Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

control-service: Fix authentication when pulling images #456

Merged
merged 1 commit into from
Nov 1, 2021
Merged

control-service: Fix authentication when pulling images #456

merged 1 commit into from
Nov 1, 2021

Conversation

YanaZhivkova
Copy link
Contributor

Some control-service instances need to store Data Job
images in a private container registry, so we need to
apply registry credentials when pulling Data Job images.

Add secret containing docker registry credentials to the
pipelines_control_service helm chart and set it in
cron jobs on deploy (imagePullSecrets).

Tested by created, deploying and executing a Data Job
against a control service instance configured to push/pull
images to/from a private container registry.

Signed-off-by: Yana Zhivkova [email protected]

@YanaZhivkova YanaZhivkova force-pushed the person/yzhivkova/Fix_authentication_when_pulling_Data_Job_image_on_execute branch from ab4f94e to e977755 Compare October 28, 2021 11:54
@YanaZhivkova YanaZhivkova marked this pull request as draft October 28, 2021 12:13
@antoniivanov
Copy link
Collaborator

Can you please link the github issue :

image

@antoniivanov
Copy link
Collaborator

I have not looked at the code yet (as it is in draft). But I am not sure I mentioned and it's documented but just in case. Our helm chart follow bitnami style - there are a lot of charts in bitnami repo: https://github.com/bitnami/charts/tree/master/bitnami So make sure to reuse what they've done there.

@mivanov1988
Copy link
Collaborator

Did you evaluate the following approach - https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#add-imagepullsecrets-to-a-service-account?

@YanaZhivkova YanaZhivkova force-pushed the person/yzhivkova/Fix_authentication_when_pulling_Data_Job_image_on_execute branch from e977755 to 5d09f57 Compare October 28, 2021 13:17
@YanaZhivkova YanaZhivkova linked an issue Oct 28, 2021 that may be closed by this pull request
Fix authentication when pulling images from authenticated container registry #406
Closed
@YanaZhivkova YanaZhivkova marked this pull request as ready for review October 28, 2021 13:24
@YanaZhivkova
Copy link
Contributor Author

Can you please link the github issue :

image

Done.

@YanaZhivkova YanaZhivkova marked this pull request as draft October 28, 2021 13:32
@YanaZhivkova YanaZhivkova force-pushed the person/yzhivkova/Fix_authentication_when_pulling_Data_Job_image_on_execute branch 4 times, most recently from 7f0c900 to 636fd78 Compare October 28, 2021 17:17
@YanaZhivkova YanaZhivkova force-pushed the person/yzhivkova/Fix_authentication_when_pulling_Data_Job_image_on_execute branch from 636fd78 to 649619a Compare November 1, 2021 15:24
@YanaZhivkova
Copy link
Contributor Author

I have not looked at the code yet (as it is in draft). But I am not sure I mentioned and it's documented but just in case. Our helm chart follow bitnami style - there are a lot of charts in bitnami repo: https://github.com/bitnami/charts/tree/master/bitnami So make sure to reuse what they've done there.

It seems like we respect the bitnami style.

@YanaZhivkova
Copy link
Contributor Author

Did you evaluate the following approach - https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#add-imagepullsecrets-to-a-service-account?

Yes, there were several discussions. We decided to stick to the initial plan - namely pass imagePullSecrets through the cron job.

@YanaZhivkova YanaZhivkova force-pushed the person/yzhivkova/Fix_authentication_when_pulling_Data_Job_image_on_execute branch from 649619a to 5edf459 Compare November 1, 2021 16:04
@YanaZhivkova YanaZhivkova marked this pull request as ready for review November 1, 2021 16:04
@YanaZhivkova
control-service: Fix authentication when pulling images
a6b975e 
Some control-service instances need to store Data Job
images in a private container registry, so we need to
apply registry credentials when pulling Data Job images.

Add secret containing dedicated read-only docker registry
credentials to the pipelines_control_service helm chart
and set it in cron jobs on deploy (imagePullSecrets).

Tested by created, deploying and executing a Data Job
against a control service instance configured to push/pull
images to/from a private container registry.

Signed-off-by: Yana Zhivkova <[email protected]>
@YanaZhivkova YanaZhivkova force-pushed the person/yzhivkova/Fix_authentication_when_pulling_Data_Job_image_on_execute branch from 5edf459 to a6b975e Compare November 1, 2021 17:23
@YanaZhivkova YanaZhivkova merged commit 6b356f4 into main Nov 1, 2021
@YanaZhivkova YanaZhivkova deleted the person/yzhivkova/Fix_authentication_when_pulling_Data_Job_image_on_execute branch November 1, 2021 17:55
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@antoniivanov antoniivanov antoniivanov approved these changes

@mivanov1988 mivanov1988 mivanov1988 approved these changes

Assignees
No one assigned
Labels
cla-not-required
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Fix authentication when pulling images from authenticated container registry
4 participants
@YanaZhivkova @antoniivanov @mivanov1988 @vmwclabot