-
Notifications
You must be signed in to change notification settings - Fork 144
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix: allow usage of local image archives again #2303
base: main
Are you sure you want to change the base?
Conversation
✅ Deploy Preview for zarf-docs ready!
To edit notification comments on pull requests, go to your Netlify site configuration. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is a good start (and likely all tests will pass currently) but this won't entirely resolve the issue - zarf package create
will work fine, but zarf package deploy
will fail. See the below example (after this patch was applied):
kind: ZarfPackageConfig
metadata:
name: dos-games
description: Simple example to load classic DOS games into K8s in the airgap
version: 1.0.0
components:
- name: baseline
required: true
manifests:
- name: multi-games
namespace: dos-games
files:
- manifests/deployment.yaml
- manifests/service.yaml
images:
- image.tar
actions:
onDeploy:
after:
- wait:
cluster:
kind: deployment
name: game
namespace: dos-games
condition: available
(The image was generated with the following:)
docker pull defenseunicorns/zarf-game:multi-tile-dark
docker save defenseunicorns/zarf-game:multi-tile-dark > examples/dos-games/image.tar
(note that the SBOMs say 0 images / that there is no SBOM - if an image was pulled properly this would not be showing - the image should pull on create and be properly referenced to push into the cluster on deploy)
Would be good to add something like the above as a test case under |
@Racer159 I have updated the code to properly pull the image on create, and archives the package as required, upon checking inside the zarf package tar I am also able to see the layers for the images whereas before it was empty On the other hand while I trying to deploy the zarf package the image is referenced as the I get the following error on attempting a deployment. One error which stands out is the login error to the registry. I understand that the image is pushed to the Zarf registry in the airgapped cluster before the package is deployed. I am currently trying to figure out the mutation for the image reference so that it is pushed correctly and to the cluster and inspecting the error regarding registry login. |
@Racer159 The latest changes in this patch fix the bug and both package create and deploy command work as expected. |
@Racer159 The PR is updated with a e2e test now, can we enable the CI on this PR ? |
working through the tests |
src/internal/packager/images/push.go
Outdated
@@ -31,6 +31,7 @@ func (i *ImageConfig) PushToZarfRegistry() error { | |||
var totalSize int64 | |||
// Build an image list from the references | |||
for _, refInfo := range i.ImageList { | |||
message.Debug("Loading image", refInfo) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is an uneeded debug statement
message.Debug("Loading image", refInfo) |
src/pkg/transform/image.go
Outdated
out.Host = "docker.io" | ||
out.Name = srcReference | ||
out.Path = fmt.Sprintf("%s/%s/%s", out.Host, "library", strings.TrimSuffix(srcReference, ".tar")) | ||
out.Reference = srcReference |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Editing the reference like this won't result in a proper image reference in the end - while the package will create, the org.opencontainers.image.base.name
remains "zarf-game.tar"
inside images/index.json
within the zarf package.
This is loaded on deploy successfully but then when pushed converts into docker.io/library/zarf-game
which does not match the defenseunicorns/zarf-game:multi-tile-dark
the tarball was made from. This means that the Deployment will never pull the image and will be in an image pull backoff state:
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
For this, the zarf.yaml
image reference may need to be modified to turn zarf-game.tar
into defenseunicorns/zarf-game:multi-tile-dark
after pulling it
ok got it, working through the other notes |
Yep, the onCreate before action would make the tarball just in time before it was needed for the image pull. |
@Racer159 ready to review I changed the name and path in the reference because of which the deploy stopped working after pushing the latest commits, now the deploy works well again |
seems like the windows binary test is flaking, can we run that test again ? |
a check in create_stages during package creation tries to parses references for the images provided for components in the zarf.yaml config. By default the reference parsing assumes that the source of the image is that of a container registry. If the image is a tarball instead, the reference parser errors out. Check if the image reference is that of a tarball and skips the reference check if it is so allowing the image to be loaded by the cli. Signed-off-by: Vibhav Bobade <vibhav.bobde@gmail.com>
src/pkg/transform/image.go
Outdated
if IsTarball(srcReference) { | ||
out.Host = "docker.io" | ||
out.Name = strings.TrimSuffix(srcReference, ".tar") | ||
out.Path = fmt.Sprintf("%s/%s/%s", out.Host, "library", out.Name) | ||
out.Reference = srcReference |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Re-commenting on this approach as the core of the issue - this will allow the package to be created but will never match the reference in the manifest.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
shall make the changes
I was able to deploy the package though created from this logic 🤔 not sure how
also the tests which I wrote for the package deploy are passing as well
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
the reason is that the cluster caches the image and this same image is used in earlier tests (hence the passes in CI as well). On a fresh cluster / registry it will fail with an ImagePullBackoff.
Note 127.0.0.1:31999/defenseunicorns/zarf-game:multi-tile-dark-zarf-805192805
differs from 127.0.0.1:31999/docker.io/library/zarf-game:latest-zarf-27383200
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
gotcha !
} | ||
|
||
return out, nil | ||
} | ||
|
||
func IsTarball(srcReference string) bool { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
lint (exported functions required comments) - see the GitHub actions check warning in the Files
tab.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
thanks for pointing it out, i'll check it
src/pkg/transform/image.go
Outdated
if IsTarball(srcReference) { | ||
out.Host = "docker.io" | ||
out.Name = strings.TrimSuffix(srcReference, ".tar") | ||
out.Path = fmt.Sprintf("%s/%s/%s", out.Host, "library", out.Name) | ||
out.Reference = srcReference |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
the reason is that the cluster caches the image and this same image is used in earlier tests (hence the passes in CI as well). On a fresh cluster / registry it will fail with an ImagePullBackoff.
Note 127.0.0.1:31999/defenseunicorns/zarf-game:multi-tile-dark-zarf-805192805
differs from 127.0.0.1:31999/docker.io/library/zarf-game:latest-zarf-27383200
@Racer159 I have updated the logic to get the image information for the image manifest in the tarball |
package create and deploy tests are also passing locally on a newly created and initiated minikube zarf instance, ptal |
@Racer159 I am running this test locally which works well. The test requires the image to be present as a tarball locally which is being done by the onCreate - before action. This works well locally but seems like the image is not accessible to the packager in the CI. |
Description
a check in create_stages during package creation tries to parses references for the images provided for components in the zarf.yaml config. By default the reference parsing assumes that the source of the image is that of a container registry. If the image is a tarball instead, the reference parser errors out.
The changes in this commit check if the image reference is that of a tarball and skips the reference check if it is so allowing the image to be loaded by the cli.
Related Issue
Fixes #2181
Type of change
Checklist before merging