Skip to content

Commit 9df96dc

Browse files
akhilermakhilerm
committed
support fetching containerd from non public GCS buckets
- add support to fetch and download containerd tarball from GCS buckets that require authentication. GCS_BUCKET_TOKEN should have read access to the bucket from which artifacts are to be fetched. The token is expected to be present in the instance metadata of the VM, similar to other node environment variables Signed-off-by: Akhil Mohan <[email protected]>
1 parent c469f67 commit 9df96dc

1 file changed

Lines changed: 11 additions & 2 deletions

File tree

contrib/gce/configure.sh

Lines changed: 11 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -104,6 +104,15 @@ if [ -f "${CONTAINERD_HOME}/${CONTAINERD_ENV_METADATA}" ]; then
104104
source "${CONTAINERD_HOME}/${CONTAINERD_ENV_METADATA}"
105105
fi
106106

107+
# GCS_BUCKET_TOKEN_METADATA is the metadata key for the GCS bucket token
108+
GCS_BUCKET_TOKEN_METADATA="GCS_BUCKET_TOKEN"
109+
# GCS_BUCKET_TOKEN should have read access to the bucket from which
110+
# containerd artifacts need to be downloaded
111+
GCS_BUCKET_TOKEN=$(fetch_metadata "${GCS_BUCKET_TOKEN_METADATA}")
112+
if [[ -n "${GCS_BUCKET_TOKEN}" ]]; then
113+
HEADERS=(-H "Authorization: Bearer ${GCS_BUCKET_TOKEN}")
114+
fi
115+
107116
# CONTAINERD_PKG_PREFIX is the prefix of the cri-containerd tarball name.
108117
# By default use the release tarball with cni built in.
109118
pkg_prefix=${CONTAINERD_PKG_PREFIX:-"cri-containerd-cni"}
@@ -133,7 +142,7 @@ else
133142
| jq -r .tag_name \
134143
| sed "s:v::g")
135144
else
136-
version=$(curl -f --ipv4 --retry 6 --retry-delay 3 --silent --show-error \
145+
version=$(curl -X GET "${HEADERS[@]}" -f --ipv4 --retry 6 --retry-delay 3 --silent --show-error \
137146
https://storage.googleapis.com/${deploy_path}/latest)
138147
fi
139148
fi
@@ -165,7 +174,7 @@ else
165174
echo "${TARBALL_GCS_NAME} is preloaded"
166175
else
167176
# Download and untar the release tar ball.
168-
curl -f --ipv4 -Lo "${TARBALL}" --connect-timeout 20 --max-time 300 --retry 6 --retry-delay 10 "${TARBALL_GCS_PATH}"
177+
curl -X GET "${HEADERS[@]}" -f --ipv4 -Lo "${TARBALL}" --connect-timeout 20 --max-time 300 --retry 6 --retry-delay 10 "${TARBALL_GCS_PATH}"
169178
tar xvf "${TARBALL}"
170179
rm -f "${TARBALL}"
171180
fi

0 commit comments

Comments
 (0)