Merge "kubernetes-operator: add job volume to the spec"

2020-04-10 01:24:50 +00:00 · 2020-04-10 01:24:50 +00:00 · a8ce0dbe4b
parent 67d2e0a961 a5aa272dfe
commit a8ce0dbe4b
1 changed files with 40 additions and 0 deletions
--- a/doc/source/reference/developer/specs/kubernetes-operator.rst
+++ b/doc/source/reference/developer/specs/kubernetes-operator.rst
@ -343,6 +343,46 @@ pods that need them.
        keyfile:
          secretName: mqttSecrets

+Executor job volume
+-------------------
+
+To manage the executor job volumes, the CR also accepts a list of volumes
+to be bind mounted in the job bubblewrap contexts:
+
+::
+
+  name: Text
+  context: <trusted | untrusted>
+  access: <ro | rw>
+  path: /path
+  volume: Kubernetes.Volume
+
+
+For example, to expose a GCP authdaemon token, the Zuul CR can be defined as
+
+::
+
+  apiVersion: zuul-ci.org/v1alpha1
+  kind: Zuul
+  spec:
+    ...
+    job_volumes:
+      - context: trusted
+        access: ro
+        path: /authdaemon/token
+        volume:
+          name: gcp-auth
+          hostPath:
+            path: /var/authdaemon/executor
+            type: DirectoryOrCreate
+
+Which would result in a new executor mountpath along with this zuul.conf change:
+
+::
+
+   trusted_ro_paths=/authdaemon/token
+
+
 Logging
 -------