feat(helm-toolkit): add support for image pull secrets
At the moment it is very difficult to pull images from a private registry that hasn't been configured on Kubernetes nodes as there is no way to specify imagePullSecrets on pods. This change introduces a snippet that can return a set of image pull secrets using either a default or a per pod value. It also adds this new snippet to the manifests for standard job types. Change-Id: I710e1feffdf837627b80bc14320751f743e048cb
This commit is contained in:
parent
336766d262
commit
9d7baa9aa8
@ -15,7 +15,7 @@ apiVersion: v1
|
||||
appVersion: v1.0.0
|
||||
description: OpenStack-Helm Helm-Toolkit
|
||||
name: helm-toolkit
|
||||
version: 0.2.29
|
||||
version: 0.2.30
|
||||
home: https://docs.openstack.org/openstack-helm
|
||||
icon: https://www.openstack.org/themes/openstack/images/project-mascots/OpenStack-Helm/OpenStack_Project_OpenStackHelm_vertical.png
|
||||
sources:
|
||||
|
@ -70,6 +70,7 @@ spec:
|
||||
spec:
|
||||
serviceAccountName: {{ $serviceAccountName }}
|
||||
restartPolicy: OnFailure
|
||||
{{ tuple $envAll "bootstrap" | include "helm-toolkit.snippets.kubernetes_image_pull_secrets" | indent 6 }}
|
||||
nodeSelector:
|
||||
{{ toYaml $nodeSelector | indent 8 }}
|
||||
initContainers:
|
||||
|
@ -71,6 +71,7 @@ spec:
|
||||
spec:
|
||||
serviceAccountName: {{ $serviceAccountName }}
|
||||
restartPolicy: OnFailure
|
||||
{{ tuple $envAll "db_drop" | include "helm-toolkit.snippets.kubernetes_image_pull_secrets" | indent 6 }}
|
||||
nodeSelector:
|
||||
{{ toYaml $nodeSelector | indent 8 }}
|
||||
initContainers:
|
||||
|
@ -71,6 +71,7 @@ spec:
|
||||
spec:
|
||||
serviceAccountName: {{ $serviceAccountName }}
|
||||
restartPolicy: OnFailure
|
||||
{{ tuple $envAll "db_init" | include "helm-toolkit.snippets.kubernetes_image_pull_secrets" | indent 6 }}
|
||||
nodeSelector:
|
||||
{{ toYaml $nodeSelector | indent 8 }}
|
||||
initContainers:
|
||||
|
@ -68,6 +68,7 @@ spec:
|
||||
spec:
|
||||
serviceAccountName: {{ $serviceAccountName }}
|
||||
restartPolicy: OnFailure
|
||||
{{ tuple $envAll "db_sync" | include "helm-toolkit.snippets.kubernetes_image_pull_secrets" | indent 6 }}
|
||||
nodeSelector:
|
||||
{{ toYaml $nodeSelector | indent 8 }}
|
||||
initContainers:
|
||||
|
@ -71,6 +71,7 @@ spec:
|
||||
spec:
|
||||
serviceAccountName: {{ $serviceAccountName }}
|
||||
restartPolicy: {{ $restartPolicy }}
|
||||
{{ tuple $envAll "ks_endpoints" | include "helm-toolkit.snippets.kubernetes_image_pull_secrets" | indent 6 }}
|
||||
nodeSelector:
|
||||
{{ toYaml $nodeSelector | indent 8 }}
|
||||
initContainers:
|
||||
|
@ -71,6 +71,7 @@ spec:
|
||||
spec:
|
||||
serviceAccountName: {{ $serviceAccountName }}
|
||||
restartPolicy: {{ $restartPolicy }}
|
||||
{{ tuple $envAll "ks_service" | include "helm-toolkit.snippets.kubernetes_image_pull_secrets" | indent 6 }}
|
||||
nodeSelector:
|
||||
{{ toYaml $nodeSelector | indent 8 }}
|
||||
initContainers:
|
||||
|
@ -94,6 +94,7 @@ spec:
|
||||
serviceAccountName: {{ $serviceAccountName | quote }}
|
||||
{{ dict "envAll" $envAll "application" "ks_user" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
|
||||
restartPolicy: {{ $restartPolicy }}
|
||||
{{ tuple $envAll "ks_user" | include "helm-toolkit.snippets.kubernetes_image_pull_secrets" | indent 6 }}
|
||||
nodeSelector:
|
||||
{{ toYaml $nodeSelector | indent 8 }}
|
||||
initContainers:
|
||||
|
@ -61,6 +61,7 @@ spec:
|
||||
spec:
|
||||
serviceAccountName: {{ $serviceAccountName | quote }}
|
||||
restartPolicy: OnFailure
|
||||
{{ tuple $envAll "rabbit_init" | include "helm-toolkit.snippets.kubernetes_image_pull_secrets" | indent 6 }}
|
||||
nodeSelector:
|
||||
{{ toYaml $nodeSelector | indent 8 }}
|
||||
initContainers:
|
||||
|
@ -66,6 +66,7 @@ spec:
|
||||
spec:
|
||||
serviceAccountName: {{ $serviceAccountName | quote }}
|
||||
restartPolicy: OnFailure
|
||||
{{ tuple $envAll "s3_bucket" | include "helm-toolkit.snippets.kubernetes_image_pull_secrets" | indent 6 }}
|
||||
nodeSelector:
|
||||
{{ toYaml $nodeSelector | indent 8 }}
|
||||
initContainers:
|
||||
|
@ -64,6 +64,7 @@ spec:
|
||||
spec:
|
||||
serviceAccountName: {{ $serviceAccountName | quote }}
|
||||
restartPolicy: OnFailure
|
||||
{{ tuple $envAll "s3_user" | include "helm-toolkit.snippets.kubernetes_image_pull_secrets" | indent 6 }}
|
||||
nodeSelector:
|
||||
{{ toYaml $nodeSelector | indent 8 }}
|
||||
initContainers:
|
||||
|
@ -63,6 +63,7 @@ spec:
|
||||
spec:
|
||||
serviceAccountName: {{ $serviceAccountName }}
|
||||
restartPolicy: OnFailure
|
||||
{{ tuple $envAll "image_repo_sync" | include "helm-toolkit.snippets.kubernetes_image_pull_secrets" | indent 6 }}
|
||||
nodeSelector:
|
||||
{{ toYaml $nodeSelector | indent 8 }}
|
||||
initContainers:
|
||||
|
@ -0,0 +1,45 @@
|
||||
{{/*
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/}}
|
||||
|
||||
{{/*
|
||||
abstract: |
|
||||
Renders image pull secrets for a pod
|
||||
values: |
|
||||
pod:
|
||||
image_pull_secrets:
|
||||
default:
|
||||
- name: some-pull-secret
|
||||
bar:
|
||||
- name: another-pull-secret
|
||||
usage: |
|
||||
{{ tuple . "bar" | include "helm-toolkit.snippets.kubernetes_image_pull_secrets" }}
|
||||
return: |
|
||||
imagePullSecrets:
|
||||
- name: some-pull-secret
|
||||
- name: another-pull-secret
|
||||
*/}}
|
||||
|
||||
{{- define "helm-toolkit.snippets.kubernetes_image_pull_secrets" -}}
|
||||
{{- $envAll := index . 0 -}}
|
||||
{{- $application := index . 1 -}}
|
||||
{{- if ($envAll.Values.pod).image_pull_secrets }}
|
||||
imagePullSecrets:
|
||||
{{- if hasKey $envAll.Values.pod.image_pull_secrets $application }}
|
||||
{{ index $envAll.Values.pod "image_pull_secrets" $application | toYaml | indent 2 }}
|
||||
{{- end -}}
|
||||
{{- if hasKey $envAll.Values.pod.image_pull_secrets "default" }}
|
||||
{{ $envAll.Values.pod.image_pull_secrets.default | toYaml | indent 2 }}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
@ -36,4 +36,5 @@ helm-toolkit:
|
||||
- 0.2.27 Correct private key size input for Certificates and remove minor version support
|
||||
- 0.2.28 Set Security context to ks-user job at pod and container level
|
||||
- 0.2.29 Enhance mariadb backup
|
||||
- 0.2.30 Add ability to image pull secrets on pods
|
||||
...
|
||||
|
Loading…
Reference in New Issue
Block a user