Plumb through ImagePullSecrets to agent pod
Right now in the YTT templates we assume that the agent pods are gonna use the same image as the main Pinniped deployment, so we can use the same logic for the image pull secrets. Signed-off-by: Andrew Keesler <akeesler@vmware.com>
This commit is contained in:
parent
9ed52e6b4a
commit
d853cbc7ff
@ -45,6 +45,10 @@ data:
|
|||||||
(@ else: @)
|
(@ else: @)
|
||||||
image: (@= data.values.image_repo + ":" + data.values.image_tag @)
|
image: (@= data.values.image_repo + ":" + data.values.image_tag @)
|
||||||
(@ end @)
|
(@ end @)
|
||||||
|
(@ if data.values.image_pull_dockerconfigjson: @)
|
||||||
|
imagePullSecrets:
|
||||||
|
- image-pull-secret
|
||||||
|
(@ end @)
|
||||||
---
|
---
|
||||||
#@ if data.values.image_pull_dockerconfigjson and data.values.image_pull_dockerconfigjson != "":
|
#@ if data.values.image_pull_dockerconfigjson and data.values.image_pull_dockerconfigjson != "":
|
||||||
apiVersion: v1
|
apiVersion: v1
|
||||||
|
@ -83,9 +83,10 @@ func TestCreaterControllerSync(t *testing.T) {
|
|||||||
// Set this at the last second to allow for injection of server override.
|
// Set this at the last second to allow for injection of server override.
|
||||||
subject = NewCreaterController(
|
subject = NewCreaterController(
|
||||||
&AgentPodConfig{
|
&AgentPodConfig{
|
||||||
Namespace: agentPodNamespace,
|
Namespace: agentPodNamespace,
|
||||||
ContainerImage: "some-agent-image",
|
ContainerImage: "some-agent-image",
|
||||||
PodNamePrefix: "some-agent-name-",
|
PodNamePrefix: "some-agent-name-",
|
||||||
|
ContainerImagePullSecrets: []string{"some-image-pull-secret"},
|
||||||
},
|
},
|
||||||
&CredentialIssuerConfigLocationConfig{
|
&CredentialIssuerConfigLocationConfig{
|
||||||
Namespace: credentialIssuerConfigNamespaceName,
|
Namespace: credentialIssuerConfigNamespaceName,
|
||||||
|
@ -63,6 +63,10 @@ type AgentPodConfig struct {
|
|||||||
|
|
||||||
// The name prefix for each of the agent pods.
|
// The name prefix for each of the agent pods.
|
||||||
PodNamePrefix string
|
PodNamePrefix string
|
||||||
|
|
||||||
|
// ContainerImagePullSecrets is a list of names of Kubernetes Secret objects that will be used as
|
||||||
|
// ImagePullSecrets on the kube-cert-agent pods.
|
||||||
|
ContainerImagePullSecrets []string
|
||||||
}
|
}
|
||||||
|
|
||||||
type CredentialIssuerConfigLocationConfig struct {
|
type CredentialIssuerConfigLocationConfig struct {
|
||||||
@ -81,6 +85,17 @@ func (c *AgentPodConfig) Labels() map[string]string {
|
|||||||
|
|
||||||
func (c *AgentPodConfig) PodTemplate() *corev1.Pod {
|
func (c *AgentPodConfig) PodTemplate() *corev1.Pod {
|
||||||
terminateImmediately := int64(0)
|
terminateImmediately := int64(0)
|
||||||
|
|
||||||
|
imagePullSecrets := []corev1.LocalObjectReference{}
|
||||||
|
for _, imagePullSecret := range c.ContainerImagePullSecrets {
|
||||||
|
imagePullSecrets = append(
|
||||||
|
imagePullSecrets,
|
||||||
|
corev1.LocalObjectReference{
|
||||||
|
Name: imagePullSecret,
|
||||||
|
},
|
||||||
|
)
|
||||||
|
}
|
||||||
|
|
||||||
pod := &corev1.Pod{
|
pod := &corev1.Pod{
|
||||||
ObjectMeta: metav1.ObjectMeta{
|
ObjectMeta: metav1.ObjectMeta{
|
||||||
Name: c.PodNamePrefix,
|
Name: c.PodNamePrefix,
|
||||||
@ -89,6 +104,7 @@ func (c *AgentPodConfig) PodTemplate() *corev1.Pod {
|
|||||||
},
|
},
|
||||||
Spec: corev1.PodSpec{
|
Spec: corev1.PodSpec{
|
||||||
TerminationGracePeriodSeconds: &terminateImmediately,
|
TerminationGracePeriodSeconds: &terminateImmediately,
|
||||||
|
ImagePullSecrets: imagePullSecrets,
|
||||||
Containers: []corev1.Container{
|
Containers: []corev1.Container{
|
||||||
{
|
{
|
||||||
Name: "sleeper",
|
Name: "sleeper",
|
||||||
|
@ -87,6 +87,11 @@ func exampleControllerManagerAndAgentPods(
|
|||||||
},
|
},
|
||||||
Spec: corev1.PodSpec{
|
Spec: corev1.PodSpec{
|
||||||
TerminationGracePeriodSeconds: &zero,
|
TerminationGracePeriodSeconds: &zero,
|
||||||
|
ImagePullSecrets: []corev1.LocalObjectReference{
|
||||||
|
{
|
||||||
|
Name: "some-image-pull-secret",
|
||||||
|
},
|
||||||
|
},
|
||||||
Containers: []corev1.Container{
|
Containers: []corev1.Container{
|
||||||
{
|
{
|
||||||
Name: "sleeper",
|
Name: "sleeper",
|
||||||
|
@ -92,9 +92,10 @@ func PrepareControllers(c *Config) (func(ctx context.Context), error) {
|
|||||||
|
|
||||||
// Configuration for the kubecertagent controllers created below.
|
// Configuration for the kubecertagent controllers created below.
|
||||||
agentPodConfig := &kubecertagent.AgentPodConfig{
|
agentPodConfig := &kubecertagent.AgentPodConfig{
|
||||||
Namespace: c.ServerInstallationNamespace,
|
Namespace: c.ServerInstallationNamespace,
|
||||||
ContainerImage: *c.KubeCertAgentConfig.Image,
|
ContainerImage: *c.KubeCertAgentConfig.Image,
|
||||||
PodNamePrefix: *c.KubeCertAgentConfig.NamePrefix,
|
PodNamePrefix: *c.KubeCertAgentConfig.NamePrefix,
|
||||||
|
ContainerImagePullSecrets: c.KubeCertAgentConfig.ImagePullSecrets,
|
||||||
}
|
}
|
||||||
credentialIssuerConfigLocationConfig := &kubecertagent.CredentialIssuerConfigLocationConfig{
|
credentialIssuerConfigLocationConfig := &kubecertagent.CredentialIssuerConfigLocationConfig{
|
||||||
Namespace: c.ServerInstallationNamespace,
|
Namespace: c.ServerInstallationNamespace,
|
||||||
|
@ -61,4 +61,8 @@ type KubeCertAgentSpec struct {
|
|||||||
// should contain at least 2 binaries: /bin/sleep and cat (somewhere on the $PATH). The default
|
// should contain at least 2 binaries: /bin/sleep and cat (somewhere on the $PATH). The default
|
||||||
// for this value is "debian:latest".
|
// for this value is "debian:latest".
|
||||||
Image *string `json:"image"`
|
Image *string `json:"image"`
|
||||||
|
|
||||||
|
// ImagePullSecrets is a list of names of Kubernetes Secret objects that will be used as
|
||||||
|
// ImagePullSecrets on the kube-cert-agent pods.
|
||||||
|
ImagePullSecrets []string
|
||||||
}
|
}
|
||||||
|
@ -39,6 +39,7 @@ func TestFromPath(t *testing.T) {
|
|||||||
KubeCertAgent:
|
KubeCertAgent:
|
||||||
namePrefix: kube-cert-agent-name-prefix-
|
namePrefix: kube-cert-agent-name-prefix-
|
||||||
image: kube-cert-agent-image
|
image: kube-cert-agent-image
|
||||||
|
imagePullSecrets: [kube-cert-agent-image-pull-secret]
|
||||||
`),
|
`),
|
||||||
wantConfig: &api.Config{
|
wantConfig: &api.Config{
|
||||||
DiscoveryInfo: api.DiscoveryInfoSpec{
|
DiscoveryInfo: api.DiscoveryInfoSpec{
|
||||||
@ -56,8 +57,9 @@ func TestFromPath(t *testing.T) {
|
|||||||
APIService: "pinniped-api",
|
APIService: "pinniped-api",
|
||||||
},
|
},
|
||||||
KubeCertAgentConfig: api.KubeCertAgentSpec{
|
KubeCertAgentConfig: api.KubeCertAgentSpec{
|
||||||
NamePrefix: stringPtr("kube-cert-agent-name-prefix-"),
|
NamePrefix: stringPtr("kube-cert-agent-name-prefix-"),
|
||||||
Image: stringPtr("kube-cert-agent-image"),
|
Image: stringPtr("kube-cert-agent-image"),
|
||||||
|
ImagePullSecrets: []string{"kube-cert-agent-image-pull-secret"},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
Loading…
Reference in New Issue
Block a user