diff options
author | Zuul <zuul@review.opendev.org> | 2020-04-10 01:24:50 +0000 |
---|---|---|
committer | Gerrit Code Review <review@openstack.org> | 2020-04-10 01:24:50 +0000 |
commit | a8ce0dbe4bf34973b12780d1583893ca2279c845 (patch) | |
tree | 8a1465d74ea520e29e1fd5ae44e308599cfa9555 /doc | |
parent | 67d2e0a961180dd4a5982787dd7d929f718dd497 (diff) | |
parent | a5aa272dfe976cf18b13a408c30762ac91248325 (diff) | |
download | zuul-a8ce0dbe4bf34973b12780d1583893ca2279c845.tar.gz |
Merge "kubernetes-operator: add job volume to the spec"
Diffstat (limited to 'doc')
-rw-r--r-- | doc/source/reference/developer/specs/kubernetes-operator.rst | 40 |
1 files changed, 40 insertions, 0 deletions
diff --git a/doc/source/reference/developer/specs/kubernetes-operator.rst b/doc/source/reference/developer/specs/kubernetes-operator.rst index b49f4e0f6..a68bcc1c1 100644 --- a/doc/source/reference/developer/specs/kubernetes-operator.rst +++ b/doc/source/reference/developer/specs/kubernetes-operator.rst @@ -343,6 +343,46 @@ pods that need them. keyfile: secretName: mqttSecrets +Executor job volume +------------------- + +To manage the executor job volumes, the CR also accepts a list of volumes +to be bind mounted in the job bubblewrap contexts: + +:: + + name: Text + context: <trusted | untrusted> + access: <ro | rw> + path: /path + volume: Kubernetes.Volume + + +For example, to expose a GCP authdaemon token, the Zuul CR can be defined as + +:: + + apiVersion: zuul-ci.org/v1alpha1 + kind: Zuul + spec: + ... + job_volumes: + - context: trusted + access: ro + path: /authdaemon/token + volume: + name: gcp-auth + hostPath: + path: /var/authdaemon/executor + type: DirectoryOrCreate + +Which would result in a new executor mountpath along with this zuul.conf change: + +:: + + trusted_ro_paths=/authdaemon/token + + Logging ------- |