Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

pull an image from a private registry #160

Merged
merged 3 commits into from
Oct 1, 2024
Merged

pull an image from a private registry #160

merged 3 commits into from
Oct 1, 2024

Conversation

eguzki
Copy link
Contributor

@eguzki eguzki commented Sep 26, 2024
edited
Loading

What

Pull an image from a private registry

Fixes #78

Verification steps

First, get some limitador image on a private repository. For example: quay.io/eastizle/limitador-private:v1.6.0 (this repo and image will be removed when this PR is merged).

dev setup

make local-setup

Create a Secret of type `kubernetes.io/dockerconfigjson by providing credentials. For example, using kubectl tool with the following command line:

kubectl create secret docker-registry regcred --docker-server=<your-registry-server> --docker-username=<your-name> --docker-password=<your-pword>

Deploy limitador with a custom image and a reference to the recently created regcred secret.

kubectl apply -f - <<EOF
---
apiVersion: limitador.kuadrant.io/v1alpha1
kind: Limitador
metadata:
  name: limitador-instance-1
spec:
  image: quay.io/eastizle/limitador-private:v1.6.0
  imagePullSecrets:
  - name: regcred
EOF

Wait for limitador to be ready

kubectl wait --timeout=300s --for=condition=Ready limitador limitador-instance-1

Check status

kubectl get limitador  limitador-instance-1 -o jsonpath='{.status}' | yq e -P

It should say Ready.

Now, let's deploy limitador with custom image from a private repository without providing imagepullsecrets. It will be a custom image different from the one used in the previous example. As the image of the previous example is already present in the cluster and the limitador deployment pullpolicy is "IfNotPresent", using that image even without imagepullsecrets would not fail.

kubectl apply -f - <<EOF
---
apiVersion: limitador.kuadrant.io/v1alpha1
kind: Limitador
metadata:
  name: limitador-instance-without-imagepullsecrets
spec:
  image: quay.io/eastizle/limitador-private:other
EOF

Check status

kubectl get limitador  limitador-instance-without-imagepullsecrets -o jsonpath='{.status}' | yq e -P

The answer should be: not "ready" with somewhat confusing message: "Deployment does not have minimum availability"

Checking pod status or events we can get more detailed information:

kubectl get events --field-selector reason=Failed

You should see https://quay.io/v2/eastizle/limitador-private/manifests/other: 401 UNAUTHORIZED

LAST SEEN   TYPE      REASON   OBJECT                                                                MESSAGE
2m11s       Warning   Failed   pod/limitador-limitador-instance-without-imagepullsecrets-6799fszk2   Failed to pull image "quay.io/eastizle/limitador-private:other": failed to pull and unpack image "quay.io/eastizle/limitador-private:other": failed to resolve reference "quay.io/eastizle/limitador-private:other": unexpected status from HEAD request to https://quay.io/v2/eastizle/limitador-private/manifests/other: 401 UNAUTHORIZED
2m11s       Warning   Failed   pod/limitador-limitador-instance-without-imagepullsecrets-6799fszk2   Error: ErrImagePull
109s        Warning   Failed   pod/limitador-limitador-instance-without-imagepullsecrets-6799fszk2   Error: ImagePullBackOff

Cleanup

make local-cleanup

@eguzki eguzki linked an issue Sep 26, 2024 that may be closed by this pull request
Production-ready: Configure possible different Image #78
Closed
@codecov-commenter
Copy link

codecov-commenter commented Sep 26, 2024
edited
Loading

⚠️ Please install the 'codecov app svg image' to ensure uploads and comments are reliably processed by Codecov.

Codecov Report

Attention: Patch coverage is 77.41935% with 7 lines in your changes missing coverage. Please review.

Project coverage is 83.94%. Comparing base (de60fb3) to head (347991e).

Files with missing lines Patch % Lines
pkg/reconcilers/deployment.go 44.44% 5 Missing ⚠️
controllers/limitador_controller.go 84.61% 2 Missing ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##             main     #160      +/-   ##
==========================================
- Coverage   84.90%   83.94%   -0.97%     
==========================================
  Files          19       19              
  Lines         994     1009      +15     
==========================================
+ Hits          844      847       +3     
- Misses         97      106       +9     
- Partials       53       56       +3
Flag Coverage Δ
integration 77.99% <77.41%> (-0.88%) ⬇️
unit 65.67% <50.00%> (-0.84%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

Components Coverage Δ
api/v1alpha1 (u) 100.00% <ø> (ø)
pkg/helpers (u) 83.87% <ø> (ø)
pkg/log (u) 94.73% <ø> (ø)
pkg/reconcilers (u) 73.52% <44.44%> (-1.15%) ⬇️
pkg/limitador (u) 98.11% <100.00%> (+<0.01%) ⬆️
controllers (i) 73.11% <84.61%> (-1.89%) ⬇️
pkg/upgrades 88.88% <ø> (ø)
Files with missing lines Coverage Δ
api/v1alpha1/limitador_types.go 100.00% <ø> (ø)
pkg/limitador/deployment_options.go 100.00% <100.00%> (ø)
pkg/limitador/k8s_objects.go 96.87% <100.00%> (+0.01%) ⬆️
controllers/limitador_controller.go 69.95% <84.61%> (-2.53%) ⬇️
pkg/reconcilers/deployment.go 95.37% <44.44%> (-4.63%) ⬇️

@eguzki eguzki force-pushed the 78-production-ready-configure-possible-different-image branch 2 times, most recently from eb2e95c to 2cdb660 Compare September 27, 2024 10:52
@eguzki
pull an image from a private registry
997b476 
Signed-off-by: Eguzki Astiz Lezaun <[email protected]>
@eguzki eguzki force-pushed the 78-production-ready-configure-possible-different-image branch from 2cdb660 to 71778b2 Compare September 27, 2024 11:04
@eguzki
imagepullSecrets to access private repos
42236a8 
Signed-off-by: Eguzki Astiz Lezaun <[email protected]>
@eguzki eguzki force-pushed the 78-production-ready-configure-possible-different-image branch from 71778b2 to 42236a8 Compare September 27, 2024 11:46
@eguzki eguzki self-assigned this Sep 27, 2024
@eguzki eguzki added kind/enhancement New feature or request size/medium area/api CRD or other public API related labels Sep 27, 2024
@eguzki
fix lint issues
347991e 
Signed-off-by: Eguzki Astiz Lezaun <[email protected]>
@eguzki eguzki marked this pull request as ready for review September 27, 2024 12:17
@eguzki eguzki requested review from adam-cattermole, KevFan, Boomatang and didierofrivia and removed request for adam-cattermole September 27, 2024 12:17
KevFan
KevFan approved these changes Sep 30, 2024
View reviewed changes
Copy link
Contributor

@KevFan KevFan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Verified! Changes looks good to me! 👍

@eguzki eguzki merged commit 41baa87 into main Oct 1, 2024
16 checks passed
@eguzki eguzki deleted the 78-production-ready-configure-possible-different-image branch October 1, 2024 07:28
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@KevFan KevFan KevFan approved these changes

@Boomatang Boomatang Awaiting requested review from Boomatang

@didierofrivia didierofrivia Awaiting requested review from didierofrivia

Assignees

@eguzki eguzki

Labels
area/api CRD or other public API related kind/enhancement New feature or request size/medium
Projects
Kuadrant
Status: Done
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Production-ready: Configure possible different Image
3 participants
@eguzki @codecov-commenter @KevFan