Add helm chart

[patoarvizu]

Addressing #1502

I started exploring Notary a couple of weeks ago and while docker-compose was helpful, I was trying to run it with something more natural to me and I was surprised I couldn't find a Helm chart for it, so here's my attempt at that.

First of all, this chart is not meant to be used for production, but rather as a way to quickly spin up and tear down a Notary service (I'm adding a section to the README to make that clear). It doesn't mean that it can't evolve into that, but my immediate goal is to have something that can be iterated on very quickly, in a way that's more Kubernetes-friendly.

One thing I want to point out is that, to minimize duplication, I'm symlink-ing from helm/fixtures, helm/migrations, and helm/notarysql to their respective directories one level above. I'm doing that because of a restriction in Helm where charts can't access any files that are outside of its directory. With the symlink, the chart can use the same SQL files and TLS certificates used by the docker-compose files, without having to duplicate them.

This first version of the chart doesn't currently support 100% of the Notary settings. I decided to leave out auth, reporting, and caching, since I considered those to be less important for the initial goal.

I'm not sure what tests to run since this is all new code, but let me know if there's anything else I need to do! I'd welcome any suggestions to the new README section, specially if you think the section about it not being meant for prod should go before the main Helm section.

Lastly, I think I'm supposed to merge against master, but let me know if I should do it against a release branch!

[GordonTheTurtle]

Please sign your commits following these rules:
https://github.com/moby/moby/blob/master/CONTRIBUTING.md#sign-your-work
The easiest way to do this is to amend the last commit:

$ git clone -b "add_helm_chart" git@github.com:patoarvizu/notary.git somewhere
$ cd somewhere
$ git rebase -i HEAD~842354450680
editor opens
change each 'pick' to 'edit'
save the file and quit
$ git commit --amend -s --no-edit
$ git rebase --continue # and repeat the amend for each commit
$ git push -f

Amending updates the existing PR. You DO NOT need to open a new one.

[patoarvizu]

Friendly ping here! Should I directly assign maintainers and/or contributors as reviewers?

[patoarvizu]

@justincormack @HuKeping Any chance you can take a look? Or do you have any feedback?

[HuKeping]

Apologise @patoarvizu ! i've noticed this PR a few days ago, but haven't find a time slot getting to it since it's quite big for this project.

[ralgozino]

According to the documentation the connection string should include: ?parseTime=true.

Eventhough if it's not present it would be added by default, it should be better if it is included in the chart.

There are 3 more ocurrences of the connection string, maybe it's a good idea to use a variable.

[ralgozino]

Maybe it could be useful to add here also the fqdn of the service like .Values.tls.generated.server.dns + .Values.namespace + .svc.cluster.local?

[patoarvizu]

Ah, good idea... I'll do that

[ralgozino]

If I want to use my own certificates, in what format should I put the certificate here? base64? string? I would be nice if specified in the comments. The same for the rest of the certificates.

[patoarvizu]

It's a string but yes, it should be clarified in the comments. Thanks!

[patoarvizu]

Gentle bump here...

Is there any interest in merging this? It was suggested that this can live in a separate repo, so I'll gladly do that too if that's the preference.

[rubroboletus]

In notary-server component, you are assigning signer.replicas instead of server.replicas

[rubroboletus]

Typo, right one service name in your chart is notary-server

[patoarvizu]

Thanks for the comments @rubroboletus! I just pushed the changes to correct them.

[jeffb4]

Is there any further feedback necessary to merge this PR?

[patoarvizu]

I haven't received any further feedback on this PR despite multiple previous requests. Is there any interest in merging it here? Maybe on a different repo?

cc @justincormack @HuKeping @thaJeztah @cquon (As the most recent committers on master)

[jeffb4]

There was some feedback about ?parseTime=true but I don't see anything else

[patoarvizu]

Ping!

Would it be possible to at least get some acknowledgement from the maintainers to know if it's still worth keeping this PR alive? It's the most commented open PR in the last 2 years and we haven't heard anything from any maintainer in over 6 months.

If you have any guidance on whether you'd like to maintain this in a different repo instead of this one, I'd be happy to follow that, but I would really appreciate if you can let me (and the people following the PR) if we should still expect this to get some attention at any point. Thanks!

[DrissiReda]

Has there been any news on this?

[patoarvizu]

No, and I don't think the maintainers are very motivated to move forward, since Notary V2 is in the works.

Here's what I'll do: I'm going to tag the maintainers one more time at the bottom of this comment to see if I can get their attention or acknowledgement. If we don't hear back in a reasonable amount of time, I will close this PR and migrate this to a repo on its own, and probably publish it to Artifact Hub.

@cyli @diogomonica @endophage @ecordell @HuKeping @justincormack @NathanMcCauley @riyazdf