Implement image metadata check for Kubernetes Agent tools to use the latest image tag revision for pull policy workaround #1010
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
kevjt
commented
Oct 2, 2024
| using var httpClient = new HttpClient(); | ||
| try | ||
| { | ||
| var response = await httpClient.GetAsync("https://oc.to/kubernetes-agent-tools-image-metadata"); |
There was a problem hiding this comment.
Using a short URL allows us to avoid updating Tentacle if the location of the metadata file changes.
kevjt
commented
Oct 2, 2024
| { | ||
| #if NET8_0_OR_GREATER | ||
| return HashCode.Combine(Major, Minor); | ||
| #else |
There was a problem hiding this comment.
I'm not sure if there's a way to avoid doing this. I ran into a compiler error similar to the one described here because HashCode is not available in the .NET Framework. Since we only build the Kubernetes Tentacle with .NET 8, this part of the code would never actually be used.
APErebus
reviewed
Oct 2, 2024
source/Octopus.Tentacle/Kubernetes/KubernetesAgentToolsImageVersionMetadataProvider.cs
Outdated
Show resolved
Hide resolved
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Background
As part of implementing an auto-upgrader to migrate Kubernetes agents from v1 to v2, a Helm migrator plugin has been developed that must be installed on the script pod during the upgrade process. This installation requires the
curlcommand, which has been added to thekubernetes-agent-base-toolsimage.The tools image is versioned to align with the Kubernetes cluster version in which the agent operates (e.g., :1.30). However, because the default image pull policy for the script pod is
IfNotPresent(this is the case when not explicitly defined), the tools image may become cached. As a result, customers who obtained the tools image prior to the addition ofcurlwill not receive the updated image without manually overriding the image pull policy.To address this issue, a workaround has been devised that appends a revision string to the end of the image tag. This revision string forces the new image to be pulled whenever changes occur. The revision information is stored in a versions.json file within the tools repository, as part of this PR.
Why not fetch tags from Docker Hub?
The decision to store the revision in a file rather than fetching tags directly from Docker Hub is based on rate limiting issues for unauthenticated Docker clients. Resolving this limitation would require the Kubernetes agent to store Docker Hub credentials.
Results
versions.jsonmetadata to construct the image tag using the revision hash.versions.jsonmetadata cannot be retrieved, the resolver will revert to the existing method for resolving image tags.