- 
                Notifications
    You must be signed in to change notification settings 
- Fork 68
✨ Add support for deploying OCI helm charts in OLM v1 #1971
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
✨ Add support for deploying OCI helm charts in OLM v1 #1971
Conversation
| ✅ Deploy Preview for olmv1 ready!
 To edit notification comments on pull requests, go to your Netlify project configuration. | 
| Codecov ReportAttention: Patch coverage is  
 Additional details and impacted files@@            Coverage Diff             @@
##             main    #1971      +/-   ##
==========================================
+ Coverage   74.66%   74.74%   +0.07%     
==========================================
  Files          81       82       +1     
  Lines        7365     7530     +165     
==========================================
+ Hits         5499     5628     +129     
- Misses       1528     1553      +25     
- Partials      338      349      +11     
 Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
 | 
3b36dfb    to
    272dcbf      
    Compare
  
    272dcbf    to
    39948a0      
    Compare
  
    There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
OH. Great work 🥇
6dfc6c0    to
    059008d      
    Compare
  
    | When pulling a Helm chart with a provenance file, at this time we have chosen to skip pulling the layer to the cache filesystem since we have no logic in place at this time to verify the chart integrity. operator-controller/internal/shared/util/image/helm.go Lines 62 to 65 in 059008d 
 | 
797bddb    to
    85f9e44      
    Compare
  
            
          
                internal/shared/util/image/cache.go
              
                Outdated
          
        
      | if layer.MediaType == registry.ChartLayerMediaType { | ||
| if features.OperatorControllerFeatureGate.Enabled(features.HelmChartSupport) || testing.Testing() { | ||
| if err := storeChartLayer(dest, layer); err != nil { | ||
| return err | ||
| } | ||
| } | ||
| } else { | ||
| if _, err := archive.Apply(ctx, dest, layer.Reader, applyOpts...); err != nil { | ||
| return fmt.Errorf("error applying layer[%d]: %w", layer.Index, err) | ||
| } | 
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I may have mentioned this elsewhere. If I did, apologies for repeating myself...
I feel like a better way of handling this would be to register handlers for media types. Then this section of the code would lookup the media type of the layer and then call whatever handler is found (or error if there isn't one).
With that setup, the registration of the helm chart media type/handler would be feature gated, but this code would not.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Code has been refactored. Hopefully I got your suggestion right.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It still isn't exactly what I have in mind. What I have in mind is that ContainersImagePuller would have a new field named ImageHandlers that would represent the kinds of images that can be pulled. So we'd have an ImageHandler for registry+v1 and one for helm charts, and we would register those appliers in main.go (where the helm image applier would be registered behind a feature gate).
The ImageHandler could be an interface something like this:
type ImageHandler interface {
    Match(ctx context.Context, img types.ImageCloser) (bool, error) // likely just needs `img.Manifest()`
    Apply(ctx context.Context, ownerID string, srcRef reference.Named, canonicalRef reference.Canonical, imgSrc types.ImageSource, cache Cache, sourceContext *types.SystemContext) (fs.FS, time.Time, error)With that, ContainersImagePuller.applyImage could iterate the handlers looking for the first matching handler, and then call that handler's Apply method. And then the ContainersImagePuller implementation wouldn't have to concern itself with the details of every single image type we ever want to support.
78069c9    to
    742cb8a      
    Compare
  
    742cb8a    to
    46af89e      
    Compare
  
    There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thank you a lot for your contribution 🥇
I’m OK with the changes 👍 Well done 🎉
/lgtm
IHMO: It is an initial implementation, and as follow-up, I think we need to do:
- Documentation (docs/draft) and a demo automated for this one
- A discussion around the remaining caveats, particularly how we plan to store the Helm chart bundle in the catalog via OPM
Would be great to get a PTAL from or at least one of them @joelanford, @thetechnick, and @perdasilva before get this one merged.
Thank you 🙌
| Hi @OchiengEd, Just to clarify: In the F2F, we talked about using a single internal type and converting everything to it. We also discussed having only one runtime—Buxcutter. PoC: #1946 Supporting Helm fully will take time, and it is a big journey as we have been discussing. There are still open questions and blockers. If we go with this approach (internal format), we probably want OPM/OLM to support the internal type first before anything else. I created an internal Slack channel so that we can discuss all details and caveats. I’m OK merging this since it’s behind a feature gate—safe to experiment and doesn’t break anything. But it may change later. PS: If we get it merged, it would be great to have a small doc with automated demo steps (as done for others feature gates), so people can understand what was done and iterate Leaving final call to @joelanford, @thetechnick, and @perdasilva. 🔨 | 
| @OchiengEd @itroyano | 
46af89e    to
    c6c3ca8      
    Compare
  
    * added support for deploying OCI helm charts which sits behind the HelmChartSupport feature gate * extend the Cache Store() method to allow storing of Helm charts * inspect chart archive contents * added MediaType to the LayerData struct Signed-off-by: Edmund Ochieng <[email protected]>
Signed-off-by: Edmund Ochieng <[email protected]>
Signed-off-by: Edmund Ochieng <[email protected]>
c6c3ca8    to
    02f39cc      
    Compare
  
    | @camilamacedo86 @tmshort The documentation and feature-gated APIs concerns should be resolved. Kindly review and advice if anything else is needed at this time. | 
| To enable the Helm Chart support feature gate, you need to patch the `operator-controller-controller-manager` deployment in the `olmv1-system` namespace. This will add the `--feature-gates=HelmChartSupport=true` argument to the manager container. | ||
|  | ||
| 1. **Create a patch file:** | ||
|  | ||
| ```bash | ||
| $ kubectl patch deployment -n olmv1-system operator-controller-controller-manager --type='json' -p='[{"op": "add", "path": "/spec/template/spec/containers/0/args/-", "value": "--feature-gates=HelmChartSupport=true"}]' | ||
| ``` | ||
|  | ||
| 2. **Wait for the controller manager pods to be ready:** | ||
|  | ||
| ```bash | ||
| $ kubectl -n olmv1-system wait --for condition=ready pods -l control-plane=operator-controller-controller-manager | ||
| ``` | ||
|  | ||
| Once the above wait condition is met, the `HelmChartSupport` feature gate should be enabled in operator controller. | 
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There is a run-experimental make target that can be used to run this (of course it includes all other experimental features as well).
You might want to mention this alternative method.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Good catch. Can we do a small revision after the PR is merged? I'm hesitant to add a change and kick out the one approval we have at this time.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
With the new run-experimental, I'm templated to say that our docs should only talk about the experimental feature set, and not get into the details of enabling/disabling individual features.
| The changes to the manifests look good! | 
| /approve | 
| [APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: tmshort The full list of commands accepted by this bot can be found here. The pull request process is described here 
Needs approval from an approver in each of these files:
 
 Approvers can indicate their approval by writing  | 
| /lgtm | 
6bbf4d7
      into
      
  
    operator-framework:main
  
    
Description
This pull request aims to add logic to OLM v1 for handling OCI Helm chart support. We expect more work to go into this feature as further discussion on this occurs on issue #962 and the Arbitrary Configuration RFC which may inform how
values.ymlwould be passed to Helm charts.Reviewer Checklist