fleet

Commit Graph

Author	SHA1	Message	Date
Xavi Garcia	534dbfdd6f	Experimental HelmOps controller. (#3092 ) Add a new custom resource `HelmApp` (resource name open to debate) that describes a helm chart to be deployed. The resource contains all the fields from the classic `fleet.yaml` file plus a few new from the `GitRepo` resource. `HelmApp` YAML example: ```yaml apiVersion: fleet.cattle.io/v1alpha1 kind: HelmApp metadata: name: sample1 namespace: fleet-local spec: helm: releaseName: testhelm repo: https://charts.bitnami.com/bitnami chart: postgresql version: 16.2.1 insecureSkipTLSVerify: true ``` The implementation tries to share as much as possible from a `Bundle` spec inside the new resource, because it helps to "transform" the `HelmApp` into a deployment (no conversion is needed for most of the spec). The new controller was also implemented splitting the functionality into 2 controllers (similar to what we did for the `GitRepo` controller). This allows us to reuse most of the status handling code, as display fields in the status of the new resource are as similar as possible to have consistent user experience and to integrate with the UI in the same way the `GitRepo` does. When a new `HelmApp` resource is applied it is transformed into a single `Bundle`, adding some extra fields to let the `Bundle` reconciler know that this is not a regular `Bundle` coming from a `GitRepo`. Similar as we did for OCI storage, the `Bundle` created from a `HelmApp` does not contain resources. The helm chart to be deployed is downloaded by the agent. Code for downloading the helm chart is reused from gitops, so the same formats are supported. Insecure TLS skipping was added the the ChartURL and LoadDirectory functions in order to support this for gitops and helmops. If we need a secret to access the helm repository we can use the `helmSecretName` field. This secret will be cloned to secrets under the `BundleDeployment` namespace (same as we did for the OCI storage secret handling). The PR includes unit, integration (most of code is tested this way) and just one single e2e test so far just to test the whole feature together in a real cluster. Note: This is an experimental feature. In order to activate the `HelmApp` reconciling and `Bundle` deployment you need to the the environment variable: `EXPERIMENTAL_HELM_OPS=true` Refers to: https://github.com/rancher/fleet/issues/2962 * Add Insecure TLS option when downloading from OCI registry * Upgrades zot to version 2.1.1 So we can enable the UI and browse artifacts * Adds metrics e2e tests for HelmApps * Removes BundleSpecBase as it was not compatible when building rancher * Add unit test case when getting an error retrieving the secret * changes after 2nd review, fix flaky test Signed-off-by: Xavi Garcia <xavi.garcia@suse.com>	2024-12-16 18:14:28 +01:00

Author

SHA1

Message

Date

Xavi Garcia

534dbfdd6f

Experimental HelmOps controller. (#3092 )

Add a new custom resource `HelmApp` (resource name open to debate) that describes a helm chart to be deployed.

The resource contains all the fields from the classic `fleet.yaml` file plus a few new from the `GitRepo`
resource.

`HelmApp` YAML example:

```yaml
apiVersion: fleet.cattle.io/v1alpha1
kind: HelmApp
metadata:
name: sample1
namespace: fleet-local
spec:
helm:
releaseName: testhelm
repo: https://charts.bitnami.com/bitnami
chart: postgresql
version: 16.2.1
insecureSkipTLSVerify: true
```

The implementation tries to share as much as possible from a `Bundle` spec inside the new resource, because it helps
to "transform" the `HelmApp` into a deployment (no conversion is needed for most of the spec).

The new controller was also implemented splitting the functionality into 2 controllers (similar to what we did for the `GitRepo` controller). This allows us to reuse most of the status handling code, as display fields in the status of the new resource are as similar as possible to have consistent user experience and to integrate with the UI in the same way the `GitRepo` does.

When a new `HelmApp` resource is applied it is transformed into a single `Bundle`, adding some extra fields to let the `Bundle` reconciler know that this is not a regular `Bundle` coming from a `GitRepo`.

Similar as we did for OCI storage, the `Bundle` created from a `HelmApp` does not contain resources. The helm chart to be deployed is downloaded by the agent.

Code for downloading the helm chart is reused from gitops, so the same formats are supported.
Insecure TLS skipping was added the the ChartURL and LoadDirectory functions in order to support this for gitops and helmops.

If we need a secret to access the helm repository we can use the `helmSecretName` field. This secret will be cloned to secrets under the `BundleDeployment` namespace (same as we did for the OCI storage secret handling).

The PR includes unit, integration (most of code is tested this way) and just one single e2e test so far just to test the whole feature together in a real cluster.

Note: This is an experimental feature. In order to activate the `HelmApp` reconciling and `Bundle` deployment you need to the the environment variable: `EXPERIMENTAL_HELM_OPS=true`

Refers to: https://github.com/rancher/fleet/issues/2962

* Add Insecure TLS option when downloading from OCI registry
* Upgrades zot to version 2.1.1 So we can enable the UI and browse artifacts
* Adds metrics e2e tests for HelmApps
* Removes BundleSpecBase as it was not compatible when building rancher
* Add unit test case when getting an error retrieving the secret
* changes after 2nd review, fix flaky test

Signed-off-by: Xavi Garcia <xavi.garcia@suse.com>

2024-12-16 18:14:28 +01:00

1 Commits