Add imagePullSecrets in service account template
The functionality of local docker registry authentication will be enabled in commit https://review.openstack.org/#/c/626355/. However, the OSH doesn't support a way to pass credentials to kubernetes to pull images from a registry with authentication turned on. This commit adds a "imagePullSecrets" field in service account template resource and references the well-known secret "default-registry-key" which created in sysinv during application apply. With this change, kubernetes will pull images from local registry using this secret. Note: - This is short-term solution. The long-term solution is to implement the BP https://blueprints.launchpad.net/openstack-helm/+spec/support -docker-registry-with-authentication-turned-on which creates the secret in chart and pass the secret in service account conditionally. - It works with an unauthed registry and non-existent or existent secret "default-registry-key" as well. Change-Id: Icdff8b385cee7f8b0311086ae892b3b1edacea37 Story: 2002840 Task: 28945 Signed-off-by: Angie Wang <angie.wang@windriver.com>
This commit is contained in:
parent
65e0ccf50a
commit
4a3b8ff654
@ -5,4 +5,4 @@ TAR="$TAR_NAME-$SHA.tar.gz"
|
|||||||
|
|
||||||
COPY_LIST="${CGCS_BASE}/downloads/$TAR $PKG_BASE/files/*"
|
COPY_LIST="${CGCS_BASE}/downloads/$TAR $PKG_BASE/files/*"
|
||||||
|
|
||||||
TIS_PATCH_VER=6
|
TIS_PATCH_VER=7
|
||||||
|
@ -20,6 +20,7 @@ Patch02: Mariadb-Support-adoption-of-running-single-node-mari.patch
|
|||||||
Patch03: Mariadb-Share-container-PID-namespaces-under-docker.patch
|
Patch03: Mariadb-Share-container-PID-namespaces-under-docker.patch
|
||||||
Patch04: 0004-Allow-multiple-containers-per-daemonset-pod.patch
|
Patch04: 0004-Allow-multiple-containers-per-daemonset-pod.patch
|
||||||
Patch05: fix-type-error-to-streamline-single-replica-mariadb-.patch
|
Patch05: fix-type-error-to-streamline-single-replica-mariadb-.patch
|
||||||
|
Patch06: Add-imagePullSecrets-in-service-account.patch
|
||||||
|
|
||||||
BuildRequires: helm
|
BuildRequires: helm
|
||||||
|
|
||||||
@ -33,6 +34,7 @@ Openstack Helm Infra charts
|
|||||||
%patch03 -p1
|
%patch03 -p1
|
||||||
%patch04 -p1
|
%patch04 -p1
|
||||||
%patch05 -p1
|
%patch05 -p1
|
||||||
|
%patch06 -p1
|
||||||
|
|
||||||
%build
|
%build
|
||||||
# initialize helm and build the toolkit
|
# initialize helm and build the toolkit
|
||||||
|
@ -0,0 +1,25 @@
|
|||||||
|
From c432facb61964b1f5f3a0522083ef9e830697f4c Mon Sep 17 00:00:00 2001
|
||||||
|
From: Angie Wang <angie.wang@windriver.com>
|
||||||
|
Date: Mon, 11 Feb 2019 11:29:03 -0500
|
||||||
|
Subject: [PATCH] Add imagePullSecrets in service account
|
||||||
|
|
||||||
|
---
|
||||||
|
helm-toolkit/templates/snippets/_kubernetes_pod_rbac_serviceaccount.tpl | 2 ++
|
||||||
|
1 file changed, 2 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/helm-toolkit/templates/snippets/_kubernetes_pod_rbac_serviceaccount.tpl b/helm-toolkit/templates/snippets/_kubernetes_pod_rbac_serviceaccount.tpl
|
||||||
|
index b4cf1a6..2f4113b 100644
|
||||||
|
--- a/helm-toolkit/templates/snippets/_kubernetes_pod_rbac_serviceaccount.tpl
|
||||||
|
+++ b/helm-toolkit/templates/snippets/_kubernetes_pod_rbac_serviceaccount.tpl
|
||||||
|
@@ -44,6 +44,8 @@ kind: ServiceAccount
|
||||||
|
metadata:
|
||||||
|
name: {{ $saName }}
|
||||||
|
namespace: {{ $saNamespace }}
|
||||||
|
+imagePullSecrets:
|
||||||
|
+ - name: default-registry-key
|
||||||
|
{{- range $k, $v := $deps -}}
|
||||||
|
{{- if eq $k "services" }}
|
||||||
|
{{- range $serv := $v }}
|
||||||
|
--
|
||||||
|
1.8.3.1
|
||||||
|
|
Loading…
Reference in New Issue
Block a user