kubernetes: pass image pull secrets

* Adds the configured image pull secrets to the Kubernetes job specification, enabling private image usage in REANA (closes #230).
reanahub · Feb 28, 2020 · ad7d17b · ad7d17b
1 parent ca7c6f4
commit ad7d17b
Show file tree

Hide file tree

Showing 2 changed files with 14 additions and 0 deletions.
diff --git a/reana_job_controller/config.py b/reana_job_controller/config.py
@@ -89,3 +89,6 @@
 """Kerberos configMap name. Must be the same as in
 reana_cluster/backends/kubernetes/templates/configmaps/kerberos.yaml.
 """
+
+IMAGE_PULL_SECRETS = os.getenv('IMAGE_PULL_SECRETS', '').split(',')
+"""Docker image pull secrets which allow the usage of private images."""
diff --git a/reana_job_controller/kubernetes_job_manager.py b/reana_job_controller/kubernetes_job_manager.py
@@ -144,6 +144,7 @@ def execute(self):
         self.add_hostpath_volumes()
         self.add_shared_volume()
         self.add_eos_volume()
+        self.add_image_pull_secrets()
 
         if self.cvmfs_mounts != 'false':
             cvmfs_map = {}
@@ -225,6 +226,16 @@ def add_eos_volume(self):
                 K8S_CERN_EOS_MOUNT_CONFIGURATION['volumeMounts'],
                 K8S_CERN_EOS_MOUNT_CONFIGURATION['volume'])])
 
+    def add_image_pull_secrets(self):
+        """Attach to the container the configured image pull secrets."""
+        image_pull_secrets = []
+        for secret_name in current_app.config['IMAGE_PULL_SECRETS']:
+            if secret_name:
+                image_pull_secrets.append({'name': secret_name})
+
+        self.job['spec']['template']['spec']['imagePullSecrets'] = \
+            image_pull_secrets
+
     def add_hostpath_volumes(self):
         """Add hostPath mounts from configuration to job."""
         volumes_to_mount = []