From: Francisco Manuel Garcia Botella Date: Fri, 27 Sep 2024 15:30:25 +0000 (+0200) Subject: k8s: Get images from repositories with auth X-Git-Tag: Release-15.0.3~9 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b6283aa26cbc67b7e33cffffb8d8b0b526b69197;p=thirdparty%2Fbacula.git k8s: Get images from repositories with auth --- diff --git a/bacula/src/plugins/fd/kubernetes-backend/baculak8s/jobs/job_pod_bacula.py b/bacula/src/plugins/fd/kubernetes-backend/baculak8s/jobs/job_pod_bacula.py index 352dba5d9..7e9dd5156 100644 --- a/bacula/src/plugins/fd/kubernetes-backend/baculak8s/jobs/job_pod_bacula.py +++ b/bacula/src/plugins/fd/kubernetes-backend/baculak8s/jobs/job_pod_bacula.py @@ -95,6 +95,7 @@ class JobPodBacula(Job, metaclass=ABCMeta): self.tarexitcode = None self.backupimage = params.get('baculaimage', BACULABACKUPIMAGE) self.imagepullpolicy = ImagePullPolicy.process_param(params.get('imagepullpolicy')) + self.imagepullsecret = params.get('imagepullsecret', None) self.backup_clone_compatibility = True self.debug = params.get('debug', 0) self.current_backup_mode = BaculaBackupMode.Standard @@ -179,7 +180,7 @@ class JobPodBacula(Job, metaclass=ABCMeta): podyaml = prepare_backup_pod_yaml(mode=mode, nodename=node_name, host=self.pluginhost, port=self.pluginport, token=self.token, namespace=namespace, pvcname=pvcname, image=self.backupimage, - imagepullpolicy=self.imagepullpolicy, job=self.jobname) + imagepullpolicy=self.imagepullpolicy, imagepullsecret=self.imagepullsecret, job=self.jobname) if node_name is None: self._io.send_info(POD_YAML_PREPARED_INFO.format( image=self.backupimage, @@ -231,8 +232,8 @@ class JobPodBacula(Job, metaclass=ABCMeta): keyfile=self.keyfile, timeout=self.timeout) response = self.connsrv.listen() + logging.debug("response:{}".format(response)) if isinstance(response, dict) and 'error' in response: - logging.debug("RESPONSE:{}".format(response)) self._handle_error(CANNOT_START_CONNECTIONSERVER.format(parse_json_descr(response))) return False else: diff --git a/bacula/src/plugins/fd/kubernetes-backend/baculak8s/plugins/k8sbackend/baculabackup.py b/bacula/src/plugins/fd/kubernetes-backend/baculak8s/plugins/k8sbackend/baculabackup.py index 97b9d9d17..b52d21d18 100644 --- a/bacula/src/plugins/fd/kubernetes-backend/baculak8s/plugins/k8sbackend/baculabackup.py +++ b/bacula/src/plugins/fd/kubernetes-backend/baculak8s/plugins/k8sbackend/baculabackup.py @@ -41,7 +41,7 @@ metadata: app: baculabackup spec: hostname: {podname} - {nodenameparam} + {nodename} containers: - name: {podname} resources: @@ -67,6 +67,7 @@ spec: volumeMounts: - name: {podname}-storage mountPath: /{mode} + {imagepullsecrets} restartPolicy: Never volumes: - name: {podname}-storage @@ -112,14 +113,19 @@ def get_backup_pod_name(job): return BACULABACKUPPODNAME.format(job_name=job_name, job_id=job_id) def prepare_backup_pod_yaml(mode='backup', nodename=None, host='localhost', port=9104, token='', namespace='default', - pvcname='', image=BACULABACKUPIMAGE, imagepullpolicy=ImagePullPolicy.IfNotPresent, job=''): + pvcname='', image=BACULABACKUPIMAGE, imagepullpolicy=ImagePullPolicy.IfNotPresent, imagepullsecret=None, job=''): podyaml = PODTEMPLATE if os.path.exists(DEFAULTPODYAML): with open(DEFAULTPODYAML, 'r') as file: podyaml = file.read() - nodenameparam = '' + nodename_param = '' + imagepullsecrets_param = '' if nodename is not None: - nodenameparam = "nodeName: {nodename}".format(nodename=nodename) - logging.debug('host:{} port:{} namespace:{} image:{} job:{}'.format(host, port, namespace, image, job)) - return podyaml.format(mode=mode, nodenameparam=nodenameparam, host=host, port=port, token=token, namespace=namespace, - image=image, pvcname=pvcname, podname=get_backup_pod_name(job), imagepullpolicy=imagepullpolicy, job=job) + nodename_param = "nodeName: {nodename}".format(nodename=nodename) + if imagepullsecret is not None: + imagepullsecrets_param = "imagePullSecrets:\n - name: {imagepullsecret}".format(imagepullsecret=imagepullsecret) + logging.debug('host:{} port:{} namespace:{} image:{} imagepullsecret:{} job:{}'.format(host, port, namespace, image, imagepullsecret, job)) + + return podyaml.format(mode=mode, nodename=nodename_param, host=host, port=port, token=token, namespace=namespace, + image=image, pvcname=pvcname, podname=get_backup_pod_name(job), imagepullpolicy=imagepullpolicy, + imagepullsecrets=imagepullsecrets_param, job=job) diff --git a/bacula/src/plugins/fd/kubernetes-backend/baculak8s/plugins/k8sbackend/pvcdata.py b/bacula/src/plugins/fd/kubernetes-backend/baculak8s/plugins/k8sbackend/pvcdata.py index 315c981ed..301935f57 100644 --- a/bacula/src/plugins/fd/kubernetes-backend/baculak8s/plugins/k8sbackend/pvcdata.py +++ b/bacula/src/plugins/fd/kubernetes-backend/baculak8s/plugins/k8sbackend/pvcdata.py @@ -48,7 +48,7 @@ def pvcdata_list_update_node_names(corev1api, namespace, pvcdatalist): dict: updated pvc data list as dictionary """ # here we collect node_names for proper backup pod deployment - logging.debug('Init PVCDATALIST') + logging.debug('Init pvc nodes list') pods = pods_namespaced_specs(corev1api, namespace=namespace) # logging.debug('Get pods:{}'.format(pods)) for pod in pods: @@ -58,10 +58,9 @@ def pvcdata_list_update_node_names(corev1api, namespace, pvcdatalist): pvcname = vol.persistent_volume_claim.claim_name for pvcf in pvcdatalist: if pvcname == pvcdatalist[pvcf].get('name') and pvcdatalist[pvcf].get('node_name') is None: - logging.debug('[CUSTOM] Enter in pvcdatalist') logging.debug('Pvcf: {} -- Node_name: {}'.format(pvcf, pod.spec.node_name)) pvcdatalist[pvcf]['node_name'] = pod.spec.node_name - logging.debug('END PVCDATALIST') + logging.debug('End pvc nodes list') return pvcdatalist diff --git a/bacula/src/plugins/fd/kubernetes-fd.h b/bacula/src/plugins/fd/kubernetes-fd.h index 33f0cc2e4..ec3af67e6 100644 --- a/bacula/src/plugins/fd/kubernetes-fd.h +++ b/bacula/src/plugins/fd/kubernetes-fd.h @@ -84,6 +84,7 @@ const char * valid_params[] = "fdkeyfile", "baculaimage", "imagepullpolicy", + "imagepullsecret", "outputformat", "labels", NULL,