Add initial values and container to the kubeapps-apis service.

chart/kubeapps/templates/_helpers.tpl

@@ -61,6 +61,13 @@ Return the proper kubeappsapis image name
 {{- include "common.images.image" (dict "imageRoot" .Values.kubeappsapis.image "global" .Values.global) -}}
 {{- end -}}
 
+{{/*
+Return the proper oci-catalog image name
+*/}}
+{{- define "kubeapps.ociCatalog.image" -}}
+{{- include "common.images.image" (dict "imageRoot" .Values.ociCatalog.image "global" .Values.global) -}}
+{{- end -}}
+
 {{/*
 Create a default fully qualified app name for PostgreSQL dependency.
 We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).

chart/kubeapps/templates/kubeappsapis/deployment.yaml

@@ -228,6 +228,86 @@ spec:
           {{- if .Values.kubeappsapis.extraVolumeMounts }}
           {{- include "common.tplvalues.render" (dict "value" .Values.kubeappsapis.extraVolumeMounts "context" $) | nindent 12 }}
           {{- end }}
+        {{- if .Values.ociCatalog.enabled }}
+        - name: oci-catalog
+          image: {{ include "kubeapps.ociCatalog.image" . }}
+          imagePullPolicy: {{ .Values.ociCatalog.image.pullPolicy | quote }}
+          {{- if .Values.ociCatalog.containerSecurityContext.enabled }}
+          securityContext: {{- omit .Values.ociCatalog.containerSecurityContext "enabled" | toYaml | nindent 12 }}
+          {{- end }}
+          {{- if .Values.kubeappsapis.lifecycleHooks }}
+          lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.kubeappsapis.lifecycleHooks "context" $) | nindent 12 }}
+          {{- end }}
+          {{- if .Values.diagnosticMode.enabled }}
+          command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }}
+          {{- else if .Values.ociCatalog.command }}
+          command: {{- include "common.tplvalues.render" (dict "value" .Values.ociCatalog.command "context" $) | nindent 12 }}
+          {{- else }}
+          command:
+            - /oci-catalog
+          {{- end }}
+          {{- if .Values.diagnosticMode.enabled }}
+          args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }}
+          {{- else if .Values.ociCatalog.args }}
+          args: {{- include "common.tplvalues.render" (dict "value" .Values.kubeappsapis.args "context" $) | nindent 12 }}
+          {{- else }}
+          args:
+            {{- range .Values.ociCatalog.extraFlags }}
+            - {{ . }}
+            {{- end }}
+          {{- end }}
+          env:
+            - name: OCI_CATALOG_PORT
+              value: {{ .Values.ociCatalog.containerPorts.http | quote }}
+            - name: RUST_LOG
+              # Use info,pinniped_proxy::pinniped=debug for module control.
+              value: info
+            {{- if .Values.ociCatalog.extraEnvVars }}
+            {{- include "common.tplvalues.render" (dict "value" .Values.ociCatalog.extraEnvVars "context" $) | nindent 12 }}
+            {{- end }}
+          envFrom:
+            {{- if .Values.ociCatalog.extraEnvVarsCM }}
+            - configMapRef:
+                name: {{ include "common.tplvalues.render" (dict "value" .Values.ociCatalog.extraEnvVarsCM "context" $) }}
+            {{- end }}
+            {{- if .Values.ociCatalog.extraEnvVarsSecret }}
+            - secretRef:
+                name: {{ include "common.tplvalues.render" (dict "value" .Values.ociCatalog.extraEnvVarsSecret "context" $) }}
+            {{- end }}
+          ports:
+            - name: grpc-http
+              containerPort: {{ .Values.ociCatalog.containerPorts.http }}
+          {{- if not .Values.diagnosticMode.enabled }}
+          {{- if .Values.ociCatalog.customLivenessProbe }}
+          livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.ociCatalog.customLivenessProbe "context" $) | nindent 12 }}
+          {{- else if .Values.ociCatalog.livenessProbe.enabled }}
+          livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.kubeappsapis.livenessProbe "enabled") "context" $) | nindent 12 }}
+            exec:
+              command: ["grpc_health_probe", "-addr=:{{ .Values.ociCatalog.containerPorts.http }}"]
+          {{- end }}
+          {{- if .Values.ociCatalog.customReadinessProbe }}
+          readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.ociCatalog.customReadinessProbe "context" $) | nindent 12 }}
+          {{- else if .Values.ociCatalog.readinessProbe.enabled }}
+          readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.ociCatalog.readinessProbe "enabled") "context" $) | nindent 12 }}
+            exec:
+              command: ["grpc_health_probe", "-addr=:{{ .Values.ociCatalog.containerPorts.http }}"]
+          {{- end }}
+          {{- if .Values.ociCatalog.customStartupProbe }}
+          startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.ociCatalog.customStartupProbe "context" $) | nindent 12 }}
+          {{- else if .Values.ociCatalog.startupProbe.enabled }}
+          startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.ociCatalog.startupProbe "enabled") "context" $) | nindent 12 }}
+            tcpSocket:
+              port: grpc-http
+          {{- end }}
+          {{- end }}
+          {{- if .Values.ociCatalog.resources }}
+          resources: {{- toYaml .Values.ociCatalog.resources | nindent 12 }}
+          {{- end }}
+          volumeMounts:
+          {{- if .Values.ociCatalog.extraVolumeMounts }}
+          {{- include "common.tplvalues.render" (dict "value" .Values.ociCatalog.extraVolumeMounts "context" $) | nindent 12 }}
+          {{- end }}
+        {{- end }}
         {{- if .Values.kubeappsapis.sidecars }}
         {{- include "common.tplvalues.render" (dict "value" .Values.kubeappsapis.sidecars "context" $) | trim | nindent 8 }}
         {{- end }}

chart/kubeapps/values.yaml

@@ -1843,6 +1843,157 @@ kubeappsapis:
     automountServiceAccountToken: true
     annotations: {}
 
+## @section OCI Catalog chart configuration
+ociCatalog:
+  ## @param ociCatalog.enabled Enable the OCI catolog gRPC service for cataloging
+  ## OCI repositories
+  enabled: false
+  ## Bitnami Kubeapps OCI Catalog image
+  ## ref: https://hub.docker.com/r/bitnami/kubeapps-ocicatalog/
+  ## @param dashboard.image.registry Dashboard image registry
+  ## @param dashboard.image.repository Dashboard image repository
+  ## @param dashboard.image.tag Dashboard image tag (immutable tags are recommended)
+  ## @param dashboard.image.digest Dashboard image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
+  ## @param dashboard.image.pullPolicy Dashboard image pull policy
+  ## @param dashboard.image.pullSecrets Dashboard image pull secrets
+  ## @param dashboard.image.debug Enable image debug mode
+  ##
+  image:
+    registry: docker.io
+    repository: kubeapps/oci-catalog
+    tag: latest
+    digest: ""
+    ## Specify a imagePullPolicy
+    ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
+    ## ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images
+    ##
+    pullPolicy: IfNotPresent
+    ## Optionally specify an array of imagePullSecrets.
+    ## Secrets must be manually created in the namespace.
+    ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
+    ## e.g:
+    ## pullSecrets:
+    ##   - myRegistryKeySecretName
+    ##
+    pullSecrets: []
+    ## Enable debug mode
+    ##
+    debug: false
+  ## @param ociCatalog.extraFlags Additional command line flags for OCI Catalog
+  ##
+  extraFlags: []
+  ## @param ociCatalog.extraEnvVars Array with extra environment variables to add to the oci-catalog container
+  ## e.g:
+  ## extraEnvVars:
+  ##   - name: FOO
+  ##     value: "bar"
+  ##
+  extraEnvVars: []
+  ## @param ocicatalog.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for the OCI Catalog container
+  ##
+  extraEnvVarsCM: ""
+  ## @param ocicatalog.extraEnvVarsSecret Name of existing Secret containing extra env vars for the OCI Catalog container
+  ##
+  extraEnvVarsSecret: ""
+  ## @param ocicatalog.containerPorts.http OCI Catalog HTTP container port
+  ##
+  containerPorts:
+    http: 50061
+  ## OCI Catalog containers' resource requests and limits
+  ## ref: https://kubernetes.io/docs/user-guide/compute-resources/
+  ## @param ocicatalog.resources.limits.cpu The CPU limits for the OCI Catalog container
+  ## @param ocicatalog.resources.limits.memory The memory limits for the OCI Catalog container
+  ## @param ocicatalog.resources.requests.cpu The requested CPU for the OCI Catalog container
+  ## @param ocicatalog.resources.requests.memory The requested memory for the OCI Catalog container
+  ##
+  resources:
+    limits:
+      cpu: 250m
+      memory: 256Mi
+    requests:
+      cpu: 25m
+      memory: 32Mi
+  ## Configure Container Security Context (only main container)
+  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
+  ## @param ociCatalog.containerSecurityContext.enabled Enabled OCI Catalog containers' Security Context
+  ## @param ociCatalog.containerSecurityContext.runAsUser Set OCI Catalog container's Security Context runAsUser
+  ## @param ociCatalog.containerSecurityContext.runAsNonRoot Set OCI Catalog container's Security Context runAsNonRoot
+  ##
+  containerSecurityContext:
+    enabled: true
+    runAsUser: 1001
+    runAsNonRoot: true
+  ## Configure extra options for OCI Catalog containers' liveness and readiness probes
+  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes
+  ## @param ocicatalog.livenessProbe.enabled Enable livenessProbe
+  ## @param ocicatalog.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe
+  ## @param ocicatalog.livenessProbe.periodSeconds Period seconds for livenessProbe
+  ## @param ocicatalog.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe
+  ## @param ocicatalog.livenessProbe.failureThreshold Failure threshold for livenessProbe
+  ## @param ocicatalog.livenessProbe.successThreshold Success threshold for livenessProbe
+  ## OCI Catalog containers' liveness and readiness probes
+  ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
+  ##
+  livenessProbe:
+    enabled: true
+    initialDelaySeconds: 60
+    periodSeconds: 10
+    timeoutSeconds: 5
+    failureThreshold: 6
+    successThreshold: 1
+  ## @param ocicatalog.readinessProbe.enabled Enable readinessProbe
+  ## @param ocicatalog.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe
+  ## @param ocicatalog.readinessProbe.periodSeconds Period seconds for readinessProbe
+  ## @param ocicatalog.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe
+  ## @param ocicatalog.readinessProbe.failureThreshold Failure threshold for readinessProbe
+  ## @param ocicatalog.readinessProbe.successThreshold Success threshold for readinessProbe
+  ##
+  readinessProbe:
+    enabled: true
+    initialDelaySeconds: 0
+    periodSeconds: 10
+    timeoutSeconds: 5
+    failureThreshold: 6
+    successThreshold: 1
+  ## @param ocicatalog.startupProbe.enabled Enable startupProbe
+  ## @param ocicatalog.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe
+  ## @param ocicatalog.startupProbe.periodSeconds Period seconds for startupProbe
+  ## @param ocicatalog.startupProbe.timeoutSeconds Timeout seconds for startupProbe
+  ## @param ocicatalog.startupProbe.failureThreshold Failure threshold for startupProbe
+  ## @param ocicatalog.startupProbe.successThreshold Success threshold for startupProbe
+  ##
+  startupProbe:
+    enabled: false
+    initialDelaySeconds: 0
+    periodSeconds: 10
+    timeoutSeconds: 5
+    failureThreshold: 6
+    successThreshold: 1
+  ## @param ocicatalog.customLivenessProbe Custom livenessProbe that overrides the default one
+  ##
+  customLivenessProbe: {}
+  ## @param ocicatalog.customReadinessProbe Custom readinessProbe that overrides the default one
+  ##
+  customReadinessProbe: {}
+  ## @param ocicatalog.customStartupProbe Custom startupProbe that overrides the default one
+  ##
+  customStartupProbe: {}
+  ## @param ociCatalog.lifecycleHooks Custom lifecycle hooks for OCI Catalog containers
+  ##
+  lifecycleHooks: {}
+  ## @param ociCatalog.command Override default container command (useful when using custom images)
+  ##
+  command: []
+  ## @param ocicatalog.args Override default container args (useful when using custom images)
+  ##
+  args: []
+  ## @param ocicatalog.extraVolumes Optionally specify extra list of additional volumes for the OCI Catalog pod(s)
+  ##
+  extraVolumes: []
+  ## @param ocicatalog.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the OCI Catalog container(s)
+  ##
+  extraVolumeMounts: []
+
 ## @section Redis® chart configuration
 ## ref: https://github.com/bitnami/charts/blob/main/bitnami/redis/values.yaml
 ##

cmd/kubeapps-apis/Dockerfile

@@ -7,6 +7,7 @@ FROM bitnami/golang:1.20.7 as builder
 WORKDIR /go/src/github.com/vmware-tanzu/kubeapps
 COPY go.mod go.sum ./
 ARG VERSION="devel"
+ARG TARGETARCH
 
 # If true, run golangci-lint to detect issues
 ARG lint
@@ -28,7 +29,7 @@ RUN if [ ! -z "$lint" ]; then \
 RUN curl -sSL "https://github.com/bufbuild/buf/releases/download/v$BUF_VERSION/buf-Linux-x86_64" -o "/tmp/buf" && chmod +x "/tmp/buf"
 
 # TODO: Remove and instead use built-in gRPC container probes once we're supporting >= 1.24 only. https://kubernetes.io/blog/2022/05/13/grpc-probes-now-in-beta/
-RUN curl -sSL "https://github.com/grpc-ecosystem/grpc-health-probe/releases/download/v${GRPC_HEALTH_PROBE_VERSION}/grpc_health_probe-linux-amd64" -o "/bin/grpc_health_probe" && chmod +x "/bin/grpc_health_probe"
+RUN curl -sSL "https://github.com/grpc-ecosystem/grpc-health-probe/releases/download/v${GRPC_HEALTH_PROBE_VERSION}/grpc_health_probe-linux-${TARGETARCH}" -o "/bin/grpc_health_probe" && chmod +x "/bin/grpc_health_probe"
 
 
 # With the trick below, Go's build cache is kept between builds.