From 0da1d9c4270a3bf2e93cee388acfe276a5f888e5 Mon Sep 17 00:00:00 2001 From: Davin Chia Date: Wed, 10 Jul 2024 21:28:46 -0400 Subject: [PATCH] fix: add image pull secret to authenticate to docker. (#13070) We had an incident today where we realised the orchestrator does not use docker secrets to pull images. This led to us being rate limited on pulls, causing issues in the EU cluster. Use the image pull secret so we appear as authenticated and have a higher rate limit. This is a hot fix. We are currently using the discover secret. we should follow up and plumb the correct configs in. --- .../src/main/kotlin/pods/factories/OrchestratorPodFactory.kt | 3 +++ 1 file changed, 3 insertions(+) diff --git a/airbyte-workload-launcher/src/main/kotlin/pods/factories/OrchestratorPodFactory.kt b/airbyte-workload-launcher/src/main/kotlin/pods/factories/OrchestratorPodFactory.kt index a7cd526bdef..1220814facf 100644 --- a/airbyte-workload-launcher/src/main/kotlin/pods/factories/OrchestratorPodFactory.kt +++ b/airbyte-workload-launcher/src/main/kotlin/pods/factories/OrchestratorPodFactory.kt @@ -12,6 +12,7 @@ import io.fabric8.kubernetes.api.model.CapabilitiesBuilder import io.fabric8.kubernetes.api.model.ContainerBuilder import io.fabric8.kubernetes.api.model.ContainerPort import io.fabric8.kubernetes.api.model.EnvVar +import io.fabric8.kubernetes.api.model.LocalObjectReference import io.fabric8.kubernetes.api.model.Pod import io.fabric8.kubernetes.api.model.PodBuilder import io.fabric8.kubernetes.api.model.PodSecurityContext @@ -33,6 +34,7 @@ class OrchestratorPodFactory( private val orchestratorEnvSingleton: OrchestratorEnvSingleton, @Value("\${airbyte.worker.job.kube.serviceAccount}") private val serviceAccount: String?, @Named("orchestratorContainerPorts") private val containerPorts: List, + @Named("discoverImagePullSecrets") private val imagePullSecrets: List, private val volumeFactory: VolumeFactory, private val initContainerFactory: InitContainerFactory, ) { @@ -100,6 +102,7 @@ class OrchestratorPodFactory( .withRestartPolicy("Never") .withContainers(mainContainer) .withInitContainers(initContainer) + .withImagePullSecrets(imagePullSecrets) .withVolumes(volumes) .withNodeSelector(nodeSelectors) .withSecurityContext(podSecurityContext())