Context
The kubeasy-cli is migrating from ArgoCD to direct deployment. Challenges will now be distributed via OCI artifacts instead of being pulled from Git by ArgoCD.
The CLI will pull artifacts from ghcr.io/kubeasy-dev/challenges/<slug>:latest using oras-go.
Requirements
OCI Artifact Structure
Each challenge artifact should contain:
manifests/ directory with all YAML manifests
policies/ directory with Kyverno policies (if any)
challenge.yaml metadata file
CI Pipeline
For each push to the challenge/refactoring-2024 branch (and eventually main):
- Detect modified challenges - Identify which challenge directories have changes
- Package artifacts - For each modified challenge, create an OCI artifact containing:
manifests/**/*.yaml
policies/**/*.yaml
challenge.yaml
- Push to registry - Push to
ghcr.io/kubeasy-dev/challenges/<slug>:latest
- Tag with commit SHA as well:
ghcr.io/kubeasy-dev/challenges/<slug>:<sha>
Suggested Implementation
- Use oras CLI in GitHub Actions
- Or use
ghcr.io with Docker/OCI standard tooling
- Authenticate with
GITHUB_TOKEN (automatic in GitHub Actions)
Example
# For a challenge "pod-evicted":
oras push ghcr.io/kubeasy-dev/challenges/pod-evicted:latest \
manifests/:application/vnd.kubeasy.manifests.v1.tar+gzip \
policies/:application/vnd.kubeasy.policies.v1.tar+gzip \
challenge.yaml:application/vnd.kubeasy.challenge.v1+yaml
Related
- CLI PR removing ArgoCD and adding OCI support is in progress on
kubeasy-cli
Context
The kubeasy-cli is migrating from ArgoCD to direct deployment. Challenges will now be distributed via OCI artifacts instead of being pulled from Git by ArgoCD.
The CLI will pull artifacts from
ghcr.io/kubeasy-dev/challenges/<slug>:latestusingoras-go.Requirements
OCI Artifact Structure
Each challenge artifact should contain:
manifests/directory with all YAML manifestspolicies/directory with Kyverno policies (if any)challenge.yamlmetadata fileCI Pipeline
For each push to the
challenge/refactoring-2024branch (and eventuallymain):manifests/**/*.yamlpolicies/**/*.yamlchallenge.yamlghcr.io/kubeasy-dev/challenges/<slug>:latestghcr.io/kubeasy-dev/challenges/<slug>:<sha>Suggested Implementation
ghcr.iowith Docker/OCI standard toolingGITHUB_TOKEN(automatic in GitHub Actions)Example
# For a challenge "pod-evicted": oras push ghcr.io/kubeasy-dev/challenges/pod-evicted:latest \ manifests/:application/vnd.kubeasy.manifests.v1.tar+gzip \ policies/:application/vnd.kubeasy.policies.v1.tar+gzip \ challenge.yaml:application/vnd.kubeasy.challenge.v1+yamlRelated
kubeasy-cli