Switch Zenko consumers to vendored GHCR mongodb images

benzekrimaha · benzekrimaha · commit f9af93c32d8b · 2026-04-24T12:27:04.000+02:00
Cut over Zenko consumers from the Bitnami-hosted mongodb images to the vendored ones built in CI: - `solution-base/deps.yaml` now points the mongodb-sharded, mongodb-exporter and os-shell entries to `ghcr.io/scality/zenko/`, replacing the previous bitnamilegacy references that required a paid subscription secret to pull. - `solution-base/build.sh` consumes the same images for the ISO using the immutable tree-hash tag computed by `mongodb_build_vars.sh`, so the ISO is built against the exact image content that was tested in CI. - `.github/scripts/end2end/install-kind-dependencies.sh` resolves the mongodb image references via `mongodb_build_vars.sh` and appends the tree-hash suffix to the GHCR image tags, so the kind cluster used by end2end tests pulls the exact freshly built images. Issue: ZENKO-5110
diff --git a/.github/scripts/end2end/install-kind-dependencies.sh b/.github/scripts/end2end/install-kind-dependencies.sh
@@ -113,8 +113,8 @@ kubectl wait --for=condition=Ready --timeout=240s clusterissuer/artesca-root-ca-
 
 # Copy root CA secret to default namespace for applications to use
 echo "Copying root CA certificate to default namespace..."
-kubectl get secret root-ca -n cert-manager -o json | 
-  jq '.metadata.namespace="default" | .metadata.name="zenko-root-ca"' | 
+kubectl get secret root-ca -n cert-manager -o json |
+    jq '.metadata.namespace="default" | .metadata.name="zenko-root-ca"' |
   kubectl apply -f -
 
 # prometheus
@@ -152,9 +152,9 @@ metadata:
   name: mongodb-db-creds
 stringData:
   mongodb-root-username: $MONGODB_ROOT_USERNAME
-  mongodb-root-password: $MONGODB_ROOT_PASSWORD 
+  mongodb-root-password: $MONGODB_ROOT_PASSWORD
   mongodb-username: $MONGODB_APP_USERNAME
-  mongodb-password: $MONGODB_APP_PASSWORD 
+  mongodb-password: $MONGODB_APP_PASSWORD
   mongodb-database: $MONGODB_APP_DATABASE
   mongodb-replica-set-key: $MONGODB_RS_KEY
 EOF
@@ -196,10 +196,10 @@ patch_mongodb_selector() {
 
     # Remove volume selectors from mongos StatefulSet
     yq eval 'select(.kind == "StatefulSet" and .metadata.name == "data-db-mongodb-sharded-mongos") |= del(.spec.volumeClaimTemplates[].spec.selector)' -i "$base_yaml_path"
-    
-    # Remove volume selectors from configsvr StatefulSet  
+
+    # Remove volume selectors from configsvr StatefulSet
     yq eval 'select(.kind == "StatefulSet" and .metadata.name == "data-db-mongodb-sharded-configsvr") |= del(.spec.volumeClaimTemplates[].spec.selector)' -i "$base_yaml_path"
-    
+
     # Remove volume selectors from shard StatefulSets
     for ((i=0; i<shard_count; i++)); do
         yq eval "select(.kind == \"StatefulSet\" and .metadata.name == \"data-db-mongodb-sharded-shard${i}-data\") |= del(.spec.volumeClaimTemplates[].spec.selector)" -i "$base_yaml_path"
@@ -215,7 +215,7 @@ build_solution_base_manifests() {
     # Limits and requests for MongoDB are computed based on the current system
     # Detect total system RAM in GiB
     TOTAL_RAM_GB=$(awk '/MemTotal/ {printf "%.0f", $2/1024/1024}' /proc/meminfo)
-  
+
     # Compute MongoDB settings based on the total RAM
     MONGODB_WIRETIGER_CACHE_SIZE_GB=$((TOTAL_RAM_GB * 335 / 1000))
     MONGODB_MONGOS_RAM_LIMIT=$((TOTAL_RAM_GB * 165 / 1000))Gi
@@ -233,7 +233,11 @@ build_solution_base_manifests() {
 
 get_image_from_deps() {
     local dep_name=$1
-    yq eval ".$dep_name | (.sourceRegistry // \"docker.io\") + \"/\" + .image + \":\" + .tag" $SOLUTION_BASE_DIR/deps.yaml
+
+    source <( "$SOLUTION_BASE_DIR/mongodb_build_vars.sh" )
+
+    yq eval ".$dep_name | (.sourceRegistry // \"docker.io\") + \"/\" + .image + \":\" + .tag" $SOLUTION_BASE_DIR/deps.yaml |
+        sed '/ghcr.io\/scality\/zenko\/mongo/ s/$/-'"${MONGODB_BUILD_TREE_HASH}"'/'
 }
 
 retry() {
diff --git a/solution-base/build.sh b/solution-base/build.sh
@@ -64,7 +64,10 @@ MONGODB_MONGOS_RAM_REQUEST="MONGODB_MONGOS_RAM_REQUEST"
 
 function flatten_source_images()
 {
-    yq eval '.* | (.sourceRegistry // "docker.io") + "/" + .image + ":" + .tag' ${SOLUTION_BASE_DIR}/deps.yaml
+    source <( ${SOLUTION_BASE_DIR}/mongodb_build_vars.sh )
+
+    yq eval '.* | (.sourceRegistry // "docker.io") + "/" + .image + ":" + .tag' ${SOLUTION_BASE_DIR}/deps.yaml |
+        sed '/ghcr.io\/scality\/zenko\// s/$/-'"${MONGODB_BUILD_TREE_HASH}"'/'
 }
 
 function clean()
diff --git a/solution-base/deps.yaml b/solution-base/deps.yaml
@@ -2,11 +2,14 @@
 # to sort keys, use the following command
 # yq eval 'sortKeys(.)' -i deps.yaml
 mongodb-sharded:
-  image: bitnamilegacy/mongodb-sharded
-  tag: 8.0.13-debian-12-r0
+  sourceRegistry: ghcr.io
+  image: scality/zenko/mongodb-sharded
+  tag: "8.0.13"
 mongodb-sharded-exporter:
-  image: bitnamilegacy/mongodb-exporter
-  tag: 0.47.0-debian-12-r1
+  sourceRegistry: ghcr.io
+  image: scality/zenko/mongodb-exporter
+  tag: "0.49.0"
 mongodb-shell:
-  image: bitnamilegacy/os-shell
-  tag: 12-debian-12-r51
+  sourceRegistry: ghcr.io
+  image: scality/zenko/os-shell
+  tag: "12"

Original file line number	Diff line number	Diff line change
`@@ -64,7 +64,10 @@ MONGODB_MONGOS_RAM_REQUEST="MONGODB_MONGOS_RAM_REQUEST"`
`64`	`64`
`65`	`65`	`function flatten_source_images()`
`66`	`66`	`{`
`67`		`- yq eval '.* \| (.sourceRegistry // "docker.io") + "/" + .image + ":" + .tag' ${SOLUTION_BASE_DIR}/deps.yaml`
	`67`	`+ source <( ${SOLUTION_BASE_DIR}/mongodb_build_vars.sh )`
	`68`	`+`
	`69`	`+ yq eval '.* \| (.sourceRegistry // "docker.io") + "/" + .image + ":" + .tag' ${SOLUTION_BASE_DIR}/deps.yaml \|`
	`70`	`+ sed '/ghcr.io\/scality\/zenko\// s/$/-'"${MONGODB_BUILD_TREE_HASH}"'/'`
`68`	`71`	`}`
`69`	`72`
`70`	`73`	`function clean()`