fix: allow usage of local image archives again #2303
Conversation
✅ Deploy Preview for zarf-docs ready!
To edit notification comments on pull requests, go to your Netlify site configuration. |
waveywaves
requested review from
jeff-mccoy,
Racer159,
Noxsios and
lucasrod16
as code owners
waveywaves
changed the title
There was a problem hiding this comment.
This is a good start (and likely all tests will pass currently) but this won't entirely resolve the issue - zarf package create will work fine, but zarf package deploy will fail. See the below example (after this patch was applied):
kind: ZarfPackageConfig
metadata:
name: dos-games
description: Simple example to load classic DOS games into K8s in the airgap
version: 1.0.0
components:
- name: baseline
required: true
manifests:
- name: multi-games
namespace: dos-games
files:
- manifests/deployment.yaml
- manifests/service.yaml
images:
- image.tar
actions:
onDeploy:
after:
- wait:
cluster:
kind: deployment
name: game
namespace: dos-games
condition: available(The image was generated with the following:)
docker pull defenseunicorns/zarf-game:multi-tile-dark
docker save defenseunicorns/zarf-game:multi-tile-dark > examples/dos-games/image.tar
zarf package create:
zarf package deploy:
(note that the SBOMs say 0 images / that there is no SBOM - if an image was pulled properly this would not be showing - the image should pull on create and be properly referenced to push into the cluster on deploy)
|
Would be good to add something like the above as a test case under |
Madeline-UX
requested review from
Madeline-UX
and removed request for
Madeline-UX
|
@Racer159 I have updated the code to properly pull the image on create, and archives the package as required, upon checking inside the zarf package tar I am also able to see the layers for the images whereas before it was empty
On the other hand while I trying to deploy the zarf package the image is referenced as the
I get the following error on attempting a deployment. One error which stands out is the login error to the registry.
I understand that the image is pushed to the Zarf registry in the airgapped cluster before the package is deployed. I am currently trying to figure out the mutation for the image reference so that it is pushed correctly and to the cluster and inspecting the error regarding registry login. |
|
@Racer159 The latest changes in this patch fix the bug and both package create and deploy command work as expected. |
waveywaves
changed the title
|
@Racer159 The PR is updated with a e2e test now, can we enable the CI on this PR ? |
|
working through the tests |
src/internal/packager/images/push.go
Outdated
| @@ -31,6 +31,7 @@ func (i *ImageConfig) PushToZarfRegistry() error { | |||
| var totalSize int64 | |||
| // Build an image list from the references | |||
| for _, refInfo := range i.ImageList { | |||
| message.Debug("Loading image", refInfo) | |||
There was a problem hiding this comment.
This is an uneeded debug statement
| message.Debug("Loading image", refInfo) |
src/pkg/transform/image.go
Outdated
| out.Host = "docker.io" | ||
| out.Name = srcReference | ||
| out.Path = fmt.Sprintf("%s/%s/%s", out.Host, "library", strings.TrimSuffix(srcReference, ".tar")) | ||
| out.Reference = srcReference |
There was a problem hiding this comment.
Editing the reference like this won't result in a proper image reference in the end - while the package will create, the org.opencontainers.image.base.name remains "zarf-game.tar" inside images/index.json within the zarf package.
This is loaded on deploy successfully but then when pushed converts into docker.io/library/zarf-game which does not match the defenseunicorns/zarf-game:multi-tile-dark the tarball was made from. This means that the Deployment will never pull the image and will be in an image pull backoff state:
There was a problem hiding this comment.
What needs to happen is that the image reference in the tarball needs to be parsed from it's manifest.json:
(you can see this if you vim into it, and it is accessible when the tarball is loaded with crane)
There was a problem hiding this comment.
For this, the zarf.yaml image reference may need to be modified to turn zarf-game.tar into defenseunicorns/zarf-game:multi-tile-dark after pulling it
|
ok got it, working through the other notes |
Yep, the onCreate before action would make the tarball just in time before it was needed for the image pull. |
|
@Racer159 ready to review I changed the name and path in the reference because of which the deploy stopped working after pushing the latest commits, now the deploy works well again |
|
seems like the windows binary test is flaking, can we run that test again ? |
a check in create_stages during package creation tries to parses references for the images provided for components in the zarf.yaml config. By default the reference parsing assumes that the source of the image is that of a container registry. If the image is a tarball instead, the reference parser errors out. Check if the image reference is that of a tarball and skips the reference check if it is so allowing the image to be loaded by the cli. Signed-off-by: Vibhav Bobade <vibhav.bobde@gmail.com>
src/pkg/transform/image.go
Outdated
| if IsTarball(srcReference) { | ||
| out.Host = "docker.io" | ||
| out.Name = strings.TrimSuffix(srcReference, ".tar") | ||
| out.Path = fmt.Sprintf("%s/%s/%s", out.Host, "library", out.Name) | ||
| out.Reference = srcReference |
There was a problem hiding this comment.
Re-commenting on this approach as the core of the issue - this will allow the package to be created but will never match the reference in the manifest.
There was a problem hiding this comment.
shall make the changes
I was able to deploy the package though created from this logic 🤔 not sure how
also the tests which I wrote for the package deploy are passing as well
There was a problem hiding this comment.
the reason is that the cluster caches the image and this same image is used in earlier tests (hence the passes in CI as well). On a fresh cluster / registry it will fail with an ImagePullBackoff.
Note 127.0.0.1:31999/defenseunicorns/zarf-game:multi-tile-dark-zarf-805192805 differs from 127.0.0.1:31999/docker.io/library/zarf-game:latest-zarf-27383200
| } | ||
|
|
||
| return out, nil | ||
| } | ||
|
|
||
| func IsTarball(srcReference string) bool { |
There was a problem hiding this comment.
lint (exported functions required comments) - see the GitHub actions check warning in the Files tab.
There was a problem hiding this comment.
thanks for pointing it out, i'll check it
src/pkg/transform/image.go
Outdated
| if IsTarball(srcReference) { | ||
| out.Host = "docker.io" | ||
| out.Name = strings.TrimSuffix(srcReference, ".tar") | ||
| out.Path = fmt.Sprintf("%s/%s/%s", out.Host, "library", out.Name) | ||
| out.Reference = srcReference |
There was a problem hiding this comment.
the reason is that the cluster caches the image and this same image is used in earlier tests (hence the passes in CI as well). On a fresh cluster / registry it will fail with an ImagePullBackoff.
Note 127.0.0.1:31999/defenseunicorns/zarf-game:multi-tile-dark-zarf-805192805 differs from 127.0.0.1:31999/docker.io/library/zarf-game:latest-zarf-27383200
|
@Racer159 I have updated the logic to get the image information for the image manifest in the tarball |
|
package create and deploy tests are also passing locally on a newly created and initiated minikube zarf instance, ptal |
|
@Racer159 I am running this test locally which works well. The test requires the image to be present as a tarball locally which is being done by the onCreate - before action. This works well locally but seems like the image is not accessible to the packager in the CI. |
Description
a check in create_stages during package creation tries to parses references for the images provided for components in the zarf.yaml config. By default the reference parsing assumes that the source of the image is that of a container registry. If the image is a tarball instead, the reference parser errors out.
The changes in this commit check if the image reference is that of a tarball and skips the reference check if it is so allowing the image to be loaded by the cli.
Related Issue
Fixes #2181
Type of change
Checklist before merging