Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[image-builder-bob] Introduce URL processing for non docker api urls #10266

Merged
merged 1 commit into from
Jun 1, 2022
Merged

[image-builder-bob] Introduce URL processing for non docker api urls #10266

merged 1 commit into from
Jun 1, 2022

Conversation

princerachit
Copy link
Contributor

@princerachit princerachit commented May 25, 2022
edited

Description

Introduce a new function rewriteNonDockerAPIURL which can be used to rewrite URLs in bob proxy when the URL endpoint is NOT a docker api endpoint. See all docker registry endpoints here, it must start with /v2/.

As a side effect of this change gitpod will support Google Artifact Registry as a container registry.

Related Issue(s)

Fixes #10241

How to test

Pre requisite

You need a self hosted version of gitpod to test out GAR and Azure. You will need to setup container registry during installation.

GAR

For GAR you will need to create a GAR in a google project e.g. playground and then create a service account which has write permission to that registry. After that create a key for the service account and use it to login locally in your workspace.

Example below. You can read more here

cat my-svc-acc-key.json | docker login -u _json_key --password-stdin https://europe-docker.pkg.dev
  1. You can also use workspace-preview cluster to test this.
  2. Create a cluster and then copy the gitpod-config.yml from instance to your local workspace. You need to update the container registry config in this file before rendering using reapply.sh. See example gitpod-config.yaml change here.
  3. Configure your kubeconfig to point to this cluster. Better remove any other entry from your kubeconfig.
  4. Create a Script called reapply.sh
  5. Create a file proxy-patch.json
  6. Create a file trim.py. This will help in faster iteration of gitpod installation update'
  7. Render kubectl manifests: ./reapply.sh render. Make Sure to update the reapply.sh file secret creation step first.
  8. Deploy/Update gitpod using: ./reapply.sh deploy. Wait for a minute or two for the pods to come up.
  9. Start a workspace in your preview env.

I have tested with following registries:

  1. ✅ Azure - Workspace-preview cluster - See Loom Video
  2. ✅ GAR - Workspace-preview cluster - See Loom Video
  3. ✅ GCR - Preview env. Through the werft build of this PR - See Loom Video

Logs

Sample log from Image Build pod:

{"level":"info","message":"serving request","req":"/v2/prince-tf-experiments/dazzle/workspace-images/manifests/d260bb6ec50dd5b70a2acd883afb5cb39d9ad508dd0ddb5b2d25bdf8d9a87545","serviceContext":{"service":"bob","version":""},"severity":"INFO","time":"2022-05-26T13:03:20Z"}
2022/05/26 13:03:20 [DEBUG] HEAD https://europe-docker.pkg.dev/v2/prince-tf-experiments/dazzle/workspace-images/manifests/d260bb6ec50dd5b70a2acd883afb5cb39d9ad508dd0ddb5b2d25bdf8d9a87545
{"host":"europe-docker.pkg.dev","level":"info","message":"authorizing registry access","serviceContext":{"service":"bob","version":""},"severity":"INFO","time":"2022-05-26T13:03:20Z","user":"_json_key"}
2022/05/26 13:03:20 [DEBUG] HEAD https://europe-docker.pkg.dev/v2/prince-tf-experiments/dazzle/workspace-images/manifests/d260bb6ec50dd5b70a2acd883afb5cb39d9ad508dd0ddb5b2d25bdf8d9a87545 (status: 401): retrying in 1s (3 left)
#5 pushing layers 14.4s done
#5 pushing manifest for localhost:8080/target:latest@sha256:3c93c7fc99a4471887ca128f0e18481e30b65ee6c63ae200697c11d3a1ffab84
{"grpc.code":"OK","grpc.method":"ContentStatus","grpc.service":"supervisor.StatusService","grpc.start_time":"2022-05-26T13:03:21Z","grpc.time_ms":0.037,"level":"info","message":"finished unary call with code OK","serviceContext":{"service":"supervisor","version":"commit-ab3f40db9e68ca471596056126f2d856ae59afe3"},"severity":"INFO","span.kind":"server","system":"grpc","time":"2022-05-26T13:03:21Z"}
{"level":"info","message":"serving request","req":"/v2/prince-tf-experiments/dazzle/workspace-images/manifests/d260bb6ec50dd5b70a2acd883afb5cb39d9ad508dd0ddb5b2d25bdf8d9a87545","serviceContext":{"service":"bob","version":""},"severity":"INFO","time":"2022-05-26T13:03:21Z"}
2022/05/26 13:03:21 [DEBUG] PUT https://europe-docker.pkg.dev/v2/prince-tf-experiments/dazzle/workspace-images/manifests/d260bb6ec50dd5b70a2acd883afb5cb39d9ad508dd0ddb5b2d25bdf8d9a87545
{"host":"europe-docker.pkg.dev","level":"info","message":"authorizing registry access","serviceContext":{"service":"bob","version":""},"severity":"INFO","time":"2022-05-26T13:03:22Z","user":"_json_key"}
2022/05/26 13:03:22 [DEBUG] PUT https://europe-docker.pkg.dev/v2/prince-tf-experiments/dazzle/workspace-images/manifests/d260bb6ec50dd5b70a2acd883afb5cb39d9ad508dd0ddb5b2d25bdf8d9a87545 (status: 401): retrying in 1s (3 left)
{"grpc.code":"OK","grpc.method":"ContentStatus","grpc.service":"supervisor.StatusService","grpc.start_time":"2022-05-26T13:03:22Z","grpc.time_ms":0.035,"level":"info","message":"finished unary call with code OK","serviceContext":{"service":"supervisor","version":"commit-ab3f40db9e68ca471596056126f2d856ae59afe3"},"severity":"INFO","span.kind":"server","system":"grpc","time":"2022-05-26T13:03:22Z"}
{"level":"info","message":"Original location: /v2/prince-tf-experiments/dazzle/workspace-images/manifests/d260bb6ec50dd5b70a2acd883afb5cb39d9ad508dd0ddb5b2d25bdf8d9a87545","serviceContext":{"service":"bob","version":""},"severity":"INFO","time":"2022-05-26T13:03:23Z"}
{"level":"info","message":"Rewrote location: http://localhost:8080/v2/target/manifests/d260bb6ec50dd5b70a2acd883afb5cb39d9ad508dd0ddb5b2d25bdf8d9a87545","serviceContext":{"service":"bob","version":""},"severity":"INFO","time":"2022-05-26T13:03:23Z"}
#5 pushing manifest for localhost:8080/target:latest@sha256:3c93c7fc99a4471887ca128f0e18481e30b65ee6c63ae200697c11d3a1ffab84 2.5s done
#5 DONE 16.9s
exit
{"alias":"5f7d75b3-73a1-44ed-a1b5-9417d0d8f666","level":"info","message":"closing terminal","serviceContext":{"service":"supervisor","version":"commit-ab3f40db9e68ca471596056126f2d856ae59afe3"},"severity":"INFO","time":"2022-05-26T13:03:23Z"}
{"level":"info","message":"received SIGTERM (or shutdown) - tearing down","serviceContext":{"service":"supervisor","version":"commit-ab3f40db9e68ca471596056126f2d856ae59afe3"},"severity":"INFO","time":"2022-05-26T13:03:23Z"}
{"level":"info","message":"shutting down API endpoint","serviceContext":{"service":"supervisor","version":"commit-ab3f40db9e68ca471596056126f2d856ae59afe3"},"severity":"INFO","time":"2022-05-26T13:03:23Z"}
{"alias":"5f7d75b3-73a1-44ed-a1b5-9417d0d8f666","level":"info","message":"terminal client left","serviceContext":{"service":"supervisor","version":"commit-ab3f40db9e68ca471596056126f2d856ae59afe3"},"severity":"INFO","time":"2022-05-26T13:03:23Z"}

🤙 This task ran as a workspace prebuild
🎉 Well done on saving 3 minutes

Release Notes

Add Support for Google Artifact Registry as Container Registry

Documentation

https://github.com/gitpod-io/website/issues/2128

@roboquat roboquat added size/M and removed size/XS labels May 26, 2022
@princerachit princerachit changed the title [image-builder-bob] Support Google Artifact registry [image-builder-bob] Introduce URL processing for non docker api urls May 26, 2022
@princerachit princerachit marked this pull request as ready for review May 26, 2022 13:35
@princerachit princerachit requested a review from a team May 26, 2022 13:35
@github-actions github-actions bot added the team: workspace Issue belongs to the Workspace team label May 26, 2022
sagor999
sagor999 suggested changes May 27, 2022
View reviewed changes
Copy link
Contributor

@sagor999 sagor999 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

code looks good I think, but would love to see unit tests.

components/image-builder-bob/pkg/proxy/proxy.go Show resolved Hide resolved
components/image-builder-bob/pkg/proxy/proxy.go Outdated Show resolved Hide resolved
[image-builder] Intro non-docker url rewrite
1f9c1b9 
Process docker api urls starting with /v2/
differently from non-docker api url whose path does not
start with /v2/.
@roboquat roboquat added size/L and removed size/M labels May 27, 2022
@princerachit princerachit requested review from sagor999 and a team May 27, 2022 06:45
sagor999
sagor999 approved these changes May 28, 2022
View reviewed changes
Copy link
Contributor

@sagor999 sagor999 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

/hold

adding hold though to coordinate with webapp @kylos101 @geropl on unpinning bob version in webapp cluster.

csweichel
csweichel reviewed May 30, 2022
View reviewed changes
components/image-builder-bob/pkg/proxy/proxy_test.go
for _, test := range tests {
t.Run(test.Name, func(t *testing.T) {
rewriteDockerAPIURL(&test.in.u, test.in.fromRepo, test.in.toRepo, test.in.host, test.in.tag)
if test.in.u.Path != test.u.Path {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

minor nit: most tests use cmp.Diff to verify the result, e.g. here.

Makes for an easier read and improved consistency.

@csweichel
Copy link
Contributor

cc @geropl

Can we unhold here? This might be important for a self-hosted install.

@kylos101
Copy link
Contributor

kylos101 commented Jun 1, 2022

cc @geropl

Can we unhold here? This might be important for a self-hosted install.

@csweichel I think so? The pin was removed here. Am I missing anything, @geropl ?

Tomorrow (Wednesday), I'd like to rebase, unhold, and merge these PRs, so they can be tested in staging, in advance of Thursday's deploy. I'm just not sure how to initiate a deploy to staging, or, if that is automatic on merge to main.

  1. [image-builder] replace reference to aliases with actual repo for cross mount blobs #10192
  2. [image-builder-bob] Introduce URL processing for non docker api urls #10266 (this one)

We also need to revert this revert in a new PR (which I also plan to do tomorrow):

  1. Revert "[image-builder-bob] Use separate auth for target and base" #10225, to redo [image-builder-bob] Use separate auth for target and base #10094

If a self-hosted install is in a pinch, rather than wait for this PR to get merged, I'd recommend creating a patch branch from the latest self-hosted release, and cherrypick #10266. I say that because it'd allow both work streams to continue independently, w/o creating dependencies on this PR being merged right away.

@geropl
Copy link
Member

geropl commented Jun 1, 2022

Can we unhold here?

💯 👍 @kylos101 @csweichel

@iQQBot
Copy link
Contributor

iQQBot commented Jun 1, 2022

mark here

@csweichel
Copy link
Contributor

/hold cancel

@roboquat roboquat merged commit f2a2968 into main Jun 1, 2022
@roboquat roboquat deleted the prs/support-gar branch June 1, 2022 17:19
@roboquat roboquat added deployed: workspace Workspace team change is running in production deployed Change is completely running in production labels Jun 21, 2022
@atduarte atduarte mentioned this pull request Jul 25, 2022
Closed
@utam0k utam0k mentioned this pull request Aug 1, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@csweichel csweichel csweichel left review comments

@sagor999 sagor999 sagor999 approved these changes

Assignees
No one assigned
Labels
deployed: workspace Workspace team change is running in production deployed Change is completely running in production release-note size/L team: workspace Issue belongs to the Workspace team
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Add Google Artifact Registry (GAR) support as container registry
7 participants
@princerachit @csweichel @kylos101 @geropl @iQQBot @sagor999 @roboquat