Skip to content

Commit

Permalink
Rollouts: Added support for OCI packages
Browse files Browse the repository at this point in the history
  • Loading branch information
@droot
droot committed May 26, 2023
1 parent 8ebdb63 commit ca2ea2c
Show file tree
Hide file tree
Showing 11 changed files with 395 additions and 15 deletions.
39 changes: 39 additions & 0 deletions rollouts/api/v1alpha1/remotesync_types.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -37,8 +37,10 @@ type Template struct {
}

type SyncSpec struct {
SourceType string `json:"sourceType,omitempty"`
SourceFormat string `json:"sourceFormat,omitempty"`
Git *GitInfo `json:"git,omitempty"`
Oci *OciInfo `json:"oci,omitempty"`
}

type GitInfo struct {
Expand All @@ -54,6 +56,43 @@ type GitInfo struct {
NoSSLVerify bool `json:"noSSLVerify,omitempty"`
}

// Oci contains configuration specific to importing resources from an OCI package.
type OciInfo struct {
// image is the OCI image repository URL for the package to sync from.
// e.g. `LOCATION-docker.pkg.dev/PROJECT_ID/REPOSITORY_NAME/PACKAGE_NAME`.
// The image can be pulled by TAG or by DIGEST if it is specified in PACKAGE_NAME.
// - Pull by tag: `LOCATION-docker.pkg.dev/PROJECT_ID/REPOSITORY_NAME/PACKAGE_NAME:TAG`.
// - Pull by digest: `LOCATION-docker.pkg.dev/PROJECT_ID/REPOSITORY_NAME/PACKAGE_NAME@sha256:DIGEST`.
// If neither TAG nor DIGEST is specified, it pulls with the `latest` tag by default.
Image string `json:"image,omitempty"`

// dir is the absolute path of the directory that contains
// the local resources. Default: the root directory of the image.
// +optional
Dir string `json:"dir,omitempty"`

// period is the time duration between consecutive syncs. Default: 15s.
// Note to developers that customers specify this value using
// string (https://golang.org/pkg/time/#Duration.String) like "3s"
// in their Custom Resource YAML. However, time.Duration is at a nanosecond
// granularity, and it is easy to introduce a bug where it looks like the
// code is dealing with seconds but its actually nanoseconds (or vice versa).
// +optional
Period metav1.Duration `json:"period,omitempty"`

// auth is the type of secret configured for access to the OCI package.
// Must be one of gcenode, gcpserviceaccount, or none.
// The validation of this is case-sensitive. Required.
//
// +kubebuilder:validation:Enum=gcenode;gcpserviceaccount;none
Auth string `json:"auth"`

// gcpServiceAccountEmail specifies the GCP service account used to annotate
// the RootSync/RepoSync controller Kubernetes Service Account.
// Note: The field is used when secretType: gcpServiceAccount.
GCPServiceAccountEmail string `json:"gcpServiceAccountEmail,omitempty"`
}

// Metadata specifies labels and annotations to add to the RSync object.
type Metadata struct {
Labels map[string]string `json:"labels,omitempty"`
Expand Down
26 changes: 23 additions & 3 deletions rollouts/api/v1alpha1/rollout_types.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -107,17 +107,19 @@ type ClusterSourceKind struct {
const (
GitHub PackageSourceType = "GitHub"
GitLab PackageSourceType = "GitLab"
OCI PackageSourceType = "OCI"
)

// +kubebuilder:validation:Enum=GitHub;GitLab
// +kubebuilder:validation:Enum=GitHub;GitLab;OCI
type PackageSourceType string

// PackagesConfig defines the packages the Rollout should deploy.
type PackagesConfig struct {
SourceType PackageSourceType `json:"sourceType"`

GitHub GitHubSource `json:"github,omitempty"`
GitLab GitLabSource `json:"gitlab,omitempty"`
GitHub GitHubSource `json:"github,omitempty"`
GitLab GitLabSource `json:"gitlab,omitempty"`
OciSource *OCISource `json:"oci,omitempty"`
}

// GitHubSource defines the packages source in GitHub.
Expand Down Expand Up @@ -157,6 +159,22 @@ type GitLabSelector struct {
Branch string `json:"branch,omitempty"`
}

type OCISource struct {
// image is the OCI image repository URL for the package to sync from.
// e.g. `LOCATION-docker.pkg.dev/PROJECT_ID/REPOSITORY_NAME/PACKAGE_NAME`.
// The image can be pulled by TAG or by DIGEST if it is specified in PACKAGE_NAME.
// - Pull by tag: `LOCATION-docker.pkg.dev/PROJECT_ID/REPOSITORY_NAME/PACKAGE_NAME:TAG`.
// - Pull by digest: `LOCATION-docker.pkg.dev/PROJECT_ID/REPOSITORY_NAME/PACKAGE_NAME@sha256:DIGEST`.
// If neither TAG nor DIGEST is specified, it pulls with the `latest` tag by default.
// Required
Image string `json:"image"`

// dir is the absolute path of the directory that contains
// the local resources. Default: the root directory of the image.
// +optional
Dir string `json:"dir,omitempty"`
}

// SecretReference contains the reference to the secret
type SecretReference struct {
// Name represents the secret name
Expand All @@ -183,13 +201,15 @@ type SyncTemplate struct {
type RootSyncTemplate struct {
SourceFormat string `json:"sourceFormat,omitempty"`
Git *GitInfo `json:"git,omitempty"`
Oci *OciInfo `json:"oci,omitempty"`
Metadata *Metadata `json:"metadata,omitempty"`
}

// RepoSyncTemplate represent the sync template for RepoSync.
type RepoSyncTemplate struct {
SourceFormat string `json:"sourceFormat,omitempty"`
Git *GitInfo `json:"git,omitempty"`
Oci *OciInfo `json:"oci,omitempty"`
Metadata *Metadata `json:"metadata,omitempty"`
}

Expand Down
53 changes: 52 additions & 1 deletion rollouts/api/v1alpha1/zz_generated.deepcopy.go
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

47 changes: 47 additions & 0 deletions rollouts/config/crd/bases/gitops.kpt.dev_remotesyncs.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -116,8 +116,55 @@ spec:
- auth
- repo
type: object
oci:
description: Oci contains configuration specific to importing
resources from an OCI package.
properties:
auth:
description: auth is the type of secret configured for
access to the OCI package. Must be one of gcenode, gcpserviceaccount,
or none. The validation of this is case-sensitive. Required.
enum:
- gcenode
- gcpserviceaccount
- none
type: string
dir:
description: 'dir is the absolute path of the directory
that contains the local resources. Default: the root
directory of the image.'
type: string
gcpServiceAccountEmail:
description: 'gcpServiceAccountEmail specifies the GCP
service account used to annotate the RootSync/RepoSync
controller Kubernetes Service Account. Note: The field
is used when secretType: gcpServiceAccount.'
type: string
image:
description: 'image is the OCI image repository URL for
the package to sync from. e.g. `LOCATION-docker.pkg.dev/PROJECT_ID/REPOSITORY_NAME/PACKAGE_NAME`.
The image can be pulled by TAG or by DIGEST if it is
specified in PACKAGE_NAME. - Pull by tag: `LOCATION-docker.pkg.dev/PROJECT_ID/REPOSITORY_NAME/PACKAGE_NAME:TAG`.
- Pull by digest: `LOCATION-docker.pkg.dev/PROJECT_ID/REPOSITORY_NAME/PACKAGE_NAME@sha256:DIGEST`.
If neither TAG nor DIGEST is specified, it pulls with
the `latest` tag by default.'
type: string
period:
description: 'period is the time duration between consecutive
syncs. Default: 15s. Note to developers that customers
specify this value using string (https://golang.org/pkg/time/#Duration.String)
like "3s" in their Custom Resource YAML. However, time.Duration
is at a nanosecond granularity, and it is easy to introduce
a bug where it looks like the code is dealing with seconds
but its actually nanoseconds (or vice versa).'
type: string
required:
- auth
type: object
sourceFormat:
type: string
sourceType:
type: string
type: object
type: object
type:
Expand Down
Loading

0 comments on commit ca2ea2c

Please sign in to comment.