feat: replace image registry dynamically

[cjc7373]

When does image replcaement happen

Bascially, replacement will happen when workload resources (like pod, job, deployment, statefulset) are created.

Specifically, the replacement will inject to:

• instanceset controller, so that it affects:

  • new cluster creation
  • cluster upgrade

  But it won't affect:

  • cluster scaling
  • instance template

• addon controller, so that it affects helm install jobs

• backup/restore controller

Replace Configs

sample config:

registries:
  defaultRegistry: foo.bar
  defaultNamespace: default
  registriyConfig:
  - from: docker.io
    to: docker-mirror.io
  - from: k8s.io
    to: company-registry.io
    registryDefaultNamespace: k8sio
    namespaces:
    - from: special-ns
      to: my-special-ns

The replacement rules are as follows:

• If there's no specific registry config (registriyConfig field), or registry does not match any specific registry config, defaultRegistry and defaultNamespace will be used.
  • If defaultNamespace is not defined, namespace remains unchanged.
  • If defaultRegistry is not defined, registry remains unchanged.
• If image's registry matches a specific registry config:
  • from and to should not be empty. Registry to will be used.
  • If there's no namespace config, or namespace does not match any specific namespace config, registryDefaultNamespace will be used. If registryDefaultNamespace is not defined, namespace remains unchanged.
  • If namespace matches a specific namespace config, namespace to will be used.
    • from and to of the namespace may be empty (empty namespace is legal)

Other things to note

One side effect of this change is that omitted image name (e.g. busybox) will be expanded to full format (e.g. docker.io/library/busybox). IMO this will not have any user facing change.

[codecov]

Codecov Report

Attention: Patch coverage is 74.74747% with 25 lines in your changes missing coverage. Please review.

Project coverage is 62.65%. Comparing base (d550d0c) to head (0d2f2dd).
Report is 42 commits behind head on main.

Files with missing lines	Patch %	Lines
pkg/controllerutil/image_util.go	81.60%	15 Missing and 1 partial ⚠️
controllers/apps/transformer_component_workload.go	25.00%	7 Missing and 2 partials ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #8018      +/-   ##
==========================================
+ Coverage   62.57%   62.65%   +0.07%     
==========================================
  Files         324      325       +1     
  Lines       40290    40387      +97     
==========================================
+ Hits        25213    25305      +92     
- Misses      12775    12786      +11     
+ Partials     2302     2296       -6     

Flag	Coverage Δ
unittests	62.65% <74.74%> (+0.07%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[weicao]

so if namespace is not found, the original namespace rather than the defaultNamespace is used.

[zjx20]

Maybe add a DefaultNamespace field to the RegistryConfig struct:

type RegistryConfig struct {
	From       string
	To         string
	DefaultNamespace string
	Namespaces []RegistryNamespaceConfig
}

When the namespace is not found in Namespaces, use the DefaultNamespace if it's not empty, otherwise use the original namespace.

[cjc7373]

I think simply use the global defaultNamespace is enough.

It does seem better.

[cjc7373]

@weicao @zjx20 PTAL

[leon-inf]

A global flag is hard to config and maintain for the user, why not using the kb manager config CM?

[cjc7373]

It does uses the manager config CM. This flag is the first level key in the config.

[zjx20]

Apply these changes to the main function of dataprotection (it runs in a separate process).

[zjx20]

Does it return an error if this key is not found?