From cb5f429e6e6883832409b6d2c920e7b50795cfaf Mon Sep 17 00:00:00 2001 From: fabriziopandini Date: Fri, 7 Jul 2023 16:44:40 +0200 Subject: [PATCH] Protect well know registry from accidental push during tilt up --- Tiltfile | 11 ++++++++++- docs/book/src/developer/tilt.md | 4 +++- 2 files changed, 13 insertions(+), 2 deletions(-) diff --git a/Tiltfile b/Tiltfile index 43dab96d2b18..7c70a57adcc1 100644 --- a/Tiltfile +++ b/Tiltfile @@ -42,7 +42,16 @@ os_arch = str(local("go env GOARCH")).rstrip("\n") if settings.get("trigger_mode") == "manual": trigger_mode(TRIGGER_MODE_MANUAL) -if settings.get("default_registry") != "": +usingLocalRegistry = str(local(kubectl_cmd + " get cm -n kube-public local-registry-hosting || true", quiet = True)) +if not usingLocalRegistry: + if settings.get("default_registry", "") == "": + fail("default_registry is required when not using a local registry, please add it to your tilt-settings.yaml/json") + + protectedRegistries = ["gcr.io/k8s-staging-cluster-api"] + if settings.get("default_registry") in protectedRegistries: + fail("current default_registry '{}' is protected, tilt cannot push images to it. Please select another default_registry in your tilt-settings.yaml/json".format(settings.get("default_registry"))) + +if settings.get("default_registry", "") != "": default_registry(settings.get("default_registry")) always_enable_providers = ["core"] diff --git a/docs/book/src/developer/tilt.md b/docs/book/src/developer/tilt.md index 308aa597aeb7..f6c43299119a 100644 --- a/docs/book/src/developer/tilt.md +++ b/docs/book/src/developer/tilt.md @@ -69,8 +69,10 @@ If you prefer JSON, you can create a `tilt-settings.json` file instead. YAML wil **allowed_contexts** (Array, default=[]): A list of kubeconfig contexts Tilt is allowed to use. See the Tilt documentation on [allow_k8s_contexts](https://docs.tilt.dev/api.html#api.allow_k8s_contexts) for more details. -**default_registry** (String, default=""): The image registry to use if you need to push images. See the [Tilt +**default_registry** (String, default=[]): The image registry to use if you need to push images. See the [Tilt documentation](https://docs.tilt.dev/api.html#api.default_registry) for more details. +Please note that, in case you are not using a local registry, this value is required; additionally, the Cluster API +Tiltfile protects you from accidental push on `gcr.io/k8s-staging-cluster-api`. **build_engine** (String, default="docker"): The engine used to build images. Can either be `docker` or `podman`. NB: the default is dynamic and will be "podman" if the string "Podman Engine" is found in `docker version` (or in `podman version` if the command fails).