feat(helm-toolkit): add support for image pull secrets

At the moment it is very difficult to pull images from a private registry that hasn't been configured on Kubernetes nodes as there is no way to specify imagePullSecrets on pods. This change introduces a snippet that can return a set of image pull secrets using either a default or a per pod value. It also adds this new snippet to the manifests for standard job types. Change-Id: I710e1feffdf837627b80bc14320751f743e048cb
2021-12-20 22:41:36 +01:00
parent 336766d262
commit 9d7baa9aa8
14 changed files with 58 additions and 1 deletions
--- a/helm-toolkit/templates/manifests/_job-bootstrap.tpl
+++ b/helm-toolkit/templates/manifests/_job-bootstrap.tpl
@@ -70,6 +70,7 @@ spec:
    spec:
      serviceAccountName: {{ $serviceAccountName }}
      restartPolicy: OnFailure
+      {{ tuple $envAll "bootstrap" | include "helm-toolkit.snippets.kubernetes_image_pull_secrets" | indent 6 }}
      nodeSelector:
 {{ toYaml $nodeSelector | indent 8 }}
      initContainers:
--- a/helm-toolkit/templates/manifests/_job-db-drop-mysql.tpl
+++ b/helm-toolkit/templates/manifests/_job-db-drop-mysql.tpl
@@ -71,6 +71,7 @@ spec:
    spec:
      serviceAccountName: {{ $serviceAccountName }}
      restartPolicy: OnFailure
+      {{ tuple $envAll "db_drop" | include "helm-toolkit.snippets.kubernetes_image_pull_secrets" | indent 6 }}
      nodeSelector:
 {{ toYaml $nodeSelector | indent 8 }}
      initContainers:
--- a/helm-toolkit/templates/manifests/_job-db-init-mysql.tpl
+++ b/helm-toolkit/templates/manifests/_job-db-init-mysql.tpl
@@ -71,6 +71,7 @@ spec:
    spec:
      serviceAccountName: {{ $serviceAccountName }}
      restartPolicy: OnFailure
+      {{ tuple $envAll "db_init" | include "helm-toolkit.snippets.kubernetes_image_pull_secrets" | indent 6 }}
      nodeSelector:
 {{ toYaml $nodeSelector | indent 8 }}
      initContainers:
--- a/helm-toolkit/templates/manifests/_job-db-sync.tpl
+++ b/helm-toolkit/templates/manifests/_job-db-sync.tpl
@@ -68,6 +68,7 @@ spec:
    spec:
      serviceAccountName: {{ $serviceAccountName }}
      restartPolicy: OnFailure
+      {{ tuple $envAll "db_sync" | include "helm-toolkit.snippets.kubernetes_image_pull_secrets" | indent 6 }}
      nodeSelector:
 {{ toYaml $nodeSelector | indent 8 }}
      initContainers:
--- a/helm-toolkit/templates/manifests/_job-ks-endpoints.tpl
+++ b/helm-toolkit/templates/manifests/_job-ks-endpoints.tpl
@@ -71,6 +71,7 @@ spec:
    spec:
      serviceAccountName: {{ $serviceAccountName }}
      restartPolicy: {{ $restartPolicy }}
+      {{ tuple $envAll "ks_endpoints" | include "helm-toolkit.snippets.kubernetes_image_pull_secrets" | indent 6 }}
      nodeSelector:
 {{ toYaml $nodeSelector | indent 8 }}
      initContainers:
--- a/helm-toolkit/templates/manifests/_job-ks-service.tpl
+++ b/helm-toolkit/templates/manifests/_job-ks-service.tpl
@@ -71,6 +71,7 @@ spec:
    spec:
      serviceAccountName: {{ $serviceAccountName }}
      restartPolicy: {{ $restartPolicy }}
+      {{ tuple $envAll "ks_service" | include "helm-toolkit.snippets.kubernetes_image_pull_secrets" | indent 6 }}
      nodeSelector:
 {{ toYaml $nodeSelector | indent 8 }}
      initContainers:
--- a/helm-toolkit/templates/manifests/_job-ks-user.yaml.tpl
+++ b/helm-toolkit/templates/manifests/_job-ks-user.yaml.tpl
@@ -94,6 +94,7 @@ spec:
      serviceAccountName: {{ $serviceAccountName | quote }}
 {{ dict "envAll" $envAll "application" "ks_user" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
      restartPolicy: {{ $restartPolicy }}
+      {{ tuple $envAll "ks_user" | include "helm-toolkit.snippets.kubernetes_image_pull_secrets" | indent 6 }}
      nodeSelector:
 {{ toYaml $nodeSelector | indent 8 }}
      initContainers:
--- a/helm-toolkit/templates/manifests/_job-rabbit-init.yaml.tpl
+++ b/helm-toolkit/templates/manifests/_job-rabbit-init.yaml.tpl
@@ -61,6 +61,7 @@ spec:
    spec:
      serviceAccountName: {{ $serviceAccountName | quote }}
      restartPolicy: OnFailure
+      {{ tuple $envAll "rabbit_init" | include "helm-toolkit.snippets.kubernetes_image_pull_secrets" | indent 6 }}
      nodeSelector:
 {{ toYaml $nodeSelector | indent 8 }}
      initContainers:
--- a/helm-toolkit/templates/manifests/_job-s3-bucket.yaml.tpl
+++ b/helm-toolkit/templates/manifests/_job-s3-bucket.yaml.tpl
@@ -66,6 +66,7 @@ spec:
    spec:
      serviceAccountName: {{ $serviceAccountName | quote }}
      restartPolicy: OnFailure
+      {{ tuple $envAll "s3_bucket" | include "helm-toolkit.snippets.kubernetes_image_pull_secrets" | indent 6 }}
      nodeSelector:
 {{ toYaml $nodeSelector | indent 8 }}
      initContainers:
--- a/helm-toolkit/templates/manifests/_job-s3-user.yaml.tpl
+++ b/helm-toolkit/templates/manifests/_job-s3-user.yaml.tpl
@@ -64,6 +64,7 @@ spec:
    spec:
      serviceAccountName: {{ $serviceAccountName | quote }}
      restartPolicy: OnFailure
+      {{ tuple $envAll "s3_user" | include "helm-toolkit.snippets.kubernetes_image_pull_secrets" | indent 6 }}
      nodeSelector:
 {{ toYaml $nodeSelector | indent 8 }}
      initContainers:
--- a/helm-toolkit/templates/manifests/_job_image_repo_sync.tpl
+++ b/helm-toolkit/templates/manifests/_job_image_repo_sync.tpl
@@ -63,6 +63,7 @@ spec:
    spec:
      serviceAccountName: {{ $serviceAccountName }}
      restartPolicy: OnFailure
+      {{ tuple $envAll "image_repo_sync" | include "helm-toolkit.snippets.kubernetes_image_pull_secrets" | indent 6 }}
      nodeSelector:
 {{ toYaml $nodeSelector | indent 8 }}
      initContainers: