make dockercfg secrets handle multiple urls including service DNS #9306
Conversation
|
@liggitt You had the original, want this one too? |
sure, if no one gets to it first |
deads2k
force-pushed
the
convert-docker-registry-service
branch
4 times, most recently
from
55856ae to
269d586
Compare
|
yum re[test] |
deads2k
force-pushed
the
convert-docker-registry-service
branch
from
269d586 to
26ca796
Compare
|
@Kargakis take a look at another controller? |
| @@ -37,14 +41,16 @@ type DockercfgControllerOptions struct { | |||
| // If zero, re-list will be delayed as long as possible | |||
| Resync time.Duration | |||
|
|
|||
| DefaultDockerURL string | |||
| // DockerURLsIntialized is used to send a signal to this controller that it has the correct set of docker urls | |||
There was a problem hiding this comment.
Can you add the source of the signal (DockerRegistryServiceController) to the doc?
| return | ||
| } | ||
|
|
||
| go e.serviceAccountController.Run(stopCh) |
There was a problem hiding this comment.
Can you move this out of the wait function?
There was a problem hiding this comment.
Can you move this out of the wait function?
Sure, I hadn't fully sorted out the waiting mechanism when I wrote this.
deads2k
force-pushed
the
convert-docker-registry-service
branch
from
26ca796 to
7711762
Compare
|
comments addressed. |
deads2k
force-pushed
the
convert-docker-registry-service
branch
from
7711762 to
f1b4f46
Compare
|
#9444 re[test] |
| dockerCredentials = dockercfgMap[existingDockercfgSecretLocations.List()[0]].Password | ||
| } | ||
| if len(dockerCredentials) == 0 { | ||
| tokenSecret, err := e.client.Secrets(dockercfgSecret.Namespace).Get(dockercfgSecret.Annotations[ServiceAccountTokenSecretNameKey]) |
There was a problem hiding this comment.
Can't you pull this from the cache? Is there any reason for the live call?
There was a problem hiding this comment.
Can't you pull this from the cache? Is there any reason for the live call?
No reason I can think of. Nice catch.
|
One more question, LGTM otherwise |
deads2k
force-pushed
the
convert-docker-registry-service
branch
from
f1b4f46 to
834622c
Compare
|
[merge] |
|
Evaluated for origin test up to 834622c |
|
continuous-integration/openshift-jenkins/test SUCCESS (https://ci.openshift.redhat.com/jenkins/job/test_pr_origin/5775/) |
|
continuous-integration/openshift-jenkins/merge SUCCESS (https://ci.openshift.redhat.com/jenkins/job/test_pr_origin/5775/) (Image: devenv-rhel7_4527) |
|
#9512 re[merge] |
|
Evaluated for origin merge up to 834622c |
|
Why was this merged? This is obviated by migrate. |
|
Or is this supposed to only handle the case where no docker registry has been installed? |
Written to handle one, happens to handle both. The code doesn't get simpler by eliminating it. Also, why make someone run a command if they don't have to and this structure makes it possible and transparent to operate against routes if we choose to add it. |
|
In person discussion:
We still have to have some persistent config that identifies the string On Mon, Jul 11, 2016 at 2:22 PM, David Eads [email protected]
|
Replacement for #6385, builds on #9209
Let's see what the [test]s do.
This has watches on services (maybe routes later) and secrets. No work is done until the caches are up to date.
After the service (and future routes) queue up work using a single key. That workqueue consumer checks the cache for the current value of the docker registry URLs. If it has changed, it lists all dockercfg secrets and puts them into a the
secretQueue.The
secretQueueholds references to dockercfg secrets. An item is dequeued, checked if it needs to be updated to the new docker registry URLs, and if so, it updates.