BC Registry Image Artifactory

[pwei1018]

What is the problem?

• OpenShift removed some older base images that were still in use and linked.

What is the impact?

• If some old applications like solr, postgres oracle fdw, minio, nats etc. might need to rebuild or re-deployment by these images, then will be failed.

Proposed solution

• Setup an artifactory in Google Artifact Registry and also think about manage the image state by Terraform.

[bolyachevets]

terraform configs for docker: https://github.com/bcgov/bcregistry-gcp-jobs/tree/tools/gcp-container-registry
github action to push images to gcp docker registry: https://github.com/bcgov/bcregistry-gcp-jobs/actions/workflows/docker-image.yml

The job does not run terraform cloud, as we don't manage gcp container registry images (it is not currently possible). terraform is run locally and images from the list are pushed to gcp if they are not already there.

To manage a new image we just need to update the list and run the job.

[bolyachevets]

Looking at the "base" image layers:

MINIO:

LABEL io.openshift.build.name=minio-15 io.openshift.build.namespace=openshift io.openshift.build.commit.author=Angelika Ehlers \u003cangelika.ehlers@gov.bc.ca\u003e io.openshift.build.commit.date=Wed Mar 28 10:10:12 2018 -0700 io.openshift.build.commit.id=311e43495094439bb76aa0ecad5f574964595dce io.openshift.build.commit.ref=master io.openshift.build.commit.message=Update Dockerfile io.openshift.build.source-location=https://github.com/garywong-bc/s3-minio

SOLR:

LABEL "io.openshift.build.commit.author"="Kial Kial.Jinnah@gov.bc.ca" "io.openshift.build.commit.date"="Wed Jun 8 15:22:27 2022 -0700" "io.openshift.build.commit.id"="565c0e289b480df4e0196961c6e08e1bfcb83d2b" "io.openshift.build.commit.message"="added oracle connection + data config for colin import (#12)" "io.openshift.build.commit.ref"="master" "io.openshift.build.name"="namex-solr-base-8" "io.openshift.build.namespace"="f2b77c-tools" "io.openshift.build.source-location"="https://github.com/bcgov/namex-solr.git"

LABEL io.openshift.build.source-location=https://github.com/bcgov/namex-solr.git io.openshift.build.name=namex-solr-base-7 io.openshift.build.namespace=servicebc-ne-tools io.openshift.build.commit.author=Walter Moar \u003c35532993+WalterMoar@users.noreply.github.com\u003e io.openshift.build.commit.date=Sat Aug 11 11:56:40 2018 -0700 io.openshift.build.commit.id=7cf4eb2620c993b8af016f7b4345f1ff2b7b5b5e io.openshift.build.commit.ref=master io.openshift.build.commit.message=Add solr-jdbc library for reading synonyms from DB #590 (#3)

FDW:

LABEL "io.openshift.build.commit.author"="pwei1018 \u003cpatrick.wei@gov.bc.ca\u003e" "io.openshift.build.commit.date"="Fri Mar 19 12:23:54 2021 -0700" "io.openshift.build.commit.id"="4e7603448a6ec2f3d3a82c99b1562feb4b0cc21e" "io.openshift.build.commit.message"="update" "io.openshift.build.commit.ref"="test" "io.openshift.build.name"="postgresql-oracle-fdw-10" "io.openshift.build.namespace"="f2b77c-tools" "io.openshift.build.source-location"="https://github.com/pwei1018/openshift-postgresql-oracle_fdw.git"

POSTGRES:

LABEL "release"="131.1679308158" "distribution-scope"="public" "vendor"="Red Hat, Inc." "build-date"="2023-03-20T10:49:00" "architecture"="x86_64" "vcs-type"="git" "vcs-ref"="ed93fc47d10241863547eef76e79c4fb62790992" "url"="https://access.redhat.com/containers/#/registry.access.redhat.com/rhscl/postgresql-12-rhel7/images/1-131.1679308158"

NATS:
0.21.2

I backed up these images accordingly in google cloud container registries.
Images can be explored here: https://console.cloud.google.com/gcr/images/c4hnrd-dev?project=c4hnrd-dev

I tested that minio images work in dev/test for now.

The process to use minio image is as follows:

1. Tag the google cloud container registry image for minio, e.g.:
   oc tag gcr.io/c4hnrd-dev/image-registry.apps.silver.devops.gov.bc.ca/d893f6-tools/minio:backup d893f6-tools/minio:dev
2. This will reference the image stored in google container registry under dev tag in the openshift imagestream, which will trigger a redeployment for buildconfigs that have triggers set up for that image. Image will be pulled from google container registry.

[bolyachevets]

In the future, if we want to update images for minio, postgres, etc. we can add a new image to https://github.com/bcgov/bcregistry-gcp-jobs/blob/417f1d58f11300d5e81389649bf836e1fac67d57/gcp-container-registry/variables.tf#L35 and run this job: https://github.com/bcgov/bcregistry-gcp-jobs/actions/workflows/docker-image.yml
After we tag the new image as described above the image will be pulled from gcp container registry instead of openshift

[seeker25]

The minio image is fairly old and outdated, we should probably build our own.

#15241

[bolyachevets]

The minio image is fairly old and outdated, we should probably build our own.

#15241

Thanks was going to quote that issue, as well as #15224
and #15198 - hopefully new workflow is followed