-
Notifications
You must be signed in to change notification settings - Fork 84
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
IR-21: Leveraging image config for "insecure" registries during ImageStreamImport #111
IR-21: Leveraging image config for "insecure" registries during ImageStreamImport #111
Conversation
/test e2e-aws |
1 similar comment
/test e2e-aws |
/test e2e-aws-upgrade |
/test e2e-aws |
/retest |
@@ -116,6 +116,39 @@ func (config *V2RegistriesConf) Nonempty() bool { | |||
len(config.UnqualifiedSearchRegistries) != 0) | |||
} | |||
|
|||
// Insecure returns if access to registry at location is flagged as insecure, i.e. invalid |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This implementation doesn't match the registries.conf documentation.
Please keep it in sync with https://github.com/containers/image/blob/master/pkg/sysregistriesv2/system_registries_v2.go
You may want to import this package directly, AFAIK they fixed their "types" package and it shouldn't have 100500 dependencies anymore.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I did not know this package was copied from somewhere else. I have updated this PR to vendor the package and remove the copy&pasta we had.
/assign @dmage |
/assign @mfojtik |
/lgtm |
/assign @sttts |
@@ -81,38 +89,68 @@ func NewImageStreamImporter(retriever RepositoryRetriever, regConf *sysregistrie | |||
limiter: limiter, | |||
regConf: regConf, | |||
|
|||
digestToRepositoryCache: make(map[gocontext.Context]map[manifestKey]*imageapi.Image), | |||
digestToRepositoryCache: make(map[context.Context]map[manifestKey]*imageapi.Image), |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
that's interesting type. Which context ends up here? The one of the request?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I had the same impression when I came across this construction for the first time, seems rather interesting. I did some digging and I discovered that this is entangled with the client request's context. The next obvious question I had was: "what?!". I could not find where this was freed so I thought this would grow indefinitely, a real memory hoarder eating everything on its way. Well, this is not the case because the object holding it is created in a per request basis, so the next obvious question was "why?", if it is based on a per request basis why to index per context? My guess is that this object was planned to handle multiple requests at the same time but never got finished.
@dmage Am I missing something here? I think we could have a task to check(fix?) this as tech-debt, what do you think?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
while we touch this, can you add a comment? This has big code smell.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I created a tech-debt card: https://issues.redhat.com/browse/IR-116
@@ -11,7 +12,7 @@ import ( | |||
"testing" | |||
"time" | |||
|
|||
"golang.org/x/net/context" | |||
"github.com/containers/image/pkg/sysregistriesv2" | |||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nit: remove empty line
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Removed.
@@ -223,7 +237,7 @@ func (r *REST) Create(ctx context.Context, obj runtime.Object, createValidation | |||
r.transport, r.insecureTransport, secretsList.Items, | |||
) | |||
imports := r.importFn(importCtx, v2regConf) | |||
if err := imports.Import(ctx.(gocontext.Context), isi, stream); err != nil { | |||
if err := imports.Import(ctx.(context.Context), isi, stream); err != nil { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
why this cast?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nice catch, removed it.
@@ -246,7 +260,7 @@ func (r *REST) Create(ctx context.Context, obj runtime.Object, createValidation | |||
r.transport, r.insecureTransport, nil, | |||
) | |||
imports := r.importFn(importCtx, v2regConf) | |||
if err := imports.Import(ctx.(gocontext.Context), isi, stream); err != nil { | |||
if err := imports.Import(ctx.(context.Context), isi, stream); err != nil { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
why this cast?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nice catch, removed it.
/retest |
1 similar comment
/retest |
@dmage: dmage unauthorized: /override is restricted to Repo administrators, approvers in top level OWNERS file. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
/retest Please review the full test history for this PR and help us cut down flakes. |
/override e2e-cmd |
@sttts: /override requires a failed status context to operate on.
Only the following contexts were expected:
In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
/override ci/prow/e2e-cmd |
@sttts: Overrode contexts on behalf of sttts: ci/prow/e2e-cmd In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
/retest Please review the full test history for this PR and help us cut down flakes. |
13 similar comments
/retest Please review the full test history for this PR and help us cut down flakes. |
/retest Please review the full test history for this PR and help us cut down flakes. |
/retest Please review the full test history for this PR and help us cut down flakes. |
/retest Please review the full test history for this PR and help us cut down flakes. |
/retest Please review the full test history for this PR and help us cut down flakes. |
/retest Please review the full test history for this PR and help us cut down flakes. |
/retest Please review the full test history for this PR and help us cut down flakes. |
/retest Please review the full test history for this PR and help us cut down flakes. |
/retest Please review the full test history for this PR and help us cut down flakes. |
/retest Please review the full test history for this PR and help us cut down flakes. |
/retest Please review the full test history for this PR and help us cut down flakes. |
/retest Please review the full test history for this PR and help us cut down flakes. |
/retest Please review the full test history for this PR and help us cut down flakes. |
/hold If the test is broken then there's no point in retesting. Either button merge it or /override after a failure is reported and then unhold (but Tide may decide to re-run the tests before merge so button merge is probably better). |
/override ci/prow/e2e-cmd |
/hold cancel |
@sttts: Overrode contexts on behalf of sttts: ci/prow/e2e-cmd In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
By leveraging
images.config.openshift.io/cluster
"insecure" registry configuration we now can flag a registry as insecure for all image stream imports. Without this patch users had to set the registry as "insecure" on the ImageStreamImport request, regardless of what was defined onimages.config.openshift.io/cluster
.I have chosen to include here some other housekeeping changes:
golang.org/x/net/context
tocontext
All four changes above were constricted into their own commits (plus commits where we vendor stuff) in an attempt to make the review easier.
Tests for this feature were implemented through openshift/origin#25058