aboutsummaryrefslogtreecommitdiffstats
path: root/kubernetes/common
diff options
context:
space:
mode:
authorAndreas Geissler <andreas-geissler@telekom.de>2024-03-20 09:51:32 +0100
committerAndreas Geissler <andreas-geissler@telekom.de>2024-03-20 15:51:27 +0100
commitbd0d31acc349a67c01de0595d152b8448b5311d1 (patch)
tree73ec72f08fa7f5b789b08573e2adc8a6b011214e /kubernetes/common
parent5fa1a05b3142c1f70757d5ce5b4519e574f6f5b2 (diff)
[COMMON] Make imagePullSecrets configurable
Currently in ONAP the imagePullSecrets is hardcoded to 'onap-docker-registry-key' which is created by the repository-wrapper component. With this change the secrets can be configured via setting global.imagePullSecrets and optionally per image if it is configured as map (image.pullSecrets) Issue-ID: OOM-3284 Change-Id: I8644f9b46043b6014219c42928e057b149df43a4 Signed-off-by: Andreas Geissler <andreas-geissler@telekom.de>
Diffstat (limited to 'kubernetes/common')
-rw-r--r--kubernetes/common/cassandra/templates/statefulset.yaml3
-rw-r--r--kubernetes/common/common/Chart.yaml2
-rw-r--r--kubernetes/common/common/templates/_images.tpl121
-rw-r--r--kubernetes/common/common/templates/_mariadb.tpl3
-rw-r--r--kubernetes/common/common/templates/_postgres.tpl3
-rw-r--r--kubernetes/common/common/templates/_tplvalues.tpl49
-rw-r--r--kubernetes/common/dgbuilder/templates/deployment.yaml3
-rw-r--r--kubernetes/common/elasticsearch/components/data/templates/statefulset.yaml3
-rw-r--r--kubernetes/common/elasticsearch/components/master/templates/statefulset.yaml3
-rw-r--r--kubernetes/common/elasticsearch/templates/coordinating-deploy.yaml3
-rw-r--r--kubernetes/common/etcd-init/templates/job.yaml3
-rw-r--r--kubernetes/common/etcd/templates/statefulset.yaml3
-rw-r--r--kubernetes/common/mariadb-galera/templates/backup/cronjob.yaml3
-rw-r--r--kubernetes/common/mariadb-galera/templates/statefulset.yaml3
-rw-r--r--kubernetes/common/mariadb-init/templates/job.yaml3
-rw-r--r--kubernetes/common/network-name-gen/templates/deployment.yaml3
-rw-r--r--kubernetes/common/postgres-init/templates/job.yaml3
-rw-r--r--kubernetes/common/postgres/templates/_deployment.tpl3
18 files changed, 186 insertions, 31 deletions
diff --git a/kubernetes/common/cassandra/templates/statefulset.yaml b/kubernetes/common/cassandra/templates/statefulset.yaml
index 4815d14594..bb7027cab9 100644
--- a/kubernetes/common/cassandra/templates/statefulset.yaml
+++ b/kubernetes/common/cassandra/templates/statefulset.yaml
@@ -29,8 +29,7 @@ spec:
metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
hostNetwork: {{ .Values.hostNetwork }}
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+ {{- include "common.imagePullSecrets" . | nindent 6 }}
containers:
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.image }}
diff --git a/kubernetes/common/common/Chart.yaml b/kubernetes/common/common/Chart.yaml
index 129454681e..bb9e8a24fc 100644
--- a/kubernetes/common/common/Chart.yaml
+++ b/kubernetes/common/common/Chart.yaml
@@ -16,4 +16,4 @@
apiVersion: v2
description: Common templates for inclusion in other charts
name: common
-version: 13.0.3
+version: 13.1.0
diff --git a/kubernetes/common/common/templates/_images.tpl b/kubernetes/common/common/templates/_images.tpl
new file mode 100644
index 0000000000..3bbaabc006
--- /dev/null
+++ b/kubernetes/common/common/templates/_images.tpl
@@ -0,0 +1,121 @@
+{{/*
+# Copyright © Original (https://github.com/bitnami/charts) VMware, Inc.
+# Copyright © 2024 Deutsche Telekom
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{/* vim: set filetype=mustache: */}}
+
+{{/*
+Return the proper Docker Image Registry Secret Names
+Original, if common way of image definition:
+{{- include "common.images.renderPullSecrets" (dict "images" (list .Values.image .Values.metrics.image .Values.volumePermissions.image .Values.tls.image) "context" $) -}}
+*/}}
+{{- define "common.imagePullSecrets" -}}
+{{- $images := list }}
+{{- if .Values.image }}
+ {{- if kindIs "map" .Values.image -}}
+ {{- $images = append $images ".Values.image" -}}
+ {{- end -}}
+{{- end -}}
+{{- if .Values.metrics }}
+ {{- if .Values.metrics.image }}
+ {{- if kindIs "map" .Values.metrics.image -}}
+ {{- $images = append $images ".Values.metrics.image" -}}
+ {{- end -}}
+ {{- end -}}
+{{- end -}}
+{{- include "common.images._renderPullSecrets" (dict "images" $images "context" $) -}}
+{{- end -}}
+
+{{/*
+Return the proper image name
+{{ include "common.images.image" ( dict "imageRoot" .Values.path.to.the.image "global" .Values.global ) }}
+*/}}
+{{- define "common.images.image" -}}
+{{- $registryName := .imageRoot.registry -}}
+{{- $repositoryName := .imageRoot.repository -}}
+{{- $separator := ":" -}}
+{{- $termination := .imageRoot.tag | toString -}}
+{{- if .global }}
+ {{- if .global.imageRegistry }}
+ {{- $registryName = .global.imageRegistry -}}
+ {{- end -}}
+{{- end -}}
+{{- if .imageRoot.digest }}
+ {{- $separator = "@" -}}
+ {{- $termination = .imageRoot.digest | toString -}}
+{{- end -}}
+{{- if $registryName }}
+ {{- printf "%s/%s%s%s" $registryName $repositoryName $separator $termination -}}
+{{- else -}}
+ {{- printf "%s%s%s" $repositoryName $separator $termination -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return the proper Docker Image Registry Secret Names evaluating values as templates
+{{ include "common.images.renderPullSecrets" ( dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "context" $) }}
+*/}}
+{{- define "common.images._renderPullSecrets" -}}
+ {{- $pullSecrets := list }}
+ {{- $context := .context }}
+ {{- $images := .images }}
+
+ {{- if $context.Values.global }}
+ {{- range $context.Values.global.imagePullSecrets -}}
+ {{- if kindIs "map" . -}}
+ {{- $pullSecrets = append $pullSecrets (include "common.tplvalues._render" (dict "value" .name "context" $context)) -}}
+ {{- else -}}
+ {{- $pullSecrets = append $pullSecrets (include "common.tplvalues._render" (dict "value" . "context" $context)) -}}
+ {{- end -}}
+ {{- end -}}
+ {{- end -}}
+
+ {{- range $image := $images -}}
+ {{- if contains "pullSecret" $image -}}
+ {{- range $pullSecret := $image.pullSecrets -}}
+ {{- if kindIs "map" $pullSecret -}}
+ {{- $pullSecrets = append $pullSecrets $pullSecret.name -}}
+ {{- else -}}
+ {{- $pullSecrets = append $pullSecrets $pullSecret -}}
+ {{- end -}}
+ {{- end -}}
+ {{- end -}}
+ {{- end -}}
+
+ {{- if (not (empty $pullSecrets)) }}
+imagePullSecrets:
+ {{- range $pullSecrets | uniq }}
+ - name: {{ . }}
+ {{- end }}
+ {{- else -}}
+imagePullSecrets: []
+ {{- end }}
+{{- end -}}
+
+{{/*
+Return the proper image version (ingores image revision/prerelease info & fallbacks to chart appVersion)
+{{ include "common.images.version" ( dict "imageRoot" .Values.path.to.the.image "chart" .Chart ) }}
+*/}}
+{{- define "common.images._version" -}}
+{{- $imageTag := .imageRoot.tag | toString -}}
+{{/* regexp from https://github.com/Masterminds/semver/blob/23f51de38a0866c5ef0bfc42b3f735c73107b700/version.go#L41-L44 */}}
+{{- if regexMatch `^([0-9]+)(\.[0-9]+)?(\.[0-9]+)?(-([0-9A-Za-z\-]+(\.[0-9A-Za-z\-]+)*))?(\+([0-9A-Za-z\-]+(\.[0-9A-Za-z\-]+)*))?$` $imageTag -}}
+ {{- $version := semver $imageTag -}}
+ {{- printf "%d.%d.%d" $version.Major $version.Minor $version.Patch -}}
+{{- else -}}
+ {{- print .chart.AppVersion -}}
+{{- end -}}
+{{- end -}}
diff --git a/kubernetes/common/common/templates/_mariadb.tpl b/kubernetes/common/common/templates/_mariadb.tpl
index e21f0f658d..caf2fd1031 100644
--- a/kubernetes/common/common/templates/_mariadb.tpl
+++ b/kubernetes/common/common/templates/_mariadb.tpl
@@ -265,8 +265,7 @@ spec:
key: password
image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.mariadbOperator.image }}:{{ $dot.Values.mariadbOperator.appVersion }}
imagePullPolicy: IfNotPresent
- imagePullSecrets:
- - name: {{ include "common.namespace" . }}-docker-registry-key
+ {{- include "common.imagePullSecrets" . | nindent 2 }}
port: 3306
replicas: {{ $dot.Values.replicaCount }}
{{- if $dot.Values.mariadbOperator.galera.enabled }}
diff --git a/kubernetes/common/common/templates/_postgres.tpl b/kubernetes/common/common/templates/_postgres.tpl
index d21d8c740d..dcd17c0312 100644
--- a/kubernetes/common/common/templates/_postgres.tpl
+++ b/kubernetes/common/common/templates/_postgres.tpl
@@ -87,8 +87,7 @@ spec:
{{- if .Values.postgresOperator.imagePostgres }}
image: {{ .Values.postgresOperator.imagePostgres | quote }}
{{- end }}
- imagePullSecrets:
- - name: {{ include "common.namespace" . }}-docker-registry-key
+ {{- include "common.imagePullSecrets" . | nindent 2 }}
postgresVersion: {{ $dot.Values.postgresOperator.postgresVersion }}
instances:
- name: {{ default "instance1" .Values.postgresOperator.instanceName | quote }}
diff --git a/kubernetes/common/common/templates/_tplvalues.tpl b/kubernetes/common/common/templates/_tplvalues.tpl
new file mode 100644
index 0000000000..0c6dbec859
--- /dev/null
+++ b/kubernetes/common/common/templates/_tplvalues.tpl
@@ -0,0 +1,49 @@
+{{/*
+# Copyright © Original (https://github.com/bitnami/charts) VMware, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Renders a value that contains template perhaps with scope if the scope is present.
+Usage:
+{{ include "common.tplvalues._render" ( dict "value" .Values.path.to.the.Value "context" $ ) }}
+{{ include "common.tplvalues._render" ( dict "value" .Values.path.to.the.Value "context" $ "scope" $app ) }}
+*/}}
+{{- define "common.tplvalues._render" -}}
+{{- $value := typeIs "string" .value | ternary .value (.value | toYaml) }}
+{{- if contains "{{" (toJson .value) }}
+ {{- if .scope }}
+ {{- tpl (cat "{{- with $.RelativeScope -}}" $value "{{- end }}") (merge (dict "RelativeScope" .scope) .context) }}
+ {{- else }}
+ {{- tpl $value .context }}
+ {{- end }}
+{{- else }}
+ {{- $value }}
+{{- end }}
+{{- end -}}
+
+{{/*
+Merge a list of values that contains template after rendering them.
+Merge precedence is consistent with http://masterminds.github.io/sprig/dicts.html#merge-mustmerge
+Usage:
+{{ include "common.tplvalues._merge" ( dict "values" (list .Values.path.to.the.Value1 .Values.path.to.the.Value2) "context" $ ) }}
+*/}}
+{{- define "common.tplvalues._merge" -}}
+{{- $dst := dict -}}
+{{- range .values -}}
+{{- $dst = include "common.tplvalues._render" (dict "value" . "context" $.context "scope" $.scope) | fromYaml | merge $dst -}}
+{{- end -}}
+{{ $dst | toYaml }}
+{{- end -}}
diff --git a/kubernetes/common/dgbuilder/templates/deployment.yaml b/kubernetes/common/dgbuilder/templates/deployment.yaml
index 5d3038bcb1..18963f94f0 100644
--- a/kubernetes/common/dgbuilder/templates/deployment.yaml
+++ b/kubernetes/common/dgbuilder/templates/deployment.yaml
@@ -130,5 +130,4 @@ spec:
- name: config
emptyDir:
medium: Memory
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+ {{- include "common.imagePullSecrets" . | nindent 6 }}
diff --git a/kubernetes/common/elasticsearch/components/data/templates/statefulset.yaml b/kubernetes/common/elasticsearch/components/data/templates/statefulset.yaml
index a7278ba104..e6c5a87f5c 100644
--- a/kubernetes/common/elasticsearch/components/data/templates/statefulset.yaml
+++ b/kubernetes/common/elasticsearch/components/data/templates/statefulset.yaml
@@ -34,8 +34,7 @@ spec:
template:
metadata: {{- include "common.templateMetadata" (dict "labels" $labels "dot" .) | nindent 6 }}
spec:
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+ {{- include "common.imagePullSecrets" . | nindent 6 }}
{{- if .Values.affinity }}
affinity: {{- include "common.tplValue" (dict "value" .Values.affinity "context" $) | nindent 8 }}
{{- end }}
diff --git a/kubernetes/common/elasticsearch/components/master/templates/statefulset.yaml b/kubernetes/common/elasticsearch/components/master/templates/statefulset.yaml
index 85ea2bbc54..8ee0fc50db 100644
--- a/kubernetes/common/elasticsearch/components/master/templates/statefulset.yaml
+++ b/kubernetes/common/elasticsearch/components/master/templates/statefulset.yaml
@@ -32,8 +32,7 @@ spec:
template:
metadata: {{- include "common.templateMetadata" (dict "labels" $labels "dot" .) | nindent 6 }}
spec:
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+ {{- include "common.imagePullSecrets" . | nindent 6 }}
{{- if .Values.affinity }}
affinity: {{- include "common.tplValue" (dict "value" .Values.affinity "context" $) | nindent 8 }}
{{- end }}
diff --git a/kubernetes/common/elasticsearch/templates/coordinating-deploy.yaml b/kubernetes/common/elasticsearch/templates/coordinating-deploy.yaml
index 43eb92dd1e..0bc6de2b9b 100644
--- a/kubernetes/common/elasticsearch/templates/coordinating-deploy.yaml
+++ b/kubernetes/common/elasticsearch/templates/coordinating-deploy.yaml
@@ -30,8 +30,7 @@ spec:
template:
metadata: {{- include "common.templateMetadata" (dict "labels" $labels "dot" .) | nindent 6 }}
spec:
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+ {{- include "common.imagePullSecrets" . | nindent 6 }}
{{- if .Values.affinity }}
affinity: {{- include "common.tplValue" (dict "value" .Values.affinity "context" $) | nindent 8 }}
{{- end }}
diff --git a/kubernetes/common/etcd-init/templates/job.yaml b/kubernetes/common/etcd-init/templates/job.yaml
index f1f1b0e27e..8919dc7a39 100644
--- a/kubernetes/common/etcd-init/templates/job.yaml
+++ b/kubernetes/common/etcd-init/templates/job.yaml
@@ -111,5 +111,4 @@ spec:
hostPath:
path: /etc/localtime
restartPolicy: Never
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+ {{- include "common.imagePullSecrets" . | nindent 6 }}
diff --git a/kubernetes/common/etcd/templates/statefulset.yaml b/kubernetes/common/etcd/templates/statefulset.yaml
index 829e17b5cb..722a27d791 100644
--- a/kubernetes/common/etcd/templates/statefulset.yaml
+++ b/kubernetes/common/etcd/templates/statefulset.yaml
@@ -35,8 +35,7 @@ spec:
tolerations:
{{ toYaml .Values.tolerations | indent 8 }}
{{- end }}
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+ {{- include "common.imagePullSecrets" . | nindent 6 }}
containers:
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.googleK8sRepository" . }}/{{ .Values.image }}
diff --git a/kubernetes/common/mariadb-galera/templates/backup/cronjob.yaml b/kubernetes/common/mariadb-galera/templates/backup/cronjob.yaml
index 4548626dd3..9f0a786282 100644
--- a/kubernetes/common/mariadb-galera/templates/backup/cronjob.yaml
+++ b/kubernetes/common/mariadb-galera/templates/backup/cronjob.yaml
@@ -162,8 +162,7 @@ spec:
readOnly: true
- name: backup-dir
mountPath: /backup
- imagePullSecrets:
- - name: {{ include "common.namespace" . }}-docker-registry-key
+ {{- include "common.imagePullSecrets" . | nindent 10 }}
volumes:
- name: localtime
hostPath:
diff --git a/kubernetes/common/mariadb-galera/templates/statefulset.yaml b/kubernetes/common/mariadb-galera/templates/statefulset.yaml
index 2f5b33fd97..70cc0c34bd 100644
--- a/kubernetes/common/mariadb-galera/templates/statefulset.yaml
+++ b/kubernetes/common/mariadb-galera/templates/statefulset.yaml
@@ -221,8 +221,7 @@ spec:
{{ include "common.containerSecurityContext" . | indent 10 | trim }}
resources: {{- toYaml .Values.metrics.resources | nindent 12 }}
{{- end }}
- imagePullSecrets:
- - name: {{ include "common.namespace" . }}-docker-registry-key
+ {{- include "common.imagePullSecrets" . | nindent 6 }}
{{- if .Values.schedulerName }}
schedulerName: {{ .Values.schedulerName | quote }}
{{- end }}
diff --git a/kubernetes/common/mariadb-init/templates/job.yaml b/kubernetes/common/mariadb-init/templates/job.yaml
index 0180fecf0e..88ff0e09c2 100644
--- a/kubernetes/common/mariadb-init/templates/job.yaml
+++ b/kubernetes/common/mariadb-init/templates/job.yaml
@@ -120,5 +120,4 @@ spec:
name: {{ include "mariadbInit.configMap" . }}
defaultMode: 0755
restartPolicy: Never
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+ {{- include "common.imagePullSecrets" . | nindent 6 }}
diff --git a/kubernetes/common/network-name-gen/templates/deployment.yaml b/kubernetes/common/network-name-gen/templates/deployment.yaml
index 4d05ae37c7..6bba995b11 100644
--- a/kubernetes/common/network-name-gen/templates/deployment.yaml
+++ b/kubernetes/common/network-name-gen/templates/deployment.yaml
@@ -117,5 +117,4 @@ spec:
- name: certs
secret:
secretName: {{ include "common.release" . }}-aai-keystore
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+ {{- include "common.imagePullSecrets" . | nindent 6 }}
diff --git a/kubernetes/common/postgres-init/templates/job.yaml b/kubernetes/common/postgres-init/templates/job.yaml
index 7fa2e9f4e8..6736559b81 100644
--- a/kubernetes/common/postgres-init/templates/job.yaml
+++ b/kubernetes/common/postgres-init/templates/job.yaml
@@ -100,5 +100,4 @@ spec:
emptyDir:
medium: Memory
restartPolicy: Never
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+ {{- include "common.imagePullSecrets" . | nindent 6 }}
diff --git a/kubernetes/common/postgres/templates/_deployment.tpl b/kubernetes/common/postgres/templates/_deployment.tpl
index fa25a42158..aae5da9195 100644
--- a/kubernetes/common/postgres/templates/_deployment.tpl
+++ b/kubernetes/common/postgres/templates/_deployment.tpl
@@ -57,8 +57,7 @@ spec:
release: {{ include "common.release" $dot }}
name: "{{ index $dot.Values "container" "name" $pgMode }}"
spec:
- imagePullSecrets:
- - name: "{{ include "common.namespace" $dot }}-docker-registry-key"
+ {{- include "common.imagePullSecrets" $dot | nindent 6 }}
initContainers:
- command:
- sh