Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

test image signing using cosign #3

Open
wants to merge 10 commits into
base: main
Choose a base branch
from
Open

test image signing using cosign #3

wants to merge 10 commits into from

Conversation

sbin64
Copy link

@sbin64 sbin64 commented Jun 8, 2023

No description provided.

@sbin64 sbin64 changed the title Update ci-release.yml update workflow for image signing using cosign Jun 9, 2023
@sbin64 sbin64 changed the title update workflow for image signing using cosign test image signing using cosign Jun 9, 2023
@sbin64
Copy link
Author

sbin64 commented Jun 9, 2023

@developer-guy plz review it! thanks

@sbin64
Copy link
Author

sbin64 commented Jun 9, 2023

@sbin64
Copy link
Author

sbin64 commented Jun 10, 2023

@developer-guy as a friendly reminder, could u review that?

env:
DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }}
QUAY_TOKEN: ${{ secrets.QUAY_TOKEN }}
COSIGN_EXPERIMENTAL: "true"

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

you don't need this anymore since you are using cosign > v2.x here

QUAY_TOKEN: ${{ secrets.QUAY_TOKEN }}
COSIGN_EXPERIMENTAL: "true"
run: |
cosign sign jaeger-build@${{ steps.digest.outputs.imagedigest }}

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Any suggestion plz! cosign sign jaeger-build@${{ steps.digest.outputs.imagedigest }} didn't work for me.

- name: Get Image Digest
id: digest
run: |
echo "imagedigest=$(docker images jaeger-build:${{ steps.tags.outputs.tag }} --digests --quiet --no-trunc)" >> $GITHUB_OUTPUT

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

(Optional) there are some tools that I can help you to find the digest of the image like crane, regctl, etc, without having the image stored locally.

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

sure, plz! suggestions are welcome too. 😄
I had been trying hard to get the digest, but failed.

@afzal442 afzal442 requested a review from developer-guy July 2, 2023 10:01
@afzal442
Copy link

afzal442 commented Jul 2, 2023

@developer-guy can you take a look again? Thanks.

@sbin64
Copy link
Author

sbin64 commented Aug 12, 2023

Heyya @developer-guy it's been quite while now since you took up this. LMK how we can proceed further. Hope you can do this weekend.

afzal442 pushed a commit that referenced this pull request Feb 12, 2024
## Which problem is this PR solving?
- Third prototype of "Jaeger-v2"
- Another alternative approach to jaegertracing#3500

## Description of the changes
- Adds a new binary `jaeger-v2` using OTEL Collector framework
- Minimal amount of extensions is included, to mimic what
`jaeger-collector` normally has
- It will combine all previous functions of agent/collector/query in one
binary, but controllable via config file

```
$ go run -tags=ui ./cmd/jaeger-v2 --config ./cmd/jaeger-v2/config.yaml
```

## Roadmap


https://docs.google.com/document/d/1s4_6VgAS7qAVp6iEm5KYvpiGw3h2Ja5T5HpKo29iv00/edit

## Design

* the ingestion and storing of traces will be done via standard
receivers/processors/exporters OTEL Collector components
* the jaeger-query and UI are implemented as `jaeger_query` extension
(already working in this PR)

### Storage
In order to keep the flexibility of mixing & matching storage
implementations, all backends can be configured via `jaeger_storage`
extension (we may need to add `jaeger_metrics_storage` extension in the
future). It might look like this:
```yaml
jaeger_storage:
  memory:  # defines Factory
    memstore:
      max_traces: 100000
  cassandra:
    cassandra_primary:
      servers: [...]
      namespace: jaeger
    cassandra_archive:
      servers: [...]
      namespace: jaeger_archive
```

The `jaeger_query` extension then references specific storage factories
by name:
```yaml
  jaeger_query:
    trace_storage: memstore
    dependencies: something_else
    metrics_store: prometheus_store
```

It's not clear yet if `jaeger_query` extension should simply subsume
`jaeger_storage` extension, because Query is the only one that needs
this _generic_ access to storage, while things like exporters or Kafka
ingester (receiver) always deal with a single implementation (because
OTEL Coll pipeline allows to connect them with each other, which is not
possible with extensions).

## Trade-offs
- This not using OTEL Collector builder `ocb`. That means people won't
be able to assemble a different version of the collector with other
extensions.
- We may want to support `ocb` in the future, as it makes it easier to
write custom in-process exporters for custom storage. It will require
converting all the components into their own modules.

## Next steps

* [x] Get feedback from the community on the approach
* [x] Fully implement all-in-one by wiring receivers / exporters
correctly

## Open Questions
* How can we implement all-in-one equivalent that can be run without any
config file?
* Do we want
[healthcheckextension](https://github.com/open-telemetry/opentelemetry-collector-contrib/blob/main/extension/healthcheckextension/README.md)
to be included by default?
* Investigate startup error `2023-09-23T19:55:46.661-0400 warn
zapgrpc/zapgrpc.go:195 [core] [Channel #2 SubChannel #3] grpc:
addrConn.createTransport failed to connect to {Addr: ":16685",
ServerName: "localhost:16685", }. Err: connection error: desc =
"transport: Error while dialing: dial tcp :16685: connect: connection
refused" {"grpc_log": true}`

---------

Signed-off-by: Yuri Shkuro <[email protected]>
Signed-off-by: Yuri Shkuro <[email protected]>
Co-authored-by: Albert <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants