search

zalando / zalenium

A flexible and scalable container based Selenium Grid with video recording, live preview, basic auth & dashboard.
https://opensource.zalando.com/zalenium/
Other
2.39k stars 574 forks source link

Impossible to provide docker login credentials secret for selenium image from private registry #1227

Closed justinasjaronis closed 3 years ago

justinasjaronis commented 3 years ago

To Reproduce

If we provide custom docker image in helm chart values:

hub: seleniumImageName: my.private.registry/selenium-modified:dev

However if it is private registry, creation of worker container will fail since it cannot login.

There is a "imagePullSecret" setting but it allows to adjust just zalenium main image registry credentials, not a worker.

Expected behavior

There should be another setting which sets docker image pull secret.

pearj commented 3 years ago

Development has stopped on Zalenium. But you can achieve what you're after by setting the pull secret on a service account as mentioned here: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#add-imagepullsecrets-to-a-service-account I'm fairly sure you'll want to use the default service account in your namespace. The zalenium container uses a different service account as it needs specific Kubernetes permissions, but the selenium worker nodes use the default service account.

There is code that copies the image pull secrets from the zalenium containers to the selenium worker nodes. So maybe that you want different secrets for zalenium and selenium nodes?

If that is true then my above solution should work, using service accounts to attach pull secrets instead of using the pull secrets support in helm.

https://github.com/zalando/zalenium/blob/master/src/main/java/de/zalando/ep/zalenium/container/kubernetes/KubernetesContainerClient.java#L200-L205