Commit Graph

13 Commits

Author SHA1 Message Date
Sunny 42bc3e8b0a helmrepo-oci: check before rec on type switching
When a HelmRepository with "default" spec.type is switched to "oci", the
existing HelmRepository is processed by HelmRepositoryReconciler by
running reconcileDelete() which removes all the previous status
information and allows the HelmRepositoryOCIReconciler to process the
object and add its own status data. But at times, when
HelmRepositoryOCIReconciler starts processing a HelmRepository with
stale status data from the client cache, it contains the stale
conditions that are owned only by HelmRepositoryReconciler and isn't
managed by HelmRepositoryOCIReconciler. This results in situations where
Ready is marked as True with the latest generation of the object and the
unmanaged stale conditions remain in the previous generation, resulting
in unexpected status conditions.

In the observed flaky tests,
`TestHelmRepositoryReconciler_ReconcileTypeUpdatePredicateFilter` would
fail because of stale ArtifactInStorage condition with previous
generation value.

This change adds a check in the HelmRepositoryOCIReconciler to start
processing the object only once the stale unmanaged conditions have been
removed.

Signed-off-by: Sunny <darkowlzz@protonmail.com>
2023-02-07 20:11:49 +05:30
Sunny 75cde08ff0 Use condition checker with gomega WithT
This allows using the condition checker as a test helper with proper
test like assertion failure and stacktrace.

Signed-off-by: Sunny <darkowlzz@protonmail.com>
2023-02-07 20:11:46 +05:30
Sunny 7b44c9db0d Add progressive status in helmrepo-oci reconciler
Signed-off-by: Sunny <darkowlzz@protonmail.com>
2023-01-10 00:30:40 +05:30
Soule BA 55dd799dad
Remove test case on aws
This remove test case for contextual login on
oci://123456789000.dkr.ecr.us-east-2.amazonaws.com.

This is not longer a wrong url since f7c66eb06a
and we no longer error on nil auth.

Signed-off-by: Soule BA <soule@weave.works>
2022-10-21 10:00:07 +02:00
Sunny 15cdd85805 controllers: Allow deletion of suspended objects
Reorders the object suspended check in all the reconcilers to allow
deletion of objects when they are suspended. Objects used to get stuck
on delete because the finalizers were not getting removed due to the
suspended state.

Adds a generic test for all the reconcilers to check if a suspended
source object can be delete.

Signed-off-by: Sunny <darkowlzz@protonmail.com>
2022-10-20 17:22:11 +05:30
Sunny df1894b7ed
update dependencies
- replace github.com/darkowlzz/controller-check/status ->
  github.com/fluxcd/pkg/runtime/conditions/check
- github.com/fluxcd/pkg/runtime - v0.21.0
- github.com/fluxcd/pkg/oci - v0.13.0
- github.com/fluxcd/pkg/apis/meta - v0.17.0
- k8s.io/cli-runtime - v0.25.2

Signed-off-by: Sunny <darkowlzz@protonmail.com>
2022-10-11 19:08:44 +05:30
Adrien Fillon 03ba63bec3
Handle nil OCI authenticator with malformed registry
Fixes #896

Signed-off-by: Adrien Fillon <adrien.fillon@manomano.com>
2022-09-13 19:53:41 +02:00
Soule BA 869c73d0ad
secretRef take precedence over provider
if secretRef is provided, we do not attempt to resolve oidc

Signed-off-by: Soule BA <soule@weave.works>
2022-09-09 14:43:35 +02:00
Soule BA ad3eb5ca47
Enable contextual login for helm OCI
If implemented, this pr will enable user to use the auto login feature
in order to automatically login to their provider of choice's container
registry (i.e. aws, gcr, acr).

Signed-off-by: Soule BA <soule@weave.works>
2022-08-25 22:27:35 +02:00
Soule BA b98093d0a9
Replace stalling events in HelmChart and HelmRepository_OCI
The setupRegistryServer has been refactored to take into account #690
reviews.

Signed-off-by: Soule BA <soule@weave.works>
2022-05-27 15:35:49 +02:00
Max Jonas Werner bb4d886ba2
dockerconfigjson for OCI registry authentication
`loginOptionFromSecret` now derives username/password from a docker
config stored in Secrets of type "kubernetes.io/dockerconfigjson".

Signed-off-by: Max Jonas Werner <mail@makk.es>
2022-05-24 10:31:37 +02:00
Max Jonas Werner 1070d1287a
fix nil pointer dereference
When the Secret referenced in an OCI HelmRepository doesn't contain a
username and password, the controller doesn't panic, anymore.

Signed-off-by: Max Jonas Werner <mail@makk.es>
2022-05-24 10:31:36 +02:00
Max Jonas Werner 841ed7ae66
[RFC 0002] Flux OCI support for Helm (#690)
* Add OCI Helm support

* users will be able to declare OCI HelmRepository by using the `.spec.type` field of the HelmRepository API. Contrary to the HTTP/S HelmRepository no index.yaml is reconciled from source, instead a simple url and credentials validation is performed.
* For backwards-compatibility, an empty `.spec.type` field leads to the HelmRepository being treated as a plain old HTTP Helm repository.
* users will be able to declare the new OCI HelmRepository type as source using the .Spec.SourceRef field of the HelmChart API. This will result in reconciling a chart from an OCI repository.
* Add registryTestServer in the test suite and OCI HelmRepository test case
* Add a new OCI chart repository type that manage tags and charts from an OCI registry.
* Adapat RemoteBuilder to accept both repository types
* discard output from OCI registry client; The client has no way to set a verbosity level and spamming the controller logs with "Login succeeded" every time the object is reconciled doesn't help much.

Signed-off-by: Soule BA <soule@weave.works>
Signed-off-by: Max Jonas Werner <mail@makk.es>
Co-authored-by: Soule BA <soule@weave.works>
2022-05-19 14:50:16 +02:00