feat(helm-toolkit): add support for image pull secrets

At the moment it is very difficult to pull images from a private
registry that hasn't been configured on Kubernetes nodes as there
is no way to specify imagePullSecrets on pods.

This change introduces a snippet that can return a set of image
pull secrets using either a default or a per pod value. It also
adds this new snippet to the manifests for standard job types.

Change-Id: I710e1feffdf837627b80bc14320751f743e048cb
This commit is contained in:
Marlin Cremers 2021-12-20 22:41:36 +01:00
parent 336766d262
commit 9d7baa9aa8
14 changed files with 58 additions and 1 deletions

View File

@ -15,7 +15,7 @@ apiVersion: v1
appVersion: v1.0.0
description: OpenStack-Helm Helm-Toolkit
name: helm-toolkit
version: 0.2.29
version: 0.2.30
home: https://docs.openstack.org/openstack-helm
icon: https://www.openstack.org/themes/openstack/images/project-mascots/OpenStack-Helm/OpenStack_Project_OpenStackHelm_vertical.png
sources:

View File

@ -70,6 +70,7 @@ spec:
spec:
serviceAccountName: {{ $serviceAccountName }}
restartPolicy: OnFailure
{{ tuple $envAll "bootstrap" | include "helm-toolkit.snippets.kubernetes_image_pull_secrets" | indent 6 }}
nodeSelector:
{{ toYaml $nodeSelector | indent 8 }}
initContainers:

View File

@ -71,6 +71,7 @@ spec:
spec:
serviceAccountName: {{ $serviceAccountName }}
restartPolicy: OnFailure
{{ tuple $envAll "db_drop" | include "helm-toolkit.snippets.kubernetes_image_pull_secrets" | indent 6 }}
nodeSelector:
{{ toYaml $nodeSelector | indent 8 }}
initContainers:

View File

@ -71,6 +71,7 @@ spec:
spec:
serviceAccountName: {{ $serviceAccountName }}
restartPolicy: OnFailure
{{ tuple $envAll "db_init" | include "helm-toolkit.snippets.kubernetes_image_pull_secrets" | indent 6 }}
nodeSelector:
{{ toYaml $nodeSelector | indent 8 }}
initContainers:

View File

@ -68,6 +68,7 @@ spec:
spec:
serviceAccountName: {{ $serviceAccountName }}
restartPolicy: OnFailure
{{ tuple $envAll "db_sync" | include "helm-toolkit.snippets.kubernetes_image_pull_secrets" | indent 6 }}
nodeSelector:
{{ toYaml $nodeSelector | indent 8 }}
initContainers:

View File

@ -71,6 +71,7 @@ spec:
spec:
serviceAccountName: {{ $serviceAccountName }}
restartPolicy: {{ $restartPolicy }}
{{ tuple $envAll "ks_endpoints" | include "helm-toolkit.snippets.kubernetes_image_pull_secrets" | indent 6 }}
nodeSelector:
{{ toYaml $nodeSelector | indent 8 }}
initContainers:

View File

@ -71,6 +71,7 @@ spec:
spec:
serviceAccountName: {{ $serviceAccountName }}
restartPolicy: {{ $restartPolicy }}
{{ tuple $envAll "ks_service" | include "helm-toolkit.snippets.kubernetes_image_pull_secrets" | indent 6 }}
nodeSelector:
{{ toYaml $nodeSelector | indent 8 }}
initContainers:

View File

@ -94,6 +94,7 @@ spec:
serviceAccountName: {{ $serviceAccountName | quote }}
{{ dict "envAll" $envAll "application" "ks_user" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
restartPolicy: {{ $restartPolicy }}
{{ tuple $envAll "ks_user" | include "helm-toolkit.snippets.kubernetes_image_pull_secrets" | indent 6 }}
nodeSelector:
{{ toYaml $nodeSelector | indent 8 }}
initContainers:

View File

@ -61,6 +61,7 @@ spec:
spec:
serviceAccountName: {{ $serviceAccountName | quote }}
restartPolicy: OnFailure
{{ tuple $envAll "rabbit_init" | include "helm-toolkit.snippets.kubernetes_image_pull_secrets" | indent 6 }}
nodeSelector:
{{ toYaml $nodeSelector | indent 8 }}
initContainers:

View File

@ -66,6 +66,7 @@ spec:
spec:
serviceAccountName: {{ $serviceAccountName | quote }}
restartPolicy: OnFailure
{{ tuple $envAll "s3_bucket" | include "helm-toolkit.snippets.kubernetes_image_pull_secrets" | indent 6 }}
nodeSelector:
{{ toYaml $nodeSelector | indent 8 }}
initContainers:

View File

@ -64,6 +64,7 @@ spec:
spec:
serviceAccountName: {{ $serviceAccountName | quote }}
restartPolicy: OnFailure
{{ tuple $envAll "s3_user" | include "helm-toolkit.snippets.kubernetes_image_pull_secrets" | indent 6 }}
nodeSelector:
{{ toYaml $nodeSelector | indent 8 }}
initContainers:

View File

@ -63,6 +63,7 @@ spec:
spec:
serviceAccountName: {{ $serviceAccountName }}
restartPolicy: OnFailure
{{ tuple $envAll "image_repo_sync" | include "helm-toolkit.snippets.kubernetes_image_pull_secrets" | indent 6 }}
nodeSelector:
{{ toYaml $nodeSelector | indent 8 }}
initContainers:

View File

@ -0,0 +1,45 @@
{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{/*
abstract: |
Renders image pull secrets for a pod
values: |
pod:
image_pull_secrets:
default:
- name: some-pull-secret
bar:
- name: another-pull-secret
usage: |
{{ tuple . "bar" | include "helm-toolkit.snippets.kubernetes_image_pull_secrets" }}
return: |
imagePullSecrets:
- name: some-pull-secret
- name: another-pull-secret
*/}}
{{- define "helm-toolkit.snippets.kubernetes_image_pull_secrets" -}}
{{- $envAll := index . 0 -}}
{{- $application := index . 1 -}}
{{- if ($envAll.Values.pod).image_pull_secrets }}
imagePullSecrets:
{{- if hasKey $envAll.Values.pod.image_pull_secrets $application }}
{{ index $envAll.Values.pod "image_pull_secrets" $application | toYaml | indent 2 }}
{{- end -}}
{{- if hasKey $envAll.Values.pod.image_pull_secrets "default" }}
{{ $envAll.Values.pod.image_pull_secrets.default | toYaml | indent 2 }}
{{- end -}}
{{- end -}}
{{- end -}}

View File

@ -36,4 +36,5 @@ helm-toolkit:
- 0.2.27 Correct private key size input for Certificates and remove minor version support
- 0.2.28 Set Security context to ks-user job at pod and container level
- 0.2.29 Enhance mariadb backup
- 0.2.30 Add ability to image pull secrets on pods
...