From dbda1b24b8e4b1f53cd529ec7f3ffe0c99f5ae28 Mon Sep 17 00:00:00 2001 From: Brad Davidson Date: Mon, 2 Dec 2024 20:37:48 +0000 Subject: [PATCH 1/2] Bump containerd for image rewrite fix Signed-off-by: Brad Davidson --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index b83268e9b5ac..6a3aeac06dff 100644 --- a/go.mod +++ b/go.mod @@ -9,7 +9,7 @@ replace ( github.com/Mirantis/cri-dockerd => github.com/k3s-io/cri-dockerd v0.3.12-k3s1.30-3 // k3s/release-1.30 github.com/cilium/ebpf => github.com/cilium/ebpf v0.12.3 github.com/cloudnativelabs/kube-router/v2 => github.com/k3s-io/kube-router/v2 v2.2.1 - github.com/containerd/containerd => github.com/k3s-io/containerd v1.7.23-k3s1 + github.com/containerd/containerd => github.com/k3s-io/containerd v1.7.23-k3s2 github.com/containerd/imgcrypt => github.com/containerd/imgcrypt v1.1.11 github.com/distribution/reference => github.com/distribution/reference v0.5.0 github.com/docker/distribution => github.com/docker/distribution v2.8.3+incompatible diff --git a/go.sum b/go.sum index 15fef74673d8..7740a587900b 100644 --- a/go.sum +++ b/go.sum @@ -948,8 +948,8 @@ github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfV github.com/julienschmidt/httprouter v1.3.0/go.mod h1:JR6WtHb+2LUe8TCKY3cZOxFyyO8IZAc4RVcycCCAKdM= github.com/jung-kurt/gofpdf v1.0.0/go.mod h1:7Id9E/uU8ce6rXgefFLlgrJj/GYY22cpxn+r32jIOes= github.com/jung-kurt/gofpdf v1.0.3-0.20190309125859-24315acbbda5/go.mod h1:7Id9E/uU8ce6rXgefFLlgrJj/GYY22cpxn+r32jIOes= -github.com/k3s-io/containerd v1.7.23-k3s1 h1:icB7N6TuuDcr8cqCZMr5TRNPUKoBq45Y9Jjv2qqBpnw= -github.com/k3s-io/containerd v1.7.23-k3s1/go.mod h1:+vNritUoqQTlFedsBErSkyu1yqf3eYikE3oGbEICi+g= +github.com/k3s-io/containerd v1.7.23-k3s2 h1:QPS588RkyWooj/M+C64EAd1wDeqLmW/RB0DNW08x7ls= +github.com/k3s-io/containerd v1.7.23-k3s2/go.mod h1:+vNritUoqQTlFedsBErSkyu1yqf3eYikE3oGbEICi+g= github.com/k3s-io/cri-dockerd v0.3.12-k3s1.30-3 h1:lmvoMmpiprwTdQFW5p3f+Y1ZRnx2YDKENSsUZsUCszc= github.com/k3s-io/cri-dockerd v0.3.12-k3s1.30-3/go.mod h1:L7HNeF+iZZ/btgefGZI5v7oB1TQgpFyWvbhmFzfsWAY= github.com/k3s-io/cri-tools v1.29.0-k3s1 h1:16IXZ5lbPCmZM8FkgSMAPkhI4O2wVGExe3qEZbisFT0= From 1a775a6d10bcdab261804f303c53de7e7f87a1d7 Mon Sep 17 00:00:00 2001 From: Brad Davidson Date: Mon, 2 Dec 2024 23:24:10 +0000 Subject: [PATCH 2/2] Add rewrite test to privateregistry e2e Signed-off-by: Brad Davidson --- tests/e2e/privateregistry/Vagrantfile | 7 +++++-- tests/e2e/privateregistry/privateregistry_test.go | 14 +++++++++----- 2 files changed, 14 insertions(+), 7 deletions(-) diff --git a/tests/e2e/privateregistry/Vagrantfile b/tests/e2e/privateregistry/Vagrantfile index 8300f81b30ab..0fd7a3d3f1c8 100644 --- a/tests/e2e/privateregistry/Vagrantfile +++ b/tests/e2e/privateregistry/Vagrantfile @@ -32,10 +32,13 @@ def provision(vm, role, role_num, node_num) # and still using the heredoc formatting with escapped quotes writePrivateRegistry = <<~'SCRIPT'.chomp % {net: NETWORK_PREFIX} mkdir -p /etc/rancher/k3s/ - echo "mirrors: + echo 'mirrors: my-registry.local: endpoint: - - \"http://%{net}.100:5000\"" > /etc/rancher/k3s/registries.yaml + - http://%{net}.100:5000 + rewrite: + "^library/(.*)$": "docker-io-library/$1" + ' > /etc/rancher/k3s/registries.yaml SCRIPT setInsecureRegistryPolicy = <<~'SCRIPT'.chomp % {net: NETWORK_PREFIX} diff --git a/tests/e2e/privateregistry/privateregistry_test.go b/tests/e2e/privateregistry/privateregistry_test.go index b3d4f2f237f8..856f49b596c6 100644 --- a/tests/e2e/privateregistry/privateregistry_test.go +++ b/tests/e2e/privateregistry/privateregistry_test.go @@ -95,28 +95,32 @@ var _ = Describe("Verify Create", Ordered, func() { Expect(err).NotTo(HaveOccurred()) }) + // Mirror the image as NODEIP:5000/docker-io-library/nginx:1.27.3, but reference it as my-registry.local/library/nginx:1.27.3 - + // the rewrite in registries.yaml's entry for my-registry.local should ensure that it is rewritten properly when pulling from + // NODEIP:5000 as a mirror. It("Should pull and image from dockerhub and send it to private registry", func() { - cmd := "docker pull nginx" + cmd := "docker pull docker.io/library/nginx:1.27.3" _, err := e2e.RunCmdOnNode(cmd, serverNodeNames[0]) Expect(err).NotTo(HaveOccurred(), "failed: "+cmd) nodeIP, err := e2e.FetchNodeExternalIP(serverNodeNames[0]) Expect(err).NotTo(HaveOccurred()) - cmd = "docker tag nginx " + nodeIP + ":5000/my-webpage" + cmd = "docker tag docker.io/library/nginx:1.27.3 " + nodeIP + ":5000/docker-io-library/nginx:1.27.3" _, err = e2e.RunCmdOnNode(cmd, serverNodeNames[0]) Expect(err).NotTo(HaveOccurred(), "failed: "+cmd) - cmd = "docker push " + nodeIP + ":5000/my-webpage" + cmd = "docker push " + nodeIP + ":5000/docker-io-library/nginx:1.27.3" _, err = e2e.RunCmdOnNode(cmd, serverNodeNames[0]) Expect(err).NotTo(HaveOccurred(), "failed: "+cmd) - cmd = "docker image remove nginx " + nodeIP + ":5000/my-webpage" + cmd = "docker image remove docker.io/library/nginx:1.27.3 " + nodeIP + ":5000/docker-io-library/nginx:1.27.3" _, err = e2e.RunCmdOnNode(cmd, serverNodeNames[0]) Expect(err).NotTo(HaveOccurred(), "failed: "+cmd) }) + It("Should create and validate deployment with private registry on", func() { - res, err := e2e.RunCmdOnNode("kubectl create deployment my-webpage --image=my-registry.local/my-webpage", serverNodeNames[0]) + res, err := e2e.RunCmdOnNode("kubectl create deployment my-webpage --image=my-registry.local/library/nginx:1.27.3", serverNodeNames[0]) fmt.Println(res) Expect(err).NotTo(HaveOccurred())