Skip to content

[image-builder-bob] Use separate auth for target and base #10094

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
May 20, 2022
Merged

[image-builder-bob] Use separate auth for target and base #10094

merged 1 commit into from
May 20, 2022

Conversation

princerachit
Copy link
Contributor

@princerachit princerachit commented May 18, 2022
edited
Loading

Description

Use terms such base and target to distinguish between image source (base) and built image (target).

Use separate auth for target and base so that when the target and base images are both in the same registry provider, correct auth is used.

e.g. User wants to use an image from their private gcr but we want to push the built image to gitpod's private gcr.

Related Issue(s)

Fixes #10089

How to test

Follow Reproduce steps from this issue #10089. Error should not be reproducible.

I already tested this in the preview env of this branch.

Image builds

image

Workspace Starts

image

Release Notes

Fix conflicting auth selection for image-builder-bob

Documentation

@princerachit princerachit force-pushed the prs/json-key-override branch 2 times, most recently from 6fdc65a to d11912a Compare May 18, 2022 13:12
@princerachit princerachit force-pushed the prs/json-key-override branch from d11912a to aa2aaaa Compare May 18, 2022 13:23
@princerachit princerachit marked this pull request as ready for review May 18, 2022 13:42
@princerachit princerachit requested a review from a team May 18, 2022 13:42
@github-actions github-actions bot added the team: workspace Issue belongs to the Workspace team label May 18, 2022
@princerachit
Copy link
Contributor Author

/hold

sagor999
sagor999 reviewed May 18, 2022
View reviewed changes
components/image-builder-bob/cmd/proxy.go
@@ -92,6 +108,6 @@ func init() {
// These env vars start with `WORKSPACEKIT_` so that they aren't passed on to ring2
proxyCmd.Flags().StringVar(&proxyOpts.BaseRef, "base-ref", os.Getenv("WORKSPACEKIT_BOBPROXY_BASEREF"), "ref of the base image")
proxyCmd.Flags().StringVar(&proxyOpts.TargetRef, "target-ref", os.Getenv("WORKSPACEKIT_BOBPROXY_TARGETREF"), "ref of the target image")
proxyCmd.Flags().StringVar(&proxyOpts.Auth, "auth", os.Getenv("WORKSPACEKIT_BOBPROXY_AUTH"), "authentication to use")
proxyCmd.Flags().StringVar(&proxyOpts.AdditionalAuth, "additional-auth", os.Getenv("WORKSPACEKIT_BOBPROXY_ADDITIONALAUTH"), "additional authentication to use")
proxyCmd.Flags().StringVar(&proxyOpts.BaseAuth, "base-auth", os.Getenv("WORKSPACEKIT_BOBPROXY_AUTH"), "authentication to use for base ref")
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

would this break any existing installs by any chance? (changing command line param names)

Copy link
Contributor Author

@princerachit princerachit May 19, 2022
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I checked ops repo and gitpod repo but could not find any references. AFAIK image-builder-bob proxy is only run in the imagebuild pods which is started by image-builder-mk3. Since image-builder-mk3 it self does not use these flags, it is unlikely that these flags are used anywhere else and break existing installs.

@princerachit princerachit requested a review from sagor999 May 19, 2022 04:39
@sagor999
Copy link
Contributor

sagor999 commented May 19, 2022
edited by werft-gitpod-dev-com bot
Loading

/werft run

👍 started the job as gitpod-build-prs-json-key-override.5
(with .werft/ from main)

@princerachit
Copy link
Contributor Author

/unhold

I am going to merge this PR as some members of the team are at kubecon and it can take them few more days to come back. If this breaks anything we can revert this.

@roboquat roboquat merged commit 7b27392 into main May 20, 2022
@roboquat roboquat deleted the prs/json-key-override branch May 20, 2022 04:43
@iQQBot iQQBot mentioned this pull request May 24, 2022
Merged
@princerachit princerachit mentioned this pull request May 25, 2022
Closed
@roboquat roboquat added deployed: workspace Workspace team change is running in production deployed Change is completely running in production labels May 25, 2022
@kylos101 kylos101 mentioned this pull request Jun 1, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sagor999 sagor999 sagor999 approved these changes

Assignees
No one assigned
Labels
deployed: workspace Workspace team change is running in production deployed Change is completely running in production release-note size/M team: workspace Issue belongs to the Workspace team
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Image builder does not support private container registry when gitpod uses same registry
3 participants
@princerachit @sagor999 @roboquat