2 min read kubernetes

Automatically pull new DigitalOcean container registry (DOCR) latest tags from Kubernetes

Automatically pull new DigitalOcean container registry (DOCR) latest tags from Kubernetes
Automatically pull new DigitalOcean container registry (DOCR) latest tags from Kubernetes

Problem

It is very common the latest tag usage while storing images on container registries, for example on DOCR (DigitalOcean container registry).
So, how automatically pull new container images with tags that do not change over time (ex. latest) while using DigitalOcean container registry?

Solution

Use Urunner  for continuous deployment.
URunner is a lightweight Kubernetes utility in order to auto restart pods on image tag digest change.

How it works

Urunner is a standalone pod (running by default on urunner namespace) that continuosly check changes on external container registries that support Docker API V2, for example DigitalOcean container registry (DOCR).
Urunner detects changes from container tags that don't change their names over time (like latest)

When Urunner detects changes on Digital Ocean container registry DOCR (thanks to sha1 tag digest), automatically restart the specific deployment (the same of kubectl rollout restart deployment/<deployName>)

Urunner stores its state on an internal sqllite db.


How to install Urunner

Prerequisites

  • Kubernetes cluster (ex. Digital Ocean DOKS or any Kubernetes product you want)
  • DigitalOcean container registry DOCR

Install Urunner

Create urunner-values.yaml file.

image:
  repository: ghcr.io/texano00/urunner
  tag: 0.1.5

config:
  URUNNER_CONF_FREQUENCY_CHECK_SECONDS: 5
  URUNNER_CONF_CONTAINER_REGISTRY_TO_WATCH: registry.digitalocean.com
  URUNNER_CONF_CONTAINER_REGISTRY_TYPE: digitalocean
secret:
  create: true
  digitalocean:
    token: <replace-me-digitalocean-token>

<replace-me-digitalocean-token> --> put there DigitalOcean token (follow below instructions to retrieve it)

How to retrieve DigitalOcean token
Go to https://cloud.digitalocean.com/account/api/tokens
Than follow below screenshots to generate a read only token for Urunner.

Helm install

Artifact Hub
helm upgrade --install urunner oci://ghcr.io/texano00/urunner/helm/urunner --version 0.1.0 --values urunner-values.yaml -n urunner --create-namespace

Labeling

Add urunner=enable to all namespaces you want to be watched from Urunner.

kubectl label ns mynamespace urunner=enable

For full documentation --> https://github.com/texano00/urunner#configurable-watcher

Check the installation

Once Urunner detects a tag digest change, it will output the following row

Published by:

Yuri Bacciarini

You might also like...

Jul
20
k8s-swiss-knife is born

k8s-swiss-knife is born

Kubernetes is famous mainly of its extensibility, kubectl plugins are one of the various proofs. k8s-swiss-knife the all-in-one-plugin has born!
2 min read
Jan
27
[k8s] Automatically pull images from GitLab container registry without change the tag

[k8s] Automatically pull images from GitLab container registry without change the tag

Sometimes is very useful in a continuous integration and deployment process to override and push the same image tag (ex. `latest`) to a gitlab registry and then ideally have the same new image up&running from Kubernetes cluster(s). URunner lighweight tool solves exactly this specific problem.
5 min read
Dec
19
Thanks for all Kubernetes Ingress API, Long life to Gateway API

Thanks for all Kubernetes Ingress API, Long life to Gateway API

Ingress API has been frozen. Yes, you heard well, our lovely Ingress API was officially frozen by Kubernetes itself during October 2023.
7 min read
Oct
26
Kubernetes image distribution challenge - thoughts and tests

Kubernetes image distribution challenge - thoughts and tests

I studied, compared and tried some solutions (Dragonfly, Uber Kraker, kube-image-keeper,..) to understand how they addressed the above challenge. I then produced a final thought
6 min read
Aug
21
How TorchServe could scale in a Kubernetes environment using KEDA

How TorchServe could scale in a Kubernetes environment using KEDA

I almost burned a 7K Euros GPU card (NVIDIA A100 PCIe GPU) to understand how a TorchServe could meet the increasing of ondemand inference requests at scale.
5 min read
Tweets by YBacciarini