Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[installer]: add image pull secrets and custom image registry #6983

Merged
merged 3 commits into from
Dec 7, 2021
Merged

[installer]: add image pull secrets and custom image registry #6983

merged 3 commits into from
Dec 7, 2021

Conversation

mrsimonemms
Copy link
Contributor

@mrsimonemms mrsimonemms commented Nov 30, 2021
edited
Loading

Description

Add image pull secrets to Gitpod components

Limitations

  1. This explicitly does not include pulling Gitpod workspace images from a private registry - just images declared by Kubernetes
  2. An in-cluster container registry is not supported. You must also pull your images from the same container registry as you push workspace-images to

The limitations are related to the registry-facade only having a single .dockerconfigjson set to /mnt/pull-secret.json as the configmap only allows a single AuthCfg. This means that images such as docker-up and supervisor won't be downloaded if using a different repository. If we decide to support the above two limitations, the AuthCfg will need to accept an array of pull secrets.

Mirroring

For external image names, the convention of path/name is followed which will make it easier to mirror. This means that anything in docker.io is written out in full - eg, alpine becomes library/alpine. Any Gitpod images just have the given container registry replaced fully - eg, eu.gcr.io/gitpod-core-dev/build/agent-smith becomes mynewrepo.com/agent-smith

A simple bash script to mirror images to your own registry is contained in #6756

Related Issue(s)

Fixes #6979
Fixes #6989
Fixes #6990

How to test

I have a private container registry with the images in. Can share/demo when necessary

Release Notes

[installer]: add image pull secrets to gitpod components

Documentation

@codecov
Copy link

codecov bot commented Nov 30, 2021
edited
Loading

Codecov Report

Merging #6983 (036f7bc) into main (64539bf) will decrease coverage by 1.76%.
The diff coverage is 0.00%.

Impacted file tree graph

@@           Coverage Diff            @@
##            main   #6983      +/-   ##
========================================
- Coverage   7.52%   5.76%   -1.77%     
========================================
  Files         15      13       -2     
  Lines       1315    1162     -153     
========================================
- Hits          99      67      -32     
+ Misses      1213    1094     -119     
+ Partials       3       1       -2
Flag Coverage Δ
components-local-app-app-linux-amd64 ?
components-local-app-app-linux-arm64 ?
components-local-app-app-windows-386 ?
components-local-app-app-windows-amd64 ?
components-local-app-app-windows-arm64 ?
installer-raw-app 5.76% <0.00%> (-0.08%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files Coverage Δ
installer/pkg/common/common.go 4.64% <0.00%> (-0.11%) ⬇️
installer/pkg/common/objects.go 0.00% <0.00%> (ø)
components/local-app/pkg/auth/pkce.go
components/local-app/pkg/auth/auth.go

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 64539bf...036f7bc. Read the comment docs.

@roboquat roboquat added size/L and removed size/M labels Nov 30, 2021
@mrsimonemms mrsimonemms force-pushed the sje/installer-gp-img-pull-secrets branch 2 times, most recently from b79f9e9 to 0532649 Compare December 1, 2021 09:36
@mrsimonemms mrsimonemms changed the title [installer]: add image pull secrets to gitpod components [installer]: add image pull secrets and custom image registry Dec 1, 2021
@mrsimonemms mrsimonemms force-pushed the sje/installer-gp-img-pull-secrets branch 3 times, most recently from 004cf95 to e52fc72 Compare December 1, 2021 11:19
@mrsimonemms mrsimonemms force-pushed the sje/installer-gp-img-pull-secrets branch from e52fc72 to 036f7bc Compare December 2, 2021 13:55
@mrsimonemms mrsimonemms marked this pull request as ready for review December 2, 2021 14:13
@csweichel
Copy link
Contributor

did not test this, but code lgtm

/lgtm

@roboquat roboquat added the lgtm label Dec 7, 2021
@roboquat
Copy link
Contributor

roboquat commented Dec 7, 2021

LGTM label has been added.

Git tree hash: 57172b589fe24af9fdb3620b47085322b4cc3b9a

@mrsimonemms mrsimonemms requested a review from a team December 7, 2021 12:41
@geropl
Copy link
Member

geropl commented Dec 7, 2021

/lgtm

@roboquat
Copy link
Contributor

roboquat commented Dec 7, 2021

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: csweichel, geropl

Associated issue: #6756

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@roboquat roboquat merged commit d0f8ddb into main Dec 7, 2021
@roboquat roboquat deleted the sje/installer-gp-img-pull-secrets branch December 7, 2021 12:46
@roboquat roboquat added deployed: workspace Workspace team change is running in production deployed Change is completely running in production labels Dec 9, 2021
@mrsimonemms mrsimonemms mentioned this pull request Dec 17, 2021
Closed
@SirLemyDanger SirLemyDanger mentioned this pull request Mar 4, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@aledbf aledbf Awaiting requested review from aledbf

@csweichel csweichel Awaiting requested review from csweichel

Assignees

@csweichel csweichel

@geropl geropl

Labels
approved deployed: workspace Workspace team change is running in production deployed Change is completely running in production release-note size/L team: workspace Issue belongs to the Workspace team
Projects
None yet
Milestone
No milestone
4 participants
@mrsimonemms @csweichel @roboquat @geropl