mirror of
https://github.com/ceph/ceph-csi.git
synced 2024-11-30 02:00:19 +00:00
ci: add configuration for the proxy/mirror registry
This makes it possible to pull images from Docker Hub through the local container image registry in the CI OpenShift deployment. The registry in the CI is configured with the 'cephcsibot' account so that pulling images is accounted towards the account, and not anonymous consumers within the whole CentOS CI. There should be no need to manually sync the images between the local registry and Docker Hub anymore. Signed-off-by: Niels de Vos <ndevos@redhat.com>
This commit is contained in:
parent
6a7e6c841f
commit
5ae8fb7c9b
17
container-registry.conf
Normal file
17
container-registry.conf
Normal file
@ -0,0 +1,17 @@
|
|||||||
|
# /etc/containers/registries.conf
|
||||||
|
#
|
||||||
|
# This file contains the registry that is hosted in the CentOS CI OpenShift
|
||||||
|
# deployment for Ceph-CSI.
|
||||||
|
#
|
||||||
|
# By overwriting /etc/containers/registries.conf, short-names for
|
||||||
|
# container-images can NOT be used anymore.
|
||||||
|
#
|
||||||
|
# The CI jobs do a "podman login" for the local registry. Only after that, the
|
||||||
|
# local mirror is accessible.
|
||||||
|
#
|
||||||
|
|
||||||
|
[[registry]]
|
||||||
|
prefix = "docker.io"
|
||||||
|
location = "docker.io"
|
||||||
|
[[registry.mirror]]
|
||||||
|
location = "registry-ceph-csi.apps.ocp.ci.centos.org"
|
@ -19,6 +19,7 @@ def ssh(cmd) {
|
|||||||
|
|
||||||
def podman_login(registry, username, passwd) {
|
def podman_login(registry, username, passwd) {
|
||||||
ssh "podman login --authfile=~/.podman-auth.json --username=${username} --password='${passwd}' ${registry}"
|
ssh "podman login --authfile=~/.podman-auth.json --username=${username} --password='${passwd}' ${registry}"
|
||||||
|
ssh 'cp container-registry.conf /etc/containers/registries.conf'
|
||||||
}
|
}
|
||||||
|
|
||||||
def podman_pull(registry, image) {
|
def podman_pull(registry, image) {
|
||||||
@ -74,7 +75,7 @@ node('cico-workspace') {
|
|||||||
|
|
||||||
try {
|
try {
|
||||||
stage('prepare bare-metal machine') {
|
stage('prepare bare-metal machine') {
|
||||||
sh 'scp -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no ./prepare.sh root@${CICO_NODE}:'
|
sh 'scp -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no ./prepare.sh container-registry.conf root@${CICO_NODE}:'
|
||||||
// TODO: already checked out the PR on the node, scp the contents?
|
// TODO: already checked out the PR on the node, scp the contents?
|
||||||
ssh "./prepare.sh --workdir=${workdir} --gitrepo=${git_repo} --ref=${ref}"
|
ssh "./prepare.sh --workdir=${workdir} --gitrepo=${git_repo} --ref=${ref}"
|
||||||
}
|
}
|
||||||
@ -128,7 +129,7 @@ node('cico-workspace') {
|
|||||||
).trim()
|
).trim()
|
||||||
|
|
||||||
// base_image is like ceph/ceph:v15
|
// base_image is like ceph/ceph:v15
|
||||||
podman_pull(ci_registry, "${base_image}")
|
podman_pull("docker.io", "${base_image}")
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -49,6 +49,8 @@ spec:
|
|||||||
volumeMounts:
|
volumeMounts:
|
||||||
- name: container-images
|
- name: container-images
|
||||||
mountPath: /var/lib/registry
|
mountPath: /var/lib/registry
|
||||||
|
- name: config
|
||||||
|
mountPath: /etc/docker/registry
|
||||||
- name: htpasswd
|
- name: htpasswd
|
||||||
mountPath: /auth
|
mountPath: /auth
|
||||||
env:
|
env:
|
||||||
@ -62,6 +64,9 @@ spec:
|
|||||||
- name: container-images
|
- name: container-images
|
||||||
persistentVolumeClaim:
|
persistentVolumeClaim:
|
||||||
claimName: ceph-csi-image-registry
|
claimName: ceph-csi-image-registry
|
||||||
|
- name: config
|
||||||
|
secret:
|
||||||
|
secretName: container-registry-config
|
||||||
- name: htpasswd
|
- name: htpasswd
|
||||||
secret:
|
secret:
|
||||||
secretName: container-registry-auth
|
secretName: container-registry-auth
|
||||||
|
32
deploy/registry-config.yml.in
Normal file
32
deploy/registry-config.yml.in
Normal file
@ -0,0 +1,32 @@
|
|||||||
|
---
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Secret
|
||||||
|
metadata:
|
||||||
|
name: container-registry-config
|
||||||
|
labels:
|
||||||
|
app: container-registry
|
||||||
|
stringData:
|
||||||
|
# /etc/docker/registry/config.yml
|
||||||
|
config.yml: |-
|
||||||
|
version: 0.1
|
||||||
|
log:
|
||||||
|
fields:
|
||||||
|
service: registry
|
||||||
|
storage:
|
||||||
|
cache:
|
||||||
|
blobdescriptor: inmemory
|
||||||
|
filesystem:
|
||||||
|
rootdirectory: /var/lib/registry
|
||||||
|
http:
|
||||||
|
addr: :5000
|
||||||
|
headers:
|
||||||
|
X-Content-Type-Options: [nosniff]
|
||||||
|
health:
|
||||||
|
storagedriver:
|
||||||
|
enabled: true
|
||||||
|
interval: 10s
|
||||||
|
threshold: 3
|
||||||
|
proxy:
|
||||||
|
remoteurl: https://docker.io
|
||||||
|
username: @@USERNAME@@
|
||||||
|
password: @@PASSWD@@
|
@ -19,6 +19,7 @@ def ssh(cmd) {
|
|||||||
|
|
||||||
def podman_login(registry, username, passwd) {
|
def podman_login(registry, username, passwd) {
|
||||||
ssh "podman login --authfile=~/.podman-auth.json --username=${username} --password='${passwd}' ${registry}"
|
ssh "podman login --authfile=~/.podman-auth.json --username=${username} --password='${passwd}' ${registry}"
|
||||||
|
ssh 'cp container-registry.conf /etc/containers/registries.conf'
|
||||||
}
|
}
|
||||||
|
|
||||||
def podman_pull(registry, image) {
|
def podman_pull(registry, image) {
|
||||||
@ -103,7 +104,7 @@ node('cico-workspace') {
|
|||||||
if (params.ghprbPullId != null) {
|
if (params.ghprbPullId != null) {
|
||||||
ref = "pull/${ghprbPullId}/merge"
|
ref = "pull/${ghprbPullId}/merge"
|
||||||
}
|
}
|
||||||
sh 'scp -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no ./prepare.sh ./single-node-k8s.sh ./podman2minikube.sh root@${CICO_NODE}:'
|
sh 'scp -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no ./prepare.sh ./single-node-k8s.sh ./podman2minikube.sh container-registry.conf root@${CICO_NODE}:'
|
||||||
ssh "./prepare.sh --workdir=/opt/build/go/src/github.com/ceph/ceph-csi --gitrepo=${git_repo} --ref=${ref}"
|
ssh "./prepare.sh --workdir=/opt/build/go/src/github.com/ceph/ceph-csi --gitrepo=${git_repo} --ref=${ref}"
|
||||||
}
|
}
|
||||||
stage('pull base container images') {
|
stage('pull base container images') {
|
||||||
@ -117,7 +118,7 @@ node('cico-workspace') {
|
|||||||
}
|
}
|
||||||
|
|
||||||
// base_image is like ceph/ceph:v15
|
// base_image is like ceph/ceph:v15
|
||||||
podman_pull(ci_registry, "${base_image}")
|
podman_pull("docker.io", "${base_image}")
|
||||||
// cephcsi:devel is used with 'make containerized-build'
|
// cephcsi:devel is used with 'make containerized-build'
|
||||||
podman_pull(ci_registry, "ceph-csi:devel")
|
podman_pull(ci_registry, "ceph-csi:devel")
|
||||||
}
|
}
|
||||||
@ -135,7 +136,7 @@ node('cico-workspace') {
|
|||||||
|
|
||||||
if (rook_version != '') {
|
if (rook_version != '') {
|
||||||
// single-node-k8s.sh pushes the image into minikube
|
// single-node-k8s.sh pushes the image into minikube
|
||||||
podman_pull(ci_registry, "rook/ceph:${rook_version}")
|
podman_pull("docker.io", "rook/ceph:${rook_version}")
|
||||||
}
|
}
|
||||||
|
|
||||||
timeout(time: 30, unit: 'MINUTES') {
|
timeout(time: 30, unit: 'MINUTES') {
|
||||||
@ -143,9 +144,9 @@ node('cico-workspace') {
|
|||||||
}
|
}
|
||||||
|
|
||||||
// vault:latest and nginx:latest are used by the e2e tests
|
// vault:latest and nginx:latest are used by the e2e tests
|
||||||
podman_pull(ci_registry, "vault:latest")
|
podman_pull("docker.io", "vault:latest")
|
||||||
ssh "./podman2minikube.sh vault:latest"
|
ssh "./podman2minikube.sh vault:latest"
|
||||||
podman_pull(ci_registry, "nginx:latest")
|
podman_pull("docker.io", "nginx:latest")
|
||||||
ssh "./podman2minikube.sh nginx:latest"
|
ssh "./podman2minikube.sh nginx:latest"
|
||||||
}
|
}
|
||||||
stage('deploy ceph-csi through helm') {
|
stage('deploy ceph-csi through helm') {
|
||||||
|
@ -16,6 +16,7 @@ def ssh(cmd) {
|
|||||||
|
|
||||||
def podman_login(registry, username, passwd) {
|
def podman_login(registry, username, passwd) {
|
||||||
ssh "podman login --authfile=~/.podman-auth.json --username=${username} --password='${passwd}' ${registry}"
|
ssh "podman login --authfile=~/.podman-auth.json --username=${username} --password='${passwd}' ${registry}"
|
||||||
|
ssh 'cp container-registry.conf /etc/containers/registries.conf'
|
||||||
}
|
}
|
||||||
|
|
||||||
def podman_pull(registry, image) {
|
def podman_pull(registry, image) {
|
||||||
@ -100,7 +101,7 @@ node('cico-workspace') {
|
|||||||
if (params.ghprbPullId != null) {
|
if (params.ghprbPullId != null) {
|
||||||
ref = "pull/${ghprbPullId}/merge"
|
ref = "pull/${ghprbPullId}/merge"
|
||||||
}
|
}
|
||||||
sh 'scp -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no ./prepare.sh ./single-node-k8s.sh ./podman2minikube.sh root@${CICO_NODE}:'
|
sh 'scp -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no ./prepare.sh ./single-node-k8s.sh ./podman2minikube.sh container-registry.conf root@${CICO_NODE}:'
|
||||||
ssh "./prepare.sh --workdir=/opt/build/go/src/github.com/ceph/ceph-csi --gitrepo=${git_repo} --ref=${ref}"
|
ssh "./prepare.sh --workdir=/opt/build/go/src/github.com/ceph/ceph-csi --gitrepo=${git_repo} --ref=${ref}"
|
||||||
}
|
}
|
||||||
stage('pull base container images') {
|
stage('pull base container images') {
|
||||||
@ -114,7 +115,7 @@ node('cico-workspace') {
|
|||||||
}
|
}
|
||||||
|
|
||||||
// base_image is like ceph/ceph:v15
|
// base_image is like ceph/ceph:v15
|
||||||
podman_pull(ci_registry, "${base_image}")
|
podman_pull("docker.io", "${base_image}")
|
||||||
// cephcsi:devel is used with 'make containerized-build'
|
// cephcsi:devel is used with 'make containerized-build'
|
||||||
podman_pull(ci_registry, "ceph-csi:devel")
|
podman_pull(ci_registry, "ceph-csi:devel")
|
||||||
}
|
}
|
||||||
@ -132,7 +133,7 @@ node('cico-workspace') {
|
|||||||
|
|
||||||
if (rook_version != '') {
|
if (rook_version != '') {
|
||||||
// single-node-k8s.sh pushes the image into minikube
|
// single-node-k8s.sh pushes the image into minikube
|
||||||
podman_pull(ci_registry, "rook/ceph:${rook_version}")
|
podman_pull("docker.io", "rook/ceph:${rook_version}")
|
||||||
}
|
}
|
||||||
|
|
||||||
timeout(time: 30, unit: 'MINUTES') {
|
timeout(time: 30, unit: 'MINUTES') {
|
||||||
@ -140,9 +141,9 @@ node('cico-workspace') {
|
|||||||
}
|
}
|
||||||
|
|
||||||
// vault:latest and nginx:latest are used by the e2e tests
|
// vault:latest and nginx:latest are used by the e2e tests
|
||||||
podman_pull(ci_registry, "vault:latest")
|
podman_pull("docker.io", "vault:latest")
|
||||||
ssh "./podman2minikube.sh vault:latest"
|
ssh "./podman2minikube.sh vault:latest"
|
||||||
podman_pull(ci_registry, "nginx:latest")
|
podman_pull("docker.io", "nginx:latest")
|
||||||
ssh "./podman2minikube.sh nginx:latest"
|
ssh "./podman2minikube.sh nginx:latest"
|
||||||
}
|
}
|
||||||
stage('run e2e') {
|
stage('run e2e') {
|
||||||
|
@ -16,6 +16,7 @@ def ssh(cmd) {
|
|||||||
|
|
||||||
def podman_login(registry, username, passwd) {
|
def podman_login(registry, username, passwd) {
|
||||||
ssh "podman login --authfile=~/.podman-auth.json --username=${username} --password='${passwd}' ${registry}"
|
ssh "podman login --authfile=~/.podman-auth.json --username=${username} --password='${passwd}' ${registry}"
|
||||||
|
ssh 'cp container-registry.conf /etc/containers/registries.conf'
|
||||||
}
|
}
|
||||||
|
|
||||||
def podman_pull(registry, image) {
|
def podman_pull(registry, image) {
|
||||||
@ -100,7 +101,7 @@ node('cico-workspace') {
|
|||||||
if (params.ghprbPullId != null) {
|
if (params.ghprbPullId != null) {
|
||||||
ref = "pull/${ghprbPullId}/merge"
|
ref = "pull/${ghprbPullId}/merge"
|
||||||
}
|
}
|
||||||
sh 'scp -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no ./prepare.sh ./single-node-k8s.sh ./podman2minikube.sh root@${CICO_NODE}:'
|
sh 'scp -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no ./prepare.sh ./single-node-k8s.sh ./podman2minikube.sh container-registry.conf root@${CICO_NODE}:'
|
||||||
ssh "./prepare.sh --workdir=/opt/build/go/src/github.com/ceph/ceph-csi --gitrepo=${git_repo} --ref=${ref}"
|
ssh "./prepare.sh --workdir=/opt/build/go/src/github.com/ceph/ceph-csi --gitrepo=${git_repo} --ref=${ref}"
|
||||||
}
|
}
|
||||||
stage('pull base container images') {
|
stage('pull base container images') {
|
||||||
@ -114,7 +115,7 @@ node('cico-workspace') {
|
|||||||
}
|
}
|
||||||
|
|
||||||
// base_image is like ceph/ceph:v15
|
// base_image is like ceph/ceph:v15
|
||||||
podman_pull(ci_registry, "${base_image}")
|
podman_pull("docker.io", "${base_image}")
|
||||||
// cephcsi:devel is used with 'make containerized-build'
|
// cephcsi:devel is used with 'make containerized-build'
|
||||||
podman_pull(ci_registry, "ceph-csi:devel")
|
podman_pull(ci_registry, "ceph-csi:devel")
|
||||||
}
|
}
|
||||||
@ -132,7 +133,7 @@ node('cico-workspace') {
|
|||||||
|
|
||||||
if (rook_version != '') {
|
if (rook_version != '') {
|
||||||
// single-node-k8s.sh pushes the image into minikube
|
// single-node-k8s.sh pushes the image into minikube
|
||||||
podman_pull(ci_registry, "rook/ceph:${rook_version}")
|
podman_pull("docker.io", "rook/ceph:${rook_version}")
|
||||||
}
|
}
|
||||||
|
|
||||||
timeout(time: 30, unit: 'MINUTES') {
|
timeout(time: 30, unit: 'MINUTES') {
|
||||||
@ -140,9 +141,9 @@ node('cico-workspace') {
|
|||||||
}
|
}
|
||||||
|
|
||||||
// vault:latest and nginx:latest are used by the e2e tests
|
// vault:latest and nginx:latest are used by the e2e tests
|
||||||
podman_pull(ci_registry, "vault:latest")
|
podman_pull("docker.io", "vault:latest")
|
||||||
ssh "./podman2minikube.sh vault:latest"
|
ssh "./podman2minikube.sh vault:latest"
|
||||||
podman_pull(ci_registry, "nginx:latest")
|
podman_pull("docker.io", "nginx:latest")
|
||||||
ssh "./podman2minikube.sh nginx:latest"
|
ssh "./podman2minikube.sh nginx:latest"
|
||||||
}
|
}
|
||||||
stage("run ${test_type} upgrade tests") {
|
stage("run ${test_type} upgrade tests") {
|
||||||
|
Loading…
Reference in New Issue
Block a user