pkg/rhcos/release: Extract RHCOS build from release image #1286
Commits on Mar 11, 2019
-
pkg/rhcos/release: Extract RHCOS build from release image
Since e2b31b2 (bootkube: Supply machine-os-content to MCO, 2019-01-29, openshift#1149), we have been using the machine-os-content image to seed the machine-config operator. With this commit, use the RHCOS build ID from that image's annotations to calculate our AMI, etc. as well. This gives one less degree of freedom for breaking things ;). Users who want to test clusters based on a different RHCOS build should bump the value in their release image, just like users testing operator updates and other changes. The new pkg/asset/release subpackage allows users to continue using pkg/rhcos without pulling in all of containers/image as a dependency. The pull-secret handling is a bit of a hack, leaning on the fact that users are likely providing clean secrets from [1]. Hopefully soon containers/image will grow an API for injecting in-memory bytes into their more-robust Docker-auth-config parser, but my attempt at that [2] is unlikely to land in the next few days, so I've cludged together a minimal implementation here. [1]: https://cloud.openshift.com/clusters/install#pull-secret [2]: containers/image#588
Commits on Mar 12, 2019
-
vendor: Bump to include containers/image
And zounds of other dependencies. Use Gopkg.toml's 'ignored' [1] to exclude, BoltDB, which comes in via: github.com/containers/image/pkg/blobinfocache github.com/boltdb/bolt and github.com/docker/distribution/registry/storage/cache, which comes in via: github.com/containers/image/docker github.com/docker/distribution/registry/client github.com/docker/distribution/registry/storage/cache because we don't use either the storage backend or the BoltDB blob-info cache, but dep isn't checking at that level of granularity. Ideally the upstream repositories would restructure to split these out into separate packages (and/or dep will grow support for pruning by build tag [2]), but until then, we can manually prune via 'ignored'. Also ignore mtrmac/gpgme, because we only need signature verification and we don't want to use CGO (because we want to be portable to other operating systems, and we only need verification support, not signing support [3]). There may be more fat we can prune as well, but I got tired of looking and gave up, even though ~50k lines of new code is pretty embarassing for what is effectively just a handful of HTTPS requests and an OpenPGP check. Generated (after manually editing Gopkg.toml) with: $ dep ensure using: $ dep version dep: version : v0.5.0-31-g73b3afe build date : 2019-02-08 git hash : 73b3afe go version : go1.10.3 go compiler : gc platform : linux/amd64 features : ImportDuringSolve=false [1]: https://golang.github.io/dep/docs/Gopkg.toml.html#ignored [2]: golang/dep#291 [3]: containers/image#268
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.