Image pruner: Determine protocol just once #14914
Conversation
miminar
changed the title
miminar
force-pushed
the
secure-image-prune
branch
from
c3d693f to
d9af60d
Compare
|
[test][testextended][extended:core(registry|imageapi|ImagePrune|ImageQuota)] |
pkg/image/prune/prune.go
Outdated
| func (drp *defaultRegistryPinger) ping(registry string) error { | ||
| healthCheck := func(proto, registry string) error { | ||
| func (drp *defaultRegistryPinger) ping(registry string) (string, error) { | ||
| registryURL, err := tryProtocolsWithRegistryURL(registry, drp.insecure, func(u url.URL) error { | ||
| // TODO: `/healthz` route is deprecated by `/`; remove it in future versions |
There was a problem hiding this comment.
Can't we check / and fallback to /healthz only if the former fail? This way we'll support both.
pkg/image/prune/prune.go
Outdated
| protos = []string{"https"} | ||
| } | ||
| registry = url.Host | ||
| glog.V(4).Infof("url: %#+v", url) |
There was a problem hiding this comment.
This looks like a development debug, can you make it more friendly?
pkg/image/prune/prune.go
Outdated
| glog.V(4).Infof("Trying protocol %s for the registry url %s", proto, registry) | ||
| default: | ||
| glog.V(4).Infof("Falling back to protocol %s for the registry url %s", proto, registry) | ||
| } |
There was a problem hiding this comment.
This is bad, just log the fact, you'll figure out when looking at logs, that this is a retry. There's no point in hardcoding this switch.
There was a problem hiding this comment.
As you wish. I liked it better this way though.
pkg/image/prune/prune.go
Outdated
| } | ||
|
|
||
| if err != nil { | ||
| // TODO: remove the first |
pkg/image/prune/prune.go
Outdated
| // tryProtocolsWithRegistryURL runs given callback with different protocols until no error is returned. The | ||
| // https protocol is the first attempt. If it fails and allowInsecure is true, http will be the next. Obtained | ||
| // errors will be concatenated and returned. | ||
| func tryProtocolsWithRegistryURL(registry string, allowInsecure bool, callback func(registryURL url.URL) error) (*url.URL, error) { |
There was a problem hiding this comment.
callback here suggests an actual callback method, but it's not. It's the heart of this method, an action performed by this function. I'd suggest renaming the variable.
|
Although it looks like your changes are failing tests, so you need to address that one. |
miminar
force-pushed
the
secure-image-prune
branch
from
d9af60d to
178a139
Compare
|
Tests should be passing now. |
miminar
force-pushed
the
secure-image-prune
branch
3 times, most recently
from
30b4a6c to
093d03b
Compare
|
LGTM! |
miminar
force-pushed
the
secure-image-prune
branch
from
093d03b to
7f24389
Compare
|
One last unit test fix. |
|
Flake #14129 re-[test] |
|
|
miminar
force-pushed
the
secure-image-prune
branch
2 times, most recently
from
704189d to
58876ea
Compare
|
I reformatted logging messages again and made a small change to defaulting to insecure connection. Since now internal docker registry URL may be a DNS, let's not default to insecure connection if |
miminar
force-pushed
the
secure-image-prune
branch
5 times, most recently
from
7de7ae1 to
c3bfb0b
Compare
miminar
force-pushed
the
secure-image-prune
branch
from
c3bfb0b to
2a03fe4
Compare
|
Fixed broken formatting of help message. |
miminar
force-pushed
the
secure-image-prune
branch
from
a14089d to
5cc9d12
Compare
|
Evaluated for origin testextended up to 5cc9d12 |
|
continuous-integration/openshift-jenkins/testextended FAILURE (https://ci.openshift.redhat.com/jenkins/job/test_pull_request_origin_extended/906/) (Base Commit: 74121fa) (PR Branch Commit: 5cc9d12) (Extended Tests: core(registry|imageapi|ImagePrune|ImageQuota)) |
|
/test extended_templates |
|
/retest |
|
/approve |
openshift-merge-robot
added
the
approved
|
Jenkins job not found. |
|
/test extended_image_registry |
|
/retest |
|
/retest Please review the full test history for this PR and help us cut down flakes. |
3 similar comments
|
/retest Please review the full test history for this PR and help us cut down flakes. |
|
/retest Please review the full test history for this PR and help us cut down flakes. |
|
/retest Please review the full test history for this PR and help us cut down flakes. |
|
Flake #15432 again. |
|
@miminar: The following tests failed, say
Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
|
/test extended_conformance_gce |
Determine the registry protocol once. Do not change to other protocol during the run. This will produce nicer output without unrelated protocol fallback errors. Do not default to insecure connection when the --registry-url is empty. Move registry client initialization just before the start of the pruner - so we can precisely determine whether to allow for insecure fall-back based on collected images and image streams. Move ping() outside of pruner. Instead, determine the registry URL before the pruner starts and assume it won't change during the run. Signed-off-by: Michal Minář <miminar@redhat.com>
Signed-off-by: Michal Minář <miminar@redhat.com>
miminar
force-pushed
the
secure-image-prune
branch
from
90e575c to
7fd22bb
Compare
openshift-merge-robot
removed
the
lgtm
|
Rebased. @soltysh may I have your lgtm one more time? |
|
/lgtm |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: fabianofranz, miminar, soltysh The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these OWNERS Files:
You can indicate your approval by writing |
|
/test all [submit-queue is verifying that this PR is safe to merge] |
|
Automatic merge from submit-queue |
Automatic merge from submit-queue [3.6][Backport] Prune images (not)securely Back-porting: - #14114 - #14405 - #14914 - #15899 Resolves [bz#1476779](https://bugzilla.redhat.com/show_bug.cgi?id=1476779)
Determine the registry protocol once. Do not change to other protocol during the run. This will produce nicer output without unrelated protocol fallback errors.
A follow-up for #14114 and #14405
Resolves #15291