Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Passing Custom Parameters to the Image Building Job Container #68

Closed
pepesi opened this issue Mar 29, 2024 · 3 comments
Closed

Passing Custom Parameters to the Image Building Job Container #68

pepesi opened this issue Mar 29, 2024 · 3 comments

Comments

@pepesi
Copy link

pepesi commented Mar 29, 2024

My base image is in an internal Docker registry without TLS. When the image builder (Kaniko) operates, it defaults to pulling images via HTTPS, which leads to a failure in building the image. I noticed that the parameters for Kaniko are hardcoded in the Bentorequest's controller, and it seems there's no option to add the --insecure-pull or --insecure-registry parameters.

Currently, I have modified the Kaniko image, using something like /kaniko/origin-executor --insecure-registry=MYREGISTRY.REPO $@ to work around this issue.

Is this by design?
If not, is it possible to add this parameter through an environment variable, similar to DOCKER_INSECURE_REGISTRY?
@yetone
Copy link
Member

yetone commented Mar 29, 2024

‌‌‌‌‌‌Hello, we already possess the pertinent installation parameter DOCKER_REGISTRY_SECURE. For more details, please refer to the installation documentation:

https://docs.yatai.io/en/latest/installation/yatai_image_builder.html#prepare-container-registry

@pepesi
Copy link
Author

pepesi commented Mar 29, 2024

I was following the instructions from the document you posted, but I specified a docker.base_image in the bentomlfile, which is an image from my private.repo. When the image-builder tries to pull this image, it encounters an error, similar to "requested HTTPS but received an HTTP response".

After looking at the command-line help for kaniko, it mentions the following parameter:

      --insecure                                  Push to insecure registry using plain HTTP
      --insecure-pull                             Pull from insecure registry using plain HTTP
      --insecure-registry multi-arg type          Insecure registry using plain HTTP to push and pull. Set it repeatedly for multiple registries.

According to its description, the --insecure parameter only controls the push operation, not the pull operation. To control the pull operation, you must use the --insecure-pull or --insecure-registry parameter.

I noticed that the current controller's code has hardcoded kaniko parameters. What I would like is the ability to pass the --insecure-pull or --insecure-registry parameter from somewhere. Considering the need to better support other custom behaviors, perhaps allowing the passing of more key-value formatted parameters would be even better.

@pepesi
Copy link
Author

pepesi commented Apr 1, 2024

Sorry for my oversight, there actually is an implementation for this "extra parameter". It might not have been mentioned in the documentation.

It is possible to achieve this through the builder_args in the configMap yatai-image-builder-config.

yatai-image-builder/controllers/resources/bentorequest_controller.go

Lines 2452 to 2460 in d4ab40b

builderArgs = []string{}
if val, ok := configCm.Data["builder_args"]; ok {
err = yaml.Unmarshal([]byte(val), &builderArgs)
if err != nil {
err = errors.Wrapf(err, "failed to yaml unmarshal builder_args, please check the configmap %s in namespace %s", configCmName, configNamespace)
return
}
}
logrus.Info("passed in builder args: ", builderArgs)

@pepesi pepesi closed this as completed Apr 1, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@yetone @pepesi