jacobweinstock
commented
1 year ago This has gone stale and i believe all of this functionality now exists. Please re-open if you feel otherwise or would like to revisit this. Thank you!
Closed ptrivedi closed 1 year ago
jacobweinstock
commented
1 year ago This has gone stale and i believe all of this functionality now exists. Please re-open if you feel otherwise or would like to revisit this. Thank you!
This change makes registry certificate hosting URL and tink-worker image name:tag configurable. It also adds a check for whether registry certificate is required and allow for absolute URIs to be specified for action images in workflow template.
If you are using a registry with a self-signed certificate, you can specify a custom URL of where the certificate is hosted. On boots, use extra-kernel-args command-line parameter to specify a kernel argument with key 'registry_cert_url' and value set to the URL location for registry CA certificate. Boots will pass this as a kernel command-line parameter to Hook
In order to specify a custom absolute URI name:tag for tink-worker image instead of defaulting to the hardcoded default of 'tink-worker:latest', use the extra-kernel-args command-line parameter on Boots to specify a kernel argument with key 'tink_worker_image' and value set to the absolute URI of tink-worker image. Boots passes this to hook as a kernel command-line parameter
If you are using a public registry with trusted CA certificate, bootkit and tink-docker do not need to download and setup registry certificate. Use extra-kernel-args command-line parameter on Boots to set a kernel parameter with key 'registry_cert_required' and value set to 'true' or 'false' to indicate this. Since we are making local registry optional, we need to make the certificate download and setup optional
Currently the tink-worker code always prepends the specified docker_registry to the action images specified in the tinkerbell action template. The newly added use_absolute_action_image_uri allows specifying the full URI for the action image in the template and prevents the hardcoded prepending of the registry to these. This allows action images to potentially reside in different registries. Pass this kernel as the key=value kernel parameter from Boots to Hook as explained above. Value would be set to 'true' or 'false'
Description
Why is this needed
Fixes: #
How Has This Been Tested?
How are existing users impacted? What migration steps/scripts do we need?
Checklist:
I have: