Design: "Image Configuration in Helm Chart" #7748
Conversation
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
There was a problem hiding this comment.
Pull Request Overview
This design doc proposes a new image configuration model for the Helm chart, aiming to simplify user customization and enable default digest support.
- Introduces a new $.imagePrefix for concise registry configuration.
- Deprecates the existing image.registry option in favor of a unified approach.
- Adds a mechanism to default to a combined tag and digest value when neither is provided.
typo fix Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
|
|
||
| ## Summary | ||
|
|
||
| We propose to replace the existing `image.registry` and `image.repository` options with `$.imagePrefix`, `image.name` and `image.repository`. Allowing users to change the registry/ image location by only changing 1 value (`$.imagePrefix`). Additionally, we will introduce the `image._defaultReference` value which will allow us to set a default digest value that still can be overwritten by setting `image.tag`. |
There was a problem hiding this comment.
Instead of introducing a custom "image prefix", I think we should fix the obviously wrong default on the image.registry value, and probably drop the image.repository value. The correct default for image.registry would at present be quay.io/jetstack, which will allow any user to set this once if pulling images through a proxy. There should be no need to override/set the image name.
Kyverno is doing this, and I think we should try to avoid doing something custom here. Ref. https://github.com/kyverno/kyverno/blob/main/charts/kyverno/values.yaml#L13
There was a problem hiding this comment.
I think that would break use case 1, which I think is a very common use case.
Could you explain your proposal by adding/ updating the use cases?
There was a problem hiding this comment.
Which use case? The most common reason to play around with these image settings is if you are in a situation where quay.io/jetstack is not directly available, and you have to use some kind of image proxy/mirroring solution. In this case, you don't want to set your image proxy/mirror registry more than once.
There was a problem hiding this comment.
So what I'm suggesting is about the same as you propose, except that we use "common" Helm values for this, instead of introducing something custom. My image.registry is the same as your image.prefix. This will be a breaking change no matter what.
There was a problem hiding this comment.
I would like to gather a set of helm install commands to understand the exact user-facing (breaking) changes.
My
image.registryis the same as yourimage.prefix.
The $.imagePrefix value would be common across all images used in the Helm chart. The goal is to change the registry in a single location. If you want to overwrite the registry for only one of the images, you will have to modify image.repository with a full image URL.
There was a problem hiding this comment.
Why can't we have a "global" image.registry property? It is the same as you are proposing, except that we follow an already established pattern in other Kubernetes community projects.
| ```yaml | ||
| # The container registry and repository namespace to pull the images from. | ||
| # +docs:property | ||
| imagePrefix: quay.io/jetstack |
There was a problem hiding this comment.
Probably out of scope, but when will this change to cert-manager.io?
There was a problem hiding this comment.
It might be a good idea to do this together with this change, such that we "group" possible breaking changes.
There was a problem hiding this comment.
Pull Request Overview
This design document proposes streamlining the Helm chart’s image configuration by replacing the current split configuration with a unified approach that leverages a new imagePrefix and introduces a default digest value for images. Key changes include:
- Replacing image.registry and image.repository with a unified imagePrefix combined with image.name.
- Introducing image._defaultReference for default tag and digest values.
- Documenting the new values.yaml structure and its usage scenarios.
Comments suppressed due to low confidence (1)
design/20250512.images-in-the-helm-chart.md:1
- [nitpick] Consider clarifying in the title whether the '$.' prefix is required in configuration or if it is used only to denote the combination of imagePrefix with image.name, to avoid potential confusion for users.
# Image Configuration in Helm Chart: add $.imagePrefix and support default digest
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
Design document for review & lazy consensus.
Leave a 👍 if you agree with the proposal, leave a comment with feedback otherwise.
Kind
/kind design
Release Note