Merge "Add option of configuring imagePullSecrets for openshift drivers"

This commit is contained in:
Zuul 2022-04-19 08:58:53 +00:00 committed by Gerrit Code Review
commit 2926807c65
10 changed files with 107 additions and 1 deletions

View File

@ -91,6 +91,24 @@ Selecting the openshift pods driver adds the following options to the
The ImagePullPolicy, can be IfNotPresent, Always or Never.
.. attr:: image-pull-secrets
:default: []
:type: list
The imagePullSecrets needed to pull container images from a private
registry.
Example:
.. code-block:: yaml
labels:
- name: openshift-pod
type: pod
image: docker.io/fedora:28
image-pull-secrets:
- name: registry-secret
.. attr:: cpu
:type: int

View File

@ -128,6 +128,23 @@ Selecting the openshift driver adds the following options to the
The ImagePullPolicy, can be IfNotPresent, Always or Never.
.. attr:: image-pull-secrets
:default: []
:type: list
The imagePullSecrets needed to pull container images from a private
registry.
Example:
.. code-block:: yaml
labels:
- name: openshift-pod
image: docker.io/fedora:28
image-pull-secrets:
- name: registry-secret
.. attr:: python-path
:type: str
:default: auto

View File

@ -45,6 +45,7 @@ class OpenshiftPool(ConfigPool):
pl.type = label['type']
pl.image = label.get('image')
pl.image_pull = label.get('image-pull', 'IfNotPresent')
pl.image_pull_secrets = label.get('image-pull-secrets', [])
pl.cpu = label.get('cpu')
pl.memory = label.get('memory')
pl.python_path = label.get('python-path', 'auto')
@ -91,6 +92,7 @@ class OpenshiftProviderConfig(ProviderConfig):
v.Required('type'): str,
'image': str,
'image-pull': str,
'image-pull-secrets': list,
'cpu': int,
'memory': int,
'python-path': str,

View File

@ -229,7 +229,8 @@ class OpenshiftProvider(Provider, QuotaSupport):
container_body['resources'][rtype] = rbody
spec_body = {
'containers': [container_body]
'containers': [container_body],
'imagePullSecrets': label.image_pull_secrets,
}
if label.node_selector:

View File

@ -53,6 +53,7 @@ class OpenshiftPodsProviderConfig(OpenshiftProviderConfig):
v.Required('name'): str,
v.Required('image'): str,
'image-pull': str,
'image-pull-secrets': list,
'cpu': int,
'memory': int,
'python-path': str,

View File

@ -15,6 +15,7 @@ tenant-resource-limits:
labels:
- name: pod-fedora
- name: openshift-project
- name: pod-fedora-secret
providers:
- name: openshift
@ -33,3 +34,8 @@ providers:
image: docker.io/fedora:28
python-path: '/usr/bin/python3'
shell-type: csh
- name: pod-fedora-secret
type: pod
image: docker.io/fedora:28
image-pull-secrets:
- name: registry-secret

View File

@ -14,6 +14,7 @@ tenant-resource-limits:
labels:
- name: pod-fedora
- name: pod-fedora-secret
providers:
- name: openshift
@ -27,3 +28,7 @@ providers:
labels:
- name: pod-fedora
image: docker.io/fedora:28
- name: pod-fedora-secret
image: docker.io/fedora:28
image-pull-secrets:
- name: registry-secret

View File

@ -163,6 +163,31 @@ class TestDriverOpenshift(tests.DBTestCase):
self.waitForNodeDeletion(node)
def test_openshift_pull_secret(self):
configfile = self.setup_config('openshift.yaml')
pool = self.useNodepool(configfile, watermark_sleep=1)
pool.start()
req = zk.NodeRequest()
req.state = zk.REQUESTED
req.node_types.append('pod-fedora-secret')
self.zk.storeNodeRequest(req)
self.log.debug("Waiting for request %s", req.id)
req = self.waitForNodeRequest(req)
self.assertEqual(req.state, zk.FULFILLED)
self.assertNotEqual(req.nodes, [])
node = self.zk.getNode(req.nodes[0])
self.assertEqual(node.allocated_to, req.id)
self.assertEqual(node.state, zk.READY)
self.assertIsNotNone(node.launcher)
self.assertEqual(node.connection_type, 'kubectl')
node.state = zk.DELETING
self.zk.storeNode(node)
self.waitForNodeDeletion(node)
def test_openshift_native(self):
configfile = self.setup_config('openshift.yaml')
pool = self.useNodepool(configfile, watermark_sleep=1)

View File

@ -109,3 +109,29 @@ class TestDriverOpenshiftPods(tests.DBTestCase):
self.zk.storeNode(node)
self.waitForNodeDeletion(node)
def test_openshift_pod_secrets(self):
configfile = self.setup_config('openshiftpods.yaml')
pool = self.useNodepool(configfile, watermark_sleep=1)
pool.start()
req = zk.NodeRequest()
req.state = zk.REQUESTED
req.node_types.append('pod-fedora-secret')
self.zk.storeNodeRequest(req)
self.log.debug("Waiting for request %s", req.id)
req = self.waitForNodeRequest(req)
self.assertEqual(req.state, zk.FULFILLED)
self.assertNotEqual(req.nodes, [])
node = self.zk.getNode(req.nodes[0])
self.assertEqual(node.allocated_to, req.id)
self.assertEqual(node.state, zk.READY)
self.assertIsNotNone(node.launcher)
self.assertEqual(node.connection_type, 'kubectl')
self.assertEqual(node.connection_port.get('token'), 'fake-token')
node.state = zk.DELETING
self.zk.storeNode(node)
self.waitForNodeDeletion(node)

View File

@ -0,0 +1,5 @@
---
features:
- |
openshift and openshiftpods drivers now supports pods using images from
private registries by configuring `image-pull-secrets`.