diff --git a/README.md b/README.md index a97890d..a75a5d7 100644 --- a/README.md +++ b/README.md @@ -79,6 +79,11 @@ Whether to always pull the latest image before running the command. Sets [imageP Default: `false` +### ``image-pull-secret`` (optional, string) + +The name of the secret that holds the credentials for a remote container registry. + + ### `command` (optional, array) Sets the command for the container. Useful if the container image has an entrypoint, but requires extra arguments. diff --git a/lib/job.jsonnet b/lib/job.jsonnet index 56c90c2..bfb6404 100644 --- a/lib/job.jsonnet +++ b/lib/job.jsonnet @@ -30,6 +30,7 @@ function(jobName, agentEnv={}, stepEnvFile='', patchFunc=identity) patchFunc({ BUILDKITE_PLUGIN_K8S_AGENT_TOKEN_SECRET_KEY: 'buildkite-agent-token', BUILDKITE_PLUGIN_K8S_INIT_IMAGE: 'embarkstudios/k8s-buildkite-agent@sha256:3c010d09915f3b39c2f8324af5f0aaf910a643e7d63607ee8d49653931b8b167', BUILDKITE_PLUGIN_K8S_ALWAYS_PULL: false, + BUILDKITE_PLUGIN_K8S_IMAGE_PULL_SECRET: '', BUILDKITE_PLUGIN_K8S_BUILD_PATH_HOST_PATH: '', BUILDKITE_PLUGIN_K8S_BUILD_PATH_PVC: '', BUILDKITE_PLUGIN_K8S_GIT_MIRRORS_HOST_PATH: '', @@ -273,6 +274,12 @@ function(jobName, agentEnv={}, stepEnvFile='', patchFunc=identity) patchFunc({ local deadline = std.parseInt(env.BUILDKITE_TIMEOUT) * 60, + local imagePullSecrets = + if env.BUILDKITE_PLUGIN_K8S_IMAGE_PULL_SECRET == '' then [] + else [ + {name: env.BUILDKITE_PLUGIN_K8S_IMAGE_PULL_SECRET}, + ], + apiVersion: 'batch/v1', kind: 'Job', metadata: { @@ -297,6 +304,8 @@ function(jobName, agentEnv={}, stepEnvFile='', patchFunc=identity) patchFunc({ restartPolicy: 'Never', serviceAccountName: env.BUILDKITE_PLUGIN_K8S_SERVICE_ACCOUNT_NAME, initContainers: initContainers, + imagePullSecrets: imagePullSecrets, + containers: [ { name: 'step', diff --git a/plugin.yml b/plugin.yml index a07c82f..5159fda 100644 --- a/plugin.yml +++ b/plugin.yml @@ -9,6 +9,8 @@ configuration: properties: image: type: string + image-pull-secret: + type: string always-pull: type: boolean command: