[v10] Add Docker Hub login to Drone's Kubernetes pipelines#23972
Merged
wadells merged 5 commits intobranch/v10from Apr 3, 2023
Merged
[v10] Add Docker Hub login to Drone's Kubernetes pipelines#23972wadells merged 5 commits intobranch/v10from
wadells merged 5 commits intobranch/v10from
Conversation
After moving Drone to AWS, we're seeing image pulls get rate limited because they're all coming from the same IP (an AWS NAT gateway). To avoid this, we refactor pipelines to cache/reuse images where possible, as well as add authentication to dockerhub pulls.
This is useful for making private test builds.
We don't actually consistently want these in all places. E.g. parallel pipelines cannot share a volumeRefDockerConfig, as they'll stop on each others login information.
A shared volume results in the different steps racing against each other.
wadells
requested review from
klizhentas,
r0mant,
russjones and
zmb3
as code owners
github-actions
Bot
requested review from
alexfornuto,
jimbishopp,
ptgott and
xinding33
|
@wadells - this PR will require admin approval to merge due to its size. Consider breaking it up into a series smaller changes. |
github-actions
Bot
added
application-access
audit-log
wadells
added
backport
size/lg
and removed
documentation
ui
kubernetes-access
tsh
r0mant
approved these changes
Apr 2, 2023
Contributor
Author
|
Builds are green! Merging. |
We don't actually pull from dockerhub in these steps.
wadells
force-pushed
the
walt/v10-dockerhub-login
branch
from
2dfdbee to
855b247
Compare
github-merge-queue
Bot
removed this pull request from the merge queue due to failed status checks
github-merge-queue
Bot
removed this pull request from the merge queue due to failed status checks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Backports #23956
Backports #23957
Summary
After moving Drone to AWS, we're seeing image pulls get rate limited because they're all coming from the same IP (an AWS NAT gateway). To avoid the rate limiting on AWS, we refactor pipelines to cache/reuse images where possible, as well as add authentication to Docker Hub pulls.
Related Issues & PRs
Contributes to https://github.com/gravitational/SecOps/issues/285
See the orginal PRs to master for more context.
Testing
This is undergoing final testing at:
These tests are based off the most recent
branch/v10so I'll be watching to see if they flush out unrelated issues, since there hasn't been a release in ~130 commits.