From 1887dabb8a3e2a28b06b1ffb5d12025ad75b5f7d Mon Sep 17 00:00:00 2001 From: Nikita Korolev Date: Fri, 5 Jun 2026 15:59:00 +0300 Subject: [PATCH 1/2] chore(dvcr): remove unsupported s3 feature Signed-off-by: Nikita Korolev --- openapi/config-values.yaml | 59 ------------------------------- openapi/doc-ru-config-values.yaml | 26 -------------- templates/dvcr/_helpers.tpl | 41 --------------------- templates/dvcr/deployment.yaml | 2 +- templates/dvcr/secret.yaml | 17 --------- 5 files changed, 1 insertion(+), 144 deletions(-) diff --git a/openapi/config-values.yaml b/openapi/config-values.yaml index e46d2362fc..5d3afcd436 100644 --- a/openapi/config-values.yaml +++ b/openapi/config-values.yaml @@ -99,10 +99,8 @@ properties: description: | The storage usage type: - `persistentVolumeClaim` — Use PersistentVolumeClaim as store for dvcr. - - `objectStorage` — Use objectStorage as store for dvcr. enum: - "PersistentVolumeClaim" - - "ObjectStorage" persistentVolumeClaim: type: object description: | @@ -119,68 +117,11 @@ properties: x-examples: ["10Gi"] description: | Persistentvolumeclaim size - objectStorage: - type: object - description: | - Parameters for objectStorage. - properties: - type: - type: string - description: | - What ObjectStorage to use as store for dvcr. - enum: - - "S3" - s3: - type: object - description: | - Parameters for S3. - required: [accessKey, secretKey, region, regionEndpoint, bucket] - properties: - accessKey: - type: string - x-examples: ["YWNjZXNzS2V5Cg=="] - description: | - accessKey must be base64 encoded. - accessKey is a unique identifier that identifies you as a user with access to S3. - pattern: "^[A-Za-z0-9+/]*={0,2}$" - secretKey: - type: string - x-examples: ["c2VjcmV0S2V5Cg=="] - description: | - secretKey must be base64 encoded. - secretKey is a confidential secret key associated with your Access Key ID. - Secret Access Key is used to sign HTTP requests to Amazon S3 to verify the authenticity of the request and ensure the security of your data. - pattern: "^[A-Za-z0-9+/]*={0,2}$" - region: - type: string - x-examples: ["us-east-2", "us-west-1"] - description: | - Geographical area. - regionEndpoint: - type: string - x-examples: ["s3.example.com"] - description: | - Endpoint for connect to service S3. - pattern: '^https?://[0-9a-zA-Z\.\-:@_]+$' - bucket: - type: string - x-examples: ["dvcr"] - description: | - Bucket in which you can store your files and data objects. - oneOf: - - required: ["s3"] - properties: - type: - enum: ["S3"] oneOf: - required: ["persistentVolumeClaim"] properties: type: enum: ["PersistentVolumeClaim"] - - required: ["objectStorage"] - properties: - type: - enum: ["ObjectStorage"] gc: description: | Parameters for garbage collection. diff --git a/openapi/doc-ru-config-values.yaml b/openapi/doc-ru-config-values.yaml index 5aaf65aae6..8579d3e3ee 100644 --- a/openapi/doc-ru-config-values.yaml +++ b/openapi/doc-ru-config-values.yaml @@ -57,7 +57,6 @@ properties: description: | Тип используемого хранилища. - `persistentVolumeClaim` — Использование pvc - - `objectStorage` — Использование objectStorage persistentVolumeClaim: description: | Параметры для настройки PersistentVolumeClaim. @@ -68,31 +67,6 @@ properties: size: description: | Размер pvc. - objectStorage: - description: | - Параметры для настройки объектного хранилища. - properties: - s3: - description: | - Параметры для использования s3. - properties: - accessKey: - description: | - accessKey должен быть закодирован в base64. - accessKey — это уникальный идентификатор, который идентифицирует вас как пользователя, имеющего доступ к S3. - secretKey: - description: | - secretKey должен быть закодирован в base64. - secretKey — это конфиденциальный секретный ключ, связанный с вашим идентификатором ключа доступа. - region: - description: | - Географическая зона. - regionEndpoint: - description: | - Конечная точка для подключения к сервису S3. - bucket: - description: | - Контейнер, в котором вы можете хранить свои файлы и объекты данных. gc: description: Настройки очистки хранилища properties: diff --git a/templates/dvcr/_helpers.tpl b/templates/dvcr/_helpers.tpl index 2e3c3300a9..490274a8a8 100644 --- a/templates/dvcr/_helpers.tpl +++ b/templates/dvcr/_helpers.tpl @@ -30,25 +30,6 @@ true {{- if eq (.Values.virtualization.internal.moduleConfig | dig "dvcr" "storage" "type" "") "PersistentVolumeClaim" }} - name: REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY value: "/var/lib/registry" -{{- else if eq (.Values.virtualization.internal.moduleConfig | dig "dvcr" "storage" "type" "") "ObjectStorage" }} - {{- if eq .Values.virtualization.internal.moduleConfig.dvcr.storage.objectStorage.type "S3" }} -- name: REGISTRY_STORAGE_S3_REGION - value: "{{ .Values.virtualization.internal.moduleConfig.dvcr.storage.objectStorage.s3.region }}" -- name: REGISTRY_STORAGE_S3_BUCKET - value: "{{ .Values.virtualization.internal.moduleConfig.dvcr.storage.objectStorage.s3.bucket }}" -- name: REGISTRY_STORAGE_S3_ACCESSKEY - valueFrom: - secretKeyRef: - name: dvcr-object-storage-credentials - key: s3AccessKey -- name: REGISTRY_STORAGE_S3_SECRETKEY - valueFrom: - secretKeyRef: - name: dvcr-object-storage-credentials - key: s3SecretKey -- name: REGISTRY_STORAGE_S3_REGIONENDPOINT - value: "{{ .Values.virtualization.internal.moduleConfig.dvcr.storage.objectStorage.s3.regionEndpoint }}" - {{- end }} {{- end }} {{- end }} @@ -118,17 +99,6 @@ true replicas: 1 strategy: type: Recreate -{{- else if and (include "helm_lib_ha_enabled" .) (eq (.Values.virtualization.internal.moduleConfig | dig "dvcr" "storage" "type" "") "ObjectStorage") }} -replicas: 2 -strategy: - type: RollingUpdate - rollingUpdate: - maxSurge: 0 - maxUnavailable: 1 -{{- else if eq (.Values.virtualization.internal.moduleConfig | dig "dvcr" "storage" "type" "") "ObjectStorage" }} -replicas: 1 -strategy: - type: RollingUpdate {{- else if eq (.Values.virtualization.internal.moduleConfig | dig "dvcr" "storage" "type" "") "PersistentVolumeClaim" }} replicas: 1 strategy: @@ -136,17 +106,6 @@ strategy: {{- end }} {{- end -}} -{{- define "dvcr.helm_lib_is_ha_to_value" -}} - {{- $context := index . 0 -}} - {{- $yes := index . 1 -}} - {{- $no := index . 2 -}} - {{- if and (include "helm_lib_ha_enabled" $context) (eq ($context.Values.virtualization.internal.moduleConfig | dig "dvcr" "storage" "type" "") "ObjectStorage") }} - {{- $yes -}} - {{- else }} - {{- $no -}} - {{- end }} -{{- end -}} - {{- define "dvcr.generate_dockercfg" -}} {{- $registry := index . 1 -}} {{- $user := index . 2 -}} diff --git a/templates/dvcr/deployment.yaml b/templates/dvcr/deployment.yaml index d551b9d4f1..1943aafe4c 100644 --- a/templates/dvcr/deployment.yaml +++ b/templates/dvcr/deployment.yaml @@ -49,7 +49,7 @@ metadata: namespace: d8-{{ .Chart.Name }} {{- include "helm_lib_module_labels" (list . (dict "app" "dvcr" )) | nindent 2 }} spec: - minAvailable: {{ include "dvcr.helm_lib_is_ha_to_value" (list . 1 0) }} + minAvailable: 0 selector: matchLabels: app: dvcr diff --git a/templates/dvcr/secret.yaml b/templates/dvcr/secret.yaml index 5422a149f8..15004d2184 100644 --- a/templates/dvcr/secret.yaml +++ b/templates/dvcr/secret.yaml @@ -39,21 +39,4 @@ metadata: type: kubernetes.io/dockerconfigjson data: {{- include "dvcr.generate_dockercfg" (list . $registry "admin" .Values.virtualization.internal.dvcr.passwordRW) | nindent 2 }} - -{{- if eq (.Values.virtualization.internal.moduleConfig | dig "dvcr" "storage" "type" "") "ObjectStorage"}} - ---- -apiVersion: v1 -kind: Secret -metadata: - name: dvcr-object-storage-credentials - namespace: d8-{{ .Chart.Name }} - {{- include "helm_lib_module_labels" (list . (dict "app" "dvcr" )) | nindent 2 }} -type: Opaque -data: - {{- if eq .Values.virtualization.internal.moduleConfig.dvcr.storage.objectStorage.type "S3"}} - s3AccessKey: {{ .Values.virtualization.internal.moduleConfig.dvcr.storage.objectStorage.s3.accessKey | quote }} - s3SecretKey: {{ .Values.virtualization.internal.moduleConfig.dvcr.storage.objectStorage.s3.secretKey | quote }} - {{- end }} -{{- end }} {{- end }} From cf7e7cfcb252acaae759e8a4d8f300c652f1138f Mon Sep 17 00:00:00 2001 From: Nikita Korolev Date: Fri, 5 Jun 2026 17:42:22 +0300 Subject: [PATCH 2/2] chore(module): exclude non-chart directories from helm packaging Add .github, api, hack, src, test, tools, tmp and CHANGELOG to .helmignore. These directories are not part of the deployed chart and may contain files larger than Helm's 5MB per-file limit (e.g. the cloned tools/kubeconform/kubeconform.git fixtures), which breaks `helm template`/`helm package` during local render validation. Signed-off-by: Nikita Korolev --- .helmignore | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/.helmignore b/.helmignore index 4bfefaf86a..8f239fb24b 100644 --- a/.helmignore +++ b/.helmignore @@ -11,3 +11,11 @@ release.yaml werf*.yaml NOTES.txt .git +.github +api +hack +src +test +tools +tmp +CHANGELOG