Conversation
|
Tag for build #346573 is 💻 For deploying this image using the dev scripts, run the following first: export MAIN_IMAGE_TAG='3.69.x-176-g269e9df8af'📦 You can also generate an installation bundle with: docker run -i --rm stackrox/main:3.69.x-176-g269e9df8af central generate interactive > bundle.zip🕹️ A |
janisz
left a comment
There was a problem hiding this comment.
Please add description for this PR
vikin91
left a comment
There was a problem hiding this comment.
The changes in this PR look fine, but I it is difficult to say whether there they are complete (maybe there should be more changes for this?)
I would be interested how this has been tested. I know this is feature-flagged, but adding bats and expect tests for roxctl could really help catching potential problems.
|
@fredrb could you maybe also give it a short look? You have the most experience with this area |
fredrb
left a comment
There was a problem hiding this comment.
My biggest concern is releasing this without having the downstream image available. If it was already created then you can ignore my inline comments.
| MainImageName: "rhacs-main-rhel8", | ||
| MainImageTag: v.MainVersion, | ||
| CentralDBImageTag: v.MainVersion, | ||
| CentralDBImageName: "rhacs-central-db-rhel8", |
There was a problem hiding this comment.
Just keep in mind that this image has to be built downstream (CPaaS). I assume this was not done yet.
There was a problem hiding this comment.
Yes, I will put a TODO tag with jira blocker.
| initContainers: | ||
| - name: init-db | ||
| image: {{ ._rox.central.image.fullRef | replace "main" "central-db" | quote }} | ||
| image: {{ ._rox.central.dbImage.fullRef | quote }} |
There was a problem hiding this comment.
Shouldn't we wrap this with a meta template feature flag check? At least until the image is available downstream. If this is released prior to rhacs-central-db-rhel8 being available, the init container will crash when on rhacs flavor.
The meta template would look something like this:
[<- if .FeatureFlags.FLAG_NAME >]
...
[<- else >]
...
[<- end >]There was a problem hiding this comment.
Is it possible to release upstream only? We use enableCentralDB flag, which will block this template file entirely. See line #2.
There was a problem hiding this comment.
Oh ok. That makes sense. I missed the conditional check on line 2.
Is it possible to release upstream only?
I'm not sure if it is. Technically the downstream release (registry.redhat.io) is our official release. I think it should be fine as long as:
- This file isn't included if
enableCentralDBis not enabled (which is covered by line 2). - We create a
rhacs-central-db-rhel8image downstream once this needs to be released (covered by the task you created ROX-9858).
There was a problem hiding this comment.
If possible, please update the JIRA description with a pointer to this PR and mention that the image that needs to be written is for rhacs-central-db-rhel8.
| if {[info exists ::env(ROX_POSTGRES_DATASTORE)] && [string equal "$env(ROX_POSTGRES_DATASTORE)" true]} { | ||
| # Enter central-db image to use (default: "docker.io/stackrox/central-db:2.21.0-15-g448f2dc8fa"): | ||
| # Enter central-db image to use (default: "stackrox.io/central-db:3.67.x-296-g56df6a892d"): | ||
| # Enter central-db image to use (default: "registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8:3.68.x-30-g516b4e7a6c-dirty"): | ||
| expect { | ||
| default { | ||
| send_user "\nFATAL: No question about Central-DB image\n" | ||
| exit 8 | ||
| } | ||
| "Enter central-db * (if unset, the default will be used):" { | ||
| send_user "WARNING: roxctl does not suggest any registry for central-db" | ||
| send "\n" | ||
| set exitWith [expr {$exitWith + 2}] | ||
| } | ||
| "Enter central-db * (default: \"$registry/central-db:*\"):" { | ||
| send_user "roxctl suggests correct registry for central-db" | ||
| send "\n" | ||
| } | ||
| # Special case for RHACS to avoid writing a regexp in TCL | ||
| "Enter central-db * (default: \"$registry/rhacs-central-db-rhel8:*\"):" { | ||
| send_user "roxctl suggests correct registry for central-db" | ||
| send "\n" | ||
| } | ||
| } | ||
| } |
There was a problem hiding this comment.
Feature-flags in expect - cool!
Description
We cannot choose Central DB image as of now. It is derived from main image.
This PR allows select Central DB image separately from Main.
Checklist
[ ] Evaluated and added CHANGELOG entry if required[ ] Determined and documented upgrade steps[ ] Documented user facing changes (create PR based on [stackrox/openshift-docs](https://github.com/stackrox/openshift-docs) and merge into rhacs-docs)If any of these don't apply, please comment below.
Testing Performed
Run CI tests and deploy with postgres flag enabled.
TODO(replace-me)
Use this space to explain how you tested your PR, or, if you didn't test it, why
you did not do so. Valid reasons include, for example, "CI is sufficient",
"No testable changes". Feel free to attach JSON snippets, curl commands,
screenshots.
In addition to reviewing your code, reviewers must also review your testing
instructions and make sure they are sufficient.