awx-operator icon indicating copy to clipboard operation
awx-operator copied to clipboard

Published 20 hours ago • verified publisher icon ansible

Support specifying a custom registry for all sources

Open daneov opened this issue 10 months ago • 4 comments

Please confirm the following

  • [X] I agree to follow this project's code of conduct.
  • [X] I have checked the current issues for duplicates.
  • [X] I understand that AWX Operator is open source software provided for free and that I might not receive a timely response.

Feature Summary

Idea

Is there a 'global' field that I can use to override all references to quay.io?

Use-case:

In a corporate environment we make use of Artifactory as a pull-through-cache (for a variety of reasons).
We want to make sure AWX uses this same mechanism, but it's been quite a journey on how to achieve this.

Reasoning

So far I've found the following required fields when attempting to do this:

redis_image: docker.private.registry.com/redis
redis_image_version: latest # -- required, but it shouldn't be imo: #1441 
control_plane_ee_image: docker.private.registry.com/ansible/awx-ee:24.1.0
init_container_image: docker.private.registry.com/ansible/awx-ee
init_container_image_version: 24.1.0 # -- required, but it shouldn't be imo: #1441 
image: docker.private.registry.com/ansible/awx
image_version: 24.1.0 # -- required, but it shouldn't be imo: #1441 
ee_images:
  - name: Cached-EE
    image: docker.private.registry.com/ansible/awx-ee
postgres_image: docker.private.registry.com/sclorg/postgresql-15-c9s
postgres_image_version: latest

Aside from #1441, this leaves me with the following questions:

  1. Are there any I missed?
  2. Would it be possible to define a global 'registry' somehow, to ensure I don't miss anything?

daneov avatar Apr 07 '24 09:04 daneov

@daneov Hi,

Are there any I missed?

In addition to your list, there is init_projects_container_image for AWX CR. Also. for Operator itself, you should replace registry.example.com/ansible/awx-operator and gcr.io/kubebuilder/kube-rbac-proxy with your mirror by kustomize or any way.

Would it be possible to define a global 'registry' somehow, to ensure I don't miss anything?

AFAIK currentry there is no such option to override container registry for all images. However, for your purposes, I think it would be more appropriate to specify your pull-through-cache as registry mirrors for the container runtime of your Kubernetes cluster (e.g. containerd), rather than having Operator provide this functionality.

kurokobo avatar Apr 07 '24 13:04 kurokobo

Those images are indeed covered through Kustomize, I forgot to copy those.

re your last suggestion: I didn't even think of that, that'd be a great option indeed! Thanks for the pointer :)

daneov avatar Apr 07 '24 15:04 daneov

Indeed last suggestion is a good one ! except for us quay is not yet fully supported by our jfrog proxy. As a big IT Team a request would put days for artifactory behavior to be changed ... It would be much simpler for our team to change all registry mirror with a single endpoint (as current proxy behaviour can be fixed on our side just by removing "quay.io" in image header) but we have to do it once per image Anyway thanks for the heads-up ;)

RobinSegura avatar Apr 10 '24 13:04 RobinSegura

Hi, I wonder if the team is interested in a PR to at least enable the possibility to override registry.example.com/ansible/awx-operator and gcr.io/kubebuilder/kube-rbac-proxy in the values.yaml ?

Falltrades avatar Jul 27 '24 20:07 Falltrades