Status: withdrawn
Creation date: 2022-09-02
Last update: 2022-09-16
Pipeline-controller should be distributed as an OCI artifact and consumed using Flux's OCIRepository and Kustomization APIs as part of Weave GitOps Enterprise installation.
The Pipeline Controller is a controller and CRD adding functionality around Continuous Delivery Pipelines to Weave GitOps Enterprise (and eventually Weave GitOps OSS). It is supposed to be distributed alongside Weave GitOps Enterprise (WGE) when users install WGE.
- Transparently install pipeline-controller during installation of the WGE Helm chart.
Pipeline-controller is distributed in the form of an OCI manifest hosted at the ghcr.io registry. It is then installed by creating an OCIRepository and a Kustomization consuming that repository. These two manifests are included in the Weave GitOps Enterprise "mccp" Helm chart. Please see the Flux documentation for details.
In addition to building and tagging the container image the OCI artifact will be created using the Flux CLI:
flux push artifact oci://ghcr.io/weaveworks/manifests/pipeline-controller:$(IMG_TAG) --path=./config/ --source=https://github.com/weaveworks/pipeline-controller --revision=$(IMG_TAG)/$(shell git rev-parse HEAD)Upgrading the version of pipeline-controller used in WGE is accomplished by changing the .spec.ref.tag field of the OCIRepository manifest and releasing a new version of the "mccp" chart to which a running release would be upgraded.
Any potentially changed CRDs that are part of pipeline-controller are automatically upgraded as well.
- Simple release process: Distributing pipeline-controller as an OCI artifact leads to a much slimmer release process (see above) compared to alternatives such as using Helm charts where a Helm repository would have to be maintained.
- More reliable artifacts: We do already use kustomize in the pipeline-controller repository to deploy it locally during development (that's a kubebuilder default). As an effect the tooling and manifests are very well tested because every engineer makes use of them during daily development. Any separate way of distributing pipeline-controller would have to be augmented with similar testing and tooling which comes with more overhead.
Using OCIRepository requires Flux 0.32+. There is no strict policy in place at the moment as to which Flux version WGE supports. In order to not break WGE installation for users running older version of Flux on their clusters, the two manifests above could make use of Helm's Capabilities.APIVersion object in the "mccp" chart:
{{- if .Capabilities.APIVersions.Has "source.toolkit.fluxcd.io/v1beta2/OCIRepository" -}}
...
{{- end }}
This would lead to pipeline-controller not being installed on those clusters until the operator upgrades Flux on the cluster and the "mccp" HelmRelease is reconciled.
An alternative approach would be to make Flux 0.32+ mandatory starting with the WGE version shipping pipeline-controller which would be in line with the policy of recommending upgrading Flux regularly, too.
The only alternative considered was to publish a Helm chart for pipeline-controller and making it a dependency of the "mccp" WGE chart. However, this has an obvious drawback which is that most of the manifests from the kustomize tooling used during development would have to be duplicated and kept in sync with the chart manifests. Accommodating this would be done by completely removing the kustomize tooling from the repository and only using Helm charts during development. However, adding the overhead of Helm templating and chart versioning/publication isn't deemed to provide a benefit over the more lightweight kustomize approach.
Two files are added to the WGE "mccp" chart's templates:
# ocirepository_pipeline-controller.yaml
apiVersion: source.toolkit.fluxcd.io/v1beta2
kind: OCIRepository
metadata:
name: pipeline-controller
namespace: flux-system
spec:
interval: 10m0s
provider: generic
ref:
tag: v0.0.1
url: oci://ghcr.io/weaveworks/manifests/pipeline-controller# kustomization_pipeline-controller.yaml
---
apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
kind: Kustomization
metadata:
name: pipeline-controller
namespace: flux-system
spec:
interval: 1h0m0s
path: ./config/default
prune: true
sourceRef:
kind: OCIRepository
name: pipeline-controller
targetNamespace: flux-system
timeout: 2m0s
wait: true