search

thoth-station / jupyternb-build-pipeline

Openshift-pipelines and tekton based pipeline for packaging jupyternb in to image.
3 stars 6 forks source link

Evaluate migration of images from Upshift central repository to some other location. #2

Closed tumido closed 3 years ago

tumido commented 4 years ago

Follow up to an email thread

We may need to consider migration of our produced images from the internal Upshift repository to somewhere else. Mind that the produced images may contain sensitive internal data, so they can't land on public Quay repos.

Reference

Hi All,
Thanks for your input so far.  I have added responses in red below.

Maneesh Mehra (CVP):  Thanks for bringing this to the CVP team's attention. We currently use this registry to store our sanity tests image. I have opened https://projects.engineering.redhat.com/browse/CVP-1184 for the CVP team to work on this migration. Do you want to give us a sense of urgency on this ?
Ideally by the end of September 2020, and definitely by the end of December 2020.  

Mike Bonnet (ic3):  We have internal images that are not suitable for public repos. Is there a process for requesting private quay.io repos? Is there guidance about creating a new org, or using an existing one? Note that the current "redhat" org is no longer available for general use.
We have some notes/guidelines that we can update and then point you to.

Mark Eastman (QE):  Pavel may have more details than I but we use these systems to test software before it is released so I am not sure if we can push the images to quay.io during the test phases.
We will look to see if there are other registries at Red Hat that are not in Production, that folks could use.

Regards,
Jeff
Hi Teams,
We are having challenges maintaining the centralized registry with our current capacity.  This central registry at docker-registry.upshift.redhat.com is not a production service, and has low/no SLA.  Going forward, we recommend using quay.io for critical workflows.  If using quay.io is not possible, can you tell us why it is not possible for your team?  In addition, if using quay.io is not possible, what would you suggest as requirements for an 'internal' central registry?

Thanks,
Jeff
tumido commented 4 years ago

cc @harshad16 @4n4nd

4n4nd commented 4 years ago

i think the issue will be with setting up credentials to access from private quay repos and updating every image inside Internal DataHub

harshad16 commented 4 years ago

can we get private organization on quay.io ? as a normal organization gets one free private repository, if we can get an organization that can have private repositories, we can set up a bot on quay.io repo and that would help us in the push and pull of the image.

tumido commented 4 years ago

@durandom @goern do we have any Quay orgs with private repos in AICoE available as of now? Private repos are not for free with Quay. We might end up spending some :dollar: :moneybag:

https://quay.io/organizations/new/

image

goern commented 4 years ago

Well, we have redhat as a private org on quay, but this comes with a lot of requirements...

would we go with a micro plan?

sesheta commented 3 years ago

Issues go stale after 90d of inactivity. Mark the issue as fresh with /remove-lifecycle stale. Stale issues rot after an additional 30d of inactivity and eventually close.

If this issue is safe to close now please do so with /close.

/lifecycle stale

sesheta commented 3 years ago

Stale issues rot after 30d of inactivity. Mark the issue as fresh with /remove-lifecycle rotten. Rotten issues close after an additional 30d of inactivity.

If this issue is safe to close now please do so with /close.

/lifecycle rotten

sesheta commented 3 years ago

Rotten issues close after 30d of inactivity. Reopen the issue with /reopen. Mark the issue as fresh with /remove-lifecycle rotten.

/close

sesheta commented 3 years ago

@sesheta: Closing this issue.

In response to [this](https://github.com/thoth-station/jupyternb-build-pipeline/issues/2#issuecomment-869229863): >Rotten issues close after 30d of inactivity. >Reopen the issue with `/reopen`. >Mark the issue as fresh with `/remove-lifecycle rotten`. > >/close Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes/test-infra](https://github.com/kubernetes/test-infra/issues/new?title=Prow%20issue:) repository.