-
Notifications
You must be signed in to change notification settings - Fork 799
feat(api): allow pinning custom image repository for Envoy Proxy. #6296
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Changes from all commits
ddee967
02b6048
76ff1b4
ea497d9
cd5f962
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -9,6 +9,7 @@ | |
| "fmt" | ||
| "path/filepath" | ||
|
|
||
| "github.com/containers/image/v5/docker/reference" | ||
| corev1 "k8s.io/api/core/v1" | ||
| "k8s.io/apimachinery/pkg/util/intstr" | ||
| "k8s.io/utils/ptr" | ||
|
|
@@ -115,10 +116,15 @@ | |
| return nil, err | ||
| } | ||
|
|
||
| proxyImage, err := resolveProxyImage(containerSpec) | ||
| if err != nil { | ||
| return nil, err | ||
| } | ||
|
|
||
| containers := []corev1.Container{ | ||
| { | ||
| Name: envoyContainerName, | ||
| Image: *containerSpec.Image, | ||
| Image: proxyImage, | ||
| ImagePullPolicy: corev1.PullIfNotPresent, | ||
| Command: []string{"envoy"}, | ||
| Args: args, | ||
|
|
@@ -479,3 +485,41 @@ | |
| sc.ReadOnlyRootFilesystem = nil | ||
| return sc | ||
| } | ||
|
|
||
| func resolveProxyImage(containerSpec *egv1a1.KubernetesContainerSpec) (string, error) { | ||
| if containerSpec == nil { | ||
| return "", fmt.Errorf("containerSpec is nil") | ||
| } | ||
|
|
||
| repo := ptr.Deref(containerSpec.ImageRepository, "") | ||
| if repo != "" { | ||
| tag, err := getImageTag(egv1a1.DefaultEnvoyProxyImage) | ||
| if err != nil { | ||
| return "", err | ||
| } | ||
| return fmt.Sprintf("%s:%s", repo, tag), nil | ||
|
Member
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Should we have any validation in place to ensure user is not passing a tag in imageRepository?
Member
Author
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Yeah, a validation could be useful, but in my opinion, it's redundant. There are many ways an
Contributor
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. good to track this with a GH issue, so we dont forget about general image validation |
||
| } | ||
|
|
||
| image := ptr.Deref(containerSpec.Image, "") | ||
| if image != "" { | ||
| return image, nil | ||
| } | ||
|
|
||
| return egv1a1.DefaultEnvoyProxyImage, nil | ||
| } | ||
|
|
||
| // getImageTag parses a Docker/OCI image reference and returns the tag if present. | ||
| // Returns an error if parsing fails or if no tag is found. | ||
| func getImageTag(image string) (string, error) { | ||
| ref, err := reference.ParseNormalizedNamed(image) | ||
| if err != nil { | ||
| return "", fmt.Errorf("failed to parse image reference %q: %w", image, err) | ||
| } | ||
|
|
||
| tagged, ok := ref.(reference.Tagged) | ||
| if !ok { | ||
| return "", fmt.Errorf("no tag found in image reference %q", image) | ||
| } | ||
|
|
||
| return tagged.Tag(), nil | ||
| } | ||
Uh oh!
There was an error while loading. Please reload this page.