✨ add new build for new k8s registry infra-prow #3362
Conversation
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: camilamacedo86 The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
k8s-ci-robot
added
cncf-cla: yes
| env: | ||
| - "KUBE_RBAC_PROXY_VERSION=${_KUBE_RBAC_PROXY_VERSION}" | ||
| entrypoint: "/usr/bin/env" | ||
| args: ["bash", "-c", "./build/build.sh"] | ||
| images: ["gcr.io/kubebuilder/kube-rbac-proxy:${_KUBE_RBAC_PROXY_VERSION}"] | ||
| images: ["gcr.io/k8s-staging-kubebuilder/kube-rbac-proxy:${_KUBE_RBAC_PROXY_VERSION}"] |
There was a problem hiding this comment.
Hi @rikatz,
See that I just changed the step name and image to be built.
Is that right? We need to:
- a) build gcr.io/k8s-staging-kubebuilder/kube-rbac-proxy that will be triggered by: ✨ (kubebuilder) new config image job for kube-rbac-proxy image kubernetes/test-infra#29351
- b) add the image built in https://github.com/kubernetes/k8s.io/blob/main/k8s.gcr.io/images/k8s-staging-kubebuilder/images.yaml so that it will be available via the registry, and we can download it with
docker pull k8s.io/kubebuilder/kube-rbac-proxy:<TAG>
There was a problem hiding this comment.
almost 100% :)
(and I am almost 100% sure on what I am saying!)
the one thing that we do in ingress is to do the push from the build script, and not from the cloudbuild job.
Take a look in https://github.com/kubernetes/ingress-nginx/blob/main/cloudbuild.yaml#L17-L21
We need a credential to push the image (so this is the gcloud auth ....) and after this, the container is able to push images, so our release just calls "docker buildx" to build the image and push it:
https://github.com/kubernetes/ingress-nginx/blob/main/Makefile#L235
The thing to be clear here is:
- Job needs to be started by k8s infra because of credentials and this is why we need that prow job
- Cloudbuild will just run whatever you put here. so you can add the docker push command inside your build.sh and it will work, or you can add all the commands inside the args, etc
- I have no idea if this "images" option works :D (@ameukam maybe knows?). But you actually do the push from "https://github.com/kubernetes-sigs/kubebuilder/pull/3362/files#diff-67021cdb17a230c48a35b503841c8893957f146914bc66749180c04ecb60481aR36" so maybe, this line is not required?
Anyway, we can get that PR on test-infra merged, and test the things from this branch later. it is a staging repo anyway :D
There was a problem hiding this comment.
We use the image to re-tag it see gcr.io/kubebuilder/kube-rbac-proxy the above one. So, I don't know how we would use it anymore. Maybe I am missing something.
See that we download quay.io/brancz/kube-rbac-proxy from https://github.com/brancz/kube-rbac-proxy and then rebuild it with a new tag so that we can store that.
There was a problem hiding this comment.
The images field is not required but can be useful to explicitly declare the name of the image(s) you want to build.
camilamacedo86
force-pushed
the
kube-rbac-proxy-releases-new
branch
from
55cb3ca to
644007a
Compare
|
I will move forward here for we are able to continue this work and test how that will be generated there in the prow using the new registry so that we can shape it better in a follow up if we need to. |
camilamacedo86
added
the
lgtm
Description
This PR moves the current implementation to build-legacy and adds a new directory to build the images for the new k8s registry within its infrastructure. More info: #3230
Closes: https://github.com/kubernetes-sigs/kubebuilder/pull/3246/files