Implement registries for Kubernetes backend (#4092)

According to [the documentation](https://woodpecker-ci.org/docs/administration/backends/kubernetes#images-from-private-registries), per-organization and per-pipeline registries are currently unsupported for the Kubernetes backend. This patch implements this missing functionality by creating and deleting a matching secret for each pod with a matched registry, using the same name, labels, and annotations as the pod, and appending it to its `imagePullSecrets` list. This patch adds tests for the new functionality, and has been manually end-to-end-tested in KinD by using a private image hosted in the matching gitea instance. This will require updating the matching helm charts to add the create/delete permissions to the agent role, which **is already done**. close #2987
2025-11-23 21:44:44 +02:00 · 2024-09-29 18:03:05 -06:00
parent ecb59ce1c4
commit b52b021acb
8 changed files with 215 additions and 13 deletions
--- a/pipeline/backend/kubernetes/pod_test.go
+++ b/pipeline/backend/kubernetes/pod_test.go
@@ -264,6 +264,9 @@ func TestFullPod(t *testing.T) {
 				},
 				{
 					"name": "another-pull-secret"
+				},
+				{
+					"name": "wp-01he8bebctabr3kgk0qj36d2me-0"
 				}
 			],
 			"tolerations": [
@@ -317,6 +320,7 @@ func TestFullPod(t *testing.T) {
 		},
 	}
 	pod, err := mkPod(&types.Step{
+		UUID:        "01he8bebctabr3kgk0qj36d2me-0",
 		Name:        "go-test",
 		Image:       "meltwater/drone-cache",
 		WorkingDir:  "/woodpecker/src",
@@ -328,6 +332,10 @@ func TestFullPod(t *testing.T) {
 		Environment: map[string]string{"CGO": "0"},
 		ExtraHosts:  hostAliases,
 		Ports:       ports,
+		AuthConfig: types.Auth{
+			Username: "foo",
+			Password: "bar",
+		},
 	}, &config{
 		Namespace:                   "woodpecker",
 		ImagePullSecretNames:        []string{"regcred", "another-pull-secret"},