Refactor uninstallation process

Author: mohamed-essam

.github/workflows/helm.yml

@@ -5,6 +5,7 @@ on:
     paths:
       # update this file to trigger helm chart release
       - 'helm/kubernetes-operator/Chart.yaml'
+      - 'helm/netbird-operator-config/Chart.yaml'
     branches:
       - main
 

.github/workflows/kubectl-docker.yml

@@ -0,0 +1,63 @@
+name: Docker
+
+on:
+  push:
+    paths:
+      - 'Dockerfile.kubectl'
+    tags:
+      - "v*"
+    branches:
+      - main
+  pull_request:
+
+jobs:
+  kubectl-docker:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+      # This is used to complete the identity challenge
+      # with sigstore/fulcio when running outside of PRs.
+      id-token: write
+
+    steps:
+      - name: Docker meta
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          # list of Docker images to use as base name for tags
+          images: |
+            netbirdio/kubectl
+          # generate Docker tags based on the following events/attributes
+          tags: |
+            type=ref,event=pr
+            type=ref,event=branch
+            type=semver,pattern={{version}}
+
+      - name: Login to Docker Hub
+        if: github.repository == github.event.pull_request.head.repo.full_name || !github.head_ref
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKER_USER }}
+          password: ${{ secrets.DOCKER_TOKEN }}
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Build and push
+        uses: docker/build-push-action@v6
+        with:
+          platforms: linux/amd64,linux/arm64
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          file: "Dockerfile.kubectl"
+          labels: |
+            "org.opencontainers.image.created={{.Date}}"
+            "org.opencontainers.image.title={{.ProjectName}}"
+            "org.opencontainers.image.version={{.Version}}"
+            "org.opencontainers.image.revision={{.FullCommit}}"
+            "org.opencontainers.image.version={{.Version}}"
+            "[email protected]"

Dockerfile.kubectl

@@ -0,0 +1,10 @@
+FROM alpine:3 AS builder
+
+RUN apk update && apk add curl
+RUN curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl" && \
+    chmod +x kubectl && \
+    mv kubectl /usr/local/bin/kubectl
+
+FROM alpine:3 AS final
+
+COPY --from=builder /usr/local/bin/kubectl /usr/local/bin/kubectl

cmd/main.go

@@ -294,16 +294,6 @@ func main() {
 		}
 
 		if enableWebhooks {
-			if err = webhooknetbirdiov1.SetupNBResourceWebhookWithManager(mgr); err != nil {
-				setupLog.Error(err, "unable to create webhook", "webhook", "NBResource")
-				os.Exit(1)
-			}
-
-			if err = webhooknetbirdiov1.SetupNBRoutingPeerWebhookWithManager(mgr); err != nil {
-				setupLog.Error(err, "unable to create webhook", "webhook", "NBRoutingPeer")
-				os.Exit(1)
-			}
-
 			if err = webhooknetbirdiov1.SetupNBGroupWebhookWithManager(mgr); err != nil {
 				setupLog.Error(err, "unable to create webhook", "webhook", "NBGroup")
 				os.Exit(1)

examples/ingress/values.yaml renamed to examples/ingress/values-kubernetes-operator.yaml

@@ -3,13 +3,6 @@
 #    tag: "0.1.0"
 ingress:
   enabled: true
-  router:
-    enabled: true
-#  policies:
-#    default:
-#      name: Kubernetes Default Policy
-#      sourceGroups:
-#        - All
 
 netbirdAPI:
   # Replace with valid NetBird Service Account token (PAT)

examples/ingress/values-netbird-operator-config.yaml

@@ -0,0 +1,7 @@
+router:
+  enabled: true
+policies:
+  default:
+    name: Kubernetes Default Policy
+    sourceGroups:
+      - All

helm/kubernetes-operator/Chart.yaml

@@ -2,5 +2,5 @@ apiVersion: v2
 name: kubernetes-operator
 description: NetBird Kubernetes Operator
 type: application
-version: 0.1.13
-appVersion: "0.1.4"
+version: 0.2.0
+appVersion: "0.2.0"

helm/kubernetes-operator/templates/kubernetes-nbresource.yaml

@@ -27,15 +27,15 @@ spec:
     spec:
       initContainers:
       - name: wait-network-ready
-        image: "bitnami/kubectl:latest"
+        image: "netbirdio/kubectl:latest"
         command:
         - bash
         - -c
         args:
         - kubectl wait --for 'jsonpath={.status.networkID}' -n {{ $routerNS }} nbroutingpeer router; 
       containers:
       - name: apply-nbresource
-        image: "bitnami/kubectl:latest"
+        image: "netbirdio/kubectl:latest"
         env:
         - name: NBRESOURCE_VALUE
           value: |

helm/kubernetes-operator/templates/nbpolicies.yaml

@@ -8,6 +8,8 @@ metadata:
   labels:
     app.kubernetes.io/component: operator
     {{- include "kubernetes-operator.labels" $ | nindent 4 }}
+  annotations:
+    helm.sh/resource-policy: keep
   name: {{ $k }}
 spec:
   name: {{ $v.name }}

helm/kubernetes-operator/templates/nbroutingpeers.yaml

@@ -10,6 +10,8 @@ metadata:
   labels:
     app.kubernetes.io/component: operator
     {{- include "kubernetes-operator.labels" $ | nindent 4 }}
+  annotations:
+    helm.sh/resource-policy: keep
   name: router
   namespace: {{ $k }}
 {{ $spec := merge $defaults $v }}
@@ -51,6 +53,8 @@ metadata:
   labels:
     app.kubernetes.io/component: operator
     {{- include "kubernetes-operator.labels" $ | nindent 4 }}
+  annotations:
+    helm.sh/resource-policy: keep
   name: router
 {{- if or (or (or .replicas .resources) (or .labels .annotations)) (or .nodeSelector .tolerations) }}
 spec: