From fe18b95a1514fd4351b22d8cc76e0dc67f17e2f3 Mon Sep 17 00:00:00 2001
From: Andrei Pavlov <apavlov@mirantis.com>
Date: Wed, 5 Jun 2024 11:48:14 +0700
Subject: [PATCH 1/5] Add OCI registry configuration for template-controller

Signed-off-by: Andrei Pavlov <apavlov@mirantis.com>
---
 cmd/main.go                                | 12 ++++++++++--
 internal/controller/template_controller.go |  7 +++++--
 2 files changed, 15 insertions(+), 4 deletions(-)

diff --git a/cmd/main.go b/cmd/main.go
index b681a8ad4..4051ed1b6 100644
--- a/cmd/main.go
+++ b/cmd/main.go
@@ -61,6 +61,9 @@ func main() {
 	var probeAddr string
 	var secureMetrics bool
 	var enableHTTP2 bool
+	var defaultOCIRegistry string
+	var insecureRegistry bool
+
 	flag.StringVar(&metricsAddr, "metrics-bind-address", ":8080", "The address the metric endpoint binds to.")
 	flag.StringVar(&probeAddr, "health-probe-bind-address", ":8081", "The address the probe endpoint binds to.")
 	flag.BoolVar(&enableLeaderElection, "leader-elect", false,
@@ -70,6 +73,9 @@ func main() {
 		"If set the metrics endpoint is served securely")
 	flag.BoolVar(&enableHTTP2, "enable-http2", false,
 		"If set, HTTP/2 will be enabled for the metrics and webhook servers")
+	flag.StringVar(&defaultOCIRegistry, "default-oci-registry", "oci://ghcr.io/Mirantis/hmc/charts",
+		"The default OCI registry to download Helm charts from.")
+	flag.BoolVar(&insecureRegistry, "insecure-registry", false, "Allow connecting to an HTTP registry.")
 	opts := zap.Options{
 		Development: true,
 	}
@@ -127,8 +133,10 @@ func main() {
 	}
 
 	if err = (&controller.TemplateReconciler{
-		Client: mgr.GetClient(),
-		Scheme: mgr.GetScheme(),
+		Client:             mgr.GetClient(),
+		Scheme:             mgr.GetScheme(),
+		DefaultOCIRegistry: defaultOCIRegistry,
+		InsecureRegistry:   insecureRegistry,
 	}).SetupWithManager(mgr); err != nil {
 		setupLog.Error(err, "unable to create controller", "controller", "Template")
 		os.Exit(1)
diff --git a/internal/controller/template_controller.go b/internal/controller/template_controller.go
index fc8ae6069..786cf4a37 100644
--- a/internal/controller/template_controller.go
+++ b/internal/controller/template_controller.go
@@ -37,7 +37,6 @@ import (
 const (
 	defaultRepoName = "hmc-templates"
 	defaultRepoType = "oci"
-	defaultRepoURL  = "oci://ghcr.io/Mirantis/hmc/charts"
 
 	defaultReconcileInterval = 10 * time.Minute
 )
@@ -46,6 +45,9 @@ const (
 type TemplateReconciler struct {
 	client.Client
 	Scheme *runtime.Scheme
+
+	DefaultOCIRegistry string
+	InsecureRegistry   bool
 }
 
 // +kubebuilder:rbac:groups=hmc.mirantis.com,resources=templates,verbs=get;list;watch;create;update;patch;delete
@@ -152,8 +154,9 @@ func (r *TemplateReconciler) reconcileHelmRepo(ctx context.Context, template *hm
 	_, err := ctrl.CreateOrUpdate(ctx, r.Client, helmRepo, func() error {
 		helmRepo.Spec = sourcev1.HelmRepositorySpec{
 			Type:     defaultRepoType,
-			URL:      defaultRepoURL,
+			URL:      r.DefaultOCIRegistry,
 			Interval: metav1.Duration{Duration: defaultReconcileInterval},
+			Insecure: r.InsecureRegistry,
 		}
 		return nil
 	})

From 1a6b43884be2efeaf3c6a80b143e2144af94d982 Mon Sep 17 00:00:00 2001
From: Andrei Pavlov <apavlov@mirantis.com>
Date: Wed, 5 Jun 2024 12:30:26 +0700
Subject: [PATCH 2/5] Add kustomize configuration for development

The configurationl adds support for a local registry

Signed-off-by: Andrei Pavlov <apavlov@mirantis.com>
---
 Makefile                             |  9 ++++++++
 config/dev/kustomization.yaml        | 31 ++++++++++++++++++++++++++++
 config/dev/local_registry_patch.yaml | 15 ++++++++++++++
 3 files changed, 55 insertions(+)
 create mode 100644 config/dev/kustomization.yaml
 create mode 100644 config/dev/local_registry_patch.yaml

diff --git a/Makefile b/Makefile
index 60946a79d..186e72d31 100644
--- a/Makefile
+++ b/Makefile
@@ -152,6 +152,15 @@ deploy: manifests kustomize ## Deploy controller to the K8s cluster specified in
 undeploy: kustomize ## Undeploy controller from the K8s cluster specified in ~/.kube/config. Call with ignore-not-found=true to ignore resource not found errors during deletion.
 	$(KUSTOMIZE) build config/default | $(KUBECTL) delete --ignore-not-found=$(ignore-not-found) -f -
 
+.PHONY: dev-deploy
+dev-deploy: manifests kustomize ## Deploy controller to the K8s cluster specified in ~/.kube/config.
+	cd config/manager && $(KUSTOMIZE) edit set image controller=${IMG}
+	$(KUSTOMIZE) build config/dev | $(KUBECTL) apply -f -
+
+.PHONY: dev-undeploy
+dev-undeploy: kustomize ## Undeploy controller from the K8s cluster specified in ~/.kube/config. Call with ignore-not-found=true to ignore resource not found errors during deletion.
+	$(KUSTOMIZE) build config/dev | $(KUBECTL) delete --ignore-not-found=$(ignore-not-found) -f -
+
 ##@ Dependencies
 
 ## Location to install dependencies to
diff --git a/config/dev/kustomization.yaml b/config/dev/kustomization.yaml
new file mode 100644
index 000000000..898acfec1
--- /dev/null
+++ b/config/dev/kustomization.yaml
@@ -0,0 +1,31 @@
+# Adds namespace to all resources.
+namespace: hmc-system
+
+# Value of this field is prepended to the
+# names of all resources, e.g. a deployment named
+# "wordpress" becomes "alices-wordpress".
+# Note that it should also match with the prefix (text before '-') of the namespace
+# field above.
+namePrefix: hmc-
+
+# Labels to add to all resources and selectors.
+#labels:
+#- includeSelectors: true
+#  pairs:
+#    someName: someValue
+
+resources:
+- ../crd
+- ../rbac
+- ../manager
+# [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in
+# crd/kustomization.yaml
+#- ../webhook
+# [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER'. 'WEBHOOK' components are required.
+#- ../certmanager
+# [PROMETHEUS] To enable prometheus monitor, uncomment all sections with 'PROMETHEUS'.
+#- ../prometheus
+
+patches:
+- path: local_registry_patch.yaml
+
diff --git a/config/dev/local_registry_patch.yaml b/config/dev/local_registry_patch.yaml
new file mode 100644
index 000000000..50dfd1a67
--- /dev/null
+++ b/config/dev/local_registry_patch.yaml
@@ -0,0 +1,15 @@
+# This patch adds the args to allow exposing the metrics endpoint securely
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: controller-manager
+  namespace: system
+spec:
+  template:
+    spec:
+      containers:
+      - name: manager
+        args:
+          - "--leader-elect"
+          - "--default-oci-registry=oci://local-registry:5000/charts"
+          - "--insecure-registry"

From 64086e0ff7a0a80b75315e7596bf81a841118060 Mon Sep 17 00:00:00 2001
From: Andrei Pavlov <apavlov@mirantis.com>
Date: Wed, 5 Jun 2024 13:13:07 +0700
Subject: [PATCH 3/5] Add kind binary and deploy/undeploy targets

Signed-off-by: Andrei Pavlov <apavlov@mirantis.com>
---
 Makefile | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)

diff --git a/Makefile b/Makefile
index 186e72d31..4e2bb3b99 100644
--- a/Makefile
+++ b/Makefile
@@ -127,10 +127,24 @@ hmc-chart-generate: kustomize helmify ## Generate hmc helm chart
 
 ##@ Deployment
 
+KIND_CLUSTER_NAME ?= hmc-dev
+
 ifndef ignore-not-found
   ignore-not-found = false
 endif
 
+.PHONY: deploy-kind
+deploy-kind: kind
+	@if ! $(KIND) get clusters | grep -q "^$(KIND_CLUSTER_NAME)$$"; then \
+		kind create cluster -n $(KIND_CLUSTER_NAME); \
+	fi
+
+.PHONY: undeploy-kind
+undeploy-kind: kind
+	@if kind get clusters | grep -q "^$(KIND_CLUSTER_NAME)$$"; then \
+		kind delete cluster --name $(KIND_CLUSTER_NAME); \
+	fi
+
 .PHONY: deploy-helm-controller
 deploy-helm-controller: helm
 	$(HELM) upgrade --install --create-namespace --set $(FLUX_CHART_VALUES) helm-controller $(FLUX_CHART_REPOSITORY) --version $(FLUX_CHART_VERSION) -n hmc-system
@@ -186,6 +200,7 @@ ENVTEST ?= $(LOCALBIN)/setup-envtest-$(ENVTEST_VERSION)
 GOLANGCI_LINT = $(LOCALBIN)/golangci-lint-$(GOLANGCI_LINT_VERSION)
 HELM ?= $(LOCALBIN)/helm-$(HELM_VERSION)
 HELMIFY ?= $(LOCALBIN)/helmify-$(HELMIFY_VERSION)
+KIND ?= $(LOCALBIN)/kind-$(KIND_VERSION)
 
 FLUX_CHART_REPOSITORY ?= oci://ghcr.io/fluxcd-community/charts/flux2
 FLUX_CHART_VERSION ?= 2.13.0
@@ -198,6 +213,7 @@ ENVTEST_VERSION ?= release-0.17
 GOLANGCI_LINT_VERSION ?= v1.57.2
 HELM_VERSION ?= v3.15.1
 HELMIFY_VERSION ?= v0.4.13
+KIND_VERSION ?= v0.23.0
 
 .PHONY: kustomize
 kustomize: $(KUSTOMIZE) ## Download kustomize locally if necessary.
@@ -230,6 +246,11 @@ helmify: $(HELMIFY) ## Download helmify locally if necessary.
 $(HELMIFY): $(LOCALBIN)
 	$(call go-install-tool,$(HELMIFY),github.com/arttor/helmify/cmd/helmify,${HELMIFY_VERSION})
 
+.PHONY: kind
+kind: $(KIND) ## Download kind locally if necessary.
+$(KIND): $(LOCALBIN)
+	$(call go-install-tool,$(KIND),sigs.k8s.io/kind,${KIND_VERSION})
+
 $(FLUX_HELM_CRD): $(EXTERNAL_CRD_DIR)
 	rm -f $(FLUX_HELM_CRD)
 	curl -s https://raw.githubusercontent.com/fluxcd/helm-controller/$(FLUX_HELM_VERSION)/config/crd/bases/helm.toolkit.fluxcd.io_helmreleases.yaml > $(FLUX_HELM_CRD)

From c9d492ab226557fb93f377a9cd5ec4619a497a77 Mon Sep 17 00:00:00 2001
From: Andrei Pavlov <apavlov@mirantis.com>
Date: Wed, 5 Jun 2024 13:55:50 +0700
Subject: [PATCH 4/5] Add target to deploy local registry

Signed-off-by: Andrei Pavlov <apavlov@mirantis.com>
---
 Makefile                             | 14 ++++++++++++++
 config/dev/local_registry_patch.yaml |  2 +-
 2 files changed, 15 insertions(+), 1 deletion(-)

diff --git a/Makefile b/Makefile
index 4e2bb3b99..d63f55980 100644
--- a/Makefile
+++ b/Makefile
@@ -128,6 +128,8 @@ hmc-chart-generate: kustomize helmify ## Generate hmc helm chart
 ##@ Deployment
 
 KIND_CLUSTER_NAME ?= hmc-dev
+LOCAL_REGISTRY_NAME ?= hmc-local-registry
+LOCAL_REGISTRY_PORT ?= 5001
 
 ifndef ignore-not-found
   ignore-not-found = false
@@ -145,6 +147,18 @@ undeploy-kind: kind
 		kind delete cluster --name $(KIND_CLUSTER_NAME); \
 	fi
 
+.PHONY: deploy-local-registry
+deploy-local-registry:
+	@if [ ! "`$(CONTAINER_TOOL) ps -aq -f name=$(LOCAL_REGISTRY_NAME)`" ]; then \
+      $(CONTAINER_TOOL) run -d --restart=always -p "127.0.0.1:$(LOCAL_REGISTRY_PORT):5000" --network bridge --name "$(LOCAL_REGISTRY_NAME)" registry:2; \
+    fi
+
+.PHONY: undeploy-local-registry
+undeploy-local-registry:
+	@if [ "`$(CONTAINER_TOOL) ps -aq -f name=$(LOCAL_REGISTRY_NAME)`" ]; then \
+      $(CONTAINER_TOOL) rm -f "$(LOCAL_REGISTRY_NAME)"; \
+    fi
+
 .PHONY: deploy-helm-controller
 deploy-helm-controller: helm
 	$(HELM) upgrade --install --create-namespace --set $(FLUX_CHART_VALUES) helm-controller $(FLUX_CHART_REPOSITORY) --version $(FLUX_CHART_VERSION) -n hmc-system
diff --git a/config/dev/local_registry_patch.yaml b/config/dev/local_registry_patch.yaml
index 50dfd1a67..7cc0b6ad8 100644
--- a/config/dev/local_registry_patch.yaml
+++ b/config/dev/local_registry_patch.yaml
@@ -11,5 +11,5 @@ spec:
       - name: manager
         args:
           - "--leader-elect"
-          - "--default-oci-registry=oci://local-registry:5000/charts"
+          - "--default-oci-registry=oci://hmc-local-registry:5000/charts"
           - "--insecure-registry"

From 5cb6028f4b0d0c0054bfb2d0156c1a2098c33627 Mon Sep 17 00:00:00 2001
From: Andrei Pavlov <apavlov@mirantis.com>
Date: Wed, 5 Jun 2024 14:29:49 +0700
Subject: [PATCH 5/5] Add targets to deploy/undeploy local registry

Signed-off-by: Andrei Pavlov <apavlov@mirantis.com>
---
 Makefile | 18 ++++++++++++------
 1 file changed, 12 insertions(+), 6 deletions(-)

diff --git a/Makefile b/Makefile
index d63f55980..efd04e5f1 100644
--- a/Makefile
+++ b/Makefile
@@ -128,6 +128,7 @@ hmc-chart-generate: kustomize helmify ## Generate hmc helm chart
 ##@ Deployment
 
 KIND_CLUSTER_NAME ?= hmc-dev
+KIND_NETWORK ?= kind
 LOCAL_REGISTRY_NAME ?= hmc-local-registry
 LOCAL_REGISTRY_PORT ?= 5001
 
@@ -149,15 +150,20 @@ undeploy-kind: kind
 
 .PHONY: deploy-local-registry
 deploy-local-registry:
-	@if [ ! "`$(CONTAINER_TOOL) ps -aq -f name=$(LOCAL_REGISTRY_NAME)`" ]; then \
-      $(CONTAINER_TOOL) run -d --restart=always -p "127.0.0.1:$(LOCAL_REGISTRY_PORT):5000" --network bridge --name "$(LOCAL_REGISTRY_NAME)" registry:2; \
-    fi
+	@if [ ! "$$($(CONTAINER_TOOL) ps -aq -f name=$(LOCAL_REGISTRY_NAME))" ]; then \
+		echo "Starting new local registry container $(LOCAL_REGISTRY_NAME)"; \
+		$(CONTAINER_TOOL) run -d --restart=always -p "127.0.0.1:$(LOCAL_REGISTRY_PORT):5000" --network bridge --name "$(LOCAL_REGISTRY_NAME)" registry:2; \
+	fi; \
+	if [ "$$($(CONTAINER_TOOL) inspect -f='{{json .NetworkSettings.Networks.$(KIND_NETWORK)}}' $(LOCAL_REGISTRY_NAME))" = 'null' ]; then \
+		$(CONTAINER_TOOL) network connect $(KIND_NETWORK) $(LOCAL_REGISTRY_NAME); \
+	fi
 
 .PHONY: undeploy-local-registry
 undeploy-local-registry:
-	@if [ "`$(CONTAINER_TOOL) ps -aq -f name=$(LOCAL_REGISTRY_NAME)`" ]; then \
-      $(CONTAINER_TOOL) rm -f "$(LOCAL_REGISTRY_NAME)"; \
-    fi
+	@if [ "$$($(CONTAINER_TOOL) ps -aq -f name=$(LOCAL_REGISTRY_NAME))" ]; then \
+  		echo "Removing local registry container $(LOCAL_REGISTRY_NAME)"; \
+		$(CONTAINER_TOOL) rm -f "$(LOCAL_REGISTRY_NAME)"; \
+	fi
 
 .PHONY: deploy-helm-controller
 deploy-helm-controller: helm