Add an Helm chart for Antrea

[antoninbas]

And use the Helm templates (instead of Kustomize) to generate the
standard Antrea YAML manifests (which are checked-in and uploaded as
release assets).

Standard manifests are generated based on Helm values files located
under build/yamls/chart-values/, using a new script
(./hack/generate-standard-manifests.sh). It is much faster than the old
version.

While I believe that using Helm directly and specifying YAML values
whenever a new manifest needs to be generated would be better, the
./hack/generate-manifest.sh script is kept as-is, but it now uses Helm
instead of Kustomize.

Documentation for the Helm chart is autogenerated using helm-docs. In a
future PR, we will look into the release process for the Helm
chart. After that, Helm charts could be added for Antrea components
(Flow Aggregator, Flow visibility).

For #2641

Signed-off-by: Antonin Bas abas@vmware.com

[antoninbas]

All the actual changes are in the first commit. The second commit (big diff) is for auto-generated YAML changes.

[antoninbas]

I used dyff between to compare generated manifests and ensure that there were no unintended changes. It is even K8s aware and is pretty good to compare actual K8s manifest differences. It doesn't work well for the Antrea config though, since it is embedded YAML (ConfigMap data).

[codecov-commenter]

Codecov Report

Merging #3578 (ba53a18) into main (2ab80d0) will increase coverage by 1.19%.
The diff coverage is n/a.

@@            Coverage Diff             @@
##             main    #3578      +/-   ##
==========================================
+ Coverage   63.62%   64.81%   +1.19%     
==========================================
  Files         278      278              
  Lines       39360    39360              
==========================================
+ Hits        25041    25510     +469     
+ Misses      12381    11879     -502     
- Partials     1938     1971      +33     

Flag	Coverage Δ
e2e-tests	49.91% <ø> (?)
kind-e2e-tests	52.23% <ø> (+1.48%)	⬆️
unit-tests	43.79% <ø> (-0.06%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files	Coverage Δ
pkg/apiserver/handlers/endpoint/handler.go	56.52% <0.00%> (-13.05%)	⬇️
pkg/apiserver/certificate/certificate.go	70.37% <0.00%> (-6.49%)	⬇️
pkg/controller/networkpolicy/status_controller.go	68.54% <0.00%> (-3.23%)	⬇️
...g/controller/networkpolicy/store/appliedtogroup.go	87.61% <0.00%> (-2.86%)	⬇️
pkg/controller/ipam/antrea_ipam_controller.go	77.55% <0.00%> (-1.54%)	⬇️
pkg/controller/externalippool/controller.go	84.82% <0.00%> (-1.34%)	⬇️
pkg/agent/controller/networkpolicy/reject.go	85.88% <0.00%> (-1.18%)	⬇️
pkg/ipam/poolallocator/allocator.go	54.45% <0.00%> (-0.97%)	⬇️
pkg/agent/cniserver/pod_configuration.go	53.75% <0.00%> (-0.29%)	⬇️
pkg/agent/memberlist/cluster.go	74.44% <0.00%> (+0.31%)	⬆️
... and 19 more

[tnqn]

LGTM overall

[tnqn]

could this be a step in the existing "Verify docs and spelling" job? I found there may be a long queue waiting for runners when debugging, do you know runner will be allocated per workflow or job?

[antoninbas]

there is one runner per job, I made the change you suggested

[tnqn]

is it intended to remove "Cert"?

[antoninbas]

no not intended, not sure why I removed it in the first place

[tnqn]

Does start_ovs support "--v"? this may lead to failure once set?

[antoninbas]

good catch

[luolanzone]

LGTM overall, just two nits.

[luolanzone]

not release with this PR change, but I saw there are a few other .gitignore files have the same #placeholder, do we need them? eg: build/yamls/flow-visibility/patches/release/.gitignore.

[luolanzone]

Could you add a comment in file build/yamls/chart-values/antrea.yml, it leads a little confusion when I see it's empty. I am unable to leave a comment to an empty file, so leave it here.

[luolanzone]

btw, the step Checking whether autogenerated Helm chart documentation is up-to-date in go.yml didn't run because of doc verify failure, looks like you need to rerun make helm-docs to regenerate README.md, there is a variable change from controller.selfSigned to controller.selfSignedCert

[jianjuns]

Should we add "OVS"?

[antoninbas]

I'll look into adding keywords in a follow-up PR. I still have to figure versioning & release upload for the Helm chart.

[tnqn]

LGTM

[antoninbas]

/test-all
/test-ipv6-all

[antoninbas]

/test-e2e
/test-ipv6-conformance
/test-ipv6-e2e
/test-ipv6-only-all

[antoninbas]

/test-all
/test-ipv6-all
/test-ipv6-only-all

[antoninbas]

/test-ipv6-e2e
/test-ipv6-only-e2e
/test-ipv6-conformance

[antoninbas]

/test-integration
/test-ipv6-e2e

[antoninbas]

/test-ipv6-e2e

[antoninbas]

Merging this now as the jenkins-ipv6-ds-e2e job is broken

[hangyan]

Sorry i didn't notice this PR before. Thanks. A few comments:

1. In helm3, a new crds dir is introduced to make sure crds are always installed first. it should be the same level of directory as templates
2. we can also add the LICENSE file to the charts
3. Maybe we can add some links to our docs in the NOTES.txt ? or following actions, like list antrea pods command?
4. I think github have native support for hosts a charts repo ( for publishing antrea chart), maybe there is a github action for that too. Are we planning to support this?
   @antoninbas

[hangyan]

https://github.com/helm/chart-releaser-action

[antoninbas]

@hangyan thanks for the comments, this is the first PR to add Helm support, and I haven't looked at the release publishing process yet.

Your first point about CRDs is interesting. I have intentionally not placed CRDs in the crds directory for now, as it comes with some limitations (no automatic upgrade). I have been unsure about the correct course of action, and I'll open an issue to discuss this.

[hangyan]

@antoninbas That make sense, i also have some doubts about this choice, just rise it up to confirm that we have considered all the limitations of different approaches..