-
Notifications
You must be signed in to change notification settings - Fork 191
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[RFC-0003] Implement OCIRepository reconciliation #788
Conversation
3594a17
to
2ff461b
Compare
778f6d5
to
37a7bc5
Compare
Installed Controller Preview and ran test CR for bundle image package. Test succeeded. ---
apiVersion: source.toolkit.fluxcd.io/v1beta2
kind: OCIRepository
metadata:
name: sample-app
namespace: default
spec:
interval: 1m
url: rkamaldocker/sample-app
ref:
tag: 1.0.0 Extracted tar - looks good # curl http://source-controller.flux-system.svc.cluster.local./ocirepository/default/sample-app/2db7841074d483b2f3fde931988962b529c7fdf5d1e6928d2b70b723410e5b81.tar.gz -o oci-test/sample-app.tar.gz
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 193k 100 193k 0 0 94.4M 0 --:--:-- --:--:-- --:--:-- 94.4M
# cd oci-test
# tar -xf sample-app.tar.gz
# ls -a
. .. .git .github .gitignore .mvn LICENSE README.md Tiltfile accelerator.yaml catalog config mvnw mvnw.cmd pom.xml sample-app.tar.gz src
# |
@stefanprodan Seeing issue with the multi-layer image by CNB buildpack. Please try the following: ---
apiVersion: source.toolkit.fluxcd.io/v1beta2
kind: OCIRepository
metadata:
name: petclinic
namespace: default
spec:
interval: 15m
url: scothis/petclinic
ref:
tag: latest Error status condition - lastTransitionTime: "2022-06-26T03:51:23Z"
message: tar file entry bin/bzcmp contained unsupported file type Lrwxrwxrwx
observedGeneration: 1
reason: OCIOperationFailed
status: "False"
type: Ready Both docker and crane client validates this image ~ crane validate --remote scothis/petclinic:latest
PASS: scothis/petclinic:latest Can you try pulling the image |
@rashedkvm this is expected, we only support regular files https://github.com/fluxcd/pkg/blob/76f30cf3b1d1b2503a5202b2a96d9faeb25623a2/untar/untar.go#L60 To make this work with Flux you need to use |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Went through it just to get familiar with the implementation.
Overall, looks good to me. Left a few minor comments.
28def20
to
0c40eb2
Compare
Signed-off-by: Stefan Prodan <[email protected]>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Some small nits...
Signed-off-by: Stefan Prodan <[email protected]>
Co-authored-by: Paulo Gomes <[email protected]> Signed-off-by: Stefan Prodan <[email protected]>
a67c3f2
to
7ead18d
Compare
Signed-off-by: Stefan Prodan <[email protected]>
Signed-off-by: Stefan Prodan <[email protected]>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM!
I've tested and verified that the OCI registry auto-login works for AWS, Azure and GCP.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
This PR adds a new kind to the source API and implements the
OCIRepository
reconciliation as described in the RFC Flux OCI support for Kubernetes manifests.Authors:
API implementation
spec.url
spec.ref.digest
spec.ref.tag
spec.ref.semver
spec.provider
spec.secretRef
spec.serviceAccountName
spec.certSecretRef
spec.status.artifact.metadata
When the OCI artifact is annotated in the registry, these annotations are reflected in-cluster under
spec.status.artifact.metadata
. When usingflux push artifact
the following annotations are used to track the origin Git repository:org.opencontainers.image.source: <GIT-URL>
org.opencontainers.image.revision: <GIT-BRANCH|TAG>/<GIT-SHA>
spec.verify
is not included in this PR. We would like to releaseOCIRepository
without cosign verification, then implement it for bothOCIRepository
andHelmChart
OCI artifacts.OCI preview
To try out the OCI feature, you can build the Flux CLI that contains this version of source-controller and a version of kustomize-controller that has OCI support:
To generate your own artifacts, clone podinfo and push the manifests to your own container registry: