Custom CRD Download Strategy Support for Karmada Operator

[jabellard]

What type of PR is this?

/kind api-change

What this PR does / why we need it:
This is an implementation of the design outlined in this proposal.

Which issue(s) this PR fixes:
Fixes #5122

Special notes for your reviewer:

Does this PR introduce a user-facing change?:

`karmada-operator`: Introduced CRD download strategy that allows downloading CRD from a private source.

[codecov-commenter]

⚠️ Please install the to ensure uploads and comments are reliably processed by Codecov.

Codecov Report

Attention: Patch coverage is 0% with 56 lines in your changes missing coverage. Please review.

Project coverage is 28.37%. Comparing base (7f0961f) to head (1ae5bd1).
Report is 119 commits behind head on master.

Files	Patch %	Lines
operator/pkg/tasks/init/crd.go	0.00%	36 Missing ⚠️
operator/pkg/init.go	0.00%	15 Missing ⚠️
operator/pkg/tasks/init/karmadaresource.go	0.00%	5 Missing ⚠️

❗ Your organization needs to install the Codecov GitHub app to enable full functionality.

Additional details and impacted files

@@            Coverage Diff             @@
##           master    #5185      +/-   ##
==========================================
+ Coverage   28.29%   28.37%   +0.07%     
==========================================
  Files         632      632              
  Lines       43635    43823     +188     
==========================================
+ Hits        12348    12433      +85     
- Misses      30386    30486     +100     
- Partials      901      904       +3     

Flag	Coverage Δ
unittests	28.37% <0.00%> (+0.07%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[RainbowMango]

@chaunceyjiang would you like to take a look? to evaluate if there is any effect on your deployment.

[RainbowMango]

Generally looks good to me, thanks to @jabellard.

[chaunceyjiang]

/assign

[RainbowMango]

/retest

[RainbowMango]

/lgtm

Let's wait @chaunceyjiang for a while.

[chaunceyjiang]

1. This code is not compatible with the previous behavior.

2. I believe it is necessary to be compatible with the previous behavior, as this will facilitate user upgrades.

Therefore, I suggest that this code needs to check whether the path path.Join(data.DataDir(), data.KarmadaVersion()) exists. If it does, it should also skip the CRD download."

[chaunceyjiang]

As I mentioned in your proposal earlier, we have already stored the CRD files in this path in advance. We don't want the karmada-operator to download any files from the internet.

[RainbowMango]

I understand your concern is about changing the cache directory, before this feature, the tarball is cached at data.DataDir()/<KarmadaVersion>, and after this feature, the path becomes data.DataDir()/cache/<hashkey>.

Since you embed the tarball into the image, after this change you have to adopt the new path, which probably needs to make some changes to your Dockerfile. Am I right?

[chaunceyjiang]

which probably needs to make some changes to your Dockerfile

Yes, I need to modify the Dockerfile. But I am more concerned about: I am not clear about the value of hashkey in the path data.DataDir()/cache/<hashkey>. It seems that every Karmada version needs to guess what this value is.

[jabellard]

The approach you're using for pre-loading the CRD tarball can still work. For instance, the CRD tarball for version v1.10.3, by default, would be downloaded via this URL: https://github.com/karmada-io/karmada/releases/download/v1.10.3/crds.tar.gz. To preload, just store it at location data.DataDir()/cache/<cacheKey>, where cacheKey is simply the SHA-256 hash of that URL. It's deterministic.

[jabellard]

I think this caching strategy works just fine and follows an approach similar to how OCI images are pulled from registries.

With this feature, although the directory structure will change to accommodate the use of custom download strategies, the use case for pre-populating the CRD in the filesystem can still easily be supported.

However, given that this design is extensible, I do think we can provide a more natural solution for this use case. Today, an HTTPSource is supported, but, for instance, it's possible to also support a LocalFileSystemSource that may help solve this problem more naturally, but I think that's out of scope for this PR.

[chaunceyjiang]

https://github.com/calvin0327/karmada/blob/master/cluster/images/operator-offline.Dockerfile#L22-L27

This is the Dockerfile we are using. How do I calculate the cacheKey? Can I use sha256sum?

[jabellard]

Yes.

[jabellard]

@chaunceyjiang , any other comments/concerns?

[chaunceyjiang]

Thank you for your reply.

[chaunceyjiang]

/lgtm

[RainbowMango]

It seems we have reached an agreement!
Great thanks to @jabellard for the excellent job!

/approve

[karmada-bot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: RainbowMango

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• charts/OWNERS [RainbowMango]
• operator/OWNERS [RainbowMango]
• operator/pkg/apis/OWNERS [RainbowMango]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment