feat: add pull secret for windows images

Remove secret for pulling windows images and replace it with global pull policy. This change is done, because datavolume has to use node pull method and for this method secret is not working Signed-off-by: Karel Simon <[email protected]>
kubevirt · Aug 24, 2023 · 8a4b4b3 · 8a4b4b3
1 parent 19da631
commit 8a4b4b3
Show file tree

Hide file tree

Showing 4 changed files with 22 additions and 29 deletions.
diff --git a/automation/e2e-tekton/example-pipelines-test.sh b/automation/e2e-tekton/example-pipelines-test.sh
@@ -4,8 +4,27 @@ cp -L $KUBECONFIG /tmp/kubeconfig && export KUBECONFIG=/tmp/kubeconfig
 export IMG=${CI_OPERATOR_IMG}
 export VALIDATOR_IMG=${CI_VALIDATOR_IMG}
 
+# SECRET
+namespace="kubevirt"
+if [[ $TARGET =~ windows10.* ]]; then
+  namespace="kubevirt-os-images"
+  oc create namespace ${namespace}
+fi
+
+key="/tmp/secrets/accessKeyId"
+token="/tmp/secrets/secretKey"
+if test -f "$key" && test -f "$token"; then
+  id=$(cat $key | tr -d '\n')
+  token=$(cat $token | tr -d '\n')
+
+  oc get secret/pull-secret -n openshift-config --template='{{index .data ".dockerconfigjson" | base64decode}}' > secrets.json
+  oc registry login --registry="quay.io/openshift-cnv/ci-common-templates-images" --auth-basic="$id:$token" --to=secrets.json
+  oc set data secret/pull-secret -n openshift-config --from-file=.dockerconfigjson=secrets.json
+fi
+
 ./hack/set-crio-permissions-command.sh
 
+
 # switch to faster storage class for example pipelines tests (slower storage class is causing timeouts due 
 # to not able to copy whole windows disk)
 if ! oc get storageclass | grep -q 'ssd-csi (default)' > /dev/null; then
@@ -28,32 +47,6 @@ for node in $(oc get nodes -o name -l node-role.kubernetes.io/worker); do
   oc label ${node} ${tscLabel}- --overwrite
 done
 
-# SECRET
-accessKeyId="/tmp/secrets/accessKeyId"
-secretKey="/tmp/secrets/secretKey"
-namespace="kubevirt"
-if [[ $TARGET =~ windows10.* ]]; then
-  namespace="kubevirt-os-images"
-  oc create namespace ${namespace}
-fi
-
-if test -f "$accessKeyId" && test -f "$secretKey"; then
-  id=$(cat $accessKeyId | tr -d '\n' | base64)
-  token=$(cat $secretKey | tr -d '\n' | base64 | tr -d ' \n')
-
-  oc apply -n ${namespace} -f - <<EOF
-apiVersion: v1
-kind: Secret
-metadata:
-  name: tekton-operator-container-disk-puller
-  namespace: ${namespace}
-type: Opaque
-data:
-  accessKeyId: "${id}"
-  secretKey: "${token}"
-EOF
-fi
-
 function wait_until_exists() {
   timeout 10m bash <<- EOF
   until oc get $1; do

diff --git a/automation/e2e-tekton/test-files/windows10-dv.yaml b/automation/e2e-tekton/test-files/windows10-dv.yaml
@@ -8,7 +8,7 @@ spec:
   source:
       registry:
         url: 'docker://quay.io/openshift-cnv/containerdisks:Win10_21H2_English_x64'
-        secretRef: "tekton-operator-container-disk-puller" 
+        pullMethod: node
   storage:
     volumeMode: Filesystem
     accessModes:

diff --git a/automation/e2e-tekton/test-files/windows11-dv.yaml b/automation/e2e-tekton/test-files/windows11-dv.yaml
@@ -8,7 +8,7 @@ spec:
   source:
       registry:
         url: 'docker://quay.io/openshift-cnv/containerdisks:Win11_22H2_English_x64'
-        secretRef: "tekton-operator-container-disk-puller" 
+        pullMethod: node
   storage:
     volumeMode: Filesystem
     accessModes:

diff --git a/automation/e2e-tekton/test-files/windows2k22-dv.yaml b/automation/e2e-tekton/test-files/windows2k22-dv.yaml
@@ -8,7 +8,7 @@ spec:
   source:
       registry:
         url: 'docker://quay.io/openshift-cnv/containerdisks:Win2022_English_x64'
-        secretRef: "tekton-operator-container-disk-puller" 
+        pullMethod: node
   storage:
     volumeMode: Filesystem
     accessModes: