Custom chart rewrite rules

[baby-gnu]

What is the problem this feature will solve?

When moving helm charts from chartmuseum to OCI, the image.repository is symply rewritten by replacing the hostname of the source chartmuseum registry with the full URI of the target OCI registry:

• in source image.repository: harbor.example.net/foo/bar:vX.Y.Z
• in OCI: image.repository: oci.example.net/foo/helm-charts/foo/bar:vX.Y.Z

I want something like this:

oci.example.net/
└── foo
    ├── helm-charts
    │   ├── bar
    │   └── quux
    ├── bar          # container image
    └── quux         # container image

Here is my configuration:

source:
  repo:
    kind: HARBOR
    url: https://harbor.example.net/chartrepo/foo
    auth:
	  username: robot-charts-syncer
	  password: XXXXX

target:
  repo:
    kind: OCI
    url: https://oci.example.net/foo/helm-charts
    auth:
	  username: robot$charts-syncer
	  password: XXXXX

What is the feature you are proposing to solve the problem?

I think we could have a rewriteRules configuration:

source:
  repo:
    kind: HARBOR
    url: https://harbor.example.net/chartrepo/foo
    auth:
	  username: robot-charts-syncer
	  password: XXXXX

target:
  repo:
    kind: OCI
    url: https://oci.example.net/foo/helm-charts
    auth:
	  username: robot$charts-syncer
	  password: XXXXX

rewriteRules:
  images:
    # store our images under the same project `foo`
	- source: harbor.example.net/(.*)
	  target: oci.example.net/$1
    ## external images pass through our proxys
	# docker.io → oci.example.net/proxy-dockerhub
    - source: docker.io/library/(.*)
	  target: oci.example.net/proxy-dockerhub/$1
	# registry.gitlab.com → oci.example.net/proxy-gitlab
    - source: registry.gitlab.com/(.*)
	  target: oci.example.net/proxy-gitlab/$1
  
  dependencies: # Rewrite charts dependencies
	# This one may be a default based on `source` and `target` above
	- source: https://harbor.example.net/chartrepo/foo
	  target: oci://oci.example.net/foo/helm-charts
    # Mirror charts under `foo` per project
	- source: oci://ghcr.io/([^/]+)/helm-charts
	  target: oci://oci.example.net/foo/$1/helm-charts

What alternatives have you considered?

Even syncing container images and helm charts together is not sufficient:

source:
  repo:
    kind: HARBOR
    url: https://harbor.example.net/chartrepo/foo
    auth:
	  username: robot-charts-syncer
	  password: XXXXX
  containers:
    url: https://harbor.example.net/foo
    auth:
	  username: robot-charts-syncer
	  password: XXXXX

target:
  repo:
    kind: OCI
    url: https://oci.example.net/foo/helm-charts
    auth:
	  username: robot$charts-syncer
	  password: XXXXX
  containers:
    url: https://oci.example.net/foo
    auth:
	  username: robot$charts-syncer
	  password: XXXXX

This produce image.repository: oci.example.net/foo/foo/bar:latest instead of image.repository: oci.example.net/foo/bar:latest.

[tompizmor]

Hi @baby-gnu!

We were already aware of the issue about the duplicated path when syncing container images and had a fix in mind. I have just released a new version of charts-syncer with the fix. See the version v2.4.0.

You should get the structure you want with this config file:

source:
  repo:
    kind: HARBOR
    url: https://harbor.example.net/chartrepo/foo
    auth:
	  username: robot-charts-syncer
	  password: XXXXX

target:
  repo:
    kind: OCI
    url: https://oci.example.net/foo/helm-charts
    auth:
	  username: robot$charts-syncer
	  password: XXXXX
  containers:
    url: https://oci.example.net/foo
    auth:
	  username: robot$charts-syncer
	  password: XXXXX

Can you give it a try?