Skip to content

Support adding image-pull-secrets to workspaces

Safwan Ahmed requested to merge saf-add-image-pull-secrets-to-db into master

Issue: DB: Add fields to support private container reg... (#474988 - closed)

Backend: Set and use fields to support private ... (#474989 - closed)

Backend: Add fields to support private containe... (#477777 - closed)

What does this MR do and why?

This MR:

  • adds migrations to introduce image_pull_secrets to the workspace config along with appropriate validations.
  • configures the settings module to handle image_pull_secrets
  • saves image_pull_secrets from agent updates
  • forwards workspaces agent config associated image_pull_secrets in the case of a full reconciliation and empty array in the case of a partial reconciliation

We are introducing this field as part of our epic to support private container registry access for workspaces Provide support to use images from private cont... (gitlab-org#14664 - closed)

MR acceptance checklist

Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Screenshots or screen recordings

Screenshots are required for UI changes, and strongly recommended for all other merge requests.

Before After

How to set up and validate locally

  • Start GDK with workspaces setup
  • Create a workspace and access it. Observation: You can access the workspace
  • On the rails console, search for the agent config associated with the workspace you created (RemoteDevelopment::WorkspacesAgentConfig.all gives all configs). Observation: Accessing the field image_pull_secrets will provide you with an empty array
  • Update your workspace's agent config by adding the following image_pull_secret lines like so: 
    network_policy:
  .......
image_pull_secrets:
  - name: example-image-pull-secrets-a
    namespace: default
  - name: example-image-pull-secrets-b
    namespace: default
  • Observation update is successful (check rails console to see the update on image_pull_secret)
  • Trigger a full reconciliation ( you could do this by reducing the time here in settings) and access your workspace. Observation: You can access the workspace

Numbered steps to set up and validate the change are strongly suggested.

Edited by Safwan Ahmed

Merge request reports