Use image promoter release process #1089
Comments
k8s-ci-robot
added
the
kind/feature
|
@dims |
|
/cc @dims |
|
/cc @justinsb |
|
Last time there was still an issue with the tool, is this solved now? kubernetes/k8s.io#384 (comment) |
|
I think yes, because gcr.io/google-containers is deprecated. Googler no longer can release new images to it. I will confirm it with someone from sig-release |
|
@bartsmykla Can you confirm that new pipeline is fully functional? |
|
Yes, it's working :-) |
|
@serathius it looks like staging repo already exists: https://console.cloud.google.com/gcr/images/k8s-staging-kube-state-metrics/GLOBAL and as kubernetes/k8s.io#384 was merged almost half a year ago I'm sure the google group was already created. :-) |
|
How can I verify this? I can mark it as done |
|
These are the IAM roles for this project: https://github.com/kubernetes/k8s.io/blob/master/audit/projects/k8s-staging-kube-state-metrics/iam.json I'm not entirely sure how to verify that but if I would guess looking at IAMs members of this group should have access to GCB for the project. Try to go here: https://console.cloud.google.com/navigation-error;errorUrl=%2Fcloud-build%3ForganizationId%3D&project%3Dk8s-staging-kube-state-metrics and check if it will let you in :-) |
|
Oooor... it should be easier to just check if you are a member of that group: https://groups.google.com/a/kubernetes.io/forum/#!myforums :-D |
|
I'm not owner of kube-state-metrics so I cannot check that. |
|
@serathius so the only way is to wait for one of the members or @dims to look and confirm, but the only case when the group would not exist is when the reconcile tool would not work and as far as I'm aware it's not the case and every project which was added later is able to get the access to its repositories and push images to them. |
|
/help |
|
@serathius: Please ensure the request meets the requirements listed here. If this request no longer meets these requirements, the label can be removed In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
k8s-ci-robot
added
the
help wanted
|
@lilic Can you confirm that group exits? |
|
I am part of k8s-infra-staging-kube-state-metrics group yes and I can confirm I can access the. https://console.cloud.google.com/cloud-build/builds?organizationId=&project=k8s-staging-kube-state-metrics
|
|
Acces to production images should only be done by automated CI. This is done by image promoter, which watches content of file https://github.com/kubernetes/k8s.io/blob/master/k8s.gcr.io/images/k8s-staging-kube-state-metrics/images.yaml |
|
It's exactly as @serathius said :-) |
|
Issues go stale after 90d of inactivity. If this issue is safe to close now please do so with Send feedback to sig-testing, kubernetes/test-infra and/or fejta. |
k8s-ci-robot
added
the
lifecycle/stale
|
/remove-lifecycle stale |
k8s-ci-robot
removed
the
lifecycle/stale
|
@tariq1890 said he is interested in doing this, if not I can take it. Tariq do you have time for this? |
|
Both of my PRs are merged. Now how to check the process actually works 🤔 |
|
Thanks for handling this Lili
Hope this helps |
|
@lilic @tariq1890 anything I can do to help out here? I would be interested in getting kube-state-metrics images for arm64. |
|
@mrueg the above mentioned by Marek sounds like great two things to be done in kube-state-metrics as well, thanks! :) |
|
Looks like it's not working as expected, see: https://prow.k8s.io/view/gs/kubernetes-jenkins/logs/post-kube-state-metrics-push-images/1285961432038379522 anyone with access to gcp can look at those logs? |
|
Yes opened PR to fix this, |
|
I believe everything was done on this list. Last PR should be #1175 We can close this issue now? |
|
Could we make one full release using new pipeline before? Would make sense to test if everything works e2e |
|
Sounds good, we plan on doing this with the 2.0 release. |
|
@serathius @lilic looking at https://console.cloud.google.com/gcr/images/k8s-staging-kube-state-metrics/GLOBAL/kube-state-metrics@sha256:23eb6eda398dca8a488dd49817605b914dea8ccf740168a8bf7328bc8fc5cbb6/details?tab=info it seems like there is no non-amd64 image pushed. anything that's missing here? |
|
Ah I figured, cloudbuild.yaml is calling |
|
Seems like this worked, we are now seeing multiple arch images in gcr. Thanks @mrueg for the work! |
|
Great, let me know if you want a backport to 1.9 (I already see a 1.9.7 tag appeared on gcr?). |
|
Backport sounds great! |
I can do the backport, one thing I'm wondering about is, that Makefile defines the version per cat VERSION (which leads to the docker image being updated on every push so a version becomes a moving target). I would suggest the following logic:
@lilic @paulfantom @serathius any preference here? |
|
Yes, I noticed as well have plans to correct this for when we do the 2.0 release as we are not using the image promotion process until 2.0 release, we have not discussed this yet with the maintainers. Do you mind opening a separate issue instead thanks! |
|
Issues go stale after 90d of inactivity. If this issue is safe to close now please do so with Send feedback to sig-testing, kubernetes/test-infra and/or fejta. |
k8s-ci-robot
added
the
lifecycle/stale
|
Since this image promotion now works and we have a good workflow, closing this issue. Thanks all! |
Using k8s release process would allow to migrate to official k8s repositories without depending on Googlers. It also supports automated build process which will make it more auditable and secure.
We should also stop depending on quay.io registry if official option can be used.
Staging repo was already setup by @brancz kubernetes/k8s.io#384
/kind feature
Tasks based on https://github.com/kubernetes/k8s.io/tree/master/k8s.gcr.io
Migrate to promotion process:
Automate builds:
/cc @lilic please confirm that plan makes sense for you.
The text was updated successfully, but these errors were encountered: