zuul/nodepool
Code Issues Proposed changes

Add option of configuring imagePullSecrets for openshift drivers

Browse Source 
Change-Id: If1c877e86a020b4ee1b4dbf795c8ac2e3079b43f
This commit is contained in:
Albin Vass 2022-01-10 13:43:01 +01:00
parent e95b146d10
commit 700cf38db0
10 changed files with 107 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
doc/source/openshift-pods.rst
View File

@ -91,6 +91,24 @@ Selecting the openshift pods driver adds the following options to the
The ImagePullPolicy, can be IfNotPresent, Always or Never.
.. attr:: image-pull-secrets
:default: []
:type: list
The imagePullSecrets needed to pull container images from a private
registry.
Example:
.. code-block:: yaml
labels:
- name: openshift-pod
type: pod
image: docker.io/fedora:28
image-pull-secrets:
- name: registry-secret
.. attr:: cpu
:type: int

17
doc/source/openshift.rst
View File

@ -128,6 +128,23 @@ Selecting the openshift driver adds the following options to the
The ImagePullPolicy, can be IfNotPresent, Always or Never.
.. attr:: image-pull-secrets
:default: []
:type: list
The imagePullSecrets needed to pull container images from a private
registry.
Example:
.. code-block:: yaml
labels:
- name: openshift-pod
image: docker.io/fedora:28
image-pull-secrets:
- name: registry-secret
.. attr:: python-path
:type: str
:default: auto

2
nodepool/driver/openshift/config.py
View File

@ -45,6 +45,7 @@ class OpenshiftPool(ConfigPool):
pl.type = label['type']
pl.image = label.get('image')
pl.image_pull = label.get('image-pull', 'IfNotPresent')
pl.image_pull_secrets = label.get('image-pull-secrets', [])
pl.cpu = label.get('cpu')
pl.memory = label.get('memory')
pl.python_path = label.get('python-path', 'auto')
@ -91,6 +92,7 @@ class OpenshiftProviderConfig(ProviderConfig):
v.Required('type'): str,
'image': str,
'image-pull': str,
'image-pull-secrets': list,
'cpu': int,
'memory': int,
'python-path': str,

3
nodepool/driver/openshift/provider.py
View File

@ -227,7 +227,8 @@ class OpenshiftProvider(Provider):
container_body['resources'][rtype] = rbody
spec_body = {
'containers': [container_body]
'containers': [container_body],
'imagePullSecrets': label.image_pull_secrets,
}
if label.node_selector:

1
nodepool/driver/openshiftpods/config.py
View File

@ -53,6 +53,7 @@ class OpenshiftPodsProviderConfig(OpenshiftProviderConfig):
v.Required('name'): str,
v.Required('image'): str,
'image-pull': str,
'image-pull-secrets': list,
'cpu': int,
'memory': int,
'python-path': str,

6
nodepool/tests/fixtures/openshift.yaml vendored
View File

@ -11,6 +11,7 @@ zookeeper-tls:
labels:
- name: pod-fedora
- name: openshift-project
- name: pod-fedora-secret
providers:
- name: openshift
@ -29,3 +30,8 @@ providers:
image: docker.io/fedora:28
python-path: '/usr/bin/python3'
shell-type: csh
- name: pod-fedora-secret
type: pod
image: docker.io/fedora:28
image-pull-secrets:
- name: registry-secret

5
nodepool/tests/fixtures/openshiftpods.yaml vendored
View File

@ -10,6 +10,7 @@ zookeeper-tls:
labels:
- name: pod-fedora
- name: pod-fedora-secret
providers:
- name: openshift
@ -23,3 +24,7 @@ providers:
labels:
- name: pod-fedora
image: docker.io/fedora:28
- name: pod-fedora-secret
image: docker.io/fedora:28
image-pull-secrets:
- name: registry-secret

25
nodepool/tests/unit/test_driver_openshift.py
View File

@ -162,6 +162,31 @@ class TestDriverOpenshift(tests.DBTestCase):
self.waitForNodeDeletion(node)
def test_openshift_pull_secret(self):
configfile = self.setup_config('openshift.yaml')
pool = self.useNodepool(configfile, watermark_sleep=1)
pool.start()
req = zk.NodeRequest()
req.state = zk.REQUESTED
req.node_types.append('pod-fedora-secret')
self.zk.storeNodeRequest(req)
self.log.debug("Waiting for request %s", req.id)
req = self.waitForNodeRequest(req)
self.assertEqual(req.state, zk.FULFILLED)
self.assertNotEqual(req.nodes, [])
node = self.zk.getNode(req.nodes[0])
self.assertEqual(node.allocated_to, req.id)
self.assertEqual(node.state, zk.READY)
self.assertIsNotNone(node.launcher)
self.assertEqual(node.connection_type, 'kubectl')
node.state = zk.DELETING
self.zk.storeNode(node)
self.waitForNodeDeletion(node)
def test_openshift_native(self):
configfile = self.setup_config('openshift.yaml')
pool = self.useNodepool(configfile, watermark_sleep=1)

26
nodepool/tests/unit/test_driver_openshiftpods.py
View File

@ -109,3 +109,29 @@ class TestDriverOpenshiftPods(tests.DBTestCase):
self.zk.storeNode(node)
self.waitForNodeDeletion(node)
def test_openshift_pod_secrets(self):
configfile = self.setup_config('openshiftpods.yaml')
pool = self.useNodepool(configfile, watermark_sleep=1)
pool.start()
req = zk.NodeRequest()
req.state = zk.REQUESTED
req.node_types.append('pod-fedora-secret')
self.zk.storeNodeRequest(req)
self.log.debug("Waiting for request %s", req.id)
req = self.waitForNodeRequest(req)
self.assertEqual(req.state, zk.FULFILLED)
self.assertNotEqual(req.nodes, [])
node = self.zk.getNode(req.nodes[0])
self.assertEqual(node.allocated_to, req.id)
self.assertEqual(node.state, zk.READY)
self.assertIsNotNone(node.launcher)
self.assertEqual(node.connection_type, 'kubectl')
self.assertEqual(node.connection_port.get('token'), 'fake-token')
node.state = zk.DELETING
self.zk.storeNode(node)
self.waitForNodeDeletion(node)

5
releasenotes/notes/imagepullsecrets-d528b9610a1e0fdc.yaml Normal file
View File

@ -0,0 +1,5 @@
---
features:
- |
openshift and openshiftpods drivers now supports pods using images from
private registries by configuring `image-pull-secrets`.