New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Added support for Kaniko external registries #1495
Conversation
@FelGel - We're releasing soon so no need to bump helm chart version (we're bumping on release) |
value: {{ .Values.registry.defaultBaseRegistryURL }} | ||
{{- end }} | ||
{{- if .Values.registry.cacheRepo }} | ||
- name: NUCLIO_DASHBOARD_CACHE_REPO |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
- name: NUCLIO_DASHBOARD_CACHE_REPO | |
- name: NUCLIO_DASHBOARD_KANIKO_CACHE_REPO |
pkg/platform/factory/factory.go
Outdated
} | ||
|
||
containerBuilderConfiguration.CacheRepo = common.GetEnvOrDefaultString("NUCLIO_DASHBOARD_CACHE_REPO", "") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
containerBuilderConfiguration.CacheRepo = common.GetEnvOrDefaultString("NUCLIO_DASHBOARD_CACHE_REPO", "") | |
containerBuilderConfiguration.CacheRepo = common.GetEnvOrDefaultString("NUCLIO_DASHBOARD_KANIKO_CACHE_REPO", "") |
@@ -80,6 +92,13 @@ spec: | |||
- name: NUCLIO_TEMPLATES_GIT_REF | |||
value: "nil" | |||
{{- end }} | |||
{{- if .Values.registry.secretName }} | |||
- name: NUCLIO_REGISTRY_CREDENTIALS_SECRET_NAME | |||
value: {{ .Values.registry.secretName }} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
-> hide {{ .Values.registry.secretName }}
behind nuclio.registryCredentialsName
in _helpers.tpl
@@ -171,17 +175,23 @@ func (k *Kaniko) getKanikoJobSpec(namespace string, buildOptions *BuildOptions, | |||
buildArgs = append(buildArgs, "--cache=true") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Disable caching by default until we understand why it doesn't use it as we expected
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That is configurable correct here. disabling ideally should happen via UI
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@liranbg is write, this flag is configurable
won't force disable
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
*right :)
As discussed, if this is not broken as previously tested, no objection to hook it up to the cache option in function config
Name: "docker-config", | ||
VolumeSource: v1.VolumeSource{ | ||
Secret: &v1.SecretVolumeSource{ | ||
SecretName: k.builderConfiguration.RegistryCredentialsSecretName, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Take from function spec
pkg/platform/abstract/platform.go
Outdated
@@ -158,6 +161,9 @@ func (ap *Platform) HandleDeployFunction(existingFunctionConfig *functionconfig. | |||
if err = onAfterConfigUpdatedWrapper(&createFunctionOptions.FunctionConfig); err != nil { | |||
return nil, errors.Wrap(err, "Failed to trigger on after config update") | |||
} | |||
|
|||
// Update function config with ImagePull secrets so image can be pulled from docker registry | |||
createFunctionOptions.FunctionConfig.Spec.ImagePullSecrets = ap.platform.GetSecretName() |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If you enrich before build, this is redundant
pkg/processor/build/builder.go
Outdated
@@ -246,6 +246,8 @@ func (b *Builder) Build(options *platform.CreateFunctionBuildOptions) (*platform | |||
enrichedConfiguration.Spec.Image = processorImage | |||
} | |||
|
|||
enrichedConfiguration.Spec.ImagePullSecrets = b.platform.GetSecretName() |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
can be removed
pkg/platform/abstract/platform.go
Outdated
@@ -132,6 +132,9 @@ func (ap *Platform) HandleDeployFunction(existingFunctionConfig *functionconfig. | |||
// use the function configuration augmented by the builder | |||
createFunctionOptions.FunctionConfig.Spec.Image = buildResult.Image | |||
|
|||
// Update function config with ImagePull secrets so image we just build can be pulled from docker registry | |||
createFunctionOptions.FunctionConfig.Spec.ImagePullSecrets = buildResult.UpdatedFunctionConfig.Spec.ImagePullSecrets |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
condition if not exists (so you don't override) and move to not depend on functionBuildRequired
Also it's pushpull secret (pull for controller, push for kaniko/builder)
And since it's for the kaniko build - need to be enriched before line 121
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
🚀
minor comments and question to @omesser below
@@ -16,4 +16,7 @@ type BuilderPusher interface { | |||
|
|||
// GetBaseImageRegistry returns onbuild base registry | |||
GetBaseImageRegistry(registry string) string | |||
|
|||
// GetSecretName returns secret with credentials to push/pull from docker registry | |||
GetSecretName() string |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
GetSecretName() string | |
GetRegistryCredentialsSecretName() string |
I mean, secret is the abstraction name, not the instance :)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
changed to GetDefaultRegistryCredentialsSecretName
@@ -171,17 +175,23 @@ func (k *Kaniko) getKanikoJobSpec(namespace string, buildOptions *BuildOptions, | |||
buildArgs = append(buildArgs, "--cache=true") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That is configurable correct here. disabling ideally should happen via UI
@@ -275,7 +310,13 @@ func (k *Kaniko) waitForKanikoJobCompletion(namespace string, jobName string, Bu | |||
} | |||
|
|||
if runningJob.Status.Succeeded > 0 { | |||
k.logger.Debug("Kaniko job was completed successfully") | |||
jobLogs, err := k.getJobLogs(namespace, jobName) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
👏
return nil | ||
} | ||
|
||
k.logger.Debug("Kaniko job was completed successfully", "logs", jobLogs) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
k.logger.Debug("Kaniko job was completed successfully", "logs", jobLogs) | |
k.logger.Debug("Kaniko job was completed successfully", "jobLogs", jobLogs) |
pkg/platform/factory/factory.go
Outdated
} | ||
if containerBuilderConfiguration.BusyBoxImage == "" { | ||
containerBuilderConfiguration.BusyBoxImage = common.GetEnvOrDefaultString("NUCLIO_BUSYBOX_CONTAINER_IMAGE", "busybox:1.31.0") | ||
containerBuilderConfiguration.BusyBoxImage = common.GetEnvOrDefaultString("NUCLIO_BUSYBOX_CONTAINER_IMAGE", | ||
"busybox:1.31.1") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
"busybox:1.31.1") | |
"busybox:1.31") |
No description provided.