Merge pull request #12 from Kshatrix/dev-registry

Add local registry support

Makefile

@@ -127,10 +127,44 @@ hmc-chart-generate: kustomize helmify ## Generate hmc helm chart
 
 ##@ Deployment
 
+KIND_CLUSTER_NAME ?= hmc-dev
+KIND_NETWORK ?= kind
+LOCAL_REGISTRY_NAME ?= hmc-local-registry
+LOCAL_REGISTRY_PORT ?= 5001
+
 ifndef ignore-not-found
   ignore-not-found = false
 endif
 
+.PHONY: deploy-kind
+deploy-kind: kind
+	@if ! $(KIND) get clusters | grep -q "^$(KIND_CLUSTER_NAME)$$"; then \
+		kind create cluster -n $(KIND_CLUSTER_NAME); \
+	fi
+
+.PHONY: undeploy-kind
+undeploy-kind: kind
+	@if kind get clusters | grep -q "^$(KIND_CLUSTER_NAME)$$"; then \
+		kind delete cluster --name $(KIND_CLUSTER_NAME); \
+	fi
+
+.PHONY: deploy-local-registry
+deploy-local-registry:
+	@if [ ! "$$($(CONTAINER_TOOL) ps -aq -f name=$(LOCAL_REGISTRY_NAME))" ]; then \
+		echo "Starting new local registry container $(LOCAL_REGISTRY_NAME)"; \
+		$(CONTAINER_TOOL) run -d --restart=always -p "127.0.0.1:$(LOCAL_REGISTRY_PORT):5000" --network bridge --name "$(LOCAL_REGISTRY_NAME)" registry:2; \
+	fi; \
+	if [ "$$($(CONTAINER_TOOL) inspect -f='{{json .NetworkSettings.Networks.$(KIND_NETWORK)}}' $(LOCAL_REGISTRY_NAME))" = 'null' ]; then \
+		$(CONTAINER_TOOL) network connect $(KIND_NETWORK) $(LOCAL_REGISTRY_NAME); \
+	fi
+
+.PHONY: undeploy-local-registry
+undeploy-local-registry:
+	@if [ "$$($(CONTAINER_TOOL) ps -aq -f name=$(LOCAL_REGISTRY_NAME))" ]; then \
+  		echo "Removing local registry container $(LOCAL_REGISTRY_NAME)"; \
+		$(CONTAINER_TOOL) rm -f "$(LOCAL_REGISTRY_NAME)"; \
+	fi
+
 .PHONY: deploy-helm-controller
 deploy-helm-controller: helm
 	$(HELM) upgrade --install --create-namespace --set $(FLUX_CHART_VALUES) helm-controller $(FLUX_CHART_REPOSITORY) --version $(FLUX_CHART_VERSION) -n hmc-system
@@ -152,6 +186,15 @@ deploy: manifests kustomize ## Deploy controller to the K8s cluster specified in
 undeploy: kustomize ## Undeploy controller from the K8s cluster specified in ~/.kube/config. Call with ignore-not-found=true to ignore resource not found errors during deletion.
 	$(KUSTOMIZE) build config/default | $(KUBECTL) delete --ignore-not-found=$(ignore-not-found) -f -
 
+.PHONY: dev-deploy
+dev-deploy: manifests kustomize ## Deploy controller to the K8s cluster specified in ~/.kube/config.
+	cd config/manager && $(KUSTOMIZE) edit set image controller=${IMG}
+	$(KUSTOMIZE) build config/dev | $(KUBECTL) apply -f -
+
+.PHONY: dev-undeploy
+dev-undeploy: kustomize ## Undeploy controller from the K8s cluster specified in ~/.kube/config. Call with ignore-not-found=true to ignore resource not found errors during deletion.
+	$(KUSTOMIZE) build config/dev | $(KUBECTL) delete --ignore-not-found=$(ignore-not-found) -f -
+
 ##@ Dependencies
 
 ## Location to install dependencies to
@@ -177,6 +220,7 @@ ENVTEST ?= $(LOCALBIN)/setup-envtest-$(ENVTEST_VERSION)
 GOLANGCI_LINT = $(LOCALBIN)/golangci-lint-$(GOLANGCI_LINT_VERSION)
 HELM ?= $(LOCALBIN)/helm-$(HELM_VERSION)
 HELMIFY ?= $(LOCALBIN)/helmify-$(HELMIFY_VERSION)
+KIND ?= $(LOCALBIN)/kind-$(KIND_VERSION)
 
 FLUX_CHART_REPOSITORY ?= oci://ghcr.io/fluxcd-community/charts/flux2
 FLUX_CHART_VERSION ?= 2.13.0
@@ -189,6 +233,7 @@ ENVTEST_VERSION ?= release-0.17
 GOLANGCI_LINT_VERSION ?= v1.57.2
 HELM_VERSION ?= v3.15.1
 HELMIFY_VERSION ?= v0.4.13
+KIND_VERSION ?= v0.23.0
 
 .PHONY: kustomize
 kustomize: $(KUSTOMIZE) ## Download kustomize locally if necessary.
@@ -221,6 +266,11 @@ helmify: $(HELMIFY) ## Download helmify locally if necessary.
 $(HELMIFY): $(LOCALBIN)
 	$(call go-install-tool,$(HELMIFY),github.com/arttor/helmify/cmd/helmify,${HELMIFY_VERSION})
 
+.PHONY: kind
+kind: $(KIND) ## Download kind locally if necessary.
+$(KIND): $(LOCALBIN)
+	$(call go-install-tool,$(KIND),sigs.k8s.io/kind,${KIND_VERSION})
+
 $(FLUX_HELM_CRD): $(EXTERNAL_CRD_DIR)
 	rm -f $(FLUX_HELM_CRD)
 	curl -s https://raw.githubusercontent.com/fluxcd/helm-controller/$(FLUX_HELM_VERSION)/config/crd/bases/helm.toolkit.fluxcd.io_helmreleases.yaml > $(FLUX_HELM_CRD)

cmd/main.go

@@ -61,6 +61,9 @@ func main() {
 	var probeAddr string
 	var secureMetrics bool
 	var enableHTTP2 bool
+	var defaultOCIRegistry string
+	var insecureRegistry bool
+
 	flag.StringVar(&metricsAddr, "metrics-bind-address", ":8080", "The address the metric endpoint binds to.")
 	flag.StringVar(&probeAddr, "health-probe-bind-address", ":8081", "The address the probe endpoint binds to.")
 	flag.BoolVar(&enableLeaderElection, "leader-elect", false,
@@ -70,6 +73,9 @@ func main() {
 		"If set the metrics endpoint is served securely")
 	flag.BoolVar(&enableHTTP2, "enable-http2", false,
 		"If set, HTTP/2 will be enabled for the metrics and webhook servers")
+	flag.StringVar(&defaultOCIRegistry, "default-oci-registry", "oci://ghcr.io/Mirantis/hmc/charts",
+		"The default OCI registry to download Helm charts from.")
+	flag.BoolVar(&insecureRegistry, "insecure-registry", false, "Allow connecting to an HTTP registry.")
 	opts := zap.Options{
 		Development: true,
 	}
@@ -127,8 +133,10 @@ func main() {
 	}
 
 	if err = (&controller.TemplateReconciler{
-		Client: mgr.GetClient(),
-		Scheme: mgr.GetScheme(),
+		Client:             mgr.GetClient(),
+		Scheme:             mgr.GetScheme(),
+		DefaultOCIRegistry: defaultOCIRegistry,
+		InsecureRegistry:   insecureRegistry,
 	}).SetupWithManager(mgr); err != nil {
 		setupLog.Error(err, "unable to create controller", "controller", "Template")
 		os.Exit(1)

config/dev/kustomization.yaml

@@ -0,0 +1,31 @@
+# Adds namespace to all resources.
+namespace: hmc-system
+
+# Value of this field is prepended to the
+# names of all resources, e.g. a deployment named
+# "wordpress" becomes "alices-wordpress".
+# Note that it should also match with the prefix (text before '-') of the namespace
+# field above.
+namePrefix: hmc-
+
+# Labels to add to all resources and selectors.
+#labels:
+#- includeSelectors: true
+#  pairs:
+#    someName: someValue
+
+resources:
+- ../crd
+- ../rbac
+- ../manager
+# [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in
+# crd/kustomization.yaml
+#- ../webhook
+# [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER'. 'WEBHOOK' components are required.
+#- ../certmanager
+# [PROMETHEUS] To enable prometheus monitor, uncomment all sections with 'PROMETHEUS'.
+#- ../prometheus
+
+patches:
+- path: local_registry_patch.yaml
+

config/dev/local_registry_patch.yaml

@@ -0,0 +1,15 @@
+# This patch adds the args to allow exposing the metrics endpoint securely
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: controller-manager
+  namespace: system
+spec:
+  template:
+    spec:
+      containers:
+      - name: manager
+        args:
+          - "--leader-elect"
+          - "--default-oci-registry=oci://hmc-local-registry:5000/charts"
+          - "--insecure-registry"

internal/controller/template_controller.go

@@ -37,7 +37,6 @@ import (
 const (
 	defaultRepoName = "hmc-templates"
 	defaultRepoType = "oci"
-	defaultRepoURL  = "oci://ghcr.io/Mirantis/hmc/charts"
 
 	defaultReconcileInterval = 10 * time.Minute
 )
@@ -46,6 +45,9 @@ const (
 type TemplateReconciler struct {
 	client.Client
 	Scheme *runtime.Scheme
+
+	DefaultOCIRegistry string
+	InsecureRegistry   bool
 }
 
 // +kubebuilder:rbac:groups=hmc.mirantis.com,resources=templates,verbs=get;list;watch;create;update;patch;delete
@@ -152,8 +154,9 @@ func (r *TemplateReconciler) reconcileHelmRepo(ctx context.Context, template *hm
 	_, err := ctrl.CreateOrUpdate(ctx, r.Client, helmRepo, func() error {
 		helmRepo.Spec = sourcev1.HelmRepositorySpec{
 			Type:     defaultRepoType,
-			URL:      defaultRepoURL,
+			URL:      r.DefaultOCIRegistry,
 			Interval: metav1.Duration{Duration: defaultReconcileInterval},
+			Insecure: r.InsecureRegistry,
 		}
 		return nil
 	})