Alibaba Cloud Provider: introducing imageregistry types

[kwoodson]

Summary: This PR adds the additional fields necessary to provide support for Alibaba imageregistry.

• Updated the descriptions
• updated the kubebuilder fields
• cleaned up comments on the fields
• cleaned up the constant / enumerable types to match OpenShift patterns.

This PR replaces the previous #1009.

cc @menglingwei

[sttts]

can this be empty? Which format?

[kwoodson]

When the Type is set to KMS then a key would be required. When it is not, it can be empty.

The CMK ID that must be specified when SSEAlgorithm is set to KMS and a specified CMK is used for encryption. In other cases, this element must be set to null.

[sttts]

should this be the default value? Then declare a default via marker.

[kwoodson]

Declared below where Type is defined.

[kwoodson]

Set as default

[sttts]

if this is only to be set when type matches, you have to add a patch file (can be follow-up), setting

anyOf:
- properties:
       type:
         not:
           enum: ["KMS"]
  not:
      required: ["kms"]
- properties:
    type:
      enum: ["KMS"]
  required: ["kms"]

Double check the logic.

[kwoodson]

Let me research how to do this.

[kwoodson]

From our discussion in slack https://github.com/openshift/api/pull/1082/files#diff-3e8a362860cb72aadab809e7fdb9a0d112ed3e6f09c50c89ac77cf3453189880

[sttts]

also need "", because client side validation does not see the default.

[kwoodson]

Will add.

[sttts]

with the default this must be optional now because client-side validation does not see the default.

[kwoodson]

Updated to optional.

[sttts]

/lgtm
/approve

/hold
Please test in a real cluster and verify that it behaves as it should.

[kwoodson]

@sttts Thanks for the help. I'll get a test cluster going now.

[kwoodson]

Fixed typo in description and nothing else.

[kwoodson]

/test verify

[kwoodson]

Verify had a few of these. Wondering if something wrong with the CI.

W1214 01:48:40.137749   14982 clientconn.go:1223] grpc: addrConn.createTransport failed to connect to {http://127.0.0.1:2379  <nil> 0 <nil>}. Err :connection error: desc = "transport: Error while dialing dial tcp 127.0.0.1:2379: connect: connection refused". Reconnecting...

[kwoodson]

/test verify

[kwoodson]

@dmage @sttts In order to correctly apply the kubebuilder/openAPI patch to the CRD I had to rename the 00-crd.yaml to 00-imageregistry.crd.yaml. I have noticed that this CRD no longer gets deployed when testing this latest pull request.

Does this require an openshift/client-go and an openshift/library-go update?

[kwoodson]

I have updated the 00- and 01- CRD files to have a meaningful name 00_imageregistry.crd.yaml as well as 01_imagepruner.crd.yaml. This allows the patch to be applied.

Testing these changes now.

[mtulio]

@sttts @kwoodson I am concerning about the field name mode, looking the Alibaba Console, bucket encryption configuration, we have three methods of encryption:

• None
• OSS-Managed
• KMS

Then it has only one encryption algorithm:

• AES256

I am concerned if we could rename this field from mode to method, with the default value of OSS-Managed.

I am not sure if we need the field algorithm, but it could be interesting for future capabilities. For now, it will assume only one value: AES256

[kwoodson]

I updated the Type to Method to align with the API. I updated the default to AES256 after @mtulio's tests. This seems to be what we wanted it to be by default.

[mtulio]

Here is the reference where we are setting to default, if KMS is not set:
https://github.com/openshift/cluster-image-registry-operator/pull/724/files#diff-e0f51602f2f4156d47e688910139da09ff81fe2ac10efa43d7d453b06ee08ec8R502

[sttts]

Have nothing against these changes, but be quick. This should land before FF on Friday (I am out, but David Eads can approve).

[kwoodson]

@sttts Looks like we have been bitten by the yaml_patch issue. I have submitted a PR #1086 to fix it. We would like to merge that one so that I can generate code properly in this PR. Would you please TAL?

[kwoodson]

cc @deads2k

[sttts]

tagged

[kwoodson]

@sttts Awesome, thanks for your help!

[mtulio]

/lgtm /approve

/hold Please test in a real cluster and verify that it behaves as it should.

@kwoodson @sttts please take a look at those tests: openshift/cluster-image-registry-operator#724 (comment)

It's working as expected, but I left some comments regarding the naming conventions of those fields, considering the Console/UI. Please let me know wdyt.

[kwoodson]

/hold

I have submitted #1086 to fix the test verify that has been failing.

[kwoodson]

Rebased to clean up commits from the #1086 merge.

[kwoodson]

/hold cancel

[openshift-ci]

@kwoodson: all tests passed!

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

[mtulio]

/lgtm

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: kwoodson, mtulio, sttts

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• OWNERS [sttts]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment