Containers: inspector-image hardcoded registry


#1

Hello,

I’d like to recommend that we remove the hardcoded registry portion of the inspector-image and provide the user a way to determine the registry and image for which the pod will deploy.

Specifically, changing the file
app/models/manageiq/providers/kubernetes/container_manager/scanning/job.rb:

  def inspector_image
    'docker.io/openshift/image-inspector:v1.0.z'
  end

to something like this:

  def inspector_image
    registry = @ems_configs.fetch_path(:ems_kubernetes, :inspector_image_registry)
    return "#{registry}/openshift/image-inspector:v1.0.z" unless registry.empty?
    return 'openshift/image-inspector:v1.0.z'
  end

The reason this was an issue is because many deployments will have restricted environments and being to point to an internal registry will be useful.

Please let me know your thoughts, thanks!


#2

@simon3z can you review this post. If you need to tag someone else, please do. Thanks!


#3

@dtrieu80 do you know how to make a pull-request (on github) out of your proposed changes?

If so, can you go ahead and submit your changes? We’ll review it there.

Thank you!


#4

Yes, but I’m confused if I have to rebase.

PR #7036


#5

Yes, you will have to rebase to make sure everything is working.

https://git-scm.com/book/en/v2/Git-Branching-Rebasing


#6

Picked it up on https://github.com/ManageIQ/manageiq/pull/8439