Plumb through ImagePullSecrets to agent pod
Right now in the YTT templates we assume that the agent pods are gonna use the same image as the main Pinniped deployment, so we can use the same logic for the image pull secrets. Signed-off-by: Andrew Keesler <akeesler@vmware.com>
This commit is contained in:
parent
9ed52e6b4a
commit
d853cbc7ff
@ -45,6 +45,10 @@ data:
|
||||
(@ else: @)
|
||||
image: (@= data.values.image_repo + ":" + data.values.image_tag @)
|
||||
(@ end @)
|
||||
(@ if data.values.image_pull_dockerconfigjson: @)
|
||||
imagePullSecrets:
|
||||
- image-pull-secret
|
||||
(@ end @)
|
||||
---
|
||||
#@ if data.values.image_pull_dockerconfigjson and data.values.image_pull_dockerconfigjson != "":
|
||||
apiVersion: v1
|
||||
|
@ -86,6 +86,7 @@ func TestCreaterControllerSync(t *testing.T) {
|
||||
Namespace: agentPodNamespace,
|
||||
ContainerImage: "some-agent-image",
|
||||
PodNamePrefix: "some-agent-name-",
|
||||
ContainerImagePullSecrets: []string{"some-image-pull-secret"},
|
||||
},
|
||||
&CredentialIssuerConfigLocationConfig{
|
||||
Namespace: credentialIssuerConfigNamespaceName,
|
||||
|
@ -63,6 +63,10 @@ type AgentPodConfig struct {
|
||||
|
||||
// The name prefix for each of the agent pods.
|
||||
PodNamePrefix string
|
||||
|
||||
// ContainerImagePullSecrets is a list of names of Kubernetes Secret objects that will be used as
|
||||
// ImagePullSecrets on the kube-cert-agent pods.
|
||||
ContainerImagePullSecrets []string
|
||||
}
|
||||
|
||||
type CredentialIssuerConfigLocationConfig struct {
|
||||
@ -81,6 +85,17 @@ func (c *AgentPodConfig) Labels() map[string]string {
|
||||
|
||||
func (c *AgentPodConfig) PodTemplate() *corev1.Pod {
|
||||
terminateImmediately := int64(0)
|
||||
|
||||
imagePullSecrets := []corev1.LocalObjectReference{}
|
||||
for _, imagePullSecret := range c.ContainerImagePullSecrets {
|
||||
imagePullSecrets = append(
|
||||
imagePullSecrets,
|
||||
corev1.LocalObjectReference{
|
||||
Name: imagePullSecret,
|
||||
},
|
||||
)
|
||||
}
|
||||
|
||||
pod := &corev1.Pod{
|
||||
ObjectMeta: metav1.ObjectMeta{
|
||||
Name: c.PodNamePrefix,
|
||||
@ -89,6 +104,7 @@ func (c *AgentPodConfig) PodTemplate() *corev1.Pod {
|
||||
},
|
||||
Spec: corev1.PodSpec{
|
||||
TerminationGracePeriodSeconds: &terminateImmediately,
|
||||
ImagePullSecrets: imagePullSecrets,
|
||||
Containers: []corev1.Container{
|
||||
{
|
||||
Name: "sleeper",
|
||||
|
@ -87,6 +87,11 @@ func exampleControllerManagerAndAgentPods(
|
||||
},
|
||||
Spec: corev1.PodSpec{
|
||||
TerminationGracePeriodSeconds: &zero,
|
||||
ImagePullSecrets: []corev1.LocalObjectReference{
|
||||
{
|
||||
Name: "some-image-pull-secret",
|
||||
},
|
||||
},
|
||||
Containers: []corev1.Container{
|
||||
{
|
||||
Name: "sleeper",
|
||||
|
@ -95,6 +95,7 @@ func PrepareControllers(c *Config) (func(ctx context.Context), error) {
|
||||
Namespace: c.ServerInstallationNamespace,
|
||||
ContainerImage: *c.KubeCertAgentConfig.Image,
|
||||
PodNamePrefix: *c.KubeCertAgentConfig.NamePrefix,
|
||||
ContainerImagePullSecrets: c.KubeCertAgentConfig.ImagePullSecrets,
|
||||
}
|
||||
credentialIssuerConfigLocationConfig := &kubecertagent.CredentialIssuerConfigLocationConfig{
|
||||
Namespace: c.ServerInstallationNamespace,
|
||||
|
@ -61,4 +61,8 @@ type KubeCertAgentSpec struct {
|
||||
// should contain at least 2 binaries: /bin/sleep and cat (somewhere on the $PATH). The default
|
||||
// for this value is "debian:latest".
|
||||
Image *string `json:"image"`
|
||||
|
||||
// ImagePullSecrets is a list of names of Kubernetes Secret objects that will be used as
|
||||
// ImagePullSecrets on the kube-cert-agent pods.
|
||||
ImagePullSecrets []string
|
||||
}
|
||||
|
@ -39,6 +39,7 @@ func TestFromPath(t *testing.T) {
|
||||
KubeCertAgent:
|
||||
namePrefix: kube-cert-agent-name-prefix-
|
||||
image: kube-cert-agent-image
|
||||
imagePullSecrets: [kube-cert-agent-image-pull-secret]
|
||||
`),
|
||||
wantConfig: &api.Config{
|
||||
DiscoveryInfo: api.DiscoveryInfoSpec{
|
||||
@ -58,6 +59,7 @@ func TestFromPath(t *testing.T) {
|
||||
KubeCertAgentConfig: api.KubeCertAgentSpec{
|
||||
NamePrefix: stringPtr("kube-cert-agent-name-prefix-"),
|
||||
Image: stringPtr("kube-cert-agent-image"),
|
||||
ImagePullSecrets: []string{"kube-cert-agent-image-pull-secret"},
|
||||
},
|
||||
},
|
||||
},
|
||||
|
Loading…
Reference in New Issue
Block a user