Add Helm schema

Problem: Deploying the chart with wrong values could result in an
incorrectly configured NGF

Solution: Enforce the values with a schema.json

Author: lucacome

.pre-commit-config.yaml

@@ -7,6 +7,7 @@ repos:
       - id: trailing-whitespace
         exclude: (^tests/results/|\.avdl$|_generated.go$)
       - id: end-of-file-fixer
+        exclude: (^charts/nginx-gateway-fabric/values.schema.json$) # Remove this after helm-schema has a new release
       - id: check-yaml
         args: [--allow-multiple-documents]
         exclude: (^charts/nginx-gateway-fabric/templates)
@@ -20,6 +21,7 @@ repos:
       - id: check-symlinks
       - id: pretty-format-json
         args: [--autofix, --no-sort-keys, --no-ensure-ascii]
+        exclude: (^charts/nginx-gateway-fabric/values.schema.json$) # Remove this after helm-schema has a new release
       - id: mixed-line-ending
         args: [--fix=lf]
       - id: no-commit-to-branch
@@ -85,6 +87,17 @@ repos:
       - id: shfmt-src
         args: [-w, -s, -i, "4"]
 
+  - repo: https://github.com./dadav/helm-schema
+    rev: 0.12.0
+    hooks:
+      - id: helm-schema
+        args:
+          - --chart-search-root=charts
+          - --add-schema-reference
+          - "--skip-auto-generation=required,additionalProperties"
+          # This has not been released yet, uncomment after 0.13.0 is released
+          # - --append-newline
+
 ci:
   skip: [golangci-lint-full, prettier, markdownlint-cli2, yamllint]
   autofix_prs: false

.yamllint.yaml

@@ -1,10 +1,6 @@
 ---
-yaml-files:
-  - "*.yaml"
-  - "*.yml"
-
 ignore:
-  - charts/nginx-gateway-fabric/
+  - charts/nginx-gateway-fabric/templates
   - config/crd/bases/
   - deploy/crds.yaml
   - site/static
@@ -39,6 +35,7 @@ rules:
       .github/
       tests/suite/manifests/longevity/cronjob.yaml
       .goreleaser.yml
+      charts/nginx-gateway-fabric/
   new-line-at-end-of-file: enable
   new-lines: enable
   octal-values: disable

Makefile

@@ -37,6 +37,8 @@ CONTROLLER_TOOLS_VERSION = v0.16.2
 NODE_VERSION = 20
 # renovate: datasource=docker depName=quay.io/helmpack/chart-testing
 CHART_TESTING_VERSION = v3.11.0
+# renovate: datasource=github-tags depName=dadav/helm-schema
+HELM_SCHEMA_VERSION = 0.12.0
 
 # variables that can be overridden by the user
 PREFIX ?= nginx-gateway-fabric## The name of the NGF image. For example, nginx-gateway-fabric
@@ -146,8 +148,12 @@ generate-api-docs: ## Generate API docs
 generate-helm-docs: ## Generate the Helm chart documentation
 	go run github.com./norwoodj/helm-docs/cmd/helm-docs@$(HELM_DOCS_VERSION) --chart-search-root=charts --template-files _templates.gotmpl --template-files README.md.gotmpl
 
+.PHONY: generate-helm-schema
+generate-helm-schema: ## Generate the Helm chart schema
+	go run github.com./dadav/helm-schema/cmd/helm-schema@$(HELM_SCHEMA_VERSION) --chart-search-root=charts --add-schema-reference "--skip-auto-generation=required,additionalProperties"
+
 .PHONY: generate-all
-generate-all: generate generate-crds generate-manifests generate-api-docs generate-helm-docs ## Generate all the necessary files
+generate-all: generate generate-crds generate-helm-schema generate-manifests generate-api-docs generate-helm-docs ## Generate all the necessary files
 
 .PHONY: clean
 clean: ## Clean the build

charts/nginx-gateway-fabric/README.md

@@ -258,7 +258,7 @@ The following table lists the configurable parameters of the NGINX Gateway Fabri
 | `affinity` | The affinity of the NGINX Gateway Fabric pod. | object | `{}` |
 | `extraVolumes` | extraVolumes for the NGINX Gateway Fabric pod. Use in conjunction with nginxGateway.extraVolumeMounts and nginx.extraVolumeMounts to mount additional volumes to the containers. | list | `[]` |
 | `metrics.enable` | Enable exposing metrics in the Prometheus format. | bool | `true` |
-| `metrics.port` | Set the port where the Prometheus metrics are exposed. Format: [1024 - 65535] | int | `9113` |
+| `metrics.port` | Set the port where the Prometheus metrics are exposed. | int | `9113` |
 | `metrics.secure` | Enable serving metrics via https. By default metrics are served via http. Please note that this endpoint will be secured with a self-signed certificate. | bool | `false` |
 | `nginx.config` | The configuration for the data plane that is contained in the NginxProxy resource. | object | `{}` |
 | `nginx.extraVolumeMounts` | extraVolumeMounts are the additional volume mounts for the nginx container. | list | `[]` |
@@ -271,7 +271,7 @@ The following table lists the configurable parameters of the NGINX Gateway Fabri
 | `nginx.usage.insecureSkipVerify` | Disable client verification of the NGINX Plus usage reporting server certificate. | bool | `false` |
 | `nginx.usage.secretName` | The namespace/name of the Secret containing the credentials for NGINX Plus usage reporting. | string | `""` |
 | `nginx.usage.serverURL` | The base server URL of the NGINX Plus usage reporting server. | string | `""` |
-| `nginxGateway.config.logging.level` | Log level. Supported values "info", "debug", "error". | string | `"info"` |
+| `nginxGateway.config.logging.level` | Log level. | string | `"info"` |
 | `nginxGateway.configAnnotations` | Set of custom annotations for NginxGateway objects. | object | `{}` |
 | `nginxGateway.extraVolumeMounts` | extraVolumeMounts are the additional volume mounts for the nginx-gateway container. | list | `[]` |
 | `nginxGateway.gatewayClassAnnotations` | Set of custom annotations for GatewayClass objects. | object | `{}` |
@@ -299,7 +299,7 @@ The following table lists the configurable parameters of the NGINX Gateway Fabri
 | `service.externalTrafficPolicy` | The externalTrafficPolicy of the service. The value Local preserves the client source IP. | string | `"Local"` |
 | `service.ports` | A list of ports to expose through the NGINX Gateway Fabric service. Update it to match the listener ports from your Gateway resource. Follows the conventional Kubernetes yaml syntax for service ports. | list | `[{"name":"http","port":80,"protocol":"TCP","targetPort":80},{"name":"https","port":443,"protocol":"TCP","targetPort":443}]` |
 | `service.type` | The type of service to create for the NGINX Gateway Fabric. | string | `"LoadBalancer"` |
-| `serviceAccount.annotations` |  | object | `{}` |
+| `serviceAccount.annotations` | Set of custom annotations for the NGINX Gateway Fabric service account. | object | `{}` |
 | `serviceAccount.imagePullSecret` | The name of the secret containing docker registry credentials. Secret must exist in the same namespace as the helm release. | string | `""` |
 | `serviceAccount.imagePullSecrets` | A list of secret names containing docker registry credentials. Secrets must exist in the same namespace as the helm release. | list | `[]` |
 | `serviceAccount.name` | The name of the service account of the NGINX Gateway Fabric pods. Used for RBAC. | string | Autogenerated if not set or set to "" |