add documentation on how to publish helm charts to registry.k8s.io #7915
Conversation
|
|
k8s-ci-robot
added
cncf-cla: no
k8s-ci-robot
added
the
size/S
kannon92
force-pushed
the
write-doc-helm
branch
from
6c1f6a0 to
d8b0ffd
Compare
k8s-ci-robot
added
cncf-cla: yes
|
/assign @BenTheElder @aojea |
|
🙏🏾 @kannon92 |
registry.k8s.io/README.md
Outdated
| 3. On release tags, one can promote the chart and images to registry.k8s.io by obtaining the sha | ||
| for the tagged helm chart and the tagged image. | ||
| 4. Open a PR into your images directory (registry.k8s.io/images/k8s-staging-SUBPROJECT/images.yaml) | ||
| 5. Add chart and image sha to the respective sections. |
There was a problem hiding this comment.
Maybe another yaml file for helm chart? Right now, there's no field in images.yaml to distinguish between them.
There was a problem hiding this comment.
There was a problem hiding this comment.
To the image promoter there is no meaningful difference. They appear as OCI images artifacts.
There was a problem hiding this comment.
For humans, these need to be reviewed regardless, the PR adding them should clearly specify where the build came from in the opening body.
kannon92
force-pushed
the
write-doc-helm
branch
from
d8b0ffd to
c01e52a
Compare
registry.k8s.io/README.md
Outdated
| which should be linked. | ||
| 4. Open a PR into your images directory (registry.k8s.io/images/k8s-staging-SUBPROJECT/images.yaml) | ||
| 5. Add chart and image sha to the respective sections. | ||
| 6. Once PR is merged, confirm both images and helm charts exist by `helm install subproject oci://registry.k8s.io/subproject/charts/subproject --version=$VERSION` |
There was a problem hiding this comment.
If there any way to trigger the helm-chart-push manually? I think the helm chart (in lws) generated with the tag release is not working as expected, I need to build a new helm chart.
There was a problem hiding this comment.
I don't think there is a way to trigger postsubmits manually. Am I correct in that @BenTheElder?
|
/cc @kubernetes/sig-k8s-infra-leads |
|
@BenTheElder: GitHub didn't allow me to request PR reviews from the following users: kubernetes/sig-k8s-infra-leads. Note that only kubernetes members and repo collaborators can review this PR, and authors cannot review their own PRs. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
|
/lgtm |
k8s-ci-robot
added
the
lgtm
registry.k8s.io/README.md
Outdated
| 3. On release tags, one can promote the chart and images to registry.k8s.io by obtaining the sha | ||
| for the tagged helm chart and the tagged image from the build logs, | ||
| which should be linked. |
There was a problem hiding this comment.
This is kind of unclear to me, here's some suggestions how to improve it:
| 3. On release tags, one can promote the chart and images to registry.k8s.io by obtaining the sha | |
| for the tagged helm chart and the tagged image from the build logs, | |
| which should be linked. | |
| 3. Once the release has been created and the release job has been successful, obtain the SHA for the container images and the Helm charts from the build logs. This will be used later to promote these assets to `registry.k8s.io` |
Aside from that, I think we should direct users towards kpromo rather than manually fiddling with manifests (cc @kubernetes/sig-k8s-infra-leads). We should also check if kpromo is supporting promoting Helm charts.
There was a problem hiding this comment.
I don't know what kpromo is. This seems unrelated to this PR and we are fiddling with manifests for images as is right now?
There was a problem hiding this comment.
Aside from that, I think we should direct users towards kpromo rather than manually fiddling with manifests (cc @kubernetes/sig-k8s-infra-leads). We should also check if kpromo is supporting promoting Helm charts.
I'm really doubtful of this, I would actually very much prefer to see people link to a build log and cite the digest from the log that two humans can verify. (author, approver/lgtm), the actual yaml format being updated is quite simple and I'm not worried about human errors (also we can lint etc).
I don't think bringing in a tool is justified when simply adding a digest : tag mapping, and I worry about people trusting tooling output without actually vetting that the image came from a trusted build (or openly acknowledging a manual push)
There was a problem hiding this comment.
Either way, I don't think we should block this PR on it.
registry.k8s.io/README.md
Outdated
| for the tagged helm chart and the tagged image from the build logs, | ||
| which should be linked. | ||
| 4. Open a PR into your images directory (registry.k8s.io/images/k8s-staging-SUBPROJECT/images.yaml) | ||
| 5. Add chart and image sha to the respective sections. |
There was a problem hiding this comment.
| 5. Add chart and image sha to the respective sections. | |
| 5. Create a PR and make sure that it gets merged for the image promoter process to kick off |
k8s-ci-robot
removed
the
lgtm
k8s-ci-robot
added
do-not-merge/hold
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: BenTheElder, kannon92, xmudrii The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
Can we release the hold? |
|
/hold cancel |
k8s-ci-robot
removed
the
do-not-merge/hold
|
thank you! |
Add a section on how to host helm charts for your subprojects on registry.k8s.io.
Fixes #7906