Skip to content

Commit

Permalink
Fix registry URL, image name, and job scripts
Browse files Browse the repository at this point in the history
  • Loading branch information
Jont828 committed Mar 15, 2023
1 parent 46edda2 commit ab6dee3
Show file tree
Hide file tree
Showing 9 changed files with 42 additions and 18 deletions.
8 changes: 4 additions & 4 deletions Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -179,11 +179,11 @@ GOLANGCI_LINT := $(abspath $(TOOLS_BIN_DIR)/$(GOLANGCI_LINT_BIN))
REGISTRY ?= gcr.io/$(shell gcloud config get-value project)
PROD_REGISTRY ?= registry.k8s.io/cluster-api

STAGING_REGISTRY ?= gcr.io/k8s-staging-cluster-api
STAGING_BUCKET ?= artifacts.k8s-staging-cluster-api.appspot.com
STAGING_REGISTRY ?= gcr.io/k8s-staging-cluster-api-helm
STAGING_BUCKET ?= artifacts.k8s-staging-cluster-api-helm.appspot.com

# core
IMAGE_NAME ?= cluster-api-controller
IMAGE_NAME ?= cluster-api-helm-controller
CONTROLLER_IMG ?= $(REGISTRY)/$(IMAGE_NAME)

# kind
Expand Down Expand Up @@ -479,7 +479,7 @@ release-staging-nightly: ## Tag and push container images to the staging bucket.
$(MAKE) manifest-modification-dev REGISTRY=$(STAGING_REGISTRY) RELEASE_TAG=$(NEW_RELEASE_ALIAS_TAG)
## Build the dev manifests
$(MAKE) release-manifests-dev
# Example manifest location: artifacts.k8s-staging-cluster-api.appspot.com/components/nightly_main_20210121/bootstrap-components.yaml
# Example manifest location: artifacts.k8s-staging-cluster-api-helm.appspot.com/components/nightly_main_20210121/bootstrap-components.yaml
gsutil cp $(RELEASE_DIR)/* gs://$(STAGING_BUCKET)/components/$(NEW_RELEASE_ALIAS_TAG)

.PHONY: release-alias-tag
Expand Down
7 changes: 7 additions & 0 deletions config/default/kustomization.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,10 @@ bases:
# - ../prometheus

patchesStrategicMerge:
# Provide customizable hook for make targets.
- manager_image_patch.yaml
- manager_pull_policy.yaml

# Protect the /metrics endpoint by putting it behind auth.
# If you want your controller-manager to expose the /metrics
# endpoint w/o any authn/z, please comment the following line.
Expand Down Expand Up @@ -72,3 +76,6 @@ vars:
kind: Service
version: v1
name: webhook-service

configurations:
- kustomizeconfig.yaml
4 changes: 4 additions & 0 deletions config/default/kustomizeconfig.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
# This configuration is for teaching kustomize how to update name ref and var substitution
varReference:
- kind: Deployment
path: spec/template/spec/volumes/secret/secretName
11 changes: 11 additions & 0 deletions config/default/manager_image_patch.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: controller-manager
namespace: system
spec:
template:
spec:
containers:
- image: gcr.io/k8s-staging-cluster-api/cluster-api-helm-controller:latest

This comment has been minimized.

Copy link
@khatrig

khatrig Mar 20, 2023

Contributor

@Jont828 , It seems the repo doesn't allow anonymous access. Is this expected?

docker pull gcr.io/k8s-staging-cluster-api-helm/cluster-api-helm-controller:latest
Error response from daemon: unauthorized: You don't have the needed permissions to perform this operation, and you may have invalid credentials. To authenticate your request, follow the steps in: https://cloud.google.com/container-registry/docs/advanced-authentication

controller logs:
[event: pod caaph-system/caaph-controller-manager-667c55ff66-fpjq4] Error: ErrImagePull
[event: pod caaph-system/caaph-controller-manager-667c55ff66-fpjq4] Error: ImagePullBackOff
[event: pod caaph-system/caaph-controller-manager-667c55ff66-fpjq4] Pulling image "gcr.io/k8s-staging-cluster-api-helm/cluster-api-helm-controller:latest"
[event: pod caaph-system/caaph-controller-manager-667c55ff66-fpjq4] Failed to pull image "gcr.io/k8s-staging-cluster-api-helm/cluster-api-helm-controller:latest": rpc error: code = Unknown desc = failed to pull and unpack image "gcr.io/k8s-staging-cluster-api-helm/cluster-api-helm-controller:latest": failed to resolve reference "gcr.io/k8s-staging-cluster-api-helm/cluster-api-helm-controller:latest": pulling from host gcr.io failed with status code [manifests latest]: 401 Unauthorized
name: manager
11 changes: 11 additions & 0 deletions config/default/manager_pull_policy.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: controller-manager
namespace: system
spec:
template:
spec:
containers:
- name: manager
imagePullPolicy: Always
5 changes: 0 additions & 5 deletions config/samples/metallb.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -8,9 +8,4 @@ spec:
MetalLBChart: enabled
repoURL: https://metallb.github.io/metallb
chartName: metallb
namespace: metallb-system
releaseName: metallb
valuesTemplate: |
speaker:
nodeSelector:
kubernetes.io/os: "linux"
9 changes: 2 additions & 7 deletions hack/verify-container-images.sh
Original file line number Diff line number Diff line change
Expand Up @@ -53,16 +53,11 @@ chmod +x ${TOOL_BIN}/trivy
rm ${TOOL_BIN}/trivy.tar.gz

# Builds all the container images to be scanned and cleans up changes to ./*manager_image_patch.yaml ./*manager_pull_policy.yaml.
make REGISTRY=gcr.io/k8s-staging-cluster-api PULL_POLICY=IfNotPresent TAG=dev docker-build
make REGISTRY=gcr.io/k8s-staging-cluster-api-helm PULL_POLICY=IfNotPresent TAG=dev docker-build
make clean-release-git

# Scan the images
${TOOL_BIN}/trivy image -q --exit-code 1 --ignore-unfixed --severity MEDIUM,HIGH,CRITICAL gcr.io/k8s-staging-cluster-api/clusterctl-"${GO_ARCH}":dev && R1=$? || R1=$?
${TOOL_BIN}/trivy image -q --exit-code 1 --ignore-unfixed --severity MEDIUM,HIGH,CRITICAL gcr.io/k8s-staging-cluster-api/test-extension-"${GO_ARCH}":dev && R2=$? || R2=$?
${TOOL_BIN}/trivy image -q --exit-code 1 --ignore-unfixed --severity MEDIUM,HIGH,CRITICAL gcr.io/k8s-staging-cluster-api/kubeadm-control-plane-controller-"${GO_ARCH}":dev && R3=$? || R3=$?
${TOOL_BIN}/trivy image -q --exit-code 1 --ignore-unfixed --severity MEDIUM,HIGH,CRITICAL gcr.io/k8s-staging-cluster-api/kubeadm-bootstrap-controller-"${GO_ARCH}":dev && R4=$? || R4=$?
${TOOL_BIN}/trivy image -q --exit-code 1 --ignore-unfixed --severity MEDIUM,HIGH,CRITICAL gcr.io/k8s-staging-cluster-api/cluster-api-controller-"${GO_ARCH}":dev && R5=$? || R5=$?
${TOOL_BIN}/trivy image -q --exit-code 1 --ignore-unfixed --severity MEDIUM,HIGH,CRITICAL gcr.io/k8s-staging-cluster-api/capd-manager-"${GO_ARCH}":dev && R6=$? || R6=$?
${TOOL_BIN}/trivy image -q --exit-code 1 --ignore-unfixed --severity MEDIUM,HIGH,CRITICAL gcr.io/k8s-staging-cluster-api-helm/cluster-api-helm-controller-"${GO_ARCH}":dev && R5=$? || R5=$?

echo ""
BRed='\033[1;31m'
Expand Down
3 changes: 2 additions & 1 deletion hack/version.sh
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,8 @@ version::get_version_vars() {

# stolen from k8s.io/hack/lib/version.sh
# Use git describe to find the version based on annotated tags.
if [[ -n ${GIT_VERSION-} ]] || GIT_VERSION=$(git describe --abbrev=14 --match "v[0-9]*" 2>/dev/null); then
# Add --tags parameter to include lightweight tags.
if [[ -n ${GIT_VERSION-} ]] || GIT_VERSION=$(git describe --tags --abbrev=14 --match "v[0-9]*" 2>/dev/null); then
# This translates the "git describe" to an actual semver.org
# compatible semantic version that looks something like this:
# v1.1.0-alpha.0.6+84c76d1142ea4d
Expand Down
2 changes: 1 addition & 1 deletion scripts/ci-e2e-lib.sh
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ capi:buildDockerImages () {
# please ensure the generated image name matches image names used in the E2E_CONF_FILE;
# also the same settings must be set in Makefile, docker-build-e2e target.
ARCH="$(go env GOARCH)"
export REGISTRY=gcr.io/k8s-staging-cluster-api
export REGISTRY=gcr.io/k8s-staging-cluster-api-helm
export TAG=dev
export ARCH

Expand Down

0 comments on commit ab6dee3

Please sign in to comment.