Add Helm Chart examples (#2292)

Problem: We don't have an easy way to deploy NGF for common use cases

Solution: Create an examples directory with common use cases for deploying Helm. As an added bonus we can generate manifests automatically from the examples.

.gitignore

@@ -54,3 +54,7 @@ internal/mode/static/nginx/modules/coverage
 
 # SSH config files
 *.ssh
+
+# temporary files used for manifest generation
+config/base/deploy.yaml
+config/base/deploy.yaml.bak

.goreleaser.yml

@@ -62,10 +62,3 @@ milestones:
 
 snapshot:
   name_template: "edge"
-
-release:
-  extra_files:
-    - glob: ./deploy/manifests/nginx-gateway.yaml
-    - glob: ./deploy/manifests/nginx-plus-gateway.yaml
-    - glob: ./deploy/manifests/nginx-gateway-experimental.yaml
-    - glob: ./deploy/manifests/nginx-plus-gateway-experimental.yaml

.yamllint.yaml

@@ -29,8 +29,6 @@ rules:
     spaces: consistent
     indent-sequences: consistent
     check-multi-line-strings: true
-    ignore: |
-      deploy/manifests/nginx-gateway.yaml
   key-duplicates: enable
   key-ordering: disable
   line-length:
@@ -39,7 +37,6 @@ rules:
     allow-non-breakable-inline-mappings: true
     ignore: |
       .github/
-      deploy/manifests/nginx-gateway.yaml
       tests/suite/manifests/longevity/cronjob.yaml
       .goreleaser.yml
   new-line-at-end-of-file: enable

Makefile

@@ -1,7 +1,6 @@
 # variables that should not be overridden by the user
 VERSION = edge
 SELF_DIR := $(dir $(lastword $(MAKEFILE_LIST)))
-MANIFEST_DIR = $(CURDIR)/deploy/manifests
 CHART_DIR = $(SELF_DIR)charts/nginx-gateway-fabric
 NGINX_CONF_DIR = internal/mode/static/nginx/conf
 NJS_DIR = internal/mode/static/nginx/modules/src
@@ -36,8 +35,6 @@ TARGET ?= local## The target of the build. Possible values: local and container
 OUT_DIR ?= build/out## The folder where the binary will be stored
 GOARCH ?= amd64## The architecture of the image and/or binary. For example: amd64 or arm64
 GOOS ?= linux## The OS of the image and/or binary. For example: linux or darwin
-override HELM_TEMPLATE_COMMON_ARGS += --set creator=template --set nameOverride=nginx-gateway## The common options for the Helm template command.
-override HELM_TEMPLATE_EXTRA_ARGS_FOR_ALL_MANIFESTS_FILE += --set service.create=false## The options to be passed to the full Helm templating command only.
 override NGINX_DOCKER_BUILD_OPTIONS += --build-arg NJS_DIR=$(NJS_DIR) --build-arg NGINX_CONF_DIR=$(NGINX_CONF_DIR) --build-arg BUILD_AGENT=$(BUILD_AGENT)
 
 .DEFAULT_GOAL := help
@@ -124,15 +121,7 @@ uninstall-gateway-crds: ## Uninstall Gateway API CRDs
 
 .PHONY: generate-manifests
 generate-manifests: ## Generate manifests using Helm.
-	helm template nginx-gateway $(CHART_DIR) $(HELM_TEMPLATE_COMMON_ARGS) $(HELM_TEMPLATE_EXTRA_ARGS_FOR_ALL_MANIFESTS_FILE) -n nginx-gateway | cat $(strip $(MANIFEST_DIR))/namespace.yaml - > $(strip $(MANIFEST_DIR))/nginx-gateway.yaml
-	helm template nginx-gateway $(CHART_DIR) $(HELM_TEMPLATE_COMMON_ARGS) $(HELM_TEMPLATE_EXTRA_ARGS_FOR_ALL_MANIFESTS_FILE) --set nginx.plus=true --set nginx.image.repository=$(NGINX_PLUS_PREFIX) -n nginx-gateway | cat $(strip $(MANIFEST_DIR))/namespace.yaml - > $(strip $(MANIFEST_DIR))/nginx-plus-gateway.yaml
-	helm template nginx-gateway $(CHART_DIR) $(HELM_TEMPLATE_COMMON_ARGS) $(HELM_TEMPLATE_EXTRA_ARGS_FOR_ALL_MANIFESTS_FILE) --set nginxGateway.gwAPIExperimentalFeatures.enable=true -n nginx-gateway | cat $(strip $(MANIFEST_DIR))/namespace.yaml - > $(strip $(MANIFEST_DIR))/nginx-gateway-experimental.yaml
-	helm template nginx-gateway $(CHART_DIR) $(HELM_TEMPLATE_COMMON_ARGS) $(HELM_TEMPLATE_EXTRA_ARGS_FOR_ALL_MANIFESTS_FILE) --set nginxGateway.gwAPIExperimentalFeatures.enable=true --set nginx.plus=true --set nginx.image.repository=$(NGINX_PLUS_PREFIX) -n nginx-gateway | cat $(strip $(MANIFEST_DIR))/namespace.yaml - > $(strip $(MANIFEST_DIR))/nginx-plus-gateway-experimental.yaml
-	helm template nginx-gateway $(CHART_DIR) $(HELM_TEMPLATE_COMMON_ARGS) --set metrics.enable=false --set nginxGateway.productTelemetry.enable=false -n nginx-gateway -s templates/deployment.yaml > config/tests/static-deployment.yaml
-	helm template nginx-gateway $(CHART_DIR) $(HELM_TEMPLATE_COMMON_ARGS) -n nginx-gateway -s templates/service.yaml > $(strip $(MANIFEST_DIR))/service/loadbalancer.yaml
-	helm template nginx-gateway $(CHART_DIR) $(HELM_TEMPLATE_COMMON_ARGS) --set service.annotations.'service\.beta\.kubernetes\.io\/aws-load-balancer-type'="nlb" -n nginx-gateway -s templates/service.yaml > $(strip $(MANIFEST_DIR))/service/loadbalancer-aws-nlb.yaml
-	helm template nginx-gateway $(CHART_DIR) $(HELM_TEMPLATE_COMMON_ARGS) --set service.type=NodePort --set service.externalTrafficPolicy="" -n nginx-gateway -s templates/service.yaml > $(strip $(MANIFEST_DIR))/service/nodeport.yaml
-	helm template nginx-gateway $(CHART_DIR) $(HELM_TEMPLATE_COMMON_ARGS) $(HELM_TEMPLATE_EXTRA_ARGS_FOR_ALL_MANIFESTS_FILE) -n nginx-gateway --api-versions security.openshift.io/v1/SecurityContextConstraints -s templates/scc.yaml > $(strip $(MANIFEST_DIR))/scc.yaml
+	./scripts/generate-manifests.sh
 
 generate-api-docs: ## Generate API docs
 	go run github.com/ahmetb/gen-crd-api-reference-docs -config site/config/api/config.json -template-dir site/config/api -out-file site/content/reference/api.md -api-dir "github.com/nginxinc/nginx-gateway-fabric/apis"

charts/nginx-gateway-fabric/templates/_helpers.tpl

@@ -58,14 +58,12 @@ Create chart name and version as used by the chart label.
 Common labels
 */}}
 {{- define "nginx-gateway.labels" -}}
+helm.sh/chart: {{ include "nginx-gateway.chart" . }}
 {{ include "nginx-gateway.selectorLabels" . }}
 {{- if .Chart.AppVersion }}
 app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
 {{- end }}
-{{- if eq (default "helm" .Values.creator) "helm" }}
 app.kubernetes.io/managed-by: {{ .Release.Service }}
-helm.sh/chart: {{ include "nginx-gateway.chart" . }}
-{{- end -}}
 {{- end }}
 
 {{/*

charts/nginx-gateway-fabric/templates/rbac.yaml → charts/nginx-gateway-fabric/templates/clusterrole.yaml

@@ -1,24 +1,3 @@
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: {{ include "nginx-gateway.serviceAccountName" . }}
-  namespace: {{ .Release.Namespace }}
-  labels:
-  {{- include "nginx-gateway.labels" . | nindent 4 }}
-  annotations:
-    {{- toYaml .Values.serviceAccount.annotations | nindent 4 }}
-{{- if or .Values.serviceAccount.imagePullSecret .Values.serviceAccount.imagePullSecrets }}
-imagePullSecrets:
-  {{- if .Values.serviceAccount.imagePullSecret }}
-  - name: {{ .Values.serviceAccount.imagePullSecret }}
-  {{- end }}
-  {{- if .Values.serviceAccount.imagePullSecrets }}
-  {{- range .Values.serviceAccount.imagePullSecrets }}
-  - name: {{ . }}
-  {{- end }}
-  {{- end }}
-{{- end }}
----
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
@@ -161,18 +140,3 @@ rules:
   verbs:
   - use
 {{- end }}
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: {{ include "nginx-gateway.fullname" . }}
-  labels:
-  {{- include "nginx-gateway.labels" . | nindent 4 }}
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: {{ include "nginx-gateway.fullname" . }}
-subjects:
-- kind: ServiceAccount
-  name: {{ include "nginx-gateway.serviceAccountName" . }}
-  namespace: {{ .Release.Namespace }}

charts/nginx-gateway-fabric/templates/clusterrolebinding.yaml

@@ -0,0 +1,14 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ include "nginx-gateway.fullname" . }}
+  labels:
+  {{- include "nginx-gateway.labels" . | nindent 4 }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ include "nginx-gateway.fullname" . }}
+subjects:
+- kind: ServiceAccount
+  name: {{ include "nginx-gateway.serviceAccountName" . }}
+  namespace: {{ .Release.Namespace }}

charts/nginx-gateway-fabric/templates/deployment.yaml

@@ -88,7 +88,7 @@ spec:
           valueFrom:
             fieldRef:
               fieldPath: metadata.name
-        image: {{ .Values.nginxGateway.image.repository }}:{{ .Values.nginxGateway.image.tag | default .Chart.AppVersion }}
+        image: {{ .Values.nginxGateway.image.repository }}:{{ default .Chart.AppVersion .Values.nginxGateway.image.tag }}
         imagePullPolicy: {{ .Values.nginxGateway.image.pullPolicy }}
         name: nginx-gateway
         {{- if .Values.nginxGateway.lifecycle }}

charts/nginx-gateway-fabric/templates/serviceaccount.yaml

@@ -0,0 +1,20 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ include "nginx-gateway.serviceAccountName" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+  {{- include "nginx-gateway.labels" . | nindent 4 }}
+  annotations:
+    {{- toYaml .Values.serviceAccount.annotations | nindent 4 }}
+{{- if or .Values.serviceAccount.imagePullSecret .Values.serviceAccount.imagePullSecrets }}
+imagePullSecrets:
+  {{- if .Values.serviceAccount.imagePullSecret }}
+  - name: {{ .Values.serviceAccount.imagePullSecret }}
+  {{- end }}
+  {{- if .Values.serviceAccount.imagePullSecrets }}
+  {{- range .Values.serviceAccount.imagePullSecrets }}
+  - name: {{ . }}
+  {{- end }}
+  {{- end }}
+{{- end }}

config/base/kustomization.yaml

@@ -0,0 +1,5 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+- deploy.yaml
+- namespace.yaml

deploy/README.md

@@ -0,0 +1,15 @@
+# Deployment manifests
+
+This directory contains the Kubernetes manifests for deploying NGINX Gateway Fabric in a Kubernetes cluster. They are generated from the Helm Chart [examples](../examples/helm/).
+
+They are a single file deployment manifest that can be applied to a Kubernetes cluster using `kubectl apply -f <file>`. You should have the Gateway API CRDs and the NGINX Gateway Fabric CRDs deployed before applying these manifests.
+The NGINX Gateway Fabric CRDs can be found in this directory as a single file deployment manifest [crds.yaml](./crds.yaml).
+
+To deploy the manifests using a different registry or tag, you can modify the `kustomization.yaml` file with the desired values and
+use the following command to apply the manifests:
+
+```shell
+kubectl kustomize | kubectl apply -f -
+```
+
+For more information on how to deploy NGINX Gateway Fabric and the Gateway API CRDs see the [installation guide](https://docs.nginx.com/nginx-gateway-fabric/installation/installing-ngf/manifests/).