air gapped installation: install option like --registry for prometheus image #3204
Comments
|
Sounds to me like a specific enough case to be addressed through a Helm variable or kustomize. |
|
@kellermaennchen Sounds like you have access to GCR? If you access to GCR isn't limited to only Alternately, there is Helm and Kustomize, as @alpeb suggested. The reason why we are hesitant to add yet another CLI option is so that we can maintain a sane list of configuration. Let us know if any of these alternatives will work for you. |
|
@ihcsim No I don't have access to GCR from my k8s cluster therefore the mirror is not an option. Because of that I used the --registry option and pointed it to my local registry. This worked fine except for the prometheus image. |
|
@kellermaennchen The Helm chart landed in With Helm, all you need to do is to modify the |
|
Thanks @ihcsim ! I will give it a try and share my feedback. |
|
I have the same problem, I changed the installation command to |
|
This would be a great first PR! |
|
Hi @grampelberg I'd like to take this up |
|
@christyjacob4 I think that you can implement this in the same way that the
One way that the prometheus image is different from the grafana image is that the prometheus image uses a specific version, so you may need to take this in to consideration as well. |
|
@cpretzer thank you for the insight . |
|
@cpretzer How do you want the versioning of the prometheus image to be handled? |
|
We should continue to use the versioning pattern that we use now, which is to pin Prometheus to a particular version. Currently, that is 2.15.1: https://github.com/linkerd/linkerd2/blob/master/charts/linkerd2/values.yaml#L131 We pin the version because we want to ensure compatibility and stability, and we will continue to test against new versions of Prometheus as they are released. With regard to the install command, have a look at the You'll see that there are a few of flags related to images: So, if we think through a solution that matches this pattern, it would be to add a flag like Let me know if you have questions. |
|
Thank you @cpretzer That seems to clear a lot of my doubts. I read through the code for install command and I found usages of --registry (dockerRegistry) in root.go and install.go Also, Since you mentioned about the syntax of the prometheus image, I was thinking of adding a regex Check in root.go along with the following condition if options.prometheusRegistry != "" && !alphaNumDashDotSlashColon.MatchString(options.prometheusRegistry) {
return fmt.Errorf("%s is not a valid Prometheus registry. The url can contain only letters, numbers, dash, dot, slash and colon", options.prometheusRegistry)
}Is that the expected way to do it? If yes, please give me an example of an input to Thanks again |
|
@christyjacob4 Can you please create a draft PR on the work that you are planning, so that we can provide better feedback? :) Also, I think we don't need to have a separate Once this is done, To make it more flexible we can have the |
|
@Pothulapati Please take a look at my draft |
|
@Pothulapati Regarding your suggestion, what if the user wants to fetch prometheus image from a different registry as opposed to grafana ? |
|
@christyjacob4 that's a valid concern, but we can't keep adding registry flags for every image and for all use cases. They can always kustomize or other tools for unique/edge cases like that. But supporting a common use case of having a registry flag that they can use for all images is important, and that's what we should be solving. |
|
@Pothulapati Thanks for the clarification :) |
|
I agree with @Pothulapati <https://github.com/Pothulapati> here. I don’t
see a need to use a registry other than the official one.
If we did, that would require more extensive testing.
…On Tue, Feb 11, 2020 at 20:55 Christy Jacob ***@***.***> wrote:
@Pothulapati <https://github.com/Pothulapati> Thanks for the
clarification :)
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#3204?email_source=notifications&email_token=AAXFPRYZCEJ7ULM2TKPNRNDRCN6LDA5CNFSM4IKAJGOKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOELPNKMA#issuecomment-585028912>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAXFPR6WTMXAYRYWDE5AXA3RCN6LDANCNFSM4IKAJGOA>
.
|
|
I think this can be closed in light of the merged PR |
Feature Request
Add another option like the --registry option to the linkerd install CLI command which specifies from which registry the prometheus image should be pulled
What problem are you trying to solve?
Air gapped installation: In secure On-Prem k8s installations internet access is not an option
How should the problem be solved?
By adding another option like the --registry option to the linkerd install CLI command
What do you want to happen? Add any considered drawbacks.
I want the prometheus image to be pulled from another (private) registry and not only from DockerHub
Any alternatives you've considered?
Add the prometheus image to the linkerd registry ("gcr.io/linkerd-io")
Is there another way to solve this problem that isn't as good a solution?
Add the prometheus image to the linkerd registry ("gcr.io/linkerd-io")
How would users interact with this feature?
Through the linkerd install CLI command
If you can, explain how users will be able to use this. Maybe some sample CLI
output?
linkerd install --registry some.registry --promregistry another.registry | kubectl apply -f -
The text was updated successfully, but these errors were encountered: