Skip to content

Support deploying locally built images to local cluster #204

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
mclasmeier wants to merge 17 commits into
base: main
Choose a base branch
from
Open

Support deploying locally built images to local cluster #204

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
17 commits
Select commit Hold shift + click to select a range
de6a83f
go.mod & go.sum
Jun 9, 2026
31a12d1
New function for retrieving list of main-tagged images for ACS
Jun 9, 2026
c1debd1
Support for pre-loading images
Jun 9, 2026
9ece666
Package for accessing container runtime without probing docker/podman…
Jun 9, 2026
0193dab
New ClusterType method: IsLocal
Jun 9, 2026
a25e1e6
Don't try to pull images in case they exist locally
Jun 9, 2026
bec49c8
Removed dead code
Jun 9, 2026
e30da15
Use operator bundle image functions from acs_images
Jun 9, 2026
4804b44
Store container runtime socket in Deployer and provide more getters
Jun 9, 2026
5459d0f
Support local images in deploy command
Jun 9, 2026
cf5b5b8
internal/deployer/local_images_generic.go
Jun 9, 2026
5ade72e
Propagate container socket o that assureImageExistsLocally also uses …
Jun 9, 2026
4f6c555
Elaborate with code comment
Jun 9, 2026
32248e1
go mod tidy
Jun 9, 2026
930033b
Update integration test
Jun 9, 2026
94e9f6a
Also capture stderr
Jun 9, 2026
ab6fc41
Less noisy warnings
Jun 9, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
44 changes: 43 additions & 1 deletion cmd/deploy.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,8 @@ import (
)

var (
sharedNamespace = "stackrox"
sharedNamespace = "stackrox"
imagePreLoadCommand string
)

func newDeployCmd(settings *deployer.Config) *cobra.Command {
Expand All @@ -51,6 +52,8 @@ Examples:
cmd.Flags().StringVar(&shell, "shell", "", "Shell to spawn after Central deployment")

cmd.Flags().StringVar(&envrc, "envrc", "", "Write environment to file instead of spawning sub-shell")
cmd.Flags().StringVar(&imagePreLoadCommand, "image-preload-command", "",

@porridge porridge Jun 17, 2026

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This preloading feature doesn't seem to be mentioned anywhere apart from this flag, The way it is worded might suggest that you have to supply it, but in reality roxie knows how to do this in some cases, but it's not clear which.

"Use custom command for pre-loading images to local cluster. Image can be referenced as $IMAGE.")

registerFlag(cmd, settings, "olm", "Deploy operator via OLM (requires OLM installed)",
withNoOptDefVal("true"),
Expand Down Expand Up @@ -321,6 +324,35 @@ func runDeploy(cmd *cobra.Command, args []string) error {
ctx, cancel := context.WithTimeout(context.Background(), 30*time.Minute)
defer cancel()

// If we are deploying to a local cluster and the images exist locally, then we transfer them
// to the local cluster.
if deploySettings.Roxie.ClusterType.IsLocal() && !deploySettings.Roxie.KonfluxImages {
var preLoader deployer.ImagePreLoader
if imagePreLoadCommand != "" {
preLoader = deployer.NewCustomImagePreloader(ctx, log, imagePreLoadCommand)
} else {
preLoader, err = d.GetPreLoaderForCluster()
if err != nil && !errors.Is(err, deployer.ErrLocalImagesUnsupported) {
return fmt.Errorf("obtaining image preloader for cluster: %w", err)
}
// ErrLocalImagesUnsupported indicates that roxie does not contain preloading
// support for the respective cluster type. If preloading is required (because
// the images do not exist on the remote registry), the user needs to take care
// of the preloading.
}
if preLoader == nil {

@porridge porridge Jun 17, 2026

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We check for the special error above, but here we check for a nil, which means we implicitly rely on the two facts always happening together. Maybe it would be better to explicitly check for the error before printing these warnings instead.

log.Warningf("Image preloading not supported for cluster %s.", d.GetKubeContext())
log.Warningf("Use --image-preload-command for specifying custom image preloading mechanism.")
} else {
log.Dimf("Using image pre-loader %q", preLoader.Name())

if err := d.TryTransferLocalImages(ctx, preLoader); err != nil {
// Best effort, keep running.
log.Warningf("Transferring images to local cluster failed: %v", err)
}
}
}

if components.IncludesCentral() {
d.PrintCentralDeploymentSummary()
}
Expand Down Expand Up @@ -366,6 +398,9 @@ func configureConfig(log *logger.Logger, components component.Component, deployS
deploySettings.Roxie.ClusterType = clusterType
}
clusterType := deploySettings.Roxie.ClusterType
centralDeployLocally := components.IncludesCentral() && clusterType.IsLocal()
sensorDeployLocally := components.IncludesSensor() && clusterType.IsLocal()

defaults, err := clusterdefaults.ApplyClusterDefaults(deploySettings)
if err != nil {
return err
Expand All @@ -381,11 +416,18 @@ func configureConfig(log *logger.Logger, components component.Component, deployS
log.Dimf("Selecting resource profile %v for Central", profile)
deploySettings.Central.ResourceProfile = profile
}
if centralDeployLocally && deploySettings.Central.ResourceProfile == types.ResourceProfileAcsDefaults {
log.Warning("You are deploying Central to a local cluster, it is recommended to specify a resource profile (or --resources=auto)")
}

if deploySettings.SecuredCluster.ResourceProfile == types.ResourceProfileAuto {
profile := clusterdefaults.ResolveAutoResourceProfile(clusterType)
log.Dimf("Selecting resource profile %v for SecuredCluster", profile)
deploySettings.SecuredCluster.ResourceProfile = profile
}
if sensorDeployLocally && deploySettings.SecuredCluster.ResourceProfile == types.ResourceProfileAcsDefaults {
log.Warning("You are deploying SecuredCluster to a local cluster, it is recommended to specify a resource profile (or --resources=auto)")
}

// We need to do this regardless of whether the operator is deployed or not, because
// this includes the transformation of StackRox main image tags to semver compatible versions,
Expand Down
38 changes: 33 additions & 5 deletions go.mod
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,15 +6,44 @@ require (
dario.cat/mergo v1.0.2
github.com/fatih/color v1.19.0
github.com/google/go-containerregistry v0.21.5
github.com/moby/moby/client v0.4.0
github.com/spf13/cobra v1.10.2
github.com/spf13/pflag v1.0.10
github.com/stretchr/testify v1.11.1
golang.org/x/term v0.42.0
golang.org/x/term v0.43.0
gopkg.in/yaml.v3 v3.0.1
k8s.io/apimachinery v0.35.3
k8s.io/utils v0.0.0-20251002143259-bc988d571ff4
)

require github.com/moby/moby/api v1.54.1 // indirect

@porridge porridge Jun 17, 2026

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why are there separate sections now?


require (
github.com/Microsoft/go-winio v0.6.2 // indirect
github.com/cespare/xxhash/v2 v2.3.0 // indirect
github.com/containerd/errdefs v1.0.0 // indirect
github.com/containerd/errdefs/pkg v0.3.0 // indirect
github.com/containerd/log v0.1.0 // indirect
github.com/distribution/reference v0.6.0 // indirect
github.com/docker/docker v28.5.2+incompatible
github.com/docker/go-connections v0.6.0 // indirect
github.com/docker/go-units v0.5.0 // indirect
github.com/felixge/httpsnoop v1.0.4 // indirect
github.com/go-logr/stdr v1.2.2 // indirect
github.com/moby/docker-image-spec v1.3.1 // indirect
github.com/moby/sys/atomicwriter v0.1.0 // indirect
github.com/morikuni/aec v1.1.0 // indirect
github.com/pkg/errors v0.9.1 // indirect
go.opentelemetry.io/auto/sdk v1.2.1 // indirect
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.61.0 // indirect
go.opentelemetry.io/otel v1.44.0 // indirect
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.44.0 // indirect
go.opentelemetry.io/otel/metric v1.44.0 // indirect
go.opentelemetry.io/otel/sdk v1.44.0 // indirect
go.opentelemetry.io/otel/sdk/metric v1.44.0 // indirect
go.opentelemetry.io/otel/trace v1.44.0 // indirect
)

require (
github.com/Masterminds/semver/v3 v3.5.0
github.com/containerd/stargz-snapshotter/estargz v0.18.2 // indirect
Expand All @@ -38,12 +67,11 @@ require (
github.com/vbatts/tar-split v0.12.2 // indirect
github.com/x448/float16 v0.8.4 // indirect
go.yaml.in/yaml/v2 v2.4.3 // indirect
golang.org/x/net v0.48.0 // indirect
golang.org/x/net v0.55.0 // indirect
golang.org/x/sync v0.20.0 // indirect
golang.org/x/sys v0.43.0 // indirect
golang.org/x/text v0.35.0 // indirect
golang.org/x/sys v0.45.0 // indirect
golang.org/x/text v0.37.0 // indirect
gopkg.in/inf.v0 v0.9.1 // indirect
gotest.tools/v3 v3.5.2 // indirect
k8s.io/klog/v2 v2.130.1 // indirect
k8s.io/kube-openapi v0.0.0-20250910181357-589584f1c912 // indirect
sigs.k8s.io/json v0.0.0-20250730193827-2d320260d730 // indirect
Expand Down
Loading
Loading