This commit supports to pull images from alternative authenticated
registries that configured at Ansible bootstrap to bring up k8s pods
at puppet time.
At bootstrap time, barbican secrets are created to store credentials
for accessing registry and alternative registries info are stored in
service parameter. At puppet time, the barbican sercret is retrieved
to get the credentials in order to pre-pull k8s images that required
by kubeadm to bring up static pods(ie..kube-controller-manager,
kube-apiserver, kube-scheduler..).
The images for dynamic pods(kube-multus, kube-sriov-cni, calico..) and
tiller are not needed to pre-pull, imagePullSecrets is added in their
pod spec to pass credentials to kubelet. This is done in Ansible
bootstrap https://review.opendev.org/#/c/679136/
This commit also updates to pull Armada image before creating Armada
container if Armada image is not available in docker cache.
Tests(AIO-SX, AIO-DX, Standard):
- All types of system are installed successfully
- Verified all k8s/gcr/docker images are downloaded from
authenticated registry on controller-1 and worker nodes
- Verified images from authenticated registries are used
by k8s static/dynamic pods on controller-1 and worker nodes
- Swact to controller-1, lock/unlock controller-0. Verified
that tiller image is downloaded from authenticated registry
and tiller pod is created on controller-1
- Swact to controller-1, apply application. Verified that
Armada image is downloaded from authenticated registry and
Armada container is created.
Change-Id: Iaabef0f5d8a6a4640dcfde93a8c0449948f4a59f
Depends-On: https://review.opendev.org/679335
Story: 2006274
Task: 36379
Signed-off-by: Angie Wang <angie.wang@windriver.com>
70917e77cf