-
Notifications
You must be signed in to change notification settings - Fork 16
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Implement image metadata check for Kubernetes Agent tools to use the latest image tag revision for pull policy workaround #1010
Conversation
using var httpClient = new HttpClient(); | ||
try | ||
{ | ||
var response = await httpClient.GetAsync("https://oc.to/kubernetes-agent-tools-image-metadata"); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Using a short URL allows us to avoid updating Tentacle if the location of the metadata file changes.
{ | ||
#if NET8_0_OR_GREATER | ||
return HashCode.Combine(Major, Minor); | ||
#else |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm not sure if there's a way to avoid doing this. I ran into a compiler error similar to the one described here because HashCode is not available in the .NET Framework. Since we only build the Kubernetes Tentacle with .NET 8, this part of the code would never actually be used.
source/Octopus.Tentacle/Kubernetes/KubernetesAgentToolsImageVersionMetadataProvider.cs
Outdated
Show resolved
Hide resolved
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM!
Background
As part of implementing an auto-upgrader to migrate Kubernetes agents from v1 to v2, a Helm migrator plugin has been developed that must be installed on the script pod during the upgrade process. This installation requires the
curl
command, which has been added to thekubernetes-agent-base-tools
image.The tools image is versioned to align with the Kubernetes cluster version in which the agent operates (e.g., :1.30). However, because the default image pull policy for the script pod is
IfNotPresent
(this is the case when not explicitly defined), the tools image may become cached. As a result, customers who obtained the tools image prior to the addition ofcurl
will not receive the updated image without manually overriding the image pull policy.To address this issue, a workaround has been devised that appends a revision string to the end of the image tag. This revision string forces the new image to be pulled whenever changes occur. The revision information is stored in a versions.json file within the tools repository, as part of this PR.
Why not fetch tags from Docker Hub?
The decision to store the revision in a file rather than fetching tags directly from Docker Hub is based on rate limiting issues for unauthenticated Docker clients. Resolving this limitation would require the Kubernetes agent to store Docker Hub credentials.
Results
versions.json
metadata to construct the image tag using the revision hash.versions.json
metadata cannot be retrieved, the resolver will revert to the existing method for resolving image tags.