New HelmOps Controller #2962
Description
Users want to use Fleet to deploy Helm charts directly. That way they can use Fleet as a multi-cluster deployer.
Fleet is already able to deploy to all clusters registered to Rancher.
However, currently Fleet is only able to deploy from Git or “Bundle”. To deploy from Git the configuration has to be entered in both Rancher (where is the Git repository) and in Git (what to deploy and how to configure it).
To deploy from “Bundle”, helm charts have to be converted with the Fleet CLI tool first. This is possible for internal usage, but didn’t become popular in the wider community.
Description
We create a new resource, e.g. “Fleet CRD”, which contains most of the fields from fleet.yaml and some from GitRepo CRD.
When the new CRD changes, we install/update the chart. This makes use of the existing pull based mechanism, without storing the chart in k8s resources. The agent will download the chart directly from the container registry.
Fields from GitRepo
- helmSecretName
- caBundle
- insecureSkipTLSVerify
- serviceAccount
- targets
- correctDrift
UI
Since all fields are configurable in the CRD, this allows for a rich UI. In the GitOps UI, only the Git repository server and a few fields can be configured. The Fleet CRD allows full control over the installation through all fields that were previously only available in the fleet.yaml.
For example:
- namespace
- defaultNamespace
- namespaceLabels
- namespaceAnnotations
- labels
- kustomize
- helm options
- paused
- rolloutStrategy
- targetCustomizations
- dependsOn
- ignore
Future Ideas
Not part of the first iteration:
- The helm chart could be checked regularly at a configured polling interval, like we do for GitOps. This makes sense if the version tag is “latest”, for example.
- Support conversion from manifest-style sources to Helm charts.
Implementation
Create the FleetCRD and a new reconciler which will create a bundle similar to how OCI storage works. The fleet-agent needs to pull and deploy that bundle type without the helm conversion.