search

Kuadrant / limitador-operator

Apache License 2.0
6 stars 14 forks source link

pull an image from a private registry #160

Closed eguzki closed 1 month ago

eguzki commented 1 month ago

What

Pull an image from a private registry

Fixes #78

Verification steps

First, get some limitador image on a private repository. For example: quay.io/eastizle/limitador-private:v1.6.0 (this repo and image will be removed when this PR is merged).

dev setup

make local-setup

Create a Secret of type `kubernetes.io/dockerconfigjson by providing credentials. For example, using kubectl tool with the following command line:

kubectl create secret docker-registry regcred --docker-server=<your-registry-server> --docker-username=<your-name> --docker-password=<your-pword>

Deploy limitador with a custom image and a reference to the recently created regcred secret.

kubectl apply -f - <<EOF
---
apiVersion: limitador.kuadrant.io/v1alpha1
kind: Limitador
metadata:
  name: limitador-instance-1
spec:
  image: quay.io/eastizle/limitador-private:v1.6.0
  imagePullSecrets:
  - name: regcred
EOF

Wait for limitador to be ready

kubectl wait --timeout=300s --for=condition=Ready limitador limitador-instance-1

Check status

kubectl get limitador  limitador-instance-1 -o jsonpath='{.status}' | yq e -P

It should say Ready.

Now, let's deploy limitador with custom image from a private repository without providing imagepullsecrets. It will be a custom image different from the one used in the previous example. As the image of the previous example is already present in the cluster and the limitador deployment pullpolicy is "IfNotPresent", using that image even without imagepullsecrets would not fail. 

kubectl apply -f - <<EOF
---
apiVersion: limitador.kuadrant.io/v1alpha1
kind: Limitador
metadata:
  name: limitador-instance-without-imagepullsecrets
spec:
  image: quay.io/eastizle/limitador-private:other
EOF

Check status

kubectl get limitador  limitador-instance-without-imagepullsecrets -o jsonpath='{.status}' | yq e -P

The answer should be: not "ready" with somewhat confusing message: "Deployment does not have minimum availability"

Checking pod status or events we can get more detailed information:

kubectl get events --field-selector reason=Failed

You should see https://quay.io/v2/eastizle/limitador-private/manifests/other: 401 UNAUTHORIZED

LAST SEEN   TYPE      REASON   OBJECT                                                                MESSAGE
2m11s       Warning   Failed   pod/limitador-limitador-instance-without-imagepullsecrets-6799fszk2   Failed to pull image "quay.io/eastizle/limitador-private:other": failed to pull and unpack image "quay.io/eastizle/limitador-private:other": failed to resolve reference "quay.io/eastizle/limitador-private:other": unexpected status from HEAD request to https://quay.io/v2/eastizle/limitador-private/manifests/other: 401 UNAUTHORIZED
2m11s       Warning   Failed   pod/limitador-limitador-instance-without-imagepullsecrets-6799fszk2   Error: ErrImagePull
109s        Warning   Failed   pod/limitador-limitador-instance-without-imagepullsecrets-6799fszk2   Error: ImagePullBackOff

Cleanup

make local-cleanup
codecov-commenter commented 1 month ago

:warning: Please install the 'codecov app svg image' to ensure uploads and comments are reliably processed by Codecov.

Codecov Report

Attention: Patch coverage is 77.41935% with 7 lines in your changes missing coverage. Please review.

Project coverage is 83.94%. Comparing base (de60fb3) to head (347991e).

Files with missing lines Patch % Lines
pkg/reconcilers/deployment.go 44.44% 5 Missing :warning:
controllers/limitador_controller.go 84.61% 2 Missing :warning:
Additional details and impacted files ```diff @@ Coverage Diff @@ ## main #160 +/- ## ========================================== - Coverage 84.90% 83.94% -0.97% ========================================== Files 19 19 Lines 994 1009 +15 ========================================== + Hits 844 847 +3 - Misses 97 106 +9 - Partials 53 56 +3 ``` | [Flag](https://app.codecov.io/gh/Kuadrant/limitador-operator/pull/160/flags?src=pr&el=flags&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=Kuadrant) | Coverage Δ | | |---|---|---| | [integration](https://app.codecov.io/gh/Kuadrant/limitador-operator/pull/160/flags?src=pr&el=flag&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=Kuadrant) | `77.99% <77.41%> (-0.88%)` | :arrow_down: | | [unit](https://app.codecov.io/gh/Kuadrant/limitador-operator/pull/160/flags?src=pr&el=flag&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=Kuadrant) | `65.67% <50.00%> (-0.84%)` | :arrow_down: | Flags with carried forward coverage won't be shown. [Click here](https://docs.codecov.io/docs/carryforward-flags?utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=Kuadrant#carryforward-flags-in-the-pull-request-comment) to find out more. | [Components](https://app.codecov.io/gh/Kuadrant/limitador-operator/pull/160/components?src=pr&el=components&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=Kuadrant) | Coverage Δ | | |---|---|---| | [api/v1alpha1 (u)](https://app.codecov.io/gh/Kuadrant/limitador-operator/pull/160/components?src=pr&el=component&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=Kuadrant) | `100.00% <ø> (ø)` | | | [pkg/helpers (u)](https://app.codecov.io/gh/Kuadrant/limitador-operator/pull/160/components?src=pr&el=component&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=Kuadrant) | `83.87% <ø> (ø)` | | | [pkg/log (u)](https://app.codecov.io/gh/Kuadrant/limitador-operator/pull/160/components?src=pr&el=component&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=Kuadrant) | `94.73% <ø> (ø)` | | | [pkg/reconcilers (u)](https://app.codecov.io/gh/Kuadrant/limitador-operator/pull/160/components?src=pr&el=component&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=Kuadrant) | `73.52% <44.44%> (-1.15%)` | :arrow_down: | | [pkg/limitador (u)](https://app.codecov.io/gh/Kuadrant/limitador-operator/pull/160/components?src=pr&el=component&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=Kuadrant) | `98.11% <100.00%> (+<0.01%)` | :arrow_up: | | [controllers (i)](https://app.codecov.io/gh/Kuadrant/limitador-operator/pull/160/components?src=pr&el=component&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=Kuadrant) | `73.11% <84.61%> (-1.89%)` | :arrow_down: | | [pkg/upgrades](https://app.codecov.io/gh/Kuadrant/limitador-operator/pull/160/components?src=pr&el=component&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=Kuadrant) | `88.88% <ø> (ø)` | | | [Files with missing lines](https://app.codecov.io/gh/Kuadrant/limitador-operator/pull/160?dropdown=coverage&src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=Kuadrant) | Coverage Δ | | |---|---|---| | [api/v1alpha1/limitador\_types.go](https://app.codecov.io/gh/Kuadrant/limitador-operator/pull/160?src=pr&el=tree&filepath=api%2Fv1alpha1%2Flimitador_types.go&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=Kuadrant#diff-YXBpL3YxYWxwaGExL2xpbWl0YWRvcl90eXBlcy5nbw==) | `100.00% <ø> (ø)` | | | [pkg/limitador/deployment\_options.go](https://app.codecov.io/gh/Kuadrant/limitador-operator/pull/160?src=pr&el=tree&filepath=pkg%2Flimitador%2Fdeployment_options.go&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=Kuadrant#diff-cGtnL2xpbWl0YWRvci9kZXBsb3ltZW50X29wdGlvbnMuZ28=) | `100.00% <100.00%> (ø)` | | | [pkg/limitador/k8s\_objects.go](https://app.codecov.io/gh/Kuadrant/limitador-operator/pull/160?src=pr&el=tree&filepath=pkg%2Flimitador%2Fk8s_objects.go&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=Kuadrant#diff-cGtnL2xpbWl0YWRvci9rOHNfb2JqZWN0cy5nbw==) | `96.87% <100.00%> (+0.01%)` | :arrow_up: | | [controllers/limitador\_controller.go](https://app.codecov.io/gh/Kuadrant/limitador-operator/pull/160?src=pr&el=tree&filepath=controllers%2Flimitador_controller.go&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=Kuadrant#diff-Y29udHJvbGxlcnMvbGltaXRhZG9yX2NvbnRyb2xsZXIuZ28=) | `69.95% <84.61%> (-2.53%)` | :arrow_down: | | [pkg/reconcilers/deployment.go](https://app.codecov.io/gh/Kuadrant/limitador-operator/pull/160?src=pr&el=tree&filepath=pkg%2Freconcilers%2Fdeployment.go&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=Kuadrant#diff-cGtnL3JlY29uY2lsZXJzL2RlcGxveW1lbnQuZ28=) | `95.37% <44.44%> (-4.63%)` | :arrow_down: |