eks-charts to ECR Public migration (#803)

LikithaVemulapalli · web-flow · commit 14aebceb53bc · 2023-04-14T15:07:00.000-05:00
* eks-charts to ECR Public migration * Removed makefile errors * Reverted release-prep make targets * Changes made as per PR comments * Removed io/ioutil package as it is deprecated and used io and os package (#804) * eks-charts to ECR Public migration * Removed makefile errors * Reverted release-prep make targets * Changes made as per PR comments * Made changes to match with script name
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
@@ -66,8 +66,19 @@ jobs:
     - name: Check out code into the Go module directory
       uses: actions/checkout@v2
     
-    - name: Create eks-charts PR
-      run: make ekscharts-sync-release
+    - name: Sync Helm Chart Catalog information
+      run: make sync-catalog-information-for-helm-chart
+      env:
+        AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+        AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+        AWS_SESSION_TOKEN: ${{ secrets.AWS_SESSION_TOKEN }}
+    
+    - name: Sync Helm Chart to ECR Public
+      run: make push-helm-chart
+      env:
+        AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+        AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+        AWS_SESSION_TOKEN: ${{ secrets.AWS_SESSION_TOKEN }}
     
     - name: Sync Readme to ECR Public
       run: make sync-readme-to-ecr-public
diff --git a/Makefile b/Makefile
@@ -1,9 +1,12 @@
 VERSION = $(shell git describe --tags --always --dirty)
 LATEST_RELEASE_TAG=$(shell git describe --tags --abbrev=0)
+LATEST_COMMIT_HASH=$(shell git rev-parse HEAD)
+LATEST_COMMIT_CHART_VERSION=$(shell git --no-pager show ${LATEST_COMMIT_HASH}:config/helm/aws-node-termination-handler/Chart.yaml | grep 'version:' | cut -d' ' -f2 | tr -d '[:space:]')
 PREVIOUS_RELEASE_TAG=$(shell git describe --abbrev=0 --tags `git rev-list --tags --skip=1  --max-count=1`)
 REPO_FULL_NAME=aws/aws-node-termination-handler
 ECR_REGISTRY ?= public.ecr.aws/aws-ec2
 ECR_REPO ?= ${ECR_REGISTRY}/aws-node-termination-handler
+ECR_REPO_CHART ?= aws-node-termination-handler
 IMG ?= amazon/aws-node-termination-handler
 IMG_TAG ?= ${VERSION}
 IMG_W_TAG = ${IMG}:${IMG_TAG}
@@ -57,9 +60,16 @@ push-docker-images-windows:
 	@ECR_REGISTRY=${ECR_REGISTRY} ${MAKEFILE_PATH}/scripts/ecr-public-login
 	${MAKEFILE_PATH}/scripts/push-docker-images -p ${SUPPORTED_PLATFORMS_WINDOWS} -r ${ECR_REPO} -v ${VERSION} -m
 
+push-helm-chart:
+	@ECR_REGISTRY=${ECR_REGISTRY} ${MAKEFILE_PATH}/scripts/helm-login
+	${MAKEFILE_PATH}/scripts/push-helm-chart -r ${ECR_REPO_CHART} -v ${LATEST_COMMIT_CHART_VERSION} -h ${ECR_REGISTRY}
+
 version:
 	@echo ${VERSION}
 
+chart-version:
+	@echo ${LATEST_COMMIT_CHART_VERSION}
+
 latest-release-tag:
 	@echo ${LATEST_RELEASE_TAG}
 
@@ -99,16 +109,13 @@ license-test: $(GOLICENSES)
 go-linter:
 	golangci-lint run
 
-helm-sync-test:
-	${MAKEFILE_PATH}/test/helm-sync-test/run-helm-sync-test
-
 helm-version-sync-test:
 	${MAKEFILE_PATH}/test/helm-sync-test/run-helm-version-sync-test
 
 helm-lint:
 	${MAKEFILE_PATH}/test/helm/helm-lint
 
-helm-validate-eks-versions:
+helm-validate-chart-versions:
 	${MAKEFILE_PATH}/test/helm/validate-chart-versions
 
 build-binaries:
@@ -132,11 +139,9 @@ sync-readme-to-ecr-public:
 	@ECR_REGISTRY=${ECR_REGISTRY} ${MAKEFILE_PATH}/scripts/ecr-public-login
 	${MAKEFILE_PATH}/scripts/sync-readme-to-ecr-public
 
-ekscharts-sync:
-	${MAKEFILE_PATH}/scripts/sync-to-aws-eks-charts -b ${BINARY_NAME} -r ${REPO_FULL_NAME}
-
-ekscharts-sync-release:
-	${MAKEFILE_PATH}/scripts/sync-to-aws-eks-charts -b ${BINARY_NAME} -r ${REPO_FULL_NAME} -n
+sync-catalog-information-for-helm-chart:
+	@ECR_REGISTRY=${ECR_REGISTRY} ${MAKEFILE_PATH}/scripts/helm-login
+	${MAKEFILE_PATH}/scripts/sync-catalog-information-for-helm-chart
 
 unit-test:
 	go test -bench=. ${MAKEFILE_PATH}/... -v -coverprofile=coverage.txt -covermode=atomic -outputdir=${BUILD_DIR_PATH}
@@ -152,7 +157,7 @@ spellcheck:
 
 build: compile
 
-helm-tests: helm-version-sync-test helm-lint helm-validate-eks-versions
+helm-tests: helm-version-sync-test helm-lint helm-validate-chart-versions
 
 eks-cluster-test:
 	${MAKEFILE_PATH}/test/eks-cluster-test/run-test
@@ -161,7 +166,7 @@ release: build-binaries build-docker-images push-docker-images generate-k8s-yaml
 
 release-windows: build-binaries-windows build-docker-images-windows push-docker-images-windows upload-resources-to-github-windows
 
-test: spellcheck shellcheck unit-test e2e-test compatibility-test license-test go-linter helm-sync-test helm-version-sync-test helm-lint
+test: spellcheck shellcheck unit-test e2e-test compatibility-test license-test go-linter helm-version-sync-test helm-lint
 
 help:
 	@grep -E '^[a-zA-Z_-]+:.*$$' $(MAKEFILE_LIST) | sort
@@ -176,19 +181,19 @@ create-local-release-tag-minor:
 create-local-release-tag-patch:
 	${MAKEFILE_PATH}/scripts/create-local-tag-for-release -p
 
-create-release-prep-pr:
+create-release-pr:
 	${MAKEFILE_PATH}/scripts/prepare-for-release
 
-create-release-prep-pr-draft:
+create-release-pr-draft:
 	${MAKEFILE_PATH}/scripts/prepare-for-release -d
 
-release-prep-major: create-local-release-tag-major create-release-prep-pr
+release-prep-major: create-local-release-tag-major create-release-pr
 
-release-prep-minor: create-local-release-tag-minor create-release-prep-pr
+release-prep-minor: create-local-release-tag-minor create-release-pr
 
-release-prep-patch: create-local-release-tag-patch create-release-prep-pr
+release-prep-patch: create-local-release-tag-patch create-release-pr
 
 release-prep-custom: # Run make NEW_VERSION=v1.2.3 release-prep-custom to prep for a custom release version
 ifdef NEW_VERSION
-	$(shell echo "${MAKEFILE_PATH}/scripts/create-local-tag-for-release -v $(NEW_VERSION) && echo && make create-release-prep-pr")
+	$(shell echo "${MAKEFILE_PATH}/scripts/create-local-tag-for-release -v $(NEW_VERSION) && echo && make create-release-pr")
 endif
diff --git a/README.md b/README.md
@@ -123,22 +123,25 @@ For a full list of releases and associated artifacts see our [releases page](htt
 
 #### Helm
 
-The easiest way to configure the various options of the termination handler is via [helm](https://helm.sh/).  The chart for this project is hosted in the [eks-charts](https://github.com/aws/eks-charts) repository.
+The easiest way to configure the various options of the termination handler is via [helm](https://helm.sh/). The chart for this project is hosted in [helm/aws-node-termination-handler](https://gallery.ecr.aws/aws-ec2/helm/aws-node-termination-handler)
 
-To get started you need to add the eks-charts repo to helm
+To get started you need to authenticate your helm client
 
 ```
-helm repo add eks https://aws.github.io/eks-charts
+aws ecr-public get-login-password \
+  --region us-east-1 | helm registry login \
+  --username AWS \
+  --password-stdin public.ecr.aws
 ```
 
-Once that is complete you can install the termination handler. We've provided some sample setup options below.
+Once that is complete you can install the termination handler. We've provided some sample setup options below. Make sure to replace CHART_VERSION with the version you want to install.
 
 Zero Config:
 
 ```sh
 helm upgrade --install aws-node-termination-handler \
   --namespace kube-system \
-  eks/aws-node-termination-handler
+  oci://public.ecr.aws/aws-ec2/helm/aws-node-termination-handler --version $CHART_VERSION
 ```
 
 Enabling Features:
@@ -149,7 +152,7 @@ helm upgrade --install aws-node-termination-handler \
   --set enableSpotInterruptionDraining="true" \
   --set enableRebalanceMonitoring="true" \
   --set enableScheduledEventDraining="false" \
-  eks/aws-node-termination-handler
+  oci://public.ecr.aws/aws-ec2/helm/aws-node-termination-handler --version $CHART_VERSION
 ```
 
 The `enable*` configuration flags above enable or disable IMDS monitoring paths.
@@ -160,7 +163,7 @@ Running Only On Specific Nodes:
 helm upgrade --install aws-node-termination-handler \
   --namespace kube-system \
   --set nodeSelector.lifecycle=spot \
-  eks/aws-node-termination-handler
+  oci://public.ecr.aws/aws-ec2/helm/aws-node-termination-handler --version $CHART_VERSION
 ```
 
 Webhook Configuration:
@@ -169,7 +172,7 @@ Webhook Configuration:
 helm upgrade --install aws-node-termination-handler \
   --namespace kube-system \
   --set webhookURL=https://hooks.slack.com/services/YOUR/SLACK/URL \
-  eks/aws-node-termination-handler
+  oci://public.ecr.aws/aws-ec2/helm/aws-node-termination-handler --version $CHART_VERSION
 ```
 
 Alternatively, pass Webhook URL as a Secret:
@@ -183,10 +186,10 @@ kubectl create secret -n kube-system generic webhooksecret --from-literal=$WEBHO
 helm upgrade --install aws-node-termination-handler \
   --namespace kube-system \
   --set webhookURLSecretName=webhooksecret \
-  eks/aws-node-termination-handler
+  oci://public.ecr.aws/aws-ec2/helm/aws-node-termination-handler --version $CHART_VERSION
 ```
 
-For a full list of configuration options see our [Helm readme](https://github.com/aws/eks-charts/tree/master/stable/aws-node-termination-handler).
+For a full list of configuration options see our [Helm readme](https://github.com/aws/aws-node-termination-handler/blob/v1.19.0/config/helm/aws-node-termination-handler#readme).
 
 </details>
 
@@ -391,15 +394,18 @@ When using Kubernetes [Pod Security Admission](https://kubernetes.io/docs/concep
 
 #### Helm
 
-The easiest and most commonly used method to configure the termination handler is via [helm](https://helm.sh/).  The chart for this project is hosted in the [eks-charts](https://github.com/aws/eks-charts) repository.
+The easiest way to configure the various options of the termination handler is via [helm](https://helm.sh/). The chart for this project is hosted in [helm/aws-node-termination-handler](https://gallery.ecr.aws/aws-ec2/helm/aws-node-termination-handler)
 
-To get started you need to add the eks-charts repo to helm
+To get started you need to authenticate your helm client
 
 ```
-helm repo add eks https://aws.github.io/eks-charts
+aws ecr-public get-login-password \
+     --region us-east-1 | helm registry login \
+     --username AWS \
+     --password-stdin public.ecr.aws
 ```
 
-Once that is complete you can install the termination handler. We've provided some sample setup options below.
+Once that is complete you can install the termination handler. We've provided some sample setup options below. Make sure to replace CHART_VERSION with the version you want to install.
 
 Minimal Config:
 
@@ -408,7 +414,7 @@ helm upgrade --install aws-node-termination-handler \
   --namespace kube-system \
   --set enableSqsTerminationDraining=true \
   --set queueURL=https://sqs.us-east-1.amazonaws.com/0123456789/my-term-queue \
-  eks/aws-node-termination-handler
+  oci://public.ecr.aws/aws-ec2/helm/aws-node-termination-handler --version $CHART_VERSION
 ```
 
 Webhook Configuration:
@@ -419,7 +425,7 @@ helm upgrade --install aws-node-termination-handler \
   --set enableSqsTerminationDraining=true \
   --set queueURL=https://sqs.us-east-1.amazonaws.com/0123456789/my-term-queue \
   --set webhookURL=https://hooks.slack.com/services/YOUR/SLACK/URL \
-  eks/aws-node-termination-handler
+  oci://public.ecr.aws/aws-ec2/helm/aws-node-termination-handler --version $CHART_VERSION
 ```
 
 Alternatively, pass Webhook URL as a Secret:
@@ -435,10 +441,10 @@ helm upgrade --install aws-node-termination-handler \
   --set enableSqsTerminationDraining=true \
   --set queueURL=https://sqs.us-east-1.amazonaws.com/0123456789/my-term-queue \
   --set webhookURLSecretName=webhooksecret \
-  eks/aws-node-termination-handler
+  oci://public.ecr.aws/aws-ec2/helm/aws-node-termination-handler --version $CHART_VERSION
 ```
 
-For a full list of configuration options see our [Helm readme](https://github.com/aws/eks-charts/tree/master/stable/aws-node-termination-handler).
+For a full list of configuration options see our [Helm readme](https://github.com/aws/aws-node-termination-handler/blob/v1.19.0/config/helm/aws-node-termination-handler#readme).
 
 #### Kubectl Apply
 
diff --git a/config/helm/aws-node-termination-handler/Chart.yaml b/config/helm/aws-node-termination-handler/Chart.yaml
@@ -11,11 +11,10 @@ keywords:
   - ec2
   - node-termination
   - spot
-home: https://github.com/aws/eks-charts
+home: https://github.com/aws/aws-node-termination-handler/
 icon: https://raw.githubusercontent.com/aws/eks-charts/master/docs/logo/aws.png
 sources:
   - https://github.com/aws/aws-node-termination-handler/
-  - https://github.com/aws/eks-charts/
 maintainers:
   - name: Brandon Wagner
     url: https://github.com/bwagner5
diff --git a/config/helm/aws-node-termination-handler/README.md b/config/helm/aws-node-termination-handler/README.md
@@ -8,22 +8,24 @@ AWS Node Termination Handler Helm chart for Kubernetes. For more information on
 
 ## Installing the Chart
 
-Before you can install the chart you will need to add the `aws` repo to [Helm](https://helm.sh/).
-
+Before you can install the chart you will need to authenticate your Helm client.
 ```shell
-helm repo add eks https://aws.github.io/eks-charts/
+aws ecr-public get-login-password \
+     --region us-east-1 | helm registry login \
+     --username AWS \
+     --password-stdin public.ecr.aws
 ```
 
-After you've installed the repo you can install the chart, the following command will install the chart with the release name `aws-node-termination-handler` and the default configuration to the `kube-system` namespace.
+Once the helm registry login succeeds, use the following command to install the chart with the release name `aws-node-termination-handler` and the default configuration to the `kube-system` namespace. In the below command, add the CHART_VERSION that you want to install.
 
 ```shell
-helm upgrade --install --namespace kube-system aws-node-termination-handler eks/aws-node-termination-handler
+helm upgrade --install --namespace kube-system aws-node-termination-handler oci://public.ecr.aws/aws-ec2/helm/aws-node-termination-handler --version $CHART_VERSION
 ```
 
 To install the chart on an EKS cluster where the AWS Node Termination Handler is already installed, you can run the following command.
 
 ```shell
-helm upgrade --install --namespace kube-system aws-node-termination-handler eks/aws-node-termination-handler --recreate-pods --force
+helm upgrade --install --namespace kube-system aws-node-termination-handler oci://public.ecr.aws/aws-ec2/helm/aws-node-termination-handler --version $CHART_VERSION --recreate-pods --force
 ```
 
 If you receive an error similar to the one below simply rerun the above command.
@@ -33,7 +35,7 @@ If you receive an error similar to the one below simply rerun the above command.
 To uninstall the `aws-node-termination-handler` chart installation from the `kube-system` namespace run the following command.
 
 ```shell
-helm delete --namespace kube-system aws-node-termination-handler
+helm uninstall --namespace kube-system aws-node-termination-handler
 ```
 
 ## Configuration
diff --git a/scripts/ecr-template-for-helm-chart.json b/scripts/ecr-template-for-helm-chart.json
@@ -0,0 +1,5 @@
+{
+    "description": "Helm Charts for AWS Node Termination Handler",
+    "aboutText": "# Helm Chart for Node Termination Handler\n\n AWS NTH gracefully handles EC2 instance shutdown within Kubernetes.\n\nThis repository contains helm-charts for Node Termination Handler.\n\nFor more information on this project, see the project repo at [AWS Node Termination Handler](https://github.com/aws/aws-node-termination-handler)",
+    "usageText": "# We can install AWS NTH using the helm chart from this repository.\n\nWe need to authenticate our helm client to ECR registry and install NTH chart using helm chart URI, detailed information on how to install helm chart can be found here [HelmChart ReadMe](https://github.com/aws/aws-node-termination-handler/tree/main/config/helm/aws-node-termination-handler#readme)"
+}
diff --git a/scripts/helm-login b/scripts/helm-login
@@ -0,0 +1,20 @@
+#!/bin/bash
+set -euo pipefail
+
+SCRIPTPATH="$( cd "$(dirname "$0")" ; pwd -P )"
+BUILD_DIR=$SCRIPTPATH/../build/
+export PATH="${BUILD_DIR}:${PATH}"
+
+if [[ -z "${ECR_REGISTRY}" ]]; then
+    echo "The env var ECR_REGISTRY must be set"
+    exit 1
+fi
+
+function exit_and_fail() {
+    echo "❌ Failed to login to ECR Public Repo!"
+}
+
+trap exit_and_fail INT TERM ERR
+
+export HELM_EXPERIMENTAL_OCI=1
+helm registry login --username AWS --password="$(aws ecr-public get-login-password --region us-east-1)" "${ECR_REGISTRY}"
diff --git a/scripts/prepare-for-release b/scripts/prepare-for-release
@@ -55,7 +55,6 @@ HELP=$(cat << 'EOM'
     -d      create a draft pr
     -r      target repo full name for the pr (default: aws/aws-node-termination-handler)
     -h      help
-
   Examples:
     prepare-for-release -d                                          update release version in repo and create a draft pr against aws/aws-node-termination-handler
     prepare-for-release -r username/aws-node-termination-handler    update release version in repo and create a pr against username/aws-node-termination-handler
diff --git a/scripts/push-helm-chart b/scripts/push-helm-chart
@@ -0,0 +1,51 @@
+#!/bin/bash
+set -euo pipefail
+
+SCRIPTPATH="$( cd "$(dirname "$0")";pwd -P )"
+
+REPO_ROOT_PATH=$SCRIPTPATH/../
+MAKE_FILE_PATH=$REPO_ROOT_PATH/Makefile
+CHART_VERSION=$(make -s -f $MAKE_FILE_PATH chart-version)
+HELM_CHART_PATH=$REPO_ROOT_PATH/config/helm/aws-node-termination-handler
+
+USAGE=$(cat << 'EOM'
+  Usage: push-helm-chart
+  Pushes helm charts
+          Optional:
+            -h          HELM CHART REGISTRY: set the helm chart registry
+            -v          CHART VERSION: The chart version [DEFAULT: output of `make chart-version`]
+            -r          HELM CHART REPOSITORY: Set the helm chart repository
+EOM
+)
+
+# Process our input arguments
+while getopts "r:v:h:" opt; do
+  case ${opt} in
+    r ) # Helm Chart Repository
+        HELM_CHART_REPOSITORY="$OPTARG"
+      ;;
+    v ) # Image Version
+        CHART_VERSION="$OPTARG"
+      ;;
+    h ) # Helm Chart Registry
+        ECR_REGISTRY="$OPTARG"
+      ;;
+    \? )
+        echo "$USAGE" 1>&2
+        exit
+      ;;
+  esac
+done
+
+CHART_EXISTS=$(aws ecr-public describe-images --repository-name "helm/$HELM_CHART_REPOSITORY" --region us-east-1 --query "imageDetails[?contains(imageTags, '$CHART_VERSION')].imageTags[]" --output text)
+
+if [[ -n "$CHART_EXISTS" ]]; then
+    echo "chart with version $CHART_VERSION already exists in the repository, skipping pushing of chart..."
+    exit 0
+fi
+
+echo "chart with version $CHART_VERSION not found in repository, pushing new chart..."
+#Package the chart
+helm package $HELM_CHART_PATH --destination $REPO_ROOT_PATH/build
+#Pushing helm chart
+helm push $REPO_ROOT_PATH/build/$HELM_CHART_REPOSITORY-$CHART_VERSION.tgz oci://$ECR_REGISTRY/helm
diff --git a/scripts/sync-catalog-information-for-helm-chart b/scripts/sync-catalog-information-for-helm-chart
diff --git a/scripts/sync-to-aws-eks-charts b/scripts/sync-to-aws-eks-charts
diff --git a/test/helm-sync-test/run-helm-sync-test b/test/helm-sync-test/run-helm-sync-test
diff --git a/test/helm/validate-chart-versions b/test/helm/validate-chart-versions
