-
Notifications
You must be signed in to change notification settings - Fork 1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
genpolicy: Add optional toggle to pull images using containerd #9185
genpolicy: Add optional toggle to pull images using containerd #9185
Conversation
a4dbfb2
to
77651e6
Compare
0720ab5
to
2831777
Compare
Able to pass tests locally using |
50f253c
to
95e326a
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Could you fix your commits according to this? https://github.com/kata-containers/community/blob/main/CONTRIBUTING.md#patch-format
Yep! I'm iterating and trying changes to pass the ci tests. I'll squash those changes into a commit with correct format when I'm done |
Gotcha, I just converted this to a draft while you work on it then. Feel free to take it out of draft when it's ready! |
08c7e87
to
0c33538
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Generally, looks good and useful to me, thanks @Redent0r !
Please squash into a single commit.
tests/integration/kubernetes/runtimeclass_workloads/pod-file-volume.yaml
Outdated
Show resolved
Hide resolved
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thank you Saul! 🙂 We may have an issue with the workflow change, see my comments.
Also a few tips for this and upcoming PRs:
- Keep in mind that people will review your PRs commit by commit so keep each commit atomic: avoid adding code that is removed in a later commit.
- Add a short description to each of your commit. Not a continuation of your commit title, but something that explains the commit title. Focus on the why if it's not obvious.
- When you're applying automatted formatting changes, do that in a separate commit from an actual code change. Otherwise reviewers spend time getting distracted by purely cosmetic diff lines.
terminationGracePeriodSeconds: 0 | ||
containers: | ||
- name: nginxhttps | ||
image: "docker.io/ymqytw/nginxhttps:1.5" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I am not sure docker.io is acceptable for CI testing. Let's see if more experienced reviewers have better ideas here - I will ping them after we agree on the rest of the changes.
Looks like pod-file-volume.yaml is using docker too - so maybe it is acceptable.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
… host_os Also adds new test matrix entry. This improves test coverage for PR kata-containers#9185. Fixes: kata-containers#9384 Signed-off-by: Saul Paredes <saulparedes@microsoft.com>
30811aa
to
b73998f
Compare
|
||
export AUTO_GENERATE_POLICY="yes" | ||
|
||
# set default containerd config |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@@ -131,6 +131,9 @@ create_common_genpolicy_settings() { | |||
|
|||
# Set the default namespace of Kata CI tests in the genpolicy settings. | |||
set_namespace_to_policy_settings "${genpolicy_settings_dir}" "${TEST_CLUSTER_NAMESPACE}" | |||
|
|||
# allow genpolicy to access containerd without sudo | |||
sudo chmod a+rw /var/run/containerd/containerd.sock |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
b73998f
to
2cafed4
Compare
Add optional toggle to use existing containerd installation to pull and manage container images. This adds support to a wider set of images that are currently not supported by standard pull method, such as those that use v1 manifest. Fixes: kata-containers#9144 Signed-off-by: Saul Paredes <saulparedes@microsoft.com>
bbbed96
to
cfe6986
Compare
/test |
- Add v1 image test case - Install protobuf-compiler in build check - Reset containerd config to default in kubernetes test if we are testing genpolicy - Update docker_credential crate - Add test that uses default pull method - Use GENPOLICY_PULL_METHOD in test Signed-off-by: Saul Paredes <saulparedes@microsoft.com>
cfe6986
to
51498ba
Compare
/test |
Fixes: #9144
Add an optional flag that allows you to use existing containerd installation to pull and manage images.
This improvement will:
bprashanth/nginxhttps:1.0
application/vnd.docker.distribution.manifest.v1+prettyjws
from imageregistry.k8s.io/galera-install:0.1