Chartmuseum/oracle (helm#11624)

* Adding Oracle OCI Object Storage

Signed-off-by: Brandon Bell <[email protected]>

* Bumping version

Signed-off-by: Brandon Bell <[email protected]>

* Readme fixes

Signed-off-by: Brandon Bell <[email protected]>

* Remove trailing whitespace

Signed-off-by: Brandon Bell <[email protected]>

stable/chartmuseum/Chart.yaml

@@ -1,7 +1,7 @@
 apiVersion: v1
 description: Host your own Helm Chart Repository
 name: chartmuseum
-version: 1.9.1
+version: 1.9.2
 appVersion: 0.8.1
 home: https://github.com/helm/chartmuseum
 icon: https://raw.githubusercontent.com/helm/chartmuseum/master/logo2.png

stable/chartmuseum/README.md

@@ -22,6 +22,7 @@ Please also see https://github.com/kubernetes-helm/chartmuseum
   - [Using with Microsoft Azure Blob Storage](#using-with-microsoft-azure-blob-storage)
   - [Using with Alibaba Cloud OSS Storage](#using-with-alibaba-cloud-oss-storage)
   - [Using with Openstack Object Storage](#using-with-openstack-object-storage)
+  - [Using with Oracle Object Storage](#using-with-oracle-object-storage)
   - [Using an existing secret](#using-an-existing-secret)
   - [Using with local filesystem storage](#using-with-local-filesystem-storage)
     - [Example storage class](#example-storage-class)
@@ -103,6 +104,9 @@ their default values. See values.yaml for all available options.
 | `env.open.STORAGE_OPENSTACK_PREFIX`    | Prefix to store charts for openstack        | ``                                                  |
 | `env.open.STORAGE_OPENSTACK_REGION`    | Region of openstack container               | ``                                                  |
 | `env.open.STORAGE_OPENSTACK_CACERT`    | Path to a CA cert bundle for openstack      | ``                                                  |
+| `env.open.STORAGE_ORACLE_COMPARTMENTID`| Compartment ID for Oracle Object Store      | ``                                                  |
+| `env.open.STORAGE_ORACLE_BUCKET`       | Bucket to store charts in Oracle Object Store  | ``                                                  |
+| `env.open.STORAGE_ORACLE_PREFIX`       | Prefix to store charts for Oracle object Store | ``                                                  |
 | `env.open.CHART_POST_FORM_FIELD_NAME`  | Form field to query for chart file content  | ``                                                  |
 | `env.open.PROV_POST_FORM_FIELD_NAME`   | Form field to query for chart provenance    | ``                                                  |
 | `env.open.DEPTH`                       | levels of nested repos for multitenancy.    | `0`                                                 |
@@ -129,6 +133,10 @@ their default values. See values.yaml for all available options.
 | `gcp.secret.enabled`                   | Flag for the GCP service account            | `false`                                             |
 | `gcp.secret.name`                      | Secret name for the GCP json file           | ``                                                  |
 | `gcp.secret.key`                       | Secret key for te GCP json file             | `credentials.json`                                  |
+| `oracle.secret.enabled`                | Flag for Oracle OCI account                 | `false`                                             |
+| `oracle.secret.name`                   | Secret name for OCI config and key          | ``                                                  |
+| `oracle.secret.config`                 | Secret key that holds the OCI config        | `config`                                            |
+| `oracle.secret.key_file`               | Secret key that holds the OCI private key   | `key_file`                                          |
 | `service.type`                         | Kubernetes Service type                     | `ClusterIP`                                          |
 | `service.clusterIP`                    | Static clusterIP or None for headless services| `nil`                                              |
 | `service.externalTrafficPolicy`        | Source IP preservation (only for Service type NodePort)  | `Local`                                         |
@@ -412,6 +420,44 @@ env:
 
 Run command to install
 
+```shell
+helm install --name my-chartmuseum -f custom.yaml stable/chartmuseum
+```
+### Using with Oracle Object Storage
+
+Oracle (OCI) configuration and private key need to be added to a secret and are mounted at /home/chartmuseum/.oci. Your OCI config needs to be under [DEFAULT] and your `key_file` needs to be /home/chartmuseum/.oci/oci.key.  See https://docs.cloud.oracle.com/iaas/Content/API/Concepts/sdkconfig.htm
+
+```shell
+kubectl create secret generic chartmuseum-secret --from-file=config=".oci/config" --from-file=key_file=".oci/oci.key"
+```
+
+Then you can either use a `VALUES` yaml with your values or set those values in the command line:
+
+```shell
+helm install stable/chartmuseum --debug  --set env.open.STORAGE=oracle,env.open.STORAGE_ORACLE_COMPARTMENTID=ocid1.compartment.oc1..abc123,env.open.STORAGE_ORACLE_BUCKET=myocibucket,env.open.STORAGE_ORACLE_PREFIX=chartmuseum,oracle.secret.enabled=true,oracle.secret.name=chartmuseum-secret
+```
+
+If you prefer to use a yaml file:
+
+```yaml
+env:
+  open:
+    STORAGE: oracle
+    STORAGE_ORACLE_COMPARTMENTID: ocid1.compartment.oc1..abc123
+    STORAGE_ORACLE_BUCKET:        myocibucket
+    STORAGE_ORACLE_PREFIX:        chartmuseum
+
+oracle:
+  secret:
+    enabled: enabled
+    name: chartmuseum-secret
+    config: config
+    key_file: key_file
+
+```
+
+Run command to install
+
 ```shell
 helm install --name my-chartmuseum -f custom.yaml stable/chartmuseum
 ```

stable/chartmuseum/templates/deployment.yaml

@@ -104,6 +104,11 @@ spec:
         volumeMounts:
         - mountPath: /etc/secrets/google
           name: {{ include "chartmuseum.fullname" . }}-gcp
+{{- end }}
+{{- if  .Values.oracle.secret.enabled }}
+        volumeMounts:
+        - mountPath: /home/chartmuseum/.oci
+          name: {{ include "chartmuseum.fullname" . }}-oracle
 {{- end }}
       {{- with .Values.resources }}
         resources:
@@ -153,3 +158,13 @@ spec:
             path: credentials.json
       {{ end }}
       {{ end }}
+      {{ if .Values.oracle.secret.enabled }}
+      - name: {{ include "chartmuseum.fullname" . }}-oracle
+        secret:
+          secretName: {{ .Values.oracle.secret.name }}
+          items:
+          - key: {{ .Values.oracle.secret.config }}
+            path: config
+          - key: {{ .Values.oracle.secret.key_file }}
+            path: oci.key
+      {{ end }}

stable/chartmuseum/values.yaml

@@ -9,7 +9,7 @@ image:
   pullPolicy: IfNotPresent
 env:
   open:
-    # storage backend, can be one of: local, alibaba, amazon, google, microsoft
+    # storage backend, can be one of: local, alibaba, amazon, google, microsoft, oracle
     STORAGE: local
     # oss bucket to store charts for alibaba storage backend
     STORAGE_ALIBABA_BUCKET:
@@ -46,6 +46,12 @@ env:
     STORAGE_OPENSTACK_REGION:
     # path to a CA cert bundle for your openstack endpoint
     STORAGE_OPENSTACK_CACERT:
+    # compartment id for for oracle storage backend
+    STORAGE_ORACLE_COMPARTMENTID:
+    # oci bucket to store charts for oracle storage backend
+    STORAGE_ORACLE_BUCKET:
+    # prefix to store charts for oracle storage backend
+    STORAGE_ORACLE_PREFIX:
     # form field which will be queried for the chart file content
     CHART_POST_FORM_FIELD_NAME: chart
     # form field which will be queried for the provenance file content
@@ -233,3 +239,12 @@ gcp:
     name:
     # Secret key that holds the json value.
     key: credentials.json
+oracle:
+  secret:
+    enabled: false
+    # Name of the secret that contains the encoded config and key
+    name:
+    # Secret key that holds the oci config
+    config: config
+    # Secret key that holds the oci private key
+    key_file: key_file