Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bug 1835887: upstream-opm-builder.Dockerfile: add ca-certificates #320

Conversation

joelanford
Copy link
Member

@joelanford joelanford commented May 6, 2020

Description of the change:
This changes the upstream-opm-builder runtime base image from scratch to alpine and installs ca-certificates.

This increases the upstream-opm-builder on-disk base image size from 56.8 MB to 64.6 MB. This seems better than using upstream-registry-builder which is 1.24 GB.

Motivation for the change:
This is essential to make the simple UX for operator run bundle work. This is necessary for two reasons.

Use case 1: operator-sdk run bundle --bundle-image=my-bundle-image

  1. When a user runs this command, we will create a pod with upstream-opm-builder as the image and override the pod entrypoint to inject the provided bundle image into a new registry database on the fly, and then serve the database.

Use case 2: operator-sdk run bundle --bundle=my-bundle-image --index=my-existing-index

  1. When a user uses opm to create an index, it needs to have bash and ca-certificates in the final image. In this mode, instead of using upstream-opm-builder, we would use the provided index image.

Initial assumptions for MVP:

  • The database location is /database/index.db. In a future update, we would query the index image label to find the database location.

Demo
I built an updated upstream-opm-builder with this change (quay.io/joelanford/upstream-opm-builder:latest), and created a simple Helm chart that demonstrates a simple set of resources that the operator-sdk could create to exercise this concept.

Helm chart repo: https://github.com/joelanford/bundle-runner
Custom pod with upstream-opm-builder: https://github.com/joelanford/bundle-runner/blob/master/templates/registry.yaml

Reviewer Checklist

  • Implementation matches the proposed design, or proposal is updated to match implementation
  • Sufficient unit test coverage
  • Sufficient end-to-end test coverage
  • Docs updated or added to /docs
  • Commit messages sensible and descriptive

@jmrodri is currently working on the full design proposal for operator-sdk run bundle and will follow up with a link to that PR when it is posted.

@dinhxuanvu
Copy link
Member

FYI @kevinrizza @ecordell

@dinhxuanvu
Copy link
Member

This looks fine to me.
/approve

@openshift-ci-robot openshift-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label May 7, 2020
@ecordell
Copy link
Member

ecordell commented May 8, 2020

/lgtm

@openshift-ci-robot openshift-ci-robot added the lgtm Indicates that a PR is ready to be merged. label May 8, 2020
@ecordell
Copy link
Member

ecordell commented May 8, 2020

Discussed offline:

  • This is a quick way to make it easier to build catalogs dynamically at runtime
  • In the future, if we find that we are adding lots of extra tooling here, we should look instead at a multi-container pod approach similar to how bundle unpacking works on-cluster

@kevinrizza
Copy link
Member

/lgtm

@joelanford joelanford changed the title upstream-opm-builder.Dockerfile: add bash and ca-certificates upstream-opm-builder.Dockerfile: add ca-certificates May 14, 2020
@openshift-ci-robot openshift-ci-robot removed the lgtm Indicates that a PR is ready to be merged. label May 14, 2020
Copy link
Member

@ecordell ecordell left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm
/approve

@openshift-ci-robot openshift-ci-robot added the lgtm Indicates that a PR is ready to be merged. label May 15, 2020
@openshift-ci-robot
Copy link

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: dinhxuanvu, ecordell, joelanford

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:
  • OWNERS [dinhxuanvu,ecordell]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@ecordell ecordell changed the title upstream-opm-builder.Dockerfile: add ca-certificates Bug 1835887: upstream-opm-builder.Dockerfile: add ca-certificates May 15, 2020
@ecordell
Copy link
Member

/bugzilla refresh

@openshift-ci-robot openshift-ci-robot added the bugzilla/severity-urgent Referenced Bugzilla bug's severity is urgent for the branch this PR is targeting. label May 15, 2020
@openshift-ci-robot
Copy link

@ecordell: This pull request references Bugzilla bug 1835887, which is valid.

3 validation(s) were run on this bug
  • bug is open, matching expected state (open)
  • bug target release (4.5.0) matches configured target release for branch (4.5.0)
  • bug is in the state POST, which is one of the valid states (NEW, ASSIGNED, ON_DEV, POST, POST)

In response to this:

/bugzilla refresh

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@openshift-ci-robot openshift-ci-robot added the bugzilla/valid-bug Indicates that a referenced Bugzilla bug is valid for the branch this PR is targeting. label May 15, 2020
@openshift-merge-robot openshift-merge-robot merged commit 18b8ef3 into operator-framework:master May 15, 2020
@openshift-ci-robot
Copy link

@joelanford: All pull requests linked via external trackers have merged: operator-framework/operator-registry#320. Bugzilla bug 1835887 has been moved to the MODIFIED state.

In response to this:

Bug 1835887: upstream-opm-builder.Dockerfile: add ca-certificates

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@joelanford joelanford deleted the dynamic-upstream-olm-builder branch June 4, 2020 19:50
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. bugzilla/severity-urgent Referenced Bugzilla bug's severity is urgent for the branch this PR is targeting. bugzilla/valid-bug Indicates that a referenced Bugzilla bug is valid for the branch this PR is targeting. lgtm Indicates that a PR is ready to be merged.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

7 participants