Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Kubernetes backend references non-existing pull secret: regcred #2987

Closed
5 tasks done
hcsaustrup opened this issue Dec 21, 2023 · 4 comments · Fixed by #4092
Closed
5 tasks done

Kubernetes backend references non-existing pull secret: regcred #2987

hcsaustrup opened this issue Dec 21, 2023 · 4 comments · Fixed by #4092
Labels
backend/kubernetes enhancement improve existing features

Comments

@hcsaustrup
Copy link

Component

agent

Describe the bug

Repository has registry secret for myregistry.tld
Step in workflow references myregistry.tld/path/my-plugin:latest
Agent creates build pod, but references non-existing pull-secret "regcred":

apiVersion: v1
kind: Pod
#...
spec:
  containers:
  - #...
    image: myregistry.tld/path/my-plugin:latest
    imagePullPolicy: Always
    name: wp-...
  #...
  imagePullSecrets:
  - name: regcred

System Info

docker.io/woodpeckerci/woodpecker-server:next (sha256:391eb21a843bf7e38bb4bfd5a529452e31733d90a494c6d3e783f8f1ac3630b3)
docker.io/woodpeckerci/woodpecker-agent:next (sha256:60a04e5b59bbec66bf5a61fc15fcbd8f4b44693602893d10e6f74270f21d2915)
kubernetes 1.28.2

Additional context

No response

Validations

  • Read the Contributing Guidelines.
  • Read the docs.
  • Check that there isn't already an issue that reports the same bug to avoid creating a duplicate.
  • Checked that the bug isn't fixed in the next version already [https://woodpecker-ci.org/faq#which-version-of-woodpecker-should-i-use]
  • Check that this is a concrete bug. For Q&A join our Discord Chat Server or the Matrix room.
@hcsaustrup hcsaustrup added the bug Something isn't working label Dec 21, 2023
@zc-devs
Copy link
Contributor

zc-devs commented Dec 22, 2023

regcred it's hardcoded. What is name of your "registry secret for myregistry.tld"?

#1897

@hcsaustrup
Copy link
Author

The registry secret is the full hostname of the registry, in this example myregistry.tld.

Why would the pullsecret name be hardcoded if you can maintain a list of registries for each repository? I might be misunderstanding this, but I'd expect each repository to have their own pullsecret containing all listed registries, which would be made available to the pod running the workflow.

(Obviously there is a bit of a security flaw with images being cached on the host, but that's a whole different can of worms unrelated to this)

@zc-devs zc-devs mentioned this issue Dec 25, 2023
Merged
@qwerty287
Copy link
Contributor

Isn't this fixed by #3016?

@zc-devs zc-devs mentioned this issue Jan 5, 2024
Closed
@zc-devs
Copy link
Contributor

zc-devs commented Jan 5, 2024

Repository has registry secret

I think @hcsaustrup meant this functionality. Draft is in #3122.

#3016 is kind of a workaround, it is deployment-wide (at least namespace-wide behind Agent). While it may work well for individual, it won't suit SaaS (like Codeberg) as well as enterprises, I think.

@zc-devs zc-devs mentioned this issue Mar 7, 2024
Merged
@zc-devs zc-devs mentioned this issue Sep 7, 2024
Merged
@qwerty287 qwerty287 added enhancement improve existing features backend/kubernetes and removed bug Something isn't working labels Sep 7, 2024
@6543 6543 closed this as completed in b52b021 Sep 30, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
backend/kubernetes enhancement improve existing features
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Implement registries for Kubernetes backend meln5674/woodpecker
3 participants
@hcsaustrup @qwerty287 @zc-devs