Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(credential-provider): check empty mirror mapping and add debugging info #8647

Merged
merged 4 commits into from
Mar 19, 2025
Merged

fix(credential-provider): check empty mirror mapping and add debugging info #8647

merged 4 commits into from
Mar 19, 2025

Conversation

mainred
Copy link
Contributor

@mainred mainred commented Mar 18, 2025

What type of PR is this?

/kind bug

What this PR does / why we need it:

Run the binary will return error log Invalid registry mirror format without real harm since registryMirrorStr defaults to emtpy.
Fix this by checking the emptiness of registryMirrorStr and return when it's empty.
Besides this change, I added 3 small but debug-friendly changes in this PR to reduce the cherry-pick PR numbers.

  • add klog verobse level flag -v
  • add version flag --version
  • add debug level log for correlationID.
Tests
  • verbose log
The acr credential provider is responsible for providing ACR credentials for kubelet

Usage:
  acr-credential-provider configFile [flags]

Flags:
  -h, --help                           help for acr-credential-provider
      --log-flush-frequency duration   Maximum number of seconds between log flushes (default 5s)
  -r, --registry-mirror string         Mirror a source registry host to a target registry host, and image pull credential will be requested to the target registry host when the image is from source registry host
  -v, --v Level                        number for the log level verbosity
      --version                        version for acr-credential-provider
      --vmodule moduleSpec             comma-separated list of pattern=N settings for file-filtered logging (only works for the default text log format)
  • print version
/var/lib/kubelet/credential-provider/acr-credential-provider --version
acr-credential-provider version v1.31.0-689-g2ca98fff7
  • correlationID debug log
:\"qingchuanhao.azurecr.io/nginx:v1\"}" | ./azure-acr-credential-provider /etc/kubernetes/azure.json -v 9
I0317 22:32:35.090733 3420293 azure_credentials.go:205] discovering auth redirects for: qingchuanhao.azurecr.io
I0317 22:32:35.383245 3420293 azure_credentials.go:212] exchanging an acr refresh_token
I0317 22:32:35.398506 3420293 azure_acr_helper.go:180] correlationID: [72f5cc8e-aabc-4535-8957-eacd486e5e25]
{"kind":"CredentialProviderResponse","apiVersion":"credentialprovider.kubelet.k8s.io/v1","cacheKeyType":"Registry","cacheDuration":"5m0s","auth":{"*.azurecr.*":{"username":"","password":""},"qingchuanhao.azurecr.io":{"username":"00000000-0000-0000-0000-000000000000","password":"***"}}}

Which issue(s) this PR fixes:

Fixes #

Special notes for your reviewer:

Does this PR introduce a user-facing change?

fix(credential-provider): check empty mirror mapping and add debugging info

Additional documentation e.g., KEPs (Kubernetes Enhancement Proposals), usage docs, etc.:

@k8s-ci-robot k8s-ci-robot added release-note Denotes a PR that will be considered when it comes time to generate release notes. kind/bug Categorizes issue or PR as related to a bug. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. labels Mar 18, 2025
@k8s-ci-robot k8s-ci-robot added the size/M Denotes a PR that changes 30-99 lines, ignoring generated files. label Mar 18, 2025
@mainred
Copy link
Contributor Author

mainred commented Mar 18, 2025

/test pull-cloud-provider-azure-e2e-ccm-vmss-capz

@mainred
Copy link
Contributor Author

mainred commented Mar 18, 2025

ping @andyzhangx @feiskyer to take a look.

andyzhangx
andyzhangx approved these changes Mar 19, 2025
View reviewed changes
Copy link
Member

@andyzhangx andyzhangx left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Mar 19, 2025
@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: andyzhangx, mainred

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Mar 19, 2025
@mainred mainred merged commit f1d948b into kubernetes-sigs:master Mar 19, 2025
17 of 18 checks passed
@mainred mainred deleted the check-empty-mirror-mapping branch March 19, 2025 05:34
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@andyzhangx andyzhangx andyzhangx approved these changes

@feiskyer feiskyer Awaiting requested review from feiskyer

Assignees

@andyzhangx andyzhangx

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. kind/bug Categorizes issue or PR as related to a bug. lgtm "Looks good to me", indicates that a PR is ready to be merged. release-note Denotes a PR that will be considered when it comes time to generate release notes. size/M Denotes a PR that changes 30-99 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@mainred @k8s-ci-robot @andyzhangx