mirror of
https://github.com/arangodb/kube-arangodb.git
synced 2024-12-14 11:57:37 +00:00
Allow to set ImagePullSecrets in pods (#444)
This commit is contained in:
Adam Janikowski
GitHub
parent
363e06cfae
commit
ec8ed8e0ae
7 changed files with 42 additions and 15 deletions
2
.gitignore
vendored
2
.gitignore
vendored
|
|
@ -3,3 +3,5 @@
|
||||||
.gobuild
|
.gobuild
|
||||||
bin
|
bin
|
||||||
logs
|
logs
|
||||||
|
vendor/
|
||||||
|
.idea/
|
||||||
|
|
|
||||||
|
|
@ -96,6 +96,10 @@ Possible values are:
|
||||||
- `IfNotPresent` (default) to pull only when the image is not found on the node.
|
- `IfNotPresent` (default) to pull only when the image is not found on the node.
|
||||||
- `Always` to always pull the image before using it.
|
- `Always` to always pull the image before using it.
|
||||||
|
|
||||||
|
### `spec.imagePullSecrets: []string`
|
||||||
|
|
||||||
|
This setting specifies the list of image pull secrets for the docker image to use for all ArangoDB servers.
|
||||||
|
|
||||||
### `spec.storageEngine: string`
|
### `spec.storageEngine: string`
|
||||||
|
|
||||||
This setting specifies the type of storage engine used for all servers
|
This setting specifies the type of storage engine used for all servers
|
||||||
|
|
|
||||||
|
|
@ -52,8 +52,10 @@ type DeploymentSpec struct {
|
||||||
StorageEngine *StorageEngine `json:"storageEngine,omitempty"`
|
StorageEngine *StorageEngine `json:"storageEngine,omitempty"`
|
||||||
Image *string `json:"image,omitempty"`
|
Image *string `json:"image,omitempty"`
|
||||||
ImagePullPolicy *v1.PullPolicy `json:"imagePullPolicy,omitempty"`
|
ImagePullPolicy *v1.PullPolicy `json:"imagePullPolicy,omitempty"`
|
||||||
|
ImagePullSecrets []string `json:"imagePullSecrets,omitempty"`
|
||||||
DowntimeAllowed *bool `json:"downtimeAllowed,omitempty"`
|
DowntimeAllowed *bool `json:"downtimeAllowed,omitempty"`
|
||||||
DisableIPv6 *bool `json:"disableIPv6,omitempty"`
|
DisableIPv6 *bool `json:"disableIPv6,omitempty"`
|
||||||
|
|
||||||
LocallyAttachedVolumes *bool `json:"locallyAttachedVolumes,omitempty"`
|
LocallyAttachedVolumes *bool `json:"locallyAttachedVolumes,omitempty"`
|
||||||
|
|
||||||
ExternalAccess ExternalAccessSpec `json:"externalAccess"`
|
ExternalAccess ExternalAccessSpec `json:"externalAccess"`
|
||||||
|
|
|
||||||
|
|
@ -257,6 +257,11 @@ func (in *DeploymentSpec) DeepCopyInto(out *DeploymentSpec) {
|
||||||
*out = new(v1.PullPolicy)
|
*out = new(v1.PullPolicy)
|
||||||
**out = **in
|
**out = **in
|
||||||
}
|
}
|
||||||
|
if in.ImagePullSecrets != nil {
|
||||||
|
in, out := &in.ImagePullSecrets, &out.ImagePullSecrets
|
||||||
|
*out = make([]string, len(*in))
|
||||||
|
copy(*out, *in)
|
||||||
|
}
|
||||||
if in.DowntimeAllowed != nil {
|
if in.DowntimeAllowed != nil {
|
||||||
in, out := &in.DowntimeAllowed, &out.DowntimeAllowed
|
in, out := &in.DowntimeAllowed, &out.DowntimeAllowed
|
||||||
*out = new(bool)
|
*out = new(bool)
|
||||||
|
|
|
||||||
|
|
@ -197,7 +197,7 @@ func (ib *imagesBuilder) fetchArangoDBImageIDAndVersion(ctx context.Context, ima
|
||||||
SecretKey: constants.SecretKeyToken,
|
SecretKey: constants.SecretKeyToken,
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
if err := k8sutil.CreateArangodPod(ib.KubeCli, true, ib.APIObject, role, id, podName, "", image, "", "", ib.Spec.GetImagePullPolicy(), "", false, terminationGracePeriod, args, env, nil, nil, nil,
|
if err := k8sutil.CreateArangodPod(ib.KubeCli, true, ib.APIObject, role, id, podName, "", image, "", "", ib.Spec.GetImagePullPolicy(), ib.Spec.ImagePullSecrets, "", false, terminationGracePeriod, args, env, nil, nil, nil,
|
||||||
tolerations, serviceAccountName, "", "", "", nil, "", v1.ResourceRequirements{}, nil, nil, nil); err != nil {
|
tolerations, serviceAccountName, "", "", "", nil, "", v1.ResourceRequirements{}, nil, nil, nil); err != nil {
|
||||||
log.Debug().Err(err).Msg("Failed to create image ID pod")
|
log.Debug().Err(err).Msg("Failed to create image ID pod")
|
||||||
return true, maskAny(err)
|
return true, maskAny(err)
|
||||||
|
|
|
||||||
|
|
@ -662,7 +662,7 @@ func (r *Resources) createPodForMember(spec api.DeploymentSpec, memberID string,
|
||||||
engine := spec.GetStorageEngine().AsArangoArgument()
|
engine := spec.GetStorageEngine().AsArangoArgument()
|
||||||
requireUUID := group == api.ServerGroupDBServers && m.IsInitialized
|
requireUUID := group == api.ServerGroupDBServers && m.IsInitialized
|
||||||
finalizers := r.createPodFinalizers(group)
|
finalizers := r.createPodFinalizers(group)
|
||||||
if err := k8sutil.CreateArangodPod(kubecli, spec.IsDevelopment(), apiObject, role, m.ID, m.PodName, m.PersistentVolumeClaimName, imageInfo.ImageID, lifecycleImage, alpineImage, spec.GetImagePullPolicy(),
|
if err := k8sutil.CreateArangodPod(kubecli, spec.IsDevelopment(), apiObject, role, m.ID, m.PodName, m.PersistentVolumeClaimName, imageInfo.ImageID, lifecycleImage, alpineImage, spec.GetImagePullPolicy(), spec.ImagePullSecrets,
|
||||||
engine, requireUUID, terminationGracePeriod, args, env, finalizers, livenessProbe, readinessProbe, tolerations, serviceAccountName, tlsKeyfileSecretName, rocksdbEncryptionSecretName,
|
engine, requireUUID, terminationGracePeriod, args, env, finalizers, livenessProbe, readinessProbe, tolerations, serviceAccountName, tlsKeyfileSecretName, rocksdbEncryptionSecretName,
|
||||||
clusterJWTSecretName, groupSpec.GetNodeSelector(), groupSpec.PriorityClassName, groupSpec.Resources, exporter, groupSpec.GetSidecars(), groupSpec.VolumeClaimTemplate); err != nil {
|
clusterJWTSecretName, groupSpec.GetNodeSelector(), groupSpec.PriorityClassName, groupSpec.Resources, exporter, groupSpec.GetSidecars(), groupSpec.VolumeClaimTemplate); err != nil {
|
||||||
return maskAny(err)
|
return maskAny(err)
|
||||||
|
|
@ -755,7 +755,7 @@ func (r *Resources) createPodForMember(spec api.DeploymentSpec, memberID string,
|
||||||
if group == api.ServerGroupSyncWorkers {
|
if group == api.ServerGroupSyncWorkers {
|
||||||
affinityWithRole = api.ServerGroupDBServers.AsRole()
|
affinityWithRole = api.ServerGroupDBServers.AsRole()
|
||||||
}
|
}
|
||||||
if err := k8sutil.CreateArangoSyncPod(kubecli, spec.IsDevelopment(), apiObject, role, m.ID, m.PodName, imageID, lifecycleImage, spec.GetImagePullPolicy(), terminationGracePeriod, args, env,
|
if err := k8sutil.CreateArangoSyncPod(kubecli, spec.IsDevelopment(), apiObject, role, m.ID, m.PodName, imageID, lifecycleImage, spec.GetImagePullPolicy(), spec.ImagePullSecrets, terminationGracePeriod, args, env,
|
||||||
livenessProbe, tolerations, serviceAccountName, tlsKeyfileSecretName, clientAuthCASecretName, masterJWTSecretName, clusterJWTSecretName, affinityWithRole, groupSpec.GetNodeSelector(),
|
livenessProbe, tolerations, serviceAccountName, tlsKeyfileSecretName, clientAuthCASecretName, masterJWTSecretName, clusterJWTSecretName, affinityWithRole, groupSpec.GetNodeSelector(),
|
||||||
groupSpec.PriorityClassName, groupSpec.Resources, groupSpec.GetSidecars()); err != nil {
|
groupSpec.PriorityClassName, groupSpec.Resources, groupSpec.GetSidecars()); err != nil {
|
||||||
return maskAny(err)
|
return maskAny(err)
|
||||||
|
|
|
||||||
|
|
@ -497,7 +497,7 @@ func initLifecycleContainer(image string) (v1.Container, error) {
|
||||||
}
|
}
|
||||||
|
|
||||||
// newPod creates a basic Pod for given settings.
|
// newPod creates a basic Pod for given settings.
|
||||||
func newPod(deploymentName, ns, role, id, podName string, finalizers []string, tolerations []v1.Toleration, serviceAccountName string, nodeSelector map[string]string) v1.Pod {
|
func newPod(deploymentName, ns, role, id, podName string, imagePullSecrets []string, finalizers []string, tolerations []v1.Toleration, serviceAccountName string, nodeSelector map[string]string) v1.Pod {
|
||||||
hostname := CreatePodHostName(deploymentName, role, id)
|
hostname := CreatePodHostName(deploymentName, role, id)
|
||||||
p := v1.Pod{
|
p := v1.Pod{
|
||||||
ObjectMeta: metav1.ObjectMeta{
|
ObjectMeta: metav1.ObjectMeta{
|
||||||
|
|
@ -514,6 +514,18 @@ func newPod(deploymentName, ns, role, id, podName string, finalizers []string, t
|
||||||
NodeSelector: nodeSelector,
|
NodeSelector: nodeSelector,
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Add ImagePullSecrets
|
||||||
|
if imagePullSecrets != nil {
|
||||||
|
imagePullSecretsReference := make([]v1.LocalObjectReference, len(imagePullSecrets))
|
||||||
|
for id := range imagePullSecrets {
|
||||||
|
imagePullSecretsReference[id] = v1.LocalObjectReference{
|
||||||
|
Name: imagePullSecrets[id],
|
||||||
|
}
|
||||||
|
}
|
||||||
|
p.Spec.ImagePullSecrets = imagePullSecretsReference
|
||||||
|
}
|
||||||
|
|
||||||
return p
|
return p
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -530,7 +542,8 @@ type ArangodbExporterContainerConf struct {
|
||||||
// If the pod already exists, nil is returned.
|
// If the pod already exists, nil is returned.
|
||||||
// If another error occurs, that error is returned.
|
// If another error occurs, that error is returned.
|
||||||
func CreateArangodPod(kubecli kubernetes.Interface, developmentMode bool, deployment APIObject,
|
func CreateArangodPod(kubecli kubernetes.Interface, developmentMode bool, deployment APIObject,
|
||||||
role, id, podName, pvcName, image, lifecycleImage, alpineImage string, imagePullPolicy v1.PullPolicy,
|
role, id, podName, pvcName, image, lifecycleImage, alpineImage string,
|
||||||
|
imagePullPolicy v1.PullPolicy, imagePullSecrets []string,
|
||||||
engine string, requireUUID bool, terminationGracePeriod time.Duration,
|
engine string, requireUUID bool, terminationGracePeriod time.Duration,
|
||||||
args []string, env map[string]EnvValue, finalizers []string,
|
args []string, env map[string]EnvValue, finalizers []string,
|
||||||
livenessProbe *HTTPProbeConfig, readinessProbe *HTTPProbeConfig, tolerations []v1.Toleration, serviceAccountName string,
|
livenessProbe *HTTPProbeConfig, readinessProbe *HTTPProbeConfig, tolerations []v1.Toleration, serviceAccountName string,
|
||||||
|
|
@ -538,7 +551,7 @@ func CreateArangodPod(kubecli kubernetes.Interface, developmentMode bool, deploy
|
||||||
podPriorityClassName string, resources v1.ResourceRequirements, exporter *ArangodbExporterContainerConf, sidecars []v1.Container, vct *v1.PersistentVolumeClaim) error {
|
podPriorityClassName string, resources v1.ResourceRequirements, exporter *ArangodbExporterContainerConf, sidecars []v1.Container, vct *v1.PersistentVolumeClaim) error {
|
||||||
|
|
||||||
// Prepare basic pod
|
// Prepare basic pod
|
||||||
p := newPod(deployment.GetName(), deployment.GetNamespace(), role, id, podName, finalizers, tolerations, serviceAccountName, nodeSelector)
|
p := newPod(deployment.GetName(), deployment.GetNamespace(), role, id, podName, imagePullSecrets, finalizers, tolerations, serviceAccountName, nodeSelector)
|
||||||
terminationGracePeriodSeconds := int64(math.Ceil(terminationGracePeriod.Seconds()))
|
terminationGracePeriodSeconds := int64(math.Ceil(terminationGracePeriod.Seconds()))
|
||||||
p.Spec.TerminationGracePeriodSeconds = &terminationGracePeriodSeconds
|
p.Spec.TerminationGracePeriodSeconds = &terminationGracePeriodSeconds
|
||||||
|
|
||||||
|
|
@ -688,12 +701,13 @@ func CreateArangodPod(kubecli kubernetes.Interface, developmentMode bool, deploy
|
||||||
// CreateArangoSyncPod creates a Pod that runs `arangosync`.
|
// CreateArangoSyncPod creates a Pod that runs `arangosync`.
|
||||||
// If the pod already exists, nil is returned.
|
// If the pod already exists, nil is returned.
|
||||||
// If another error occurs, that error is returned.
|
// If another error occurs, that error is returned.
|
||||||
func CreateArangoSyncPod(kubecli kubernetes.Interface, developmentMode bool, deployment APIObject, role, id, podName, image, lifecycleImage string, imagePullPolicy v1.PullPolicy,
|
func CreateArangoSyncPod(kubecli kubernetes.Interface, developmentMode bool, deployment APIObject, role, id, podName, image, lifecycleImage string,
|
||||||
|
imagePullPolicy v1.PullPolicy, imagePullSecrets []string,
|
||||||
terminationGracePeriod time.Duration, args []string, env map[string]EnvValue, livenessProbe *HTTPProbeConfig, tolerations []v1.Toleration, serviceAccountName string,
|
terminationGracePeriod time.Duration, args []string, env map[string]EnvValue, livenessProbe *HTTPProbeConfig, tolerations []v1.Toleration, serviceAccountName string,
|
||||||
tlsKeyfileSecretName, clientAuthCASecretName, masterJWTSecretName, clusterJWTSecretName, affinityWithRole string, nodeSelector map[string]string,
|
tlsKeyfileSecretName, clientAuthCASecretName, masterJWTSecretName, clusterJWTSecretName, affinityWithRole string, nodeSelector map[string]string,
|
||||||
podPriorityClassName string, resources v1.ResourceRequirements, sidecars []v1.Container) error {
|
podPriorityClassName string, resources v1.ResourceRequirements, sidecars []v1.Container) error {
|
||||||
// Prepare basic pod
|
// Prepare basic pod
|
||||||
p := newPod(deployment.GetName(), deployment.GetNamespace(), role, id, podName, nil, tolerations, serviceAccountName, nodeSelector)
|
p := newPod(deployment.GetName(), deployment.GetNamespace(), role, id, podName, imagePullSecrets, nil, tolerations, serviceAccountName, nodeSelector)
|
||||||
terminationGracePeriodSeconds := int64(math.Ceil(terminationGracePeriod.Seconds()))
|
terminationGracePeriodSeconds := int64(math.Ceil(terminationGracePeriod.Seconds()))
|
||||||
p.Spec.TerminationGracePeriodSeconds = &terminationGracePeriodSeconds
|
p.Spec.TerminationGracePeriodSeconds = &terminationGracePeriodSeconds
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue