[v9] Add Docker Hub login to Drone's Kubernetes pipelines#23973
Closed
[v9] Add Docker Hub login to Drone's Kubernetes pipelines#23973
Conversation
Since the release of `tsh proxy app` we no longer need a Teleport-aware Drone CLI and can leverage the standard drone tool from https://docs.drone.io/cli/install/
After moving Drone to AWS, we're seeing image pulls get rate limited because they're all coming from the same IP (an AWS NAT gateway). To avoid this, we refactor pipelines to cache/reuse images where possible, as well as add authentication to dockerhub pulls.
This is useful for making private test builds.
We don't actually consistently want these in all places. E.g. parallel pipelines cannot share a volumeRefDockerConfig, as they'll stop on each others login information.
A shared volume results in the different steps racing against each other.
We don't actually pull from dockerhub in these steps.
Contributor
|
@wadells - this PR will require admin approval to merge due to its size. Consider breaking it up into a series smaller changes. |
reedloden
approved these changes
Apr 2, 2023
tcsc
approved these changes
Apr 2, 2023
r0mant
approved these changes
Apr 2, 2023
Contributor
Author
|
The tests for this are in a sorry state -- there are other release failures unrelated to the changes at hand that prevent any of my testing from getting too far, as seen here: https://drone.platform.teleport.sh/gravitational/teleport-private/535/17/2 I've been chatting with @tcsc, and he says: "the ability to build from private wasn't backported to v9 or v10, but they should definitely work from the official oss repo" As such, I'll finish the testing and merge of this after I enable the drone webhook on OSS teleport. |
Contributor
Author
|
Unlikely that this will be needed. We can reopen if/when it is. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
5 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Backports #23956
Backports #23957
new Backports #19755
Summary
After moving Drone to AWS, we're seeing image pulls get rate limited because they're all coming from the same IP (an AWS NAT gateway). To avoid the rate limiting on AWS, we refactor pipelines to cache/reuse images where possible, as well as add authentication to Docker Hub pulls.
This PR ran into a couple different merge conflicts
There was a conflict in types.go because the following hadn't been backported:
I introduced #19755.
This had made it to previous branches but not v9. For example, it was added to v10 in #21199
Related Issues & PRs
Contributes to https://github.com/gravitational/SecOps/issues/285
See the orginal PRs to master for more context.
Testing
This is undergoing final testing at:
These tests are based off the most recent
branch/v9so I'll be watching to see if they flush out unrelated issues.