Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

⚠️ helm: use chunking release driver in systemNamespace #1057

Merged
merged 1 commit into from
Aug 2, 2024
Merged

⚠️ helm: use chunking release driver in systemNamespace #1057

merged 1 commit into from
Aug 2, 2024

Conversation

joelanford
Copy link
Member

@joelanford joelanford commented Jul 16, 2024
edited
Loading

Description

This PR:

  1. uses a new helm release storage driver from helm-operator-plugins that chunks release data into one or more secrets (this also incidentally means that our client and the Helm CLI client won't mistake each other's release storage for their own).
  2. moves release secret storage back to our system namespace so that we don't leak details of our release bookkeeping to users.
  3. Notes that the new helm-operator-plugins commit also makes it possible to use one service account for release storage and a separate service account for deploying bundle contents. This is necessary if we want to avoid leaking our internal release storage mechanism to users (who would otherwise have to configure RBAC for release storage permission)

Fixes: #923

Reviewer Checklist

  • API Go Documentation
  • Tests: Unit Tests (and E2E Tests, if appropriate)
  • Comprehensive Commit Messages
  • Links to related GitHub Issue(s)

@joelanford joelanford requested a review from a team as a code owner July 16, 2024 19:48
@openshift-ci openshift-ci bot added the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Jul 16, 2024
@netlify Netlify
Copy link

netlify bot commented Jul 16, 2024
edited
Loading

Deploy Preview for olmv1 ready!

Name Link
🔨 Latest commit 30c827a
🔍 Latest deploy log https://app.netlify.com/sites/olmv1/deploys/66ad45d46a16c00008ce39a4
😎 Deploy Preview https://deploy-preview-1057--olmv1.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify site configuration.

@joelanford joelanford marked this pull request as draft July 16, 2024 19:48
@joelanford joelanford changed the title WIP: helm: use chunking release driver in systemNamespace ⚠️ WIP: helm: use chunking release driver in systemNamespace Jul 16, 2024
@codecov Codecov
Copy link

codecov bot commented Jul 16, 2024
edited
Loading

Codecov Report

Attention: Patch coverage is 80.26316% with 15 lines in your changes missing coverage. Please review.

Project coverage is 75.28%. Comparing base (f6a9fad) to head (30c827a).

Files Patch % Lines
internal/action/storagedriver.go 72.22% 10 Missing and 5 partials ⚠️
Additional details and impacted files 
@@           Coverage Diff           @@
##             main    #1057   +/-   ##
=======================================
  Coverage   75.28%   75.28%           
=======================================
  Files          33       35    +2     
  Lines        1861     1914   +53     
=======================================
+ Hits         1401     1441   +40     
- Misses        321      330    +9     
- Partials      139      143    +4
Flag Coverage Δ
e2e 57.36% <80.26%> (+0.40%) ⬆️
unit 50.78% <1.31%> (-1.40%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@joelanford joelanford mentioned this pull request Jul 16, 2024
Merged
@joelanford joelanford mentioned this pull request Jul 17, 2024
Closed
@openshift-merge-robot openshift-merge-robot added the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Jul 18, 2024
@openshift-merge-robot openshift-merge-robot removed the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Jul 18, 2024
@joelanford joelanford force-pushed the custom-helm-storage branch 3 times, most recently from 011246e to e11beca Compare July 18, 2024 20:09
@openshift-merge-robot openshift-merge-robot added the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Jul 19, 2024
@openshift-merge-robot openshift-merge-robot removed the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Jul 19, 2024
@joelanford joelanford force-pushed the custom-helm-storage branch 2 times, most recently from bf02ec0 to 1a7068f Compare July 20, 2024 09:57
@openshift-merge-robot openshift-merge-robot added the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Jul 20, 2024
@openshift-merge-robot openshift-merge-robot removed the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Jul 20, 2024
@openshift-merge-robot openshift-merge-robot added the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Jul 23, 2024
@openshift-merge-robot openshift-merge-robot removed the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Jul 29, 2024
@joelanford joelanford marked this pull request as ready for review July 29, 2024 15:53
tmshort
tmshort approved these changes Jul 30, 2024
View reviewed changes
Copy link
Contributor

@tmshort tmshort left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm
Looks reasonable to me
(Added a comment later about a TODO though)

@openshift-ci openshift-ci bot added the lgtm Indicates that a PR is ready to be merged. label Jul 30, 2024
@tmshort tmshort removed the lgtm Indicates that a PR is ready to be merged. label Jul 30, 2024
tmshort
tmshort requested changes Jul 30, 2024
View reviewed changes
Copy link
Contributor

@tmshort tmshort left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

OK, I want the TODO in there about the timeout.
I would prefer a release of helm-operator-plugins, failing that, perhaps a TODO.

@tmshort
Copy link
Contributor

tmshort commented Aug 2, 2024

And... a rebase is needed...

@joelanford
Copy link
Member Author

Ok, rebased and reverted the catalog client timeout change, so it is back to 10s. Looks like e2e still passes in GH CI.

I'm also seeing main fail the same as locally for me as this branch, so let's chalk this up as a "me" problem for now.

tmshort
tmshort previously approved these changes Aug 2, 2024
View reviewed changes
Copy link
Contributor

@tmshort tmshort left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

@openshift-ci openshift-ci bot added the lgtm Indicates that a PR is ready to be merged. label Aug 2, 2024
@tmshort tmshort added this pull request to the merge queue Aug 2, 2024
@tmshort tmshort removed this pull request from the merge queue due to a manual request Aug 2, 2024
@joelanford
helm: use chunking release driver in systemNamespace
30c827a 
Signed-off-by: Joe Lanford <joe.lanford@gmail.com>
@openshift-ci openshift-ci bot removed the lgtm Indicates that a PR is ready to be merged. label Aug 2, 2024
tmshort
tmshort approved these changes Aug 2, 2024
View reviewed changes
Copy link
Contributor

@tmshort tmshort left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

@openshift-ci openshift-ci bot added the lgtm Indicates that a PR is ready to be merged. label Aug 2, 2024
@joelanford joelanford added this pull request to the merge queue Aug 2, 2024
Merged via the queue into operator-framework:main with commit cb9ea00 Aug 2, 2024
18 checks passed
perdasilva pushed a commit to LalatenduMohanty/operator-controller that referenced this pull request Aug 13, 2024
@joelanford
helm: use chunking release driver in systemNamespace (operator-framew…
3ec947f 
…ork#1057)

Signed-off-by: Joe Lanford <joe.lanford@gmail.com>
perdasilva pushed a commit to kevinrizza/operator-controller that referenced this pull request Aug 13, 2024
@joelanford
helm: use chunking release driver in systemNamespace (operator-framew…
1d189d7 
…ork#1057)

Signed-off-by: Joe Lanford <joe.lanford@gmail.com>
@skattoju skattoju mentioned this pull request Sep 9, 2024
Merged
@skattoju skattoju mentioned this pull request Sep 25, 2024
Merged
4 tasks
@joelanford joelanford deleted the custom-helm-storage branch October 22, 2024 13:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@acornett21 acornett21 acornett21 left review comments

@tmshort tmshort tmshort approved these changes

Assignees

@tmshort tmshort

Labels
lgtm Indicates that a PR is ready to be merged.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

BUG: data too long issue rendering
4 participants
@joelanford @tmshort @acornett21 @openshift-merge-robot