Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Include cred helpers in keychain #581

Merged
merged 1 commit into from
Feb 8, 2022
Merged

Include cred helpers in keychain #581

merged 1 commit into from
Feb 8, 2022

Conversation

imjasonh
Copy link
Member

@imjasonh imjasonh commented Feb 3, 2022

This adds implicit support for Google, Amazon, Azure and GitHub container registries if the environment provides credentials.

Binary size increases from 22 MB -> 26 MB

@codecov-commenter
Copy link

codecov-commenter commented Feb 3, 2022
edited
Loading

Codecov Report

Merging #581 (c7f5b5d) into main (1425e4b) will not change coverage.
The diff coverage is 33.33%.

Impacted file tree graph

@@           Coverage Diff           @@
##             main     #581   +/-   ##
=======================================
  Coverage   48.58%   48.58%           
=======================================
  Files          43       43           
  Lines        2221     2221           
=======================================
  Hits         1079     1079           
  Misses        956      956           
  Partials      186      186
Impacted Files Coverage Δ
pkg/commands/deps.go 15.18% <0.00%> (ø)
pkg/commands/resolver.go 30.69% <0.00%> (ø)
pkg/commands/config.go 54.54% <100.00%> (ø)

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 1425e4b...c7f5b5d. Read the comment docs.

@imjasonh
Copy link
Member Author

imjasonh commented Feb 3, 2022

lol: https://github.com/google/ko/runs/5045688219?check_suite_focus=true

Pulling distroless attempts to use gcloud auth, which is not configured, so it fails closed, instead of falling back to trying anonymous, which would succeed. 🤔

@imjasonh
Include cred helpers in keychain
eb157b2 
This adds implicit support for Google, Amazon, Azure and GitHub
container registries if the environment provides credentials.

Binary size increases from 22 MB -> 26 MB
@imjasonh imjasonh mentioned this pull request Feb 8, 2022
Closed
@imjasonh
Copy link
Member Author

imjasonh commented Feb 8, 2022

This should be RFAL now.

mattmoor
mattmoor approved these changes Feb 8, 2022
View reviewed changes
Copy link
Collaborator

@mattmoor mattmoor left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🤩

@imjasonh imjasonh merged commit 89ede91 into ko-build:main Feb 8, 2022
@imjasonh imjasonh mentioned this pull request Feb 9, 2022
Closed
@chaodaiG chaodaiG mentioned this pull request Feb 23, 2022
Closed
chaodaiG added a commit to chaodaiG/test-infra that referenced this pull request Mar 14, 2022
@chaodaiG
Prow jobs respect default entrypoints
fb5bb17 
Supercedes kubernetes#25383, where in kubernetes#25383 the logic is in the pod where tests run, the problem there is that imagePullSecret defined on job pod is not accessible, which limits it's use case. The other problem is that the containers inside a test pod are not aware of the image they are from, so it's a little bit weird to let them know about it.

This PR moves the logic to plank, which feels more natural

-----------------------------
This is an unfortunate fact of prow, that user need to explictly set the entrypoint.

The migration of prow images from being built with bazel to ko introduced a side effect of all prow jobs that use gcr.io/k8s-prow images, such as robots/comment, robots/pr-creator etc. would fail due to the location of default entrypoint change. It would be trivial amount of work to update the binary location in prow jobs definition, but would like to use this opportunity to try to get this fixed.

(This PR was an effort baked on top of separate offline brainstorming with @cjwagner and @BenTheElder )
(The entrypoint extraction and docker auth parts were mainly from @imjasonh's work at ko-build/ko#581)
chaodaiG added a commit to chaodaiG/test-infra that referenced this pull request Mar 14, 2022
@chaodaiG
Prow jobs respect default entrypoints
5458d9f 
Supercedes kubernetes#25383, where in kubernetes#25383 the logic is in the pod where tests run, the problem there is that imagePullSecret defined on job pod is not accessible, which limits it's use case. The other problem is that the containers inside a test pod are not aware of the image they are from, so it's a little bit weird to let them know about it.

This PR moves the logic to plank, which feels more natural

-----------------------------
This is an unfortunate fact of prow, that user need to explictly set the entrypoint.

The migration of prow images from being built with bazel to ko introduced a side effect of all prow jobs that use gcr.io/k8s-prow images, such as robots/comment, robots/pr-creator etc. would fail due to the location of default entrypoint change. It would be trivial amount of work to update the binary location in prow jobs definition, but would like to use this opportunity to try to get this fixed.

(This PR was an effort baked on top of separate offline brainstorming with @cjwagner and @BenTheElder )
(The entrypoint extraction and docker auth parts were mainly from @imjasonh's work at ko-build/ko#581)
@chaodaiG chaodaiG mentioned this pull request Mar 14, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mattmoor mattmoor mattmoor approved these changes

@jonjohnsonjr jonjohnsonjr Awaiting requested review from jonjohnsonjr

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@imjasonh @codecov-commenter @mattmoor