Merge "Add option of configuring imagePullSecrets for openshift drivers"

2022-04-19 08:58:53 +00:00 · 2022-04-19 08:58:53 +00:00 · 2926807c65
commit 2926807c65
parent daa4e39a0d 700cf38db0
10 changed files with 107 additions and 1 deletions
--- a/doc/source/openshift-pods.rst
+++ b/doc/source/openshift-pods.rst
@ -91,6 +91,24 @@ Selecting the openshift pods driver adds the following options to the
         The ImagePullPolicy, can be IfNotPresent, Always or Never.
      .. attr:: image-pull-secrets
         :default: []
         :type: list
         The imagePullSecrets needed to pull container images from a private
         registry.
         Example:
         .. code-block:: yaml
            labels:
              - name: openshift-pod
                type: pod
                image: docker.io/fedora:28
                image-pull-secrets:
                  - name: registry-secret
      .. attr:: cpu
         :type: int
--- a/doc/source/openshift.rst
+++ b/doc/source/openshift.rst
@ -128,6 +128,23 @@ Selecting the openshift driver adds the following options to the
         The ImagePullPolicy, can be IfNotPresent, Always or Never.
      .. attr:: image-pull-secrets
         :default: []
         :type: list
         The imagePullSecrets needed to pull container images from a private
         registry.
         Example:
         .. code-block:: yaml
            labels:
              - name: openshift-pod
                image: docker.io/fedora:28
                image-pull-secrets:
                  - name: registry-secret
      .. attr:: python-path
         :type: str
         :default: auto
--- a/nodepool/driver/openshift/config.py
+++ b/nodepool/driver/openshift/config.py
@ -45,6 +45,7 @@ class OpenshiftPool(ConfigPool):
            pl.type = label['type']
            pl.image = label.get('image')
            pl.image_pull = label.get('image-pull', 'IfNotPresent')
            pl.image_pull_secrets = label.get('image-pull-secrets', [])
            pl.cpu = label.get('cpu')
            pl.memory = label.get('memory')
            pl.python_path = label.get('python-path', 'auto')
@ -91,6 +92,7 @@ class OpenshiftProviderConfig(ProviderConfig):
            v.Required('type'): str,
            'image': str,
            'image-pull': str,
            'image-pull-secrets': list,
            'cpu': int,
            'memory': int,
            'python-path': str,
--- a/nodepool/driver/openshift/provider.py
+++ b/nodepool/driver/openshift/provider.py
@ -229,7 +229,8 @@ class OpenshiftProvider(Provider, QuotaSupport):
                container_body['resources'][rtype] = rbody
        spec_body = {
-            'containers': [container_body]
+            'containers': [container_body],
            'imagePullSecrets': label.image_pull_secrets,
        }
        if label.node_selector:
--- a/nodepool/driver/openshiftpods/config.py
+++ b/nodepool/driver/openshiftpods/config.py
@ -53,6 +53,7 @@ class OpenshiftPodsProviderConfig(OpenshiftProviderConfig):
            v.Required('name'): str,
            v.Required('image'): str,
            'image-pull': str,
            'image-pull-secrets': list,
            'cpu': int,
            'memory': int,
            'python-path': str,
--- a/nodepool/tests/fixtures/openshift.yaml
+++ b/nodepool/tests/fixtures/openshift.yaml
@ -15,6 +15,7 @@ tenant-resource-limits:
 labels:
  - name: pod-fedora
  - name: openshift-project
  - name: pod-fedora-secret
 providers:
  - name: openshift
@ -33,3 +34,8 @@ providers:
            image: docker.io/fedora:28
            python-path: '/usr/bin/python3'
            shell-type: csh
          - name: pod-fedora-secret
            type: pod
            image: docker.io/fedora:28
            image-pull-secrets:
              - name: registry-secret
--- a/nodepool/tests/fixtures/openshiftpods.yaml
+++ b/nodepool/tests/fixtures/openshiftpods.yaml
@ -14,6 +14,7 @@ tenant-resource-limits:
 labels:
  - name: pod-fedora
  - name: pod-fedora-secret
 providers:
  - name: openshift
@ -27,3 +28,7 @@ providers:
        labels:
          - name: pod-fedora
            image: docker.io/fedora:28
          - name: pod-fedora-secret
            image: docker.io/fedora:28
            image-pull-secrets:
              - name: registry-secret
--- a/nodepool/tests/unit/test_driver_openshift.py
+++ b/nodepool/tests/unit/test_driver_openshift.py
@ -163,6 +163,31 @@ class TestDriverOpenshift(tests.DBTestCase):
        self.waitForNodeDeletion(node)
    def test_openshift_pull_secret(self):
        configfile = self.setup_config('openshift.yaml')
        pool = self.useNodepool(configfile, watermark_sleep=1)
        pool.start()
        req = zk.NodeRequest()
        req.state = zk.REQUESTED
        req.node_types.append('pod-fedora-secret')
        self.zk.storeNodeRequest(req)
        self.log.debug("Waiting for request %s", req.id)
        req = self.waitForNodeRequest(req)
        self.assertEqual(req.state, zk.FULFILLED)
        self.assertNotEqual(req.nodes, [])
        node = self.zk.getNode(req.nodes[0])
        self.assertEqual(node.allocated_to, req.id)
        self.assertEqual(node.state, zk.READY)
        self.assertIsNotNone(node.launcher)
        self.assertEqual(node.connection_type, 'kubectl')
        node.state = zk.DELETING
        self.zk.storeNode(node)
        self.waitForNodeDeletion(node)
    def test_openshift_native(self):
        configfile = self.setup_config('openshift.yaml')
        pool = self.useNodepool(configfile, watermark_sleep=1)
--- a/nodepool/tests/unit/test_driver_openshiftpods.py
+++ b/nodepool/tests/unit/test_driver_openshiftpods.py
@ -109,3 +109,29 @@ class TestDriverOpenshiftPods(tests.DBTestCase):
        self.zk.storeNode(node)
        self.waitForNodeDeletion(node)
    def test_openshift_pod_secrets(self):
        configfile = self.setup_config('openshiftpods.yaml')
        pool = self.useNodepool(configfile, watermark_sleep=1)
        pool.start()
        req = zk.NodeRequest()
        req.state = zk.REQUESTED
        req.node_types.append('pod-fedora-secret')
        self.zk.storeNodeRequest(req)
        self.log.debug("Waiting for request %s", req.id)
        req = self.waitForNodeRequest(req)
        self.assertEqual(req.state, zk.FULFILLED)
        self.assertNotEqual(req.nodes, [])
        node = self.zk.getNode(req.nodes[0])
        self.assertEqual(node.allocated_to, req.id)
        self.assertEqual(node.state, zk.READY)
        self.assertIsNotNone(node.launcher)
        self.assertEqual(node.connection_type, 'kubectl')
        self.assertEqual(node.connection_port.get('token'), 'fake-token')
        node.state = zk.DELETING
        self.zk.storeNode(node)
        self.waitForNodeDeletion(node)
--- a/releasenotes/notes/imagepullsecrets-d528b9610a1e0fdc.yaml
+++ b/releasenotes/notes/imagepullsecrets-d528b9610a1e0fdc.yaml
@ -0,0 +1,5 @@
 ---
 features:
  - |
    openshift and openshiftpods drivers now supports pods using images from
    private registries by configuring `image-pull-secrets`.