chore: Add image-pre-pulling to Makefile

Makefile

@@ -69,6 +69,7 @@ else
 endif
 
 NAMESPACE ?= instana-agent
+NAMESPACE_PREPULLER ?= instana-agent-image-prepuller
 
 INSTANA_AGENT_CLUSTER_WIDE_RESOURCES := \
 	"crd/agents.instana.io" \
@@ -301,6 +302,39 @@ create-pull-secret: ## Creates image pull secret for delivery.instana.io from yo
 	@echo "Restarting operator deployment..."
 	@kubectl delete pods -l app.kubernetes.io/name=instana-agent-operator -n $(NAMESPACE)
 
+.PHONY: pre-pull-images
+pre-pull-images: ## Pre-pulls images on the target cluster (useful in slow network situations to run tests reliably)
+	@if [ "$(INSTANA_API_KEY)" == "" ]; then \
+		echo "env variable INSTANA_API_KEY is undefined but should contain the agent download key"; \
+		exit 1; \
+	fi
+	kubectl apply -f ci/scripts/instana-agent-image-prepuller-ns.yaml || true
+	@echo "Creating Docker registry secret..."
+	@echo "Checking if secret containers-instana-io-pull-secret exists in namespace $(NAMESPACE_PREPULLER)..."
+	@if kubectl get secret containers-instana-io-pull-secret -n $(NAMESPACE_PREPULLER) >/dev/null 2>&1; then \
+		echo "Updating existing secret containers-instana-io-pull-secret..."; \
+		kubectl delete secret containers-instana-io-pull-secret -n $(NAMESPACE_PREPULLER); \
+	fi
+	@kubectl create secret docker-registry containers-instana-io-pull-secret \
+		--docker-server=containers.instana.io \
+		--docker-username="_" \
+		--docker-password=$${INSTANA_API_KEY} \
+		-n $(NAMESPACE_PREPULLER)
+	@echo "Start instana-agent-image-prepuller daemonset..."
+	@echo "Checking if daemonset instana-agent-image-prepuller exists in namespace $(NAMESPACE_PREPULLER)..."
+	@if kubectl get ds instana-agent-image-prepuller -n $(NAMESPACE_PREPULLER) >/dev/null 2>&1; then \
+		echo "Updating existing secret containers-instana-io-pull-secret..."; \
+		kubectl delete ds instana-agent-image-prepuller -n $(NAMESPACE_PREPULLER); \
+		kubectl delete pods -n $(NAMESPACE_PREPULLER) -l name=instana-agent-image-prepuller --force --grace-period=0; \
+	fi
+	@kubectl apply -f ci/scripts/instana-agent-image-prepuller.yaml -n $(NAMESPACE_PREPULLER)
+	@echo "Waiting for the instana-agent-prepuller daemonset"
+	@kubectl rollout status ds/instana-agent-image-prepuller -n $(NAMESPACE_PREPULLER) --timeout=1800s
+	@echo "Cleaning up instana-agent-prepuller namespace"
+	kubectl delete ds instana-agent-image-prepuller -n $(NAMESPACE_PREPULLER)
+	kubectl delete pods -n $(NAMESPACE_PREPULLER) -l name=instana-agent-image-prepuller --force --grace-period=0 || true
+	kubectl delete ns $(NAMESPACE_PREPULLER)
+
 .PHONY: dev-run-ocp
 dev-run-ocp: namespace install create-cr run ## Creates a full dev deployment on OCP from scratch, also useful after purge
 

ci/pipeline.yaml

@@ -543,6 +543,7 @@ jobs:
                   - |
                     cd pipeline-source
                     bash ./ci/scripts/cluster-authentication.sh
+                    make pre-pull-images
                     make e2e
             on_success:
               put: gh-status
@@ -652,6 +653,7 @@ jobs:
                   - |
                     cd pipeline-source
                     bash ./ci/scripts/cluster-authentication.sh
+                    make pre-pull-images
                     make e2e
             on_success:
               put: gh-status

ci/pr-pipeline.yml

@@ -624,6 +624,7 @@ jobs:
                       - |
                         cd pipeline-source
                         bash ./ci/scripts/cluster-authentication.sh
+                        make pre-pull-images
                         make e2e
                 on_success:
                   put: gh-status
@@ -737,6 +738,7 @@ jobs:
                       - |
                         cd pipeline-source
                         bash ./ci/scripts/cluster-authentication.sh
+                        make pre-pull-images
                         make e2e
                 on_success:
                   put: gh-status

ci/scripts/instana-agent-image-prepuller-ns.yaml

@@ -0,0 +1,7 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: instana-agent-image-prepuller
+  annotations:
+    openshift.io/sa.scc.uid-range: 1000/1000
+    openshift.io/sa.scc.supplemental-groups: 1000/1000

ci/scripts/instana-agent-image-prepuller.yaml

@@ -0,0 +1,82 @@
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: instana-agent-image-prepuller
+spec:
+  selector:
+    matchLabels:
+      name: instana-agent-image-prepuller
+  template:
+    metadata:
+      labels:
+        name: instana-agent-image-prepuller
+    spec:
+      imagePullSecrets:
+      - name: containers-instana-io-pull-secret
+      containers:
+      - name: wait-container
+        image: icr.io/instana/instana-agent-operator:latest
+        command: ["/bin/sh", "-c", "echo 'All images pre-pulled successfully'; sleep 600"]
+        imagePullPolicy: IfNotPresent
+        securityContext:
+          allowPrivilegeEscalation: false
+          capabilities:
+            drop: ["ALL"]
+          runAsUser: 1000
+          runAsGroup: 1000
+          runAsNonRoot: true
+          seccompProfile:
+            type: RuntimeDefault
+      initContainers:
+      - name: pull-operator
+        image: icr.io/instana/instana-agent-operator:latest
+        command: ["/bin/sh", "-c", "echo 'Pulled operator image'"]
+        imagePullPolicy: Always
+        securityContext:
+          allowPrivilegeEscalation: false
+          capabilities:
+            drop: ["ALL"]
+          runAsUser: 1000
+          runAsGroup: 1000
+          runAsNonRoot: true
+          seccompProfile:
+            type: RuntimeDefault
+      - name: pull-dynamic-agent
+        image: icr.io/instana/agent:latest
+        command: ["/bin/sh", "-c", "echo 'Pulled dynamic agent image'"]
+        imagePullPolicy: Always
+        securityContext:
+          allowPrivilegeEscalation: false
+          capabilities:
+            drop: ["ALL"]
+          runAsUser: 1000
+          runAsGroup: 1000
+          runAsNonRoot: true
+          seccompProfile:
+            type: RuntimeDefault
+      - name: pull-k8sensor
+        image: icr.io/instana/k8sensor:latest
+        command: ["/ko-app/k8sensor", "--help"]
+        imagePullPolicy: Always
+        securityContext:
+          allowPrivilegeEscalation: false
+          capabilities:
+            drop: ["ALL"]
+          runAsUser: 1000
+          runAsGroup: 1000
+          runAsNonRoot: true
+          seccompProfile:
+            type: RuntimeDefault
+      - name: pull-static-agent
+        image: containers.instana.io/instana/release/agent/static:latest
+        command: ["/bin/sh", "-c", "echo 'Pulled static agent image'"]
+        imagePullPolicy: Always
+        securityContext:
+          allowPrivilegeEscalation: false
+          capabilities:
+            drop: ["ALL"]
+          runAsUser: 1000
+          runAsGroup: 1000
+          runAsNonRoot: true
+          seccompProfile:
+            type: RuntimeDefault