Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add .spec.insecure to HelmRepository for type: oci #1288

Merged
merged 2 commits into from
Nov 23, 2023
Merged

Add .spec.insecure to HelmRepository for type: oci #1288

merged 2 commits into from
Nov 23, 2023

Conversation

stefanprodan
Copy link
Member

@stefanprodan stefanprodan commented Nov 21, 2023
edited
Loading

Allow connecting to Helm OCI repositories over plain HTTP (non-TLS endpoint).

Example:

apiVersion: source.toolkit.fluxcd.io/v1beta2
kind: HelmRepository
metadata:
  name: podinfo
  namespace: default
spec:
  type: oci
  interval: 1h
  insecure: true
  url: oci://localhost:5000/charts

Closes: #957
Closes: fluxcd/helm-controller#782
Ref: helm/helm#12128

@stefanprodan stefanprodan added area/helm Helm related issues and pull requests area/api API related issues and pull requests labels Nov 21, 2023
@stefanprodan stefanprodan force-pushed the helm-repo-insecure branch 2 times, most recently from 8fc2503 to 1e7b964 Compare November 21, 2023 09:21
@stefanprodan stefanprodan mentioned this pull request Nov 21, 2023
Closed
14 tasks
@stefanprodan stefanprodan changed the title Add .spec.insecure to HelmRepository Add .spec.insecure to HelmRepository for type: oci Nov 21, 2023
makkes
makkes reviewed Nov 21, 2023
View reviewed changes
api/v1beta2/helmrepository_types.go
// Insecure allows connecting to a non-TLS HTTP container registry.
// This field is only taken into account if the .spec.type field is set to 'oci'.
// +optional
Insecure bool `json:"insecure,omitempty"`
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we should make this field name more explicit to (1) make it obvious what it does and (2) allow for any future "insecure" flags to be added.

Suggested change
Insecure bool `json:"insecure,omitempty"`
InsecurePlainHTTP bool `json:"insecure,omitempty"`

Insecure as a prefix still makes sense to me to make it obvious this is an insecure transport.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This field matches what we have in OCIRepository and what's in the RFC.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That's unfortunate. I still believe it's a way better UX if it had a more telling name.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I pointed that out in the RFC PR, too, by the way: fluxcd/flux2#3081 (review)

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The goal here at present is to get the feature in while continuing to be uniform. Dealing with the naming of the field would be a separate task, as aligning it across kinds would first require an amendment to the RFC.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm fine with merging this as my comment on the RFC PR also got completely ignored, anyway.

@aryan9600 aryan9600 added the hold Issues and pull requests put on hold label Nov 22, 2023
@aryan9600
Copy link
Member

This PR is not ready to be merged, there are a lot of changes required for the new field to work properly. Thus, I have put this PR on hold for now.

@aryan9600 aryan9600 removed the hold Issues and pull requests put on hold label Nov 22, 2023
stefanprodan and others added 2 commits November 23, 2023 12:05
@stefanprodan @aryan9600
Add .spec.insecure to HelmRepository
6e78779 
Allow connecting to Helm OCI repositories over plain HTTP (non-TLS endpoint).

Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
@aryan9600
helmrepo: allow OCI helmrepos to connect to insecure registries
4086c25 
Signed-off-by: Sanskar Jaiswal <jaiswalsanskar078@gmail.com>
@stefanprodan
Copy link
Member Author

I've tested this PR in a real cluster with a local registry over HTTP and works great.

@stefanprodan stefanprodan merged commit bd95d35 into main Nov 23, 2023
10 checks passed
@stefanprodan stefanprodan deleted the helm-repo-insecure branch November 23, 2023 08:18
@aryan9600 aryan9600 mentioned this pull request Dec 14, 2023
Closed
@Cavaler Cavaler mentioned this pull request Dec 14, 2023
Closed
@stdnt-xiao stdnt-xiao mentioned this pull request Jun 3, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@makkes makkes makkes left review comments

@aryan9600 aryan9600 aryan9600 left review comments

@hiddeco hiddeco hiddeco approved these changes

Assignees
No one assigned
Labels
area/api API related issues and pull requests area/helm Helm related issues and pull requests
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Support insecure OCI chart sources [RFC-004] Add .spec.insecure to HelmRepository
4 participants
@stefanprodan @aryan9600 @makkes @hiddeco