Mirrors/flux2
1
0
Fork 0
mirror of synced 2026-02-07 03:05:56 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add oci:// proto to the spec

Browse Source 
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
This commit is contained in:
Stefan Prodan
2022-07-01 15:49:26 +03:00
parent e060873246
commit 6b9c0a5e48
1 changed files with 12 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
rfcs/kubernetes-oci/README.md
View File

@@ -45,7 +45,7 @@ Flux users should be able to package a local directory containing Kubernetes con
and push the archive to a container registry as an OCI artifact. and push the archive to a container registry as an OCI artifact.
```sh ```sh
flux push artifact docker.io/org/app-config:v1.0.0 \ flux push artifact oci://docker.io/org/app-config:v1.0.0 \
--source="$(git config --get remote.origin.url)" \ --source="$(git config --get remote.origin.url)" \
--revision="$(git branch --show-current)/$(git rev-parse HEAD)" \ --revision="$(git branch --show-current)/$(git rev-parse HEAD)" \
--path="./deploy" --path="./deploy"
@@ -74,14 +74,14 @@ To ease the promotion workflow of a specific version from one environment to ano
should offer a tagging command. should offer a tagging command.
```sh ```sh
flux tag artifact docker.io/org/app-config:v1.0.0 --tag=latest --tag=production flux tag artifact oci://docker.io/org/app-config:v1.0.0 --tag=latest --tag=production
``` ```
To view all the available artifacts in a repository and their metadata, the CLI should To view all the available artifacts in a repository and their metadata, the CLI should
offer a list command. offer a list command.
```sh ```sh
flux list artifacts docker.io/org/app-config flux list artifacts oci://docker.io/org/app-config
``` ```
To help inspect artifacts, the Flux CLI will offer a `build` and a `pull` command for generating To help inspect artifacts, the Flux CLI will offer a `build` and a `pull` command for generating
@@ -89,7 +89,7 @@ tarballs locally and for downloading the tarballs from remote container registri
```sh ```sh
flux build artifact --path ./deploy --output tmp/artifact.tgz flux build artifact --path ./deploy --output tmp/artifact.tgz
flux pull artifact docker.io/org/app-config:v1.0.0 --output ./manifests flux pull artifact oci://docker.io/org/app-config:v1.0.0 --output ./manifests
``` ```
### Pull artifacts ### Pull artifacts
@@ -104,12 +104,12 @@ metadata:
namespace: flux-system namespace: flux-system
spec: spec:
interval: 10m interval: 10m
url: docker.io/org/app-config url: oci://docker.io/org/app-config
ref: ref:
tag: v1.0.0 tag: v1.0.0
``` ```
The `spec.url` field points to the container image repository in the format `<host>:<port>/<org-name>/<repo-name>`. The `spec.url` field points to the container image repository in the format `oci://<host>:<port>/<org-name>/<repo-name>`.
Note that specifying a tag or digest is not in accepted for this field. The `spec.url` value is used by the controller Note that specifying a tag or digest is not in accepted for this field. The `spec.url` value is used by the controller
to fetch the list of tags from the remote OCI repository. to fetch the list of tags from the remote OCI repository.
@@ -202,13 +202,10 @@ source-controller will expose dedicated flags for each cloud provider:
--gcp-autologin-for-gcr --gcp-autologin-for-gcr
``` ```
We should extract the flags and the AWS, Azure and GCP auth implementations from image-reflector-controller into
`fluxcd/pkg/oci/auth` to reuses the code in source-controller.
### Reconcile artifacts ### Reconcile artifacts
The `OCIRepository` can be used as a drop-in replacement for `GitRepository` and `Bucket` sources. The `OCIRepository` can be used as a drop-in replacement for `GitRepository` and `Bucket` sources.
For example a Flux Kustomization can refer to an `OCIRepository` and reconcile the manifests found in the OCI artifact: For example, a Flux Kustomization can refer to an `OCIRepository` and reconcile the manifests found in the OCI artifact:
```yaml ```yaml
apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
@@ -248,7 +245,7 @@ Edit the app deployment manifest and set the new image tag.
Then push the Kubernetes manifests to GHCR: Then push the Kubernetes manifests to GHCR:
```sh ```sh
flux push artifact ghcr.io/org/my-app-config:v1.0.0 \ flux push artifact oci://ghcr.io/org/my-app-config:v1.0.0 \
--source="$(git config --get remote.origin.url)" \ --source="$(git config --get remote.origin.url)" \
--revision="$(git tag --points-at HEAD)/$(git rev-parse HEAD)"\ --revision="$(git tag --points-at HEAD)/$(git rev-parse HEAD)"\
--path="./deploy" --path="./deploy"
@@ -263,13 +260,13 @@ cosign sign --key cosign.key ghcr.io/org/my-app-config:v1.0.0
Mark `v1.0.0` as latest: Mark `v1.0.0` as latest:
```sh ```sh
flux tag artifact ghcr.io/org/my-app-config:v1.0.0 --tag latest flux tag artifact oci://ghcr.io/org/my-app-config:v1.0.0 --tag latest
``` ```
List the artifacts and their metadata with: List the artifacts and their metadata with:
```console ```console
$ flux list artifacts ghcr.io/org/my-app-config $ flux list artifacts oci://ghcr.io/org/my-app-config
ARTIFACT DIGEST SOURCE REVISION ARTIFACT DIGEST SOURCE REVISION
ghcr.io/org/my-app-config:latest sha256:45b95019d30af335137977a369ad56e9ea9e9c75bb01afb081a629ba789b890c https://github.com/org/my-app-config.git v1.0.0/20b3a674391df53f05e59a33554973d1cbd4d549 ghcr.io/org/my-app-config:latest sha256:45b95019d30af335137977a369ad56e9ea9e9c75bb01afb081a629ba789b890c https://github.com/org/my-app-config.git v1.0.0/20b3a674391df53f05e59a33554973d1cbd4d549
ghcr.io/org/my-app-config:v1.0.0 sha256:45b95019d30af335137977a369ad56e9ea9e9c75bb01afb081a629ba789b890c https://github.com/org/my-app-config.git v1.0.0/3f45e72f0d3457e91e3c530c346d86969f9f4034 ghcr.io/org/my-app-config:v1.0.0 sha256:45b95019d30af335137977a369ad56e9ea9e9c75bb01afb081a629ba789b890c https://github.com/org/my-app-config.git v1.0.0/3f45e72f0d3457e91e3c530c346d86969f9f4034
@@ -305,7 +302,7 @@ metadata:
namespace: default namespace: default
spec: spec:
interval: 10m interval: 10m
url: ghcr.io/org/my-app-config url: oci://ghcr.io/org/my-app-config
ref: ref:
semver: "1.x" semver: "1.x"
secretRef: secretRef:
@@ -397,7 +394,7 @@ spec:
ref: ref:
tag: 6.1.6 tag: 6.1.6
timeout: 60s timeout: 60s
url: ghcr.io/stefanprodan/manifests/podinfo url: oci://ghcr.io/stefanprodan/manifests/podinfo
status: status:
artifact: artifact:
checksum: d7e924b4882e55b97627355c7b3d2e711e9b54303afa2f50c25377f4df66a83b checksum: d7e924b4882e55b97627355c7b3d2e711e9b54303afa2f50c25377f4df66a83b