1
0
Fork 0
mirror of https://github.com/arangodb/kube-arangodb.git synced 2024-12-14 11:57:37 +00:00

Allow to set ImagePullSecrets in pods (#444)

This commit is contained in:
Adam Janikowski 2019-09-15 18:43:55 +02:00 committed by GitHub
parent 363e06cfae
commit ec8ed8e0ae
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
7 changed files with 42 additions and 15 deletions

2
.gitignore vendored
View file

@ -3,3 +3,5 @@
.gobuild
bin
logs
vendor/
.idea/

View file

@ -96,6 +96,10 @@ Possible values are:
- `IfNotPresent` (default) to pull only when the image is not found on the node.
- `Always` to always pull the image before using it.
### `spec.imagePullSecrets: []string`
This setting specifies the list of image pull secrets for the docker image to use for all ArangoDB servers.
### `spec.storageEngine: string`
This setting specifies the type of storage engine used for all servers

View file

@ -47,13 +47,15 @@ func validatePullPolicy(v v1.PullPolicy) error {
// DeploymentSpec contains the spec part of a ArangoDeployment resource.
type DeploymentSpec struct {
Mode *DeploymentMode `json:"mode,omitempty"`
Environment *Environment `json:"environment,omitempty"`
StorageEngine *StorageEngine `json:"storageEngine,omitempty"`
Image *string `json:"image,omitempty"`
ImagePullPolicy *v1.PullPolicy `json:"imagePullPolicy,omitempty"`
DowntimeAllowed *bool `json:"downtimeAllowed,omitempty"`
DisableIPv6 *bool `json:"disableIPv6,omitempty"`
Mode *DeploymentMode `json:"mode,omitempty"`
Environment *Environment `json:"environment,omitempty"`
StorageEngine *StorageEngine `json:"storageEngine,omitempty"`
Image *string `json:"image,omitempty"`
ImagePullPolicy *v1.PullPolicy `json:"imagePullPolicy,omitempty"`
ImagePullSecrets []string `json:"imagePullSecrets,omitempty"`
DowntimeAllowed *bool `json:"downtimeAllowed,omitempty"`
DisableIPv6 *bool `json:"disableIPv6,omitempty"`
LocallyAttachedVolumes *bool `json:"locallyAttachedVolumes,omitempty"`
ExternalAccess ExternalAccessSpec `json:"externalAccess"`

View file

@ -257,6 +257,11 @@ func (in *DeploymentSpec) DeepCopyInto(out *DeploymentSpec) {
*out = new(v1.PullPolicy)
**out = **in
}
if in.ImagePullSecrets != nil {
in, out := &in.ImagePullSecrets, &out.ImagePullSecrets
*out = make([]string, len(*in))
copy(*out, *in)
}
if in.DowntimeAllowed != nil {
in, out := &in.DowntimeAllowed, &out.DowntimeAllowed
*out = new(bool)

View file

@ -197,7 +197,7 @@ func (ib *imagesBuilder) fetchArangoDBImageIDAndVersion(ctx context.Context, ima
SecretKey: constants.SecretKeyToken,
}
}
if err := k8sutil.CreateArangodPod(ib.KubeCli, true, ib.APIObject, role, id, podName, "", image, "", "", ib.Spec.GetImagePullPolicy(), "", false, terminationGracePeriod, args, env, nil, nil, nil,
if err := k8sutil.CreateArangodPod(ib.KubeCli, true, ib.APIObject, role, id, podName, "", image, "", "", ib.Spec.GetImagePullPolicy(), ib.Spec.ImagePullSecrets, "", false, terminationGracePeriod, args, env, nil, nil, nil,
tolerations, serviceAccountName, "", "", "", nil, "", v1.ResourceRequirements{}, nil, nil, nil); err != nil {
log.Debug().Err(err).Msg("Failed to create image ID pod")
return true, maskAny(err)

View file

@ -662,7 +662,7 @@ func (r *Resources) createPodForMember(spec api.DeploymentSpec, memberID string,
engine := spec.GetStorageEngine().AsArangoArgument()
requireUUID := group == api.ServerGroupDBServers && m.IsInitialized
finalizers := r.createPodFinalizers(group)
if err := k8sutil.CreateArangodPod(kubecli, spec.IsDevelopment(), apiObject, role, m.ID, m.PodName, m.PersistentVolumeClaimName, imageInfo.ImageID, lifecycleImage, alpineImage, spec.GetImagePullPolicy(),
if err := k8sutil.CreateArangodPod(kubecli, spec.IsDevelopment(), apiObject, role, m.ID, m.PodName, m.PersistentVolumeClaimName, imageInfo.ImageID, lifecycleImage, alpineImage, spec.GetImagePullPolicy(), spec.ImagePullSecrets,
engine, requireUUID, terminationGracePeriod, args, env, finalizers, livenessProbe, readinessProbe, tolerations, serviceAccountName, tlsKeyfileSecretName, rocksdbEncryptionSecretName,
clusterJWTSecretName, groupSpec.GetNodeSelector(), groupSpec.PriorityClassName, groupSpec.Resources, exporter, groupSpec.GetSidecars(), groupSpec.VolumeClaimTemplate); err != nil {
return maskAny(err)
@ -755,7 +755,7 @@ func (r *Resources) createPodForMember(spec api.DeploymentSpec, memberID string,
if group == api.ServerGroupSyncWorkers {
affinityWithRole = api.ServerGroupDBServers.AsRole()
}
if err := k8sutil.CreateArangoSyncPod(kubecli, spec.IsDevelopment(), apiObject, role, m.ID, m.PodName, imageID, lifecycleImage, spec.GetImagePullPolicy(), terminationGracePeriod, args, env,
if err := k8sutil.CreateArangoSyncPod(kubecli, spec.IsDevelopment(), apiObject, role, m.ID, m.PodName, imageID, lifecycleImage, spec.GetImagePullPolicy(), spec.ImagePullSecrets, terminationGracePeriod, args, env,
livenessProbe, tolerations, serviceAccountName, tlsKeyfileSecretName, clientAuthCASecretName, masterJWTSecretName, clusterJWTSecretName, affinityWithRole, groupSpec.GetNodeSelector(),
groupSpec.PriorityClassName, groupSpec.Resources, groupSpec.GetSidecars()); err != nil {
return maskAny(err)

View file

@ -497,7 +497,7 @@ func initLifecycleContainer(image string) (v1.Container, error) {
}
// newPod creates a basic Pod for given settings.
func newPod(deploymentName, ns, role, id, podName string, finalizers []string, tolerations []v1.Toleration, serviceAccountName string, nodeSelector map[string]string) v1.Pod {
func newPod(deploymentName, ns, role, id, podName string, imagePullSecrets []string, finalizers []string, tolerations []v1.Toleration, serviceAccountName string, nodeSelector map[string]string) v1.Pod {
hostname := CreatePodHostName(deploymentName, role, id)
p := v1.Pod{
ObjectMeta: metav1.ObjectMeta{
@ -514,6 +514,18 @@ func newPod(deploymentName, ns, role, id, podName string, finalizers []string, t
NodeSelector: nodeSelector,
},
}
// Add ImagePullSecrets
if imagePullSecrets != nil {
imagePullSecretsReference := make([]v1.LocalObjectReference, len(imagePullSecrets))
for id := range imagePullSecrets {
imagePullSecretsReference[id] = v1.LocalObjectReference{
Name: imagePullSecrets[id],
}
}
p.Spec.ImagePullSecrets = imagePullSecretsReference
}
return p
}
@ -530,7 +542,8 @@ type ArangodbExporterContainerConf struct {
// If the pod already exists, nil is returned.
// If another error occurs, that error is returned.
func CreateArangodPod(kubecli kubernetes.Interface, developmentMode bool, deployment APIObject,
role, id, podName, pvcName, image, lifecycleImage, alpineImage string, imagePullPolicy v1.PullPolicy,
role, id, podName, pvcName, image, lifecycleImage, alpineImage string,
imagePullPolicy v1.PullPolicy, imagePullSecrets []string,
engine string, requireUUID bool, terminationGracePeriod time.Duration,
args []string, env map[string]EnvValue, finalizers []string,
livenessProbe *HTTPProbeConfig, readinessProbe *HTTPProbeConfig, tolerations []v1.Toleration, serviceAccountName string,
@ -538,7 +551,7 @@ func CreateArangodPod(kubecli kubernetes.Interface, developmentMode bool, deploy
podPriorityClassName string, resources v1.ResourceRequirements, exporter *ArangodbExporterContainerConf, sidecars []v1.Container, vct *v1.PersistentVolumeClaim) error {
// Prepare basic pod
p := newPod(deployment.GetName(), deployment.GetNamespace(), role, id, podName, finalizers, tolerations, serviceAccountName, nodeSelector)
p := newPod(deployment.GetName(), deployment.GetNamespace(), role, id, podName, imagePullSecrets, finalizers, tolerations, serviceAccountName, nodeSelector)
terminationGracePeriodSeconds := int64(math.Ceil(terminationGracePeriod.Seconds()))
p.Spec.TerminationGracePeriodSeconds = &terminationGracePeriodSeconds
@ -688,12 +701,13 @@ func CreateArangodPod(kubecli kubernetes.Interface, developmentMode bool, deploy
// CreateArangoSyncPod creates a Pod that runs `arangosync`.
// If the pod already exists, nil is returned.
// If another error occurs, that error is returned.
func CreateArangoSyncPod(kubecli kubernetes.Interface, developmentMode bool, deployment APIObject, role, id, podName, image, lifecycleImage string, imagePullPolicy v1.PullPolicy,
func CreateArangoSyncPod(kubecli kubernetes.Interface, developmentMode bool, deployment APIObject, role, id, podName, image, lifecycleImage string,
imagePullPolicy v1.PullPolicy, imagePullSecrets []string,
terminationGracePeriod time.Duration, args []string, env map[string]EnvValue, livenessProbe *HTTPProbeConfig, tolerations []v1.Toleration, serviceAccountName string,
tlsKeyfileSecretName, clientAuthCASecretName, masterJWTSecretName, clusterJWTSecretName, affinityWithRole string, nodeSelector map[string]string,
podPriorityClassName string, resources v1.ResourceRequirements, sidecars []v1.Container) error {
// Prepare basic pod
p := newPod(deployment.GetName(), deployment.GetNamespace(), role, id, podName, nil, tolerations, serviceAccountName, nodeSelector)
p := newPod(deployment.GetName(), deployment.GetNamespace(), role, id, podName, imagePullSecrets, nil, tolerations, serviceAccountName, nodeSelector)
terminationGracePeriodSeconds := int64(math.Ceil(terminationGracePeriod.Seconds()))
p.Spec.TerminationGracePeriodSeconds = &terminationGracePeriodSeconds