feat(helm-toolkit): add support for image pull secrets
At the moment it is very difficult to pull images from a private registry that hasn't been configured on Kubernetes nodes as there is no way to specify imagePullSecrets on pods. This change introduces a snippet that can return a set of image pull secrets using either a default or a per pod value. It also adds this new snippet to the manifests for standard job types. Change-Id: I710e1feffdf837627b80bc14320751f743e048cb
This commit is contained in:
parent
336766d262
commit
9d7baa9aa8
@ -15,7 +15,7 @@ apiVersion: v1
|
|||||||
appVersion: v1.0.0
|
appVersion: v1.0.0
|
||||||
description: OpenStack-Helm Helm-Toolkit
|
description: OpenStack-Helm Helm-Toolkit
|
||||||
name: helm-toolkit
|
name: helm-toolkit
|
||||||
version: 0.2.29
|
version: 0.2.30
|
||||||
home: https://docs.openstack.org/openstack-helm
|
home: https://docs.openstack.org/openstack-helm
|
||||||
icon: https://www.openstack.org/themes/openstack/images/project-mascots/OpenStack-Helm/OpenStack_Project_OpenStackHelm_vertical.png
|
icon: https://www.openstack.org/themes/openstack/images/project-mascots/OpenStack-Helm/OpenStack_Project_OpenStackHelm_vertical.png
|
||||||
sources:
|
sources:
|
||||||
|
@ -70,6 +70,7 @@ spec:
|
|||||||
spec:
|
spec:
|
||||||
serviceAccountName: {{ $serviceAccountName }}
|
serviceAccountName: {{ $serviceAccountName }}
|
||||||
restartPolicy: OnFailure
|
restartPolicy: OnFailure
|
||||||
|
{{ tuple $envAll "bootstrap" | include "helm-toolkit.snippets.kubernetes_image_pull_secrets" | indent 6 }}
|
||||||
nodeSelector:
|
nodeSelector:
|
||||||
{{ toYaml $nodeSelector | indent 8 }}
|
{{ toYaml $nodeSelector | indent 8 }}
|
||||||
initContainers:
|
initContainers:
|
||||||
|
@ -71,6 +71,7 @@ spec:
|
|||||||
spec:
|
spec:
|
||||||
serviceAccountName: {{ $serviceAccountName }}
|
serviceAccountName: {{ $serviceAccountName }}
|
||||||
restartPolicy: OnFailure
|
restartPolicy: OnFailure
|
||||||
|
{{ tuple $envAll "db_drop" | include "helm-toolkit.snippets.kubernetes_image_pull_secrets" | indent 6 }}
|
||||||
nodeSelector:
|
nodeSelector:
|
||||||
{{ toYaml $nodeSelector | indent 8 }}
|
{{ toYaml $nodeSelector | indent 8 }}
|
||||||
initContainers:
|
initContainers:
|
||||||
|
@ -71,6 +71,7 @@ spec:
|
|||||||
spec:
|
spec:
|
||||||
serviceAccountName: {{ $serviceAccountName }}
|
serviceAccountName: {{ $serviceAccountName }}
|
||||||
restartPolicy: OnFailure
|
restartPolicy: OnFailure
|
||||||
|
{{ tuple $envAll "db_init" | include "helm-toolkit.snippets.kubernetes_image_pull_secrets" | indent 6 }}
|
||||||
nodeSelector:
|
nodeSelector:
|
||||||
{{ toYaml $nodeSelector | indent 8 }}
|
{{ toYaml $nodeSelector | indent 8 }}
|
||||||
initContainers:
|
initContainers:
|
||||||
|
@ -68,6 +68,7 @@ spec:
|
|||||||
spec:
|
spec:
|
||||||
serviceAccountName: {{ $serviceAccountName }}
|
serviceAccountName: {{ $serviceAccountName }}
|
||||||
restartPolicy: OnFailure
|
restartPolicy: OnFailure
|
||||||
|
{{ tuple $envAll "db_sync" | include "helm-toolkit.snippets.kubernetes_image_pull_secrets" | indent 6 }}
|
||||||
nodeSelector:
|
nodeSelector:
|
||||||
{{ toYaml $nodeSelector | indent 8 }}
|
{{ toYaml $nodeSelector | indent 8 }}
|
||||||
initContainers:
|
initContainers:
|
||||||
|
@ -71,6 +71,7 @@ spec:
|
|||||||
spec:
|
spec:
|
||||||
serviceAccountName: {{ $serviceAccountName }}
|
serviceAccountName: {{ $serviceAccountName }}
|
||||||
restartPolicy: {{ $restartPolicy }}
|
restartPolicy: {{ $restartPolicy }}
|
||||||
|
{{ tuple $envAll "ks_endpoints" | include "helm-toolkit.snippets.kubernetes_image_pull_secrets" | indent 6 }}
|
||||||
nodeSelector:
|
nodeSelector:
|
||||||
{{ toYaml $nodeSelector | indent 8 }}
|
{{ toYaml $nodeSelector | indent 8 }}
|
||||||
initContainers:
|
initContainers:
|
||||||
|
@ -71,6 +71,7 @@ spec:
|
|||||||
spec:
|
spec:
|
||||||
serviceAccountName: {{ $serviceAccountName }}
|
serviceAccountName: {{ $serviceAccountName }}
|
||||||
restartPolicy: {{ $restartPolicy }}
|
restartPolicy: {{ $restartPolicy }}
|
||||||
|
{{ tuple $envAll "ks_service" | include "helm-toolkit.snippets.kubernetes_image_pull_secrets" | indent 6 }}
|
||||||
nodeSelector:
|
nodeSelector:
|
||||||
{{ toYaml $nodeSelector | indent 8 }}
|
{{ toYaml $nodeSelector | indent 8 }}
|
||||||
initContainers:
|
initContainers:
|
||||||
|
@ -94,6 +94,7 @@ spec:
|
|||||||
serviceAccountName: {{ $serviceAccountName | quote }}
|
serviceAccountName: {{ $serviceAccountName | quote }}
|
||||||
{{ dict "envAll" $envAll "application" "ks_user" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
|
{{ dict "envAll" $envAll "application" "ks_user" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
|
||||||
restartPolicy: {{ $restartPolicy }}
|
restartPolicy: {{ $restartPolicy }}
|
||||||
|
{{ tuple $envAll "ks_user" | include "helm-toolkit.snippets.kubernetes_image_pull_secrets" | indent 6 }}
|
||||||
nodeSelector:
|
nodeSelector:
|
||||||
{{ toYaml $nodeSelector | indent 8 }}
|
{{ toYaml $nodeSelector | indent 8 }}
|
||||||
initContainers:
|
initContainers:
|
||||||
|
@ -61,6 +61,7 @@ spec:
|
|||||||
spec:
|
spec:
|
||||||
serviceAccountName: {{ $serviceAccountName | quote }}
|
serviceAccountName: {{ $serviceAccountName | quote }}
|
||||||
restartPolicy: OnFailure
|
restartPolicy: OnFailure
|
||||||
|
{{ tuple $envAll "rabbit_init" | include "helm-toolkit.snippets.kubernetes_image_pull_secrets" | indent 6 }}
|
||||||
nodeSelector:
|
nodeSelector:
|
||||||
{{ toYaml $nodeSelector | indent 8 }}
|
{{ toYaml $nodeSelector | indent 8 }}
|
||||||
initContainers:
|
initContainers:
|
||||||
|
@ -66,6 +66,7 @@ spec:
|
|||||||
spec:
|
spec:
|
||||||
serviceAccountName: {{ $serviceAccountName | quote }}
|
serviceAccountName: {{ $serviceAccountName | quote }}
|
||||||
restartPolicy: OnFailure
|
restartPolicy: OnFailure
|
||||||
|
{{ tuple $envAll "s3_bucket" | include "helm-toolkit.snippets.kubernetes_image_pull_secrets" | indent 6 }}
|
||||||
nodeSelector:
|
nodeSelector:
|
||||||
{{ toYaml $nodeSelector | indent 8 }}
|
{{ toYaml $nodeSelector | indent 8 }}
|
||||||
initContainers:
|
initContainers:
|
||||||
|
@ -64,6 +64,7 @@ spec:
|
|||||||
spec:
|
spec:
|
||||||
serviceAccountName: {{ $serviceAccountName | quote }}
|
serviceAccountName: {{ $serviceAccountName | quote }}
|
||||||
restartPolicy: OnFailure
|
restartPolicy: OnFailure
|
||||||
|
{{ tuple $envAll "s3_user" | include "helm-toolkit.snippets.kubernetes_image_pull_secrets" | indent 6 }}
|
||||||
nodeSelector:
|
nodeSelector:
|
||||||
{{ toYaml $nodeSelector | indent 8 }}
|
{{ toYaml $nodeSelector | indent 8 }}
|
||||||
initContainers:
|
initContainers:
|
||||||
|
@ -63,6 +63,7 @@ spec:
|
|||||||
spec:
|
spec:
|
||||||
serviceAccountName: {{ $serviceAccountName }}
|
serviceAccountName: {{ $serviceAccountName }}
|
||||||
restartPolicy: OnFailure
|
restartPolicy: OnFailure
|
||||||
|
{{ tuple $envAll "image_repo_sync" | include "helm-toolkit.snippets.kubernetes_image_pull_secrets" | indent 6 }}
|
||||||
nodeSelector:
|
nodeSelector:
|
||||||
{{ toYaml $nodeSelector | indent 8 }}
|
{{ toYaml $nodeSelector | indent 8 }}
|
||||||
initContainers:
|
initContainers:
|
||||||
|
@ -0,0 +1,45 @@
|
|||||||
|
{{/*
|
||||||
|
Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
you may not use this file except in compliance with the License.
|
||||||
|
You may obtain a copy of the License at
|
||||||
|
|
||||||
|
http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
|
||||||
|
Unless required by applicable law or agreed to in writing, software
|
||||||
|
distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
See the License for the specific language governing permissions and
|
||||||
|
limitations under the License.
|
||||||
|
*/}}
|
||||||
|
|
||||||
|
{{/*
|
||||||
|
abstract: |
|
||||||
|
Renders image pull secrets for a pod
|
||||||
|
values: |
|
||||||
|
pod:
|
||||||
|
image_pull_secrets:
|
||||||
|
default:
|
||||||
|
- name: some-pull-secret
|
||||||
|
bar:
|
||||||
|
- name: another-pull-secret
|
||||||
|
usage: |
|
||||||
|
{{ tuple . "bar" | include "helm-toolkit.snippets.kubernetes_image_pull_secrets" }}
|
||||||
|
return: |
|
||||||
|
imagePullSecrets:
|
||||||
|
- name: some-pull-secret
|
||||||
|
- name: another-pull-secret
|
||||||
|
*/}}
|
||||||
|
|
||||||
|
{{- define "helm-toolkit.snippets.kubernetes_image_pull_secrets" -}}
|
||||||
|
{{- $envAll := index . 0 -}}
|
||||||
|
{{- $application := index . 1 -}}
|
||||||
|
{{- if ($envAll.Values.pod).image_pull_secrets }}
|
||||||
|
imagePullSecrets:
|
||||||
|
{{- if hasKey $envAll.Values.pod.image_pull_secrets $application }}
|
||||||
|
{{ index $envAll.Values.pod "image_pull_secrets" $application | toYaml | indent 2 }}
|
||||||
|
{{- end -}}
|
||||||
|
{{- if hasKey $envAll.Values.pod.image_pull_secrets "default" }}
|
||||||
|
{{ $envAll.Values.pod.image_pull_secrets.default | toYaml | indent 2 }}
|
||||||
|
{{- end -}}
|
||||||
|
{{- end -}}
|
||||||
|
{{- end -}}
|
@ -36,4 +36,5 @@ helm-toolkit:
|
|||||||
- 0.2.27 Correct private key size input for Certificates and remove minor version support
|
- 0.2.27 Correct private key size input for Certificates and remove minor version support
|
||||||
- 0.2.28 Set Security context to ks-user job at pod and container level
|
- 0.2.28 Set Security context to ks-user job at pod and container level
|
||||||
- 0.2.29 Enhance mariadb backup
|
- 0.2.29 Enhance mariadb backup
|
||||||
|
- 0.2.30 Add ability to image pull secrets on pods
|
||||||
...
|
...
|
||||||
|
Loading…
Reference in New Issue
Block a user