Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Check that the images we deploy are those we built #479

Open
skitt opened this issue Mar 9, 2021 · 7 comments · May be fixed by #1809
Open

Check that the images we deploy are those we built #479

skitt opened this issue Mar 9, 2021 · 7 comments · May be fixed by #1809
Assignees
@skitt
Labels
bug Something isn't working confirmed For issues and PRs which we definitely want (disables the stale bot) maintenance Small tasks related to ongoing maintenance priority:low

Comments

@skitt
Copy link
Member

skitt commented Mar 9, 2021

To avoid testing old images, instead of those we’re supposed to build, we should:

  • store the hashes of the images when we build them (e.g. in the existing package/.image... trackers)
  • once our pods are up and running, check that the container hashes match the expected hashes

This can be made generic: we only need to check the package contents.
@stale
Copy link

stale bot commented May 8, 2021

This issue has been automatically marked as stale because it has not had activity for 60 days. It will be closed if no further activity occurs. Please make a comment if this issue/pr is still valid. Thank you for your contributions.

@stale stale bot added the wontfix This will not be worked on label May 8, 2021
@skitt
Copy link
Member Author

skitt commented May 10, 2021

This is still relevant.

@stale stale bot removed the wontfix This will not be worked on label May 10, 2021
@skitt
Copy link
Member Author

skitt commented Jun 11, 2021

buildx --iidfile doesn’t report the right image id in our configuration; see docker/buildx#420 for details. Perhaps we should switch back to plain docker build since we don’t currently build multi-arch images, or move to Buildah.

@skitt
Copy link
Member Author

skitt commented Jun 11, 2021

Depends on docker/buildx#420

@stale
Copy link

stale bot commented Oct 9, 2021

This issue has been automatically marked as stale because it has not had activity for 60 days. It will be closed if no further activity occurs. Please make a comment if this issue/pr is still valid. Thank you for your contributions.

@stale stale bot added the wontfix This will not be worked on label Oct 9, 2021
@sridhargaddam sridhargaddam removed the wontfix This will not be worked on label Oct 9, 2021
@dfarrell07 dfarrell07 assigned dfarrell07 and skitt and unassigned dfarrell07 Jan 11, 2022
@dfarrell07
Copy link
Member

The issue this depended on upstream is now fixed, so this can be worked on.

@dfarrell07 dfarrell07 added help wanted Extra attention is needed bug Something isn't working maintenance Small tasks related to ongoing maintenance labels May 10, 2022
@mkolesnik mkolesnik added the confirmed For issues and PRs which we definitely want (disables the stale bot) label Jul 5, 2022
@skitt
Copy link
Member Author

skitt commented May 17, 2023

The id we get in package/.image.foo files is now correct, but it’s not usable directly. It gives an image sha, but the sha in the repository isn’t the same; so to check against the sha we get in a pod’s properties, we need to extract the repository sha from the image:

docker image inspect sha256:41d0d1dc4ccf6d6d13e079fa17fd48aa633f3fe1e04550506770417a0a7d5d03 | jq -r '.[0].RepoDigests[0]'

This will produce something like

localhost:5000/submariner-gateway@sha256:cc468fb364997c75fb57f8ff6889a5ac191ab088248bb0758e2e11f218a60b0d

and that can be compared with the imageID in the pods’ descriptions:

$ kubectl get pods -A -l app=submariner-gateway -o json | jq -r '.items[].status.containerStatuses[].imageID'
localhost:5000/submariner-gateway@sha256:cc468fb364997c75fb57f8ff6889a5ac191ab088248bb0758e2e11f218a60b0d

@skitt skitt moved this to In Progress in Submariner 0.16 May 17, 2023
@skitt skitt removed the help wanted Extra attention is needed label May 17, 2023
@skitt skitt mentioned this issue Jun 12, 2023
Closed
@skitt skitt moved this from In Progress to In Review in Submariner 0.16 Jun 26, 2023
@Jaanki Jaanki removed this from Submariner 0.16 Oct 3, 2023
@maayanf24 maayanf24 added this to Backlog Jul 2, 2024
@maayanf24 maayanf24 moved this to Backlog in Backlog Jul 2, 2024
@skitt skitt linked a pull request Jan 13, 2025 that will close this issue
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@skitt skitt

Labels
bug Something isn't working confirmed For issues and PRs which we definitely want (disables the stale bot) maintenance Small tasks related to ongoing maintenance priority:low
Projects
Backlog
Status: Backlog
Milestone
No milestone
4 participants
@dfarrell07 @skitt @sridhargaddam @mkolesnik