Skip to content

add --image-url-substitution #296

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

add --image-url-substitution #296

wants to merge 1 commit into from

Conversation

roelarents
Copy link
Contributor

@roelarents roelarents commented Nov 19, 2024
edited
Loading

In our use case we are mirroring external/public images (e.g. from DockerHub) to our own private container registry, so we don't have to rely on availability and rate limiting. But we only mirror particular/arbitrary tags. So version-checker will always see those as the latest tags. This PR adds a --image-url-substitution cli option. It enables to replace (sed-style) something in all image URLs, before looking it up. All our mirrored images are prefixed like privateregistry.example.com/mirrored/docker.io/original:tag, so we can remove that prefix.
Any override annotation is still applied after.

@davidcollom
Copy link
Collaborator

davidcollom commented Jan 24, 2025
edited
Loading

Hi, Sorry for the delayed response and we appreciate the time spent on this PR.

I feel like this can be achieved by using metric_relabel_configs values, I believe that having the metric label exposed from where the image/version was detected is a core principle and would feel strongly in changing this approach as it would make debugging significantly more challenging.

An example metric_relabel_config may look like this:

metrics_relabel_configs:
  - source_labels: [image]
    regex: "privateregistry\\.example\\.com/mirrored/(.*)"
    target_label: image
    replacement: "$1"
    action: replace

Which would result in the image label being docker.io/original:tag

@roelarents
Copy link
Contributor Author

Thx for checking!
Relabeling would come too late. The goal (in our use case) is to check/search the original image repository for newer tags, instead of our own private repository. Because we don't mirror/copy everything from the original repository (would be too much), only the tag/version that we use. If we check in our own repository, instead of the original, it appears as if we always use the latest. False positive. I can imagine other people who mirror images also only mirror the version they currently use.

@davidcollom
Copy link
Collaborator

davidcollom commented Mar 24, 2025
edited
Loading

Hmmmm - I hadn't considered local caching actually! I can see how you'd get some false positives that way! and can certainly see the challenge... We've an internal meeting this week about version-checker, I'll make sure to bring this issue up...

@roelarents Could you confirm for me this (I may be repeating what you've said above, but just so I can understand exactly what the ask/intentions are):

  • You have a container with privateregistry.example.com/mirrored/docker.io/original:tag
  • This is mirrored from docker.io/original:latest
  • You want Version Checker to query docker.io/original:latest - BUT report: the status/image as privateregistry.example.com/mirrored/docker.io/original

davidcollom
davidcollom reviewed Mar 24, 2025
View reviewed changes
pkg/controller/checker/substitution.go
Comment on lines +39 to +59
if len(sedCommand) < 4 {
return "", "", "", fmt.Errorf("sed command for substitution seems to short: %s", sedCommand)
}
if sedCommand[0] != 's' {
return "", "", "", fmt.Errorf("sed command for substitution should start with s: %s", sedCommand)
}
separator := regexp.QuoteMeta(sedCommand[1:2])
group := fmt.Sprintf(`((?:.|\\[%s])*)`, separator)
pattern := `^s` + separator + group + separator + group + separator + group + `$`
matcher, err := regexp.Compile(pattern)
if err != nil {
return "", "", "", fmt.Errorf("regexp to parse sed command for substitution does not compile: %s %w", pattern, err)
}
submatches := matcher.FindStringSubmatch(sedCommand)
if len(submatches) != 4 {
return "", "", "", fmt.Errorf("sed command for substitution could not be parsed: %s", pattern)
}
return strings.ReplaceAll(submatches[1], "\\"+separator, separator),
strings.ReplaceAll(submatches[2], "\\"+separator, separator),
submatches[3], nil
}
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is there any reason why you chose SED over a standard/traditional Regex? (which looks like you're doing anyway after all the sed-specific searches)

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I used the sed-like format/syntax to have the search and replacement string in one cli option. It seemed like a well-known/popular/widely-used format to me (s/search/replace). For the rest it doesn't have anything to do with sed.

davidcollom
davidcollom requested changes Mar 24, 2025
View reviewed changes
Copy link
Collaborator

@davidcollom davidcollom left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

See comments

@davidcollom davidcollom added enhancement New feature or request question Further information is requested do-not-merge/hold go Pull requests that update Go code labels Mar 24, 2025
@davidcollom davidcollom mentioned this pull request Mar 24, 2025
Open
@roelarents
Copy link
Contributor Author

Could you confirm for me this (I may be repeating what you've said above, but just so I can understand exactly what the ask/intentions are):

  • You have a container with privateregistry.example.com/mirrored/docker.io/original:tag
  • This is mirrored from docker.io/original:latest
  • You want Version Checker to query docker.io/original:latest - BUT report: the status/image as privateregistry.example.com/mirrored/docker.io/original

Yes. Except:

  1. The tag would be the same in private and public. And mostly it would not be latest but a specific version tag.
  2. It doesn't need to be reported as privateregistry.example.com/mirrored/docker.io/original, but as docker.io/original.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@davidcollom davidcollom davidcollom requested changes

Assignees

@roelarents roelarents

@maria-reynoso maria-reynoso

Labels
do-not-merge/hold enhancement New feature or request go Pull requests that update Go code question Further information is requested
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@roelarents @davidcollom @maria-reynoso