diff options
author | Andreas Geissler <andreas-geissler@telekom.de> | 2024-03-20 09:51:32 +0100 |
---|---|---|
committer | Andreas Geissler <andreas-geissler@telekom.de> | 2024-03-20 15:51:27 +0100 |
commit | bd0d31acc349a67c01de0595d152b8448b5311d1 (patch) | |
tree | 73ec72f08fa7f5b789b08573e2adc8a6b011214e /kubernetes/common | |
parent | 5fa1a05b3142c1f70757d5ce5b4519e574f6f5b2 (diff) |
[COMMON] Make imagePullSecrets configurable
Currently in ONAP the imagePullSecrets is hardcoded to
'onap-docker-registry-key' which is created by the
repository-wrapper component.
With this change the secrets can be configured via setting
global.imagePullSecrets and optionally per image if it is
configured as map (image.pullSecrets)
Issue-ID: OOM-3284
Change-Id: I8644f9b46043b6014219c42928e057b149df43a4
Signed-off-by: Andreas Geissler <andreas-geissler@telekom.de>
Diffstat (limited to 'kubernetes/common')
18 files changed, 186 insertions, 31 deletions
diff --git a/kubernetes/common/cassandra/templates/statefulset.yaml b/kubernetes/common/cassandra/templates/statefulset.yaml index 4815d14594..bb7027cab9 100644 --- a/kubernetes/common/cassandra/templates/statefulset.yaml +++ b/kubernetes/common/cassandra/templates/statefulset.yaml @@ -29,8 +29,7 @@ spec: metadata: {{- include "common.templateMetadata" . | nindent 6 }} spec: hostNetwork: {{ .Values.hostNetwork }} - imagePullSecrets: - - name: "{{ include "common.namespace" . }}-docker-registry-key" + {{- include "common.imagePullSecrets" . | nindent 6 }} containers: - name: {{ include "common.name" . }} image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.image }} diff --git a/kubernetes/common/common/Chart.yaml b/kubernetes/common/common/Chart.yaml index 129454681e..bb9e8a24fc 100644 --- a/kubernetes/common/common/Chart.yaml +++ b/kubernetes/common/common/Chart.yaml @@ -16,4 +16,4 @@ apiVersion: v2 description: Common templates for inclusion in other charts name: common -version: 13.0.3 +version: 13.1.0 diff --git a/kubernetes/common/common/templates/_images.tpl b/kubernetes/common/common/templates/_images.tpl new file mode 100644 index 0000000000..3bbaabc006 --- /dev/null +++ b/kubernetes/common/common/templates/_images.tpl @@ -0,0 +1,121 @@ +{{/* +# Copyright © Original (https://github.com/bitnami/charts) VMware, Inc. +# Copyright © 2024 Deutsche Telekom +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{/* vim: set filetype=mustache: */}} + +{{/* +Return the proper Docker Image Registry Secret Names +Original, if common way of image definition: +{{- include "common.images.renderPullSecrets" (dict "images" (list .Values.image .Values.metrics.image .Values.volumePermissions.image .Values.tls.image) "context" $) -}} +*/}} +{{- define "common.imagePullSecrets" -}} +{{- $images := list }} +{{- if .Values.image }} + {{- if kindIs "map" .Values.image -}} + {{- $images = append $images ".Values.image" -}} + {{- end -}} +{{- end -}} +{{- if .Values.metrics }} + {{- if .Values.metrics.image }} + {{- if kindIs "map" .Values.metrics.image -}} + {{- $images = append $images ".Values.metrics.image" -}} + {{- end -}} + {{- end -}} +{{- end -}} +{{- include "common.images._renderPullSecrets" (dict "images" $images "context" $) -}} +{{- end -}} + +{{/* +Return the proper image name +{{ include "common.images.image" ( dict "imageRoot" .Values.path.to.the.image "global" .Values.global ) }} +*/}} +{{- define "common.images.image" -}} +{{- $registryName := .imageRoot.registry -}} +{{- $repositoryName := .imageRoot.repository -}} +{{- $separator := ":" -}} +{{- $termination := .imageRoot.tag | toString -}} +{{- if .global }} + {{- if .global.imageRegistry }} + {{- $registryName = .global.imageRegistry -}} + {{- end -}} +{{- end -}} +{{- if .imageRoot.digest }} + {{- $separator = "@" -}} + {{- $termination = .imageRoot.digest | toString -}} +{{- end -}} +{{- if $registryName }} + {{- printf "%s/%s%s%s" $registryName $repositoryName $separator $termination -}} +{{- else -}} + {{- printf "%s%s%s" $repositoryName $separator $termination -}} +{{- end -}} +{{- end -}} + +{{/* +Return the proper Docker Image Registry Secret Names evaluating values as templates +{{ include "common.images.renderPullSecrets" ( dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "context" $) }} +*/}} +{{- define "common.images._renderPullSecrets" -}} + {{- $pullSecrets := list }} + {{- $context := .context }} + {{- $images := .images }} + + {{- if $context.Values.global }} + {{- range $context.Values.global.imagePullSecrets -}} + {{- if kindIs "map" . -}} + {{- $pullSecrets = append $pullSecrets (include "common.tplvalues._render" (dict "value" .name "context" $context)) -}} + {{- else -}} + {{- $pullSecrets = append $pullSecrets (include "common.tplvalues._render" (dict "value" . "context" $context)) -}} + {{- end -}} + {{- end -}} + {{- end -}} + + {{- range $image := $images -}} + {{- if contains "pullSecret" $image -}} + {{- range $pullSecret := $image.pullSecrets -}} + {{- if kindIs "map" $pullSecret -}} + {{- $pullSecrets = append $pullSecrets $pullSecret.name -}} + {{- else -}} + {{- $pullSecrets = append $pullSecrets $pullSecret -}} + {{- end -}} + {{- end -}} + {{- end -}} + {{- end -}} + + {{- if (not (empty $pullSecrets)) }} +imagePullSecrets: + {{- range $pullSecrets | uniq }} + - name: {{ . }} + {{- end }} + {{- else -}} +imagePullSecrets: [] + {{- end }} +{{- end -}} + +{{/* +Return the proper image version (ingores image revision/prerelease info & fallbacks to chart appVersion) +{{ include "common.images.version" ( dict "imageRoot" .Values.path.to.the.image "chart" .Chart ) }} +*/}} +{{- define "common.images._version" -}} +{{- $imageTag := .imageRoot.tag | toString -}} +{{/* regexp from https://github.com/Masterminds/semver/blob/23f51de38a0866c5ef0bfc42b3f735c73107b700/version.go#L41-L44 */}} +{{- if regexMatch `^([0-9]+)(\.[0-9]+)?(\.[0-9]+)?(-([0-9A-Za-z\-]+(\.[0-9A-Za-z\-]+)*))?(\+([0-9A-Za-z\-]+(\.[0-9A-Za-z\-]+)*))?$` $imageTag -}} + {{- $version := semver $imageTag -}} + {{- printf "%d.%d.%d" $version.Major $version.Minor $version.Patch -}} +{{- else -}} + {{- print .chart.AppVersion -}} +{{- end -}} +{{- end -}} diff --git a/kubernetes/common/common/templates/_mariadb.tpl b/kubernetes/common/common/templates/_mariadb.tpl index e21f0f658d..caf2fd1031 100644 --- a/kubernetes/common/common/templates/_mariadb.tpl +++ b/kubernetes/common/common/templates/_mariadb.tpl @@ -265,8 +265,7 @@ spec: key: password image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.mariadbOperator.image }}:{{ $dot.Values.mariadbOperator.appVersion }} imagePullPolicy: IfNotPresent - imagePullSecrets: - - name: {{ include "common.namespace" . }}-docker-registry-key + {{- include "common.imagePullSecrets" . | nindent 2 }} port: 3306 replicas: {{ $dot.Values.replicaCount }} {{- if $dot.Values.mariadbOperator.galera.enabled }} diff --git a/kubernetes/common/common/templates/_postgres.tpl b/kubernetes/common/common/templates/_postgres.tpl index d21d8c740d..dcd17c0312 100644 --- a/kubernetes/common/common/templates/_postgres.tpl +++ b/kubernetes/common/common/templates/_postgres.tpl @@ -87,8 +87,7 @@ spec: {{- if .Values.postgresOperator.imagePostgres }} image: {{ .Values.postgresOperator.imagePostgres | quote }} {{- end }} - imagePullSecrets: - - name: {{ include "common.namespace" . }}-docker-registry-key + {{- include "common.imagePullSecrets" . | nindent 2 }} postgresVersion: {{ $dot.Values.postgresOperator.postgresVersion }} instances: - name: {{ default "instance1" .Values.postgresOperator.instanceName | quote }} diff --git a/kubernetes/common/common/templates/_tplvalues.tpl b/kubernetes/common/common/templates/_tplvalues.tpl new file mode 100644 index 0000000000..0c6dbec859 --- /dev/null +++ b/kubernetes/common/common/templates/_tplvalues.tpl @@ -0,0 +1,49 @@ +{{/* +# Copyright © Original (https://github.com/bitnami/charts) VMware, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{/* vim: set filetype=mustache: */}} +{{/* +Renders a value that contains template perhaps with scope if the scope is present. +Usage: +{{ include "common.tplvalues._render" ( dict "value" .Values.path.to.the.Value "context" $ ) }} +{{ include "common.tplvalues._render" ( dict "value" .Values.path.to.the.Value "context" $ "scope" $app ) }} +*/}} +{{- define "common.tplvalues._render" -}} +{{- $value := typeIs "string" .value | ternary .value (.value | toYaml) }} +{{- if contains "{{" (toJson .value) }} + {{- if .scope }} + {{- tpl (cat "{{- with $.RelativeScope -}}" $value "{{- end }}") (merge (dict "RelativeScope" .scope) .context) }} + {{- else }} + {{- tpl $value .context }} + {{- end }} +{{- else }} + {{- $value }} +{{- end }} +{{- end -}} + +{{/* +Merge a list of values that contains template after rendering them. +Merge precedence is consistent with http://masterminds.github.io/sprig/dicts.html#merge-mustmerge +Usage: +{{ include "common.tplvalues._merge" ( dict "values" (list .Values.path.to.the.Value1 .Values.path.to.the.Value2) "context" $ ) }} +*/}} +{{- define "common.tplvalues._merge" -}} +{{- $dst := dict -}} +{{- range .values -}} +{{- $dst = include "common.tplvalues._render" (dict "value" . "context" $.context "scope" $.scope) | fromYaml | merge $dst -}} +{{- end -}} +{{ $dst | toYaml }} +{{- end -}} diff --git a/kubernetes/common/dgbuilder/templates/deployment.yaml b/kubernetes/common/dgbuilder/templates/deployment.yaml index 5d3038bcb1..18963f94f0 100644 --- a/kubernetes/common/dgbuilder/templates/deployment.yaml +++ b/kubernetes/common/dgbuilder/templates/deployment.yaml @@ -130,5 +130,4 @@ spec: - name: config emptyDir: medium: Memory - imagePullSecrets: - - name: "{{ include "common.namespace" . }}-docker-registry-key" + {{- include "common.imagePullSecrets" . | nindent 6 }} diff --git a/kubernetes/common/elasticsearch/components/data/templates/statefulset.yaml b/kubernetes/common/elasticsearch/components/data/templates/statefulset.yaml index a7278ba104..e6c5a87f5c 100644 --- a/kubernetes/common/elasticsearch/components/data/templates/statefulset.yaml +++ b/kubernetes/common/elasticsearch/components/data/templates/statefulset.yaml @@ -34,8 +34,7 @@ spec: template: metadata: {{- include "common.templateMetadata" (dict "labels" $labels "dot" .) | nindent 6 }} spec: - imagePullSecrets: - - name: "{{ include "common.namespace" . }}-docker-registry-key" + {{- include "common.imagePullSecrets" . | nindent 6 }} {{- if .Values.affinity }} affinity: {{- include "common.tplValue" (dict "value" .Values.affinity "context" $) | nindent 8 }} {{- end }} diff --git a/kubernetes/common/elasticsearch/components/master/templates/statefulset.yaml b/kubernetes/common/elasticsearch/components/master/templates/statefulset.yaml index 85ea2bbc54..8ee0fc50db 100644 --- a/kubernetes/common/elasticsearch/components/master/templates/statefulset.yaml +++ b/kubernetes/common/elasticsearch/components/master/templates/statefulset.yaml @@ -32,8 +32,7 @@ spec: template: metadata: {{- include "common.templateMetadata" (dict "labels" $labels "dot" .) | nindent 6 }} spec: - imagePullSecrets: - - name: "{{ include "common.namespace" . }}-docker-registry-key" + {{- include "common.imagePullSecrets" . | nindent 6 }} {{- if .Values.affinity }} affinity: {{- include "common.tplValue" (dict "value" .Values.affinity "context" $) | nindent 8 }} {{- end }} diff --git a/kubernetes/common/elasticsearch/templates/coordinating-deploy.yaml b/kubernetes/common/elasticsearch/templates/coordinating-deploy.yaml index 43eb92dd1e..0bc6de2b9b 100644 --- a/kubernetes/common/elasticsearch/templates/coordinating-deploy.yaml +++ b/kubernetes/common/elasticsearch/templates/coordinating-deploy.yaml @@ -30,8 +30,7 @@ spec: template: metadata: {{- include "common.templateMetadata" (dict "labels" $labels "dot" .) | nindent 6 }} spec: - imagePullSecrets: - - name: "{{ include "common.namespace" . }}-docker-registry-key" + {{- include "common.imagePullSecrets" . | nindent 6 }} {{- if .Values.affinity }} affinity: {{- include "common.tplValue" (dict "value" .Values.affinity "context" $) | nindent 8 }} {{- end }} diff --git a/kubernetes/common/etcd-init/templates/job.yaml b/kubernetes/common/etcd-init/templates/job.yaml index f1f1b0e27e..8919dc7a39 100644 --- a/kubernetes/common/etcd-init/templates/job.yaml +++ b/kubernetes/common/etcd-init/templates/job.yaml @@ -111,5 +111,4 @@ spec: hostPath: path: /etc/localtime restartPolicy: Never - imagePullSecrets: - - name: "{{ include "common.namespace" . }}-docker-registry-key" + {{- include "common.imagePullSecrets" . | nindent 6 }} diff --git a/kubernetes/common/etcd/templates/statefulset.yaml b/kubernetes/common/etcd/templates/statefulset.yaml index 829e17b5cb..722a27d791 100644 --- a/kubernetes/common/etcd/templates/statefulset.yaml +++ b/kubernetes/common/etcd/templates/statefulset.yaml @@ -35,8 +35,7 @@ spec: tolerations: {{ toYaml .Values.tolerations | indent 8 }} {{- end }} - imagePullSecrets: - - name: "{{ include "common.namespace" . }}-docker-registry-key" + {{- include "common.imagePullSecrets" . | nindent 6 }} containers: - name: {{ include "common.name" . }} image: {{ include "repositoryGenerator.googleK8sRepository" . }}/{{ .Values.image }} diff --git a/kubernetes/common/mariadb-galera/templates/backup/cronjob.yaml b/kubernetes/common/mariadb-galera/templates/backup/cronjob.yaml index 4548626dd3..9f0a786282 100644 --- a/kubernetes/common/mariadb-galera/templates/backup/cronjob.yaml +++ b/kubernetes/common/mariadb-galera/templates/backup/cronjob.yaml @@ -162,8 +162,7 @@ spec: readOnly: true - name: backup-dir mountPath: /backup - imagePullSecrets: - - name: {{ include "common.namespace" . }}-docker-registry-key + {{- include "common.imagePullSecrets" . | nindent 10 }} volumes: - name: localtime hostPath: diff --git a/kubernetes/common/mariadb-galera/templates/statefulset.yaml b/kubernetes/common/mariadb-galera/templates/statefulset.yaml index 2f5b33fd97..70cc0c34bd 100644 --- a/kubernetes/common/mariadb-galera/templates/statefulset.yaml +++ b/kubernetes/common/mariadb-galera/templates/statefulset.yaml @@ -221,8 +221,7 @@ spec: {{ include "common.containerSecurityContext" . | indent 10 | trim }} resources: {{- toYaml .Values.metrics.resources | nindent 12 }} {{- end }} - imagePullSecrets: - - name: {{ include "common.namespace" . }}-docker-registry-key + {{- include "common.imagePullSecrets" . | nindent 6 }} {{- if .Values.schedulerName }} schedulerName: {{ .Values.schedulerName | quote }} {{- end }} diff --git a/kubernetes/common/mariadb-init/templates/job.yaml b/kubernetes/common/mariadb-init/templates/job.yaml index 0180fecf0e..88ff0e09c2 100644 --- a/kubernetes/common/mariadb-init/templates/job.yaml +++ b/kubernetes/common/mariadb-init/templates/job.yaml @@ -120,5 +120,4 @@ spec: name: {{ include "mariadbInit.configMap" . }} defaultMode: 0755 restartPolicy: Never - imagePullSecrets: - - name: "{{ include "common.namespace" . }}-docker-registry-key" + {{- include "common.imagePullSecrets" . | nindent 6 }} diff --git a/kubernetes/common/network-name-gen/templates/deployment.yaml b/kubernetes/common/network-name-gen/templates/deployment.yaml index 4d05ae37c7..6bba995b11 100644 --- a/kubernetes/common/network-name-gen/templates/deployment.yaml +++ b/kubernetes/common/network-name-gen/templates/deployment.yaml @@ -117,5 +117,4 @@ spec: - name: certs secret: secretName: {{ include "common.release" . }}-aai-keystore - imagePullSecrets: - - name: "{{ include "common.namespace" . }}-docker-registry-key" + {{- include "common.imagePullSecrets" . | nindent 6 }} diff --git a/kubernetes/common/postgres-init/templates/job.yaml b/kubernetes/common/postgres-init/templates/job.yaml index 7fa2e9f4e8..6736559b81 100644 --- a/kubernetes/common/postgres-init/templates/job.yaml +++ b/kubernetes/common/postgres-init/templates/job.yaml @@ -100,5 +100,4 @@ spec: emptyDir: medium: Memory restartPolicy: Never - imagePullSecrets: - - name: "{{ include "common.namespace" . }}-docker-registry-key" + {{- include "common.imagePullSecrets" . | nindent 6 }} diff --git a/kubernetes/common/postgres/templates/_deployment.tpl b/kubernetes/common/postgres/templates/_deployment.tpl index fa25a42158..aae5da9195 100644 --- a/kubernetes/common/postgres/templates/_deployment.tpl +++ b/kubernetes/common/postgres/templates/_deployment.tpl @@ -57,8 +57,7 @@ spec: release: {{ include "common.release" $dot }} name: "{{ index $dot.Values "container" "name" $pgMode }}" spec: - imagePullSecrets: - - name: "{{ include "common.namespace" $dot }}-docker-registry-key" + {{- include "common.imagePullSecrets" $dot | nindent 6 }} initContainers: - command: - sh |