MCO-1521: Promote PinnedImageSet to GA #2198
Conversation
|
Hello @RishabhSaini! Some important instructions when contributing to openshift/api: |
openshift-ci
bot
added
the
size/XL
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: RishabhSaini The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
RishabhSaini
changed the title
openshift-ci-robot
added
the
jira/valid-reference
|
@RishabhSaini: This pull request references MCO-1521 which is a valid jira issue. Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "4.19.0" version, but no target version was set. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
RishabhSaini
force-pushed
the
pis
branch
3 times, most recently
from
4382c84 to
c6dc790
Compare
|
@RishabhSaini: The following test failed, say
Full PR test history. Your PR dashboard. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here. |
| // +kubebuilder:validation:MaxLength=447 | ||
| // +kubebuilder:validation:XValidation:rule=`self.split('@').size() == 2 && self.split('@')[1].matches('^sha256:[a-f0-9]{64}$')`,message="the OCI Image reference must end with a valid '@sha256:<digest>' suffix, where '<digest>' is 64 characters long" | ||
| // +kubebuilder:validation:XValidation:rule=`self.split('@')[0].matches('^([a-zA-Z0-9-]+\\.)+[a-zA-Z0-9-]+(:[0-9]{2,5})?/([a-zA-Z0-9-_]{0,61}/)?[a-zA-Z0-9-_.]*?$')`,message="the OCI Image name should follow the host[:port][/namespace]/name format, resembling a valid URL without the scheme" | ||
| Name string `json:"name"` |
There was a problem hiding this comment.
Suggestion: within our MachineOSConfig object, we have a type (with validation) called ImageDigestFormat now. I wonder if it's worth it to consolidate them and have type validation the same across all MCO references for digest based images
| @@ -24,7 +24,6 @@ crd_globs="\ | |||
| operator/v1/zz_generated.crd-manifests/0000_50_openshift-controller-manager_02_openshiftcontrollermanagers*.crd.yaml | |||
| machineconfiguration/v1/zz_generated.crd-manifests/*.crd.yaml | |||
| machineconfiguration/v1alpha1/zz_generated.crd-manifests/0000_80_machine-config_01_machineconfignodes*.crd.yaml | |||
| machineconfiguration/v1alpha1/zz_generated.crd-manifests/0000_80_machine-config_01_pinnedimagesets*.crd.yaml | |||
There was a problem hiding this comment.
I think this is telling the payload to remove the v1alpha1 CRDs and install the v1 CRDs, which I think will break techpreview since the MCO wouldn't know how to process these in the meantime?
i.e. I think we would need to create the v1 API through this PR, and then still install alpha CRDs for now, then move the MCO to process v1 API, and simultaneously have the CRDs switch to v1 here as a second step.
| // conditions represent the observations of a pinned image set's current state. | ||
| // +patchMergeKey=type | ||
| // +patchStrategy=merge | ||
| // +kubebuilder:validation:MaxItems=10 |
There was a problem hiding this comment.
doing a make update locally causes this to regen, so I think this might be missing from the generated CRs
|
Here are some outstanding question after our discussion with Sam on this:
|
|
Note there's some overlap between PIS and bootc's logically bound images especially as it relates to OCL (lots of TLAs here!). A neat advantage of LBIs is that they live underneath a bootc-owned readonly bind mount, so even manually running |
|
Ok just verified, Pinned Images defined by CRIO can be deleted by Podman. Despite both using the storage as containers-storage, they don't seem to be aware of the pinned Images. Either a lower level mechanism in container/storage is needed or we could explore LBI's |
|
created a bug here: https://issues.redhat.com/browse/OCPBUGS-51284 |
| // +listType=map | ||
| // +listMapKey=type | ||
| // +optional | ||
| Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type"` |
There was a problem hiding this comment.
Thinking through this a bit more, since we can have (500?) pinned images, should we have a status corresponding to each pinned image instead of one general conditions? So multiple failures can be reflected properly
There was a problem hiding this comment.
Actually, maybe not, since the PinnedImageSet would then have the reflect error for every node trying to update to it, will think through this a bit more via the MCN PR
LBI isn't released yet and would be implementation details. I don't see that blocking the API promotion. |
Opened for testing