You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Helm is a package manager for Kubernetes that helps to simplify application lifecycle management. Helm packages are called charts and consist of YAML configuration and template files. Upon execution of a Helm operation, the charts are rendered into Kubernetes manifest files to trigger the appropriate application lifecycle action. For most efficient integration with Azure Operator Service Manager (AOSM), publisher should consider certain best-practice considerations when developing Helm charts.
13
13
14
-
## Critical Considerations for registryUrl and imagePullSecrets
14
+
## Requirements for registryUrl and imagePullSecrets
15
15
Every Helm chart generally requires a declared registryUrl and imagePullSecrets. Best practice recommends that the publisher define these two parameters consistently as variables in the values.yaml. At first, AOSM depended upon the publisher exposing these values in a strict manner, so they could be ingested and then injected during deployment. This approach is known as the legacy method. Overtime, many complications arose as not all publishers charts complied with the strict definition of registryUrl and imagePullSecrets required by AOSM.
16
16
* Some charts don't expose registryUrl and/or imagePullSecrets correctly, hiding them behind conditionals, or other values restrictions, which were not always met.
17
17
* Some charts don't expose registryUrl and/or imagePullSecrets as the expected named string, instead as an array.
18
18
19
19
To reduce the strict compliance requirements on publishers for registryUrl and imagePullSecrets, AOSM later introduced two improved methods of handling these values. First injectArtifactStoreDetail and finally Cluster Registry. These two methods do not depend upon the registryUrl or imagePullSecrets appearing in the Helm package, instead AOSM derives and injects these values on behalf of the network function.
20
20
21
-
### Summary of approach options for registryUrl and imagePullSecrets
21
+
##Approach for registryUrl and imagePullSecrets
22
22
**Legacy.**
23
23
* Required publisher to parameterize registryUrl & imagePullSecrets correctly in helm values and templates for substitution.
24
24
* Images hosted in publisher Azure Container Registry (ACR).
@@ -33,10 +33,10 @@ To reduce the strict compliance requirements on publishers for registryUrl and i
33
33
> [!NOTE]
34
34
> In all three cases, AOSM is substituting AOSM derived secrets with whatever secrets a publisher exposes in templates. The only difference is Legacy and InjectArtifactStoreDetail, the secret is bound to publisher ACR, while in Cluster Registry, the secret is bound to cluster registry.
35
35
36
-
###Legacy approach for registryUrl and imagePullSecrets
36
+
## Legacy approach for registryUrl and imagePullSecrets
37
37
Azure Operator Service Manager (AOSM) uses the Network Function Manager (NFM) service to deploy Containerized Network Function (CNF). The Network Function Manager (NFM) contains features to inject container registryUrl and imagePullSecrets dynamically into the helm values during Network Function (NF) deployment.
38
38
39
-
####How to enable
39
+
### How to enable
40
40
The following helm deployment template shows an example of how a publisher should expose registryPath and imagePullSecrets for compatibility with AOSM legacy approach.
41
41
42
42
```json
@@ -111,10 +111,10 @@ global:
111
111
> * The registryPath is set without any prefix such as `https://` or `oci://`. If needed, publisher must defined a prefix in the helm package.
112
112
> * imagePullSecrets and registryPath must be provided in the create NFDVersion onboarding step.
113
113
114
-
###injectArtifactStoreDetails approach for registryUrl and imagePullSecrets
114
+
## injectArtifactStoreDetails approach for registryUrl and imagePullSecrets
115
115
In some cases, third-party helm charts may not be fully compliant with AOSM requirements for registryURL. In this case, the injectArtifactStoreDetails feature can be used to avoid making changes to helm packages.
116
116
117
-
####How to enable
117
+
### How to enable
118
118
To use injectArtifactStoreDetails, set the installOptions parameter in the NF resource roleOverrides section to true, then use whatever registryURL value is needed to keep the registry URL valid. See following example of injectArtifactStoreDetails parameter enabled.
Splitting the Custom Resource Definitions (CRDs) declaration and usage plus using manual validations are recommended practices. Each is described in the following sections.
164
162
165
-
###Split CRD declaration and usage
163
+
## Split CRD declaration and usage
166
164
We recommend splitting the declaration and usage of CRDs into separate helm charts to support
167
165
updates. For detailed information see: [method-2-separate-charts](https://helm.sh/docs/chart_best_practices/custom_resource_definitions/#method-2-separate-charts)
168
166
169
-
###Manual validations
167
+
## Manual validations
170
168
Review the images and container specs created to ensure the images have prefix of registryURL and the imagePullSecrets are populated with secretName.
Each helm chart should contain static image repository and tags. Users should set the image repository and tag to static values. The static values are set as follows:
184
183
- Setting them in the image line or,
185
184
- Setting the Values in values.yaml and not exposing these values in the Network Function Design Version (NFDV).
0 commit comments