mirror of https://github.com/docker/cli.git
Enable client side digest pinning for stack deploy
Signed-off-by: Nishant Totla <nishanttotla@gmail.com>
This commit is contained in:
Nishant Totla
parent
9d12d6fc87
commit
9f1bea2657
|
|
@ -7,6 +7,7 @@ import (
|
|||
"github.com/docker/cli/cli/command"
|
||||
"github.com/docker/cli/cli/compose/convert"
|
||||
"github.com/docker/docker/api/types/swarm"
|
||||
"github.com/docker/docker/api/types/versions"
|
||||
"github.com/pkg/errors"
|
||||
"github.com/spf13/cobra"
|
||||
"golang.org/x/net/context"
|
||||
|
|
@ -21,6 +22,7 @@ type deployOptions struct {
|
|||
composefile string
|
||||
namespace string
|
||||
sendRegistryAuth bool
|
||||
noResolveImage bool
|
||||
prune bool
|
||||
}
|
||||
|
||||
|
|
@ -44,12 +46,19 @@ func newDeployCommand(dockerCli command.Cli) *cobra.Command {
|
|||
addRegistryAuthFlag(&opts.sendRegistryAuth, flags)
|
||||
flags.BoolVar(&opts.prune, "prune", false, "Prune services that are no longer referenced")
|
||||
flags.SetAnnotation("prune", "version", []string{"1.27"})
|
||||
flags.BoolVar(&opts.noResolveImage, "no-resolve-image", false, "Do not query the registry to resolve image digest and supported platforms")
|
||||
flags.SetAnnotation("no-resolve-image", "version", []string{"1.30"})
|
||||
return cmd
|
||||
}
|
||||
|
||||
func runDeploy(dockerCli command.Cli, opts deployOptions) error {
|
||||
ctx := context.Background()
|
||||
|
||||
// image resolution should not happen for clients older than v1.30
|
||||
if versions.LessThan(dockerCli.Client().ClientVersion(), "1.30") {
|
||||
opts.noResolveImage = true
|
||||
}
|
||||
|
||||
switch {
|
||||
case opts.bundlefile == "" && opts.composefile == "":
|
||||
return errors.Errorf("Please specify either a bundle file (with --bundle-file) or a Compose file (with --compose-file).")
|
||||
|
|
|
|||
|
|
@ -87,5 +87,5 @@ func deployBundle(ctx context.Context, dockerCli command.Cli, opts deployOptions
|
|||
if err := createNetworks(ctx, dockerCli, namespace, networks); err != nil {
|
||||
return err
|
||||
}
|
||||
return deployServices(ctx, dockerCli, services, namespace, opts.sendRegistryAuth)
|
||||
return deployServices(ctx, dockerCli, services, namespace, opts.sendRegistryAuth, opts.noResolveImage)
|
||||
}
|
||||
|
|
|
|||
|
|
@ -92,7 +92,7 @@ func deployCompose(ctx context.Context, dockerCli command.Cli, opts deployOption
|
|||
if err != nil {
|
||||
return err
|
||||
}
|
||||
return deployServices(ctx, dockerCli, services, namespace, opts.sendRegistryAuth)
|
||||
return deployServices(ctx, dockerCli, services, namespace, opts.sendRegistryAuth, opts.noResolveImage)
|
||||
}
|
||||
|
||||
func getServicesDeclaredNetworks(serviceConfigs []composetypes.ServiceConfig) map[string]struct{} {
|
||||
|
|
@ -283,6 +283,7 @@ func deployServices(
|
|||
services map[string]swarm.ServiceSpec,
|
||||
namespace convert.Namespace,
|
||||
sendAuth bool,
|
||||
noResolveImage bool,
|
||||
) error {
|
||||
apiClient := dockerCli.Client()
|
||||
out := dockerCli.Out()
|
||||
|
|
@ -301,9 +302,9 @@ func deployServices(
|
|||
name := namespace.Scope(internalName)
|
||||
|
||||
encodedAuth := ""
|
||||
image := serviceSpec.TaskTemplate.ContainerSpec.Image
|
||||
if sendAuth {
|
||||
// Retrieve encoded auth token from the image reference
|
||||
image := serviceSpec.TaskTemplate.ContainerSpec.Image
|
||||
encodedAuth, err = command.RetrieveAuthTokenFromImage(ctx, dockerCli, image)
|
||||
if err != nil {
|
||||
return err
|
||||
|
|
@ -313,12 +314,20 @@ func deployServices(
|
|||
if service, exists := existingServiceMap[name]; exists {
|
||||
fmt.Fprintf(out, "Updating service %s (id: %s)\n", name, service.ID)
|
||||
|
||||
updateOpts := types.ServiceUpdateOptions{EncodedRegistryAuth: encodedAuth}
|
||||
|
||||
if image != service.Spec.Labels["com.docker.stack.image"] {
|
||||
if !noResolveImage {
|
||||
updateOpts.QueryRegistry = true
|
||||
}
|
||||
}
|
||||
|
||||
response, err := apiClient.ServiceUpdate(
|
||||
ctx,
|
||||
service.ID,
|
||||
service.Version,
|
||||
serviceSpec,
|
||||
types.ServiceUpdateOptions{EncodedRegistryAuth: encodedAuth},
|
||||
updateOpts,
|
||||
)
|
||||
if err != nil {
|
||||
return errors.Wrapf(err, "failed to update service %s", name)
|
||||
|
|
@ -331,6 +340,12 @@ func deployServices(
|
|||
fmt.Fprintf(out, "Creating service %s\n", name)
|
||||
|
||||
createOpts := types.ServiceCreateOptions{EncodedRegistryAuth: encodedAuth}
|
||||
|
||||
// query registry if flag disabling it was not set
|
||||
if !noResolveImage {
|
||||
createOpts.QueryRegistry = true
|
||||
}
|
||||
|
||||
if _, err := apiClient.ServiceCreate(ctx, serviceSpec, createOpts); err != nil {
|
||||
return errors.Wrapf(err, "failed to create service %s", name)
|
||||
}
|
||||
|
|
|
|||
|
|
@ -45,6 +45,12 @@ func Services(
|
|||
if err != nil {
|
||||
return nil, errors.Wrapf(err, "service %s", service.Name)
|
||||
}
|
||||
// add an image label to serviceSpec
|
||||
if serviceSpec.Labels == nil {
|
||||
serviceSpec.Labels = make(map[string]string)
|
||||
}
|
||||
serviceSpec.Labels["com.docker.stack.image"] = service.Image
|
||||
|
||||
result[service.Name] = serviceSpec
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue