[VC-28877] Publish venafi kubernetes agent chart

[wallrj]

Fixes: https://venafi.atlassian.net/browse/VC-28877

• Documented the current release process and explained why and how all the artifacts end up where they do.
• Modified the venafi-kubernetes-agent Helm README file to bring it up to date with the desired installation process
• Fixed some of the post install NOTES instructions
• Manually built and pushed the Helm chart according to the documented release process

$ export VERSION=0.1.43-alpha.2
helm package deploy/charts/venafi-kubernetes-agent --version "${VERSION}"
helm push venafi-kubernetes-agent-${VERSION}.tgz oci://eu.gcr.io/jetstack-secure-enterprise/charts
Successfully packaged chart and saved it to: /home/richard/projects/jetstack/jetstack-secure/venafi-kubernetes-agent-0.1.43-alpha.2.tgz
Pushed: eu.gcr.io/jetstack-secure-enterprise/charts/venafi-kubernetes-agent:0.1.43-alpha.2
Digest: sha256:291f26609de4796fdd6f1824e3da740a91ace5ed2dc6a229481814bdb36b8256

@dbarranco made some changes to Harbour to mirror the chart to the documented Venafi registries.

You can examine the Helm chart yourself, as follows:

$ crane ls registry.venafi.cloud/charts/venafi-kubernetes-agent
0.1.43-alpha.0
0.1.43-alpha.1
0.1.43-alpha.2
sha256-291f26609de4796fdd6f1824e3da740a91ace5ed2dc6a229481814bdb36b8256.sig
sha256-d5b2b09773f068495cddd3a1f56147032741baa36e43cac16b5dac058bfad33a.sig
sha256-ff8162f3d68612ff922261a0dd7a661ed3abbfd9dc1e3c30a09aa5b9b9bf9ba0.sig

Testing

I installed the chart in a Kind cluster on my laptop and was able to see the agent running and connecting to the Venafi Control Plane.

$ helm upgrade venafi-kubernetes-agent oci://registry.venafi.cloud/charts/venafi-kubernetes-agent   --install   --namespace ${VENAFI_NAMESPACE}   --set config.clientId="${VENAFI_CLIENT_ID}" --devel
Pulled: registry.venafi.cloud/charts/venafi-kubernetes-agent:0.1.43-alpha.2
Digest: sha256:291f26609de4796fdd6f1824e3da740a91ace5ed2dc6a229481814bdb36b8256
Release "venafi-kubernetes-agent" has been upgraded. Happy Helming!
NAME: venafi-kubernetes-agent
LAST DEPLOYED: Fri Nov 24 13:09:53 2023
NAMESPACE: venafi
STATUS: deployed
REVISION: 2
TEST SUITE: None
NOTES:
1. Check the credentials Secret exists: "agent-credentials"
> kubectl get secret -n venafi agent-credentials

2. Check the application is running:
> kubectl get pods -n venafi -l app.kubernetes.io/instance=venafi-kubernetes-agent

3. Check the application logs for successful connection to the platform:
> kubectl logs -n venafi -l app.kubernetes.io/instance=venafi-kubernetes-agent

$ helm list  -n venafi
NAME                    NAMESPACE       REVISION        UPDATED                                 STATUS          CHART                                   APP VERSION
venafi-kubernetes-agent venafi          2               2023-11-24 13:09:53.195739589 +0000 UTC deployed        venafi-kubernetes-agent-0.1.43-alpha.2  v0.1.43

$ kubectl logs -n ${VENAFI_NAMESPACE} -l app.kubernetes.io/instance=venafi-kubernetes-agent --tail -1 | head
2023/11/23 14:58:36 Preflight agent version: v0.1.43 (a1b618ca89aad69f71095e97724d62e3d0b113c7)
2023/11/23 14:58:36 Loaded config:
schedule: ""
period: 0s
endpoint:
    protocol: ""
    host: ""
    path: ""
server: https://api.venafi.cloud/
organization_id: ""

[hawksight]

Really good changes, thank you for refactoring this to include the right registry links etc.
Also repo instruction are good 👍

Couple of minor things and slight rant, but nothing to stop this merging.

[hawksight]

This is completely the right link, but what it links to is completely useless IMO.
Why would you have to enable this by talking to a human. Shouldn't this just be a feature enabled by default?

Surely being a Venafi Customer is enough to get access to a private revision of the venafi-kubernetes-agent?

No action needed, just ranting.

[wallrj]

I raised an issue with the documentation team:

• https://venafi.atlassian.net/browse/VC-28984

[ditatechwriter]

This was added to the docs by PM in advance of the preview. The page will updated for the GA.

[hawksight]

We haven't exported this variable previously, so maybe we include it, or just add this into the instructions if this might change often? Not sure what's best, but also happy to leave how it is and assume people know who to export the env var and what it should be exported to.

[wallrj]

I've hard coded the EU URL here instead.

[hawksight]

Is it worth a quick note to say that for this readme, we assume you are using the public registry?

[wallrj]

Done.

[hawksight]

Seems a bit counter intuitive to the preceding sentence, but is entirely accurate.

[wallrj]

I considered just changing the version number to 1.0.0 and telling releasers to increment the minor version,
but decided that would require a wider discussion.

[hawksight]

Yes, no need for action, I'm just arguing semantics 😂

[wallrj]

This is a more appropriate image, but later we should set up mirroring to registry.venafi.cloud

[hawksight]

Thanks you for constructively taking on board my comments. Changes are good 👍

[hawksight]

Yes, no need for action, I'm just arguing semantics 😂