Introducing the trustee chart

[beraldoleal]

Adds a Helm chart as an alternative to Kustomize for easier deployment and GitOps integration. The chart can optionally create a TrusteeConfig CR on install for a working deployment out-of-the-box. CRDs and RBAC are auto-generated by make manifests from the same Go code, keeping both installation methods in sync with no duplication.

Also, we would be able to include this chart as a dependency of the CoCo chart.

[beraldoleal]

@lmilleri @bpradipt , this is an attempt to introduce a chart here too, following the same pattern we are doing for the caa.

Please note that values.yaml is still very much a draft and will likely change, if this chart is reasonable for this project.

This PR remains in draft while I run some tests, but I’d appreciate any early feedback on the approach to confirm we’re heading in the right direction.

[lmilleri]

Thank you @beraldoleal, let me put some context first:

• helm chart support in trustee upstream: WIP : Add helm chart deployment trustee#1150
• trustee-operator RFC: [RFC] Helm Chart vs Operator for Trustee Deployment trustee#904 (check my last comment)

If I understand well, there are multiple levels of deployment, one nested on top of the other.

• trustee charts: first level, mainly for developers and testers
• trustee-operator: will evolve to an hybrid helm-based operator? Or OLM v1 is something to consider?
• trustee-operator charts (your PR): for developers and testers/automation etc

Does it make sense?

Why are you adding CRs and RBAC rules to the charts and duplicate the existing ones? Are they needed?

[beraldoleal]

Hi @lmilleri thanks for the context, I missed that discussion. I will look there...

If I understand well, there are multiple levels of deployment, one nested on top of the other.

IIUC, they're not nested levels, but two alternative deployment paths:

1. Direct deployment (no operator):
   - PR #1150: helm install trustee: Trustee services running directly

2. Operator-based deployment:
   - kubectl apply -k config/ (kustomize)
   - OLM/OperatorHub
   - helm install (this PR)

Here, the operator remains go (it is not my intention to make it a helm based), helm is just another installation method for it.

I don't see it (helm) as dev/test specific, this is for teams using Helm-based workflows.

Why are you adding CRs and RBAC rules to the charts and duplicate the existing ones? Are they needed?

They're not manual "duplicates" , they're just packaging... auto-generated for Helm too. The make manifests command generates them from Go code into config/, then copies them to charts/. They should not be edited.