search

authzed / spicedb-operator

Kubernetes controller for managing instances of SpiceDB
Apache License 2.0
63 stars 29 forks source link

Official Helm Chart #168

Open corkrean opened 1 year ago

corkrean commented 1 year ago

Creating this issue to track interest in an officially supported Helm chart for deploying SpiceDB.

Related to #76

Jolcik commented 1 year ago

It would be great to have an officially supported Helm Chart for SpiceDB. I saw the conversation in #76 and the chart created by @croemmich which is now linked in awesome-spicedb repository, but are there any plans on making it the official Helm chart? Is that something that I can possibly help with (of course in a cooperation with the original author)? Thanks!

vroldanbet commented 1 year ago

Some folks seem to be mantaining one for the operator, in case anyone interested: https://github.com/bushelpowered/spicedb-operator-chart

ChristianSch commented 1 year ago

Absolutely, a plug-and-play helm chart is one of the reasons to choose a project over the other.

ecordell commented 1 year ago

I think we can start to look at supporting an official helm chart. I played some with https://github.com/arttor/helmify and it seems like it would work to generate from the what we already have in the release pipeline. If that sees some use we could look more at something directly supported (instead of generated).

I am curious though - are there specific restrictions around using helm charts that make that more desirable? Or places where a helm chart is the only reasonable way to deploy it?

We already distribute kustomize manifests (which can be applied with just kubectl) and distribute the manifests in an OCI image (if you want simplified provenance). If there's specific target platforms or requirements for the helm chart that would be useful for us to understand.

What I like about distributing Kustomize is that it's dead-simple to modify as a user. With helm, if the thing you want to change isn't templated, you'll have to open an issue or PR here to get it added. But if we need helm, we need helm.

julienvincent commented 1 year ago

The biggest factor for me is that Pulumi has much better integration with Helm than with Kustomize. One such simple example is how namespaces are treated much more as first-class templated targets.

If I wanted to control the namespace into which the chart is deployed, I do the following:

const namespace = new kubernetes.core.v1.Namespace("my-custom-namespace", {})

new kubernetes.helm.v3.Chart(name, {
  fetchOpts: {
    repo: "https://bushelpowered.github.io/spicedb-operator-chart"
  },
  chart: "spicedb-operator",
  version: "1.0.8",
  namespace: namespace.metadata.name,
  values: {}
});

If I wanted to do this with Kustomize I would need to either write files to disk to modify this property or specify custom Pulumi transformers to modify the generated manifests which is very clunky.

ecordell commented 1 year ago

@julienvincent Thanks for the context! Looks like https://github.com/pulumi/pulumi-kubernetes/issues/2046 would make the kustomize experience in pulumi match the helm one, but for now I can see why you'd prefer helm.

croemmich commented 1 year ago

We have in-house cluster bootstrapping tools that expect everything is deployed with helm and our team is comfortable with it. It would be more effort to add Kustomize support than it was to make a helm chart.