-
Notifications
You must be signed in to change notification settings - Fork 230
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support OCI Helm charts #191
Comments
Just had an other customer using harbor where we store the helm charts using OCI.. so are there any plans for this feature?? |
@deniseschannon any updates regarding this feature ? |
I decided to give this a shot and tried to upgrade the 📜 What I did$ sed -i '/rancher\/helm\/v3/d' go.mod
$ go get helm.sh/helm/v3
go: upgraded github.com/evanphx/json-patch v4.9.0+incompatible => v4.12.0+incompatible
go: upgraded github.com/google/go-containerregistry v0.1.1 => v0.5.1
go: upgraded github.com/hashicorp/go-multierror v1.1.0 => v1.1.1
go: upgraded github.com/spf13/cobra v1.1.3 => v1.3.0
go: upgraded golang.org/x/sync v0.0.0-20201207232520-09787c993a3a => v0.0.0-20210220032951-036812b2e83c
go: upgraded helm.sh/helm/v3 v3.5.1 => v3.8.2
go: upgraded k8s.io/api v0.21.3 => v0.23.5
go: upgraded k8s.io/apimachinery v0.21.3 => v0.23.5
go: upgraded k8s.io/cli-runtime v0.21.3 => v0.23.5
go: upgraded sigs.k8s.io/yaml v1.2.0 => v1.3.0
$ make
Building for linux-amd64 ...
go: github.com/deislabs/oras@v0.8.1 requires
github.com/Microsoft/hcsshim@v0.8.7: missing go.sum entry; to add it:
go mod download github.com/Microsoft/hcsshim
FATA[0006] exit status 1
make: *** [Makefile:17: default] Error 1
$ go mod download github.com/Microsoft/hcsshim
$ make At this point, I got literally 100+ $ go get github.com/hashicorp/go-getter@v1.5.11
$ … (~100 go get commands)
$ go get github.com/rancher/fleet/pkg/bundle
$ make
note: module requires Go 1.17
FATA[0006] exit status 2
$ sed -i 's/golang:1\.16\.10/golang:1.17.9/' Dockerfile.dapper
$ sed -i 's/go 1\.16/go 1.17/' go.mod
$ make
go: updates to go.mod needed; to update it:
go mod tidy
FATA[0008] exit status 1
$ go mod tidy
go: downloading github.com/google/martian v2.1.0+incompatible
$ make
/go/pkg/mod/github.com/bombsimon/logrusr@v1.0.0/logrusr.go:34:9: cannot use &logrusr{...} (type *logrusr) as type logr.Logger in return argument
/go/pkg/mod/github.com/bombsimon/logrusr@v1.0.0/logrusr.go:69:32: undefined: logr.InfoLogger
/go/pkg/mod/github.com/bombsimon/logrusr@v1.0.0/logrusr.go:84:2: cannot use l (type *logrusr) as type logr.Logger in return argument
/go/pkg/mod/github.com/bombsimon/logrusr@v1.0.0/logrusr.go:96:2: cannot use l (type *logrusr) as type logr.Logger in return argument
FATA[0011] exit status 2
$ go get github.com/bombsimon/logrusr
go: upgraded github.com/bombsimon/logrusr v1.0.0 => v1.1.0
$ make
/go/pkg/mod/github.com/bombsimon/logrusr@v1.1.0/logrusr.go:34:9: cannot use &logrusr{...} (type *logrusr) as type logr.Logger in return argument
/go/pkg/mod/github.com/bombsimon/logrusr@v1.1.0/logrusr.go:69:32: undefined: logr.InfoLogger
/go/pkg/mod/github.com/bombsimon/logrusr@v1.1.0/logrusr.go:86:2: cannot use newLogger (type *logrusr) as type logr.Logger in return argument
/go/pkg/mod/github.com/bombsimon/logrusr@v1.1.0/logrusr.go:99:2: cannot use newLogger (type *logrusr) as type logr.Logger in return argument
FATA[0009] exit status 2
$ sed -i 's/golang:1\.17\.9/golang:1.18.1/' Dockerfile.dapper
$ sed -i 's/go 1\.17/go 1.18/' go.mod
$ make
/go/pkg/mod/github.com/bombsimon/logrusr@v1.1.0/logrusr.go:34:9: cannot use &logrusr{…} (value of type *logrusr) as type logr.Logger in return statement
/go/pkg/mod/github.com/bombsimon/logrusr@v1.1.0/logrusr.go:69:37: undefined: logr.InfoLogger
/go/pkg/mod/github.com/bombsimon/logrusr@v1.1.0/logrusr.go:86:9: cannot use newLogger (variable of type *logrusr) as type logr.Logger in return statement
/go/pkg/mod/github.com/bombsimon/logrusr@v1.1.0/logrusr.go:99:9: cannot use newLogger (variable of type *logrusr) as type logr.Logger in return statement
FATA[0189] exit status 2
$ go get -u github.com/bombsimon/logrusr
go: upgraded github.com/go-logr/logr v1.2.2 => v1.2.3
go: upgraded golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e => v0.0.0-20220422013727-9388b58f7150
$ make
/go/pkg/mod/github.com/bombsimon/logrusr@v1.1.0/logrusr.go:34:9: cannot use &logrusr{…} (value of type *logrusr) as type logr.Logger in return statement
/go/pkg/mod/github.com/bombsimon/logrusr@v1.1.0/logrusr.go:69:37: undefined: logr.InfoLogger
/go/pkg/mod/github.com/bombsimon/logrusr@v1.1.0/logrusr.go:86:9: cannot use newLogger (variable of type *logrusr) as type logr.Logger in return statement
/go/pkg/mod/github.com/bombsimon/logrusr@v1.1.0/logrusr.go:99:9: cannot use newLogger (variable of type *logrusr) as type logr.Logger in return statement
FATA[0039] exit status 2 |
We would need this feature too. Are there any plans? |
We could use a chart similar to https://github.com/rancher/fleet-examples/tree/master/single-cluster/helm to check if this already works. |
Just found #187 which describes potentially missing "go-getter" functionality around the |
As mentioned in #187 the GitRepo helm.chart value is a go-getter url as described in https://fleet.rancher.io/gitrepo-structure/#reference. The go-getter URL format is described here: https://github.com/hashicorp/go-getter#url-format.
OCI is not supported yet in the latest version of go-getter, but there is a feature request for it hashicorp/go-getter#271 and even a PoC pr mentioned. Helm seems to use the oras library for their oci support. |
Where/how was this tested by QA? |
I think it was not tested yet by QA, the issue got closed automatically after merging the pr. Reopening for now. I have added an example to fleet-examples, which is also used for our CI test and updated the Repo Structure documentation of Fleet. Authentication for OCI based registries is not supported yet but will be delivered in a separate pr to not block the release. Let me know if anything else is missing. |
Authentication for OCI based registries are now supported. The structure of the fleet.yaml is the same, the credentials are provided as Kubernetes secret as described in our Repo Structure documentation in the box The name of the created Kubernetes secret is specified in the gitRepo.spec.helmSecretName value. We also have an additional CI test for the OCI registry authentication using GitHub secrets. Both tests are using GHCR hosted packages. There is a great howto which describes how to use GitHub Container Registry (GHCR) to host your Helm Charts. I am closing this issue now since it is fixed in |
@rancher/qa Additionnal QAProblemHelm charts provided by OCI registries were not supported. SolutionWe are using the helm library to support OCI registries including basic authentication. TestingReference an OCI based helm chart, like this CI example, and check if the app comes up. Automated TestingOur CI runs tests against a public OCI registry example and a private OCI registry example. |
Verified on Rancher Steps to reproduce:
Steps for Validation:
This was also tested successfully via the Rancher upgrade scenario v2.6.8->v2.7.0
|
Storing Helm charts in OCI-compliant container registries is becoming the standard. Fleet needs to support downloading these chart artefacts when referenced in fleet.yaml.
Details: rancher/rancher#29105
The text was updated successfully, but these errors were encountered: