feat: update redis-operator cert manager configuration. (#1220)

* fix: update redis-operator chart configuration and documentation.

- Removed Chart.lock file for cert-manager dependency
- Updated Chart.yaml to remove explicit cert-manager dependency
- Bumped chart version to 0.19.2
- Updated README.md to clarify cert-manager installation instructions
- Modified values.yaml to improve cert-manager and webhook configuration documentation
- Added configuration validation helper in _helpers.tpl
- Introduced NOTES.txt template for helm chart installation guidance

Signed-off-by: drivebyer <wuyangmuc@gmail.com>

* docs

Signed-off-by: drivebyer <wuyangmuc@gmail.com>

---------

Signed-off-by: drivebyer <wuyangmuc@gmail.com>

charts/redis-operator/Chart.yaml

@@ -1,6 +1,6 @@
 ---
 apiVersion: v2
-version: 0.19.1
+version: 0.19.2
 appVersion: "0.19.0"
 description: Provides easy redis setup definitions for Kubernetes services, and deployment.
 engine: gotpl
@@ -19,10 +19,3 @@ keywords:
 - opstree
 - kubernetes
 - openshift
-
-dependencies:
-  - name: cert-manager
-    version: v1.12.4
-    repository: https://charts.jetstack.io
-    alias: certmanager
-    condition: certmanager.enabled

charts/redis-operator/README.md

@@ -16,7 +16,7 @@ This Helm chart deploys the redis-operator into your Kubernetes cluster. The ope
 
 - Helm v3+
 - Kubernetes v1.16+
-- If you intend to use the cert-manager, ensure that the cert-manager CRDs are installed before deploying the redis-operator.
+- If you plan to use cert-manager integration (certmanager.enabled=true), cert-manager must be pre-installed in your cluster
 
 ## Source Code
 
@@ -30,13 +30,10 @@ This Helm chart deploys the redis-operator into your Kubernetes cluster. The ope
 helm repo add ot-helm https://ot-container-kit.github.io/helm-charts
 ```
 
-### 2. Install Cert-Manager CRDs (if using cert-manager)
+### 2. Install Cert-Manager (Optional)
 
-If you plan to use cert-manager with the redis-operator, you need to install the cert-manager CRDs before deploying the operator.
-
-```bash
-kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.12.4/cert-manager.crds.yaml
-```
+If you plan to use cert-manager with the redis-operator, you need to install cert-manager before deploying the operator.
+You can follow the [official cert-manager installation guide](https://cert-manager.io/docs/installation/).
 
 ### 3. Install Redis Operator
 
@@ -91,6 +88,7 @@ kubectl create secret tls <webhook-server-cert> --key tls.key --cert tls.crt -n
 | affinity | object | `{}` |  |
 | certificate.name | string | `"serving-cert"` |  |
 | certificate.secretName | string | `"webhook-server-cert"` |  |
+| certmanager.apiVersion | string | `"cert-manager.io/v1"` |  |
 | certmanager.enabled | bool | `false` |  |
 | issuer.email | string | `"shubham.gupta@opstree.com"` |  |
 | issuer.name | string | `"redis-operator-issuer"` |  |

charts/redis-operator/README.md.gotmpl

@@ -16,7 +16,7 @@ This Helm chart deploys the redis-operator into your Kubernetes cluster. The ope
 
 - Helm v3+
 - Kubernetes v1.16+
-- If you intend to use the cert-manager, ensure that the cert-manager CRDs are installed before deploying the redis-operator.
+- If you plan to use cert-manager integration (certmanager.enabled=true), cert-manager must be pre-installed in your cluster
 
 ## Source Code
 
@@ -30,13 +30,10 @@ This Helm chart deploys the redis-operator into your Kubernetes cluster. The ope
 helm repo add ot-helm https://ot-container-kit.github.io/helm-charts
 ```
 
-### 2. Install Cert-Manager CRDs (if using cert-manager)
+### 2. Install Cert-Manager (Optional)
 
-If you plan to use cert-manager with the redis-operator, you need to install the cert-manager CRDs before deploying the operator.
-
-```bash
-kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.12.4/cert-manager.crds.yaml
-```
+If you plan to use cert-manager with the redis-operator, you need to install cert-manager before deploying the operator.
+You can follow the [official cert-manager installation guide](https://cert-manager.io/docs/installation/).
 
 ### 3. Install Redis Operator
 

charts/redis-operator/templates/NOTES.txt

@@ -0,0 +1,10 @@
+{{- template "redis-operator.validateConfig" . -}}
+
+Thank you for installing {{ .Chart.Name }}.
+
+Your release is named {{ .Release.Name }}.
+
+To learn more about the release, try:
+
+  $ helm status {{ .Release.Name }}
+  $ helm get all {{ .Release.Name }} 

charts/redis-operator/templates/_helpers.tpl

@@ -31,4 +31,13 @@ app.kubernetes.io/part-of: {{ .Release.Name }}
 {{/* Selector labels */}}
 {{- define "redisOperator.selectorLabels" -}}
 name: {{ .Values.redisOperator.name }}
-{{- end }}
+{{- end }}
+
+{{/*
+Validate webhook and cert-manager configuration
+*/}}
+{{- define "redis-operator.validateConfig" -}}
+{{- if and (not .Values.redisOperator.webhook) .Values.certmanager.enabled -}}
+{{- fail "certmanager.enabled should not be true when webhook is disabled" -}}
+{{- end -}}
+{{- end -}}

charts/redis-operator/values.yaml

@@ -17,7 +17,10 @@ redisOperator:
   # When not specified, the operator will watch all namespaces. It can be set to a specific namespace or multiple namespaces separated by commas.
   watchNamespace: ""
   env: []
-  # If you want to enable masterSlaveAntiAffinity, you need to set webhook to true.
+  # If set to true, webhook server will be enabled for masterSlaveAntiAffinity feature
+  # When enabled, you need to either:
+  # 1. Enable cert-manager (certmanager.enabled=true) for automatic certificate management, or
+  # 2. Manually create a certificate secret (see "How to generate private key" section in README)
   webhook: false
   automountServiceAccountToken: true
 
@@ -58,7 +61,12 @@ issuer:
     ingressClass: nginx
 
 certmanager:
+  # Whether to use cert-manager for certificate management
+  # Only effective when webhook=true
+  # If webhook=true and certmanager.enabled=false, you need to manually create certificate secret
   enabled: false
+  # API version of the cert-manager CRDs
+  apiVersion: "cert-manager.io/v1"
 
 priorityClassName: ""
 nodeSelector: {}