app-registry / appr Goto Github PK
View Code? Open in Web Editor NEWLicense: Apache License 2.0
License: Apache License 2.0
I have a chart that I want to contain a number of private dependencies stored in quay, is there a way inside my helm chart to reference these? For example
my_chart/requirements.yml
would contain something like
- name: my_dependant_chart
version: 1.1.0
repository: https://quay.io/mycompany/my_dependant_chart
It would be nice for an appr dependency in a helm requirements.yaml
to pass through other helm dependency options than just name
, version
, and repository
. A use case is the dependency option condition
which allows a dependency to be enabled depending on a value in user supplied configuration.
For example:
appr:
- name: reg.my.company/org/chart
version: 0.1.0
condition: subdep.enabled
would result in
dependencies:
- name: chart
version: 0.1.0
repository: file://appr_charts/org/chart
condition: subdep.enabled
appr:
- name: reg.my.company/org/chart
version: 0.1.0
condition: subdep.enabled
So I have the following use-case:
We use the Quay Enterprise Registry in combination with the App-Registry Helm plugin. We have multiple organizations with Application Repositories and each organization has it's own robot account. This requires that we can login with different robot accounts into the same registry at the same "time"(if we don't want to login before every push). In the .appr/auths.yaml the credentials are stored per URL/Registry.
It would be nice if we could set the APPR_CONF_DIR (which is already there in the source code) per command line so that we can switch "context" between helm registry calls, e.g.:
It looks like it's not possible to use the environment variables APPR_CONF_DIR when using appr as Helm plugin (it's just ignored):
export APPR_CONF_DIR=.appr2
helm registry login -k -u <user> -p <pw> <registry-url>
# credentials are still stored in ~/.appr/auths.yaml
A command line flag for the registry plugin would solve this.
Switch between public./ private
The there isn't an included executable for alpine in the 0.7.3 release. Has this target been removed?
Hi,
currently appr and accordingly the helm app registry plugin is only supported on Linux and OSX. Would it be possible to support it also on Windows?
As far as I'm aware there biggest problem is that the appr binary is build with travis ci (I didn"t look in detail at the GitLab build) and pyinstaller. Travis ci only builds on Linux and OSX and pyinstaller doesn't support cross-compilation. But I saw there is one release of appr-helm-plugin with a Windows binary.
We got it running on Windows by building the appr.exe locally and creating a Powershell version of cnr.sh.
Is there a solution for the cross-compilation problem?
Hi,
it would be nice if appr could provide an option to specify a custom keystore / bundle, so that it can be used with registries with self-signed certificates.
I tried to set the environment variable APPR_CA_BUNDLES to a folder with our CA pem file and to the CA file, which should be trusted, itself, e.g.:
export APPR_CA_BUNDLES=/tmp/certs/
# or
export APPR_CA_BUNDLES=/tmp/certs/Root-CA.pem
If i understand the documentation of requests correctly, this should work. But we only got:
Api-version: .. Connection error
Client-version: 0.6.1
I can only guess that the environment variable is not used correctly?
$ cnr list
error: missing registry
$ cnr list quay.io
quay.io/ant31/toto
$ cnr list
quay.io/ant31/toto
$ cnr list localhost:5000
localhost:5000/ant31/foo
$ cnr list
localhost:5000/ant31/foo
app-registry/appr-helm-plugin#17 (comment)
appr list quay.io/myns
instead of
appr list quay.io -o myns
Traceback (most recent call last):
File "bin/appr", line 6, in <module>
File "appr/commands/cli.py", line 74, in cli
File "appr/commands/command_base.py", line 130, in call
File "appr/commands/command_base.py", line 134, in exec_cmd
File "appr/commands/push.py", line 139, in _call
File "appr/commands/push.py", line 134, in _init
File "appr/commands/push.py", line 94, in _chart
File "appr/formats/helm/manifest_chart.py", line 20, in __init__
File "appr/formats/helm/manifest_chart.py", line 39, in _load_from_path
UnboundLocalError: local variable 'mfile' referenced before assignment
[24674] Failed to execute script appr
Most of the time the '--media-type' is required because there is a single manifest type available.
This case is handled server-side, if the media type is "-': api/v1/packages/ns/name/1.0.3/-/pull
$ appr helm upgrade cr.vertiv.life/devops/elasticsearch:beta --namespace logging --tiller-namespace logging -f values.yaml monitoring 14:00 on Fri Sep 01
Traceback (most recent call last):
File "PyInstaller/loader/rthooks/pyi_rth_multiprocessing.py", line 9, in <module>
ImportError: No module named spawn
[129] Failed to execute script pyi_rth_multiprocessing
The 0.7.1 release works without issue.
With a failed login and using the output flag to choose json, the output is not json.
The expectation is that the output will always be in the format requested.
$ helm registry login -u 'foo' -p 'bar' quay.io --output json
usage: appr [-h]
{run-server,show,inspect,logout,plugins,helm,pull,list,delete-package,version,push,login,config,channel}
...
appr: error:
message: '401 Client Error: UNAUTHORIZED for url: https://quay.io/cnr/api/v1/users/login'
response: '{"error":{"code":"unauthorized-access","details":{},"message":"Invalid Username or Password"}}
'
Error: plugin "registry" exited with error
In the event that you're using version-locked helm paths but still have a helm in PATH, the wrong version of helm is used.
As part of kraken, we maintain the last known tested version of helm for each of the last 3 kubernetes releases, ie.
/opt/cnct/kubernetes/v1.5/bin/helm
/opt/cnct/kubernetes/v1.6/bin/helm
/opt/cnct/kubernetes/v1.7/bin/helm
and a symlink of /usr/bin/helm
to /opt/cnct/kubernetes/v1.7/bin/helm`
This causes a helm registry install
to fail as the client and server versions do not match when using helm from a path other than v1.7.
Please use the helm version from which appr is called.
Native Helm execution
$ helm upgrade --namespace logging --tiller-namespace logging -f ../values.yaml monitoring .
Error: UPGRADE FAILED: Deployment.apps "monitoring-elasticsearch-kibana" is invalid: spec.template.metadata.labels: Invalid value: map[string]string{"chart":"elasticsearch-0.1.2", "heritage":"Tiller", "release":"monitoring", "role":"kibana", "app":"monitoring-elasticsearch-kibana"}: `selector` does not match template `labels` && StatefulSet.apps "monitoring-elasticsearch-master" is invalid: spec: Forbidden: updates to statefulset spec for fields other than 'replicas', 'template', and 'updateStrategy' are forbidden. && StatefulSet.apps "monitoring-elasticsearch-client-2" is invalid: spec: Forbidden: updates to statefulset spec for fields other than 'replicas', 'template', and 'updateStrategy' are forbidden. && StatefulSet.apps "monitoring-elasticsearch-ext4-data" is invalid: spec: Forbidden: updates to statefulset spec for fields other than 'replicas', 'template', and 'updateStrategy' are forbidden. && StatefulSet.apps "monitoring-elasticsearch-data-gen2" is invalid: spec: Forbidden: updates to statefulset spec for fields other than 'replicas', 'template', and 'updateStrategy' are forbidden.
$ echo $?
1
vs. through appr
$ appr helm upgrade cr.vertiv.life/devops/[email protected] --namespace logging --tiller-namespace logging -f values.yaml monitoring
Error: UPGRADE FAILED: Deployment.apps "monitoring-elasticsearch-kibana" is invalid: spec.template.metadata.labels: Invalid value: map[string]string{"release":"monitoring", "role":"kibana", "app":"monitoring-elasticsearch-kibana", "chart":"elasticsearch-0.1.2", "heritage":"Tiller"}: `selector` does not match template `labels` && StatefulSet.apps "monitoring-elasticsearch-master" is invalid: spec: Forbidden: updates to statefulset spec for fields other than 'replicas', 'template', and 'updateStrategy' are forbidden. && StatefulSet.apps "monitoring-elasticsearch-client-2" is invalid: spec: Forbidden: updates to statefulset spec for fields other than 'replicas', 'template', and 'updateStrategy' are forbidden. && StatefulSet.apps "monitoring-elasticsearch-data-gen2" is invalid: spec: Forbidden: updates to statefulset spec for fields other than 'replicas', 'template', and 'updateStrategy' are forbidden. && StatefulSet.apps "monitoring-elasticsearch-ext4-data" is invalid: spec: Forbidden: updates to statefulset spec for fields other than 'replicas', 'template', and 'updateStrategy' are forbidden.
$ echo $?
0
In order to script around this, the exit code of helm execution needs to be reflected in the exit code of appr.
@registry_app.route("/api/v1/packages/string:namespace/string:package_name/string:version/
channels"
helm registry install quay.io/samsung_cnct/[email protected] --name ingress-nginx --namespace default --values /home/jjulian/.kraken/jjregistry/quay.io-ingress-nginx.helmvalues
fails:
usage: appr [-h]
{show,inspect,logout,plugins,helm,pull,list,delete-package,version,push,login,config,channel}
...
appr: error: unrecognized arguments: --name ingress-nginx --namespace default --values /home/jjulian/.kraken/jjregistry/quay.io-ingress-nginx.helmvalues
E0706 23:09:02.730713 16604 portforward.go:209] Unable to create listener: Error listen tcp6 [::1]:41323: bind: cannot assign requested address
Error: This command needs 1 argument: chart name
Error: plugin "registry" exited with error
In https://github.com/app-registry/appr/blob/master/appr/commands/plugins/helm/cnr.sh, the switches are all passed to appr pull
. Unsupported switches should probably be silently ignored.
Further, the needed switches are not passed to helm install
preventing it from being assigned the expected name or being installed into the correct namespace.
Often different robot account are configured per namespace or repo.
Currently login are stored per domain and we would like more fine control to scope auth per namespace / repo too.
spin-off: #61
"auths":
"domain":
"*": {token: auth} # default auth for the domain
"namespace":
"*": {token: auth} # default auth for the namespace
"repo": {token: auth} # auth for the repo
or
"auths":
"domain": {token: auth} # default auth for the domain
"domain/namespace": {token: auth} # default auth for the namespace
"domain/namespace/repo": {token: auth} # auth for the repo
CLI:
appr login quay.io
appr login quay.io/namespace
appr login quay.io/namespace/repo
Very cool project!! I pulled down the repo and was able to get the server running just fine, but when I tried to run ./Documentation/test.sh
all of the curl commands besides the ones that pull down charts failed with:
curl -XPOST http://localhost:5000/api/v1/packages/foo/bar -d '{"blob": "H4sIAP3mAFgAA+3OMQqEMBCF4ak9RU4gGaPxPClcVogKGou9/SpYrI2yhYjwf82DeVO8LvTtq5lS/gldlGvYhfflmlpX9jc3XtStV++KSsVqobUTYy/aszNPKYzGSOiT04O/s/6h3k2MQ3b3CgAAAAAAAAAAAAAAAADAv77X4+BWACgAAA==", "release": "1.0.1", "media_type": "kpm"}'
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<title>404 Not Found</title>
<h1>Not Found</h1>
<p>The requested URL was not found on the server. If you entered the URL manually please check your spelling and try again.</p>
because the helm code for requirements.yaml uses a map keyed on name aliased entries in the appr map get ignored when building dependancies. Switching this to an array would solve the issue.
now that https://github.com/app-registry/appr-helm-plugin has a windows release the name of the file that gets downloaded needs to be either passed in from the command line or be set based on what the operating system is.
the current solution doesn't work and fails with the following output:
appr plugins install helm
Traceback (most recent call last):
File "/usr/bin/appr", line 6, in
cli()
File "/usr/lib/python2.7/site-packages/appr/commands/cli.py", line 56, in cli
args.func(args)
File "/usr/lib/python2.7/site-packages/appr/commands/plugins.py", line 70, in _install
cmd.status = cls.plugins[plugin_name]['install_method'](plugin, cls.plugins[plugin_name])
File "/usr/lib/python2.7/site-packages/appr/commands/plugins.py", line 21, in install_helm_plugin
res.raise_for_status()
File "/usr/lib/python2.7/site-packages/requests/models.py", line 935, in raise_for_status
raise HTTPError(http_error_msg, response=self)
requests.exceptions.HTTPError: 404 Client Error: Not Found for url: https://github.com/app-registry/appr-helm-plugin/releases/download/v0.7.0/registry-helm-plugin.tar.gz
When running:
helm registry install quay.io/myorg/chartname --name releaseName --namespace prod -f env-values-overrides/prod.yaml
If there was an error (for example: in the env-values-overrides/prod.yaml file an environment variable has a value but no name) and Kubernetes fails to deploy, there will be an error logged:
Error: release releaseName failed: Deployment.apps "prod-appName" is invalid: spec.template.spec.containers[0].env[3].name: Required value
But helm registry
exists with a 0 (aka: false success)
if not using the plugin, helm
errors with status 1
same problem exists for helm registry upgrade --install
I have the following in a .helmignore
/.git
/.gitlab-ci.yml
test/
appr_charts/
This doesn't actually ignore anything and is a divergence from the way helm processes .helmignore
.
See the test cases for helm here
This syntax is also valid for other ignore formats. I think the current code wrongly includes the path to the current directory from the drive root.
https://docs.python.org/2/library/abc.html
And then require that instances passed to functionality constructors pass the instanceof
check.
This will help implementers to make sure they are implementing the bases correctly.
Close to the json returned in the list /api/v1/packages
.
Add:
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.