makefile: update deploy/delete to use Helm charts and adjust the readme

src/cloud-api-adaptor/Makefile

@@ -23,6 +23,7 @@ TEST_E2E_TIMEOUT ?= 60m
 RUN_TESTS ?= ''
 
 RESOURCE_CTRL ?= true
+WEBHOOK_ENABLED ?= true
 # BUILTIN_CLOUD_PROVIDERS is used for binary build -- what providers are built in the binaries.
 ifeq ($(RELEASE_BUILD),true)
 	BUILTIN_CLOUD_PROVIDERS ?= alibabacloud aws azure gcp ibmcloud ibmcloud_powervs
@@ -126,39 +127,34 @@ image-with-arch: .git-commit ## Build the per arch image
 ##@ Deployment
 
 .PHONY: deploy
-deploy: ## Deploy cloud-api-adaptor using the operator, according to install/overlays/$(CLOUD_PROVIDER)/kustomization.yaml file.
+deploy: ## Deploy cloud-api-adaptor using Helm charts. Assumes provider secrets file exists at install/charts/peerpods/providers/$(CLOUD_PROVIDER)-secrets.yaml
 ifneq ($(CLOUD_PROVIDER),)
-	kubectl apply -k "$(COCO_OPERATOR_REPO)/config/$(COCO_OPERATOR_CONFIG)?ref=$(COCO_OPERATOR_REF)"
-	kubectl apply -k "$(COCO_OPERATOR_REPO)/config/samples/ccruntime/peer-pods?ref=$(COCO_OPERATOR_REF)"
-	kubectl apply -k install/overlays/$(CLOUD_PROVIDER)
-else
-	$(error CLOUD_PROVIDER is not set)
+	$(eval HELM_VALUES_FILES := install/charts/peerpods/providers/$(CLOUD_PROVIDER).yaml)
+ifeq ($(filter $(CLOUD_PROVIDER),docker libvirt),)
+	$(eval HELM_VALUES_FILES := $(HELM_VALUES_FILES) install/charts/peerpods/providers/$(CLOUD_PROVIDER)-secrets.yaml)
 endif
-ifeq ($(RESOURCE_CTRL),true)
-	$(MAKE) -C ../peerpod-ctrl deploy
-	@if kubectl get svc -n cert-manager cert-manager-webhook > /dev/null 2>&1; then \
-		echo "Installing webhook" ;\
-		$(MAKE) -C ../webhook deploy ;\
-	else \
+
+ifeq ($(WEBHOOK_ENABLED),true)
+	@if ! kubectl get svc -n cert-manager cert-manager-webhook > /dev/null 2>&1; then \
 		echo "Installing cert-manager" ;\
 		$(MAKE) -C ../webhook deploy-cert-manager ;\
-		echo "Installing webhook" ;\
-		$(MAKE) -C ../webhook deploy ;\
 	fi
 endif
-
-.PHONY: delete
-delete: ## Delete cloud-api-adaptor using the operator, according to install/overlays/$(CLOUD_PROVIDER)/kustomization.yaml file.
-ifeq ($(RESOURCE_CTRL),true)
-	$(MAKE) -C ../peerpod-ctrl undeploy
-	$(MAKE) -C ../webhook undeploy
-endif
-ifneq ($(CLOUD_PROVIDER),)
-	kubectl delete -k install/overlays/$(CLOUD_PROVIDER)
+	helm install peerpods install/charts/peerpods \
+		$(foreach file,$(HELM_VALUES_FILES),-f $(file)) \
+		--set webhook.enabled=$(WEBHOOK_ENABLED) \
+		--set resourceCtrl.enabled=$(RESOURCE_CTRL) \
+		--dependency-update \
+		-n confidential-containers-system \
+		--create-namespace
 else
 	$(error CLOUD_PROVIDER is not set)
 endif
 
+.PHONY: delete
+delete: ## Delete cloud-api-adaptor using Helm charts.
+	helm uninstall peerpods -n confidential-containers-system
+
 ### PODVM IMAGE BUILDING ###
 
 REGISTRY ?= quay.io/confidential-containers

src/cloud-api-adaptor/install/README.md

@@ -26,59 +26,38 @@
   kubectl label node $NODENAME node.kubernetes.io/worker=
   ```
 
-## Deploy CoCo operator and cloud-api-adaptor daemonset
+## Deploy cloud-api-adaptor using Helm charts
 
-- Update the `kustomization.yaml` file in `install/overlays/$(CLOUD_PROVIDER)/kustomization.yaml` with your own settings
-- Optionally [set up authenticated registry support](../docs/registries-authentication.md)
-- Install
+This project currently uses Helm charts to deploy the kata-deploy chart (replacing
+the [CoCo operator](https://github.com/confidential-containers/operator)) and
+the cloud-api-adaptor components.
 
-  ```sh
-  export CLOUD_PROVIDER=<aws|azure|gcp|docker|ibmcloud|ibmcloud-powervs|libvirt>
-  make deploy
-  ```
-
-  This will deploy the latest code from main.
-
-  > **Note:** `make delete` deletes the `cloud-api-adaptor` daemonset and all related pods.
-
-### Installing a specific release version
-
-Take a look at the [tags](https://github.com/confidential-containers/operator/tags) for available releases
-and use the specific tag for deployment.
-
-For example if you want to install `v0.11.0` then run the following commands:
-
-  ```sh
-  export RELEASE_VERSION=v0.11.0
-  kubectl apply -k github.com/confidential-containers/operator/config/default?ref=${RELEASE_VERSION}
-  kubectl apply -k github.com/confidential-containers/operator/config/samples/ccruntime/peer-pods?ref=${RELEASE_VERSION}
-  ```
-
-> **Note:** the release version needs to be `v0.9.0` or later for the above approach to work.
+This section provides just a quick-start for developers. For detailed installation
+instructions, prerequisites, and configuration options, please refer to
+the [PeerPods Helm Chart README](./charts/peerpods/README.md).
 
-- Wait until all the pods are running with:
+> [!NOTE]
+> The kustomize-based installation method is deprecated and will be removed in a future release.
 
-  ```sh
-  kubectl get pods -n confidential-containers-system --watch
-  ```
+For development, the easiest way to install it to a given `PROVIDER` is:
 
-- Wait until the `kata-remote` runtime class has been created by running:
+- Copy `charts/peerpods/providers/PROVIDER-secrets.yaml.template` to
+  `charts/peerpods/providers/PROVIDER-secrets.yaml` and edit the secrets
+  properly, unless you are installing for docker or libvirt
 
-  ```sh
-  kubectl get runtimeclass --watch
-  ```
-
-- Apply the kustomize.yaml configuration that you modified earlier with:
+- Fill `charts/peerpods/providers/PROVIDER.yaml` with required values and any customizations
 
+- Then run the `make deploy` command:
   ```sh
-  kubectl apply -k install/overlays/ibmcloud
+  export CLOUD_PROVIDER=<aws|azure|gcp|docker|ibmcloud|ibmcloud-powervs|libvirt>
+  make deploy
   ```
 
-- Wait until all the pods are running with:
+This will deploy the latest code from main. Otherwise if you are in a release tag
+then it will deploy the released version, because the containers images will be
+pinned to the release version.
 
-  ```sh
-  kubectl get pods -n confidential-containers-system --watch
-  ```
+> **Note:** `make delete` deletes the `cloud-api-adaptor` daemonset and all related pods.
 
 ### Verify
 
@@ -92,17 +71,24 @@ For example if you want to install `v0.11.0` then run the following commands:
   namespace.
 
   ```sh
-  NAME                                              READY   STATUS    RESTARTS   AGE
-  cc-operator-controller-manager-546574cf87-phbdv   2/2     Running   0          43m
-  cc-operator-daemon-install-pzc4b                  1/1     Running   0          42m
-  cc-operator-pre-install-daemon-sgld6              1/1     Running   0          42m
-  cloud-api-adaptor-daemonset-mk8ln                 1/1     Running   0          37s
+  NAME                                              READY   STATUS     RESTARTS    AGE
+  cloud-api-adaptor-daemonset-wklbv                 1/1     Running    0           15m
+  kata-deploy-b5pz2                                 1/1     Running    0           15m
+  peerpodctrl-controller-manager-74b5bb8c8b-f2zmm   2/2     Running    0           15m
+  ```
+
+  Also the webhook controllers PODs are all "Runnning" under the `peer-pods-webhook-system` namespace.
+
+  ```sh
+  NAME                                                    READY   STATUS    RESTARTS   AGE
+  peer-pods-webhook-controller-manager-565b98769c-sm78h   2/2     Running   0          18m
+  peer-pods-webhook-controller-manager-565b98769c-vrv52   2/2     Running   0          18m
   ```
 
 - View cloud-api-adaptor logs
 
   ```sh
-  kubectl logs pod/cloud-api-adaptor-daemonset-mk8ln -n confidential-containers-system
+  kubectl logs -l app=cloud-api-adaptor -n confidential-containers-system
   ```
 
 ## Building custom cloud-api-adaptor image