Merge pull request #175 from grycap/oscar_images

Add allowed_image_prefix
grycap · Jul 26, 2024 · 90a2893 · 90a2893
2 parents 3482ae0 + 90a1da2
commit 90a2893
Show file tree

Hide file tree

Showing 3 changed files with 21 additions and 3 deletions.
diff --git a/artifacts/oscar/oscar_install.yml b/artifacts/oscar/oscar_install.yml
@@ -36,3 +36,5 @@
       master_deploy: true
       serverless_backend: "knative"
       minio_tls_verify: '{{ oscar_minio_tls_verify }}'
+      additional_config:
+        allowedImagePrefix: '{{ allowed_image_prefixes }}'
diff --git a/custom_types.yaml b/custom_types.yaml
@@ -1184,6 +1184,13 @@ node_types:
         description: OpenID group list to grant access in the cluster.
         required: false
         default: []
+      allowed_image_prefixes:
+        type: list
+        entry_schema:
+          type: string
+        description: List of allowed image prefixes
+        required: false
+        default: []
     artifacts:
       minio_role:
         file: grycap.kubeminio
@@ -1203,7 +1210,7 @@ node_types:
     interfaces:
       Standard:
         configure:
-          implementation: https://raw.githubusercontent.com/grycap/tosca/main/artifacts/oscar/oscar_install.yml
+          implementation: https://raw.githubusercontent.com/grycap/tosca/oscar_images/artifacts/oscar/oscar_install.yml
           inputs:
             oscar_minio_secretkey: { get_property: [ SELF, minio_secretkey ] }
             oscar_password: { get_property: [ SELF, password ] }
@@ -1215,6 +1222,7 @@ node_types:
             oidc_subject: { get_property: [ SELF, oidc_subject ] }
             oidc_groups: { get_property: [ SELF, oidc_groups ] }
             yunikorn_enable:  { get_property: [ SELF, yunikorn_enable ] }
+            allowed_image_prefixes: { get_property: [ SELF, allowed_image_prefixes ] }
     requirements:
       - host:
           capability: tosca.capabilities.Container

diff --git a/templates/oscar.yaml b/templates/oscar.yaml
@@ -1,13 +1,13 @@
 tosca_definitions_version: tosca_simple_yaml_1_0
 
 imports:
-  - grycap_custom_types: https://raw.githubusercontent.com/grycap/tosca/main/custom_types.yaml
+  - grycap_custom_types: https://raw.githubusercontent.com/grycap/tosca/oscar_images/custom_types.yaml
 
 description: Deploy an OSCAR Virtual Cluster.
 
 metadata:
   template_name: OSCAR
-  template_version: "1.1.0"
+  template_version: "1.2.0"
   display_name: Deploy an OSCAR Virtual Cluster
   icon: images/oscar.png
   order: 2
@@ -38,6 +38,7 @@ metadata:
           tag_type: hidden
       - kube_nvidia_support
       - kube_install_yunikorn
+      - allowed_image_prefixes
   childs:
     - oscar_elastic.yaml
     - oscar_function.yaml
@@ -131,6 +132,12 @@ topology_template:
       type: string
       description: VO to support
       default: ""
+    allowed_image_prefixes:
+      type: list
+      description: Allowed image prefix
+      entry_schema:
+        type: string
+      default: []
     cluster_name:
       type: string
       description: Cluster Name
@@ -166,6 +173,7 @@ topology_template:
         oidc_subject: { get_input: user_id }
         oidc_groups: [{ get_input: selected_vo }]
         yunikorn_enable: { get_input: kube_install_yunikorn }
+        allowed_image_prefixes: { get_input: allowed_image_prefixes }
       capabilities:
         endpoint:
           properties: