| @jjbeckman:matrix.org | > <@clarkb:matrix.org> Have you tried using namespace resources instead? Then you should be able to create image resources in the job that set credentials for the registry. | 02:49 |
|---|---|---|
| * Thank you for the suggestion. No, I have not tried namespaces yet. I've configured `type: namespace` in `nodepool.yaml`, and have observed that Zuul creates namespaces which contain no pods. Other than that, I have yet to figure out what the intended use case is. Does documentation regarding how to use "type: namespace" instead of `type: pod`, which I am able to use successfully, other than the fact that there is seemingly no way to authenticate with a private registry, exist? | ||
| @jjbeckman:matrix.org | > <@clarkb:matrix.org> When you use the namespace resources instead of pod resources you are given credentials for managing a k8s namespace. This means you can create pods in that namespace how you like. I believe this includes creating image definitions with credetnials to authenticate to your registry. As I mentioned before I don't think there is any mechanism currently to have the pod resource provider configure registry authentication. But I suspect that you can work around this using namespaces | 06:28 |
| I see. Guess I will need to figure out how to use namespaces as using a private registry is a requirement. Thanks! | ||
| -@gerrit:opendev.org- Simon Westphahl proposed: | 14:20 | |
| - [zuul/zuul] 881480: dnm: run dedup tests with multiple schedulers https://review.opendev.org/c/zuul/zuul/+/881480 | ||
| - [zuul/zuul] 881481: dnm: debug https://review.opendev.org/c/zuul/zuul/+/881481 | ||
| @clarkb:matrix.org | I have successfully tested the ensure-quay-repo role locally now after the refactor. No changes appear to be necessary | 16:08 |
| -@gerrit:opendev.org- James E. Blair https://matrix.to/#/@jim:acmegating.com proposed: [zuul/zuul] 881408: Improve FrozenJob.isEqual https://review.opendev.org/c/zuul/zuul/+/881408 | 21:40 | |
| -@gerrit:opendev.org- Clark Boylan proposed: [zuul/zuul-jobs] 881521: Update ensure-quay-repo to run opportunistically https://review.opendev.org/c/zuul/zuul-jobs/+/881521 | 22:23 | |
| @clarkb:matrix.org | This seems to work locally for me | 22:23 |
| @jim:acmegating.com | Clark: ianw on further inspection, i think the issue with zuul-operator is that it's not actually using the built image in the test job. does that project need to be moved to microk8s? | 22:55 |
| @clarkb:matrix.org | I'm not sure how microk8s (or not) may possibly impact that | 22:57 |
| @jim:acmegating.com | i believe ianw moved the k8s container testing to microk8s because minikube is unfeasible now | 22:57 |
| @jim:acmegating.com | and zuul-operator is using minikube. | 22:58 |
| @clarkb:matrix.org | I remember that and I think it had to do with packages that Open build services was hosting no longer being updted and k8s dropping docker by default. And so it was either do a lot of work to fabricobble something together or just use ubuntu's installer and we did that for simplicity | 22:59 |
| @clarkb:matrix.org | It can't hurt to switch it to microk8s at least | 23:00 |
| @jim:acmegating.com | right, k8s+docker is out; k8s+crio wasn't installable. either way, fixing whatever is wrong with minikube just puts us in a dead-end spot, right? so if anything is to be fixed, might as well jump to the one thing we know works for starters? | 23:03 |
| @clarkb:matrix.org | ++ | 23:03 |
| @jim:acmegating.com | okay. if anyone else feels like working on that, there's a plan. | 23:04 |
| @jim:acmegating.com | in the mean time, i think we can probably approve all of the quay.io changes, and leave the operator quay change for when someone is ready to continue maintenance | 23:05 |
| @clarkb:matrix.org | that seems reasonable then tomorrow we can get opendev switched over to consuming the new image locations and give them a shakedown | 23:07 |
| @clarkb:matrix.org | (or sooner is fine too but I'm running out of time today) | 23:07 |
| @jim:acmegating.com | cool, i've approved them. we can work on an announcement tomorrow too. | 23:08 |
| @jim:acmegating.com | (happily, timing is not critical for this switch) | 23:08 |
| -@gerrit:opendev.org- Zuul merged on behalf of James E. Blair https://matrix.to/#/@jim:acmegating.com: [zuul/zuul-preview] 881249: Publish container images to quay.io https://review.opendev.org/c/zuul/zuul-preview/+/881249 | 23:15 | |
| -@gerrit:opendev.org- Zuul merged on behalf of James E. Blair https://matrix.to/#/@jim:acmegating.com: [zuul/gcp-authdaemon] 881251: Publish container images to quay.io https://review.opendev.org/c/zuul/gcp-authdaemon/+/881251 | 23:16 | |
| -@gerrit:opendev.org- Clark Boylan proposed: [zuul/zuul-jobs] 881524: Use consistent registry_type var name across roles https://review.opendev.org/c/zuul/zuul-jobs/+/881524 | 23:19 | |
| -@gerrit:opendev.org- Zuul merged on behalf of James E. Blair https://matrix.to/#/@jim:acmegating.com: [zuul/zuul-storage-proxy] 881250: Publish container images to quay.io https://review.opendev.org/c/zuul/zuul-storage-proxy/+/881250 | 23:23 | |
| -@gerrit:opendev.org- James E. Blair https://matrix.to/#/@jim:acmegating.com proposed: [zuul/nodepool] 881287: Add Azure gallery image support https://review.opendev.org/c/zuul/nodepool/+/881287 | 23:35 | |
| @iwienand:matrix.org | corvus: the new nameservers are up, so any objections to merging https://review.opendev.org/c/opendev/zone-gating.dev/+/880906 to have gating.dev have NS records? | 23:37 |
| @jim:acmegating.com | ianw: nope | 23:38 |
| @iwienand:matrix.org | thanks! | 23:39 |
| @jim:acmegating.com | ianw: `dig gating.dev @ns03.opendev.org` | 23:39 |
| @jim:acmegating.com | do you expect that to work yet? | 23:40 |
| @jim:acmegating.com | i get the expected response on ns1, ns2, and ns04, but not ns03 | 23:40 |
| @iwienand:matrix.org | oh interesting, it works on n04, but not n03 | 23:40 |
| @iwienand:matrix.org | let me check... | 23:40 |
| @iwienand:matrix.org | ok i think it might have tried to transfer, failed and backed off before the change to update firewalls merged. a manual nsd-control transfer has updated it | 23:44 |
| @jim:acmegating.com | cool +3 | 23:46 |
| -@gerrit:opendev.org- Zuul merged on behalf of Ian Wienand: [opendev/zone-gating.dev] 880906: Add Jammy refresh NS records https://review.opendev.org/c/opendev/zone-gating.dev/+/880906 | 23:55 | |
| @iwienand:matrix.org | ok, both myself and https://toolbox.googleapps.com/apps/dig/ see NS records in there for ns03&ns04 in gating.dev | 23:59 |
| @iwienand:matrix.org | corvus: i think you can switch at the registry whenever convenient | 23:59 |
Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!