Added ability to configure Helm chart repository accessible within cl…

…uster

* Introduced `HelmChartRepository` top-level CR modelled according to chartrepo.Entry
  from https://github.com/helm/helm/blob/master/pkg/repo/chartrepo.go#L42
* The corresponding enchancement: openshift/enhancements/pull/175

Makefile

@@ -20,6 +20,7 @@ GO_LD_FLAGS:=
 # $4 - output
 $(call add-crd-gen,authorization,./authorization/v1,./authorization/v1,./authorization/v1)
 $(call add-crd-gen,config,./config/v1,./config/v1,./config/v1)
+$(call add-crd-gen,helm,./helm/v1alpha1,./helm/v1alpha1,./helm/v1alpha1)
 $(call add-crd-gen,console,./console/v1,./console/v1,./console/v1)
 $(call add-crd-gen,imageregistry,./imageregistry/v1,./imageregistry/v1,./imageregistry/v1)
 $(call add-crd-gen,operator,./operator/v1,./operator/v1,./operator/v1)
@@ -52,4 +53,4 @@ update: update-scripts update-codegen-crds
 
 generate-with-container: Dockerfile.build
 	$(RUNTIME) build -t $(RUNTIME_IMAGE_NAME) -f Dockerfile.build .
-	$(RUNTIME) run -ti --rm -v $(PWD):/go/src/github.com/openshift/api:z -w /go/src/github.com/openshift/api $(RUNTIME_IMAGE_NAME) make update-scripts
+	$(RUNTIME) run -ti --rm -v $(PWD):/go/src/github.com/openshift/api:z -w /go/src/github.com/openshift/api $(RUNTIME_IMAGE_NAME) make update

hack/update-deepcopy.sh

@@ -10,7 +10,7 @@ verify="${VERIFY:-}"
 GOFLAGS="" bash ${CODEGEN_PKG}/generate-groups.sh "deepcopy" \
   github.com/openshift/api/generated \
   github.com/openshift/api \
-  "apps:v1 authorization:v1 build:v1 config:v1 console:v1 image:v1,docker10,dockerpre012 imageregistry:v1 kubecontrolplane:v1 legacyconfig:v1 network:v1 oauth:v1 openshiftcontrolplane:v1 operator:v1 operator:v1alpha1 operatorcontrolplane:v1alpha1 operatoringress:v1 osin:v1 project:v1 quota:v1 route:v1 samples:v1 security:v1 servicecertsigner:v1alpha1 template:v1 user:v1" \
+  "apps:v1 authorization:v1 build:v1 config:v1 helm:v1alpha1 console:v1 image:v1,docker10,dockerpre012 imageregistry:v1 kubecontrolplane:v1 legacyconfig:v1 network:v1 oauth:v1 openshiftcontrolplane:v1 operator:v1 operator:v1alpha1 operatorcontrolplane:v1alpha1 operatoringress:v1 osin:v1 project:v1 quota:v1 route:v1 samples:v1 security:v1 servicecertsigner:v1alpha1 template:v1 user:v1" \
   --go-header-file ${SCRIPT_ROOT}/hack/empty.txt \
   ${verify}
 

hack/verify-crds.sh

@@ -8,6 +8,7 @@ fi
 
 FILES="authorization/v1/*.crd.yaml
 config/v1/*.crd.yaml
+helm/v1alpha1/*.crd.yaml
 console/v1/*.crd.yaml
 imageregistry/v1/*crd.yaml
 operator/v1/*.crd.yaml

helm/v1alpha1/0000_10-helm-chart-repository.crd.yaml

@@ -0,0 +1,138 @@
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  name: helmchartrepositories.helm.openshift.io
+spec:
+  scope: Cluster
+  preserveUnknownFields: false
+  group: helm.openshift.io
+  names:
+    kind: HelmChartRepository
+    listKind: HelmChartRepositoryList
+    plural: helmchartrepositories
+    singular: helmchartrepository
+  versions:
+  - name: v1alpha1
+    served: true
+    storage: true
+  subresources:
+    status: {}
+  "validation":
+    "openAPIV3Schema":
+      description: HelmChartRepository holds cluster-wide configuration for proxied
+        Helm chart repository
+      type: object
+      required:
+      - spec
+      properties:
+        apiVersion:
+          description: 'APIVersion defines the versioned schema of this representation
+            of an object. Servers should convert recognized schemas to the latest
+            internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+          type: string
+        kind:
+          description: 'Kind is a string value representing the REST resource this
+            object represents. Servers may infer this from the endpoint the client
+            submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+          type: string
+        metadata:
+          type: object
+        spec:
+          description: spec holds user settable values for configuration
+          type: object
+          properties:
+            ca:
+              description: ca is an optional reference to a config map by name containing
+                the PEM-encoded CA bundle. It is used as a trust anchor to validate
+                the TLS certificate presented by the remote server. The key "ca.crt"
+                is used to locate the data. If empty, the default system roots are
+                used. The namespace for this config map is openshift-config.
+              type: object
+              required:
+              - name
+              properties:
+                name:
+                  description: name is the metadata.name of the referenced config
+                    map
+                  type: string
+            description:
+              description: Optional human readable repository description, it can
+                be used by UI for displaying purposes
+              type: string
+              minLength: 1
+            insecure_skip_tls_verify:
+              description: Skip verification of the chart repo certificate
+              type: boolean
+            name:
+              description: Optional associated human readable repository name, it
+                can be used by UI for displaying purposes
+              type: string
+              minLength: 1
+            password:
+              description: Password is an optional reference to a secret by name that
+                contains the password used for authenticating access to the chart
+                repository The key "password" is used to locate the data. The namespace
+                for this secret is openshift-config.
+              type: object
+              required:
+              - name
+              properties:
+                name:
+                  description: name is the metadata.name of the referenced secret
+                  type: string
+            tlsClientCert:
+              description: tlsClientCert is an optional reference to a secret by name
+                that contains the PEM-encoded TLS client certificate to present when
+                connecting to the server. The key "client.crt" is used to locate the
+                data. The namespace for this secret is openshift-config.
+              type: object
+              required:
+              - name
+              properties:
+                name:
+                  description: name is the metadata.name of the referenced secret
+                  type: string
+            tlsClientKey:
+              description: tlsClientKey is an optional reference to a secret by name
+                that contains the PEM-encoded TLS private key for the client certificate
+                referenced in tlsClientCert. The key "client.key" is used to locate
+                the data. The namespace for this secret is openshift-config.
+              type: object
+              required:
+              - name
+              properties:
+                name:
+                  description: name is the metadata.name of the referenced secret
+                  type: string
+            url:
+              description: Chart repository URL
+              type: string
+              pattern: ^https?:\/\/
+            username:
+              description: Optional Username used for authenticating access to the
+                chart repository
+              type: string
+        status:
+          description: status holds observed values from the cluster. They may not
+            be overridden.
+          type: object
+          properties:
+            conditions:
+              description: conditions is a list of conditions and their status
+              type: array
+              items:
+                description: HelmChartRepositoryCondition is just the standard condition
+                  fields.
+                type: object
+                properties:
+                  lastTransitionTime:
+                    type: string
+                    format: date-time
+                  message:
+                    type: string
+                  reason:
+                    type: string
+                  status:
+                    type: string
+                  type:
+                    type: string

helm/v1alpha1/doc.go

@@ -0,0 +1,8 @@
+// +k8s:deepcopy-gen=package,register
+// +k8s:defaulter-gen=TypeMeta
+// +k8s:openapi-gen=true
+
+// +kubebuilder:validation:Optional
+// +groupName=helm.openshift.io
+// Package v1 is the v1 version of the API.
+package v1alpha1

helm/v1alpha1/register.go

@@ -0,0 +1,38 @@
+package v1alpha1
+
+import (
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/runtime"
+	"k8s.io/apimachinery/pkg/runtime/schema"
+)
+
+var (
+	GroupName     = "helm.openshift.io"
+	GroupVersion  = schema.GroupVersion{Group: GroupName, Version: "v1alpha"}
+	schemeBuilder = runtime.NewSchemeBuilder(addKnownTypes)
+	// Install is a function which adds this version to a scheme
+	Install = schemeBuilder.AddToScheme
+
+	// SchemeGroupVersion generated code relies on this name
+	// Deprecated
+	SchemeGroupVersion = GroupVersion
+	// AddToScheme exists solely to keep the old generators creating valid code
+	// DEPRECATED
+	AddToScheme = schemeBuilder.AddToScheme
+)
+
+// Resource generated code relies on this being here, but it logically belongs to the group
+// DEPRECATED
+func Resource(resource string) schema.GroupResource {
+	return schema.GroupResource{Group: GroupName, Resource: resource}
+}
+
+// Adds the list of known types to api.Scheme.
+func addKnownTypes(scheme *runtime.Scheme) error {
+	scheme.AddKnownTypes(GroupVersion,
+		&HelmChartRepository{},
+		&HelmChartRepositoryList{},
+	)
+	metav1.AddToGroupVersion(scheme, GroupVersion)
+	return nil
+}

helm/v1alpha1/types_helm.go

@@ -0,0 +1,108 @@
+package v1alpha1
+
+import (
+	configv1 "github.com/openshift/api/config/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+// +genclient
+// +genclient:nonNamespaced
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+// +kubebuilder:plural=helmchartrepositories
+
+// HelmChartRepository holds cluster-wide configuration for proxied Helm chart repository
+type HelmChartRepository struct {
+	metav1.TypeMeta   `json:",inline"`
+	metav1.ObjectMeta `json:"metadata,omitempty"`
+
+	// spec holds user settable values for configuration
+	// +kubebuilder:validation:Required
+	// +required
+	Spec HelmChartRepositorySpec `json:"spec"`
+
+	// status holds observed values from the cluster. They may not be overridden.
+	// +optional
+	Status HelmChartRepositoryStatus `json:"status"`
+}
+
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+
+type HelmChartRepositoryList struct {
+	metav1.TypeMeta `json:",inline"`
+	metav1.ListMeta `json:"metadata"`
+
+	Items []HelmChartRepository `json:"items"`
+}
+
+// Helm chart repository exposed within the cluster
+type HelmChartRepositorySpec struct {
+
+	// Chart repository URL
+	// +kubebuilder:validation:Pattern=`^https?:\/\/`
+	URL string `json:"url"`
+
+	// Optional associated human readable repository name, it can be used by UI for displaying purposes
+	// +kubebuilder:validation:MinLength=1
+	// +optional
+	DisplayName string `json:"name,omitempty"`
+
+	// Optional human readable repository description, it can be used by UI for displaying purposes
+	// +kubebuilder:validation:MinLength=1
+	// +optional
+	Description string `json:"description,omitempty"`
+
+	// ca is an optional reference to a config map by name containing the PEM-encoded CA bundle.
+	// It is used as a trust anchor to validate the TLS certificate presented by the remote server.
+	// The key "ca.crt" is used to locate the data.
+	// If empty, the default system roots are used.
+	// The namespace for this config map is openshift-config.
+	// +optional
+	CA *configv1.ConfigMapNameReference `json:"ca,omitempty"`
+
+	// tlsClientCert is an optional reference to a secret by name that contains the
+	// PEM-encoded TLS client certificate to present when connecting to the server.
+	// The key "client.crt" is used to locate the data.
+	// The namespace for this secret is openshift-config.
+	// +optional
+	TLSClientCert *configv1.SecretNameReference `json:"tlsClientCert,omitempty"`
+
+	// tlsClientKey is an optional reference to a secret by name that contains the
+	// PEM-encoded TLS private key for the client certificate referenced in tlsClientCert.
+	// The key "client.key" is used to locate the data.
+	// The namespace for this secret is openshift-config.
+	// +optional
+	TLSClientKey *configv1.SecretNameReference `json:"tlsClientKey,omitempty"`
+
+	// Skip verification of the chart repo certificate
+	// +optional
+	InsecureSkipTLSVerify bool `json:"insecure_skip_tls_verify,omitempty"`
+
+	// Optional Username used for authenticating access to the chart repository
+	// +optional
+	Username *string `json:"username,omitempty"`
+
+	// Password is an optional reference to a secret by name that contains
+	// the password used for authenticating access to the chart repository
+	// The key "password" is used to locate the data.
+	// The namespace for this secret is openshift-config.
+	// +optional
+	Password *configv1.SecretNameReference `json:"password,omitempty"`
+}
+
+type HelmChartRepositoryStatus struct {
+
+	// conditions is a list of conditions and their status
+	// +optional
+	Conditions []HelmChartRepositoryCondition `json:"conditions,omitempty"`
+}
+
+// HelmChartRepositoryCondition is just the standard condition fields.
+type HelmChartRepositoryCondition struct {
+	Type               string          `json:"type"`
+	Status             ConditionStatus `json:"status"`
+	LastTransitionTime metav1.Time     `json:"lastTransitionTime,omitempty"`
+	Reason             string          `json:"reason,omitempty"`
+	Message            string          `json:"message,omitempty"`
+}
+
+type ConditionStatus string