Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use OCI catalog service when available for OCI validation #6635

Merged
merged 5 commits into from
Aug 17, 2023
Merged

Use OCI catalog service when available for OCI validation #6635

merged 5 commits into from
Aug 17, 2023

Conversation

absoludity
Copy link
Contributor

@absoludity absoludity commented Aug 16, 2023
edited
Loading

Description of the change

Follows on from #6620, uses the grpc Client to check if we can find repos for an OCI registry. While there I improved a couple of other things regarding the validation:

  • a context.Context can (and must) now be passed through to the validation (we should always pass the request context through subsequent requests); and
  • the getValidator function is now a method so that the different validators can have custom data set (such as the OCI catalog address, or the repo client getter).

I've added a basic test double grpc service for the OCI catalog to use here in tests, and will undoubtedly improve this test double when adding the actual sync functionality to use the OCI catalog service next.

Benefits

OCI Catalog service can be used to check an OCI Registry, without impacting current behaviour.

Possible drawbacks

None that I'm aware of.

Applicable issues

Additional information

I'll test IRL locally and update here:

Logs showing the fallback when the OCI catalog is not running:

E0816 03:49:15.487354       1 repositories_validation.go:354] unable to query OCI Catalog service at ":50061": error querying OCI Catalog for repos: rpc error: code = Unavailable desc = connection error: desc = "transport: Error while dialing: dial tcp :50061: connect: connection refused"
E0816 03:49:16.462758       1 utils.go:400] unable to get catalog manifest: GET request to [https://registry-1.docker.io/v2/bitnamicharts/charts-index/manifests/latest] failed due to status [401]: {"errors":[{"code":"UNAUTHORIZED","message":"authentication required","detail":[{"Type":"repository","Class":"","Name":"bitnamicharts/charts-index","Action":"pull"}]}]}
E0816 03:49:16.462894       1 repositories_validation.go:52] Failed repository validation validation: &{Code:400 Message:unable to determine the OCI catalog, you need to specify at least one repository}

and verified I can add the Bitnami catalog using the OCI https://registry-1.docker.io/bitnamicharts . That is, it passes validation and gets added. It doesn't yet sync - that'll be the next PR.

antgamdia
antgamdia approved these changes Aug 16, 2023
View reviewed changes
Copy link
Contributor

@antgamdia antgamdia left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks!

chart/kubeapps/templates/kubeappsapis/deployment.yaml Outdated
@@ -166,6 +166,8 @@ spec:
secretKeyRef:
key: postgres-password
name: {{ include "kubeapps.postgresql.secretName" . }}
- name: OCI_CATALOG_URL
value: {{ printf ":%d" (int .Values.ociCatalog.containerPorts.http) | quote }}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Haven't checked, but I assume containerPorts.http is actually pointing to the grpc endpoint, no?

Copy link
Contributor Author

@absoludity absoludity Aug 16, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, there is only one endpoint. Perhaps we should name it grpc instead... (I mean, grpc is http2, but I think the container template I used to create the ocicatalog helm section used http, grpc might be more descriptive).

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks! Much more descriptive this way

Base automatically changed from 6263-use-oci-catalog-validation-2 to main August 16, 2023 21:01
@absoludity
Implement and test validation using oci catalog service.
4f33bf9 
Signed-off-by: Michael Nelson <minelson@vmware.com>
@absoludity
Add OCI catalog address to kubeapps-apis
143cd26 
Signed-off-by: Michael Nelson <minelson@vmware.com>
@absoludity
Fix port encoding in chart.
3bb4c26 
Signed-off-by: Michael Nelson <minelson@vmware.com>
@absoludity absoludity force-pushed the 6263-use-oci-catalog-validation-3 branch from 3fe36c0 to 3bb4c26 Compare August 16, 2023 21:07
@netlify
Copy link

netlify bot commented Aug 16, 2023
edited
Loading

Deploy Preview for kubeapps-dev canceled.

Name Link
🔨 Latest commit 23ca03f
🔍 Latest deploy log https://app.netlify.com/sites/kubeapps-dev/deploys/64dd95474b2f6d0008849794

@absoludity
Re-label the ports to grpc.
639c5ce 
Signed-off-by: Michael Nelson <minelson@vmware.com>
@absoludity
Go lint.
23ca03f 
Signed-off-by: Michael Nelson <minelson@vmware.com>
@absoludity absoludity merged commit c0207be into main Aug 17, 2023
40 checks passed
@absoludity absoludity deleted the 6263-use-oci-catalog-validation-3 branch August 17, 2023 04:15
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@antgamdia antgamdia antgamdia approved these changes

Assignees
No one assigned
Labels
cla-not-required
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@absoludity @antgamdia @vmwclabot