diff --git a/Dockerfile b/Dockerfile index f31df52..c6964b1 100644 --- a/Dockerfile +++ b/Dockerfile @@ -4,4 +4,4 @@ COPY . ./app WORKDIR /app ENV PYTHONPATH "$PYTHONPATH:/app" RUN pip install --no-cache -r requirements.txt -ENTRYPOINT ["python", "mirroroperator/operator.py"] +CMD ["python", "-u", "mirroroperator/operator.py"] diff --git a/README.md b/README.md index b0a2873..558db08 100644 --- a/README.md +++ b/README.md @@ -86,10 +86,10 @@ Name | description | default `DOCKER_CERTIFICATE_SECRET` | (Required) You **must** provide a certificate to enable TLS between the docker daemon and the registry and create a secret from it, this variable is the name of the secret | None `NAMESPACE` | (Optional) The namespace in which the resources should be created. This should be the same namespace as where the container is running | default `SECONDS_BETWEEN_STREAMS` | (Optional) Time to sleep between calls to the API. The operator will occasionally lose connection or else fail to run if the Custom Resource Definition does not exist. | 30 -`DOCKER_REGISTRY` | (Optional) The docker registry where Docker images for all containers are to be pulled from. Set it if you have cache/proxy for accessing DockerHub. Overrides HOSTESS_DOCKER_REGISTRY if set to non-default value. | docker.io -`HOSTESS_DOCKER_REGISTRY` | (Optional) Deprecated, will be removed in version 1.0.0. The docker registry where mirror-hostess and alpine are to be pulled from. | docker.io +`DOCKER_REGISTRY` | (Optional) The docker registry where Docker images for all containers are to be pulled from. Set it if you have cache/proxy for accessing DockerHub. | docker.io +`HOSTESS_DOCKER_REGISTRY` | (Optional) The docker registry where mirror-hostess is to be pulled from. | ghcr.io `HOSTESS_DOCKER_IMAGE` | (Optional) The name of the docker image for mirror-hostess. | ocadotechnology/mirror-hostess -`HOSTESS_DOCKER_TAG` | (Optional) The tag for the mirror-hostess docker image. | 1.1.0 +`HOSTESS_DOCKER_TAG` | (Optional) The tag for the mirror-hostess docker image. | 1.4.0 `ADDRESSING_SCHEME` | (Optional) Select supported addressing scheme | hostess `IMAGESWAP_NAMESPACE` | (Optional) The namespace for `imageswap-maps` ConfigMap | the same as `NAMESPACE` `SS_DS_LABELS` | (Optional) StatefulSet and DaemonSet labels | None @@ -100,8 +100,8 @@ Name | description | default ## Usage In order to have the operator deploy a new mirror, the cluster needs to have the custom resource defined: -``` -apiVersion: apiextensions.k8s.io/v1beta1 +```yaml +apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: # name must match the spec fields below, and be in the form: . @@ -109,8 +109,22 @@ metadata: spec: # group name to use for REST API: /apis// group: k8s.osp.tech + preserveUnknownFields: false # version name to use for REST API: /apis// - version: v1 + versions: + - name: v1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + properties: + spec: + type: object + x-kubernetes-preserve-unknown-fields: true + status: + type: object + x-kubernetes-preserve-unknown-fields: true # either Namespaced or Cluster scope: Cluster names: @@ -123,8 +137,8 @@ spec: # shortNames allow shorter string to match your resource on the CLI shortNames: - rm - ``` +TODO: add proper openAPIV3Schema You can then create new mirrors by providing at minimum an `upstreamUrl` in the spec: ```yaml diff --git a/mirroroperator/operator.py b/mirroroperator/operator.py index 373ed61..c6f22e4 100644 --- a/mirroroperator/operator.py +++ b/mirroroperator/operator.py @@ -29,7 +29,7 @@ def __init__(self, env_vars): """ :param env_vars: dictionary includes namespace, docker_registry (used in RegistryMirror), - hostess_docker_registry (used in RegistryMirror, deprecated), + hostess_docker_registry (used in RegistryMirror), ss_ds_labels (used in RegistryMirror, optional), ss_ds_template_lables (used in RegistryMirror, optional) ss_ds_tolerations (used in RegistryMirror, optional) @@ -151,15 +151,13 @@ def main(): # optional to allow for image to be pulled from elsewhere docker_registry=os.environ.get( "DOCKER_REGISTRY", "docker.io"), - # pylint: disable=fixme - # TODO: remove 'hostess_docker_registry' in 1.0.0 hostess_docker_registry=os.environ.get( - "HOSTESS_DOCKER_REGISTRY", "docker.io"), + "HOSTESS_DOCKER_REGISTRY", "ghcr.io"), addressing_scheme=os.environ.get("ADDRESSING_SCHEME", "hostess"), imageswap_namespace=os.environ.get("IMAGESWAP_NAMESPACE", env_namespace), hostess_docker_image=os.environ.get("HOSTESS_DOCKER_IMAGE", "ocadotechnology/mirror-hostess"), - hostess_docker_tag=os.environ.get("HOSTESS_DOCKER_TAG", "1.1.0"), + hostess_docker_tag=os.environ.get("HOSTESS_DOCKER_TAG", "1.4.0"), # optional labels to be added to daemonsets and statefulsets ss_ds_labels=safely_eval_env("SS_DS_LABELS"), ss_ds_template_labels=safely_eval_env("SS_DS_TEMPLATE_LABELS"), @@ -172,10 +170,6 @@ def main(): # get ca certificate ca_certificate_bundle=os.environ.get("CA_CERTIFICATE_BUNDLE"), ) - # HOSTESS_DOCKER_REGISTRY is deprecated in favor of DOCKER_REGISTRY - if env_vars["docker_registry"] != "docker.io": - env_vars["hostess_docker_registry"] = env_vars["docker_registry"] - parser = argparse.ArgumentParser() parser.add_argument("--map-update", help="Update the imageswap-maps Config Map", diff --git a/mirroroperator/registrymirror.py b/mirroroperator/registrymirror.py index 7997fd6..0edc8b0 100644 --- a/mirroroperator/registrymirror.py +++ b/mirroroperator/registrymirror.py @@ -56,7 +56,10 @@ def __init__(self, event_type, namespace, docker_registry, if kwargs["ss_ds_tolerations"] is not None: for t in kwargs["ss_ds_tolerations"]: self.ss_ds_tolerations.append(client.V1Toleration(**t)) - self.image_pull_secrets = kwargs["image_pull_secrets"] or "" + if kwargs["image_pull_secrets"] is not None: + self.image_pull_secrets = [{"name": name} for name in kwargs["image_pull_secrets"].split(",")] + else: + self.image_pull_secrets = None self.ca_certificate_bundle = kwargs["ca_certificate_bundle"] self.volume_claim_spec = client.V1PersistentVolumeClaimSpec( @@ -322,8 +325,8 @@ def generate_daemon_set(self, daemon_set): "-u", "-x" ], - image="{}/alpine:3.6".format( - self.hostess_docker_registry), + image="{}/alpine:3.14".format( + self.docker_registry), image_pull_policy="IfNotPresent", resources=client.V1ResourceRequirements( requests={"memory": "1Mi", "cpu": "0.001"}, @@ -365,8 +368,7 @@ def generate_daemon_set(self, daemon_set): spec=client.V1PodSpec( containers=daemonset_containers, tolerations=self.ss_ds_tolerations, - image_pull_secrets=[{"name": name} for name in - self.image_pull_secrets.split(",")], + image_pull_secrets=self.image_pull_secrets, service_account_name="mirror-hostess", termination_grace_period_seconds=2, volumes=[client.V1Volume( @@ -583,7 +585,7 @@ def generate_stateful_set(self): init_containers=[ client.V1Container( name="generate-ca-certs", - image="{}/cloudbees/docker-certificates:1.2".format( + image="{}/cloudbees/docker-certificates:1.3".format( self.docker_registry), command=["/bin/sh"], args=["-c", script], @@ -613,7 +615,7 @@ def generate_stateful_set(self): containers=[ client.V1Container( name="registry", - image="{}/nginx:1.13.3-alpine".format( + image="{}/nginx:1.22.1-alpine".format( self.docker_registry), readiness_probe=client.V1Probe( http_get=client.V1HTTPGetAction( diff --git a/requirements.txt b/requirements.txt index a50b40a..69cfa1a 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,4 +1,4 @@ bitmath==1.3.3.1 fasteners==0.14.1 -kubernetes==11.0.0 +kubernetes==21.7.0 statsd==3.2.1