| -@gerrit:opendev.org- Damian Fajfer proposed: [zuul/zuul-operator] 919808: Fix schema for env variables https://review.opendev.org/c/zuul/zuul-operator/+/919808 | 09:50 | |
| @dfajfer:fsfe.org | tristanC: I thought about writing to you privately but maybe it'll give some people some insight - how to approach this problem regarding zuul-operator - I'm behind as an enterprise and I need to pull images through proxy that I need to authenticate to (it's actually pulling images from the internet and caches it for me to pull). For this I can write a simple sed that rewrites the urls so it's not much of a problem. The real problem is that there's no support for `imagePullSecrets`. If I added this to operator would this be accepted? What's the best pattern to go with here? | 13:38 |
|---|---|---|
| @dfajfer:fsfe.org | i've tested it and i changed the templates and added a key to `operator.py` | 13:39 |
| @jim:acmegating.com | Damian Fajfer: https://opendev.org/zuul/zuul-operator/src/branch/master/doc/source/index.rst says that imagepullsecrets is supported | 13:42 |
| @dfajfer:fsfe.org | ... wow ok I literally just spend few hours to write what you did 3 years ago, sorry I have two versions opened and I referenced the old one I got on my hands instead of upstream one | 13:45 |
| @dfajfer:fsfe.org | thanks, I feel like a dork now:p | 13:46 |
| @dfajfer:fsfe.org | looks good, I'll rebuild it and check thrice this time around | 13:47 |
| @dfajfer:fsfe.org | and no need for sed since `imagePrefix` exists (and I actually used it just forgot about it in cert-manager) | 13:49 |
| @dfajfer:fsfe.org | ok so I'll change the question a little bit. Looks like Zuul components are ready to go this way, the problem is that the externals (percona, cert-manager) don't support prefixes and the secrets (although they are commented). I understand that the CRs were taken from their upstream but would it be ok if we parametrized them accordingly so the experience is seamless? If someone is as barricaded as I am they will need to set prefixes and secrets only to realize that they need to fork the template anyway so it's a bit counterproductive | 13:59 |
| @dfajfer:fsfe.org | is fork it & forget about it the expected approach from the user or am I free to approaching this? | 14:08 |
| @dfajfer:fsfe.org | * is fork it & forget about it the expected approach from the user or am I free to try to fix this? | 14:08 |
| @jim:acmegating.com | supporting secrets/prefix for the deps sounds reasonable to me (we'd need to see the details). i think the main blocker right now is, as tristan pointed out, that the ci config for the operator is broken so we can't test/merge changes. | 14:10 |
| @dfajfer:fsfe.org | I'm not too worried about it, if it's going to be seen by a human sometime in the future then it's worth working on | 14:11 |
| @jim:acmegating.com | yes, it is possible that the blockage gets unstuck and things get moving again, once someone resolves that :) | 14:12 |
| @sylvass:albinvass.se | is it possible to write to the inventory file in a trusted context? https://zuul-ci.org/docs/zuul/latest/job-content.html#var-zuul.executor.inventory_file | 16:06 |
| I want to avoid an `add_host` task in the run playbook if it's possible to somehow do that in pre-run | ||
| @tristanc_:matrix.org | Albin Vass: not yet, but here is a plan for that: https://review.opendev.org/c/zuul/zuul/+/906433 | 16:16 |
| @sylvass:albinvass.se | tristanC oh nice! | 16:20 |
| @sylvass:albinvass.se | corvus: I'll take a look at that later in case you want another eye on the logic (regarding your comment about security) | 16:22 |
| @sylvass:albinvass.se | or it's in my taskwarrior backlog at least :) | 16:22 |
| @jim:acmegating.com | Albin Vass: tristanC i've suspended work on that because it's not clear to me we can make it secure (short version: i think it could cause a lot of mischief for trusted post-run playbooks). the original use case that led me down that path was related to containers, and i was able to accomplish what was necessary in that case by the recent addition of support in nodepool for specifying multi-container pods. | 16:52 |
| @clarkb:matrix.org | fwiw opendev uses add host and it works pretty well. You just have to remember to do it in each playbook which is a little annoying but not the end of the world | 16:53 |
| @sylvass:albinvass.se | Clark: yeah my current plant is to just tell users to run a role first thing that happens | 17:03 |
| @sylvass:albinvass.se | * Clark: yeah my current plan is to just tell users to run a role first thing that happens | 17:19 |
| -@gerrit:opendev.org- James E. Blair https://matrix.to/#/@jim:acmegating.com proposed: | 22:37 | |
| - [zuul/zuul] 919903: Perform fewer gerrit queries for changes submitted-together https://review.opendev.org/c/zuul/zuul/+/919903 | ||
| - [zuul/zuul] 919904: Allow early configuration of fake gerrit in tests https://review.opendev.org/c/zuul/zuul/+/919904 | ||
| - [zuul/zuul] 919905: Stop using submitted-together for submitWholeTopic https://review.opendev.org/c/zuul/zuul/+/919905 | ||
| - [zuul/zuul] 919906: Expand the query cache scope to encompass multiple events https://review.opendev.org/c/zuul/zuul/+/919906 | ||
| - [zuul/zuul] 919907: Make the query cache continuous https://review.opendev.org/c/zuul/zuul/+/919907 | ||
Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!