feat: basic image mirroring (no-auth, amd64 only)

Author: plaffitt

api/kuik/v1alpha1/imagemirror_types.go

@@ -15,9 +15,8 @@ type ImageMirrorSpec struct {
 
 // ImageMirrorStatus defines the observed state of ImageMirror.
 type ImageMirrorStatus struct {
-	// Digest is the digest of the mirrored image
-	Digest     string             `json:"digest,omitempty"`
-	Conditions []metav1.Condition `json:"conditions,omitempty"`
+	// Phase represents the current phase of the ImageMirror
+	Phase string `json:"phase,omitempty"`
 }
 
 // +kubebuilder:object:root=true
@@ -26,6 +25,7 @@ type ImageMirrorStatus struct {
 // +kubebuilder:printcolumn:name="Image",type="string",JSONPath=".spec.path"
 // +kubebuilder:printcolumn:name="From",type="string",JSONPath=".spec.registry"
 // +kubebuilder:printcolumn:name="To",type="string",JSONPath=".spec.targetRegistry"
+// +kubebuilder:printcolumn:name="Status",type="string",JSONPath=".status.phase"
 // +kubebuilder:printcolumn:name="Age",type="date",JSONPath=".metadata.creationTimestamp"
 
 // ImageMirror is the Schema for the imagemirrors API.
@@ -49,3 +49,19 @@ type ImageMirrorList struct {
 func init() {
 	SchemeBuilder.Register(&ImageMirror{}, &ImageMirrorList{})
 }
+
+func (i *ImageMirrorSpec) TargetReference() string {
+	if i.TargetRegistry == "" {
+		return i.Path
+	}
+
+	return i.TargetRegistry + "/" + i.Path
+}
+
+func (i *ImageMirror) SourceReference() string {
+	return i.Spec.Reference()
+}
+
+func (i *ImageMirror) TargetReference() string {
+	return i.Spec.TargetReference()
+}

api/kuik/v1alpha1/zz_generated.deepcopy.go

@@ -26,6 +26,9 @@ spec:
     - jsonPath: .spec.targetRegistry
       name: To
       type: string
+    - jsonPath: .status.phase
+      name: Status
+      type: string
     - jsonPath: .metadata.creationTimestamp
       name: Age
       type: date
@@ -72,64 +75,8 @@ spec:
           status:
             description: ImageMirrorStatus defines the observed state of ImageMirror.
             properties:
-              conditions:
-                items:
-                  description: Condition contains details for one aspect of the current
-                    state of this API Resource.
-                  properties:
-                    lastTransitionTime:
-                      description: |-
-                        lastTransitionTime is the last time the condition transitioned from one status to another.
-                        This should be when the underlying condition changed.  If that is not known, then using the time when the API field changed is acceptable.
-                      format: date-time
-                      type: string
-                    message:
-                      description: |-
-                        message is a human readable message indicating details about the transition.
-                        This may be an empty string.
-                      maxLength: 32768
-                      type: string
-                    observedGeneration:
-                      description: |-
-                        observedGeneration represents the .metadata.generation that the condition was set based upon.
-                        For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
-                        with respect to the current state of the instance.
-                      format: int64
-                      minimum: 0
-                      type: integer
-                    reason:
-                      description: |-
-                        reason contains a programmatic identifier indicating the reason for the condition's last transition.
-                        Producers of specific condition types may define expected values and meanings for this field,
-                        and whether the values are considered a guaranteed API.
-                        The value should be a CamelCase string.
-                        This field may not be empty.
-                      maxLength: 1024
-                      minLength: 1
-                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
-                      type: string
-                    status:
-                      description: status of the condition, one of True, False, Unknown.
-                      enum:
-                      - "True"
-                      - "False"
-                      - Unknown
-                      type: string
-                    type:
-                      description: type of condition in CamelCase or in foo.example.com/CamelCase.
-                      maxLength: 316
-                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
-                      type: string
-                  required:
-                  - lastTransitionTime
-                  - message
-                  - reason
-                  - status
-                  - type
-                  type: object
-                type: array
-              digest:
-                description: Digest is the digest of the mirrored image
+              phase:
+                description: Phase represents the current phase of the ImageMirror
                 type: string
             type: object
         type: object

config/crd/bases/kuik.enix.io_imagemirrors.yaml

@@ -25,6 +25,9 @@ spec:
     - jsonPath: .spec.targetRegistry
       name: To
       type: string
+    - jsonPath: .status.phase
+      name: Status
+      type: string
     - jsonPath: .metadata.creationTimestamp
       name: Age
       type: date
@@ -71,64 +74,8 @@ spec:
           status:
             description: ImageMirrorStatus defines the observed state of ImageMirror.
             properties:
-              conditions:
-                items:
-                  description: Condition contains details for one aspect of the current
-                    state of this API Resource.
-                  properties:
-                    lastTransitionTime:
-                      description: |-
-                        lastTransitionTime is the last time the condition transitioned from one status to another.
-                        This should be when the underlying condition changed.  If that is not known, then using the time when the API field changed is acceptable.
-                      format: date-time
-                      type: string
-                    message:
-                      description: |-
-                        message is a human readable message indicating details about the transition.
-                        This may be an empty string.
-                      maxLength: 32768
-                      type: string
-                    observedGeneration:
-                      description: |-
-                        observedGeneration represents the .metadata.generation that the condition was set based upon.
-                        For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
-                        with respect to the current state of the instance.
-                      format: int64
-                      minimum: 0
-                      type: integer
-                    reason:
-                      description: |-
-                        reason contains a programmatic identifier indicating the reason for the condition's last transition.
-                        Producers of specific condition types may define expected values and meanings for this field,
-                        and whether the values are considered a guaranteed API.
-                        The value should be a CamelCase string.
-                        This field may not be empty.
-                      maxLength: 1024
-                      minLength: 1
-                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
-                      type: string
-                    status:
-                      description: status of the condition, one of True, False, Unknown.
-                      enum:
-                      - "True"
-                      - "False"
-                      - Unknown
-                      type: string
-                    type:
-                      description: type of condition in CamelCase or in foo.example.com/CamelCase.
-                      maxLength: 316
-                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
-                      type: string
-                  required:
-                  - lastTransitionTime
-                  - message
-                  - reason
-                  - status
-                  - type
-                  type: object
-                type: array
-              digest:
-                description: Digest is the digest of the mirrored image
+              phase:
+                description: Phase represents the current phase of the ImageMirror
                 type: string
             type: object
         type: object

helm/kube-image-keeper/crds/kuik.enix.io_imagemirrors.yaml

@@ -16,6 +16,7 @@ import (
 	"k8s.io/apimachinery/pkg/runtime"
 	"k8s.io/apimachinery/pkg/types"
 	ctrl "sigs.k8s.io/controller-runtime"
+	"sigs.k8s.io/controller-runtime/pkg/builder"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 	"sigs.k8s.io/controller-runtime/pkg/controller/controllerutil"
 	"sigs.k8s.io/controller-runtime/pkg/handler"
@@ -77,21 +78,19 @@ func (r *ImageReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl
 	registries := routing.MatchingRegistries(r.Config, &image.Spec.ImageReference)
 	for _, reg := range registries {
 		if reg.MirroringEnabled {
-			name, err := registry.ImageNameFromReference(reg.Url + "/" + image.Spec.Path)
-			if err != nil {
-				return ctrl.Result{}, err
-			}
-
 			imageMirror := &kuikv1alpha1.ImageMirror{
-				ObjectMeta: v1.ObjectMeta{
-					Name: name,
-				},
 				Spec: kuikv1alpha1.ImageMirrorSpec{
 					ImageReference: image.Spec.ImageReference,
 					TargetRegistry: reg.Url,
 				},
 			}
 
+			name, err := registry.ImageNameFromReference(imageMirror.TargetReference())
+			if err != nil {
+				return ctrl.Result{}, err
+			}
+			imageMirror.Name = name
+
 			op, err := controllerutil.CreateOrPatch(ctx, r.Client, imageMirror, func() error {
 				if err := controllerutil.SetOwnerReference(&image, imageMirror, r.Scheme); err != nil {
 					return err
@@ -135,6 +134,7 @@ func (r *ImageReconciler) SetupWithManager(mgr ctrl.Manager) error {
 			&corev1.Pod{},
 			handler.EnqueueRequestsFromMapFunc(r.imagesRequestFromPod),
 		).
+		Owns(&kuikv1alpha1.ImageMirror{}, builder.MatchEveryOwner).
 		Complete(r)
 }
 

internal/controller/kuik/image_controller.go

@@ -2,13 +2,17 @@ package kuik
 
 import (
 	"context"
+	"net/http"
+	"time"
 
 	"k8s.io/apimachinery/pkg/runtime"
 	ctrl "sigs.k8s.io/controller-runtime"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 	logf "sigs.k8s.io/controller-runtime/pkg/log"
+	"sigs.k8s.io/controller-runtime/pkg/predicate"
 
 	kuikv1alpha1 "github.com/enix/kube-image-keeper/api/kuik/v1alpha1"
+	"github.com/enix/kube-image-keeper/internal/registry"
 )
 
 // ImageMirrorReconciler reconciles a ImageMirror object
@@ -31,17 +35,79 @@ type ImageMirrorReconciler struct {
 // For more details, check Reconcile and its Result here:
 // - https://pkg.go.dev/sigs.k8s.io/[email protected]/pkg/reconcile
 func (r *ImageMirrorReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error) {
-	_ = logf.FromContext(ctx)
+	log := logf.FromContext(ctx)
 
-	// TODO(user): your logic here
+	var imageMirror kuikv1alpha1.ImageMirror
+	if err := r.Get(ctx, req.NamespacedName, &imageMirror); err != nil {
+		return ctrl.Result{}, client.IgnoreNotFound(err)
+	}
+
+	if !imageMirror.DeletionTimestamp.IsZero() {
+		return ctrl.Result{}, nil
+	}
+
+	available := r.isImageAvailableOnTarget(logf.IntoContext(ctx, log), imageMirror)
+
+	log.Info("checked availability", "available", available)
+
+	if !available {
+		if imageMirror.Status.Phase != "Mirroring" {
+			patch := client.MergeFrom(imageMirror.DeepCopy())
+			imageMirror.Status.Phase = "Mirroring"
+			if err := r.Status().Patch(ctx, &imageMirror, patch); err != nil {
+				return ctrl.Result{}, err
+			}
+		}
+
+		err := r.mirrorImage(logf.IntoContext(ctx, log), imageMirror)
+		if err != nil {
+			patch := client.MergeFrom(imageMirror.DeepCopy())
+			if imageMirror.Status.Phase != "Error" {
+				imageMirror.Status.Phase = "Error"
+				if err := r.Status().Patch(ctx, &imageMirror, patch); err != nil {
+					return ctrl.Result{}, err
+				}
+			}
+			return ctrl.Result{}, err
+		}
+
+		log.Info("image successfully mirrored")
+	}
+
+	if imageMirror.Status.Phase != "Ready" {
+		patch := client.MergeFrom(imageMirror.DeepCopy())
+		imageMirror.Status.Phase = "Ready"
+		if err := r.Status().Patch(ctx, &imageMirror, patch); err != nil {
+			return ctrl.Result{}, err
+		}
+	}
 
 	return ctrl.Result{}, nil
 }
 
+func (r *ImageMirrorReconciler) isImageAvailableOnTarget(ctx context.Context, imageMirror kuikv1alpha1.ImageMirror) bool {
+	log := logf.FromContext(ctx)
+	log.V(1).Info("verifying image availability on target registry", "reference", imageMirror.Spec.ImageReference)
+	_, err := registry.NewClient(nil, nil).WithPullSecrets(nil).ReadDescriptor(http.MethodGet, imageMirror.TargetReference(), time.Second*30)
+	return err == nil
+}
+
+func (r *ImageMirrorReconciler) mirrorImage(ctx context.Context, imageMirror kuikv1alpha1.ImageMirror) error {
+	log := logf.FromContext(ctx)
+	log.Info("mirroring image", "reference", imageMirror.Spec.ImageReference)
+	return registry.MirrorImage(imageMirror.SourceReference(), imageMirror.TargetReference())
+}
+
 // SetupWithManager sets up the controller with the Manager.
 func (r *ImageMirrorReconciler) SetupWithManager(mgr ctrl.Manager) error {
 	return ctrl.NewControllerManagedBy(mgr).
 		For(&kuikv1alpha1.ImageMirror{}).
 		Named("kuik-imagemirror").
+		// prevent from reenquing after status update (produced a infinite loop between Error and Mirroring phases)
+		WithEventFilter(predicate.Or(
+			predicate.GenerationChangedPredicate{},
+			predicate.LabelChangedPredicate{},
+			predicate.AnnotationChangedPredicate{},
+		)).
 		Complete(r)
 }

internal/controller/kuik/imagemirror_controller.go

@@ -12,6 +12,7 @@ import (
 
 	"github.com/cespare/xxhash/v2"
 	"github.com/distribution/reference"
+	"github.com/google/go-containerregistry/pkg/crane"
 	"github.com/google/go-containerregistry/pkg/name"
 	v1 "github.com/google/go-containerregistry/pkg/v1"
 	"github.com/google/go-containerregistry/pkg/v1/remote"
@@ -83,6 +84,12 @@ func (a *AuthenticatedClient) ReadDescriptor(httpMethod string, imageName string
 	return nil, returnedErr
 }
 
+func MirrorImage(from, to string) error {
+	return crane.Copy(from, to, func(o *crane.Options) {
+		o.Platform, _ = v1.ParsePlatform("amd64")
+	})
+}
+
 func ImageNameFromReference(image string) (string, error) {
 	ref, err := reference.ParseAnyReference(image)
 	if err != nil {