Merge pull request #390 from Hamidhasan/main

cert-manager-prow[bot] · web-flow · commit d0580180acae · 2025-04-30T14:33:41.000Z
Update charts/aws-pca-issuer/README.md using `make helm-docs`
diff --git a/.github/workflows/sync-helm-readme.yml b/.github/workflows/sync-helm-readme.yml
@@ -0,0 +1,79 @@
+# Workflow to sync helm chart README.md when values.yml is updated
+name: Sync Helm Chart README.md
+
+on:
+  pull_request_target:
+    paths:
+      - 'charts/aws-pca-issuer/values.yaml'
+  workflow_dispatch:
+
+env:
+  GITHUB_USER_NAME: github-actions
+  GITHUB_USER_EMAIL: github-actions@github.com
+
+jobs:
+  sync-helm-chart-doc:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+        with:
+          repository: ${{ github.event.pull_request.head.repo.full_name }}
+          ref: ${{ github.head_ref }}
+
+      - name: Set up Go
+        uses: actions/setup-go@v4
+        with:
+          go-version: '1.24'
+
+      - name: Run helm-docs via Makefile
+        id: run-helm-docs
+        continue-on-error: true
+        run: |
+          mkdir -p $(pwd)/bin
+          export PATH=$(pwd)/bin:$PATH
+          echo "Regenerating charts/aws-pca-issuer/README.md since charts/aws-pca-issuer/values.yaml has updated."
+          make helm-docs
+          MAKE_EXIT_CODE=$?
+          echo "Make exit code: $MAKE_EXIT_CODE"
+          exit $MAKE_EXIT_CODE
+
+      - name: Update pull request with new Helm README.md
+        if: ${{ github.event_name == 'pull_request_target' && steps.run-helm-docs.outcome == 'success' }}
+        uses: stefanzweifel/git-auto-commit-action@b863ae1933cb653a53c021fe36dbb774e1fb9403 #v5.2.0
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          branch: ${{ github.head_ref }}
+          create_branch: false
+          commit_author: "${{ env.GITHUB_USER_NAME }} <${{ env.GITHUB_USER_EMAIL }}>"
+          commit_message: |
+            Sync charts/aws-pca-issuer/README.md in pull-request ${{ github.event.pull_request.number }}
+
+            Signed-off-by: ${{ env.GITHUB_USER_NAME }} <${{ env.GITHUB_USER_EMAIL }}>
+
+      - name: Comment on pull request that the README is updated
+        if: ${{ github.event_name == 'pull_request_target' && steps.run-helm-docs.outcome == 'success' }}
+        uses: divyansh-gupta/actions-comment-pull-request@675cdfe1695d33e816e060460a72feafee079d3f
+        with:
+          message: 'Detected changes in charts/aws-pca-issuer/values.yaml. Updated charts/aws-pca-issuer/README.md and added it as commit to this PR for review.'
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Comment on pull request that the README was unable to be updated
+        if: ${{ github.event_name == 'pull_request_target' && steps.run-helm-docs.outcome == 'failure' }}
+        uses: divyansh-gupta/actions-comment-pull-request@675cdfe1695d33e816e060460a72feafee079d3f
+        with:
+          message: 'Detected changes in charts/aws-pca-issuer/values.yaml, but was unable to regenerate charts/aws-pca-issuer/README.md. Please update the pull request with README.md changes by running `make helm-docs` manually and adding the changed README.md to the commit.'
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Create new PR with README changes (on manual runs)
+        if: ${{ github.event_name == 'workflow_dispatch' && steps.run-helm-docs.outcome == 'success' }}
+        uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e #v7.0.8
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+          commit-message: "Update Helm README.md documentation"
+          branch: "auto-update-helm-readme"
+          title: "Update Helm README.md documentation"
+          body: "Automatically generated PR to update README.md based on changes in values.yaml."
+          delete-branch: true
+          signoff: true
diff --git a/.github/workflows/sync.yml b/.github/workflows/sync.yml
@@ -128,3 +128,4 @@ jobs:
             Detected different CRDs in the `config/crd/bases` directory and `charts/aws-pca-issuer/crds` directory. 
             Since both CRDs were modified in this commit(s), they were unable to be automatically synced. Please update the pull request with identical CRDs for this workflow to pass.
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
diff --git a/Makefile b/Makefile
@@ -58,7 +58,7 @@ CONTROLLER_GEN_VERSION := 0.17.3
 CONTROLLER_GEN := ${BIN}/controller-gen-${CONTROLLER_GEN_VERSION}
 
 # Helm tools
-HELM_TOOL_VERSION := v0.2.2
+HELM_TOOL_VERSION := v0.2.3
 
 INSTALL_YAML ?= build/install.yaml
 
diff --git a/SECURITY_CONTACTS b/SECURITY_CONTACTS
diff --git a/charts/aws-pca-issuer/README.md b/charts/aws-pca-issuer/README.md
@@ -33,7 +33,7 @@ Number of replicas to run of the issuer
 <td>
 
 ```yaml
-1
+2
 ```
 
 </td>
@@ -108,6 +108,23 @@ false
 </tr>
 <tr>
 
+<td>disableClientSideRateLimiting</td>
+<td>
+
+Disables Kubernetes client-side rate limiting (only use if API Priority & Fairness is enabled on the cluster).
+
+</td>
+<td>bool</td>
+<td>
+
+```yaml
+false
+```
+
+</td>
+</tr>
+<tr>
+
 <td>imagePullSecrets</td>
 <td>
 
@@ -342,26 +359,20 @@ allowPrivilegeEscalation: false
 <td>resources</td>
 <td>
 
-Kubernetes pod resources requests/limits  
-  
-For example:
+Kubernetes pod resources requests/limits
 
-```yaml
-resources:
-  limits:
-    cpu: 100m
-    memory: 128Mi
-  requests:
-    cpu: 100m
-    memory: 128Mi
-```
 
 </td>
 <td>object</td>
 <td>
 
 ```yaml
-{}
+limits:
+  cpu: 50m
+  memory: 64Mi
+requests:
+  cpu: 50m
+  memory: 64Mi
 ```
 
 </td>
@@ -412,7 +423,7 @@ tolerations:
 <td>affinity</td>
 <td>
 
-A Kubernetes Affinity, if required; see https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#affinity-v1-core  
+A Kubernetes Affinity; see https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#affinity-v1-core  
   
 For example:
 
@@ -428,12 +439,23 @@ affinity:
          - master
 ```
 
+
 </td>
 <td>object</td>
 <td>
 
 ```yaml
-{}
+podAntiAffinity:
+  preferredDuringSchedulingIgnoredDuringExecution:
+    - podAffinityTerm:
+        labelSelector:
+          matchExpressions:
+            - key: app.kubernetes.io/name
+              operator: In
+              values:
+                - aws-privateca-issuer
+        topologyKey: kubernetes.io/hostname
+      weight: 100
 ```
 
 </td>
@@ -443,26 +465,20 @@ affinity:
 <td>topologySpreadConstraints</td>
 <td>
 
-List of Kubernetes TopologySpreadConstraints; see https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#topologyspreadconstraint-v1-core  
-  
-For example:
+List of Kubernetes TopologySpreadConstraints; see https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#topologyspreadconstraint-v1-core
 
-```yaml
-topologySpreadConstraints:
-- maxSkew: 1
-  topologyKey: topology.kubernetes.io/zone
-  whenUnsatisfiable: ScheduleAnyway
-  labelSelector:
-    matchLabels:
-      app.kubernetes.io/name: aws-privateca-issuer
-```
 
 </td>
 <td>array</td>
 <td>
 
 ```yaml
-[]
+- labelSelector:
+    matchLabels:
+      app.kubernetes.io/name: aws-privateca-issuer
+  maxSkew: 1
+  topologyKey: topology.kubernetes.io/zone
+  whenUnsatisfiable: ScheduleAnyway
 ```
 
 </td>
@@ -472,8 +488,9 @@ topologySpreadConstraints:
 <td>priorityClassName</td>
 <td>
 
-Priority class name for the issuer pods. If specified, this will set the priority class on pods, which can influence scheduling decisions.
-
+Priority class name for the issuer pods  
+If specified, this will set the priority class on pods, which can influence scheduling decisions  
+  
 For example:
 
 ```yaml
@@ -561,41 +578,15 @@ Additional VolumeMounts on the operator container.
 </tr>
 <tr>
 
-<td>podDisruptionBudget</td>
+<td>podDisruptionBudget.maxUnavailable</td>
 <td>
 
-Configures a disruption budget for the deployment.  
-  
-Expects input structure similar to https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#poddisruptionbudgetspec-v1-policy. WITHOUT the pod selector, which is handled by the chart. Per https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#poddisruptionbudgetspec-v1-policy, `maxUnavailable` is mutually exclusive with `minAvailable`, you cannot set both.  
-  
-For example:
-
-```yaml
-podDisruptionBudget:
-  maxUnavailable: 1
-```
-
-Or:
-
-```yaml
-podDisruptionBudget:
-  minAvailable: 1
-```
-
-But NOT:
-
-```yaml
-podDisruptionBudget:
-  minAvailable: 1
-  maxUnavailable: 1
-```
-
 </td>
-<td>object</td>
+<td>number</td>
 <td>
 
 ```yaml
-{}
+1
 ```
 
 </td>
@@ -807,6 +798,23 @@ Annotations to add to the Prometheus ServiceMonitor
 {}
 ```
 
+</td>
+</tr>
+<tr>
+
+<td>serviceMonitor.labels</td>
+<td>
+
+Labels to add to the Prometheus ServiceMonitor
+
+</td>
+<td>object</td>
+<td>
+
+```yaml
+{}
+```
+
 </td>
 </tr>
 </table>
diff --git a/charts/aws-pca-issuer/values.yaml b/charts/aws-pca-issuer/values.yaml
@@ -66,6 +66,7 @@ securityContext:
   allowPrivilegeEscalation: false
 
 # Kubernetes pod resources requests/limits
+#+docs:property
 resources:
   limits:
     cpu: 50m
@@ -96,6 +97,7 @@ tolerations: []
 #            operator: In
 #            values:
 #            - master
+#+docs:property
 affinity:
   podAntiAffinity:
     preferredDuringSchedulingIgnoredDuringExecution:
@@ -110,6 +112,7 @@ affinity:
       weight: 100
 
 # List of Kubernetes TopologySpreadConstraints; see https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#topologyspreadconstraint-v1-core
+#+docs:property
 topologySpreadConstraints:
 - maxSkew: 1
   topologyKey: topology.kubernetes.io/zone
