-
Notifications
You must be signed in to change notification settings - Fork 7.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
istioctl kube-inject defaults to short SHA from gcr.io/istio-testing should be long sha (or we should push short shas) #672
Comments
updated subject as it's unrelated to bookinfo. full workaround is
ps: should be in pilot as pilot is where istioctl is built |
Here are two options for fixing the issue in istioctl:
diff --git a/bin/get_workspace_status b/bin/get_workspace_status
index 451b75e..64bb91d 100755
--- a/bin/get_workspace_status
+++ b/bin/get_workspace_status
@@ -30,7 +30,7 @@ function get_branch() {
fi
}
-BUILD_GIT_REVISION=$(git rev-parse --short HEAD 2> /dev/null)
+BUILD_GIT_REVISION=$(git rev-parse HEAD 2> /dev/null)
if [[ $? == 0 ]]; then
BRANCH="$(get_branch)"
git diff-index --quiet HEAD Option (2) is probably easier since it doesn't require modifying multiple repos? |
@sebastienvas @yutongz Can option 1 be done? Option 2 is easier to implement, but it will result in long and ugly injected container, also used by initializer, affecting Istio long term. BTW, this is only for temporary images in gcr.io. A third option is to leave with the workaround. |
There are currently a lot of tools that assume the full SHA. @chxchx. I think jason solution is simple enough. |
I think long sha is best as this doesn't apply to releases |
this is actually not quite fixed because it still uses docker.io (are we pushing to both ?)
|
We only push releases to docker.io, intermediate images are pushed to gcr.io |
I think the default should be to use docker.io as this is for the release, for testing people need to use --hub gcr.io/istio-testing. |
we should be able to bake gcr.io along the long SHAs vs docker.io and releases |
I am not understanding what there is left to do. Can we close this ? |
what is left is that it's not working yet because it tries to fetch #672 (comment) |
is this still an issue? I have been using transparent proxy injection myself. |
It's still an issue. Will move it to 0.3. |
Tried to deploy manually bookinfo as before:
kubectl apply -f <(istioctl kube-inject --hub gcr.io/istio-testing -f samples/apps/bookinfo/bookinfo.yaml)
Pods do not start:
19s 2s 2 kubelet, gke-cluster-1-default-pool-c0105838-mr9c spec.initContainers{istio-init} Warning Failed Failed to pull image "gcr.io/istio-testing/proxy_init:fb947d4": rpc error: code = 2 desc = Error: Status 405 trying to pull repository istio-testing/proxy_init: "v1 Registry API is disabled. If you are not explicitly using the v1 Registry API, it is possible your v2 image could not be found. Verify that your image is available, or retry with
dockerd --disable-legacy-registry
. See https://cloud.google.com/container-registry/docs/support/deprecation-notices"The workaround is to use the full sha and specify in kube-inject params:
kubectl apply -f <(istioctl kube-inject --hub gcr.io/istio-testing --tag fb947d4c6d0902a841e0e82ffa3bee16786be0df -f samples/apps/bookinfo/bookinfo.yaml)
The text was updated successfully, but these errors were encountered: