Plumb through ImagePullSecrets to agent pod

Right now in the YTT templates we assume that the agent pods are gonna use
the same image as the main Pinniped deployment, so we can use the same logic
for the image pull secrets.

Signed-off-by: Andrew Keesler <akeesler@vmware.com>
This commit is contained in:
Andrew Keesler 2020-09-24 15:52:05 -04:00
parent 9ed52e6b4a
commit d853cbc7ff
No known key found for this signature in database
GPG Key ID: 27CE0444346F9413
7 changed files with 41 additions and 8 deletions

View File

@ -45,6 +45,10 @@ data:
(@ else: @)
image: (@= data.values.image_repo + ":" + data.values.image_tag @)
(@ end @)
(@ if data.values.image_pull_dockerconfigjson: @)
imagePullSecrets:
- image-pull-secret
(@ end @)
---
#@ if data.values.image_pull_dockerconfigjson and data.values.image_pull_dockerconfigjson != "":
apiVersion: v1

View File

@ -86,6 +86,7 @@ func TestCreaterControllerSync(t *testing.T) {
Namespace: agentPodNamespace,
ContainerImage: "some-agent-image",
PodNamePrefix: "some-agent-name-",
ContainerImagePullSecrets: []string{"some-image-pull-secret"},
},
&CredentialIssuerConfigLocationConfig{
Namespace: credentialIssuerConfigNamespaceName,

View File

@ -63,6 +63,10 @@ type AgentPodConfig struct {
// The name prefix for each of the agent pods.
PodNamePrefix string
// ContainerImagePullSecrets is a list of names of Kubernetes Secret objects that will be used as
// ImagePullSecrets on the kube-cert-agent pods.
ContainerImagePullSecrets []string
}
type CredentialIssuerConfigLocationConfig struct {
@ -81,6 +85,17 @@ func (c *AgentPodConfig) Labels() map[string]string {
func (c *AgentPodConfig) PodTemplate() *corev1.Pod {
terminateImmediately := int64(0)
imagePullSecrets := []corev1.LocalObjectReference{}
for _, imagePullSecret := range c.ContainerImagePullSecrets {
imagePullSecrets = append(
imagePullSecrets,
corev1.LocalObjectReference{
Name: imagePullSecret,
},
)
}
pod := &corev1.Pod{
ObjectMeta: metav1.ObjectMeta{
Name: c.PodNamePrefix,
@ -89,6 +104,7 @@ func (c *AgentPodConfig) PodTemplate() *corev1.Pod {
},
Spec: corev1.PodSpec{
TerminationGracePeriodSeconds: &terminateImmediately,
ImagePullSecrets: imagePullSecrets,
Containers: []corev1.Container{
{
Name: "sleeper",

View File

@ -87,6 +87,11 @@ func exampleControllerManagerAndAgentPods(
},
Spec: corev1.PodSpec{
TerminationGracePeriodSeconds: &zero,
ImagePullSecrets: []corev1.LocalObjectReference{
{
Name: "some-image-pull-secret",
},
},
Containers: []corev1.Container{
{
Name: "sleeper",

View File

@ -95,6 +95,7 @@ func PrepareControllers(c *Config) (func(ctx context.Context), error) {
Namespace: c.ServerInstallationNamespace,
ContainerImage: *c.KubeCertAgentConfig.Image,
PodNamePrefix: *c.KubeCertAgentConfig.NamePrefix,
ContainerImagePullSecrets: c.KubeCertAgentConfig.ImagePullSecrets,
}
credentialIssuerConfigLocationConfig := &kubecertagent.CredentialIssuerConfigLocationConfig{
Namespace: c.ServerInstallationNamespace,

View File

@ -61,4 +61,8 @@ type KubeCertAgentSpec struct {
// should contain at least 2 binaries: /bin/sleep and cat (somewhere on the $PATH). The default
// for this value is "debian:latest".
Image *string `json:"image"`
// ImagePullSecrets is a list of names of Kubernetes Secret objects that will be used as
// ImagePullSecrets on the kube-cert-agent pods.
ImagePullSecrets []string
}

View File

@ -39,6 +39,7 @@ func TestFromPath(t *testing.T) {
KubeCertAgent:
namePrefix: kube-cert-agent-name-prefix-
image: kube-cert-agent-image
imagePullSecrets: [kube-cert-agent-image-pull-secret]
`),
wantConfig: &api.Config{
DiscoveryInfo: api.DiscoveryInfoSpec{
@ -58,6 +59,7 @@ func TestFromPath(t *testing.T) {
KubeCertAgentConfig: api.KubeCertAgentSpec{
NamePrefix: stringPtr("kube-cert-agent-name-prefix-"),
Image: stringPtr("kube-cert-agent-image"),
ImagePullSecrets: []string{"kube-cert-agent-image-pull-secret"},
},
},
},