self-hosted/teleport
self-hosted/teleport
1
0
Fork 0
mirror of https://github.com/gravitational/teleport synced 2024-10-19 00:33:50 +00:00
Code Issues Packages Projects Releases Wiki Activity

Remove quay.io image promotion (#24777)

Browse source
This commit is contained in:
Roman Tkachenko 2023-04-19 10:18:40 -07:00 committed by GitHub
parent f3b59a3e32
commit dfd12d34b0
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 4 additions and 2881 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2846
.drone.yml
View file

File diff suppressed because it is too large Load diff

4
dronegen/common.go
View file

@ -29,10 +29,6 @@ const (
// ProductionRegistry is the production image registry that hosts are customer facing container images. // ProductionRegistry is the production image registry that hosts are customer facing container images.
ProductionRegistry = "public.ecr.aws" ProductionRegistry = "public.ecr.aws"
// ProductionRegistryQuay is the production image registry that hosts images on quay.io. Will be deprecated in the future.
// See RFD 73 - https://github.com/gravitational/teleport/blob/c18c09f5d562dd46a509154eab4295ad39decc3c/rfd/0073-public-image-registry.md
ProductionRegistryQuay = "quay.io"
// Go version used by internal tools // Go version used by internal tools
GoVersion = "1.18" GoVersion = "1.18"

27
dronegen/container_images_repos.go
View file

@ -103,32 +103,6 @@ func NewEcrContainerRepo(accessKeyIDSecret, secretAccessKeySecret, roleSecret, d
} }
} }
func NewQuayContainerRepo(dockerUsername, dockerPassword string) *ContainerRepo {
registryOrg := ProductionRegistryOrg
if configureForPRTestingOnly {
dockerUsername = testingSecretPrefix + dockerUsername
dockerPassword = testingSecretPrefix + dockerPassword
registryOrg = testingQuayRegistryOrg
}
return &ContainerRepo{
Name: "Quay",
IsImmutable: false,
EnvironmentVars: map[string]value{
"QUAY_USERNAME": {fromSecret: dockerUsername},
"QUAY_PASSWORD": {fromSecret: dockerPassword},
"DOCKERHUB_USERNAME": {fromSecret: "DOCKERHUB_USERNAME"},
"DOCKERHUB_PASSWORD": {fromSecret: "DOCKERHUB_READONLY_TOKEN"},
},
RegistryDomain: ProductionRegistryQuay,
RegistryOrg: registryOrg,
LoginCommands: []string{
fmt.Sprintf("docker login -u=\"$QUAY_USERNAME\" -p=\"$QUAY_PASSWORD\" %q", ProductionRegistryQuay),
`printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin`,
},
}
}
func NewLocalContainerRepo() *ContainerRepo { func NewLocalContainerRepo() *ContainerRepo {
return &ContainerRepo{ return &ContainerRepo{
Name: "Local Registry", Name: "Local Registry",
@ -148,7 +122,6 @@ func GetStagingContainerRepo(uniqueStagingTag bool) *ContainerRepo {
func GetProductionContainerRepos() []*ContainerRepo { func GetProductionContainerRepos() []*ContainerRepo {
return []*ContainerRepo{ return []*ContainerRepo{
NewQuayContainerRepo("PRODUCTION_QUAYIO_DOCKER_USERNAME", "PRODUCTION_QUAYIO_DOCKER_PASSWORD"),
NewEcrContainerRepo("PRODUCTION_TELEPORT_DRONE_USER_ECR_KEY", "PRODUCTION_TELEPORT_DRONE_USER_ECR_SECRET", NewEcrContainerRepo("PRODUCTION_TELEPORT_DRONE_USER_ECR_KEY", "PRODUCTION_TELEPORT_DRONE_USER_ECR_SECRET",
"PRODUCTION_TELEPORT_DRONE_ECR_AWS_ROLE", ProductionRegistry, "production", true, false, false), "PRODUCTION_TELEPORT_DRONE_ECR_AWS_ROLE", ProductionRegistry, "production", true, false, false),
} }

8
dronegen/container_images_testing.go
View file

@ -39,12 +39,11 @@ package main
// 1. Publish the branch you're working on // 1. Publish the branch you're working on
// 2. Set `prBranch` to the name of the branch in (1) // 2. Set `prBranch` to the name of the branch in (1)
// 3. Set `configureForPRTestingOnly` to true // 3. Set `configureForPRTestingOnly` to true
// 4. Create a public and private ECR, Quay repos for "teleport", "teleport-ent", "teleport-operator", "teleport-lab" // 4. Create a public and private ECR repos for "teleport", "teleport-ent", "teleport-operator", "teleport-lab"
// 5. Set `testingQuayRegistryOrg` and `testingECRRegistryOrg` to the org name(s) used in (4) // 5. Set `testingECRRegistryOrg` to the org name(s) used in (4)
// 6. Set the `ECRTestingDomain` to the domain used for the private ECR repos // 6. Set the `ECRTestingDomain` to the domain used for the private ECR repos
// 7. Create two separate IAM users, each with full access to either the public ECR repo OR the private ECR repo // 7. Create two separate IAM users, each with full access to either the public ECR repo OR the private ECR repo
// 8. Create a Quay "robot account" with write permissions for the created Quay repos // 8. Set the Drone secrets for the secret names listed in "GetContainerRepos" to the credentials in (7, 8), prefixed by the value of `testingSecretPrefix`
// 9. Set the Drone secrets for the secret names listed in "GetContainerRepos" to the credentials in (7, 8), prefixed by the value of `testingSecretPrefix`
// //
// On each commit, after running `make dronegen``, run the following commands and resign the file: // On each commit, after running `make dronegen``, run the following commands and resign the file:
// # Pull the current branch instead of v11 so the appropriate dockerfile gets loaded // # Pull the current branch instead of v11 so the appropriate dockerfile gets loaded
@ -57,7 +56,6 @@ package main
const ( const (
configureForPRTestingOnly bool = false configureForPRTestingOnly bool = false
testingSecretPrefix string = "TEST_" testingSecretPrefix string = "TEST_"
testingQuayRegistryOrg string = "" // "fred_heinecke"
testingECRRegistryOrg string = "u8j2q1d9" testingECRRegistryOrg string = "u8j2q1d9"
testingECRRegion string = "us-east-2" testingECRRegion string = "us-east-2"
prBranch string = "" // "fred/multiarch-teleport-actual-container-images" prBranch string = "" // "fred/multiarch-teleport-actual-container-images"