skaffold icon indicating copy to clipboard operation
skaffold copied to clipboard

Published 20 hours ago verified publisher icon GoogleContainerTools

feat: add field imagePullSecrets to kaniko pod definition

Open yurchenkosv opened this issue 3 years ago • 8 comments
trafficstars

Fixes: #7615 Related: Relevant tracking issues, for context Merge before/after: Dependent or prerequisite PRs

Description

I've been faced with no ability to build image via kaniko builder. This is because of build was started in private k8s cluster which no access to internet and private docker proxy which needs requests to be authorized. Only way to get kaniko executor image is to set imagePullSecrets into pod definition. This PR is about to solve this case.

User facing changes (remove if N/A) Changed yaml schema, to set imagePullSecret via config into pod.

yurchenkosv avatar Jun 30 '22 10:06 yurchenkosv

Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

View this failed invocation of the CLA check for more information.

For the most up to date status, view the checks section at the bottom of the pull request.

google-cla[bot] avatar Jun 30 '22 10:06 google-cla[bot]

@yurchenkosv Thanks for the fix. Looks like this is an issue in v1 skaffold versions. I am not sure how the PR you have fixes the issue. Can you please explain more?

tejal29 avatar Jun 30 '22 16:06 tejal29

@tejal29 Thanks for the review. As I wrote earlier, there is a problem with the inability to build a docker image through kaniko when using a private docker proxy. Skaffold creates a pod in the cluster for the build, the pod uses 2 images (for the init container and for kaniko executor). The only way to get these images in my case is through a docker proxy, which requires authentication. The native k8s cluster mechanism assumes specifying imagePullSecret in the pod definition for such purposes. Unfortunately, skaffold does not provide the ability to pass imagePullSecret to pod via cluster config. My PR adds this ability. If you have any other question about this PR, feel free to ask, I'm very interested in adding this code to the project.

yurchenkosv avatar Jul 01 '22 06:07 yurchenkosv

sorry for the delay @yurchenkosv

Kaniko has two fields pullSecretName and pullSecretPath described here https://skaffold.dev/docs/pipeline-stages/builders/docker/#dockerfile-in-cluster-with-kaniko

Can you instead make a change to add the pullSecretName to Kaniko Pod spec created https://github.com/GoogleContainerTools/skaffold/blob/ecf01da6c2493bb7c3eed666c342aa3be5bea6a7/pkg/skaffold/build/cluster/pod.go#L41

Thanks Tejal

tejal29 avatar Jul 14 '22 18:07 tejal29

Codecov Report

Merging #7614 (dc5ee39) into main (290280e) will decrease coverage by 4.19%. The diff coverage is 54.24%.

@@            Coverage Diff             @@
##             main    #7614      +/-   ##
==========================================
- Coverage   70.48%   66.28%   -4.20%     
==========================================
  Files         515      582      +67     
  Lines       23150    27967    +4817     
==========================================
+ Hits        16317    18538    +2221     
- Misses       5776     8080    +2304     
- Partials     1057     1349     +292
Impacted Files Coverage Δ
cmd/skaffold/app/cmd/credits/export.go 0.00% <0.00%> (ø)
cmd/skaffold/app/cmd/deploy.go 50.00% <0.00%> (-3.85%) :arrow_down:
cmd/skaffold/app/cmd/test.go 44.44% <0.00%> (ø)
cmd/skaffold/skaffold.go 0.00% <0.00%> (ø)
cmd/skaffold/app/cmd/inspect_tests.go 62.50% <14.28%> (-1.14%) :arrow_down:
cmd/skaffold/app/cmd/render.go 35.48% <20.00%> (-5.90%) :arrow_down:
cmd/skaffold/app/cmd/lsp.go 28.12% <28.12%> (ø)
cmd/skaffold/app/cmd/run.go 64.28% <33.33%> (-9.63%) :arrow_down:
cmd/skaffold/app/cmd/fix.go 55.93% <38.88%> (-20.54%) :arrow_down:
cmd/skaffold/app/cmd/verify.go 41.17% <41.17%> (ø)
... and 320 more

:mega: Codecov can now indicate which changes are the most critical in Pull Requests. Learn more

codecov[bot] avatar Jul 26 '22 19:07 codecov[bot]

@yurchenkosv friendly ping

tejal29 avatar Aug 03 '22 16:08 tejal29

@tejal29 sorry, it seems that I missed notification about your answer (

Can you instead make a change to add the pullSecretName to Kaniko Pod spec created

Ok, I'll try to make this changes )

yurchenkosv avatar Aug 16 '22 12:08 yurchenkosv

@yurchenkosv friendly ping!

tejal29 avatar Sep 12 '22 18:09 tejal29

@yurchenkosv friendly ping here. I think you may need to rebase this PR as well now as it seems go.sum, has a conflict now

aaron-prindle avatar Nov 22 '22 23:11 aaron-prindle

Closing due to inactivity > 90 days. Feel free to re-open or resubmit this change, thanks!

aaron-prindle avatar Nov 28 '22 22:11 aaron-prindle