From a8064fa9f46faeb4785a438e049353bf612d3c75 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Guilhem=20Barth=C3=A9s?= Date: Tue, 19 Mar 2024 16:29:39 +0100 Subject: [PATCH] feat: add docker-secret to kubernetes MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Guilhem Barthés --- backend/substrapp/compute_tasks/compute_pod.py | 6 ++++++ charts/substra-backend/templates/statefulset-worker.yaml | 4 ++++ examples/secrets/secret-harbor-dockerconfig.yaml | 2 +- 3 files changed, 11 insertions(+), 1 deletion(-) diff --git a/backend/substrapp/compute_tasks/compute_pod.py b/backend/substrapp/compute_tasks/compute_pod.py index bc12bea02..ecee16229 100644 --- a/backend/substrapp/compute_tasks/compute_pod.py +++ b/backend/substrapp/compute_tasks/compute_pod.py @@ -132,7 +132,12 @@ def create_pod( ] ) ) + image_pull_secret = os.getenv("DOCKER_CONFIG_SECRET_NAME") + if image_pull_secret: + image_pull_secrets = [kubernetes.client.V1LocalObjectReference(name=image_pull_secret)] + else: + image_pull_secrets = None spec = kubernetes.client.V1PodSpec( restart_policy="Never", affinity=pod_affinity, @@ -141,6 +146,7 @@ def create_pod( security_context=get_pod_security_context(), termination_grace_period_seconds=0, automount_service_account_token=False, + image_pull_secrets=image_pull_secrets, ) pod = kubernetes.client.V1Pod(api_version="v1", kind="Pod", metadata=metadata, spec=spec) diff --git a/charts/substra-backend/templates/statefulset-worker.yaml b/charts/substra-backend/templates/statefulset-worker.yaml index 31198d5d8..f0dff7aa8 100644 --- a/charts/substra-backend/templates/statefulset-worker.yaml +++ b/charts/substra-backend/templates/statefulset-worker.yaml @@ -115,6 +115,10 @@ spec: value: {{ include "substra-backend.objectStore.url" . | quote }} - name: ENABLE_DATASAMPLE_STORAGE_IN_SERVERMEDIAS value: {{ .Values.DataSampleStorageInServerMedia | quote }} + {{- if .Values.kaniko.dockerConfigSecretName }} + - name: DOCKER_CONFIG_SECRET_NAME + value: {{ .Values.kaniko.dockerConfigSecretName }} + {{- end }} {{- with .Values.extraEnv }} {{ toYaml . | indent 12 }} {{- end }} diff --git a/examples/secrets/secret-harbor-dockerconfig.yaml b/examples/secrets/secret-harbor-dockerconfig.yaml index c9c50a85a..645cfaff2 100644 --- a/examples/secrets/secret-harbor-dockerconfig.yaml +++ b/examples/secrets/secret-harbor-dockerconfig.yaml @@ -1,6 +1,6 @@ apiVersion: v1 data: - .dockerconfigjson: eyJhdXRocyI6eyJoYXJib3IuaGFyYm9yLnN2Yy5jbHVzdGVyLmxvY2FsOjg0NDMiOnsidXNlcm5hbWUiOiJhZG1pbiIsInBhc3N3b3JkIjoiaGFyYm9yUEBzc3dvcmQyNDAzIiwiYXV0aCI6IllXUnRhVzQ2YUdGeVltOXlVRUJ6YzNkdmNtUXlOREF6In19fQ== + .dockerconfigjson: eyJhdXRocyI6eyJoYXJib3IuaGFyYm9yLnN2Yy5jbHVzdGVyLmxvY2FsOjMwMDQ2Ijp7InVzZXJuYW1lIjoiYWRtaW4iLCJwYXNzd29yZCI6ImhhcmJvclBAc3N3b3JkMjQwMyIsImF1dGgiOiJZV1J0YVc0NmFHRnlZbTl5VUVCemMzZHZjbVF5TkRBeiJ9LCJoYXJib3IuaGFyYm9yLnN2Yy5jbHVzdGVyLmxvY2FsOjg0NDMiOnsidXNlcm5hbWUiOiJhZG1pbiIsInBhc3N3b3JkIjoiaGFyYm9yUEBzc3dvcmQyNDAzIiwiYXV0aCI6IllXUnRhVzQ2YUdGeVltOXlVRUJ6YzNkdmNtUXlOREF6In0sImxvY2FsaG9zdDozMDA0NiI6eyJ1c2VybmFtZSI6ImFkbWluIiwicGFzc3dvcmQiOiJoYXJib3JQQHNzd29yZDI0MDMiLCJhdXRoIjoiWVdSdGFXNDZhR0Z5WW05eVVFQnpjM2R2Y21ReU5EQXoifSwicmVnaXN0cnkub3JnLTIuaW50ZXJuYWw6MzAwNDYiOnsidXNlcm5hbWUiOiJhZG1pbiIsInBhc3N3b3JkIjoiaGFyYm9yUEBzc3dvcmQyNDAzIiwiYXV0aCI6IllXUnRhVzQ2YUdGeVltOXlVRUJ6YzNkdmNtUXlOREF6In19fQ== kind: Secret metadata: creationTimestamp: null