gardener · robertgraeff · Jul 19, 2024 · Jul 19, 2024
@@ -0,0 +1,60 @@
+---
+title: Chart from a Protected Helm Repository
+sidebar_position: 2
+---
+
+# Chart from a Protected Helm Repository
+
+In this example we explain how to deploy a chart from a protected Helm Repository.
+The template for the deploy item references a Helm chart resource of the component descriptor:
+
+```yaml
+deployItems:
+  - name: item
+    config:
+      chart:
+        resourceRef: {{ getResourceKey `cd://resources/chart` }}
+```
+
+The resource in the component descriptor specifies the helm repository and chart:
+
+```yaml
+resources:
+  - name: chart
+    type: helmChart
+    version: 1.0.0
+    access:
+      type: helm
+      helmChart: ${helmChart}            # for example mariadb:12.2.7 
+      helmRepository: ${helmRepository}  # for example https://charts.bitnami.com/bitnami
+```
+
+The format of this access type is defined in the [OCM Input and Access Types](https://ocm.software/docs/tutorials/input-and-access-types/#helm-1). 
+
+
+We assume that the Helm repository is protected. The credentials to read the chart are provided in the 
+[Context](installation/context.yaml.tpl) resource:
+
+```yaml
+configurations:
+  helmChartRepoCredentials:
+    auths:
+      - url: <common prefix of the url of the index.yaml and chart>
+        authHeader: <auth header>
+```
+
+Note that the auth header is used both: reading the index.yaml of the Helm repository, and reading the chart whose URL is 
+in an entry of the index.yaml.
+The URL prefix `configurations.helmChartRepoCredentials.auths[].url` must be chosen in such a way that both URLs
+start with this prefix.
+Alternatively, you can maintain two entries in the Context:
+
+```yaml
+configurations:
+  helmChartRepoCredentials:
+    auths:
+      - url: <prefix of the url of the index.yaml>
+        authHeader: <auth header>
+      - url:  <prefix of the url of the chart>
+        authHeader: <auth header>
+```
@@ -0,0 +1,13 @@
+apiVersion: landscaper.gardener.cloud/v1alpha1
+kind: Blueprint
+jsonSchema: "https://json-schema.org/draft/2019-09/schema"
+
+imports:
+  - name: cluster
+    type: target
+    targetType: landscaper.gardener.cloud/kubernetes-cluster
+
+deployExecutions:
+  - name: default
+    type: GoTemplate
+    file: /deploy-execution.yaml
@@ -0,0 +1,16 @@
+deployItems:
+  - name: item
+    type: landscaper.gardener.cloud/helm
+
+    target:
+      import: cluster
+
+    config:
+      apiVersion: helm.deployer.landscaper.gardener.cloud/v1alpha1
+      kind: ProviderConfiguration
+      name: test
+      namespace: example
+      createNamespace: true
+      chart:
+        resourceRef: {{ getResourceKey `cd://resources/chart` }}
+      values: {}
@@ -0,0 +1,20 @@
+components:
+  - name: github.com/gardener/landscaper-examples/guided-tour/protected-helm-repo
+    version: 1.0.0
+    provider:
+      name: internal
+    resources:
+      - name: blueprint
+        type: landscaper.gardener.cloud/blueprint
+        input:
+          type: dir
+          path: ../blueprint
+          compress: true
+          mediaType: application/vnd.gardener.landscaper.blueprint.v1+tar+gzip
+      - name: chart
+        type: helmChart
+        version: 1.0.0
+        access:
+          type: helm
+          helmChart: ${helmChart}
+          helmRepository: ${helmRepository}
@@ -0,0 +1,41 @@
+#!/bin/bash
+#
+# SPDX-FileCopyrightText: 2024 SAP SE or an SAP affiliate company and Gardener contributors
+#
+# SPDX-License-Identifier: Apache-2.0
+
+set -o errexit
+set -x
+
+component_dir="$(dirname $0)/.."
+cd "${component_dir}"
+component_dir="$(pwd)"
+echo "component directory: ${component_dir}"
+
+source "${component_dir}/commands/settings"
+
+echo "templating component contructor"
+cc_input_file="${component_dir}/commands/component-constructor.yaml.tpl"
+cc_output_file="${component_dir}/commands/component-constructor.yaml"
+export helmRepository="${HELM_REPOSITORY}"
+export helmChart="${HELM_CHART}"
+envsubst < ${cc_input_file} > ${cc_output_file}
+
+ctf_dir=$(mktemp -d)
+echo "temporary ctf directory: ${ctf_dir}"
+
+# This commands adds the components to a ctf (common transport archive), which is a file system representation of an
+# oci registry
+# --create specifies that the ctf file/directory should be created if it does not exist yet
+# --file specifies the target ctf file/directory where the components should be added
+echo "add components"
+ocm add components --create --file "${ctf_dir}" ${cc_output_file}
+
+# This command transfers the components contained in the specified ctf to another component repository
+# (here, an oci registry)
+# --enforce specifies that already existing components in the target should always be overwritten with the ones
+# from your source
+ocm transfer ctf --overwrite "${ctf_dir}" "${REPO_BASE_URL}"
+
+## Download
+# ocm download component eu.gcr.io/gardener-project/landscaper/examples//github.com/gardener/landscaper-examples/guided-tour/helm-chart:1.0.0 -O ./archive-helm-chart
@@ -0,0 +1,17 @@
+#!/bin/bash
+#
+# SPDX-FileCopyrightText: 2024 SAP SE or an SAP affiliate company and Gardener contributors
+#
+# SPDX-License-Identifier: Apache-2.0
+
+set -o errexit
+
+COMPONENT_DIR="$(dirname $0)/.."
+cd "${COMPONENT_DIR}"
+COMPONENT_DIR="$(pwd)"
+echo "COMPONENT_DIR: ${COMPONENT_DIR}"
+
+source "${COMPONENT_DIR}/commands/settings"
+
+echo "deleting installation"
+kubectl delete installation protected-helm-repo -n "${NAMESPACE}"
@@ -0,0 +1,20 @@
+#!/bin/bash
+#
+# SPDX-FileCopyrightText: 2024 SAP SE or an SAP affiliate company and Gardener contributors
+#
+# SPDX-License-Identifier: Apache-2.0
+
+set -o errexit
+
+COMPONENT_DIR="$(dirname $0)/.."
+cd "${COMPONENT_DIR}"
+COMPONENT_DIR="$(pwd)"
+echo "COMPONENT_DIR: ${COMPONENT_DIR}"
+
+source "${COMPONENT_DIR}/commands/settings"
+
+echo "deleting context"
+kubectl delete context landscaper-examples-protected-helm-repo -n "${NAMESPACE}"
+
+echo "deleting target"
+kubectl delete target my-cluster -n "${NAMESPACE}"
@@ -0,0 +1,43 @@
+#!/bin/bash
+#
+# SPDX-FileCopyrightText: 2024 SAP SE or an SAP affiliate company and Gardener contributors
+#
+# SPDX-License-Identifier: Apache-2.0
+
+set -o errexit
+
+COMPONENT_DIR="$(dirname $0)/.."
+cd "${COMPONENT_DIR}"
+COMPONENT_DIR="$(pwd)"
+echo "COMPONENT_DIR: ${COMPONENT_DIR}"
+
+source "${COMPONENT_DIR}/commands/settings"
+
+TMP_DIR=`mktemp -d`
+echo "TMP_DIR: ${TMP_DIR}"
+
+echo "creating context"
+outputFile="${TMP_DIR}/context.yaml"
+export namespace="${NAMESPACE}"
+export repoBaseUrl="${REPO_BASE_URL}"
+export helmUrlPrefix="${HELM_URL_PREFIX}"
+export helmAuthHeader=`sed 's/^[ \t]*//;s/[ \t]*$//' $HELM_AUTH_HEADER_FILE_PATH`
+inputFile="${COMPONENT_DIR}/installation/context.yaml.tpl"
+envsubst < ${inputFile} > ${outputFile}
+kubectl apply -f ${outputFile}
+
+echo "creating target"
+echo "target cluster kubeconfig: $TARGET_CLUSTER_KUBECONFIG_PATH"
+outputFile="${TMP_DIR}/target.yaml"
+export namespace="${NAMESPACE}"
+export kubeconfig=`sed 's/^/      /' $TARGET_CLUSTER_KUBECONFIG_PATH`
+inputFile="${COMPONENT_DIR}/installation/target.yaml.tpl"
+envsubst < ${inputFile} > ${outputFile}
+kubectl apply -f ${outputFile}
+
+echo "creating installation"
+outputFile="${TMP_DIR}/installation.yaml"
+export namespace="${NAMESPACE}"
+inputFile="${COMPONENT_DIR}/installation/installation.yaml.tpl"
+envsubst < ${inputFile} > ${outputFile}
+kubectl apply -f ${outputFile}
@@ -0,0 +1,20 @@
+# base url of the component repository
+REPO_BASE_URL="eu.gcr.io/gardener-project/landscaper/examples"
+
+# path to the kubeconfig of the target cluster used in the target of the resource cluster
+TARGET_CLUSTER_KUBECONFIG_PATH="/Users/${USER}/tmp/kubes/kubeconfig.yaml"
+
+# namespace for resources in the resource cluster
+NAMESPACE="cu-example"
+
+# helm repository url, for example "https://charts.bitnami.com/bitnami"
+HELM_REPOSITORY=......
+
+# helm chart in the format <chart name>:<chart version>, for example "mariadb:12.2.7"
+HELM_CHART=......
+
+# common prefix for the url of the index.yaml and chart
+HELM_URL_PREFIX=......
+
+# path to a file which contains the auth header to access index.yaml and chart
+HELM_AUTH_HEADER_FILE_PATH="/Users/${USER}/tmp/helmrepos/auth-header"
@@ -0,0 +1,15 @@
+apiVersion: landscaper.gardener.cloud/v1alpha1
+kind: Context
+metadata:
+  name: landscaper-examples-protected-helm-repo
+  namespace: ${namespace}
+
+repositoryContext:
+  baseUrl: ${repoBaseUrl}
+  type: ociRegistry
+
+configurations:
+  helmChartRepoCredentials:
+    auths:
+      - url: ${helmUrlPrefix}
+        authHeader: ${helmAuthHeader}
@@ -0,0 +1,24 @@
+apiVersion: landscaper.gardener.cloud/v1alpha1
+kind: Installation
+metadata:
+  name: protected-helm-repo
+  namespace: ${namespace}
+  annotations:
+    landscaper.gardener.cloud/operation: reconcile
+
+spec:
+  context: landscaper-examples-protected-helm-repo
+
+  componentDescriptor:
+    ref:
+      componentName: github.com/gardener/landscaper-examples/guided-tour/protected-helm-repo
+      version: 1.0.0
+
+  blueprint:
+    ref:
+      resourceName: blueprint
+
+  imports:
+    targets:
+      - name: cluster
+        target: my-cluster
@@ -0,0 +1,10 @@
+apiVersion: landscaper.gardener.cloud/v1alpha1
+kind: Target
+metadata:
+  name: my-cluster
+  namespace: ${namespace}
+spec:
+  type: landscaper.gardener.cloud/kubernetes-cluster
+  config:
+    kubeconfig: |
+${kubeconfig}