Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[OCPNODE-747] New CRD ImageDigestMirrorSet and ImageTagMirrorSet to support AllowMirrByTags #929

Merged
merged 3 commits into from
Mar 28, 2022
Merged

[OCPNODE-747] New CRD ImageDigestMirrorSet and ImageTagMirrorSet to support AllowMirrByTags #929

merged 3 commits into from
Mar 28, 2022

Conversation

QiWang19
Copy link
Member

@QiWang19 QiWang19 commented Oct 10, 2021
edited
Loading

We can continue the discussions from the current design.

Signed-off-by: Qi Wang qiwan@redhat.com

@openshift-ci openshift-ci bot requested review from dgoodwin and sttts October 10, 2021 03:39
@QiWang19 QiWang19 mentioned this pull request Oct 10, 2021
Merged
@QiWang19
Copy link
Member Author

@mtrmac @smarterclayton PTAL

mtrmac
mtrmac reviewed Oct 12, 2021
View reviewed changes
enhancements/api-review/add-new-CRD-ImageContentPolicy(ICP)-to-config.openshift.io.md Outdated Show resolved Hide resolved
enhancements/api-review/add-new-CRD-ImageContentPolicy(ICP)-to-config.openshift.io.md Outdated Show resolved Hide resolved
enhancements/api-review/add-new-CRD-ImageContentPolicy(ICP)-to-config.openshift.io.md Outdated Show resolved Hide resolved
enhancements/api-review/add-new-CRD-ImageContentPolicy(ICP)-to-config.openshift.io.md Outdated Show resolved Hide resolved
enhancements/api-review/add-new-CRD-ImageContentPolicy(ICP)-to-config.openshift.io.md Outdated Show resolved Hide resolved
enhancements/api-review/add-new-CRD-ImageContentPolicy(ICP)-to-config.openshift.io.md Outdated Show resolved Hide resolved
enhancements/api-review/add-new-CRD-ImageContentPolicy(ICP)-to-config.openshift.io.md Outdated Show resolved Hide resolved
enhancements/api-review/add-new-CRD-ImageContentPolicy(ICP)-to-config.openshift.io.md Outdated Show resolved Hide resolved
enhancements/api-review/add-new-CRD-ImageContentPolicy(ICP)-to-config.openshift.io.md Outdated Show resolved Hide resolved
enhancements/api-review/add-new-CRD-ImageContentPolicy(ICP)-to-config.openshift.io.md Outdated Show resolved Hide resolved
@QiWang19
Copy link
Member Author

@mtrmac PTAL.

mtrmac
mtrmac reviewed Oct 18, 2021
View reviewed changes
Copy link
Contributor

@mtrmac mtrmac left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

(Various questions from my previous review seem to remain outstanding.)

enhancements/api-review/add-new-CRD-ImageContentPolicy(ICP)-to-config.openshift.io.md Outdated Show resolved Hide resolved
enhancements/api-review/add-new-CRD-ImageContentPolicy(ICP)-to-config.openshift.io.md Outdated
// https://github.com/containers/image/blob/main/docs/containers-registries.conf.5.md#choosing-a-registry-toml-table
// +required
// +kubebuilder:validation:Required
// +kubebuilder:validation:Pattern=`(^(([a-zA-Z]|[a-zA-Z][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z]|[A-Za-z][A-Za-z0-9\-]*[A-Za-z0-9])(:[0-9]+)?(\/[^\/:\n]+)*(\/[^\/:\n]+((:[^\/:\n]+)|(@[^\n]+)))?$)|(^(([a-zA-Z\*]|[a-zA-Z\*][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)?(([a-zA-Z]|[a-zA-Z][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z]|[A-Za-z][A-Za-z0-9\-]*[A-Za-z0-9])$)`
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This seems incorrect, in that it allows *a.; wildcards are supported only with the exact *. prefix.

Even with the explanation, validating the regex feels like too much work (which I didn’t do now). Does the API annotation have any mechanisms that could help?

If not, building the regex from components somehow would be nice. Maybe something similar to the way https://github.com/containers/image/blob/main/docker/reference/regexp.go does it — that’s admittedly extreme in being literal, but it does have the nice property that it results in a Go program that can be reviewed in small pieces, and then run with a value.String() to get a pattern.

Copy link
Member Author

@QiWang19 QiWang19 Oct 19, 2021
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't see the kubebuilder doc has a mechanism helper for regex. I can use some containers/image helpers in goplayground here to define the pattern https://play.golang.org/p/NO9_2LmqPiu

enhancements/api-review/add-new-CRD-ImageContentPolicy(ICP)-to-config.openshift.io.md Outdated Show resolved Hide resolved
@QiWang19 QiWang19 force-pushed the allow-mirror-by-tags branch 2 times, most recently from a0cc302 to ecb2599 Compare October 19, 2021 04:00
@QiWang19
Copy link
Member Author

@mtrmac could you have another round of review?

kikisdeliveryservice
kikisdeliveryservice reviewed Nov 3, 2021
View reviewed changes
Copy link
Contributor

@kikisdeliveryservice kikisdeliveryservice left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@QiWang19 I think it makes sense to update this enhancement at some point to pick up the new template changes (8d07520) involving API extensions since this will be adding a new CRD

Template link for ref: https://github.com/openshift/enhancements/blob/master/guidelines/enhancement_template.md

@QiWang19 QiWang19 force-pushed the allow-mirror-by-tags branch 3 times, most recently from e030049 to f325e8b Compare November 8, 2021 22:01
@QiWang19
Copy link
Member Author

QiWang19 commented Nov 8, 2021

@mtrmac Could you review? Updated:

  • Mentioned registries.conf should support digest required mirrors and tags allowed mirrors in the separated list.
  • ImageContentPolicy API change to have new mirrorsByTgas for using mirror by tags.

@QiWang19 QiWang19 changed the title [OCPNODE-521] New CRD ImageContentPolicy(ICP) to support AllowMirrByTags [OCPNODE-521] New CRD ImageSourceDigestPolicy and ImageSourceTagPolicy to support AllowMirrByTags Nov 11, 2021
@QiWang19 QiWang19 force-pushed the allow-mirror-by-tags branch 2 times, most recently from 2738eed to abf342e Compare February 15, 2022 21:44
@QiWang19
Copy link
Member Author

@umohnani8 @mrunalp @mtrmac PTAL.

QiWang19 added a commit to QiWang19/api that referenced this pull request Feb 28, 2022
@QiWang19
Add CRD ImageDigestMirrorSet and ImageTagMirrorSet
b8281fa 
Add CRD ImageDigestMirrorSet and ImageTagMirrorSet to have API for epics:
- https://issues.redhat.com/browse/OCPNODE-521: different API for two saprate lists for digest
  image pull and tag image pull using mirrors.
- https://issues.redhat.com/browse/OCPNODE-810: add an option for user to choose if the source of
  the mirror should be denied if the mirrors pull failed.

Enhancement: openshift/enhancements#929

Signed-off-by: Qi Wang <qiwan@redhat.com>
@QiWang19 QiWang19 mentioned this pull request Feb 28, 2022
Merged
QiWang19 added a commit to QiWang19/api that referenced this pull request Feb 28, 2022
@QiWang19
Add CRD ImageDigestMirrorSet and ImageTagMirrorSet
430b766 
Add CRD ImageDigestMirrorSet and ImageTagMirrorSet to have API for epics:
- https://issues.redhat.com/browse/OCPNODE-521: different API for two saprate lists for digest
  image pull and tag image pull using mirrors.
- https://issues.redhat.com/browse/OCPNODE-810: add an option for user to choose if the source of
  the mirror should be denied if the mirrors pull failed.

Enhancement: openshift/enhancements#929

Signed-off-by: Qi Wang <qiwan@redhat.com>
@QiWang19
Copy link
Member Author

@umohnani8 @mrunalp PTAL

@umohnani8
Copy link
Contributor

Proposal around neverContactSource LGTM
Thanks @QiWang19!

@mtrmac mtrmac mentioned this pull request Mar 4, 2022
Merged
mtrmac
mtrmac reviewed Mar 12, 2022
View reviewed changes
Copy link
Contributor

@mtrmac mtrmac left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good overall, mostly trivial typos.

(Noting that more discussion is happening in openshift/api#1126 .)

.../api-review/add-new-CRD-ImageDigestMirrorSet-and-ImageTagMirrorSet-to-config.openshift.io.md Outdated Show resolved Hide resolved
.../api-review/add-new-CRD-ImageDigestMirrorSet-and-ImageTagMirrorSet-to-config.openshift.io.md Outdated Show resolved Hide resolved
.../api-review/add-new-CRD-ImageDigestMirrorSet-and-ImageTagMirrorSet-to-config.openshift.io.md Outdated Show resolved Hide resolved
.../api-review/add-new-CRD-ImageDigestMirrorSet-and-ImageTagMirrorSet-to-config.openshift.io.md Outdated Show resolved Hide resolved
.../api-review/add-new-CRD-ImageDigestMirrorSet-and-ImageTagMirrorSet-to-config.openshift.io.md Outdated Show resolved Hide resolved
.../api-review/add-new-CRD-ImageDigestMirrorSet-and-ImageTagMirrorSet-to-config.openshift.io.md Outdated Show resolved Hide resolved
.../api-review/add-new-CRD-ImageDigestMirrorSet-and-ImageTagMirrorSet-to-config.openshift.io.md Outdated Show resolved Hide resolved
.../api-review/add-new-CRD-ImageDigestMirrorSet-and-ImageTagMirrorSet-to-config.openshift.io.md Outdated Show resolved Hide resolved
.../api-review/add-new-CRD-ImageDigestMirrorSet-and-ImageTagMirrorSet-to-config.openshift.io.md Outdated Show resolved Hide resolved
@QiWang19
Add CRD ImageContentPolicy(ICP) to config.openshift.io/v1 to support …
179d83e 
…AllowMirrByTags

Update the enhancement to describe the work has been done based on the previous discussions for Epic https://issues.redhat.com/browse/OCPNODE-521
We can continue the discussions from the current design.

Signed-off-by: Qi Wang <qiwan@redhat.com>
@QiWang19
CRD ImageSourceDigestPolicy and ImageSourceTagPolicy
74d816c 
New CRD ImageSourceDigestPolicy and ImageSourceTagPolicy to support AllowMirrByTags

Signed-off-by: Qi Wang <qiwan@redhat.com>
@QiWang19
CRD ImageDigestMirrorSet and ImageTagMirrorSet
cc9b39e 
    New CRD ImageDigestMirrorSet and ImageTagMirrorSet to support AllowMirrByTags

Signed-off-by: Qi Wang <qiwan@redhat.com>
mtrmac
mtrmac reviewed Mar 14, 2022
View reviewed changes
Copy link
Contributor

@mtrmac mtrmac left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM.

Thanks for all the updates!

@rphillips
Copy link
Contributor

/lgtm

Awesome Job!

@openshift-ci openshift-ci bot added the lgtm Indicates that a PR is ready to be merged. label Mar 28, 2022
@openshift-ci
Copy link
Contributor

openshift-ci bot commented Mar 28, 2022

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: mrunalp

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-ci openshift-ci bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Mar 28, 2022
@openshift-ci
Copy link
Contributor

openshift-ci bot commented Mar 28, 2022

@QiWang19: all tests passed!

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

@openshift-merge-robot openshift-merge-robot merged commit ad0d7b2 into openshift:master Mar 28, 2022
soltysh
soltysh reviewed Apr 6, 2022
View reviewed changes
.../api-review/add-new-CRD-ImageDigestMirrorSet-and-ImageTagMirrorSet-to-config.openshift.io.md
- [Cluster-config-operator](https://github.com/openshift/cluster-config-operator)
- [Openshift-api-server](https://github.com/openshift/openshift-apiserver/blob/98786f917ffc7d3dc3b05893f405970b87a419b9/pkg/image/apiserver/registries/registries.go)
- [Runtime utils](https://github.com/openshift/runtime-utils/blob/8b8348d80d1d1e7b6cf06fb009d5965e0b55baa2/pkg/registries/registries.go#L50)
- [Openshift-controller-manager](https://github.com/openshift/openshift-controller-manager/blob/2a11f145ad7fcf3e92460800de1d13ba7fbb90b0/pkg/build/controller/build/build_controller.go#L20943)
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@rphillips @QiWang19 oc and oc-mirror is missing here, and both of those tools heavily rely on the current ICSP implementation for all of image mirroring, this also includes our docs. Based on below note I can assume that the node team will also handle all the appropriate changes for oc and oc-mirror, is that correct?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, I will handle the related changes.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mtrmac mtrmac mtrmac left review comments

@kikisdeliveryservice kikisdeliveryservice kikisdeliveryservice left review comments

@bparees bparees bparees left review comments

@sttts sttts sttts left review comments

@saschagrunert saschagrunert saschagrunert left review comments

@cdjohnson cdjohnson cdjohnson left review comments

@soltysh soltysh soltysh left review comments

@mrunalp mrunalp mrunalp approved these changes

@dgoodwin dgoodwin Awaiting requested review from dgoodwin

Assignees

@rphillips rphillips

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. lgtm Indicates that a PR is ready to be merged.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.