Skip to content

Commit

Permalink
fix(image-builder): use google keychain for Artifact Registry domains (
Browse files Browse the repository at this point in the history 
…#553)

<!--  Thanks for sending a pull request!  Here are some tips for you:

1. Run unit tests and ensure that they are passing
2. If your change introduces any API changes, make sure to update the
e2e tests
3. Make sure documentation is updated for your PR!

-->
# Description
<!-- Briefly describe the motivation for the change. Please include
illustrations where appropriate. -->
To pull images from GCR image-builder checks if the image name contains
"gcr.io". The new Artifact Registry uses different domain names, for
example `asia-docker.pkg.dev`.


# Modifications
<!-- Summarize the key code changes. -->

- Use google keychain for `pkg.dev` domains too.

# Tests
<!-- Besides the existing / updated automated tests, what specific
scenarios should be tested? Consider the backward compatibility of the
changes, whether corner cases are covered, etc. Please describe the
tests and check the ones that have been completed. Eg:
- [x] Deploying new and existing standard models
- [ ] Deploying PyFunc models
-->

# Checklist
- [ ] Added PR label
- [ ] Added unit test, integration, and/or e2e tests
- [ ] Tested locally
- [ ] Updated documentation
- [ ] Update Swagger spec if the PR introduce API changes
- [ ] Regenerated Golang and Python client if the PR introduces API
changes

# Release Notes
<!--
Does this PR introduce a user-facing change?
If no, just write "NONE" in the release-note block below.
If yes, a release note is required. Enter your extended release note in
the block below.
If the PR requires additional action from users switching to the new
release, include the string "action required".

For more information about release notes, see kubernetes' guide here:
http://git.k8s.io/community/contributors/guide/release-notes.md
-->

```release-note
NONE
```
  • Loading branch information
@mbruner
mbruner authored Mar 19, 2024
1 parent 1f308f5 commit 308a0d6
Showing 1 changed file with 14 additions and 3 deletions.
17 changes: 14 additions & 3 deletions api/pkg/imagebuilder/imagebuilder.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -174,7 +174,7 @@ func (c *imageBuilder) getHashedModelDependenciesUrl(ctx context.Context, versio
return hashedDependenciesUrl, nil
}

if err != nil && !errors.Is(err, storage.ErrObjectNotExist) {
if !errors.Is(err, storage.ErrObjectNotExist) {
return "", err
}

Expand Down Expand Up @@ -357,6 +357,14 @@ func (c *imageBuilder) imageExists(imageName, imageTag string) bool {
return imageExists
}

// getGCPSubDomains returns the list of GCP container registry and artifact registry subdomains.
//
// GCP container registry and artifact registry domains are used to determine which keychain to use when interacting with container registry.
// This is needed because GCP registries use different authentication method than other container registry.
func getGCPSubDomains() []string {
return []string{"gcr.io", "pkg.dev"}
}

// ImageExists returns true if the versioned image (tag) already exist in the image repository.
//
// We are using Crane to interacting with container registry because the authentication already handled by Crane's keychain.
Expand All @@ -366,8 +374,11 @@ func (c *imageBuilder) imageExists(imageName, imageTag string) bool {
// https://github.com/google/go-containerregistry/blob/master/pkg/v1/google/README.md
func (c *imageBuilder) imageRefExists(imageName, imageTag string) (bool, error) {
keychain := authn.DefaultKeychain
if strings.Contains(c.config.DockerRegistry, "gcr.io") {
keychain = google.Keychain

for _, domain := range getGCPSubDomains() {
if strings.Contains(c.config.DockerRegistry, domain) {
keychain = google.Keychain
}
}

repo, err := name.NewRepository(imageName)
Expand Down

0 comments on commit 308a0d6

Please sign in to comment.