Added support for Kaniko external registries #1495
Conversation
|
@FelGel - We're releasing soon so no need to bump helm chart version (we're bumping on release) |
| value: {{ .Values.registry.defaultBaseRegistryURL }} | ||
| {{- end }} | ||
| {{- if .Values.registry.cacheRepo }} | ||
| - name: NUCLIO_DASHBOARD_CACHE_REPO |
There was a problem hiding this comment.
| - name: NUCLIO_DASHBOARD_CACHE_REPO | |
| - name: NUCLIO_DASHBOARD_KANIKO_CACHE_REPO |
pkg/platform/factory/factory.go
Outdated
| } | ||
|
|
||
| containerBuilderConfiguration.CacheRepo = common.GetEnvOrDefaultString("NUCLIO_DASHBOARD_CACHE_REPO", "") |
There was a problem hiding this comment.
| containerBuilderConfiguration.CacheRepo = common.GetEnvOrDefaultString("NUCLIO_DASHBOARD_CACHE_REPO", "") | |
| containerBuilderConfiguration.CacheRepo = common.GetEnvOrDefaultString("NUCLIO_DASHBOARD_KANIKO_CACHE_REPO", "") |
| @@ -80,6 +92,13 @@ spec: | |||
| - name: NUCLIO_TEMPLATES_GIT_REF | |||
| value: "nil" | |||
| {{- end }} | |||
| {{- if .Values.registry.secretName }} | |||
| - name: NUCLIO_REGISTRY_CREDENTIALS_SECRET_NAME | |||
| value: {{ .Values.registry.secretName }} | |||
There was a problem hiding this comment.
-> hide {{ .Values.registry.secretName }} behind nuclio.registryCredentialsName in _helpers.tpl
| @@ -171,17 +175,23 @@ func (k *Kaniko) getKanikoJobSpec(namespace string, buildOptions *BuildOptions, | |||
| buildArgs = append(buildArgs, "--cache=true") | |||
There was a problem hiding this comment.
Disable caching by default until we understand why it doesn't use it as we expected
There was a problem hiding this comment.
That is configurable correct here. disabling ideally should happen via UI
There was a problem hiding this comment.
@liranbg is write, this flag is configurable
won't force disable
There was a problem hiding this comment.
*right :)
As discussed, if this is not broken as previously tested, no objection to hook it up to the cache option in function config
| Name: "docker-config", | ||
| VolumeSource: v1.VolumeSource{ | ||
| Secret: &v1.SecretVolumeSource{ | ||
| SecretName: k.builderConfiguration.RegistryCredentialsSecretName, |
pkg/platform/abstract/platform.go
Outdated
| @@ -158,6 +161,9 @@ func (ap *Platform) HandleDeployFunction(existingFunctionConfig *functionconfig. | |||
| if err = onAfterConfigUpdatedWrapper(&createFunctionOptions.FunctionConfig); err != nil { | |||
| return nil, errors.Wrap(err, "Failed to trigger on after config update") | |||
| } | |||
|
|
|||
| // Update function config with ImagePull secrets so image can be pulled from docker registry | |||
| createFunctionOptions.FunctionConfig.Spec.ImagePullSecrets = ap.platform.GetSecretName() | |||
There was a problem hiding this comment.
If you enrich before build, this is redundant
pkg/processor/build/builder.go
Outdated
| @@ -246,6 +246,8 @@ func (b *Builder) Build(options *platform.CreateFunctionBuildOptions) (*platform | |||
| enrichedConfiguration.Spec.Image = processorImage | |||
| } | |||
|
|
|||
| enrichedConfiguration.Spec.ImagePullSecrets = b.platform.GetSecretName() | |||
pkg/platform/abstract/platform.go
Outdated
| @@ -132,6 +132,9 @@ func (ap *Platform) HandleDeployFunction(existingFunctionConfig *functionconfig. | |||
| // use the function configuration augmented by the builder | |||
| createFunctionOptions.FunctionConfig.Spec.Image = buildResult.Image | |||
|
|
|||
| // Update function config with ImagePull secrets so image we just build can be pulled from docker registry | |||
| createFunctionOptions.FunctionConfig.Spec.ImagePullSecrets = buildResult.UpdatedFunctionConfig.Spec.ImagePullSecrets | |||
There was a problem hiding this comment.
condition if not exists (so you don't override) and move to not depend on functionBuildRequired
Also it's pushpull secret (pull for controller, push for kaniko/builder)
And since it's for the kaniko build - need to be enriched before line 121
| @@ -16,4 +16,7 @@ type BuilderPusher interface { | |||
|
|
|||
| // GetBaseImageRegistry returns onbuild base registry | |||
| GetBaseImageRegistry(registry string) string | |||
|
|
|||
| // GetSecretName returns secret with credentials to push/pull from docker registry | |||
| GetSecretName() string | |||
There was a problem hiding this comment.
| GetSecretName() string | |
| GetRegistryCredentialsSecretName() string |
I mean, secret is the abstraction name, not the instance :)
There was a problem hiding this comment.
changed to GetDefaultRegistryCredentialsSecretName
| @@ -171,17 +175,23 @@ func (k *Kaniko) getKanikoJobSpec(namespace string, buildOptions *BuildOptions, | |||
| buildArgs = append(buildArgs, "--cache=true") | |||
There was a problem hiding this comment.
That is configurable correct here. disabling ideally should happen via UI
| @@ -275,7 +310,13 @@ func (k *Kaniko) waitForKanikoJobCompletion(namespace string, jobName string, Bu | |||
| } | |||
|
|
|||
| if runningJob.Status.Succeeded > 0 { | |||
| k.logger.Debug("Kaniko job was completed successfully") | |||
| jobLogs, err := k.getJobLogs(namespace, jobName) | |||
| return nil | ||
| } | ||
|
|
||
| k.logger.Debug("Kaniko job was completed successfully", "logs", jobLogs) |
There was a problem hiding this comment.
| k.logger.Debug("Kaniko job was completed successfully", "logs", jobLogs) | |
| k.logger.Debug("Kaniko job was completed successfully", "jobLogs", jobLogs) |
pkg/platform/factory/factory.go
Outdated
| } | ||
| if containerBuilderConfiguration.BusyBoxImage == "" { | ||
| containerBuilderConfiguration.BusyBoxImage = common.GetEnvOrDefaultString("NUCLIO_BUSYBOX_CONTAINER_IMAGE", "busybox:1.31.0") | ||
| containerBuilderConfiguration.BusyBoxImage = common.GetEnvOrDefaultString("NUCLIO_BUSYBOX_CONTAINER_IMAGE", | ||
| "busybox:1.31.1") |
There was a problem hiding this comment.
| "busybox:1.31.1") | |
| "busybox:1.31") |
No description provided.