search

rancher / fleet

Deploy workloads from Git to large fleets of Kubernetes clusters
https://fleet.rancher.io/
Apache License 2.0
1.5k stars 225 forks source link

Problem with imageScans - long time between new image and repo changes #2186

Open exodus1984 opened 6 months ago

exodus1984 commented 6 months ago

Is there an existing issue for this?

Current Behavior

I spent many hours trying to figure out why image replacement wasn't working for me. Upset, I went for coffee - came back - and saw that the image had magically changed, but after a long time. IMO, this solution is not good for CI/CD - CI works quickly, I have the image almost immediately. Then the developer has to wait about 10-15 minutes for the image to be replaced in the deployment? At this point I assume I'm doing something very wrong. Unfortunately, the documentation is unsatisfactory (https://fleet.rancher.io/imagescan)

my fleet.yaml

namespace: test-mc
imageScans:
- policy:
    semver:
      range: "*"
  image: "registry.example.com/kubernetes/mc1"
  tagName: v1
  secretRef:
    name: registry-ro
  interval: 30s

gitrepo.yaml (yes - apis/fleet.cattle.io/v1alpha1 is ok - without "apis" it doesn't work)

apiVersion: apis/fleet.cattle.io/v1alpha1
kind: GitRepo
metadata:
  name: mc1-fleet-gitrepo
  namespace: fleet-default
spec:
  repo: git@gitlab.example.com:blabla/mc1-fleet.git
  imageScanInterval: 1m
  clientSecretName: mc1-fleet-imagescan-rw 
  imageScanCommit:
    authorName: ImageScan
    authorEmail: foo@example.com
    messageTemplate: "ImageScan update image"

I push to the registry - imagescan shows me the new version after a while (at that time, version v14 was in deployment and registry)

imagescan.fleet.cattle.io/imagescan-mc1-manifests-0   registry.example.com/kubernetes/mc1   v15

And that's it - I wait (even) 15 minutes for the changes to appear in the target repo and for the changes to be uploaded to the cluster

My config: RKE2 v1.27.10+rke2r1 fleet:v0.9.0 gitjob:v0.1.96 rancher:v2.8.0

General question: how to increase the frequency of image changes in the target repo

If you need any more information, pls let me know

Expected Behavior

Ability to control how often the target repo is updated (preferably after detecting a new image)

Steps To Reproduce

No response

Environment

RKE2  v1.27.10+rke2r1 
fleet:v0.9.0
gitjob:v0.1.96
rancher:v2.8.0

Logs

No response

Anything else?

No response

manno commented 5 months ago

Can you retry with https://github.com/rancher/fleet/releases/tag/v0.9.2?