Skip to content

[image-builder] replace reference to aliases with actual repo for cross mount blobs #10192

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

[image-builder] replace reference to aliases with actual repo for cross mount blobs #10192

wants to merge 1 commit into from

Conversation

princerachit
Copy link
Contributor

@princerachit princerachit commented May 23, 2022
edited
Loading

Description

Some registries like azure do not fail if the reference to the cross repo is incorrect while some fail due to it. This PR makes sure such references to aliases are appropriately replaced.

Related Issue(s)

Fixes #7264

How to test

You can watch me blabbering how this works in this loom video or proceed to following sections to learn how to test.

Cross mount repository fix for image-builder - Watch Video

Use the installer generated from this PR's build. You need a kubernetes cluster and need to install gitpod using the installer.

  1. Create a gitlab registry
  2. Create a personal access token with read and write permission to your registry
  3. Create a docker secret using your credentials
kubectl create secret docker-registry registry-secret --docker-server=registry.gitlab.com --docker-username=prince41 --docker-password="mypassword"
  1. Make the following changes to the gitpod config (generated via ./installer init > gitpod-config.yaml)
certificate:
  kind: secret
  name: https-certificates
containerRegistry:
  inCluster: false
  external:
    url: registry.gitlab.com/prince41/testproj
    certificate:
      kind: secret
      name: registry-secret

I also configured the experimental field as I tested this on workspace-preview which by default does an experimental installation:

experimental:
  webapp:
    server:
      disableDynamicAuthProviderLogin: false
      enableLocalApp: true
      defaultBaseImageRegistryWhitelist:
      - https://index.docker.io/v1/
      - https://azurecr.io/
      - https://prince.azurecr.io/
      - https://prince.azurecr.io/base-images
      - https://prince.azurecr.io/workspace-images
      - https://registry.gitlab.io/
      - https://registry.gitlab.io/prince41/
      - https://registry.gitlab.io/prince41/testproj

Make sure you correctly configure domain before moving on to the next steps.

  1. Generate gitpod yamls and apply
installer render --use-experimental-config --config gitpod-config.yaml > rendered.yaml
kubectl apply -f rendered.yaml

Now use a repo which has a gitpod configuration similar to this:

image:
  file: gitpod.Dockerfile

and the corresponding gitpod.Dockerfile:

FROM gitpod/workspace-full:latest

RUN touch /tmp/abc && echo "done"

Image build should work without any issue.

image

Release Notes

Fix Cross mount blob error

Documentation

@princerachit princerachit changed the title replace reference to aliases with actual repo [image-builder] replace reference to aliases with actual repo for cross mount blobs May 23, 2022
@princerachit princerachit marked this pull request as ready for review May 23, 2022 16:35
@princerachit princerachit requested a review from a team May 23, 2022 16:35
@github-actions github-actions bot added the team: workspace Issue belongs to the Workspace team label May 23, 2022
@princerachit princerachit marked this pull request as draft May 23, 2022 16:37
@roboquat roboquat added size/L and removed size/S labels May 24, 2022
@princerachit princerachit marked this pull request as ready for review May 24, 2022 06:06
jenting
jenting reviewed May 24, 2022
View reviewed changes
@princerachit princerachit requested a review from jenting May 24, 2022 13:58
@kylos101
Copy link
Contributor

/hold as we just had an incident https://gitpod.slack.com/archives/C03GSLDKVTM, and should make sure this is tested in a preview environment (can build images) as well as when Gitlab is the registry.

@kylos101
Copy link
Contributor

Figure we can remove the hold once we understand how the breaking behavior for the prior PR for image builder made it to production. In other words, how can we do better with testing to a repeat incident?

@jenting jenting requested review from a team and removed request for jenting May 25, 2022 01:43
@sagor999
Copy link
Contributor

@kylos101 I think previous production issue was due to pinning of bob to specific version. So we did test everything correctly on our end in that case.

@princerachit princerachit mentioned this pull request May 27, 2022
Merged
@kylos101
Copy link
Contributor

kylos101 commented May 27, 2022
edited by werft-gitpod-dev-com bot
Loading

/werft run

👍 started the job as gitpod-build-prs-pvt-reg.5
(with .werft/ from main)

@sagor999
Copy link
Contributor

Rebased PR on latest main so that build will not fail.

@kylos101
Copy link
Contributor

Thanks @sagor999 ! Have a nice vacation. 😃

There are a few image builder PRs that we have out there, so I'll be sure to rebase them too.

I plan to work with WebApp (@geropl ) on Tuesday to understand how related testing and deploys are done. I am out on Monday.

I assume we first must remove a pin in the ops repo, but would also like how to deploy to staging, and eventually production for webapp. This should also help the team eventually get image-builder onto workspace clusters...which would be great!

@kylos101 kylos101 marked this pull request as draft June 10, 2022 18:11
@princerachit princerachit requested a review from jenting June 21, 2022 06:09
@roboquat roboquat added size/M and removed size/L labels Jun 21, 2022
@princerachit princerachit marked this pull request as ready for review June 21, 2022 06:09
@princerachit
Copy link
Contributor Author

I have rebased and resolved conflict.

@sagor999
Copy link
Contributor

@kylos101 ping, I assume you taking ownership of reviewing and approving this PR based on your comment above?

@kylos101 kylos101 mentioned this pull request Jun 21, 2022
Closed
13 tasks
@kylos101
Copy link
Contributor

Hi @sagor999 no, but, I've added as part of this epic (to step 1), which we'll be starting soon. 🙏 Thank you for asking.

@stale
Copy link

stale bot commented Jul 7, 2022

This pull request has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

@stale stale bot added the meta: stale This issue/PR is stale and will be closed soon label Jul 7, 2022
@sagor999
Copy link
Contributor

sagor999 commented Jul 7, 2022

not stale

@stale stale bot removed the meta: stale This issue/PR is stale and will be closed soon label Jul 7, 2022
@kylos101 kylos101 added the meta: never-stale This issue can never become stale label Jul 12, 2022
@sagor999
Copy link
Contributor

Going to mark this review as draft, as I am not sure who is owning this PR at this moment. @kylos101

@sagor999 sagor999 marked this pull request as draft July 22, 2022 17:44
@kylos101 kylos101 removed request for a team and jenting September 6, 2022 23:15
@aledbf aledbf closed this Mar 29, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jenting jenting jenting left review comments

Assignees
No one assigned
Labels
do-not-merge/hold do-not-merge/work-in-progress meta: never-stale This issue can never become stale release-note size/M team: workspace Issue belongs to the Workspace team
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[image-builder] Some private registries do not work and fail with unauthorized access and bad gateway
6 participants
@princerachit @kylos101 @sagor999 @jenting @aledbf @roboquat