-
-
Notifications
You must be signed in to change notification settings - Fork 45
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support for managed pulling from private ECRs #394
Support for managed pulling from private ECRs #394
Conversation
## [1.3.3](v1.3.2...v1.3.3) (2022-12-01) ### ⬆️ Dependencies * **deps:** Bump alpine from 3.16.2 to 3.16.3 ([#388](#388)) ([ffae497](ffae497)) * **deps:** Bump alpine from 3.16.3 to 3.17.0 ([#395](#395)) ([d32255d](d32255d)) * **deps:** Bump github.com/aws/aws-sdk-go from 1.44.126 to 1.44.136 ([#391](#391)) ([61a6ae2](61a6ae2)), closes [#4620](https://github.com/estahn/k8s-image-swapper/issues/4620) [#4619](https://github.com/estahn/k8s-image-swapper/issues/4619) [#4617](https://github.com/estahn/k8s-image-swapper/issues/4617) [#4616](https://github.com/estahn/k8s-image-swapper/issues/4616) [#4615](https://github.com/estahn/k8s-image-swapper/issues/4615) [#4614](https://github.com/estahn/k8s-image-swapper/issues/4614) [#4613](https://github.com/estahn/k8s-image-swapper/issues/4613) [#4611](https://github.com/estahn/k8s-image-swapper/issues/4611) [#4608](https://github.com/estahn/k8s-image-swapper/issues/4608) [#4609](https://github.com/estahn/k8s-image-swapper/issues/4609) * **deps:** Bump github.com/aws/aws-sdk-go from 1.44.136 to 1.44.146 ([#397](#397)) ([d4a6136](d4a6136)), closes [#4638](https://github.com/estahn/k8s-image-swapper/issues/4638) [#4636](https://github.com/estahn/k8s-image-swapper/issues/4636) [#4633](https://github.com/estahn/k8s-image-swapper/issues/4633) [#4632](https://github.com/estahn/k8s-image-swapper/issues/4632) [#4630](https://github.com/estahn/k8s-image-swapper/issues/4630) [#4628](https://github.com/estahn/k8s-image-swapper/issues/4628) [#4627](https://github.com/estahn/k8s-image-swapper/issues/4627) [#4626](https://github.com/estahn/k8s-image-swapper/issues/4626) [#4625](https://github.com/estahn/k8s-image-swapper/issues/4625) [#4624](https://github.com/estahn/k8s-image-swapper/issues/4624) * **deps:** Bump github.com/containers/image/v5 from 5.23.0 to 5.23.1 ([#393](#393)) ([84f4d18](84f4d18)) * **deps:** Bump github.com/go-co-op/gocron from 1.17.1 to 1.18.0 ([#390](#390)) ([1750ee9](1750ee9)), closes [go-co-op/gocron#388](go-co-op/gocron#388) [go-co-op/gocron#389](go-co-op/gocron#389) [go-co-op/gocron#392](go-co-op/gocron#392) [go-co-op/gocron#394](go-co-op/gocron#394) [go-co-op/gocron#393](go-co-op/gocron#393) [go-co-op/gocron#392](go-co-op/gocron#392) [go-co-op/gocron#394](go-co-op/gocron#394) [#393](#393) [#394](#394) [#392](#392) [#389](#389) * **deps:** Bump github.com/gruntwork-io/terratest from 0.40.24 to 0.41.3 ([#398](#398)) ([ab35b1a](ab35b1a)), closes [gruntwork-io/terratest#1203](gruntwork-io/terratest#1203) [gruntwork-io/terratest#1202](gruntwork-io/terratest#1202) [gruntwork-io/terratest#1201](gruntwork-io/terratest#1201) [gruntwork-io/terratest#1199](gruntwork-io/terratest#1199) [gruntwork-io/terratest#1196](gruntwork-io/terratest#1196) [#1202](https://github.com/estahn/k8s-image-swapper/issues/1202) [#1203](https://github.com/estahn/k8s-image-swapper/issues/1203) [#1201](https://github.com/estahn/k8s-image-swapper/issues/1201) [#1199](https://github.com/estahn/k8s-image-swapper/issues/1199) [#1196](https://github.com/estahn/k8s-image-swapper/issues/1196) * **deps:** Bump github.com/prometheus/client_golang from 1.13.0 to 1.13.1 ([#387](#387)) ([b155a16](b155a16)), closes [#1146](https://github.com/estahn/k8s-image-swapper/issues/1146) [#1148](https://github.com/estahn/k8s-image-swapper/issues/1148) [#1118](https://github.com/estahn/k8s-image-swapper/issues/1118) [#1146](https://github.com/estahn/k8s-image-swapper/issues/1146) [#1148](https://github.com/estahn/k8s-image-swapper/issues/1148) [#1118](https://github.com/estahn/k8s-image-swapper/issues/1118) [#1157](https://github.com/estahn/k8s-image-swapper/issues/1157) [#1146](https://github.com/estahn/k8s-image-swapper/issues/1146) [#1148](https://github.com/estahn/k8s-image-swapper/issues/1148) [#1118](https://github.com/estahn/k8s-image-swapper/issues/1118) * **deps:** Bump github.com/prometheus/client_golang from 1.13.1 to 1.14.0 ([#392](#392)) ([af00594](af00594)), closes [#1150](https://github.com/estahn/k8s-image-swapper/issues/1150) [#1103](https://github.com/estahn/k8s-image-swapper/issues/1103) [prometheus/client_golang#1118](prometheus/client_golang#1118) [prometheus/client_golang#1103](prometheus/client_golang#1103) [prometheus/client_golang#1125](prometheus/client_golang#1125) [prometheus/client_golang#1130](prometheus/client_golang#1130) [prometheus/client_golang#1148](prometheus/client_golang#1148) [prometheus/client_golang#1146](prometheus/client_golang#1146) [prometheus/client_golang#1152](prometheus/client_golang#1152) [#1150](https://github.com/estahn/k8s-image-swapper/issues/1150) [#1103](https://github.com/estahn/k8s-image-swapper/issues/1103) [#1162](https://github.com/estahn/k8s-image-swapper/issues/1162) [#1161](https://github.com/estahn/k8s-image-swapper/issues/1161) [#1160](https://github.com/estahn/k8s-image-swapper/issues/1160) [#1136](https://github.com/estahn/k8s-image-swapper/issues/1136) [#1133](https://github.com/estahn/k8s-image-swapper/issues/1133) [#1150](https://github.com/estahn/k8s-image-swapper/issues/1150) [#1152](https://github.com/estahn/k8s-image-swapper/issues/1152) * **deps:** Bump github.com/spf13/viper from 1.13.0 to 1.14.0 ([#385](#385)) ([6f79498](6f79498)), closes [spf13/viper#1457](spf13/viper#1457) [spf13/viper#1458](spf13/viper#1458) [spf13/viper#1460](spf13/viper#1460) [spf13/viper#1428](spf13/viper#1428) [spf13/viper#1406](spf13/viper#1406) [spf13/viper#1437](spf13/viper#1437) [spf13/viper#1453](spf13/viper#1453) [spf13/viper#1449](spf13/viper#1449) [spf13/viper#1461](spf13/viper#1461) * **deps:** Bump golangci/golangci-lint-action from 3.3.0 to 3.3.1 ([#389](#389)) ([0b50f7b](0b50f7b)), closes [golangci/golangci-lint-action#590](golangci/golangci-lint-action#590) [golangci/golangci-lint-action#591](golangci/golangci-lint-action#591) [golangci/golangci-lint-action#592](golangci/golangci-lint-action#592) [golangci/golangci-lint-action#593](golangci/golangci-lint-action#593) [golangci/golangci-lint-action#594](golangci/golangci-lint-action#594) [golangci/golangci-lint-action#595](golangci/golangci-lint-action#595) [golangci/golangci-lint-action#596](golangci/golangci-lint-action#596) [golangci/golangci-lint-action#597](golangci/golangci-lint-action#597) [golangci/golangci-lint-action#598](golangci/golangci-lint-action#598) [golangci/golangci-lint-action#599](golangci/golangci-lint-action#599) [#599](#599) [#598](#598) [#596](#596) [#595](#595) [#593](#593) [#591](#591) [#590](#590) * **deps:** Bump hmarr/auto-approve-action from 2 to 3 ([#396](#396)) ([0b982a2](0b982a2)), closes [hmarr/auto-approve-action#205](hmarr/auto-approve-action#205) [hmarr/auto-approve-action#202](hmarr/auto-approve-action#202) [hmarr/auto-approve-action#202](hmarr/auto-approve-action#202) [hmarr/auto-approve-action#200](hmarr/auto-approve-action#200) [hmarr/auto-approve-action#200](hmarr/auto-approve-action#200) [hmarr/auto-approve-action#186](hmarr/auto-approve-action#186) [hmarr/auto-approve-action#191](hmarr/auto-approve-action#191) [#210](#210) [#205](#205) * **deps:** Bump k8s.io/api from 0.25.3 to 0.25.4 ([#401](#401)) ([0f80b5d](0f80b5d)) * **deps:** Bump k8s.io/apimachinery from 0.25.3 to 0.25.4 ([#399](#399)) ([1f0944f](1f0944f)), closes [#112218](https://github.com/estahn/k8s-image-swapper/issues/112218) [haoruan/automated-cherry-pick-of-#111936](https://github.com/haoruan/automated-cherry-pick-of-/issues/111936) * **deps:** Bump k8s.io/client-go from 0.25.3 to 0.25.4 ([#400](#400)) ([ad036e0](ad036e0))
Hello @estahn, |
PRs are much appreciated. Let me take a look at it today and come back to you shortly. |
Codecov ReportPatch coverage:
Additional details and impacted files@@ Coverage Diff @@
## main #394 +/- ##
===========================================
- Coverage 64.48% 31.82% -32.66%
===========================================
Files 6 9 +3
Lines 366 839 +473
===========================================
+ Hits 236 267 +31
- Misses 107 546 +439
- Partials 23 26 +3
Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here. ☔ View full report in Codecov by Sentry. |
@Caomoji I prepared this initially to allow for registries requiring authentication (https://github.com/estahn/k8s-image-swapper/blame/bcc56b57ac91c1e8312f4e558283c68684a38678/.k8s-image-swapper.yml#L34-L37). I prefer not to distinguish between private & public registries, but rather have My suggestion is to adjust this as follows: source:
registries:
- type: aws
aws:
accountId: 123456789
region: ap-southeast-2
- type: aws
aws:
accountId: 234567890
region: us-east-1
- type: dockerio
dockerio:
username:
password:
secretRef: Thoughts? |
I fully agree with your point of view, I updated the config to look like your example, as well as some methods to make registry client creation a bit cleaner. I also updated the target registry for consistency. |
I rebased on
@estahn please let me know if you have any suggestions. |
Hello @estahn, |
@Caomoji Yes, sure thing. I was on vacation and had some other things to take care of. I'm looking at it again now. I just merged GCP support. I remember there was some overlap with this PR. Can you double check if there is a conflict or if everything still works? |
@estahn Thank you for your response, no worries. The two PRs were quite conflicting indeed, both trying to bring genericity to registry handling but in a different way. I resolved the conflicts by trying to take the best of the two, while taking into account the core changes of this PR (managing sources registries as well). |
Awesome. Will check it out tonight. Did you have a chance to run it locally to test it? |
Thanks! I've not tested it yet, I'll try to do so when I have some time. |
This PR adds the possibility to set additional references to ECRs as sources in the configuration file.
This change allows to take advantage of the logic already in place to rotate ECR tokens and authenticate to private registries, but for pulling images from private ECRs in a context of multi ECR replication. The same AWS credentials as for the target ECR are used.
Main changes:
privateRegistries
insource
imagePullSecretProviders
containing the registries' clientsdockerconfig
in a JSON format from a registry client to merge with the authfile passed to SkopeoGetImagePullSecrets
to include dockerconfigs from private registries to the image pull secrets from podsNotes:
imagePullSecrets
from hooked Pods still have priority over the authentication via these default private registries