-
Notifications
You must be signed in to change notification settings - Fork 38.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Normalize RepoTags before checking for match #53161
Conversation
/release-note-none |
@@ -60,6 +60,13 @@ func matchImageTagOrSHA(inspected dockertypes.ImageInspect, image string) bool { | |||
// hostname or not, we only check for the suffix match. | |||
if strings.HasSuffix(image, tag) || strings.HasSuffix(tag, image) { | |||
return true | |||
} else { | |||
t, _ := dockerref.ParseNormalizedNamed(tag) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
if this returns an error, we should continue, not ignore it
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done
@@ -60,6 +60,13 @@ func matchImageTagOrSHA(inspected dockertypes.ImageInspect, image string) bool { | |||
// hostname or not, we only check for the suffix match. | |||
if strings.HasSuffix(image, tag) || strings.HasSuffix(tag, image) { | |||
return true | |||
} else { | |||
t, _ := dockerref.ParseNormalizedNamed(tag) | |||
t2 := t.(dockerref.Tagged) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
check the cast t2, ok := t.(dockerref.Tagged)
and continue if !ok
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done!
} else { | ||
t, _ := dockerref.ParseNormalizedNamed(tag) | ||
t2 := t.(dockerref.Tagged) | ||
normalizedTag := t2.String() |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
if normalizedTag is empty, continue
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done!
2c77e59
to
db77832
Compare
/cc @yguo0905 FYI |
@yujuhong: GitHub didn't allow me to request PR reviews from the following users: FYI. Note that only kubernetes members can review this PR, and authors cannot review their own PRs. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
this LGTM, manually building/verifying now |
cc @miminar |
Duh, needed to fix gofmt |
@dims Please add comment to explain why we are doing this, and link to corresponding K8s issue. I'm worried that we may forget why we are doing this in the future. And we should also fix docker on centos to properly return image reference so as to get rid of this hack in the future. |
@Random-Liu where in the commit message itself? |
I tested on Fedora 26
verified the following works as expected after this fix:
|
/approve |
/test pull-kubernetes-e2e-gce-bazel |
/test pull-kubernetes-unit |
@@ -60,6 +60,38 @@ func matchImageTagOrSHA(inspected dockertypes.ImageInspect, image string) bool { | |||
// hostname or not, we only check for the suffix match. | |||
if strings.HasSuffix(image, tag) || strings.HasSuffix(tag, image) { | |||
return true | |||
} else { | |||
// TODO: We need to remove this hack when project atomic based | |||
// docker distro(s) like centos/fedora/rhel image fix problems on |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
double space.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks fixed.
LGTM with one nit. |
on projectatomic-based docker, we get "docker.io/library/busybox:latest" when someone uses an unqualified name like "busybox". Though when we inspect, the RepoTag will still say "docker.io/busybox:latest", So we have reparse the tag, normalize it and try again. Please see the additional test case. Signed-off-by: Andy Goldstein <andy.goldstein@gmail.com>
/lgtm |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: derekwaynecarr, dims, ncdc Associated issue: 52110 The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these OWNERS Files:
You can indicate your approval by writing |
@dims thanks for carrying this forward |
/test pull-kubernetes-e2e-gce-bazel |
verified fix CentOS 7.4.1708
|
Automatic merge from submit-queue (batch tested with PRs 52634, 53121, 53161). If you want to cherry-pick this change to another branch, please follow the instructions here. |
…1-upstream-release-1.8 Automatic merge from submit-queue. Automated cherry pick of #53161 Cherry pick of #53161 on release-1.8. #53161: Normalize RepoTags before checking for match ```release-note Fixes an issue pulling pod specs referencing unqualified images from docker.io on centos/fedora/rhel ```
Commit found in the "release-1.8" branch appears to be this PR. Removing the "cherrypick-candidate" label. If this is an error find help to get your PR picked. |
Automatic merge from submit-queue (batch tested with PRs 18225, 18351, 18331, 18340, 18326). UPSTREAM: 58955: pkg: kubelet: do not assume anything about images names kubernetes/kubernetes#58955 removes the need for #18020 see history: kubernetes/kubernetes#51751 kubernetes/kubernetes#52110 kubernetes/kubernetes#53161 @liggitt @derekwaynecarr @frobware @mrunalp @runcom
Automatic merge from submit-queue (batch tested with PRs 18225, 18351, 18331, 18340, 18326). UPSTREAM: 58955: pkg: kubelet: do not assume anything about images names kubernetes#58955 removes the need for openshift/origin#18020 see history: kubernetes#51751 kubernetes#52110 kubernetes#53161 @liggitt @derekwaynecarr @frobware @mrunalp @runcom Origin-commit: d91de347457d7f6f3d1859c671c7355cc193d038
Automatic merge from submit-queue (batch tested with PRs 18225, 18351, 18331, 18340, 18326). UPSTREAM: 58955: pkg: kubelet: do not assume anything about images names kubernetes#58955 removes the need for openshift/origin#18020 see history: kubernetes#51751 kubernetes#52110 kubernetes#53161 @liggitt @derekwaynecarr @frobware @mrunalp @runcom Origin-commit: d91de347457d7f6f3d1859c671c7355cc193d038
What this PR does / why we need it:
on projectatomic-based docker, we get "docker.io/library/busybox:latest"
when someone uses an unqualified name like "busybox". Though when we
inspect, the RepoTag will still say "docker.io/busybox:latest", So
we have reparse the tag, normalize it and try again. Please see the
additional test case.
Signed-off-by: Andy Goldstein andy.goldstein@gmail.com
Which issue this PR fixes (optional, in
fixes #<issue number>(, fixes #<issue_number>, ...)
format, will close that issue when PR gets merged): fixes #Fixes #52110
Special notes for your reviewer:
Release note: