Add support for pulling the image secret #88
Conversation
|
This change is |
| @@ -0,0 +1,59 @@ | |||
| # Copyright 2018 Google LLC | |||
There was a problem hiding this comment.
# Copyright 2020 kubeflow.org
| 'metadata': {'name': 'secrets'} | ||
| } | ||
| service_template['imagePullSecrets'] = [] | ||
| image_pull_secrets = [] |
There was a problem hiding this comment.
should no need this line, same as service_template
There was a problem hiding this comment.
If I remove image_pull_secrets = [], can't directly use image_pull_secrets to do the append, it complains variable not defined. I removed service_template.
| dsl.get_pipeline_conf()\ | ||
| .set_image_pull_secrets([k8s_client.V1ObjectReference(name="secretA")]) | ||
|
|
||
| if __name__ == '__main__': |
There was a problem hiding this comment.
Remove kfp.compiler, use TektonCompiler instead
| @@ -0,0 +1,58 @@ | |||
| apiVersion: tekton.dev/v1beta1 | |||
|
Thanks @kevinyu98 , please address the comments. |
|
/lgtm /assign @animeshsingh |
|
/hold |
|
@kevinyu98 , seems you didn't add testing in compiler_tests.py, please add it there. Thanks. |
|
/lgtm cancel /unhold |
| } | ||
| image_pull_secrets = [] | ||
| for image_pull_secret in pipeline_conf.image_pull_secrets: | ||
| image_pull_secrets.append(convert_k8s_obj_to_json(image_pull_secret)) |
There was a problem hiding this comment.
It looks like image_pull_secrets is not being used for service_template, maybe you can remove this line.
kevinyu98
force-pushed
the
kfp-tekton-pull-secrets
branch
from
6c15eb2 to
42bfac9
Compare
|
/lgtm |
|
sure. |
| service_template = { | ||
| 'apiVersion': 'v1', | ||
| 'kind': 'ServiceAccount', | ||
| 'metadata': {'name': 'secrets'} |
There was a problem hiding this comment.
Actually can we make the generated service account to be based on the pipelinerun name?
|
/lgtm cancel |
|
@kevinyu98 you also need to update your test yaml. |
|
@Tomcli done. |
|
/lgtm |
|
/approve |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: animeshsingh The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
Add/Enable Customizable Sample Pipeline to APIServer
Which issue is resolved by this Pull Request:
Related #54
Description of your changes:
We need image pull secret so that we can pull images from private repo. kfp-tekton compiler will generated Tekton pipeline based on the kubeflow pipeline DSL, if the DSL contains image secret, the compiler will generate a service account, and store the secret under the service account. A better approach will be adding the image pull secret into a podtemplate, but currently Tekton doesn't have this support. We opened an issue 2339 there.
Environment tested:
python --version):Python 3.7.4
tkn version):Client version: 0.8.0
Pipeline version: v0.11.0-rc2
kubectl version):Openshift Client Version: v4.3.1
Kubernetes Version: v1.16.2
/etc/os-release):macOS Mojave 10.14.6