Add image-pull-secret option #54
Conversation
|
Hey @clbx! Thanks for the PR. I'm back from Christmas vacations today so will try to get to this during the week. |
|
Hey @clbx! Sorry for not getting back to you earlier. I had a quick look and I think it looks good. I'm just wondering if you can elaborate (maybe here and/or in the docs) on why this would preferable over e.g. configuring automatic secrets with the service account. More fine-grained permissions? |
|
Honestly, I didn't know that assigning a pull secret to a service account was a feature. Using a Service Account covers our use case, but I think there could be use cases for having it independent of service accounts as it's a relatively common design pattern to specify image pull secrets without defining them in a service account. |
lib/job.jsonnet
Outdated
| @@ -44,6 +45,7 @@ function(jobName, agentEnv={}, stepEnvFile='', patchFunc=identity) patchFunc({ | |||
| BUILDKITE_PLUGIN_K8S_WORKDIR: std.join('/', [env.BUILDKITE_BUILD_PATH, buildSubPath]), | |||
| BUILDKITE_PLUGIN_K8S_JOB_TTL_SECONDS_AFTER_FINISHED: '86400', | |||
| BUILDKITE_PLUGIN_K8S_JOB_BACKOFF_LIMIT: '0', | |||
| BUILDKITE_BUILD_CREATOR_TEAMS: '', | |||
There was a problem hiding this comment.
This seems unrelated! I guess this is related to #59?
There was a problem hiding this comment.
Yes. If you’re not part of a team, the plugins crashes. If I remember correctly teams are a paid feature, so this fixes the plug-in for anyone on the free tier.
There was a problem hiding this comment.
Right! Just for cleanliness; can you remove it from this PR? I've fixed this another way while debugging a bunch of other crashes in #60, and I'd like to keep each PR clean :-)
Added
image-pull-secretoption to specify an image pull secret for a job that uses an image in a private registry.