Merge pull request #239 from squizzi/patch_support-non-oci-registry-t…

…ypes Add defaultRegistryURL and defaultRepoType for non-OCI HelmRepository support
k0rdent · Sep 6, 2024 · 2196956 · 2196956
2 parents e49f99c + 9769233
commit 2196956
Show file tree

Hide file tree

Showing 8 changed files with 130 additions and 26 deletions.
diff --git a/cmd/main.go b/cmd/main.go
@@ -21,6 +21,7 @@ import (
 
 	// Import all Kubernetes client auth plugins (e.g. Azure, GCP, OIDC, etc.)
 	// to ensure that exec-entrypoint and run can make use of them.
+
 	_ "k8s.io/client-go/plugin/pkg/client/auth"
 
 	hcv2 "github.com/fluxcd/helm-controller/api/v2"
@@ -38,6 +39,7 @@ import (
 	hmcmirantiscomv1alpha1 "github.com/Mirantis/hmc/api/v1alpha1"
 	"github.com/Mirantis/hmc/internal/controller"
 	"github.com/Mirantis/hmc/internal/telemetry"
+	"github.com/Mirantis/hmc/internal/utils"
 	hmcwebhook "github.com/Mirantis/hmc/internal/webhook"
 	//+kubebuilder:scaffold:imports
 )
@@ -57,29 +59,31 @@ func init() {
 }
 
 func main() {
-	var metricsAddr string
-	var probeAddr string
-	var secureMetrics bool
-	var enableHTTP2 bool
-	var defaultOCIRegistry string
-	var insecureRegistry bool
-	var registryCredentialsSecret string
-	var createManagement bool
-	var createTemplates bool
-	var hmcTemplatesChartName string
-	var enableTelemetry bool
-	var enableWebhook bool
-	var webhookPort int
-	var webhookCertDir string
+	var (
+		metricsAddr               string
+		probeAddr                 string
+		secureMetrics             bool
+		enableHTTP2               bool
+		defaultRegistryURL        string
+		insecureRegistry          bool
+		registryCredentialsSecret string
+		createManagement          bool
+		createTemplates           bool
+		hmcTemplatesChartName     string
+		enableTelemetry           bool
+		enableWebhook             bool
+		webhookPort               int
+		webhookCertDir            string
+	)
 
 	flag.StringVar(&metricsAddr, "metrics-bind-address", ":8080", "The address the metric endpoint binds to.")
 	flag.StringVar(&probeAddr, "health-probe-bind-address", ":8081", "The address the probe endpoint binds to.")
 	flag.BoolVar(&secureMetrics, "metrics-secure", false,
 		"If set the metrics endpoint is served securely")
 	flag.BoolVar(&enableHTTP2, "enable-http2", false,
 		"If set, HTTP/2 will be enabled for the metrics and webhook servers")
-	flag.StringVar(&defaultOCIRegistry, "default-oci-registry", "oci://ghcr.io/mirantis/hmc/charts",
-		"The default OCI registry to download Helm charts from.")
+	flag.StringVar(&defaultRegistryURL, "default-registry-url", "oci://ghcr.io/mirantis/hmc/charts",
+		"The default registry to download Helm charts from, prefix with oci:// for OCI registries.")
 	flag.StringVar(&registryCredentialsSecret, "registry-creds-secret", "",
 		"Secret containing authentication credentials for the registry.")
 	flag.BoolVar(&insecureRegistry, "insecure-registry", false, "Allow connecting to an HTTP registry.")
@@ -100,6 +104,12 @@ func main() {
 
 	ctrl.SetLogger(zap.New(zap.UseFlagOptions(&opts)))
 
+	determinedRepositoryType, err := utils.DetermineDefaultRepositoryType(defaultRegistryURL)
+	if err != nil {
+		setupLog.Error(err, "failed to determine default repository type")
+		os.Exit(1)
+	}
+
 	// if the enable-http2 flag is false (the default), http/2 should be disabled
 	// due to its vulnerabilities. More specifically, disabling http/2 will
 	// prevent from being vulnerable to the HTTP/2 Stream Cancellation and
@@ -188,7 +198,8 @@ func main() {
 		Config:                    mgr.GetConfig(),
 		CreateManagement:          createManagement,
 		CreateTemplates:           createTemplates,
-		DefaultOCIRegistry:        defaultOCIRegistry,
+		DefaultRegistryURL:        defaultRegistryURL,
+		DefaultRepoType:           determinedRepositoryType,
 		RegistryCredentialsSecret: registryCredentialsSecret,
 		InsecureRegistry:          insecureRegistry,
 		HMCTemplatesChartName:     hmcTemplatesChartName,

diff --git a/config/dev/hmc_values.yaml b/config/dev/hmc_values.yaml
@@ -1,6 +1,6 @@
 image:
   repository: hmc/controller
 controller:
-  defaultOCIRegistry: oci://hmc-local-registry:5000/charts
+  defaultRegistryURL: oci://hmc-local-registry:5000/charts
   insecureRegistry: true
   createTemplates: false
diff --git a/internal/controller/release_controller.go b/internal/controller/release_controller.go
@@ -57,7 +57,12 @@ type Poller struct {
 	CreateManagement bool
 	CreateTemplates  bool
 
-	DefaultOCIRegistry        string
+	// DefaultRepoType is the type specified by default in HelmRepository
+	// objects.  Valid types are 'default' for http/https repositories, and
+	// 'oci' for OCI repositories.  The RepositoryType is set in main based on
+	// the URI scheme of the DefaultRegistryURL.
+	DefaultRepoType           string
+	DefaultRegistryURL        string
 	RegistryCredentialsSecret string
 	InsecureRegistry          bool
 	HMCTemplatesChartName     string
@@ -179,10 +184,11 @@ func (p *Poller) reconcileDefaultHelmRepo(ctx context.Context) error {
 		if helmRepo.Labels == nil {
 			helmRepo.Labels = make(map[string]string)
 		}
+
 		helmRepo.Labels[hmc.HMCManagedLabelKey] = hmc.HMCManagedLabelValue
 		helmRepo.Spec = sourcev1.HelmRepositorySpec{
-			Type:     defaultRepoType,
-			URL:      p.DefaultOCIRegistry,
+			Type:     p.DefaultRepoType,
+			URL:      p.DefaultRegistryURL,
 			Interval: metav1.Duration{Duration: defaultReconcileInterval},
 			Insecure: p.InsecureRegistry,
 		}

diff --git a/internal/controller/template_controller.go b/internal/controller/template_controller.go
@@ -39,9 +39,7 @@ import (
 )
 
 const (
-	defaultRepoName = "hmc-templates"
-	defaultRepoType = "oci"
-
+	defaultRepoName          = "hmc-templates"
 	defaultReconcileInterval = 10 * time.Minute
 )
 

diff --git a/internal/utils/helm.go b/internal/utils/helm.go
@@ -0,0 +1,41 @@
+// Copyright 2024
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package utils
+
+import (
+	"fmt"
+	"net/url"
+)
+
+const (
+	registryTypeOCI     = "oci"
+	registryTypeDefault = "default"
+)
+
+func DetermineDefaultRepositoryType(defaultRegistryURL string) (string, error) {
+	parsedRegistryURL, err := url.Parse(defaultRegistryURL)
+	if err != nil {
+		return "", fmt.Errorf("failed to parse default registry URL: %w", err)
+	}
+
+	switch parsedRegistryURL.Scheme {
+	case "oci":
+		return registryTypeOCI, nil
+	case "http", "https":
+		return registryTypeDefault, nil
+	default:
+		return "", fmt.Errorf("invalid default registry URL scheme: %s must be 'oci://', 'http://', or 'https://'", parsedRegistryURL.Scheme)
+	}
+}
diff --git a/internal/utils/helm_test.go b/internal/utils/helm_test.go
@@ -0,0 +1,47 @@
+// Copyright 2024
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package utils
+
+import (
+	"testing"
+)
+
+func TestDetermineDefaultRepositoryType(t *testing.T) {
+	for _, tc := range []struct {
+		url            string
+		expectErr      bool
+		expectedScheme string
+	}{
+		{url: "oci://hmc-local-registry:5000/charts", expectErr: false, expectedScheme: "oci"},
+		{url: "https://registry.example.com", expectErr: false, expectedScheme: "default"},
+		{url: "http://docker.io", expectErr: false, expectedScheme: "default"},
+		{url: "ftp://ftp.example.com", expectErr: true},
+		{url: "not-a-url", expectErr: true},
+	} {
+		t.Run(tc.url, func(t *testing.T) {
+			actual, err := DetermineDefaultRepositoryType(tc.url)
+			if tc.expectErr && err == nil {
+				t.Errorf("expected error, got nil")
+			}
+			if !tc.expectErr && err != nil {
+				t.Errorf("unexpected error: %v", err)
+
+				if actual != tc.expectedScheme {
+					t.Errorf("expected scheme %q, got %q", tc.expectedScheme, actual)
+				}
+			}
+		})
+	}
+}
diff --git a/templates/hmc/templates/deployment.yaml b/templates/hmc/templates/deployment.yaml
@@ -21,7 +21,7 @@ spec:
     spec:
       containers:
       - args:
-        - --default-oci-registry={{ .Values.controller.defaultOCIRegistry }}
+        - --default-registry-url={{ .Values.controller.defaultRegistryURL }}
         - --insecure-registry={{ .Values.controller.insecureRegistry }}
         {{- if .Values.controller.registryCredsSecret }}
         - --registry-creds-secret={{ .Values.controller.registryCredsSecret }}

diff --git a/templates/hmc/values.yaml b/templates/hmc/values.yaml
@@ -7,7 +7,8 @@ admissionWebhook:
   certDir: "/tmp/k8s-webhook-server/serving-certs/"
 
 controller:
-  defaultOCIRegistry: "oci://ghcr.io/mirantis/hmc/charts"
+  defaultRegistryURL: "oci://ghcr.io/mirantis/hmc/charts"
+  defaultRepoType: "oci"
   registryCredsSecret: ""
   insecureRegistry: false
   createManagement: true