Migrate Staging images away from GCR to AR

Question

Migrate Staging images away from GCR to AR

ameukam opened this issue a month ago · 11 comments

What do you want to happen?

Publish images to a new AR container repository. GCR is depecrated and will be removed on March 2025:
https://cloud.google.com/artifact-registry/docs/transition/prepare-gcr-shutdown#what-happens-after-shutdown

Is there currently another issue associated with this?

kubernetes/k8s.io#1343

Answer 1 · 2024-11-21T16:34:26.000Z

/priority important-soon
/triage accepted

Answer 2 · 2024-11-21T16:39:50.000Z

FYI @kubernetes/ingress-nginx-maintainers

Answer 3 · 2024-11-21T18:46:10.000Z

Can you help improve the description and make it more elaborate and descriptive.

Where is the connection to gcr

% k -n ingress-nginx describe po ingress-nginx-controller-699896b45d-vz42s| grep -i image
    Image:           registry.k8s.io/ingress-nginx/controller:v1.11.3@sha256:d56f135b6462cfc476447cfe564b83a45e8bb7da2774963b00d12161112270b7
    Image ID:        registry.k8s.io/ingress-nginx/controller@sha256:d56f135b6462cfc476447cfe564b83a45e8bb7da2774963b00d12161112270b7
  Normal   Pulled          26m                kubelet                   Container image "registry.k8s.io/ingress-nginx/controller:v1.11.3@sha256:d56f135b6462cfc476447cfe564b83a45e8bb7da2774963b00d12161112270b7" already present on machine

Answer 4 · 2024-11-21T18:47:18.000Z

/remove-priority important-soon
/remove-triage accepted

can reapply labels after detailing the description of the issue

Answer 5 · 2024-11-21T20:09:10.000Z

We are currently pushing images to GCR. As far as I can tell registry.k8s.io is just another name for that. Before promotion images definitely get pushed to GCR.

Answer 6 · 2024-11-22T00:41:19.000Z

So these 23 locations for gcr.io will change to something like pkg.dev https://github.com/search?q=repo%3Akubernetes%2Fingress-nginx%20%20gcr.io&type=code

And similarly all code instance for registry.k8s.io will also change to registry-k8s.pkg.dev

/triage accepted
/priority important-soon

Answer 7 · 2024-11-22T17:03:13.000Z

@ameukam Right now we're publishing images to GCR via Google Cloud Build. In there is a part responsible for the authentication to Google Cloud // Container Registry.

Do I understand correctly that this authentication stays the same and we can just change all the occurrences of GCR to AR in the pushing part and then step by step replace pulling from GCR by AR with the new images as the old images will still exist in GCR?

Answer 8 · 2024-11-22T18:29:07.000Z

@Gacko theoretically, the authentication should stay the same for AR. The images hosted on old images will be copied over the AR repository.

Answer 9 · 2024-11-22T19:24:50.000Z

Alright, thank you! I just also read the issue you linked and docs linked in there. If I get everything correctly, this is only affecting the staging registry, so registry.k8s.io and everything referencing it stays the same, right?

Answer 10 · 2024-11-22T19:29:59.000Z

Yes. There is no changes for registry.k8s.io since it's already backed by AR. The migration is only focused on the staging repositories.

Answer 11 · 2024-11-24T17:58:32.000Z

@Gacko you have a lot already on your plate, i'll go ahead and take this one.