The GitHub Actions job "Tests" on airflow.git/pin-k8s-test-images-against-dockerhub-ratelimit has failed. Run started by GitHub user potiuk (triggered by potiuk).
Head commit for run: 231c6ad490389d9a0adb4533889adc77c5df88a3 / Jarek Potiuk <[email protected]> Pin Docker Hub test images against rate-limit flakes The scheduled K8s system-test job has been intermittently red because multiple test pods pull the unpinned `alpine:latest` (xcom sidecar) and `busybox:latest` / `ubuntu:latest` (test pods) from Docker Hub anonymously and trip its 100-pulls-per-6h limit (https://github.com/apache/airflow/actions/runs/25365187430/job/74380551079). Without a tag, kubelet defaults `imagePullPolicy` to `Always`, so even nodes that already cached the image re-pull every run. Changes ------- 1. **Production default**: `xcom_sidecar.PodDefaults.SIDECAR_CONTAINER` now uses `alpine:3.23` via a new module-level `XCOM_SIDECAR_IMAGE` constant. Tagged → `imagePullPolicy: IfNotPresent` by default → nodes with the image cached do not re-pull. 2. **System / kubernetes-tests pin**: every bare `image="ubuntu"` / `"busybox"` / `"alpine"` in `kubernetes-tests/...` and the `cncf/kubernetes` system / unit tests is now pinned (ubuntu:24.04, busybox:1.37, alpine:3.23). Test assertions in `test_pod.py` updated to match the new sidecar default. 3. **Pre-load into kind**: a new `_preload_test_images_to_kind()` helper in `breeze k8s` runs after `_upload_k8s_image()` in `_run_complete_tests`. It pulls each image on the runner with exponential-backoff retries on Docker Hub 429s, then `kind load docker-image` puts it on every node — so kubelet never has to reach out to the registry once the cluster is ready. 4. **Auto-tracker**: `scripts/ci/prek/upgrade_important_versions.py` gains `UPGRADE_ALPINE` / `UPGRADE_BUSYBOX` flags, fetchers using the existing Docker Hub `get_latest_image_version()`, regex patterns for `alpine:` / `busybox:` literals plus chart `ALPINE_VERSION` ARGs, and the relevant call-sites added to `FILES_TO_UPDATE`. The next "Upgrade important CI environment" run will keep these pins fresh automatically. Ubuntu is intentionally not auto-tracked: the tracker would prefer the highest semver, which can be an interim (non-LTS) release — system tests want LTS. Drive-by -------- `# type: ignore[no-redef]` on the standard `import tomli as tomllib` fallback in `dev/registry/extract_{metadata,versions}.py` so `mypy-dev` passes on edits to anything else under `dev/`. Identical fix lives in PR #66314 — whichever lands first, the other becomes a no-op rebase. Report URL: https://github.com/apache/airflow/actions/runs/25382883808 With regards, GitHub Actions via GitBox --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
