From 192d70cee7f2fbc50f6062178f2dbd4765e9d817 Mon Sep 17 00:00:00 2001 From: Tim Gross Date: Fri, 6 Sep 2024 14:34:03 -0400 Subject: [PATCH] docker: update infra_image to new registry (#23927) The gcr.io container registry is shutting down in March. Update the default `image_image` for Docker's "pause" containers to point to the new location hosted by the k8s project. Fixes: https://github.com/hashicorp/nomad/issues/23911 Ref: https://hashicorp.atlassian.net/browse/NET-10942 --- .changelog/23927.txt | 3 +++ drivers/docker/config.go | 2 +- drivers/docker/driver_unix_test.go | 2 +- drivers/docker/network_test.go | 6 +++--- website/content/docs/drivers/docker.mdx | 5 +++-- website/content/docs/upgrade/upgrade-specific.mdx | 8 ++++++++ 6 files changed, 19 insertions(+), 7 deletions(-) create mode 100644 .changelog/23927.txt diff --git a/.changelog/23927.txt b/.changelog/23927.txt new file mode 100644 index 00000000000..fb103145dc6 --- /dev/null +++ b/.changelog/23927.txt @@ -0,0 +1,3 @@ +```release-note:breaking-change +docker: The default infra_image for pause containers is now registry.k8s.io/pause +``` diff --git a/drivers/docker/config.go b/drivers/docker/config.go index 2c666fe81e2..c2d109e18c1 100644 --- a/drivers/docker/config.go +++ b/drivers/docker/config.go @@ -275,7 +275,7 @@ var ( "infra_image": hclspec.NewDefault( hclspec.NewAttr("infra_image", "string", false), hclspec.NewLiteral(fmt.Sprintf( - `"gcr.io/google_containers/pause-%s:3.1"`, + `"registry.k8s.io/pause-%s:3.3"`, runtime.GOARCH, )), ), diff --git a/drivers/docker/driver_unix_test.go b/drivers/docker/driver_unix_test.go index b72f5f27892..ab736a28f64 100644 --- a/drivers/docker/driver_unix_test.go +++ b/drivers/docker/driver_unix_test.go @@ -712,7 +712,7 @@ func TestDockerDriver_Start_Image_HTTPS(t *testing.T) { testutil.DockerCompatible(t) taskCfg := TaskConfig{ - Image: "https://gcr.io/google_containers/pause:3.2", + Image: "https://registry.k8s.io/pause:3.3", ImagePullTimeout: "5m", } task := &drivers.TaskConfig{ diff --git a/drivers/docker/network_test.go b/drivers/docker/network_test.go index 1bbf7d67865..925818b4ac3 100644 --- a/drivers/docker/network_test.go +++ b/drivers/docker/network_test.go @@ -28,7 +28,7 @@ func TestDriver_createSandboxContainerConfig(t *testing.T) { expectedOutputOpts: &docker.CreateContainerOptions{ Name: "nomad_init_768b5e8c-a52e-825c-d564-51100230eb62", Config: &docker.Config{ - Image: "gcr.io/google_containers/pause-amd64:3.1", + Image: "registry.k8s.io/pause-amd64:3.3", Labels: map[string]string{ dockerLabelAllocID: "768b5e8c-a52e-825c-d564-51100230eb62", }, @@ -48,7 +48,7 @@ func TestDriver_createSandboxContainerConfig(t *testing.T) { expectedOutputOpts: &docker.CreateContainerOptions{ Name: "nomad_init_768b5e8c-a52e-825c-d564-51100230eb62", Config: &docker.Config{ - Image: "gcr.io/google_containers/pause-amd64:3.1", + Image: "registry.k8s.io/pause-amd64:3.3", Hostname: "linux", Labels: map[string]string{ dockerLabelAllocID: "768b5e8c-a52e-825c-d564-51100230eb62", @@ -65,7 +65,7 @@ func TestDriver_createSandboxContainerConfig(t *testing.T) { d := &Driver{ config: &DriverConfig{ - InfraImage: "gcr.io/google_containers/pause-amd64:3.1", + InfraImage: "registry.k8s.io/pause-amd64:3.3", }, } diff --git a/website/content/docs/drivers/docker.mdx b/website/content/docs/drivers/docker.mdx index 3923ead3f23..29bb6f7fff1 100644 --- a/website/content/docs/drivers/docker.mdx +++ b/website/content/docs/drivers/docker.mdx @@ -1014,8 +1014,9 @@ host system. - `infra_image` - This is the Docker image to use when creating the parent container necessary when sharing network namespaces between tasks. Defaults to - `gcr.io/google_containers/pause-:3.1`. The image will only be pulled from - the container registry if its tag is `latest` or the image doesn't yet exist locally. + `registry.k8s.io/pause-:3.3`. The image will only be pulled from the + container registry if its tag is `latest` or the image doesn't yet exist + locally. - `infra_image_pull_timeout` - A time duration that controls how long Nomad will wait before cancelling an in-progress pull of the Docker image as specified in diff --git a/website/content/docs/upgrade/upgrade-specific.mdx b/website/content/docs/upgrade/upgrade-specific.mdx index 35be8e4be9b..ed8c89425a5 100644 --- a/website/content/docs/upgrade/upgrade-specific.mdx +++ b/website/content/docs/upgrade/upgrade-specific.mdx @@ -21,6 +21,13 @@ Nomad 1.9.0 no longer supports the HCLv1 format for job specifications. Using the `-hcl1` option for the `job run`, `job plan`, and `job validate` commands will no longer work. +#### Default Docker `infra_image` changed + +Due to the deprecation of the third-party `gcr.io` registry, the default Docker +[`infra_image`][] is now `registry.k8s.io/pause-:3.3`. If you do not +override the default, clients using the `docker` driver will make outbound +requests to the new registry. + #### Dropped support for older clients Nomad 1.9.0 removes support for Nomad client agents older than 1.6.0. Older @@ -2180,3 +2187,4 @@ deleted and then Nomad 0.3.0 can be launched. [Workload Identity]: /nomad/docs/concepts/workload-identity [Process Isolation]: https://learn.microsoft.com/en-us/virtualization/windowscontainers/manage-containers/hyperv-container#process-isolation [reschedule]: /nomad/docs/jobs-specification/reschedule +[`infra_image`]: /nomad/docs/drivers/docker#infra_image