Commit Graph

20 Commits

Author SHA1 Message Date
Soule BA bb83270acc
Refactor to use authn for authentication as OCIrepository does
If implemented the oras registry loginOption will only be used internaly
with the specific ChartRepo struct.

This will permit reusing more easily feature developped with
googlecontainerregistry authn.

Signed-off-by: Soule BA <soule@weave.works>
2022-10-21 10:00:07 +02:00
Sunny 15cdd85805 controllers: Allow deletion of suspended objects
Reorders the object suspended check in all the reconcilers to allow
deletion of objects when they are suspended. Objects used to get stuck
on delete because the finalizers were not getting removed due to the
suspended state.

Adds a generic test for all the reconcilers to check if a suspended
source object can be delete.

Signed-off-by: Sunny <darkowlzz@protonmail.com>
2022-10-20 17:22:11 +05:30
Adrien Fillon 03ba63bec3
Handle nil OCI authenticator with malformed registry
Fixes #896

Signed-off-by: Adrien Fillon <adrien.fillon@manomano.com>
2022-09-13 19:53:41 +02:00
Soule BA 869c73d0ad
secretRef take precedence over provider
if secretRef is provided, we do not attempt to resolve oidc

Signed-off-by: Soule BA <soule@weave.works>
2022-09-09 14:43:35 +02:00
Sunny 59294bf582
controllers: Remove ctx overwrite
Context in the reconcilers were overwritten earlier after adding new
log field `reconcileID` in the logger. Since the `reconcileID` is now
set by controller-runtime, this is no longer needed. The logger in the
context already has the field set and when the context is passed to
other functions, they too have the logger with the reconcileID set.

Signed-off-by: Sunny <darkowlzz@protonmail.com>
2022-09-04 18:56:02 +05:30
Sunny 658134fe88
Remove setting reconcileID in helmrepo-oci logger
With the new controller-runtime, the reconcileID is automatically set
per reconciliation and need not be set explicitly.

Signed-off-by: Sunny <darkowlzz@protonmail.com>
2022-09-04 17:15:06 +05:30
Soule BA ad3eb5ca47
Enable contextual login for helm OCI
If implemented, this pr will enable user to use the auto login feature
in order to automatically login to their provider of choice's container
registry (i.e. aws, gcr, acr).

Signed-off-by: Soule BA <soule@weave.works>
2022-08-25 22:27:35 +02:00
Santosh Kaluskar 1ad2f004ac Implementing RecoverPanic on reconcilers to ensure it recovers from panic instead of crashing the controller and Squashed commits.
Signed-off-by: Santosh Kaluskar <dtshbl@gmail.com>
2022-08-11 18:35:25 +05:30
Soule BA 361b975bf4
Enable remote dependencies from OCI repositories
If implemented, the source controller will be able to resolve charts
dependencies from OCI repositories.

The remote builder has been refactored as part of this work.

Signed-off-by: Soule BA <soule@weave.works>
2022-07-06 19:11:01 +02:00
Paulo Gomes 42dcb87345
Add reconcileID to all reconcilers
GitRepository introduced correlation ID to improve
transport level logging. This change aligns the other
reconcilers to the same approach.

Signed-off-by: Paulo Gomes <paulo.gomes@weave.works>
2022-06-14 08:59:44 +01:00
Stefan Prodan 2441f1f0e9
Log on new artifact and failure recovery
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
2022-06-03 15:58:19 +03:00
Sunny d22758643b
oci-helmrepo: handle conditions summary in-line
Refactor the OCI HelmRepo reconciler to remove extra custom status
conditions and manage Ready, Reconciling and Stalled conditions within
the reconciler, in-line.
The internal/reconcile/summarize package uses the patch helper
conditions summary before patching which results in overwriting the
Ready condition with Reconciling condition as it's a negative polarity
condition.
For OCI HelmRepository, since it's a simple reconciler, it'd be better
to not introduce extra conditions and utilize the three base conditions
to represent the status. In order to have the same consistent status
conditions, a new summarization is written within the reconciler based
on the context. It takes into consideration a lot of the details from
the internal/reconcile/summarize package and handles certain scenarios
in context specific ways. All the result and error abstractions are
removed since they are only needed when using internal/reconcile
package.

Signed-off-by: Sunny <darkowlzz@protonmail.com>
2022-05-31 03:53:28 +05:30
Soule BA b98093d0a9
Replace stalling events in HelmChart and HelmRepository_OCI
The setupRegistryServer has been refactored to take into account #690
reviews.

Signed-off-by: Soule BA <soule@weave.works>
2022-05-27 15:35:49 +02:00
Max Jonas Werner 55a594a4e1 introduce eventLogf to HelmRepositoryOCIReconciler; fix formatting
Signed-off-by: Max Jonas Werner <mail@makk.es>
2022-05-24 16:13:42 +02:00
Max Jonas Werner 182e06e8d1 log when the OCI temp credentials file can't be deleted
Signed-off-by: Max Jonas Werner <mail@makk.es>
2022-05-24 16:13:42 +02:00
Max Jonas Werner c795da2280
introduce `internal/helm/registry` package
This new package holds all Helm OCI registry-specific code now so we
have a single location to look for such code which makes it easier to
find yourself around.

Signed-off-by: Max Jonas Werner <mail@makk.es>
2022-05-24 10:32:38 +02:00
Max Jonas Werner ce072c7eda
better variable names; improved logging
When setup of one of the two controller reconciling HelmRepositories
fails, it's now possible to judge from the log which setup call failed
by regarding the "type" log field.

Signed-off-by: Max Jonas Werner <mail@makk.es>
2022-05-24 10:31:37 +02:00
Max Jonas Werner bb4d886ba2
dockerconfigjson for OCI registry authentication
`loginOptionFromSecret` now derives username/password from a docker
config stored in Secrets of type "kubernetes.io/dockerconfigjson".

Signed-off-by: Max Jonas Werner <mail@makk.es>
2022-05-24 10:31:37 +02:00
Max Jonas Werner 1070d1287a
fix nil pointer dereference
When the Secret referenced in an OCI HelmRepository doesn't contain a
username and password, the controller doesn't panic, anymore.

Signed-off-by: Max Jonas Werner <mail@makk.es>
2022-05-24 10:31:36 +02:00
Max Jonas Werner 841ed7ae66
[RFC 0002] Flux OCI support for Helm (#690)
* Add OCI Helm support

* users will be able to declare OCI HelmRepository by using the `.spec.type` field of the HelmRepository API. Contrary to the HTTP/S HelmRepository no index.yaml is reconciled from source, instead a simple url and credentials validation is performed.
* For backwards-compatibility, an empty `.spec.type` field leads to the HelmRepository being treated as a plain old HTTP Helm repository.
* users will be able to declare the new OCI HelmRepository type as source using the .Spec.SourceRef field of the HelmChart API. This will result in reconciling a chart from an OCI repository.
* Add registryTestServer in the test suite and OCI HelmRepository test case
* Add a new OCI chart repository type that manage tags and charts from an OCI registry.
* Adapat RemoteBuilder to accept both repository types
* discard output from OCI registry client; The client has no way to set a verbosity level and spamming the controller logs with "Login succeeded" every time the object is reconciled doesn't help much.

Signed-off-by: Soule BA <soule@weave.works>
Signed-off-by: Max Jonas Werner <mail@makk.es>
Co-authored-by: Soule BA <soule@weave.works>
2022-05-19 14:50:16 +02:00