Create ImageContentPolicy CRD to config/v1 and allowMirrorByTags support #874
Conversation
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: QiWang19 The full list of commands accepted by this bot can be found here. DetailsNeeds approval from an approver in each of these files:Approvers can indicate their approval by writing |
|
/assign @eparis |
|
Any updates on when this will be a viable option? |
openshift-ci
bot
added
the
needs-rebase
This feature will be available in 4.9. |
|
It would be great if this "feature" can also be backported to the next EUS release (4.8). Currently a lot of operators in the OLM are not (yet) using a digest. As a result a lot of customers cannot use the ImageContentSourcePolicy and need to configure a custom MachineConfig for the registries.conf. |
openshift-ci
bot
removed
the
needs-rebase
QiWang19
changed the title
|
/test verify |
|
@mrunalp @abhinavdahiya @wking @adambkaplan PTAL |
| // may impact the exact order mirrors are contacted in, or some mirrors may be contacted | ||
| // in parallel, so this should be considered a preference rather than a guarantee of ordering. | ||
| // +optional | ||
| Mirrors []string `json:"mirrors"` |
There was a problem hiding this comment.
this needs a list-type, and add omitempty as optional slice.
There was a problem hiding this comment.
what are these strings? URL? These need a specification too (as type Mirror string).
| type RepositoryMirrors struct { | ||
| // source is the repository that users refer to, e.g. in image pull specifications. | ||
| // +required | ||
| Source string `json:"source"` |
There was a problem hiding this comment.
which format does this have? Please specify regex, minlength, format, etc.
There was a problem hiding this comment.
This is not resolved. It needs specification.
There was a problem hiding this comment.
@QiWang19 Those specifications can be added as comments:
// +kubebuilder:validation:Pattern=`^https?:\/\/`
// +kubebuilder:validation:MaxLength=2048
// +kubebuilder:validation:Required
// +required
The pattern in this example is just an example... Is it URL format? or host:port format?
There was a problem hiding this comment.
@rphillips The format is the prefix in the doc https://github.com/containers/image/blob/main/docs/containers-registries.conf.5.md#choosing-a-registry-toml-table, should I link this doc to the comment
There was a problem hiding this comment.
the format should be specified like Ryan described above through kubebuilder:validation:Pattern
|
/retest |
QiWang19
force-pushed
the
mirror-digest
branch
7 times, most recently
from
536d0c4 to
0f0599c
Compare
QiWang19
force-pushed
the
mirror-digest
branch
from
1a7a93f to
b1351bf
Compare
QiWang19
changed the title
QiWang19
force-pushed
the
mirror-digest
branch
from
b1351bf to
7826d17
Compare
QiWang19
changed the title
QiWang19
force-pushed
the
mirror-digest
branch
2 times, most recently
from
55006e6 to
39a076c
Compare
|
Added the ImageContentPolicy to the config/v1 group since it is not used for configuring an operator, according to the discussions from the thread: https://coreos.slack.com/archives/CK1AE4ZCK/p1632319949393200 |
QiWang19
changed the title
|
@sttts @rphillips PTAL |
| kind: CustomResourceDefinition | ||
| metadata: | ||
| annotations: | ||
| api-approved.openshift.io: https://github.com/openshift/api/pull/470 |
There was a problem hiding this comment.
technically you have to switch this to 874 now
There was a problem hiding this comment.
This PR looks good to me. Thank you @sttts for helping us get this done. I'll lgtm once this link is fixed.
Add new CRD ImageContentPolicy to config/v1 group with allowMirrorByTags support. The schema of ImageContentPolicy contains all the schema from ImageContentSource and allowMirrorByTags support. Add validations of the fields. Request for enhancement: https://issues.redhat.com/browse/RFE-1608 Epic: https://issues.redhat.com/browse/OCPNODE-521 Registry mirror set by ImageContentSourcePolicy registryDigestMirrors only will be used if the image is referenced by digest because the mirror-by-digest of /etc/containers/registries.conf is set to true. This causes issue since there are use cases where no digests are available. In the new ImageContentPolicy CRD, add allowMirrorByTags to repositoryDigestMirrors spec, so user can easily configure it in the same spot they set post-installation mirror configuration. Signed-off-by: Qi Wang <[email protected]>
QiWang19
force-pushed
the
mirror-digest
branch
from
39a076c to
cda7121
Compare
|
/lgtm |
|
/hold cancel |
openshift-ci
bot
removed
the
do-not-merge/hold
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: QiWang19, rphillips, sttts The full list of commands accepted by this bot can be found here. The pull request process is described here DetailsNeeds approval from an approver in each of these files:
Approvers can indicate their approval by writing |
openshift-ci
bot
added
the
approved
Bump api and client-go to include new CRD ImageContentPolicy openshift/api#874 . Bump openshift/api to openshift/api@636513e Bump openshift/client-go to openshift/client-go@067cd72 Signed-off-by: Qi Wang <[email protected]>
Bump api and client-go to include new CRD ImageContentPolicy openshift/api#874 . Bump openshift/api to openshift/api@636513e Bump openshift/client-go to openshift/client-go@067cd72 Signed-off-by: Qi Wang <[email protected]>
|
Changes added to opeshift/api by this PR is addressed in the enhancement openshift/enhancements#929 |
|
As best I can tell, as of 4.10, OCPNODE-717 remains open and unimplemented. Until completed, |
|
ImageContentPolicy won't be implemented. The design changed to use new CRDs |
12 participants
config/v1.allowMirrorByTagssupport.API enhancement: openshift/enhancements#690
Follow-up enhancement for adding ICSP to operator/v1: openshift/enhancements#873
REF: https://issues.redhat.com/browse/OCPNODE-521, #636
client-go PR: openshift/client-go#195
Signed-off-by: Qi Wang [email protected]