Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[kots]: only add to base image allow list in airgapped mode #11878

Merged
merged 1 commit into from
Aug 5, 2022
Merged

[kots]: only add to base image allow list in airgapped mode #11878

merged 1 commit into from
Aug 5, 2022

Conversation

mrsimonemms
Copy link
Contributor

@mrsimonemms mrsimonemms commented Aug 4, 2022
edited

Description

Change the allowlist so it only amends the privateBaseImageAllowList in airgapped mode. As the Replicated proxy URLs were getting added (pointlessly - the base image is never them), this only needs adding for airgapped mode.

docker.io is still added in when in "airgapped mode" as this would be activated if someone is just mirroring their container images (this is possible in KOTS even if the license doesn't allow for airgapped installations).

The codebase in question

How to test

Non Airgapped

  • Deploy via KOTS in non-airgapped mode
  • Run kubectl get configmaps -n gitpod gitpod -o jsonpath='{.data.config\.yaml}'
  • Should see the following:
containerRegistry:
  privateBaseImageAllowList: []

Airgapped

  • Deploy via KOTS in airgapped mode
  • Run kubectl get configmaps -n gitpod gitpod -o jsonpath='{.data.config\.yaml}'
  • Should see the following:
containerRegistry:
  privateBaseImageAllowList:
  - <airgapped-hostname>
  - docker.io

Release Notes

[kots]: add docker.io to registry allowlist

Documentation

Werft options:

  • /werft with-preview

@mrsimonemms mrsimonemms marked this pull request as ready for review August 4, 2022 10:52
@mrsimonemms mrsimonemms requested a review from a team August 4, 2022 10:52
@github-actions github-actions bot added the team: delivery Issue belongs to the self-hosted team label Aug 4, 2022
@mrsimonemms mrsimonemms marked this pull request as draft August 4, 2022 10:56
@mrzarquon
Copy link
Contributor

This looks good for now - we need to decide how to handle defaultbaseimage / expose it better as a setting (see also: workspace-base as default in the future -> #10359 ) but since we know docker.io/gitpod/workspace-full:latest is our current defaultbaseimage, it should be allowed

@mrsimonemms mrsimonemms changed the title [kots]: add docker.io to registry allowlist [kots]: only add to base image allow list in airgapped mode Aug 4, 2022
@mrsimonemms mrsimonemms force-pushed the sje/kots-add-dockerio branch 2 times, most recently from 624d685 to c67568a Compare August 4, 2022 11:10
@mrsimonemms mrsimonemms marked this pull request as ready for review August 5, 2022 09:58
@roboquat roboquat merged commit 51189bd into main Aug 5, 2022
@roboquat roboquat deleted the sje/kots-add-dockerio branch August 5, 2022 10:42
@mrsimonemms mrsimonemms mentioned this pull request Aug 5, 2022
Closed
1 task
@jimmybrancaccio jimmybrancaccio mentioned this pull request Aug 5, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nandajavarma nandajavarma nandajavarma approved these changes

Assignees
No one assigned
Labels
release-note size/XS team: delivery Issue belongs to the self-hosted team
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@mrsimonemms @mrzarquon @nandajavarma @roboquat