy/helm/ct.yaml

Tiltfile

@@ -17,11 +17,6 @@ custom_build(
     outputs_image_ref_to='result/ref',
 )
 
-# Load the latest CRDs from Nix
-watch_file('result')
-if os.path.exists('result'):
-   k8s_yaml('result/crds.yaml')
-
 # We need to set the correct image annotation on the operator Deployment to use e.g.
 # oci.stackable.tech/sandbox/opa-operator:7y19m3d8clwxlv34v5q2x4p7v536s00g instead of
 # oci.stackable.tech/sandbox/opa-operator:0.0.0-dev (which does not exist)
@@ -35,18 +30,12 @@ helm_values = settings.get('helm_values', None)
 
 helm_override_image_repository = 'image.repository=' + registry + '/' + operator_name
 
-# Exclude stale CRDs from Helm chart, and apply the rest
-helm_crds, helm_non_crds = filter_yaml(
-   helm(
-      'deploy/helm/' + operator_name,
-      name=operator_name,
-      namespace="stackable-operators",
-      set=[
-         helm_override_image_repository,
-      ],
-      values=helm_values,
-   ),
-   api_version = "^apiextensions\\.k8s\\.io/.*$",
-   kind = "^CustomResourceDefinition$",
-)
-k8s_yaml(helm_non_crds)
+k8s_yaml(helm(
+   'deploy/helm/' + operator_name,
+   name=operator_name,
+   namespace="stackable-operators",
+   set=[
+      helm_override_image_repository,
+   ],
+   values=helm_values,
+))

deploy/helm/secret-operator/crds/crds.yaml

@@ -1,4 +1,4 @@
-
+{{- if .Values.maintenance.customResourceDefinitions.maintain }}
 ---
 apiVersion: v1
 kind: Service
@@ -11,9 +11,11 @@ metadata:
     {{- include "operator.labels" . | nindent 4 }}
 spec:
   selector:
-    {{- include "operator.selectorLabels" . | nindent 6 }}
+    webhook.stackable.tech/conversion: enabled
+    {{- include "operator.selectorLabels" . | nindent 4 }}
   ports:
     - name: conversion-webhook
       protocol: TCP
       port: 8443
       targetPort: 8443
+{{- end }}

deploy/helm/secret-operator/templates/service.yaml

@@ -21,13 +21,13 @@ spec:
         properties:
           spec:
             description: |-
-              A [SecretClass](https://docs.stackable.tech/home/nightly/secret-operator/secretclass) is a cluster-global Kubernetes resource
+              A [SecretClass](https://docs.stackable.tech/home/25.11/secret-operator/secretclass) is a cluster-global Kubernetes resource
               that defines a category of secrets that the Secret Operator knows how to provision.
             properties:
               backend:
                 description: |-
                   Each SecretClass is associated with a single
-                  [backend](https://docs.stackable.tech/home/nightly/secret-operator/secretclass#backend),
+                  [backend](https://docs.stackable.tech/home/25.11/secret-operator/secretclass#backend),
                   which dictates the mechanism for issuing that kind of Secret.
                 oneOf:
                 - required:
@@ -41,7 +41,7 @@ spec:
                 properties:
                   autoTls:
                     description: |-
-                      The [`autoTls` backend](https://docs.stackable.tech/home/nightly/secret-operator/secretclass#backend-autotls)
+                      The [`autoTls` backend](https://docs.stackable.tech/home/25.11/secret-operator/secretclass#backend-autotls)
                       issues a TLS certificate signed by the Secret Operator.
                       The certificate authority can be provided by the administrator, or managed automatically by the Secret Operator.
 
@@ -198,7 +198,7 @@ spec:
                       A new certificate will be requested the first time it is used by a Pod, it
                       will be reused after that (subject to cert-manager renewal rules).
 
-                      [1]: https://docs.stackable.tech/home/nightly/secret-operator/secretclass#backend-certmanager
+                      [1]: https://docs.stackable.tech/home/25.11/secret-operator/secretclass#backend-certmanager
                       [cert-manager]: https://cert-manager.io/
                     properties:
                       defaultCertificateLifetime:
@@ -258,7 +258,7 @@ spec:
                     type: object
                   k8sSearch:
                     description: |-
-                      The [`k8sSearch` backend](https://docs.stackable.tech/home/nightly/secret-operator/secretclass#backend-k8ssearch)
+                      The [`k8sSearch` backend](https://docs.stackable.tech/home/25.11/secret-operator/secretclass#backend-k8ssearch)
                       can be used to mount Secrets across namespaces into Pods.
                     properties:
                       searchNamespace:
@@ -294,7 +294,7 @@ spec:
                     type: object
                   kerberosKeytab:
                     description: |-
-                      The [`kerberosKeytab` backend](https://docs.stackable.tech/home/nightly/secret-operator/secretclass#backend-kerberoskeytab)
+                      The [`kerberosKeytab` backend](https://docs.stackable.tech/home/25.11/secret-operator/secretclass#backend-kerberoskeytab)
                       creates a Kerberos keytab file for a selected realm.
                       The Kerberos KDC and administrator credentials must be provided by the administrator.
                     properties:
@@ -448,13 +448,13 @@ spec:
         properties:
           spec:
             description: |-
-              A [SecretClass](https://docs.stackable.tech/home/nightly/secret-operator/secretclass) is a cluster-global Kubernetes resource
+              A [SecretClass](https://docs.stackable.tech/home/25.11/secret-operator/secretclass) is a cluster-global Kubernetes resource
               that defines a category of secrets that the Secret Operator knows how to provision.
             properties:
               backend:
                 description: |-
                   Each SecretClass is associated with a single
-                  [backend](https://docs.stackable.tech/home/nightly/secret-operator/secretclass#backend),
+                  [backend](https://docs.stackable.tech/home/25.11/secret-operator/secretclass#backend),
                   which dictates the mechanism for issuing that kind of Secret.
                 oneOf:
                 - required:
@@ -468,7 +468,7 @@ spec:
                 properties:
                   autoTls:
                     description: |-
-                      The [`autoTls` backend](https://docs.stackable.tech/home/nightly/secret-operator/secretclass#backend-autotls)
+                      The [`autoTls` backend](https://docs.stackable.tech/home/25.11/secret-operator/secretclass#backend-autotls)
                       issues a TLS certificate signed by the Secret Operator.
                       The certificate authority can be provided by the administrator, or managed automatically by the Secret Operator.
 
@@ -625,7 +625,7 @@ spec:
                       A new certificate will be requested the first time it is used by a Pod, it
                       will be reused after that (subject to cert-manager renewal rules).
 
-                      [1]: https://docs.stackable.tech/home/nightly/secret-operator/secretclass#backend-certmanager
+                      [1]: https://docs.stackable.tech/home/25.11/secret-operator/secretclass#backend-certmanager
                       [cert-manager]: https://cert-manager.io/
                     properties:
                       defaultCertificateLifetime:
@@ -685,7 +685,7 @@ spec:
                     type: object
                   k8sSearch:
                     description: |-
-                      The [`k8sSearch` backend](https://docs.stackable.tech/home/nightly/secret-operator/secretclass#backend-k8ssearch)
+                      The [`k8sSearch` backend](https://docs.stackable.tech/home/25.11/secret-operator/secretclass#backend-k8ssearch)
                       can be used to mount Secrets across namespaces into Pods.
                     properties:
                       searchNamespace:
@@ -721,7 +721,7 @@ spec:
                     type: object
                   kerberosKeytab:
                     description: |-
-                      The [`kerberosKeytab` backend](https://docs.stackable.tech/home/nightly/secret-operator/secretclass#backend-kerberoskeytab)
+                      The [`kerberosKeytab` backend](https://docs.stackable.tech/home/25.11/secret-operator/secretclass#backend-kerberoskeytab)
                       creates a Kerberos keytab file for a selected realm.
                       The Kerberos KDC and administrator credentials must be provided by the administrator.
                     properties:
@@ -890,13 +890,13 @@ spec:
         properties:
           spec:
             description: |-
-              A [TrustStore](https://docs.stackable.tech/home/nightly/secret-operator/truststore) requests information about how to
-              validate secrets issued by a [SecretClass](https://docs.stackable.tech/home/nightly/secret-operator/secretclass).
+              A [TrustStore](https://docs.stackable.tech/home/25.11/secret-operator/truststore) requests information about how to
+              validate secrets issued by a [SecretClass](https://docs.stackable.tech/home/25.11/secret-operator/secretclass).
 
               The requested information is written to a ConfigMap with the same name as the TrustStore.
             properties:
               format:
-                description: The [format](https://docs.stackable.tech/home/nightly/secret-operator/secretclass#format) that the data should be converted into.
+                description: The [format](https://docs.stackable.tech/home/25.11/secret-operator/secretclass#format) that the data should be converted into.
                 enum:
                 - tls-pem
                 - tls-pkcs12

extra/crds.yaml

@@ -11,6 +11,7 @@ import shutil
 import subprocess
 import sys
 import tempfile
+import time
 
 __version__ = "0.0.1"
 
@@ -451,6 +452,7 @@ def main(argv) -> int:
         gen_tests(opts.test_suite, opts.namespace, opts.work_dir)
         with release_file(opts.operator, opts.skip_operator) as f:
             maybe_install_release(opts.skip_release, f, opts.listener_class_preset)
+            time.sleep(10)
         if opts.skip_tests:
             logging.info("Skip running tests.")
         else: