Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Include cred helpers in keychain #581

Merged
merged 1 commit into from
Feb 8, 2022
Merged

Conversation

imjasonh
Copy link
Member

@imjasonh imjasonh commented Feb 3, 2022

This adds implicit support for Google, Amazon, Azure and GitHub container registries if the environment provides credentials.

Binary size increases from 22 MB -> 26 MB

@codecov-commenter
Copy link

codecov-commenter commented Feb 3, 2022

Codecov Report

Merging #581 (c7f5b5d) into main (1425e4b) will not change coverage.
The diff coverage is 33.33%.

Impacted file tree graph

@@           Coverage Diff           @@
##             main     #581   +/-   ##
=======================================
  Coverage   48.58%   48.58%           
=======================================
  Files          43       43           
  Lines        2221     2221           
=======================================
  Hits         1079     1079           
  Misses        956      956           
  Partials      186      186           
Impacted Files Coverage Δ
pkg/commands/deps.go 15.18% <0.00%> (ø)
pkg/commands/resolver.go 30.69% <0.00%> (ø)
pkg/commands/config.go 54.54% <100.00%> (ø)

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 1425e4b...c7f5b5d. Read the comment docs.

@imjasonh
Copy link
Member Author

imjasonh commented Feb 3, 2022

lol: https://github.com/google/ko/runs/5045688219?check_suite_focus=true

Pulling distroless attempts to use gcloud auth, which is not configured, so it fails closed, instead of falling back to trying anonymous, which would succeed. 🤔

This adds implicit support for Google, Amazon, Azure and GitHub
container registries if the environment provides credentials.

Binary size increases from 22 MB -> 26 MB
@imjasonh
Copy link
Member Author

imjasonh commented Feb 8, 2022

This should be RFAL now.

Copy link
Collaborator

@mattmoor mattmoor left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🤩

@imjasonh imjasonh merged commit 89ede91 into ko-build:main Feb 8, 2022
chaodaiG added a commit to chaodaiG/test-infra that referenced this pull request Mar 14, 2022
Supercedes kubernetes#25383, where in kubernetes#25383 the logic is in the pod where tests run, the problem there is that imagePullSecret defined on job pod is not accessible, which limits it's use case. The other problem is that the containers inside a test pod are not aware of the image they are from, so it's a little bit weird to let them know about it.

This PR moves the logic to plank, which feels more natural

-----------------------------
This is an unfortunate fact of prow, that user need to explictly set the entrypoint.

The migration of prow images from being built with bazel to ko introduced a side effect of all prow jobs that use gcr.io/k8s-prow images, such as robots/comment, robots/pr-creator etc. would fail due to the location of default entrypoint change. It would be trivial amount of work to update the binary location in prow jobs definition, but would like to use this opportunity to try to get this fixed.

(This PR was an effort baked on top of separate offline brainstorming with @cjwagner and @BenTheElder )
(The entrypoint extraction and docker auth parts were mainly from @imjasonh's work at ko-build/ko#581)
chaodaiG added a commit to chaodaiG/test-infra that referenced this pull request Mar 14, 2022
Supercedes kubernetes#25383, where in kubernetes#25383 the logic is in the pod where tests run, the problem there is that imagePullSecret defined on job pod is not accessible, which limits it's use case. The other problem is that the containers inside a test pod are not aware of the image they are from, so it's a little bit weird to let them know about it.

This PR moves the logic to plank, which feels more natural

-----------------------------
This is an unfortunate fact of prow, that user need to explictly set the entrypoint.

The migration of prow images from being built with bazel to ko introduced a side effect of all prow jobs that use gcr.io/k8s-prow images, such as robots/comment, robots/pr-creator etc. would fail due to the location of default entrypoint change. It would be trivial amount of work to update the binary location in prow jobs definition, but would like to use this opportunity to try to get this fixed.

(This PR was an effort baked on top of separate offline brainstorming with @cjwagner and @BenTheElder )
(The entrypoint extraction and docker auth parts were mainly from @imjasonh's work at ko-build/ko#581)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants