Skip to content
This repository has been archived by the owner on Oct 16, 2023. It is now read-only.

Commit

Permalink
proxy registry: offline mode (#19)
Browse files Browse the repository at this point in the history
* trow proxy-registries: add offline option

* update helm chart, prepare release
  • Loading branch information
awoimbee authored Jul 10, 2023
1 parent ffba00c commit 97faa61
Show file tree
Hide file tree
Showing 12 changed files with 131 additions and 97 deletions.
2 changes: 1 addition & 1 deletion Cargo.lock

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion Cargo.toml
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
[package]
name = "trow"
version = "0.5.2"
version = "0.6.0"
authors = []
edition = "2021"

Expand Down
4 changes: 2 additions & 2 deletions charts/trow/Chart.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -3,5 +3,5 @@ name: trow
description: Helm chart for Trow registry

type: application
version: 0.5.3
appVersion: 0.5.2
version: 0.6.0
appVersion: 0.6.0
28 changes: 16 additions & 12 deletions charts/trow/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -32,14 +32,16 @@ trow:
## Ignore or Fail
onWebhookFailure: Ignore
config:
- alias: docker
host: registry-1.docker.io
- alias: nvcr
host: https://nvcr.io
- alias: quay
host: quay.io
# - alias: toto
# host: http://toto.land
offline: false
registries:
- alias: docker
host: registry-1.docker.io
- alias: nvcr
host: https://nvcr.io
- alias: quay
host: quay.io
# - alias: toto
# host: http://toto.land
## For more info on log levels see https://docs.rs/tracing-subscriber/0.3.17/tracing_subscriber/filter/struct.EnvFilter.html
logLevel: info

Expand All @@ -60,19 +62,21 @@ service:
ingress:
enabled: false
gke: false
annotations: {}
annotations:
{}
# kubernetes.io/ingress.class: nginx
# kubernetes.io/tls-acme: "true"
hosts:
- paths: ['/']
- paths: ["/"]
# use "none" to not set a host (otherwise defaults to trow.domain)
host:
tls: []
# - secretName: chart-example-tls
# hosts:
# - chart-example.local

resources: {}
resources:
{}
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
Expand All @@ -91,7 +95,7 @@ tolerations: []
affinity: {}

volumeClaim:
accessModes: [ "ReadWriteOnce" ]
accessModes: ["ReadWriteOnce"]
resources:
requests:
storage: 20Gi
14 changes: 7 additions & 7 deletions src/lib.rs
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ use client_interface::ClientInterface;
use futures::Future;
use thiserror::Error;
use tracing::{event, Level};
use trow_server::{ImageValidationConfig, RegistryProxyConfig};
use trow_server::{ImageValidationConfig, RegistryProxiesConfig};
use uuid::Uuid;

//TODO: Make this take a cause or description
Expand Down Expand Up @@ -58,7 +58,7 @@ pub struct TrowConfig {
tls: Option<TlsConfig>,
grpc: GrpcConfig,
service_name: String,
proxy_registry_config: Vec<RegistryProxyConfig>,
proxy_registry_config: Option<RegistryProxiesConfig>,
image_validation_config: Option<ImageValidationConfig>,
dry_run: bool,
token_secret: String,
Expand Down Expand Up @@ -128,7 +128,7 @@ impl TrowBuilder {
tls: None,
grpc: GrpcConfig { listen },
service_name,
proxy_registry_config: Vec::new(),
proxy_registry_config: None,
image_validation_config: None,
dry_run,
token_secret: Uuid::new_v4().to_string(),
Expand All @@ -142,9 +142,9 @@ impl TrowBuilder {
let config_file = config_file.as_ref();
let config_str = fs::read_to_string(config_file)
.with_context(|| format!("Could not read file `{}`", config_file))?;
let config = serde_yaml::from_str::<Vec<RegistryProxyConfig>>(&config_str)
let config = serde_yaml::from_str::<RegistryProxiesConfig>(&config_str)
.with_context(|| format!("Could not parse file `{}`", config_file))?;
self.config.proxy_registry_config = config;
self.config.proxy_registry_config = Some(config);
Ok(self)
}

Expand Down Expand Up @@ -197,9 +197,9 @@ impl TrowBuilder {
}
None => println!("Image validation webhook not configured"),
}
if !self.config.proxy_registry_config.is_empty() {
if let Some(proxy_config) = &self.config.proxy_registry_config {
println!("Proxy registries configured:");
for config in &self.config.proxy_registry_config {
for config in &proxy_config.registries {
println!(" - {}: {}", config.alias, config.host);
}
} else {
Expand Down
33 changes: 18 additions & 15 deletions tests/admission_mutation.rs
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@ mod admission_mutation_tests {
use k8s_openapi::api::core::v1::Pod;
use kube::core::admission::AdmissionReview;
use reqwest::StatusCode;
use trow_server::RegistryProxyConfig;
use trow_server::{RegistryProxiesConfig, SingleRegistryProxyConfig};

use crate::common;

Expand All @@ -29,20 +29,23 @@ mod admission_mutation_tests {
/// Call out to cargo to start trow.
/// Seriously considering moving to docker run.
async fn start_trow() -> TrowInstance {
let config_file = common::get_file(vec![
RegistryProxyConfig {
alias: "docker".to_string(),
host: "registry-1.docker.io".to_string(),
username: None,
password: None,
},
RegistryProxyConfig {
alias: "ecr".to_string(),
host: "1234.dkr.ecr.saturn-5.amazonaws.com".to_string(),
username: Some("AWS".to_string()),
password: None,
},
]);
let config_file = common::get_file(RegistryProxiesConfig {
offline: false,
registries: vec![
SingleRegistryProxyConfig {
alias: "docker".to_string(),
host: "registry-1.docker.io".to_string(),
username: None,
password: None,
},
SingleRegistryProxyConfig {
alias: "ecr".to_string(),
host: "1234.dkr.ecr.saturn-5.amazonaws.com".to_string(),
username: Some("AWS".to_string()),
password: None,
},
],
});

let mut child = Command::new("cargo")
.arg("run")
Expand Down
33 changes: 18 additions & 15 deletions tests/cli.rs
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ mod common;
#[cfg(test)]
mod cli {
use predicates::prelude::*;
use trow_server::{ImageValidationConfig, RegistryProxyConfig};
use trow_server::{ImageValidationConfig, RegistryProxiesConfig, SingleRegistryProxyConfig};

use crate::common::get_file;

Expand Down Expand Up @@ -101,20 +101,23 @@ mod cli {
"Image validation webhook not configured",
));

let file = get_file::<Vec<RegistryProxyConfig>>(vec![
RegistryProxyConfig {
alias: "lovni".to_string(),
host: "jul.example.com".to_string(),
username: Some("robert".to_string()),
password: Some("1234".to_string()),
},
RegistryProxyConfig {
alias: "trow".to_string(),
host: "127.0.0.1".to_string(),
username: None,
password: None,
},
]);
let file = get_file(RegistryProxiesConfig {
offline: true,
registries: vec![
SingleRegistryProxyConfig {
alias: "lovni".to_string(),
host: "jul.example.com".to_string(),
username: Some("robert".to_string()),
password: Some("1234".to_string()),
},
SingleRegistryProxyConfig {
alias: "trow".to_string(),
host: "127.0.0.1".to_string(),
username: None,
password: None,
},
],
});

get_command()
.args([
Expand Down
45 changes: 24 additions & 21 deletions tests/proxy.rs
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ mod interface_tests {

use environment::Environment;
use reqwest::StatusCode;
use trow_server::{manifest, RegistryProxyConfig};
use trow_server::{manifest, RegistryProxiesConfig, SingleRegistryProxyConfig};

use crate::common;

Expand All @@ -22,26 +22,29 @@ mod interface_tests {
}

async fn start_trow() -> TrowInstance {
let config_file = common::get_file(vec![
RegistryProxyConfig {
alias: "docker".to_string(),
host: "registry-1.docker.io".to_string(),
username: None,
password: None,
},
RegistryProxyConfig {
alias: "nvcr".to_string(),
host: "nvcr.io".to_string(),
username: None,
password: None,
},
RegistryProxyConfig {
alias: "quay".to_string(),
host: "quay.io".to_string(),
username: None,
password: None,
},
]);
let config_file = common::get_file(RegistryProxiesConfig {
offline: false,
registries: vec![
SingleRegistryProxyConfig {
alias: "docker".to_string(),
host: "registry-1.docker.io".to_string(),
username: None,
password: None,
},
SingleRegistryProxyConfig {
alias: "nvcr".to_string(),
host: "nvcr.io".to_string(),
username: None,
password: None,
},
SingleRegistryProxyConfig {
alias: "quay".to_string(),
host: "quay.io".to_string(),
username: None,
password: None,
},
],
});

let mut child = Command::new("cargo")
.arg("run")
Expand Down
10 changes: 9 additions & 1 deletion trow-server/src/admission.rs
Original file line number Diff line number Diff line change
Expand Up @@ -97,14 +97,22 @@ impl AdmissionController for TrowServer {
) -> Result<Response<AdmissionResponse>, Status> {
let ar = ar.into_inner();
let mut patch_operations = Vec::<PatchOperation>::new();
let proxy_config = match self.proxy_registry_config.as_ref() {
Some(s) => s,
None => {
return Err(Status::internal(
"Proxy registry config not set, cannot mutate image references",
))
}
};

for (raw_image, image_path) in ar.images.iter().zip(ar.image_paths.iter()) {
let image = match RemoteImage::try_from_str(raw_image) {
Ok(image) => image,
Err(_) => continue,
};

for cfg in self.proxy_registry_config.iter() {
for cfg in proxy_config.registries.iter() {
if image.get_host() == cfg.host {
event!(
Level::INFO,
Expand Down
6 changes: 3 additions & 3 deletions trow-server/src/lib.rs
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ mod temporary_file;
use std::future::Future;

pub use admission::ImageValidationConfig;
pub use proxy_auth::RegistryProxyConfig;
pub use proxy_auth::{RegistryProxiesConfig, SingleRegistryProxyConfig};
use server::trow_server::admission_controller_server::AdmissionControllerServer;
use server::trow_server::registry_server::RegistryServer;
use server::TrowServer;
Expand All @@ -19,7 +19,7 @@ use tonic::transport::Server;
pub struct TrowServerBuilder {
data_path: String,
listen_addr: std::net::SocketAddr,
proxy_registry_config: Vec<RegistryProxyConfig>,
proxy_registry_config: Option<RegistryProxiesConfig>,
image_validation_config: Option<ImageValidationConfig>,
tls_cert: Option<Vec<u8>>,
tls_key: Option<Vec<u8>>,
Expand All @@ -29,7 +29,7 @@ pub struct TrowServerBuilder {
pub fn build_server(
data_path: &str,
listen_addr: std::net::SocketAddr,
proxy_registry_config: Vec<RegistryProxyConfig>,
proxy_registry_config: Option<RegistryProxiesConfig>,
image_validation_config: Option<ImageValidationConfig>,
) -> TrowServerBuilder {
TrowServerBuilder {
Expand Down
Loading

0 comments on commit 97faa61

Please sign in to comment.