Adjust OpenAPI specs

.github/workflows/build-matrix.json

@@ -14,10 +14,10 @@
         "harbor-project": "crownlabs-core"
     },
     {
-        "component": "cloudimg-registry",
+        "component": "ciregistry",
         "context": "./operators",
         "dockerfile": "./operators/build/golang-common/Dockerfile",
-        "build-args": "COMPONENT=cloudimg-registry",
+        "build-args": "COMPONENT=ciregistry",
         "harbor-project": "crownlabs-core"
     },
     {

deploy/crownlabs/Chart.yaml

@@ -65,10 +65,10 @@ dependencies:
   repository: file://../../operators/deploy/instmetrics
   condition: instmetrics.enabled
 
-- name: cloudimg-registry
+- name: ciregistry
   version: "0.1.0"
-  repository: file://../../operators/deploy/cloudimg-registry
-  # condition: cloudimg-registry.enabled
+  repository: file://../../operators/deploy/ciregistry
+  # condition: ciregistry.enabled
 
 - name: policies
   version: "0.1.0"

deploy/crownlabs/values.yaml

@@ -155,15 +155,15 @@ instmetrics:
     updatePeriod: 4s
     grpcPort: 9090
 
-cloudimg-registry:
+ciregistry:
   replicaCount: 1
   configurations:
     volume:
       size: "100Gi"
       accessMode: "ReadWriteMany"
       storageClass: "rook-cephfs-primary"
   image:
-    repository: crownlabs/cloudimg-registry
+    repository: crownlabs/ciregistry
     pullPolicy: IfNotPresent
 
 policies:

infrastructure/certificate-provisioning/README.md

@@ -113,12 +113,13 @@ labels:
 ```
 
 ## Synchronize digital certificates between namespaces
+❗❗ `Kubed is no longer available and has been superseded by ConfigSyncer`
 
 In different scenarios, it may happen to have different `Ingress` resources in different namespaces which refer to the same domain (with different paths). Unfortunately, annotating all these ingresses with the `cert-manager.io/cluster-issuer` annotation soon leads to hitting the Let's Encrypt rate limits. Hence, it is necessary to introduce some mechanism to synchronize the secret generated between multiple namespaces. One of the projects currently providing a solution to this problem is [kubed](https://github.com/appscode/kubed).
 
 ### Install kubed
 
-Kubed can be easily installed with helm [[5]](https://appscode.com/products/kubed/v0.12.0/setup/install/).
+Kubed can be easily installed with helm [[5]](https://web.archive.org/web/20230605163413/https://appscode.com/products/kubed/v0.12.0/setup/install/).
 
 ```bash
 helm repo add appscode https://charts.appscode.com/stable/

operators/deploy/cloudimg-registry/Chart.yaml → operators/deploy/ciregistry/Chart.yaml

@@ -1,5 +1,5 @@
 apiVersion: v2
-name: cloudimg-registry
+name: ciregistry
 description: The CrownLabs Cloud Image Registry
 
 # A chart can be either an 'application' or a 'library' chart.

operators/deploy/cloudimg-registry/templates/_helpers.tpl → operators/deploy/ciregistry/templates/_helpers.tpl

@@ -2,7 +2,7 @@
 {{/*
 Expand the name of the chart.
 */}}
-{{- define "cloudimg-registry.name" -}}
+{{- define "ciregistry.name" -}}
 {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
 {{- end }}
 
@@ -11,7 +11,7 @@ Create a default fully qualified app name.
 We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
 If the release name contains the chart name, it will be used as a full name.
 */}}
-{{- define "cloudimg-registry.fullname" -}}
+{{- define "ciregistry.fullname" -}}
 {{- if .Values.fullnameOverride }}
 {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
 {{- else }}
@@ -27,7 +27,7 @@ If the release name contains the chart name, it will be used as a full name.
 {{/*
 The version of the application to be deployed
 */}}
-{{- define "cloudimg-registry.version" -}}
+{{- define "ciregistry.version" -}}
 {{- if .Values.global }}
 {{- .Values.image.tag | default .Values.global.version | default .Chart.AppVersion }}
 {{- else }}
@@ -38,24 +38,24 @@ The version of the application to be deployed
 {{/*
 Create chart name and version as used by the chart label.
 */}}
-{{- define "cloudimg-registry.chart" -}}
+{{- define "ciregistry.chart" -}}
 {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
 {{- end }}
 
 {{/*
 Common labels
 */}}
-{{- define "cloudimg-registry.labels" -}}
-helm.sh/chart: {{ include "cloudimg-registry.chart" . }}
-{{ include "cloudimg-registry.selectorLabels" . }}
-app.kubernetes.io/version: {{ include "cloudimg-registry.version" . | quote }}
+{{- define "ciregistry.labels" -}}
+helm.sh/chart: {{ include "ciregistry.chart" . }}
+{{ include "ciregistry.selectorLabels" . }}
+app.kubernetes.io/version: {{ include "ciregistry.version" . | quote }}
 app.kubernetes.io/managed-by: {{ .Release.Service }}
 {{- end }}
 
 {{/*
 Selector labels
 */}}
-{{- define "cloudimg-registry.selectorLabels" -}}
-app.kubernetes.io/name: {{ include "cloudimg-registry.name" . }}
+{{- define "ciregistry.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "ciregistry.name" . }}
 app.kubernetes.io/instance: {{ .Release.Name }}
 {{- end }}

operators/deploy/cloudimg-registry/templates/deployment.yaml → operators/deploy/ciregistry/templates/deployment.yaml

@@ -1,9 +1,9 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
-  name: {{ include "cloudimg-registry.fullname" . }}
+  name: {{ include "ciregistry.fullname" . }}
   labels:
-    {{ include "cloudimg-registry.labels" . | nindent 4 }}
+    {{ include "ciregistry.labels" . | nindent 4 }}
 {{- with .Values.deploymentAnnotations }}
   annotations:
     {{- toYaml . | nindent 4 }}
@@ -12,23 +12,32 @@ spec:
   replicas: {{ .Values.replicaCount }}
   selector:
     matchLabels:
-      {{ include "cloudimg-registry.selectorLabels" . | nindent 6 }}
+      {{ include "ciregistry.selectorLabels" . | nindent 6 }}
   template:
     metadata:
     {{- with .Values.podAnnotations }}
       annotations:
         {{- toYaml . | nindent 8 }}
     {{- end }}
       labels:
-        {{- include "cloudimg-registry.selectorLabels" . | nindent 8 }}
+        {{- include "ciregistry.selectorLabels" . | nindent 8 }}
     spec:
     {{- with .Values.imagePullSecrets }}
       imagePullSecrets:
         {{- toYaml . | nindent 8 }}
     {{- end }}
+      initContainers:
+      - name: fix-permissions
+        image: busybox:1.36.1
+        command: ["sh", "-c", "chown -R {{ .Values.podSecurityContext.fsGroup }}:{{ .Values.podSecurityContext.fsGroup }} {{ .Values.configurations.dataRoot }}"]
+        resources:
+          {{- toYaml .Values.resources | nindent 10 }}
+        volumeMounts:
+        - name: "{{ include "ciregistry.fullname" . }}-storage"
+          mountPath: {{ .Values.configurations.dataRoot }}
       containers:
         - name: {{ .Chart.Name }}
-          image: "{{ .Values.image.repository }}:{{ include "cloudimg-registry.version" . }}"
+          image: "{{ .Values.image.repository }}:{{ include "ciregistry.version" . }}"
           imagePullPolicy: {{ .Values.image.pullPolicy }}
           args:
             - "--data-root={{ .Values.configurations.dataRoot }}"
@@ -47,11 +56,13 @@ spec:
           resources:
             {{- toYaml .Values.resources | nindent 12 }}
           volumeMounts:
-            - name: "{{ include "cloudimg-registry.fullname" . }}-storage"
+            - name: "{{ include "ciregistry.fullname" . }}-storage"
               mountPath: {{ .Values.configurations.dataRoot }}
           securityContext:
             {{- toYaml .Values.securityContext | nindent 12 }}
+      securityContext:
+        {{- toYaml .Values.podSecurityContext | nindent 8 }}
       volumes:
-        - name: "{{ include "cloudimg-registry.fullname" . }}-storage"
+        - name: "{{ include "ciregistry.fullname" . }}-storage"
           persistentVolumeClaim:
-            claimName: "{{ include "cloudimg-registry.fullname" . }}-pvc"
+            claimName: "{{ include "ciregistry.fullname" . }}-pvc"

operators/deploy/cloudimg-registry/templates/pvc.yaml → operators/deploy/ciregistry/templates/pvc.yaml

@@ -1,9 +1,9 @@
 apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
-  name: "{{ include "cloudimg-registry.fullname" . }}-pvc"
+  name: "{{ include "ciregistry.fullname" . }}-pvc"
   labels:
-    {{ include "cloudimg-registry.labels" . | nindent 4 }}
+    {{ include "ciregistry.labels" . | nindent 4 }}
 spec:
   accessModes:
   - {{ .Values.configurations.volume.accessMode }}

operators/deploy/ciregistry/templates/service.yaml

@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "ciregistry.fullname" . }}
+  labels:
+    {{ include "ciregistry.labels" . | nindent 4 }}
+spec:
+  type: ClusterIP
+  selector:
+    {{ include "ciregistry.selectorLabels" . | nindent 4 }}
+  ports:
+  - name: http
+    port: 80
+    targetPort: http
+    protocol: TCP

operators/deploy/cloudimg-registry/values.yaml → operators/deploy/ciregistry/values.yaml

@@ -13,7 +13,7 @@ configurations:
     storageClass: "rook-cephfs-primary"
 
 image:
-  repository: crownlabs/cloudimg-registry
+  repository: crownlabs/ciregistry
   pullPolicy: IfNotPresent
   # Overrides the image tag whose default is the chart version.
   tag: ""
@@ -33,7 +33,6 @@ securityContext:
   capabilities:
     drop:
     - ALL
-  readOnlyRootFilesystem: true
   runAsNonRoot: true
   runAsUser: 2000
   runAsGroup: 2000

operators/go.mod

@@ -66,7 +66,7 @@ require (
 	github.com/segmentio/ksuid v1.0.3 // indirect
 	github.com/spf13/pflag v1.0.5 // indirect
 	github.com/swaggest/form/v5 v5.1.1 // indirect
-	github.com/swaggest/jsonschema-go v0.3.72 // indirect
+	github.com/swaggest/jsonschema-go v0.3.72
 	github.com/swaggest/openapi-go v0.2.54
 	github.com/swaggest/refl v1.3.0 // indirect
 	github.com/swaggest/rest v0.2.69

operators/pkg/ciregistry/handlers.go

@@ -54,6 +54,7 @@ func HandleGetImages(log klog.Logger) usecase.Interactor {
 		return nil
 	})
 
+	u.SetName("GetImages")
 	u.SetExpectedErrors(status.Internal, status.NotFound, status.InvalidArgument)
 
 	return u
@@ -86,6 +87,7 @@ func HandleGetImageTags(log klog.Logger) usecase.Interactor {
 		return nil
 	})
 
+	u.SetName("GetImageTags")
 	u.SetExpectedErrors(status.Internal, status.NotFound, status.InvalidArgument)
 
 	return u
@@ -187,6 +189,7 @@ func HandlePostImage(log klog.Logger) usecase.Interactor {
 		return err
 	})
 
+	u.SetName("PostImage")
 	u.SetExpectedErrors(status.Internal, status.InvalidArgument)
 
 	return u
@@ -215,6 +218,7 @@ func HandleDeleteTag(log klog.Logger) usecase.Interactor {
 		return nil
 	})
 
+	u.SetName("DeleteTag")
 	u.SetExpectedErrors(status.Internal, status.NotFound, status.InvalidArgument)
 
 	return u
@@ -227,6 +231,7 @@ func HealthzHandler() usecase.Interactor {
 		return nil
 	})
 
+	u.SetName("ReadinessProbe")
 	u.SetExpectedErrors(status.Unavailable)
 
 	return u

operators/pkg/ciregistry/router.go

@@ -16,7 +16,9 @@ package ciregistry
 
 import (
 	"net/http"
+	"reflect"
 
+	"github.com/swaggest/jsonschema-go"
 	"github.com/swaggest/openapi-go/openapi3"
 	"github.com/swaggest/rest/nethttp"
 	"github.com/swaggest/rest/web"
@@ -36,6 +38,15 @@ func NewRouter() http.Handler {
 	s.OpenAPISchema().SetDescription("API for managing cloudimage repositories and metadata.")
 	s.OpenAPISchema().SetVersion("1.0.0")
 
+	refl := s.OpenAPIReflector().JSONSchemaReflector()
+	refl.DefaultOptions = append(
+		refl.DefaultOptions,
+		func(rc *jsonschema.ReflectContext) {
+			rc.DefName = func(t reflect.Type, _ string) string {
+				return t.Name()
+			}
+		})
+
 	s.Get("/healthz", HealthzHandler())
 	s.Get("/{repo}", HandleGetImages(klog.LoggerWithName(log, "imagelist")))
 	s.Get("/{repo}/{image}", HandleGetImageTags(klog.LoggerWithName(log, "taglist")))

operators/pkg/ciregistry/storage.go

@@ -146,6 +146,11 @@ func ServeFile(fileName, contentType string, log klog.Logger) usecase.Interactor
 		return err
 	})
 
+	if fileName == "image.bin" {
+		u.SetName("GetImage")
+	} else {
+		u.SetName("GetImageMeta")
+	}
 	u.SetExpectedErrors(status.NotFound, status.Internal, status.InvalidArgument)
 
 	return u