From 3981010dcb5e4dc82d2bb1073fd41ac1d14fa689 Mon Sep 17 00:00:00 2001 From: Miguel Caballer Date: Wed, 24 Jul 2024 10:17:45 +0200 Subject: [PATCH 1/5] Add allowed_image_prefix --- artifacts/oscar/oscar_install.yml | 2 ++ templates/oscar.yaml | 8 ++++++++ 2 files changed, 10 insertions(+) diff --git a/artifacts/oscar/oscar_install.yml b/artifacts/oscar/oscar_install.yml index 859f289..cbfa45d 100644 --- a/artifacts/oscar/oscar_install.yml +++ b/artifacts/oscar/oscar_install.yml @@ -36,3 +36,5 @@ master_deploy: true serverless_backend: "knative" minio_tls_verify: '{{ oscar_minio_tls_verify }}' + additional_config: + allowedImagePrefix: '{{ allowed_image_prefix }}' diff --git a/templates/oscar.yaml b/templates/oscar.yaml index 39928ea..abb2d06 100644 --- a/templates/oscar.yaml +++ b/templates/oscar.yaml @@ -38,6 +38,7 @@ metadata: tag_type: hidden - kube_nvidia_support - kube_install_yunikorn + - allowed_image_prefix childs: - oscar_elastic.yaml - oscar_function.yaml @@ -131,6 +132,12 @@ topology_template: type: string description: VO to support default: "" + allowed_image_prefix: + type: list + description: Allowed image prefix + entry_schema: + type: string + default: [] cluster_name: type: string description: Cluster Name @@ -166,6 +173,7 @@ topology_template: oidc_subject: { get_input: user_id } oidc_groups: [{ get_input: selected_vo }] yunikorn_enable: { get_input: kube_install_yunikorn } + allowed_image_prefix: { get_input: allowed_image_prefix } capabilities: endpoint: properties: From 64c3aebfe8de82db6f095d8349f5a012e9266f74 Mon Sep 17 00:00:00 2001 From: Miguel Caballer Date: Wed, 24 Jul 2024 10:25:49 +0200 Subject: [PATCH 2/5] Add allowed_image_prefix --- artifacts/oscar/oscar_install.yml | 2 +- custom_types.yaml | 7 +++++++ templates/oscar.yaml | 6 +++--- 3 files changed, 11 insertions(+), 4 deletions(-) diff --git a/artifacts/oscar/oscar_install.yml b/artifacts/oscar/oscar_install.yml index cbfa45d..1559a7a 100644 --- a/artifacts/oscar/oscar_install.yml +++ b/artifacts/oscar/oscar_install.yml @@ -37,4 +37,4 @@ serverless_backend: "knative" minio_tls_verify: '{{ oscar_minio_tls_verify }}' additional_config: - allowedImagePrefix: '{{ allowed_image_prefix }}' + allowedImagePrefix: '{{ allowed_image_prefixes }}' diff --git a/custom_types.yaml b/custom_types.yaml index f8c9eff..bc70f71 100644 --- a/custom_types.yaml +++ b/custom_types.yaml @@ -1184,6 +1184,13 @@ node_types: description: OpenID group list to grant access in the cluster. required: false default: [] + allowed_image_prefixes: + type: list + entry_schema: + type: string + description: List of allowed image prefixes + required: false + default: [] artifacts: minio_role: file: grycap.kubeminio diff --git a/templates/oscar.yaml b/templates/oscar.yaml index abb2d06..539e4f5 100644 --- a/templates/oscar.yaml +++ b/templates/oscar.yaml @@ -38,7 +38,7 @@ metadata: tag_type: hidden - kube_nvidia_support - kube_install_yunikorn - - allowed_image_prefix + - allowed_image_prefixes childs: - oscar_elastic.yaml - oscar_function.yaml @@ -132,7 +132,7 @@ topology_template: type: string description: VO to support default: "" - allowed_image_prefix: + allowed_image_prefixes: type: list description: Allowed image prefix entry_schema: @@ -173,7 +173,7 @@ topology_template: oidc_subject: { get_input: user_id } oidc_groups: [{ get_input: selected_vo }] yunikorn_enable: { get_input: kube_install_yunikorn } - allowed_image_prefix: { get_input: allowed_image_prefix } + allowed_image_prefixes: { get_input: allowed_image_prefixes } capabilities: endpoint: properties: From c4fe8ff019420971e5053271cbbc36b2885be791 Mon Sep 17 00:00:00 2001 From: Miguel Caballer Date: Wed, 24 Jul 2024 10:27:20 +0200 Subject: [PATCH 3/5] Add allowed_image_prefix --- templates/oscar.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/oscar.yaml b/templates/oscar.yaml index 539e4f5..fa4ecf4 100644 --- a/templates/oscar.yaml +++ b/templates/oscar.yaml @@ -1,7 +1,7 @@ tosca_definitions_version: tosca_simple_yaml_1_0 imports: - - grycap_custom_types: https://raw.githubusercontent.com/grycap/tosca/main/custom_types.yaml + - grycap_custom_types: https://raw.githubusercontent.com/grycap/tosca/oscar_images/custom_types.yaml description: Deploy an OSCAR Virtual Cluster. From 4a9bf77f475957e44b772fdc12d2cad896b42035 Mon Sep 17 00:00:00 2001 From: Miguel Caballer Date: Wed, 24 Jul 2024 10:48:00 +0200 Subject: [PATCH 4/5] Add allowed_image_prefix --- custom_types.yaml | 2 +- templates/oscar.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/custom_types.yaml b/custom_types.yaml index bc70f71..cb99d6a 100644 --- a/custom_types.yaml +++ b/custom_types.yaml @@ -1210,7 +1210,7 @@ node_types: interfaces: Standard: configure: - implementation: https://raw.githubusercontent.com/grycap/tosca/main/artifacts/oscar/oscar_install.yml + implementation: https://raw.githubusercontent.com/grycap/tosca/oscar_images/artifacts/oscar/oscar_install.yml inputs: oscar_minio_secretkey: { get_property: [ SELF, minio_secretkey ] } oscar_password: { get_property: [ SELF, password ] } diff --git a/templates/oscar.yaml b/templates/oscar.yaml index fa4ecf4..ebcbf10 100644 --- a/templates/oscar.yaml +++ b/templates/oscar.yaml @@ -7,7 +7,7 @@ description: Deploy an OSCAR Virtual Cluster. metadata: template_name: OSCAR - template_version: "1.1.0" + template_version: "1.2.0" display_name: Deploy an OSCAR Virtual Cluster icon: images/oscar.png order: 2 From 90a1da21fc35e99e265663212a066cbcb45af2e5 Mon Sep 17 00:00:00 2001 From: Miguel Caballer Fernandez Date: Thu, 25 Jul 2024 08:24:46 +0200 Subject: [PATCH 5/5] Add missing allowed_image_prefixes input --- custom_types.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/custom_types.yaml b/custom_types.yaml index cb99d6a..5bdcfb3 100644 --- a/custom_types.yaml +++ b/custom_types.yaml @@ -1222,6 +1222,7 @@ node_types: oidc_subject: { get_property: [ SELF, oidc_subject ] } oidc_groups: { get_property: [ SELF, oidc_groups ] } yunikorn_enable: { get_property: [ SELF, yunikorn_enable ] } + allowed_image_prefixes: { get_property: [ SELF, allowed_image_prefixes ] } requirements: - host: capability: tosca.capabilities.Container