Skip to content

[v11] Add Docker Hub login to Drone's Kubernetes pipelines#23959

Merged
wadells merged 5 commits intobranch/v11from
walt/v11-dockerhub-login
Apr 3, 2023
Merged

[v11] Add Docker Hub login to Drone's Kubernetes pipelines#23959
wadells merged 5 commits intobranch/v11from
walt/v11-dockerhub-login

Conversation

@wadells
Copy link
Copy Markdown
Contributor

@wadells wadells commented Apr 1, 2023
edited
Loading

Backports #23956
Backports #23957

Summary

After moving Drone to AWS, we're seeing image pulls get rate limited because they're all coming from the same IP (an AWS NAT gateway). To avoid the rate limiting on AWS, we refactor pipelines to cache/reuse images where possible, as well as add authentication to Docker Hub pulls.

Related Issues & PRs

Supersedes #23955

Contributes to https://github.com/gravitational/SecOps/issues/285

See the orginal PRs to master for more context.

Testing

This is undergoing final testing at:

These tests are based off the most recent branch/v11 so I'll be watching to see if they flush out unrelated issues, since there hasn't been a release in ~80 commits.

@wadells wadells requested review from r0mant, reedloden and tcsc April 1, 2023 20:35
@github-actions github-actions Bot requested review from fheinecke and klizhentas April 1, 2023 20:35
@wadells wadells mentioned this pull request Apr 1, 2023
Merged
tcsc and others added 5 commits April 2, 2023 10:21
@tcsc @wadells
Add Docker Hub login to kubernetes pipelines
850072e 
After moving Drone to AWS, we're seeing image pulls get rate limited
because they're all coming from the same IP (an AWS NAT gateway).

To avoid this, we refactor pipelines to cache/reuse images where
possible, as well as add authentication to dockerhub pulls.
@wadells
Allow make update-tag to push to teleport-private
b5864b1 
This is useful for making private test builds.
@wadells
Drop dockerVolumes and dockerVolumeRefs
a7b2a02 
We don't actually consistently want these in all places.  E.g. parallel
pipelines cannot share a volumeRefDockerConfig, as they'll stop on each
others login information.
@wadells
Remove shared docker config from parallel pipelines
f7a4bd6 
A shared volume results in the different steps racing against each
other.
@wadells
Remove docker config from relcli steps
da8db78 
We don't actually pull from dockerhub in these steps.
@wadells wadells force-pushed the walt/v11-dockerhub-login branch from 9944e1e to da8db78 Compare April 2, 2023 17:22
@public-teleport-github-review-bot
Copy link
Copy Markdown

public-teleport-github-review-bot Bot commented Apr 2, 2023

@wadells - this PR will require admin approval to merge due to its size. Consider breaking it up into a series smaller changes.

@wadells
Copy link
Copy Markdown
Contributor Author

wadells commented Apr 3, 2023

Test builds are green! Merging.

@wadells wadells added this pull request to the merge queue Apr 3, 2023
Merged via the queue into branch/v11 with commit 3de7a4f Apr 3, 2023
@wadells wadells deleted the walt/v11-dockerhub-login branch April 3, 2023 01:27
@tcsc tcsc mentioned this pull request Apr 11, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@r0mant r0mant r0mant approved these changes

@tcsc tcsc tcsc approved these changes

+1 more reviewer

@reedloden reedloden reedloden approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

backport size/lg

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@wadells @r0mant @reedloden @tcsc