Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support for credential provider plugin #1383

Open
wants to merge 3 commits into
base: master
Choose a base branch
from
Open

Add support for credential provider plugin #1383

wants to merge 3 commits into from
+271 −62

Conversation

Kuromesi
Copy link
Contributor

Ⅰ. Describe what this PR does

Add support for credential provider plugins, by using this, Kruise can dynamically retrieve credentials for a container image registry using plugins, e.g. using STS tokens to pull image from ECR repositories. You could write your own credential provider plugins or use plugins provided by cloud providers.

This works the same way as Kubelet does, refer to Configure a kubelet image credential provider for more information.

Ⅱ. Does this pull request fix one issue?

fixes #866

Ⅲ. Describe how to verify it

Ⅳ. Special notes for reviews

@kruise-bot
Copy link

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign zmberg for approval by writing /assign @zmberg in a comment. For more information see:The Kubernetes Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@codecov-commenter
Copy link

codecov-commenter commented Aug 23, 2023
edited by codecov bot

Codecov Report

Attention: Patch coverage is 0% with 48 lines in your changes are missing coverage. Please review.

Project coverage is 49.00%. Comparing base (0d0031a) to head (e814ebb).
Report is 36 commits behind head on master.

Files Patch % Lines
pkg/daemon/criruntime/imageruntime/cri.go 0.00% 18 Missing ⚠️
pkg/daemon/criruntime/imageruntime/docker.go 0.00% 15 Missing ⚠️
pkg/daemon/criruntime/imageruntime/pouch.go 0.00% 15 Missing ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##           master    #1383      +/-   ##
==========================================
+ Coverage   47.91%   49.00%   +1.08%     
==========================================
  Files         162      180      +18     
  Lines       23491    18800    -4691     
==========================================
- Hits        11256     9213    -2043     
+ Misses      11014     8375    -2639     
+ Partials     1221     1212       -9
Flag Coverage Δ
unittests 49.00% <0.00%> (+1.08%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@ls-2018
Copy link
Member

ls-2018 commented Aug 23, 2023
edited

I think it would be nice to add some more content.
For example

  • the config/manager/manager.yaml about pluginConfigFile assignment
  • Parameters in helm template

@Kuromesi
Copy link
Contributor Author

I think it would be nice to add some more content. For example

  • the config/manager/manager.yaml about pluginConfigFile assignment
  • Parameters in helm template

Thanks, I'll think about these suggestions.

@stale Stale
Copy link

stale bot commented Dec 19, 2023

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

@stale stale bot added the wontfix This will not be worked on label Dec 19, 2023
@furykerry furykerry removed the wontfix This will not be worked on label Dec 19, 2023
@stale Stale
Copy link

stale bot commented Mar 19, 2024

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

@stale stale bot added the wontfix This will not be worked on label Mar 19, 2024
@stale stale bot closed this Mar 31, 2024
@zmberg zmberg reopened this Apr 1, 2024
@stale stale bot removed the wontfix This will not be worked on label Apr 1, 2024
@kruise-bot kruise-bot added size/M size/M: 30-99 and removed size/XXL labels May 15, 2024
@Kuromesi
add support for credential provider plugin
d326724 
Signed-off-by: Kuromesi <blackfacepan@163.com>
@kruise-bot kruise-bot added size/L size/L: 100-499 and removed size/M size/M: 30-99 labels May 18, 2024
@Kuromesi
add ut for credential provider
06a14f1 
Signed-off-by: Kuromesi <blackfacepan@163.com>
@Kuromesi
check keyring every time
e814ebb 
Signed-off-by: Kuromesi <blackfacepan@163.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Fei-Guo Fei-Guo Awaiting requested review from Fei-Guo

@furykerry furykerry Awaiting requested review from furykerry

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
size/L size/L: 100-499
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

ImagePullJob Support ECR (STS tokens) Repositories
6 participants
@Kuromesi @kruise-bot @codecov-commenter @ls-2018 @furykerry @zmberg