Commit 5629c069 authored by Derek Nola's avatar Derek Nola

Remove docker login secret, move to docker registry cache

parent c3883b65
......@@ -26,10 +26,6 @@ spec:
mountPath: /data
ports:
- containerPort: 80
# This is only used if the regcred secret is created
# which increases the dockerhub pull rate limit
imagePullSecrets:
- name: regcred
volumes:
- name: volv
persistentVolumeClaim:
......
......@@ -7,8 +7,8 @@ curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stabl
sudo mv kubectl /usr/local/bin/ && \
chmod a+x /usr/local/bin/kubectl
echo 'Installing jq'
sudo apt-get -y install jq
echo 'Installing jq and docker'
sudo apt-get -y install jq docker.io
echo 'Installing Go'
GO_VERSION=1.19.1
......@@ -39,3 +39,10 @@ vagrant plugin install vagrant-k3s vagrant-reload vagrant-scp
echo 'Cloning repo'
ls k3s 2>/dev/null || git clone https://github.com/k3s-io/k3s.git
# Use curl -X GET <IP_ADDR>:5000/v2/_catalog to see cached images
echo 'Setting up docker registry as a cache'
docker run -d -p 5000:5000 \
-e REGISTRY_PROXY_REMOTEURL=https://registry-1.docker.io \
--restart always \
--name registry registry:2
\ No newline at end of file
#!/bin/bash
# Script to to point k3s to the docker registry running on the host
# This is used to avoid hitting dockerhub rate limits on E2E runners
ip_addr=$1
mkdir -p /etc/rancher/k3s/
echo "mirrors:
docker.io:
endpoint:
- \"http://$ip_addr:5000\"" >> /etc/rancher/k3s/registries.yaml
\ No newline at end of file
......@@ -7,6 +7,7 @@ k3s_channel=${k3s_channel:-"commit"}
hardened=${8:-""}
E2E_EXTERNAL_DB=$db && export E2E_EXTERNAL_DB
E2E_REGISTRY=true && export E2E_REGISTRY
eval openvpn --daemon --config external.ovpn &>/dev/null &
sleep 10
......
......@@ -336,21 +336,6 @@ func RestartCluster(nodeNames []string) error {
return nil
}
// DockerLogin authenticates to the docker registry for increased pull limits
func DockerLogin(kubeConfig string, ci bool) error {
if !ci {
return nil
}
// Authenticate to docker hub to increade pull limit
cmd := fmt.Sprintf("kubectl create secret docker-registry regcred --from-file=.dockerconfigjson=%s --kubeconfig=%s",
"../amd64_resource_files/docker_cred.json", kubeConfig)
res, err := RunCommand(cmd)
if err != nil {
return fmt.Errorf("failed to create docker registry secret: %s : %v", res, err)
}
return nil
}
// RunCmdOnNode executes a command from within the given node
func RunCmdOnNode(cmd string, nodename string) (string, error) {
runcmd := "vagrant ssh -c \"" + cmd + "\" " + nodename
......
......@@ -7,6 +7,7 @@ GITHUB_BRANCH = (ENV['E2E_GITHUB_BRANCH'] || "master")
RELEASE_VERSION = (ENV['E2E_RELEASE_VERSION'] || "")
EXTERNAL_DB = (ENV['E2E_EXTERNAL_DB'] || "etcd")
HARDENED = (ENV['E2E_HARDENED'] || "")
REGISTRY = (ENV['E2E_REGISTRY'] || "")
RANCHER = (ENV['E2E_RANCHER'] || "")
NODE_CPUS = (ENV['E2E_NODE_CPUS'] || 2).to_i
NODE_MEMORY = (ENV['E2E_NODE_MEMORY'] || 1024).to_i
......@@ -37,6 +38,10 @@ def provision(vm, role, role_num, node_num)
vm.provision "Set kernel parameters", type: "shell", path: scripts_location + "/harden.sh"
hardened_arg = "protect-kernel-defaults: true\nkube-apiserver-arg: \"enable-admission-plugins=NodeRestriction,PodSecurityPolicy,ServiceAccount\""
end
if !REGISTRY.empty?
vm.provision "Set private registry", type: "shell", path: scripts_location + "/registry.sh", args: [ "#{NETWORK_PREFIX}.1" ]
end
if role.include?("server") && role_num == 0
vm.provision 'k3s-primary-server', type: 'k3s', run: 'once' do |k3s|
......
......@@ -54,7 +54,6 @@ var _ = Describe("Verify Create", Ordered, func() {
fmt.Println("Agent Nodes:", agentNodeNames)
kubeConfigFile, err = e2e.GenKubeConfigFile(serverNodeNames[0])
Expect(err).NotTo(HaveOccurred())
Expect(e2e.DockerLogin(kubeConfigFile, *ci)).To(Succeed())
})
It("Checks Node and Pod Status", func() {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment