From 700cf38db0807342327f4124c041e9de350e8a0e Mon Sep 17 00:00:00 2001 From: Albin Vass Date: Mon, 10 Jan 2022 13:43:01 +0100 Subject: [PATCH] Add option of configuring imagePullSecrets for openshift drivers Change-Id: If1c877e86a020b4ee1b4dbf795c8ac2e3079b43f --- doc/source/openshift-pods.rst | 18 +++++++++++++ doc/source/openshift.rst | 17 ++++++++++++ nodepool/driver/openshift/config.py | 2 ++ nodepool/driver/openshift/provider.py | 3 ++- nodepool/driver/openshiftpods/config.py | 1 + nodepool/tests/fixtures/openshift.yaml | 6 +++++ nodepool/tests/fixtures/openshiftpods.yaml | 5 ++++ nodepool/tests/unit/test_driver_openshift.py | 25 ++++++++++++++++++ .../tests/unit/test_driver_openshiftpods.py | 26 +++++++++++++++++++ .../imagepullsecrets-d528b9610a1e0fdc.yaml | 5 ++++ 10 files changed, 107 insertions(+), 1 deletion(-) create mode 100644 releasenotes/notes/imagepullsecrets-d528b9610a1e0fdc.yaml diff --git a/doc/source/openshift-pods.rst b/doc/source/openshift-pods.rst index abf701642..63e2f937b 100644 --- a/doc/source/openshift-pods.rst +++ b/doc/source/openshift-pods.rst @@ -91,6 +91,24 @@ Selecting the openshift pods driver adds the following options to the The ImagePullPolicy, can be IfNotPresent, Always or Never. + .. attr:: image-pull-secrets + :default: [] + :type: list + + The imagePullSecrets needed to pull container images from a private + registry. + + Example: + + .. code-block:: yaml + + labels: + - name: openshift-pod + type: pod + image: docker.io/fedora:28 + image-pull-secrets: + - name: registry-secret + .. attr:: cpu :type: int diff --git a/doc/source/openshift.rst b/doc/source/openshift.rst index 78584b7ff..0c777fe43 100644 --- a/doc/source/openshift.rst +++ b/doc/source/openshift.rst @@ -128,6 +128,23 @@ Selecting the openshift driver adds the following options to the The ImagePullPolicy, can be IfNotPresent, Always or Never. + .. attr:: image-pull-secrets + :default: [] + :type: list + + The imagePullSecrets needed to pull container images from a private + registry. + + Example: + + .. code-block:: yaml + + labels: + - name: openshift-pod + image: docker.io/fedora:28 + image-pull-secrets: + - name: registry-secret + .. attr:: python-path :type: str :default: auto diff --git a/nodepool/driver/openshift/config.py b/nodepool/driver/openshift/config.py index fb5c8c4ae..6d2584879 100644 --- a/nodepool/driver/openshift/config.py +++ b/nodepool/driver/openshift/config.py @@ -45,6 +45,7 @@ class OpenshiftPool(ConfigPool): pl.type = label['type'] pl.image = label.get('image') pl.image_pull = label.get('image-pull', 'IfNotPresent') + pl.image_pull_secrets = label.get('image-pull-secrets', []) pl.cpu = label.get('cpu') pl.memory = label.get('memory') pl.python_path = label.get('python-path', 'auto') @@ -91,6 +92,7 @@ class OpenshiftProviderConfig(ProviderConfig): v.Required('type'): str, 'image': str, 'image-pull': str, + 'image-pull-secrets': list, 'cpu': int, 'memory': int, 'python-path': str, diff --git a/nodepool/driver/openshift/provider.py b/nodepool/driver/openshift/provider.py index 33a2a5b61..d292d05a0 100644 --- a/nodepool/driver/openshift/provider.py +++ b/nodepool/driver/openshift/provider.py @@ -227,7 +227,8 @@ class OpenshiftProvider(Provider): container_body['resources'][rtype] = rbody spec_body = { - 'containers': [container_body] + 'containers': [container_body], + 'imagePullSecrets': label.image_pull_secrets, } if label.node_selector: diff --git a/nodepool/driver/openshiftpods/config.py b/nodepool/driver/openshiftpods/config.py index e688d2df8..2804abb33 100644 --- a/nodepool/driver/openshiftpods/config.py +++ b/nodepool/driver/openshiftpods/config.py @@ -53,6 +53,7 @@ class OpenshiftPodsProviderConfig(OpenshiftProviderConfig): v.Required('name'): str, v.Required('image'): str, 'image-pull': str, + 'image-pull-secrets': list, 'cpu': int, 'memory': int, 'python-path': str, diff --git a/nodepool/tests/fixtures/openshift.yaml b/nodepool/tests/fixtures/openshift.yaml index 9c97c5019..e1bbd002f 100644 --- a/nodepool/tests/fixtures/openshift.yaml +++ b/nodepool/tests/fixtures/openshift.yaml @@ -11,6 +11,7 @@ zookeeper-tls: labels: - name: pod-fedora - name: openshift-project + - name: pod-fedora-secret providers: - name: openshift @@ -29,3 +30,8 @@ providers: image: docker.io/fedora:28 python-path: '/usr/bin/python3' shell-type: csh + - name: pod-fedora-secret + type: pod + image: docker.io/fedora:28 + image-pull-secrets: + - name: registry-secret diff --git a/nodepool/tests/fixtures/openshiftpods.yaml b/nodepool/tests/fixtures/openshiftpods.yaml index f99724b39..07d99a95a 100644 --- a/nodepool/tests/fixtures/openshiftpods.yaml +++ b/nodepool/tests/fixtures/openshiftpods.yaml @@ -10,6 +10,7 @@ zookeeper-tls: labels: - name: pod-fedora + - name: pod-fedora-secret providers: - name: openshift @@ -23,3 +24,7 @@ providers: labels: - name: pod-fedora image: docker.io/fedora:28 + - name: pod-fedora-secret + image: docker.io/fedora:28 + image-pull-secrets: + - name: registry-secret diff --git a/nodepool/tests/unit/test_driver_openshift.py b/nodepool/tests/unit/test_driver_openshift.py index 5946f8df2..bbde7f327 100644 --- a/nodepool/tests/unit/test_driver_openshift.py +++ b/nodepool/tests/unit/test_driver_openshift.py @@ -162,6 +162,31 @@ class TestDriverOpenshift(tests.DBTestCase): self.waitForNodeDeletion(node) + def test_openshift_pull_secret(self): + configfile = self.setup_config('openshift.yaml') + pool = self.useNodepool(configfile, watermark_sleep=1) + pool.start() + req = zk.NodeRequest() + req.state = zk.REQUESTED + req.node_types.append('pod-fedora-secret') + self.zk.storeNodeRequest(req) + + self.log.debug("Waiting for request %s", req.id) + req = self.waitForNodeRequest(req) + self.assertEqual(req.state, zk.FULFILLED) + + self.assertNotEqual(req.nodes, []) + node = self.zk.getNode(req.nodes[0]) + self.assertEqual(node.allocated_to, req.id) + self.assertEqual(node.state, zk.READY) + self.assertIsNotNone(node.launcher) + self.assertEqual(node.connection_type, 'kubectl') + + node.state = zk.DELETING + self.zk.storeNode(node) + + self.waitForNodeDeletion(node) + def test_openshift_native(self): configfile = self.setup_config('openshift.yaml') pool = self.useNodepool(configfile, watermark_sleep=1) diff --git a/nodepool/tests/unit/test_driver_openshiftpods.py b/nodepool/tests/unit/test_driver_openshiftpods.py index b8409a694..814b77f7e 100644 --- a/nodepool/tests/unit/test_driver_openshiftpods.py +++ b/nodepool/tests/unit/test_driver_openshiftpods.py @@ -109,3 +109,29 @@ class TestDriverOpenshiftPods(tests.DBTestCase): self.zk.storeNode(node) self.waitForNodeDeletion(node) + + def test_openshift_pod_secrets(self): + configfile = self.setup_config('openshiftpods.yaml') + pool = self.useNodepool(configfile, watermark_sleep=1) + pool.start() + req = zk.NodeRequest() + req.state = zk.REQUESTED + req.node_types.append('pod-fedora-secret') + self.zk.storeNodeRequest(req) + + self.log.debug("Waiting for request %s", req.id) + req = self.waitForNodeRequest(req) + self.assertEqual(req.state, zk.FULFILLED) + + self.assertNotEqual(req.nodes, []) + node = self.zk.getNode(req.nodes[0]) + self.assertEqual(node.allocated_to, req.id) + self.assertEqual(node.state, zk.READY) + self.assertIsNotNone(node.launcher) + self.assertEqual(node.connection_type, 'kubectl') + self.assertEqual(node.connection_port.get('token'), 'fake-token') + + node.state = zk.DELETING + self.zk.storeNode(node) + + self.waitForNodeDeletion(node) diff --git a/releasenotes/notes/imagepullsecrets-d528b9610a1e0fdc.yaml b/releasenotes/notes/imagepullsecrets-d528b9610a1e0fdc.yaml new file mode 100644 index 000000000..213781597 --- /dev/null +++ b/releasenotes/notes/imagepullsecrets-d528b9610a1e0fdc.yaml @@ -0,0 +1,5 @@ +--- +features: + - | + openshift and openshiftpods drivers now supports pods using images from + private registries by configuring `image-pull-secrets`.