From c26a121f34134f18912392c6484bd93f3aea37a3 Mon Sep 17 00:00:00 2001 From: Salah Al Saleh Date: Tue, 6 Aug 2024 21:25:06 +0000 Subject: [PATCH 1/6] Build registry with apko --- .github/workflows/image-deps-updater.yaml | 5 + .github/workflows/update-addons.yaml | 4 + cmd/buildtools/registry.go | 143 ++++++++++++++-------- cmd/buildtools/utils.go | 2 +- deploy/images/registry/apko.tmpl.yaml | 48 ++++++++ 5 files changed, 150 insertions(+), 52 deletions(-) create mode 100644 deploy/images/registry/apko.tmpl.yaml diff --git a/.github/workflows/image-deps-updater.yaml b/.github/workflows/image-deps-updater.yaml index eb7962798..7ad096e14 100644 --- a/.github/workflows/image-deps-updater.yaml +++ b/.github/workflows/image-deps-updater.yaml @@ -20,6 +20,9 @@ on: kubectl_version: description: 'Kubectl version for discovering image versions' required: false + registry_version: + description: 'Registry version for discovering image versions' + required: false seaweedfs_version: description: 'SeaweedFS version for discovering image versions' required: false @@ -57,6 +60,7 @@ jobs: - openebs - velero - embeddedclusteroperator + - registry - seaweedfs steps: - name: Checkout @@ -78,6 +82,7 @@ jobs: INPUT_VELERO_VERSION: ${{ github.event.inputs.velero_version }} INPUT_VELERO_AWS_PLUGIN_VERSION: ${{ github.event.inputs.velero_aws_plugin_version }} INPUT_KUBECTL_VERSION: ${{ github.event.inputs.kubectl_version }} + INPUT_REGISTRY_VERSION: ${{ github.event.inputs.registry_version }} INPUT_SEAWEEDFS_VERSION: ${{ github.event.inputs.seaweedfs_version }} run: | chmod +x ./output/bin/buildtools diff --git a/.github/workflows/update-addons.yaml b/.github/workflows/update-addons.yaml index 8b282dd7a..6bf666f8b 100644 --- a/.github/workflows/update-addons.yaml +++ b/.github/workflows/update-addons.yaml @@ -11,6 +11,9 @@ on: velero_chart_version: description: 'Velero chart version for updating the chart and images' required: false + registry_chart_version: + description: 'Registry chart version for updating the chart and images' + required: false seaweedfs_chart_version: description: 'SeaweedFS chart version for updating the chart and images' required: false @@ -67,6 +70,7 @@ jobs: CHARTS_DESTINATION: registry.replicated.com/ec-charts INPUT_OPENEBS_CHART_VERSION: ${{ github.event.inputs.openebs_chart_version }} INPUT_VELERO_CHART_VERSION: ${{ github.event.inputs.velero_chart_version }} + INPUT_REGISTRY_CHART_VERSION: ${{ github.event.inputs.registry_chart_version }} INPUT_SEAWEEDFS_CHART_VERSION: ${{ github.event.inputs.seaweedfs_chart_version }} run: | chmod 755 ./output/bin/buildtools diff --git a/cmd/buildtools/registry.go b/cmd/buildtools/registry.go index 7d75caed2..2710b0570 100644 --- a/cmd/buildtools/registry.go +++ b/cmd/buildtools/registry.go @@ -1,8 +1,10 @@ package main import ( + "context" "fmt" "os" + "strings" "github.com/sirupsen/logrus" "github.com/urfave/cli/v2" @@ -20,10 +22,10 @@ var registryRepo = &repo.Entry{ var registryImageComponents = map[string]addonComponent{ "docker.io/library/registry": { name: "registry", - getCustomImageName: func(opts addonComponentOptions) (string, error) { - // TODO (@salah): build with apko once distribution is out of beta: https://github.com/wolfi-dev/os/blob/main/distribution.yaml - return "docker.io/library/registry:2.8.3", nil + getWolfiPackageName: func(opts addonComponentOptions) string { + return "distribution" }, + upstreamVersionInputOverride: "INPUT_REGISTRY_VERSION", }, } @@ -33,70 +35,109 @@ var updateRegistryAddonCommand = &cli.Command{ UsageText: environmentUsageText, Action: func(c *cli.Context) error { logrus.Infof("updating registry addon") - latest, err := LatestChartVersion(registryRepo, "docker-registry") - if err != nil { - return fmt.Errorf("unable to get the latest registry version: %v", err) - } - logrus.Printf("latest registry chart version: %s", latest) - current := registry.Metadata - if current.Version == latest && !c.Bool("force") { - logrus.Infof("registry version is already up-to-date") - return nil + nextChartVersion := os.Getenv("INPUT_REGISTRY_CHART_VERSION") + if nextChartVersion != "" { + logrus.Infof("using input override from INPUT_REGISTRY_CHART_VERSION: %s", nextChartVersion) + } else { + logrus.Infof("fetching the latest registry chart version") + latest, err := LatestChartVersion(registryRepo, "docker-registry") + if err != nil { + return fmt.Errorf("failed to get the latest registry chart version: %v", err) + } + nextChartVersion = latest + logrus.Printf("latest registry chart version: %s", latest) } + nextChartVersion = strings.TrimPrefix(nextChartVersion, "v") - logrus.Infof("mirroring registry chart version %s", latest) - if err := MirrorChart(registryRepo, "docker-registry", latest); err != nil { - return fmt.Errorf("unable to mirror chart: %w", err) + current := registry.Metadata + if current.Version == nextChartVersion && !c.Bool("force") { + logrus.Infof("registry chart version is already up-to-date") + } else { + logrus.Infof("mirroring registry chart version %s", nextChartVersion) + if err := MirrorChart(registryRepo, "docker-registry", nextChartVersion); err != nil { + return fmt.Errorf("failed to mirror registry chart: %v", err) + } } upstream := fmt.Sprintf("%s/docker-registry", os.Getenv("CHARTS_DESTINATION")) - newmeta := release.AddonMetadata{ - Version: latest, - Location: fmt.Sprintf("oci://proxy.replicated.com/anonymous/%s", upstream), - Images: make(map[string]release.AddonImage), - } + withproto := fmt.Sprintf("oci://proxy.replicated.com/anonymous/%s", upstream) - values, err := release.GetValuesWithOriginalImages("registry") - if err != nil { - return fmt.Errorf("unable to get openebs values: %v", err) - } + logrus.Infof("updating registry images") - logrus.Infof("extracting images from chart") - withproto := fmt.Sprintf("oci://%s", upstream) - images, err := GetImagesFromOCIChart(withproto, "docker-registry", latest, values) + err := updateRegistryAddonImages(c.Context, withproto, nextChartVersion) if err != nil { - return fmt.Errorf("failed to get images from chart: %w", err) + return fmt.Errorf("failed to update registry images: %w", err) } - for _, image := range images { - component, ok := registryImageComponents[RemoveTagFromImage(image)] - if !ok { - return fmt.Errorf("no component found for image %s", image) - } - repo, tag, err := component.resolveImageRepoAndTag(c.Context, image) - if err != nil { - return fmt.Errorf("failed to resolve image and tag for %s: %w", image, err) - } - newmeta.Images[component.name] = release.AddonImage{ - Repo: repo, - Tag: tag, - } - } + logrus.Infof("successfully updated registry addon") - logrus.Infof("saving addon manifest") - newmeta.ReplaceImages = true - if err := newmeta.Save("registry"); err != nil { - return fmt.Errorf("failed to save metadata: %w", err) - } + return nil + }, +} - logrus.Infof("rendering values for registry ha") - err = newmeta.RenderValues("registry", "values-ha.tpl.yaml", "values-ha.yaml") +var updateRegistryImagesCommand = &cli.Command{ + Name: "registry", + Usage: "Updates the registry images", + UsageText: environmentUsageText, + Action: func(c *cli.Context) error { + logrus.Infof("updating registry images") + + current := registry.Metadata + + err := updateRegistryAddonImages(c.Context, current.Location, current.Version) if err != nil { - return fmt.Errorf("failed to render values-ha: %w", err) + return fmt.Errorf("failed to update registry images: %w", err) } - logrus.Infof("successfully updated registry addon") + logrus.Infof("successfully updated registry images") + return nil }, } + +func updateRegistryAddonImages(ctx context.Context, chartURL string, chartVersion string) error { + newmeta := release.AddonMetadata{ + Version: chartVersion, + Location: chartURL, + Images: make(map[string]release.AddonImage), + } + + values, err := release.GetValuesWithOriginalImages("registry") + if err != nil { + return fmt.Errorf("failed to get registry values: %v", err) + } + + logrus.Infof("extracting images from chart version %s", chartVersion) + images, err := GetImagesFromOCIChart(chartURL, "docker-registry", chartVersion, values) + if err != nil { + return fmt.Errorf("failed to get images from registry chart: %w", err) + } + + if err := ApkoLogin(); err != nil { + return fmt.Errorf("failed to apko login: %w", err) + } + + for _, image := range images { + component, ok := registryImageComponents[RemoveTagFromImage(image)] + if !ok { + return fmt.Errorf("no component found for image %s", image) + } + repo, tag, err := component.resolveImageRepoAndTag(ctx, image) + if err != nil { + return fmt.Errorf("failed to resolve image and tag for %s: %w", image, err) + } + newmeta.Images[component.name] = release.AddonImage{ + Repo: repo, + Tag: tag, + } + } + + logrus.Infof("saving addon manifest") + newmeta.ReplaceImages = true + if err := newmeta.Save("registry"); err != nil { + return fmt.Errorf("failed to save metadata: %w", err) + } + + return nil +} diff --git a/cmd/buildtools/utils.go b/cmd/buildtools/utils.go index 26adc8b4f..fbb078c52 100644 --- a/cmd/buildtools/utils.go +++ b/cmd/buildtools/utils.go @@ -74,7 +74,7 @@ func ComponentImageTag(componentName, packageName, packageVersion string) (strin } tag, err := ResolveApkoPackageVersion(componentName, packageName, packageVersion) if err != nil { - return "", fmt.Errorf("apko output tag: %w", err) + return "", fmt.Errorf("resolve apko package version: %w", err) } return tag, nil } diff --git a/deploy/images/registry/apko.tmpl.yaml b/deploy/images/registry/apko.tmpl.yaml new file mode 100644 index 000000000..1230d1c22 --- /dev/null +++ b/deploy/images/registry/apko.tmpl.yaml @@ -0,0 +1,48 @@ +contents: + repositories: + - https://packages.wolfi.dev/os + keyring: + - https://packages.wolfi.dev/os/wolfi-signing.rsa.pub + packages: + - busybox + - distribution + - distribution-compat + +accounts: + groups: + - groupname: nonroot + gid: 65532 + users: + - username: nonroot + uid: 65532 + gid: 65532 + run-as: 65532 + +paths: + - path: /etc/docker/registry + type: directory + uid: 65532 + gid: 65532 + permissions: 0o755 + recursive: true + - path: /var/lib/registry + type: directory + uid: 65532 + gid: 65532 + permissions: 0o755 + recursive: true + - path: /etc/ssl/docker + type: directory + uid: 65532 + gid: 65532 + permissions: 0o755 + recursive: true + - path: /auth + type: directory + uid: 65532 + gid: 65532 + permissions: 0o755 + recursive: true + +entrypoint: + command: /entrypoint.sh From 98aaef7d75deee9713050b67cd2d8d3b8da5f8ec Mon Sep 17 00:00:00 2001 From: replicated-ci-ec Date: Tue, 6 Aug 2024 14:27:45 -0700 Subject: [PATCH 2/6] feat: update registry version (#938) updated registry version Co-authored-by: sgalsaleh <39952863+sgalsaleh@users.noreply.github.com> --- pkg/addons/registry/static/metadata.yaml | 4 ++-- pkg/addons/registry/static/values.yaml | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/pkg/addons/registry/static/metadata.yaml b/pkg/addons/registry/static/metadata.yaml index 974c000c6..63c6b5ffd 100644 --- a/pkg/addons/registry/static/metadata.yaml +++ b/pkg/addons/registry/static/metadata.yaml @@ -9,5 +9,5 @@ version: 2.2.3 location: oci://proxy.replicated.com/anonymous/registry.replicated.com/ec-charts/docker-registry images: registry: - repo: proxy.replicated.com/anonymous/registry - tag: 2.8.3@sha256:5d4d001e01c8543f233d392f5519deb0d299ca89447484dab98bbd957e18c2eb + repo: proxy.replicated.com/anonymous/replicated/ec-registry + tag: 3.0.0-r1@sha256:13e64b7ce464672c55306e7bcbe21692d8b7816640607f13d006fba4e351d44d diff --git a/pkg/addons/registry/static/values.yaml b/pkg/addons/registry/static/values.yaml index 363a3ff79..5cc123d45 100644 --- a/pkg/addons/registry/static/values.yaml +++ b/pkg/addons/registry/static/values.yaml @@ -25,8 +25,8 @@ extraVolumes: secretName: registry-auth fullnameOverride: registry image: - repository: 'proxy.replicated.com/anonymous/registry' - tag: '2.8.3@sha256:5d4d001e01c8543f233d392f5519deb0d299ca89447484dab98bbd957e18c2eb' + repository: 'proxy.replicated.com/anonymous/replicated/ec-registry' + tag: '3.0.0-r1@sha256:13e64b7ce464672c55306e7bcbe21692d8b7816640607f13d006fba4e351d44d' persistence: accessMode: ReadWriteOnce enabled: true From cd25ab3addd79c44b02e8ceaae5c7b97e97551aa Mon Sep 17 00:00:00 2001 From: Salah Al Saleh Date: Tue, 6 Aug 2024 21:28:11 +0000 Subject: [PATCH 3/6] add images subcommand --- cmd/buildtools/update.go | 1 + 1 file changed, 1 insertion(+) diff --git a/cmd/buildtools/update.go b/cmd/buildtools/update.go index 21fc26807..f1306c511 100644 --- a/cmd/buildtools/update.go +++ b/cmd/buildtools/update.go @@ -40,6 +40,7 @@ var updateImagesCommand = &cli.Command{ updateOpenEBSImagesCommand, updateVeleroImagesCommand, updateOperatorImagesCommand, + updateRegistryImagesCommand, updateSeaweedFSImagesCommand, }, } From 31fcc6b521710dc308a790c9ce38d40718b56099 Mon Sep 17 00:00:00 2001 From: Salah Al Saleh Date: Tue, 6 Aug 2024 21:50:55 +0000 Subject: [PATCH 4/6] render ha values --- cmd/buildtools/registry.go | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/cmd/buildtools/registry.go b/cmd/buildtools/registry.go index 2710b0570..1bee41905 100644 --- a/cmd/buildtools/registry.go +++ b/cmd/buildtools/registry.go @@ -139,5 +139,10 @@ func updateRegistryAddonImages(ctx context.Context, chartURL string, chartVersio return fmt.Errorf("failed to save metadata: %w", err) } + logrus.Infof("rendering values for registry ha") + if err := newmeta.RenderValues("registry", "values-ha.tpl.yaml", "values-ha.yaml"); err != nil { + return fmt.Errorf("failed to render ha values: %w", err) + } + return nil } From 6b61e044e2b7b5b5f971c7e989030e1a435fc282 Mon Sep 17 00:00:00 2001 From: replicated-ci-ec Date: Tue, 6 Aug 2024 14:54:50 -0700 Subject: [PATCH 5/6] feat: update registry version (#940) updated registry version Co-authored-by: sgalsaleh <39952863+sgalsaleh@users.noreply.github.com> --- pkg/addons/registry/static/values-ha.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkg/addons/registry/static/values-ha.yaml b/pkg/addons/registry/static/values-ha.yaml index 96180e126..d9ceb6754 100644 --- a/pkg/addons/registry/static/values-ha.yaml +++ b/pkg/addons/registry/static/values-ha.yaml @@ -38,8 +38,8 @@ extraVolumes: secretName: registry-auth fullnameOverride: registry image: - repository: 'proxy.replicated.com/anonymous/registry' - tag: '2.8.3@sha256:5d4d001e01c8543f233d392f5519deb0d299ca89447484dab98bbd957e18c2eb' + repository: 'proxy.replicated.com/anonymous/replicated/ec-registry' + tag: '3.0.0-r1@sha256:13e64b7ce464672c55306e7bcbe21692d8b7816640607f13d006fba4e351d44d' replicaCount: 2 s3: bucket: registry From a7f5ba4f91246efa3c934759179c43db122b82d4 Mon Sep 17 00:00:00 2001 From: Salah Al Saleh Date: Wed, 7 Aug 2024 19:10:39 +0000 Subject: [PATCH 6/6] forcepathstyle: true --- pkg/addons/registry/static/values-ha.tpl.yaml | 1 + pkg/addons/registry/static/values-ha.yaml | 1 + 2 files changed, 2 insertions(+) diff --git a/pkg/addons/registry/static/values-ha.tpl.yaml b/pkg/addons/registry/static/values-ha.tpl.yaml index 68b0e5307..057e7f21f 100644 --- a/pkg/addons/registry/static/values-ha.tpl.yaml +++ b/pkg/addons/registry/static/values-ha.tpl.yaml @@ -16,6 +16,7 @@ configData: storage: s3: secure: false + forcepathstyle: true extraVolumeMounts: - mountPath: /auth name: auth diff --git a/pkg/addons/registry/static/values-ha.yaml b/pkg/addons/registry/static/values-ha.yaml index d9ceb6754..000a03e09 100644 --- a/pkg/addons/registry/static/values-ha.yaml +++ b/pkg/addons/registry/static/values-ha.yaml @@ -29,6 +29,7 @@ configData: storage: s3: secure: false + forcepathstyle: true extraVolumeMounts: - mountPath: /auth name: auth