♻️ Deduplicate definitions from deployment and cronjob #62
Conversation
|
@canterberry what do you think? its opt-in, non-breaking, should be safe to merge? |
|
First: thank you! I know you don't have to contribute anything at all, but you did! I and the community are grateful, and I don't show that gratitude early and often enough. So thank you. Now, let's talk about how we can get this done! Your general approach seems fine to me -- a new configuration block, clearly documented in the README, and disabled by default. When enabled, there's a cronjob that runs at some configurable frequency, using the registry's own CLI and configuration to perform the garbage collection. Great! Can you distill that down into a [near-]completely additive changeset? Rationale: You've done some refactoring here that goes above and beyond, which is great holistically, but in terms of code review, makes it much more difficult to evaluate the impact the changeset will have on existing code. For this chart in particular, I'm very hesitant to review any changes that aren't a slam-dunk, because I'm super cautious about breaking it, and since I'm not a user, personally, I rely on tidy changesets and easy code reviews to build that confidence to ship. Another small thing: no need to increment the version in Chart.yaml. That's something I do as part of the release process, in case there are multiple PRs ready for merge around the same time. Let's go! 🎉 |
|
Hi @canterberry 👋
I can totally understand.
If you do a ctrl+F for If you do a ctrl+F for I don't want to try to convince you to merge a PR you don't feel safe merging, but maybe there's a way of getting you a diff view that helps you review the PR. If you'd open these side by side, and do a visual inspect, maybe the triviality of the change becomes evident and we can get closer to that slam-dunk level? :) I'll revert the version bump in any case. Please let me know what you think! |
|
Would CI help boost confidence? e.g. https://github.com/helm/chart-testing-action I think their example workflow would show that there are no changes to the rendered deployment.yaml resulting from this PR |
|
Thank for your diligence. I can tell you're trying to make it easier for me, and I appreciate the effort! It's not what I need, though, so I'd like to redirect that energy toward achieving our mutual goal of getting this welcome feature delivered. In order to get this PR merged, please make it [near-]completely additive. No refactoring, no formatting changes. Just what is strictly necessary to deliver the feature as described. Only then will I feel comfortable reviewing the changeset. At that point, you might expect some minor feedback or changes requested, but that cycle time would be much shorter and I think we could get this merged quite quickly.
Edit: I completely understand your argument on minimizing duplication, and I agree with you! I'd love to see that in a follow-up PR once this one is merged, if you're willing! Tightly scoped refactoring, on its own, is pretty easy to review when it's not coupled with functional changes. |
This reverts commit fd7fdca.
|
Hi @canterberry, I've opened #68 with additional commit fd7fdca. Once that merges, this PR will become a refactor-PR, with as diff the revert commit d78c010. Is that what you are aiming for? |
|
@ddelange Once you rebase and/or merge the latest into this PR, I'll take a thorough look. I think it makes sense, conceptually, that the CronJob's pod(s) and the Deployment's pod(s) run with matching environments and volumes. The only potential issue I see coming up in review is whether (and to what extent) any functional changes or regressions might have slipped in. None have yet caught my eye, though. |
ddelange
changed the title
|
To inspect the changes in this PR, I ran the following command from a local clone of this PR's branch: $ helm template --namespace meta-namespace --set namespace=target-namespace --set garbageCollect.enabled=true drc .In both the resulting env:
- name: REGISTRY_HTTP_SECRET
valueFrom:
secretKeyRef:
name: drc-docker-registry-secret
key: haSharedSecret
- name: REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY
value: "/var/lib/registry"While this doesn't seem to have any functional impact ( |
templates/_helpers.tpl
Outdated
| {{- end }} | ||
|
|
||
| {{- with .Values.extraEnvVars }} | ||
| {{- toYaml . | nindent 12 }} |
There was a problem hiding this comment.
need to test, think indentation of extraEnvVars will come out wrong
| {{- toYaml . | nindent 12 }} | |
| {{- toYaml . }} |
There was a problem hiding this comment.
confirmed with
helm template --debug . --set extraEnvVars[0].name=TEST_NAME --set extraEnvVars[0].value=TEST_VALUE
| value: {{ .Values.s3.secure | quote }} | ||
| {{- end }} | ||
|
|
||
| {{- else if eq .Values.storage "swift" }} |
There was a problem hiding this comment.
If you have time you can split this chunk of variables into separate define sections, one per type, and then render them inside that define.
In that case you will achieve function like style where every Backend storage have isolated function to render their env variables.
Just a note, existing solution is fine as well.
|
env whitespaces fixed in 52a5d4b tested with |
|
I think we're not there yet. This might be a sensible Github Workflow to comment (and edit that comment) with a diff on a PR: alias helm_test_template='helm template --debug \
--set serviceAccount.create=true \
--set priorityClassName=high \
--set podAnnotations.test=annotation \
--set extraEnvVars[0].name=TEST_NAME \
--set extraEnvVars[0].value=TEST_VALUE \
--set secrets.htpasswd=abc \
--set tlsSecretName=abc \
--set garbageCollect.enabled=true \
--set proxy.enabled=true \
--set storage=s3 /
--set secrets.s3.secretKey=abc /
--set secrets.s3.accessKey=def /
--set s3.region=us-42 /
--set s3.bucket=abc /
--set s3.encrypt=abc'
diff -u <(helm_test_template https://github.com/twuni/docker-registry.helm/archive/refs/heads/main.tar.gz) <(helm_test_template .)gives in the --- /dev/fd/63 2022-08-10 10:48:29.000000000 +0200
+++ /dev/fd/62 2022-08-10 10:48:29.000000000 +0200
@@ -12,7 +12,7 @@
release: RELEASE-NAME
type: Opaque
data:
- haSharedSecret: "S2pTbHFaeEtCZ2ppTHY3bQ=="
+ haSharedSecret: "TnZBakJNSWVpbXRKeWFSUw=="
proxyUsername: ""
proxyPassword: ""
---
@@ -99,7 +99,7 @@
release: RELEASE-NAME
annotations:
checksum/config: 581c8cf6d59449d6c89ebf8ec1bef05751a9c8e281ca31f99c4e0291e054bfaf
- checksum/secret: 153f24ee9a430e533197ba266c83c185b4f95d38cd6ee547c93eca76a1969b85
+ checksum/secret: 25156342abc38ff3b671e698c348aa9d5726d62a1a9bcb539437febc7e5b8ccc
spec:
securityContext:
fsGroup: 1000
@@ -122,9 +122,9 @@
httpGet:
path: /
port: 5000
- resources:
+ resources:
{}
- env:
+ env:
- name: REGISTRY_HTTP_SECRET
valueFrom:
secretKeyRef:
@@ -132,14 +132,14 @@
key: haSharedSecret
- name: REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY
value: "/var/lib/registry"
- volumeMounts:
- - name: data
- mountPath: /var/lib/registry/
+ volumeMounts:
- name: "RELEASE-NAME-docker-registry-config"
mountPath: "/etc/docker/registry"
- volumes:
- - name: data
- emptyDir: {}
+ - name: data
+ mountPath: /var/lib/registry/
+ volumes:
- name: RELEASE-NAME-docker-registry-config
configMap:
name: RELEASE-NAME-docker-registry-config
+ - name: data
+ emptyDir: {} |
|
^ opened #70 |
|
Released in v2.2.1. |
Based on #28
Closes #63
Added one commit to bring the branch up to date with latest upstream
ref ddelange#1 for testing purposes, this can be installed with: