Update Helm chart to latest released operator version (#1332)

* Update Helm chart - Use more best practices for Helm charts as defined here: https://helm.sh/docs/chart_best_practices/conventions/ - Update chart to contain recently added resources. - Update chart version to 1.0.0, so that we can begin following semver more closely. * Regenerated helm chart with controller-tools 0.2.5 Co-authored-by: Matthew Christopher <matthchr@users.noreply.github.com>
2020-12-10 15:59:44 +13:00 · 2020-12-10 15:59:44 +13:00 · 9c78bc7673
--- a/azure-pipelines.yml
+++ b/azure-pipelines.yml
@ -19,8 +19,8 @@ pool:

 variables:
  tag: '$(Build.BuildId)'
-  MAJOR_VERSION: 0
-  MINOR_VERSION: 1
+  MAJOR_VERSION: 1
+  MINOR_VERSION: 0
  PATCH_VERSION: $(Build.BuildId)
  IMAGE_NAME: 'candidate/k8s/azureserviceoperator'
  ASO_HELM_CHART_NAME: 'candidate/k8s/asohelmchart'
@ -247,7 +247,7 @@ steps:
        # Apply CRDs as Helm 3 does not install CRDs for Helm upgrade
        kubectl apply -f ./charts/azure-service-operator/crds/
        # Deploy using Helm
-        helm upgrade --install aso charts/azure-service-operator-0.1.0.tgz -n $(OPERATOR_NAMESPACE) --create-namespace \
+        helm upgrade --install aso charts/azure-service-operator-$(MAJOR_VERSION).$(MINOR_VERSION).0.tgz -n $(OPERATOR_NAMESPACE) --create-namespace \
            --set azureSubscriptionID=$(AZURE_SUBSCRIPTION_ID) \
            --set azureTenantID=$(AZURE_TENANT_ID) \
            --set azureClientID=$(AZURE_CLIENT_ID) \
--- a/charts/azure-service-operator-1.0.0.tgz
+++ b/charts/azure-service-operator-1.0.0.tgz
--- a/charts/azure-service-operator/requirements.lock
+++ b/charts/azure-service-operator/requirements.lock
@ -2,5 +2,5 @@ dependencies:
 - name: aad-pod-identity
  repository: https://raw.githubusercontent.com/Azure/aad-pod-identity/master/charts
  version: 1.5.5
-digest: sha256:db38bea05230aea212e9ab0f056a1defa73d540bbff2962e807b2fd860dddf3d
-generated: "2020-04-22T10:23:15.164357-07:00"
+digest: sha256:d6d81a679760605459264d81af340265c888423cc9ecb7e6eac733a1a2eecb4d
+generated: "2020-11-30T16:23:49.01070066-08:00"
--- a/charts/azure-service-operator/Chart.yaml
+++ b/charts/azure-service-operator/Chart.yaml
@ -1,6 +1,6 @@
 apiVersion: v2
 name: azure-service-operator
-version: 0.1.0
+version: 1.0.0
 appVersion: 0.1.0
 description: Deploy components and dependencies of azure-service-operator
 home: https://github.com/Azure/azure-service-operator
--- a/charts/azure-service-operator/crds/apiextensions.k8s.io_v1beta1_customresourcedefinition_mysqlaadusers.azure.microsoft.com.yaml
+++ b/charts/azure-service-operator/crds/apiextensions.k8s.io_v1beta1_customresourcedefinition_mysqlaadusers.azure.microsoft.com.yaml
@ -0,0 +1,107 @@
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.2.5
+  creationTimestamp: null
+  name: mysqlaadusers.azure.microsoft.com
+spec:
+  additionalPrinterColumns:
+  - JSONPath: .status.provisioned
+    name: Provisioned
+    type: string
+  - JSONPath: .status.message
+    name: Message
+    type: string
+  group: azure.microsoft.com
+  names:
+    kind: MySQLAADUser
+    listKind: MySQLAADUserList
+    plural: mysqlaadusers
+    singular: mysqlaaduser
+  scope: Namespaced
+  subresources:
+    status: {}
+  validation:
+    openAPIV3Schema:
+      description: MySQLAADUser is the Schema for an AAD user for MySQL
+      properties:
+        apiVersion:
+          description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+          type: string
+        kind:
+          description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+          type: string
+        metadata:
+          type: object
+        spec:
+          description: MySQLAADUserSpec defines the desired state of MySQLAADUser
+          properties:
+            aadId:
+              description: AAD ID is the ID of the user in Azure Active Directory. When creating a user for a managed identity this must be the client id (sometimes called app id) of the managed identity. When creating a user for a "normal" (non-managed identity) user or group, this is the OID of the user or group.
+              type: string
+            dbName:
+              type: string
+            resourceGroup:
+              pattern: ^[-\w\._\(\)]+$
+              type: string
+            roles:
+              description: The roles assigned to the user. A user must have at least one role.
+              items:
+                type: string
+              type: array
+            server:
+              type: string
+            username:
+              description: optional
+              type: string
+          required:
+          - dbName
+          - resourceGroup
+          - roles
+          - server
+          type: object
+        status:
+          description: ASOStatus (AzureServiceOperatorsStatus) defines the observed state of resource actions
+          properties:
+            completed:
+              format: date-time
+              type: string
+            containsUpdate:
+              type: boolean
+            failedProvisioning:
+              type: boolean
+            flattenedSecrets:
+              type: boolean
+            message:
+              type: string
+            output:
+              type: string
+            pollingUrl:
+              type: string
+            provisioned:
+              type: boolean
+            provisioning:
+              type: boolean
+            requested:
+              format: date-time
+              type: string
+            resourceId:
+              type: string
+            specHash:
+              type: string
+            state:
+              type: string
+          type: object
+      type: object
+  version: v1alpha1
+  versions:
+  - name: v1alpha1
+    served: true
+    storage: true
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []
--- a/charts/azure-service-operator/crds/apiextensions.k8s.io_v1beta1_customresourcedefinition_mysqlserveradministrators.azure.microsoft.com.yaml
+++ b/charts/azure-service-operator/crds/apiextensions.k8s.io_v1beta1_customresourcedefinition_mysqlserveradministrators.azure.microsoft.com.yaml
@ -0,0 +1,111 @@
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.2.5
+  creationTimestamp: null
+  name: mysqlserveradministrators.azure.microsoft.com
+spec:
+  additionalPrinterColumns:
+  - JSONPath: .status.provisioned
+    name: Provisioned
+    type: string
+  - JSONPath: .status.message
+    name: Message
+    type: string
+  group: azure.microsoft.com
+  names:
+    kind: MySQLServerAdministrator
+    listKind: MySQLServerAdministratorList
+    plural: mysqlserveradministrators
+    shortNames:
+    - mysqladmin
+    singular: mysqlserveradministrator
+  scope: Namespaced
+  subresources:
+    status: {}
+  validation:
+    openAPIV3Schema:
+      description: MySQLServerAdministrator is the Schema for the mysqlserveradministrator API
+      properties:
+        apiVersion:
+          description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+          type: string
+        kind:
+          description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+          type: string
+        metadata:
+          type: object
+        spec:
+          properties:
+            administratorType:
+              description: 'AdministratorType: The type of administrator.'
+              enum:
+              - ActiveDirectory
+              type: string
+            login:
+              description: 'Login: The server administrator login account name. For example: "myuser@microsoft.com" might be the login if specifying an AAD user. "my-mi" might be the name of a managed identity'
+              type: string
+            resourceGroup:
+              pattern: ^[-\w\._\(\)]+$
+              type: string
+            server:
+              type: string
+            sid:
+              description: 'Sid: The server administrator Sid (Secure ID). If creating an AAD user, this is the OID of the entity in AAD.'
+              type: string
+            tenantId:
+              description: 'TenantId: The server Active Directory Administrator tenant id.'
+              type: string
+          required:
+          - administratorType
+          - login
+          - resourceGroup
+          - server
+          - sid
+          - tenantId
+          type: object
+        status:
+          description: ASOStatus (AzureServiceOperatorsStatus) defines the observed state of resource actions
+          properties:
+            completed:
+              format: date-time
+              type: string
+            containsUpdate:
+              type: boolean
+            failedProvisioning:
+              type: boolean
+            flattenedSecrets:
+              type: boolean
+            message:
+              type: string
+            output:
+              type: string
+            pollingUrl:
+              type: string
+            provisioned:
+              type: boolean
+            provisioning:
+              type: boolean
+            requested:
+              format: date-time
+              type: string
+            resourceId:
+              type: string
+            specHash:
+              type: string
+            state:
+              type: string
+          type: object
+      type: object
+  version: v1alpha1
+  versions:
+  - name: v1alpha1
+    served: true
+    storage: true
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []
--- a/charts/azure-service-operator/templates/generated/apps_v1_deployment_azureoperator-controller-manager.yaml
+++ b/charts/azure-service-operator/templates/generated/apps_v1_deployment_azureoperator-controller-manager.yaml
@ -18,6 +18,16 @@ spec:
        control-plane: controller-manager
    spec:
      containers:
+      - args:
+        - --secure-listen-address=0.0.0.0:8443
+        - --upstream=http://127.0.0.1:8080/
+        - --logtostderr=true
+        - --v=10
+        image: gcr.io/kubebuilder/kube-rbac-proxy:v0.5.0
+        name: kube-rbac-proxy
+        ports:
+        - containerPort: 8443
+          name: https
      - args:
        - --metrics-addr=127.0.0.1:8080
        command:
@ -63,6 +73,10 @@ spec:
              key: AZURE_CLOUD_ENV
              name: azureoperatorsettings
              optional: true
+        - name: POD_NAMESPACE
+          valueFrom:
+            fieldRef:
+              fieldPath: metadata.namespace
        - name: REQUEUE_AFTER
          value: "30"
        image: {{ .Values.image.repository }}
@ -85,16 +99,6 @@ spec:
        - mountPath: /tmp/k8s-webhook-server/serving-certs
          name: cert
          readOnly: true
-      - args:
-        - --secure-listen-address=0.0.0.0:8443
-        - --upstream=http://127.0.0.1:8080/
-        - --logtostderr=true
-        - --v=10
-        image: gcr.io/kubebuilder/kube-rbac-proxy:v0.5.0
-        name: kube-rbac-proxy
-        ports:
-        - containerPort: 8443
-          name: https
      terminationGracePeriodSeconds: 10
      volumes:
      - name: cert
--- a/charts/azure-service-operator/templates/generated/rbac.authorization.k8s.io_v1_clusterrole_azureoperator-manager-role.yaml
+++ b/charts/azure-service-operator/templates/generated/rbac.authorization.k8s.io_v1_clusterrole_azureoperator-manager-role.yaml
@ -4,6 +4,40 @@ metadata:
  creationTimestamp: null
  name: azureoperator-manager-role-{{ .Release.Namespace }}
 rules:
+- apiGroups:
+  - aadpodidentity.k8s.io
+  resources:
+  - azureassignedidentities
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - aadpodidentity.k8s.io
+  resources:
+  - azureassignedidentities/status
+  verbs:
+  - get
+  - patch
+  - update
+- apiGroups:
+  - aadpodidentity.k8s.io
+  resources:
+  - azureidentities
+  - azureidentities/status
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - aadpodidentity.k8s.io
+  resources:
+  - azureidentitybindings
+  - azureidentitybindings/status
+  verbs:
+  - get
+  - list
+  - watch
 - apiGroups:
  - apps
  resources:
@ -24,27 +58,6 @@ rules:
  - get
  - patch
  - update
- apiGroups:
-  - azure.microsoft.com
-  resources:
-  - AzureSQLUsers
-  verbs:
-  - create
-  - delete
-  - get
-  - list
-  - patch
-  - update
-  - watch
- apiGroups:
-  - azure.microsoft.com
-  resources:
-  - AzureSQLUsers/finalizers
-  - AzureSQLUsers/status
-  verbs:
-  - get
-  - patch
-  - update
 - apiGroups:
  - azure.microsoft.com
  resources:
@ -333,6 +346,7 @@ rules:
 - apiGroups:
  - azure.microsoft.com
  resources:
+  - azuresqlusers/finalizers
  - azuresqlusers/status
  verbs:
  - get
@ -581,6 +595,27 @@ rules:
  - get
  - patch
  - update
+- apiGroups:
+  - azure.microsoft.com
+  resources:
+  - mysqlaadusers
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - azure.microsoft.com
+  resources:
+  - mysqlaadusers/finalizers
+  - mysqlaadusers/status
+  verbs:
+  - get
+  - patch
+  - update
 - apiGroups:
  - azure.microsoft.com
  resources:
@ -623,6 +658,27 @@ rules:
  - get
  - patch
  - update
+- apiGroups:
+  - azure.microsoft.com
+  resources:
+  - mysqlserveradministrators
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - azure.microsoft.com
+  resources:
+  - mysqlserveradministrators/finalizers
+  - mysqlserveradministrators/status
+  verbs:
+  - get
+  - patch
+  - update
 - apiGroups:
  - azure.microsoft.com
  resources:
@ -659,6 +715,7 @@ rules:
 - apiGroups:
  - azure.microsoft.com
  resources:
+  - mysqlusers/finalizers
  - mysqlusers/status
  verbs:
  - get
@ -763,6 +820,7 @@ rules:
 - apiGroups:
  - azure.microsoft.com
  resources:
+  - postgresqlusers/finalizers
  - postgresqlusers/status
  verbs:
  - get
--- a/charts/azure-service-operator/templates/generated/~g_v1_service_azureoperator-controller-manager-metrics-service.yaml
+++ b/charts/azure-service-operator/templates/generated/~g_v1_service_azureoperator-controller-manager-metrics-service.yaml
--- a/charts/azure-service-operator/templates/generated/~g_v1_service_azureoperator-webhook-service.yaml
+++ b/charts/azure-service-operator/templates/generated/~g_v1_service_azureoperator-webhook-service.yaml
--- a/charts/azure-service-operator/values.yaml
+++ b/charts/azure-service-operator/values.yaml
@ -1,22 +1,29 @@
+# azureTenantID is the AAD tenant that the subscription is in
 azureTenantID: ""
+# azureSubscriptionID is the Azure Subscription the operator will act against.
 azureSubscriptionID: ""

-# Optional, if using KeyVault to store secrets
+# azureOperatorKeyvault is the Azure Key Vault to store secrets in. This field is optional.
 azureOperatorKeyvault: ""

-# Set the cloud environment, possible values include: AzurePublicCloud, AzureUSGovernmentCloud, AzureChinaCloud, AzureGermanCloud
+# cloudEnvironment is the cloud environment. Possible values include: AzurePublicCloud, AzureUSGovernmentCloud, AzureChinaCloud, AzureGermanCloud
 cloudEnvironment: AzurePublicCloud

-# Authentication - Service Principal
+# azureClientID is the client ID of the Azure Service Principal or Managed Identity to use to authenticate with Azure.
 azureClientID: ""
+
+# azureClientSecret is the client secret of the Azure Service Principal used to authenticate with Azure.
+# This is required when using Service Principal authentication.
 azureClientSecret: ""

-# Authentication - Managed Identity
+# azureUseMI determines if ASO will use a Managed Identity to authenticate.
 azureUseMI: False

+# image defines the container image the ASO pod should run
 image:
  repository: mcr.microsoft.com/k8s/azureserviceoperator:latest

+# installAadPodIdentity determines if the aad-pod-identity subchart should be installed.
 installAadPodIdentity: False

 aad-pod-identity:
@ -27,7 +34,6 @@ aad-pod-identity:
    enabled: True
    name: aso-identity
    type: 0
-
-    # Update values for Managed Identity 
+    # Update values for Managed Identity
    resourceID: ""
    clientID: ""
--- a/charts/index.yaml
+++ b/charts/index.yaml
@ -3,7 +3,24 @@ entries:
  azure-service-operator:
  - apiVersion: v2
    appVersion: 0.1.0
-    created: "2020-09-28T11:55:34.640260247+13:00"
+    created: "2020-12-10T13:33:07.2386549+13:00"
+    dependencies:
+    - condition: installAadPodIdentity
+      name: aad-pod-identity
+      repository: https://raw.githubusercontent.com/Azure/aad-pod-identity/master/charts
+      version: 1.5.5
+    description: Deploy components and dependencies of azure-service-operator
+    digest: 34363b268ee3f9503595070748fbb4c5fd4d2b9d0c4317e4e7598260b100439d
+    home: https://github.com/Azure/azure-service-operator
+    name: azure-service-operator
+    sources:
+    - https://github.com/Azure/azure-service-operator
+    urls:
+    - azure-service-operator-1.0.0.tgz
+    version: 1.0.0
+  - apiVersion: v2
+    appVersion: 0.1.0
+    created: "2020-12-10T13:33:07.2371841+13:00"
    dependencies:
    - condition: installAadPodIdentity
      name: aad-pod-identity
@ -18,4 +35,4 @@ entries:
    urls:
    - azure-service-operator-0.1.0.tgz
    version: 0.1.0
-generated: "2020-09-28T11:55:34.63248181+13:00"
+generated: "2020-12-10T13:33:07.2239343+13:00"