feat: Update Helm chart image

.github/workflows/ci.yaml

@@ -63,6 +63,31 @@ jobs:
         platforms: linux/amd64
         push: true
         tags: ${{ secrets.DOCKERHUB_USERNAME }}/cost-manager:${{ env.BRANCH == 'main' && 'latest' || env.BRANCH }}
-        # https://docs.docker.com/build/ci/github-actions/cache/#registry-cache
-        cache-from: type=registry,ref=${{ secrets.DOCKERHUB_USERNAME }}/cost-manager:buildcache
-        cache-to: type=registry,ref=${{ secrets.DOCKERHUB_USERNAME }}/cost-manager:buildcache,mode=max
+        # https://docs.docker.com/build/ci/github-actions/cache/#github-cache
+        cache-from: type=gha
+        cache-to: type=gha,mode=max
+  kind:
+    needs: build
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v4
+    - uses: azure/setup-helm@v3
+      with:
+        version: v3.12.1
+    - run: |
+        helm lint --strict ./charts/cost-manager
+    - uses: helm/[email protected]
+    - name: Install CRDs
+      run: |
+        kubectl apply -f https://raw.githubusercontent.com/kubernetes/autoscaler/5469d7912072c1070eedc680c89e27d46b8f4f82/vertical-pod-autoscaler/deploy/vpa-v1-crd-gen.yaml
+    - name: Install cost-manager
+      # Use bash shell to set pipefail option:
+      # https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsshell
+      shell: bash
+      run: |
+        kubectl create namespace cost-manager
+        helm template ./charts/cost-manager \
+          -n cost-manager \
+          --set iam.gcp.serviceAccount=cost-manager@example.iam.gserviceaccount.com \
+          --set vpa.enabled=true | kubectl apply -f -
+        kubectl wait --for=condition=Available=true deployment/cost-manager -n cost-manager --timeout=10m

README.md

@@ -36,6 +36,10 @@ your cluster must be running at least one on-demand node pool and at least one s
 
 ## Quickstart
 
+When using spot-migrator on GCP, cost-manager requires the
+[roles/compute.instanceAdmin](https://cloud.google.com/iam/docs/understanding-roles#compute.instanceAdmin)
+role to delete compute instances from GKE managed instance groups.
+
 cost-manager can be run locally:
 
 ```sh
@@ -44,21 +48,16 @@ cost-manager can be run locally:
 make run
 ```
 
-Alternatively, you can run cost-manager within a Kubernetes cluster:
+Alternatively, you can run cost-manager within a GKE Kubernetes cluster with [Workload
+Identity](https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity) enabled:
 
 ```sh
-# Build the Docker image
-make image
-REPOSITORY=""
-docker tag cost-manager "$REPOSITORY"
-docker push "$REPOSITORY"
 # GCP service account bound to the roles/compute.instanceAdmin role
 GCP_SERVICE_ACCOUNT_EMAIL_ADDRESS="[email protected]"
 kubectl create namespace cost-manager --dry-run=client -o yaml | kubectl apply -f
 helm template ./charts/cost-manager \
     -n cost-manager \
-    --set image.repository="$REPOSITORY" \
-    --set iam.gcpServiceAccount="$GCP_SERVICE_ACCOUNT_EMAIL_ADDRESS" \
+    --set iam.gcp.serviceAccount="$GCP_SERVICE_ACCOUNT_EMAIL_ADDRESS" \
     --set vpa.enabled=true | kubectl apply -f -
 ```
 

charts/cost-manager/templates/service-account.yaml

@@ -3,7 +3,7 @@ kind: ServiceAccount
 metadata:
   name: cost-manager
   namespace: {{ .Release.Namespace }}
-  {{- if .Values.iam.gcpServiceAccount }}
+  {{- if .Values.iam.gcp.serviceAccount }}
   annotations:
-    iam.gke.io/gcp-service-account: {{ .Values.iam.gcpServiceAccount }}
+    iam.gke.io/gcp-service-account: {{ .Values.iam.gcp.serviceAccount }}
   {{- end }}

charts/cost-manager/values.yaml

@@ -1,13 +1,15 @@
 image:
   pullPolicy: IfNotPresent
-  repository: docker.io/hsbc/cost-manager
+  # TODO(dippynark): Use HSBC Docker Hub repository
+  repository: docker.io/dippynark/cost-manager
   tag: latest
 
 # Specify GCP Workload Identity service account email address bound to the
-# roles/compute.instanceAdmin role to allow instance deletion:
+# roles/compute.instanceAdmin role to allow compute instance deletion:
 # https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity 
 iam:
-  gcpServiceAccount: ""
+  gcp:
+    serviceAccount: ""
 
 # Create VPA to vertically autoscale cost-manager:
 # https://cloud.google.com/kubernetes-engine/docs/concepts/verticalpodautoscaler