Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Helmcharts not easy to consume, missing logic in processing one of Localization, Configuration or Resource #68

Closed
dee0 opened this issue Feb 26, 2024 · 56 comments · Fixed by open-component-model/ocm-controller#490
Assignees
Labels

Comments

@dee0
Copy link

dee0 commented Feb 26, 2024

I would like to have objects 'feeding' each other like so

ComponentVersion -> Localization -> Configuration -> FluxDeployer

Where

  • Localization localizes values.yaml of a helm chart in my Component
  • Likewise for Configuration
  • FluxDeployer sets up the install of my helm chart

This doesn't work because Flux/Helm require that helm charts be in a namespaced repo instead of the being at the root of the registry.
The helm-controller complains about a 404 due to the path it is looking for not existing.

Currently this can be worked around by changing the above to be
ComponentVersion -> Localization -> Configuration -> Resource -> FluxDeployer
where Resource has
extraIdentity:
helmChart: my-helm-chart-name

So the first question, why can't placement of extraIdentity on Configuration have the desired effect?

Second problem is, even after introducing a Resource as described above the deploy fails because the only tag in the repo is 'latest'.
Helm complains that no tags were found in the repo.

This is because Flux/helm require that the tags match a strict semver check and 'latest' doesn't pass this. I don't understand why the tag is 'latest' when my ComponentVersion is festooned with version info. Why can't one of those version numbers be utilized?

You can hack around this by adding a version spec on the resource like so
sourceRef:
kind: Configuration
name: *name
resourceRef:
name: chart
version: "1.0.37"
Of course this isn't maintainable so this isn't a solution that one can live with.

And in any case, even adding the version still doesn't give you something that actually is usable. This because the Resource is picking up the helm chart from the ComponentVersion instad of the Snapshot created from the Configuration. Comparing resource_controller.go and localization_controller.go ( see the findObjects func ) provides an idea of why Resource is not producing the desired results.

I can try and work around all of this by adding

  • HelmRepository and HelmRelease to my component, and
  • Changing Localization and Configuration to update HelmRepository and HelmRelease instead of my helm chart
    Of course the HelmRelease would have a values section that would receive the config updates.

This is what the ocm demo here is doing. However the problem with this approach is that I am now assuming that ops is using Flux for deploying my service. I can accept the assumption that helm and ocm are in use but assuming Flux is too much.

Anyhoo as it stands at the processing of at least of the types Localization, Configuration or Resource needs to be changed in order to make it easier to consume helm charts as part of an ocm component.

I'll attach my component.yaml and the manifest file with the ComponentVersion etc.

@dee0
Copy link
Author

dee0 commented Feb 26, 2024

@morri-son
Copy link
Contributor

@Skarlso , although only starting officially on Friday, maybe you can have a first look at this issue (#353, #71, #70 and #69 are related to the same scenario Dan's testing)?

@Skarlso
Copy link
Contributor

Skarlso commented Mar 4, 2024

Hello. :)

Resource is a standalone thing. I'll have to read this again to figure out what you are looking for.

Please include the setup you are trying to attain / test in yaml format.

You don't need the Resource object for Helm Charts. You should be able to define the resource for Configuration or Locatlization. The Resource is only used if you don't want to do any of the two others ( Loc or Conf ).

@dee0
Copy link
Author

dee0 commented Mar 6, 2024

Hey @Skarlso

component-and-config.zip

I have attached component-and-config.zip which contains :

  • component.yaml : Component description. Note the helm-chart included as a dir resource
  • cluster-config.yaml : Manifest file with ComponentVersion, Localization, Configuration, FluxDeployer

These should be the file versions I was using when I first ran into problems. Obviously with these files I was hoping my helm chart would be installed. However additional goals were

  • component.yaml and helm chart are in git repo owned by the team owning the component
  • cluster-config.yaml is in git repo owned by the team that owns the landscape/cluster definition
  • the team owning the component should only need to work with their helm chart and component description. That is, whether the team owning the landscape/cluster definition is deploying the helm chart with argocd or flux or anything else is an implementation detail hidden from the component team
  • avoid involving kustomize, helm should be sufficient
  • the helm chart should be able to be local to the component. This as opposed to being stored in a separate helm repository

The attached almost worked. Using crane I could see that localization and configuration worked and a helm repo and helm release were created. However helm was unable to use the output from the localization because it requires a chart be in a namespace repo.

This work around was put in place to make helm happy by adding a namespace to the repo in the case that an extra 'helm' identify has been added to the resource. However as I mentioned in the description above the only way to trigger this work around is to use a Resource.

And as stated above, even if you do this you still don't get something that works for the other reasons I mentioned in the initial description.

@Skarlso
Copy link
Contributor

Skarlso commented Mar 6, 2024

Hm, can you provide something that I can use to reproduce your problem locally?

@Skarlso
Copy link
Contributor

Skarlso commented Mar 6, 2024

From the component it looks like your chart resource isn't a chart resource. It's just a tarred up folder. You need to define a helmChart type resource in order for it to be handled as a helm chart. Otherwise, the created OCI repository will not have the right header values to identify it as such.

@dee0
Copy link
Author

dee0 commented Mar 6, 2024

Hey @Skarlso
That doesn't work because then

  • The chart is in a separate repo, which is something we don't want
  • Localization isn't able to work on it
  • Output tag from localization will be 'latest' and helm is unwilling to consume that

I think it should be pretty easy to the scenario we want to have work. This by either

  • Making it so that I can make it so the output from localization is consumable by helm, or
  • Making it so that when I have Localization -> Resource, Resource actually outputs the resource from the localization rather than getting the unlocalized resource from the ComponentVersion.

@Skarlso
Copy link
Contributor

Skarlso commented Mar 6, 2024

Localization already has an output snapshot. 🤔 There is no point on having a Resource after localization.

I'm still not sure what you are trying to accomplish. If the resource is not marked as a helm chart it will not be handled as a helm chart. We can't detect if it's a helm chart otherwise.

@Skarlso
Copy link
Contributor

Skarlso commented Mar 6, 2024

The chart is in a separate repo, which is something we don't want

I'm not sure I follow this. Can you elaborate what your mean by separate repo? And you "don't want that"?

@Skarlso
Copy link
Contributor

Skarlso commented Mar 6, 2024

For reference, here is a working helm chart example https://github.com/Skarlso/ocm-helm

I'll analyze the rest of the issue later. :) Not sure about that latest tag thing. :D

@dee0
Copy link
Author

dee0 commented Mar 6, 2024

image

In the attached image I have circled in red the extra repo.
The problem with the extra repo is that then we have to negotiate with the teams managing the various repositories we have to work with to request permission for 2 repositories instead of 1. Basically it will double the 'paperwork' involved in getting this to work.

@dee0
Copy link
Author

dee0 commented Mar 6, 2024

Hey @Skarlso
Is that sample actually working? I see there is a Localization but I don't 'backend-end-config' definition anywhere.

Btw, in my case Localization and Configuration are updating the values.yaml of the helm chart. Not sure if that is clear with the data I provided so far.

As stated in the bug description, to get something to work for my PoC I followed the ocm-setup-demo. Of course that deviates from our use case quite a bit so isn't something we would actually adopt.

@Skarlso
Copy link
Contributor

Skarlso commented Mar 6, 2024

ocm-setup-demo was waaaay before we started supporting helm chart so that "cheats" a bit by doing some manual things with the charts and preloading them. :)

uh, it used to work. 🤔 but we changed to cue lang for values. So you're probably right that the values file things no longer works. We ran out of time to update all samples sadly.

@morri-son morri-son transferred this issue from open-component-model/ocm-controller Mar 14, 2024
@morri-son morri-son added the component/ocm-controllers OCM Controllers label Mar 17, 2024
@Skarlso
Copy link
Contributor

Skarlso commented Mar 18, 2024

I'll try testing helm access once I get to this issue. :) The first intended case should have worked 🤔 Not sure why latest was used I'll have to go through the code.

Thanks for reporting it. Helm chart support is very much an alpha feature. I'm sure it has some hiccups especially since the requirement for named repositories.

@Skarlso
Copy link
Contributor

Skarlso commented Mar 26, 2024

Okay so, the helm chart downloading and creating a snapshot that is a proper helm chart repo with resource is working.

However...

The configuration and localization functionality for helm charts is missing because it doesn't re-package it properly and creates a new helm chart out of it after configuring or updating a values.yaml file.

This is a missing feature, basically. We didn't quite have the time to finish it.

The Resource part is working however. To reproduce it, see an example here: https://github.com/Skarlso/ocm-helm

Which creates the following snapshot value:

Status:
  Conditions:
    Last Transition Time:  2024-03-26T12:01:45Z
    Message:               Snapshot with name 'ocm-with-helm-deployment-mw73dth' is ready
    Observed Generation:   1
    Reason:                Succeeded
    Status:                True
    Type:                  Ready
  Digest:                  sha256:31b957024d57c2b4768c2a5ff9004fe0acdbbcf6974167fa0a95d858c21ea985
  Observed Generation:     1
  Repository URL:          https://registry.ocm-system.svc.cluster.local:5000/sha-785370814667106374/podinfo
  Tag:                     6.3.5

@morri-son
Copy link
Contributor

@Skarlso and @dee0 , the current way to do configuration and localization for me feels a bit to cumbersome. Thinking of people that want to deploy their Helm Chart, but understood that it makes sense to model their product in OCM should have a very simple possibility to configure and localize their application, similar to how they would by modifying the values.yaml, to specify their intent. If in the background we require CRs with a complex structure and content that establish the intent in the system, then we at least should check if it is possible to at least offer a more simple interface at the surface. Any ideas to solve this Gordian knot are welcome :-)

@Skarlso
Copy link
Contributor

Skarlso commented Mar 26, 2024

That is not going to be an easy task. :/ But I think it's gonna be fine maybe. It's just the re-packaging that's missing. A user would have a separate resource that contains configuration values perhaps, and we could merge that with existing ones, I don't know.

Another idea was to basically allow people to describe how to configure something by having the WASM scripts in a resource that would do the configuration for us. They are tiny binaries after all and we could just run them as is and it would configure the requested resource.

That's also an option.

@morri-son
Copy link
Contributor

WASM was and still is an interesting idea for the configuration and also still a hot topic out there. I would even buy something super simple for the bread and butter cases and something more complex for the other cases, but I really think that adoption will not raise when we keep the interface as complex as it is.

@Skarlso
Copy link
Contributor

Skarlso commented Mar 26, 2024

That might be true, yeah.

I have to do some brainstorming with myself and see if I can come up with something. Neverthless, a pluggable infrastructure is still the way to go I believe. It has been wildly successful in other areas after all.

@dee0
Copy link
Author

dee0 commented Mar 27, 2024

Hey @Skarlso & @morri-son

Want to restate the use case in our division and then present my naive thoughts on supporting them.

Use case :

  • There are teams that own the individual services that are to be deployed and there teams that own infrastructure.
  • The service owning teams are expected to know helm
  • The service owning teams should not need to know details about the infrastructure. e.g. If flux is used to install their helm chart they shouldn't need to know about it
  • The service owning teams should know that OCM is used and should provide a schema etc that details how to localize and configure their service. It is Ok if they also need to communicate to the infrastructure team 'extra identity' information and version information about the artifacts in their Component. ( Note: We want to enable that the Component is the source of truth )
  • There is an infrastructure team that is aware of what services are to be installed and that provides infrastructure for providing last mile configuration to those services
  • Outside of the transported component case, the number of OCI repositories required should be minimized. i.e. If I have a Component repository already and I can have my helm chart as a local resource then I should not need yet another repository just for my helm chart.

From my naive user perspective, what is missing to support the above 'nicely' is:

  • I see here I can specify extra identity info and version information for my resources. So I can, for example indicate that my dir localresource is a helmchart of version X. And looking in my cluster I see the extra identity information and version information is already stored in the componentdescriptors.
    Unfortunately I can't actually set the helmChart extra identity when defining my component because of this issue. So even if the ocm controller would consume the info the ocm cli doesn't let me set it.
  • If the above were fixed and then the mutationreconcilelooper could also be updated to
    • Use the extra identity information from within the componentdescriptor when constructing the repository name, and
    • Use the version info from within the componentdescriptors as the tag

And with these mods I could have the simple 'pipeline' of
ComponentVersion -> Localization ( helm chart ) -> Configuration ( helm chart ) -> FluxDeployer
as mentioned in the description of this ticket.

That said, even a change as simple as what is in this PR would make it so my use case is mostly supported. The only catches would be

  • If ever helm starts insisting that the repo tag match the version inside Chart.yaml then things would break, and
  • I need to introduce a Resource in order to get a repo name that helm is happy with ( e.g. ComponentVersion -> Localization -> Resource -> Configuration ) This isn't too bad because it is the infra team that would see this rather than the service teams.

Fwiw, I was hoping to step through the code to see how hard the naive solution above would be to implement. This is why I left this PR in the 'work in progress' state. Didn't find the time to do it today but maybe I'll get to it this week sometime.

@Skarlso
Copy link
Contributor

Skarlso commented Mar 27, 2024

Hello, let me try to clarify some things.

Outside of the transported component case, the number of OCI repositories required should be minimized. i.e. If I have a Component repository already and I can have my helm chart as a local resource then I should not need yet another repository just for my helm chart.

I assume you are talking about our local registry? That is not something the service or the infrastructure team would be aware off at all. That registry is ocm-controller's local cache and an integration point with flux itself. The FluxDeployer creates Flux components to be able to deploy... with Flux. :) We are aiming to create other deployers like ArgoDeployer or something that can provide other kind of options, but that's in the future. For now, all you would need to be concerned about is defining the properties for a helm chart.

Unfortunately I can't actually set the helmChart extra identity when defining my component because of #69 issue. So even if the ocm controller would consume the info the ocm cli doesn't let me set it.

The extra-identity is used by us. OCM the library isn't aware of such a thing. So specifying it there, does nothing. That's why you are getting that error.

ComponentVersion -> Localization ( helm chart ) -> Configuration ( helm chart ) -> FluxDeployer
as mentioned in the description of this ticket.

The reason it doesn't work today is because this feature is incomplete as of now. Like I detailed in my comment, the Resource can produce a valid helm chart, but the others can't yet. :) Once it's implemented your scenario should work nicely. 🤞 😄

If ever helm starts insisting that the repo tag match the version inside Chart.yaml then things would break, and

The version is coming from here:

components:
- name: github.com/open-component-model/helm-test
  version: "v1.0.0"
  provider:
    name: ocm.software
  resources:
  - name: charts
    type: helmChart
    version: 6.3.5
    input:
      type: helm
      version: 6.3.5
      path: charts/podinfo-6.3.5.tgz

So technically you can define whatever version you like when building the helm component using OCM the library.

Then, the resource uses that version as well when it's being reconciled:

apiVersion: delivery.ocm.software/v1alpha1
kind: Resource
metadata:
  name: ocm-with-helm-deployment
  namespace: ocm-system
spec:
  interval: 10m
  sourceRef:
    kind: ComponentVersion
    name: ocm-with-helm
    namespace: ocm-system
    resourceRef:
      name: charts
      version: 6.3.5
      extraIdentity:
        helmChart: podinfo

ComponentVersion -> Localization -> Resource -> Configuration

Hopefully, once everything is implemented, the Resource part could simply be left off. 🤞

@dee0
Copy link
Author

dee0 commented Mar 27, 2024

Hey @Skarlso

First, let me say 'thank you' for taking the time to respond and having the patience deal with me. :)

"I assume you are talking about our local registry? "

Nope. I explained this above. Please see the screenshot above of artifactory. I circled the extra repository that was created and I explained why this is a problem.

"The extra-identity is used by us. OCM the library isn't aware of such a thing. So specifying it there, does nothing. That's why you are getting that error."

You must be able to see this makes zero sense from my perspective, yes? Consider what I am seeing as an outsider looking in

  • CLI documentation says I can set extra identity info but doesn't explain what it is for
  • Resource documentation, as seen from kubectl explain, says I can set extra identity info including 'helmchart'. Also doesn't explain what it is for.
  • Setting helmChart extra identity info on Resource gives me some behaviour I need
  • But setting helmChart, camel-case, via the CLI gives me an error
  • As a user I am not appreciative of the difference between OCM and the OCM controller. ( Well I am a bit because I have played with the stuff for too long. However the people I am trying to convince to adopt OCM have no idea about the distinction )
  • From what I have seen so far, the extra identity info that I provide to the CLI just gets chucked into the componentdescriptor object in kubernetes but doesn't get used. That is, for the stuff the cli does accept is just metadata along for the ride. So why complain that I use 'helmChart' vs 'helmchart'? Or why not ConstructRepositoryName recognize 'helmchart' as well as 'helmChart'?

Regarding this example

components:
- name: github.com/open-component-model/helm-test
  version: "v1.0.0"
  provider:
    name: ocm.software
  resources:
  - name: charts
    type: helmChart
    version: 6.3.5
    input:
      type: helm
      version: 6.3.5
      path: charts/podinfo-6.3.5.tgz

it is problematic for these reasons I mentioned above :

  • If I use the helmChart type then helm chart is stored in a separate repository, it isn't a local resource ( Again see screenshot above etc )
  • If I pull in the chart as a tgz, instead of a directory, then I can't localize or configure the values.yaml in the chart

So again, from perspective, this should be an easy fix that doesn't break the model

  • Either let ConstructRepositoryName recognize 'helmchart' as well as 'helmChart' or let the cli accept upper case letters
  • Have mutation_reconciler_looper use the extra identity and version info I provide in my component description

Then in my component descriptor yaml I can put

name: dmi.csi.sap/dmi-multicloud-service-provisioner2
version: &version "1.0.74" # Doesn't seem to affect tags
provider:
  name: dmi.csi.sap
resources:
- name: chart 
  type: dir 
  version: "1.0.75" 
  extraIdentity:
    helmchart: "mychart"
  input: 
    type: dir 
    path: ../helm/dmi-multicloud-service-provisioner
    compress: true 
    preserveDir: true

and everything will 'just work' :)

Btw, the above is giving me the following in my componentdescripto, note the extraIdentity and version. So the information needed to do the right thing is there, just Localize and Configuration need to use it

 componentReferences: []
  name: dmi.csi.sap/dmi-multicloud-service-provisioner2
  provider: dmi.csi.sap
  repositoryContexts: []
  resources:
    - access:
        localReference: sha256:645d3bf820707f82872a2766c423ea4303e4e4b462fa986429470e90420d247c
        mediaType: application/x-tgz
        type: localBlob
      digest:
        hashAlgorithm: SHA-256
        normalisationAlgorithm: genericBlobDigest/v1
        value: 645d3bf820707f82872a2766c423ea4303e4e4b462fa986429470e90420d247c
      extraIdentity:
        helmchart: mychart
      name: chart
      relation: local
      type: dir
      version: 1.0.75

@Skarlso
Copy link
Contributor

Skarlso commented Mar 27, 2024

Okay, so I think we have to make something clear. The controller is using OCM LIBRARY. Whatever the CLI does is the CLI's thing. :) The controller is using the Library.

So whatever the CLI does is not necessarily something the controller does. The controller has different goals and purposes.

This means that your component description doesn't need the extra identity the controller needs. Here: https://github.com/open-component-model/ocm-controller?tab=readme-ov-file#helmchart-type-resource it's explained that the controller is using this because it cannot be inferred. This is the only reason for it.

I could extend this of course if it doesn't make any sense. :)

Sorry, I might be dense, but where / what is creating that extra repo?

The chart is in a separate repo, which is something we don't want

But why?

So like I wrote, for now, configuration and localization isn't working with charts yet. I need to add that functionality. Resource though works with charts as long as OCM can fetch them. Whatever it creates internally, is not a concern of the user.

@dee0
Copy link
Author

dee0 commented Jun 25, 2024

For completeness sake, the FluxDeployer above was from a helm template. Here is the rendered result

- apiVersion: delivery.ocm.software/v1alpha1
  kind: FluxDeployer
  metadata:
    creationTimestamp: "2024-06-24T17:46:20Z"
    generation: 2
    labels:
      hc.sap.com/hc-provisioned: "True"
    name: dmi-broker
    namespace: ocm-system
    resourceVersion: "19542"
    uid: 5343f112-0df2-4c70-96d2-3dc3d8e7d41e
  spec:
    helmReleaseTemplate:
      chart:
        spec:
          chart: dmi-broker
      interval: 10s
      targetNamespace: broker
      timeout: 1h
      valuesFrom:
        - kind: Secret
          name: dmi-broker-from-landscape
          valuesKey: secret
    interval: 10s
    sourceRef:
      apiVersion: delivery.ocm.software/v1alpha1
      kind: Configuration
      name: dmi-broker
      namespace: broker

@dee0
Copy link
Author

dee0 commented Jun 25, 2024

Hey @Skarlso
At the moment I think what I am seeing is a new ocm-controller bug. It isn't filling in the helmReleaseTemplate sourceRef properly.

@Skarlso
Copy link
Contributor

Skarlso commented Jun 25, 2024

Gonna need some more info about your CRs. Or logs or something. Otherwise you're on your own.

@dee0
Copy link
Author

dee0 commented Jun 25, 2024

Logs don't show really show anything more than what is in that status message.
Attaching a zip of the ocm CRs
ocm-crs-2024-06-25.zip

Each resource type is in its own *.yml file. Fwiw this is what our testing infrastructure is spitting out at the end of a failed test run.

Fwiw, this was working until the upgrade.

@Skarlso
Copy link
Contributor

Skarlso commented Jun 26, 2024

This:

      resourceRef:
        extraIdentity:
          helmChart: dmi-broker

is no longer correct.

This is also no longer correct for the flux deployer:

    helmReleaseTemplate:
      chart:
        spec:
          chart: dmi-broker

Please check out the repository I linked. There is a working example for both helm chart without and with configuration. :)

@dee0
Copy link
Author

dee0 commented Jun 26, 2024

Hey @Skarlso

Thanks, but I think your sample may be broken and I don't think it is representative for my case.

I think it is broken because the Localization appears to refer to a non-existent Resource. It refers to resource-pipeline-backend and when I search for that the only hit is in localization.yaml.

As for why I don't think the samples are representative of my case there are these discrepancies

  • I am using both Localization and Configuration ( presumably this is normal ) but the examples don't use them in combination
  • My chart is a local resource. At the time when I was putting things together it didn't seem that I could localize or configure the chart's values.yaml so long as it was in a tgz file. So if that isn't the case using a tgz would be fine
       resources:
       - name: chart 
         version: *version
         type: dir
         input: 
           type: dir
           path: "../helm/dmi-broker"
           preserveDir: true
           compress: true 
  • In your examples the delivery.ocm.software resources are referring to specific chart versions. I can't do that. Whatever version happens to be in the ComponentVersion is what should be used.

Please provide some guidance on how to make this work with whatever change you made to the ocm-controller.

@Skarlso
Copy link
Contributor

Skarlso commented Jun 26, 2024

Ahhh sorry. I should have said that only configuration was altered to be working. The localization wasn't touched.

So sorry Dan.

@Skarlso
Copy link
Contributor

Skarlso commented Jun 26, 2024

I'll try to whip up a localization for you that's working. But generally I think it should once you alter it the same way configuration does it. Only the location of the image and tag needs to follow the value.yaml's format.

@dee0
Copy link
Author

dee0 commented Jun 27, 2024

Thanks @Skarlso

Btw, the things I am concerned about are

  • That Configuration can operate on the output of Localization
  • That there is no requirement to hard code a chart version in any of the delivery objects ( Localization, Configuration, FluxDeployer )

Also is FluxDeployer able to work with a helm chart that is stored as a dir resource with in the component or must the type be helm chart? This is what I have been using so far ( successfully given the other files attached ) .
Do I have to change this now? Or will the FluxDeployer not care as long as the content it is looking at actually appears to be a chart?

- name: chart 
  version: *version
  type: dir
  input: 
    type: dir
    path: "../helm/dmi-broker"
    preserveDir: true
    compress: true 

@Skarlso
Copy link
Contributor

Skarlso commented Jun 27, 2024

Hum. That shouldn't matter I think. Dir should work.

The requirement is there because it will try and produce a snapshot that the helm controller than needs to understand. And we do that previously already but that information isn't taken any further. Unless the resource is the same version as the chart than that extra info is not needed.

@dee0
Copy link
Author

dee0 commented Jun 27, 2024

Hey @Skarlso just want to confirm what I think you said... In my component description if the resource version matches the helm chart version then I don't have to specify a version in the Resource or the FluxDeployer. So for example, in my component yaml if I have

name: dmi.csi.sap/dmi-broker
version: &version "1.0.0-1.badcafe"
provider:
  name: dmi.csi.sap
resources:
- name: chart 
  version: 1.2.3  # <!-- Matches the helm chart version 
  type: dir
  input: 
    type: dir
    path: "../helm/dmi-broker"
    preserveDir: true
    compress: true 

then I won't need to specify a chart version in the Resource or the FluxDeployer.

Do I have that correct?

@Skarlso
Copy link
Contributor

Skarlso commented Jun 28, 2024

Yeah, that should be right. As long as the tag in the snapshot matches the chart, Flux's helm controller shouldn't complain. 🤞

@dee0
Copy link
Author

dee0 commented Jun 29, 2024

Nope, something went wrong.
I'll dig some more, but what I am seeing is

kubectl --kubeconfig=kubeconfig-644-e1-dmi get -A helmrelease
NAMESPACE    NAME         AGE   READY   STATUS
ocm-system   dmi-broker   29m   False   artifact revision 19090 does not match chart version 1.3.0-1085.xeae3fba.14

I have no idea where 19090 is coming from. Looking at the component descriptor with

kubectl --kubeconfig=kubeconfig-644-e1-dmi get -n broker componentdescriptor dmi.csi.sap-dmi-broker-1.3.0-1085.xeae3fba.14-17027996690744119944 -o=yaml

I see

spec:
  resources:
  - access:
      localReference: sha256:4b942c25c3e772c826959cb4702a3e3d9f9b59be4a78449a15f7e5be4d5e4e12
      mediaType: application/x-tgz
      type: localBlob
    digest:
      hashAlgorithm: SHA-256
      normalisationAlgorithm: genericBlobDigest/v1
      value: 4b942c25c3e772c826959cb4702a3e3d9f9b59be4a78449a15f7e5be4d5e4e12
    name: chart
    relation: local
    type: dir
    version: 1.3.0-1085.xeae3fba.14

@Skarlso
Copy link
Contributor

Skarlso commented Jun 29, 2024

19090 is the observed revision which we are using by default as a tag. Hmm, the resource version should have overwritten that. For now, please use helmVersion instead. I'm on vacation for two weeks, so I'll look at it when I'm back.

@dee0sap
Copy link

dee0sap commented Jul 1, 2024

Hey @Skarlso

I think
open-component-model/ocm-controller#485
may have broken something.

The error I mentioned above was after changing my POC to look like

image

Yesterday I grabbed the latest code with the intent of putting in the place the logic I have expected from the beginning. ( Search for 'festooned' in this description ) However before changing anything, while stepping through the debugger I hit a new problem 🔢

"failed to look up component Version: failed to do request: Head \"https://component-descriptors/v2/dmi.csi.sap/dmi-broker/manifests/1.3.0-1126.xb2559b5.17\": dial tcp: lookup component-descriptors on 100.64.0.10:53: no such host",

ResourceReconciler:reconcile gets this when it is trying to get the resource. This is happening because cv.Status.ReplicatedRepositoryURL is empty string.

My ComponentVersion is

apiVersion: delivery.ocm.software/v1alpha1
kind: ComponentVersion
metadata:
  creationTimestamp: "2024-06-30T19:08:11Z"
  generation: 1
  labels:
    foo.com/blah: "True"
    hc.sap.com/hc-provisioned: "True"
  name: dmi-broker
  namespace: broker
  resourceVersion: "784586"
  uid: 9f52789d-668e-42ca-a5a7-91e5522c3da3
spec:
  component: dmi.csi.sap/dmi-broker
  interval: 3s
  repository:
    secretRef:
      name: dmi-broker-ocm-registry
    url: hanaservice-dev.common.repositories.cloud.sap/csi-ocm-poc
  version:
    semver: '>=v1.0.0-0'
status:
  componentDescriptor:
    componentDescriptorRef:
      name: dmi.csi.sap-dmi-broker-1.3.0-1126.xb2559b5.17-18125962753876232484
      namespace: broker
    name: dmi.csi.sap/dmi-broker
    version: 1.3.0-1126.xb2559b5.17
  conditions:
  - lastTransitionTime: "2024-07-01T13:37:10Z"
    message: 'Applied version: 1.3.0-1126.xb2559b5.17'
    observedGeneration: 1
    reason: Succeeded
    status: "True"
    type: Ready
  observedGeneration: 1
  reconciledVersion: 1.3.0-1126.xb2559b5.17

Fwiw, think I will rebase my branch onto 0.23.7 to avoid this problem.

@Skarlso
Copy link
Contributor

Skarlso commented Jul 1, 2024

I'm on vacation for a while, would you mind putting this into a separate issue please? Thanks.

@Skarlso
Copy link
Contributor

Skarlso commented Jul 15, 2024

Was dmi-broker an existing component version by any chance? 🤔 Because sadly, this change is breaking as in, if the object exists it won't update the status with the correct value unless re-reconciled.

@Skarlso
Copy link
Contributor

Skarlso commented Jul 15, 2024

Ah yes. creationTimestamp: "2024-06-30T19:08:11Z".

I'll think of something to mitigate this.

@Skarlso Skarlso moved this from 🏗 In Progress to 📋 Next-UP in OCM Backlog Board Jul 17, 2024
Copy link

This issue was marked as stale because it has not had recent activity.

@github-actions github-actions bot added the lifecycle/stale Nobody worked on this for 6 months (will further age) label Oct 25, 2024
@Skarlso
Copy link
Contributor

Skarlso commented Oct 29, 2024

Not stale

@Skarlso Skarlso removed the lifecycle/stale Nobody worked on this for 6 months (will further age) label Oct 29, 2024
Skarlso added a commit to open-component-model/ocm-controller that referenced this issue Oct 29, 2024
## Description

Fix for issue [
#68](open-component-model/ocm-project#68) in
ocm-project. At least as of 0.23.7 there was primary problem and a
follow on problem that appeared after the first was fixed.

My setup was like this 

![image](https://github.com/user-attachments/assets/c6015cee-5c88-4644-915e-852e0b94bc15)

With the setup and v0.23.7 the first problem was I would get an error
like this
`ocm-system dmi-broker 24m False artifact revision 19090 does not match
chart version 1.3.0-1085.xeae3fba.14`

This because snapshot writer is using the resourceversion of of the
kubernetes object that owns the snapshot. Given my setup, 19090 happened
to be the resourceversion of my Configuration.

As I mentioned when I opened
[#68](open-component-model/ocm-project#68), at
least for helmcharts this is silly as there are several spots that are
better sources for a version tag. So I have fixed this storying the
resource version, taken from the component descriptor, in the identity.
I am only doing this if there isn't already a value stored under
ResourceVersionKey.

Fixing this revealed a problem when you have more than 1 mutation, in my
case a Localization and a Configuration, getting their config a
resource. The mutation objects get their identity from the resource they
reference in `configRef`. Both of my reference the same config.yaml in
my components. The identity is used to compute the snapshot's OCI
repository name.

Prior to my above tag fix being in place, the Localization and
Configuration were both sticking their snapshots into the same
repository. Since I was 'lucky' and the two objects never had the same
resourceversion the tags were used on the images stored in the
repository were different and I never noticed a problem. However once I
put the above fix in place I started seeing sporadic failures. In fact,
due to issue #224, I would see my HelmRelease go back and forth between
being unhealthy and healthy ( but mostly unhealthy ). It would be
unhealthy if/when the FluxDeployer grabbed the data from the snapshot
image when the Localization was the last one to write the snapshot
image.

To fix this added I 'mutation-object-uuid' to the identity of resources
that are output from the mutations ( Localization, Configuration ). This
way each will have its own snapshot repo and they will no longer
overwrite each other's images when the same resource is referenced in
`configRef`.

## What type of PR is this? (check all applicable)

- [ ] 🍕 Feature
- [x ] 🐛 Bug Fix
- [ ] 📝 Documentation Update
- [ ] 🎨 Style
- [ ] 🧑‍💻 Code Refactor
- [ ] 🔥 Performance Improvements
- [ ] ✅ Test
- [ ] 🤖 Build
- [ ] 🔁 CI
- [ ] 📦 Chore (Release)
- [ ] ⏩ Revert

## Related Tickets & Documents

<!-- 
Please use this format link issue numbers: Fixes #123

https://docs.github.com/en/free-pro-team@latest/github/managing-your-work-on-github/linking-a-pull-request-to-an-issue#linking-a-pull-request-to-an-issue-using-a-keyword
-->

- Fixes
[68](open-component-model/ocm-project#68)


## Added tests?

- [ ] 👍 yes
- [ ] 🙅 no, because they aren't needed
- [ ] 🙋 no, because I need help
- [ ] Separate ticket for tests # (issue/pr)

As of 2024-07-11 I have just used the fixed build in my POC and
confirmed that my components are being deployed. If/when I get time I'll
try to update the test suite.


## Added to documentation?

- [ ] 📜 README.md
- [ ] 🙅 no documentation needed

## Checklist:

- [x ] My code follows the style guidelines of this project
- [ x] I have performed a self-review of my code
- [ x] I have commented my code, particularly in hard-to-understand
areas
- [ x] I have made corresponding changes to the documentation
- [ ] My changes generate no new warnings
- [ ] I have added tests that prove my fix is effective or that my
feature works
- [ ] New and existing unit tests pass locally with my changes
- [ x] Any dependent changes have been merged and published in
downstream modules

---------

Co-authored-by: Gergely Brautigam <[email protected]>
@github-project-automation github-project-automation bot moved this from 📋 Next-UP to 🍺 Done in OCM Backlog Board Oct 29, 2024
@ocmbot ocmbot bot moved this from 🍺 Done to 🔒Closed in OCM Backlog Board Nov 8, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
Status: 🔒Closed
Development

Successfully merging a pull request may close this issue.

4 participants