Helm backend #9
Helm backend #9
Conversation
- Add TARGETARCH buildarg to migration job Dockerfile for local testing - Fix workload migration to use correct appType parameter and sequence starting value - Omit id from Workload and Helm configs to avoid confusion - List all missing env vars - Fix incorrect image registry URL - Ignore not found error when deleting a namespace - Fix various API handlers - Fix async error handling during app validation - Do not await deployment process after validation and creating a Deployment - Update git version
- Write types for the form states of configs of different sources - Add helper functions for form state and config generation - Move source or app type-specific code into separate components - Separate DiffInput into DiffInput and DiffSelect for speed
Tested on an x86_64 system (TARGETARCH=amd64). Works with `docker build` and from Tilt. Should work on 64-bit ARM systems; won't work on 32-bit ARM since Tini's binary naming convention doesn't line up. Source: https://github.com/BretFisher/multi-platform-docker-build
…flictError handler
Not sure if this changes semantics but it matches the convention of the other functions in the file. Maybe try/catch behavior is different?
There was a problem hiding this comment.
Phew! This PR is gigantic. I've looked over everything but I haven't tested it myself yet.
I made some small changes that shouldn't change any behavior. Here is that diff if you'd like to review: https://github.com/PurdueRCAC/AnvilOps/compare/9eebc7979352eaa53f3d0ee9ef962cd7f0daa93f..ec207db68386c72474b82623e8cb45446bcf2883.
General notes:
- I really like the idea of data-driven Helm templates that allow us to create forms with JSON and validate with JSON schemas. Great idea.
- The refactoring generally looks good and I like the way you're doing dependency injection in
src/service/helper/*. - Thanks for splitting off the frontend form stuff into separate files based on configuration area. That makes it a lot nicer to work with.
- Administrators should have the ability to disable Helm deployments via environment variable. Maybe even Git and Image deployments too for completeness.
- Of course, documentation needs to be updated to explain how administrators configure a Helm OCI repo & how users use the charts.
- On the subject of documentation, I think the codebase is separated enough that we should document the directory structure somewhere.
Everything else is in individual review comments.
| async create({ | ||
| appId, | ||
| appType, | ||
| config, |
There was a problem hiding this comment.
Why can't you use config.appType here instead of relying on a separate parameter? If you use config.appType, I think you can take advantage of the discriminated union to get rid of the type casts in this method.
| enum AppType { | ||
| workload | ||
| helm | ||
| } |
There was a problem hiding this comment.
We should make the capitalization consistent on all of our enums. Can be addressed in another PR though.
| id Int @id @default(autoincrement()) | ||
| deployment Deployment? | ||
| appType AppType | ||
| workloadConfig WorkloadConfig? @relation(fields: [workloadConfigId], references: [id], onDelete: Cascade) |
There was a problem hiding this comment.
I think the @relation should be specified on the WorkloadConfig and HelmConfig models instead of on the DeploymentConfig model. Currently, if the WorkloadConfig is deleted, them the DeploymentConfig is deleted, not the other way around. Is this intended?
I wish we could make the deploymentConfig field in WorkloadConfig and HelmConfig required.
| } | ||
| } | ||
|
|
||
| return runHelm(args); |
There was a problem hiding this comment.
I worry about running Helm in the same container as the AnvilOps web server. Ideally, we'd run helm in a K8s Job so that we can lock it down better, similar to what's happening in builder.ts and import.ts. I think Rancher does this too when installing Helm charts, but I haven't checked.
If we want to keep it like this for the sake of simplicity, we have to make sure that Go templates can't be used to run arbitrary code or access sensitive information (including via Sprig, the library that Helm uses for extra template utilities) and can't lead to resource exhaustion via large or circular templates.
|
|
||
| export async function getRepositoriesByProject(projectName: string) { | ||
| return fetch( | ||
| `${env.REGISTRY_PROTOCOL}://${env.REGISTRY_API_URL}/projects/${projectName}/repositories`, |
There was a problem hiding this comment.
Based on the comments in env.ts,
${env.REGISTRY_PROTOCOL}://${env.REGISTRY_API_URL}
would evaluate to something like
https://https://myregistry.host.name
Either the comment in env.ts:157 should be updated to note that the protocol shouldn't be included (would probably break things elsewhere?), or REGISTRY_PROTOCOL should be removed here.
| <TabsTrigger value="overview"> | ||
| <span>Overview</span> | ||
| </TabsTrigger> | ||
| {!!app.activeDeployment && ( |
There was a problem hiding this comment.
The Status tab should also require a Workload deployment type. It's currently only designed to grab info from the StatefulSet that AnvilOps creates, although we could rework it in the future to work in a more generic way for Helm deployments.
| if (!isWorkloadConfig(app.config)) { | ||
| return ( | ||
| <div className="text-center py-8"> | ||
| <p>Configuration editing is not available for Helm-based apps.</p> |
There was a problem hiding this comment.
I assume this is temporary since users need a place to edit the Helm chart values, but if not, the whole tab should be hidden just like what I do for the Files and Logs tabs when they don't have any content.
| if (!isWorkloadConfig(app.config)) { | ||
| return ( | ||
| <div className="text-center py-8"> | ||
| <p>File browser is not available for Helm-based apps.</p> |
There was a problem hiding this comment.
Should be unnecessary since the tab is hidden
| )} | ||
| <p className="flex items-center gap-2"> | ||
| <Network size={16} /> | ||
| Internal address |
There was a problem hiding this comment.
I think the internal address should be hidden too. We don't know what the Service name is, if any.
| * | ||
| * @throws DeploymentError | ||
| */ | ||
| private async deployGit({ |
There was a problem hiding this comment.
This method has quite a few responsibilities. For example, there are instances where we call deployGit and it actually doesn't deploy and instead creates a pending check run for a future deployment. Maybe at least the checkRun.pending === true case should be split off into a separate method?
Changes
/chart
anvilops-valuesis some JSON that could be used for generating form fields for the chart on the frontend./openapi
/backend
/prisma
/db
/lib
helmto retrieve and upgrade charts./service
/frontend
To-do