core icon indicating copy to clipboard operation
core copied to clipboard
verified publisher icon googlecloudrobotics

Mirror external deps to cloud-robotics releases

Open ensonic opened this issue 2 months ago • 0 comments

Today we're seeing outages of quay.io and docker.io. Bewlow is a list of images that is referenced by such a typical install.

kubectl --context=gke_robco-ensonic_europe-west1-c_cloud-robotics get pods --all-namespaces -o jsonpath='{.items[*].spec.containers[*].image}' | tr -s '[[:space:]]' '\n' | egrep -v "(gcr.io|registry.k8s.io)" | sort | uniq
docker.io/grafana/grafana:10.3.1
quay.io/jetstack/cert-manager-cainjector:v1.16.3
quay.io/jetstack/cert-manager-controller:v1.16.3
quay.io/jetstack/cert-manager-webhook:v1.16.3
quay.io/kiwigrid/k8s-sidecar:1.25.2
quay.io/oauth2-proxy/oauth2-proxy:v7.5.1
quay.io/prometheus/node-exporter:v1.7.0
quay.io/prometheus-operator/prometheus-config-reloader:v0.71.2
quay.io/prometheus-operator/prometheus-operator:v0.71.2
quay.io/prometheus/prometheus:v2.49.1

We can check the used images in each chart:

> helm template "cert-manager" third_party/cert-manager/cert-manager-v1.16.3.tgz | grep "image:" | cut -d':' -f2- | tr -d '" '
quay.io/jetstack/cert-manager-cainjector:v1.16.3
quay.io/jetstack/cert-manager-controller:v1.16.3
quay.io/jetstack/cert-manager-webhook:v1.16.3
quay.io/jetstack/cert-manager-startupapicheck:v1.16.3

We can use gcrane to copy images. A first step might be to do this manually when bumping versions of certmanager/oauth2-proxy/kube-prometheus-stack.

gcrane cp quay.io/jetstack/cert-manager-cainjector:v1.16.3 gcr.io/cloud-robotics-releases/jetstack/cert-manager-cainjector:v1.16.3

In addition to the charts there are a few static refs:

> git grep "^[^#]*image: [^{]" *.yaml 
docs/how-to/examples/charge-service/charge-controller.yaml:        image: gcr.io/[PROJECT_ID]/charge-controller
docs/how-to/examples/hello-service/server/hello-server.yaml:        image: gcr.io/[PROJECT_ID]/hello-server:latest
src/app_charts/base/cloud/nginx-ingress-controller.yaml:          image: registry.k8s.io/ingress-nginx/controller-chroot:v1.8.4@sha256:76100ab4c1b3cdc2697dd26492ba42c6519e99c5df1bc839ac5d6444a2c58d17
src/app_charts/base/cloud/oauth2-proxy.yaml:        image: quay.io/oauth2-proxy/oauth2-proxy:v7.5.1
src/app_charts/base/robot/fluent-bit.yaml:          image: "cr.fluentbit.io/fluent/fluent-bit:3.2.8"
src/app_charts/prometheus/robot/smartctl-exporter.yaml:          image: gcr.io/cloud-robotics-releases/smartctl-exporter:v0.12.0
third_party/fluentd_gcp_addon/fluentd-gcp-ds.yaml:        image: gcr.io/stackdriver-agents/stackdriver-logging-agent:1.9.5

When installing we can maybe also replace the registry in ? https://github.com/googlecloudrobotics/core/blob/main/src/app_charts/base/cloud/cert-manager.yaml (the long match attempt to ensure we only do this in the desired places):

{{ .Files.Get "files/cert-manager-chart.cloud.yaml" | replace "HELM-NAMESPACE" .Release.Namespace | replace "PROJECT-ID" .Values.project | replace "quay.io/jetstack/" "gcr.io/cloud-robotics-releases/jetstack/" }}

ensonic avatar Oct 20 '25 12:10 ensonic