Add support for imagePullSecrets

Since we support custom image prefixes, we should also support
imagePullSecrets since they are likely to be in a private registry.

This also updates some nearby documentation which was out of date.

Change-Id: Id43382284a9adde877e2383644a31bda24030b2b
This commit is contained in:
James E. Blair 2021-10-01 15:26:35 -07:00
parent d65ebc6bff
commit fe827fbeb0
6 changed files with 36 additions and 4 deletions

View File

@ -232,6 +232,13 @@ verbatim):
apiVersion: zuul-ci.org/v1alpha2 apiVersion: zuul-ci.org/v1alpha2
kind: Zuul kind: Zuul
spec: spec:
imagePrefix: docker.io/zuul
imagePullSecrets:
- name: my-docker-secret
zuulImageVersion: latest
zuulPreviewImageVersion: latest
zuulRegistryImageVersion: latest
nodepoolImageVersion: latest
database: database:
secretName: mariadbSecret secretName: mariadbSecret
zookeeper: zookeeper:
@ -288,6 +295,17 @@ verbatim):
(``zuul-executor``, etc). However, changing the prefix will (``zuul-executor``, etc). However, changing the prefix will
allow you to use custom images or private registries. allow you to use custom images or private registries.
.. attr:: imagePullSecrets
:type: list
:default: []
If supplied, this value is passed through to Kubernetes. It
should be a list of secrets.
.. attr:: name
The name of the image pull secret.
.. attr:: zuulImageVersion .. attr:: zuulImageVersion
:default: latest :default: latest
@ -298,6 +316,11 @@ verbatim):
The image tag to append to the Zuul Preview images. The image tag to append to the Zuul Preview images.
.. attr:: zuulRegistryImageVersion
:default: latest
The image tag to append to the Zuul Registry images.
.. attr:: nodepoolImageVersion .. attr:: nodepoolImageVersion
:default: latest :default: latest

View File

@ -146,11 +146,11 @@ def update_fn(name, namespace, logger, old, new, memo, **kwargs):
if new.get('connections') != old.get('connections'): if new.get('connections') != old.get('connections'):
logger.info("Connections changed") logger.info("Connections changed")
conf_changed = True conf_changed = True
if new.get('imagePrefix') != old.get('imagePrefix'):
logger.info("Image prefix changed")
spec_changed = True
for key in ['executor', 'merger', 'scheduler', 'registry', for key in ['executor', 'merger', 'scheduler', 'registry',
'launcher', 'connections', 'externalConfig']: 'launcher', 'connections', 'externalConfig',
'imagePrefix', 'imagePullSecrets', 'zuulImageVersion',
'zuulPreviewImageVersion', 'zuulRegistryImageVersion',
'nodepoolImageVersion']:
if new.get(key) != old.get(key): if new.get(key) != old.get(key):
logger.info(f"{key} changed") logger.info(f"{key} changed")
spec_changed = True spec_changed = True

View File

@ -27,6 +27,7 @@ spec:
app.kubernetes.io/component: nodepool-launcher app.kubernetes.io/component: nodepool-launcher
operator.zuul-ci.org/nodepool-provider: {{ provider_name }} operator.zuul-ci.org/nodepool-provider: {{ provider_name }}
spec: spec:
imagePullSecrets: {{ spec.imagePullSecrets }}
containers: containers:
- name: launcher - name: launcher
image: {{ spec.imagePrefix }}/nodepool-launcher:{{ spec.nodepoolImageVersion }} image: {{ spec.imagePrefix }}/nodepool-launcher:{{ spec.nodepoolImageVersion }}

View File

@ -71,6 +71,7 @@ spec:
app.kubernetes.io/part-of: zuul app.kubernetes.io/part-of: zuul
app.kubernetes.io/component: zuul-registry app.kubernetes.io/component: zuul-registry
spec: spec:
imagePullSecrets: {{ spec.imagePullSecrets }}
containers: containers:
- name: registry - name: registry
image: {{ spec.imagePrefix }}/zuul-registry:{{ spec.zuulImageVersion }} image: {{ spec.imagePrefix }}/zuul-registry:{{ spec.zuulImageVersion }}

View File

@ -140,6 +140,7 @@ spec:
annotations: annotations:
zuulConfSha: "{{ zuul_conf_sha }}" zuulConfSha: "{{ zuul_conf_sha }}"
spec: spec:
imagePullSecrets: {{ spec.imagePullSecrets }}
containers: containers:
- name: scheduler - name: scheduler
image: {{ spec.imagePrefix }}/zuul-scheduler:{{ spec.zuulImageVersion }} image: {{ spec.imagePrefix }}/zuul-scheduler:{{ spec.zuulImageVersion }}
@ -221,6 +222,7 @@ spec:
annotations: annotations:
zuulConfSha: "{{ zuul_conf_sha }}" zuulConfSha: "{{ zuul_conf_sha }}"
spec: spec:
imagePullSecrets: {{ spec.imagePullSecrets }}
containers: containers:
- name: web - name: web
image: {{ spec.imagePrefix }}/zuul-web:{{ spec.zuulImageVersion }} image: {{ spec.imagePrefix }}/zuul-web:{{ spec.zuulImageVersion }}
@ -269,6 +271,7 @@ spec:
annotations: annotations:
zuulConfSha: "{{ zuul_conf_sha }}" zuulConfSha: "{{ zuul_conf_sha }}"
spec: spec:
imagePullSecrets: {{ spec.imagePullSecrets }}
containers: containers:
- name: fingergw - name: fingergw
image: {{ spec.imagePrefix }}/zuul-fingergw:{{ spec.zuulImageVersion }} image: {{ spec.imagePrefix }}/zuul-fingergw:{{ spec.zuulImageVersion }}
@ -318,6 +321,7 @@ spec:
annotations: annotations:
zuulConfSha: "{{ zuul_conf_sha }}" zuulConfSha: "{{ zuul_conf_sha }}"
spec: spec:
imagePullSecrets: {{ spec.imagePullSecrets }}
securityContext: securityContext:
runAsUser: 10001 runAsUser: 10001
runAsGroup: 10001 runAsGroup: 10001
@ -415,6 +419,7 @@ spec:
annotations: annotations:
zuulConfSha: "{{ zuul_conf_sha }}" zuulConfSha: "{{ zuul_conf_sha }}"
spec: spec:
imagePullSecrets: {{ spec.imagePullSecrets }}
securityContext: securityContext:
runAsUser: 10001 runAsUser: 10001
runAsGroup: 10001 runAsGroup: 10001
@ -502,6 +507,7 @@ spec:
app.kubernetes.io/part-of: zuul app.kubernetes.io/part-of: zuul
app.kubernetes.io/component: zuul-preview app.kubernetes.io/component: zuul-preview
spec: spec:
imagePullSecrets: {{ spec.imagePullSecrets }}
containers: containers:
- name: preview - name: preview
image: {{ spec.imagePrefix }}/zuul-preview:{{ spec.zuulPreviewImageVersion }} image: {{ spec.imagePrefix }}/zuul-preview:{{ spec.zuulPreviewImageVersion }}

View File

@ -83,6 +83,7 @@ class Zuul:
registry_tls.setdefault('secretName', 'zuul-registry-tls') registry_tls.setdefault('secretName', 'zuul-registry-tls')
self.spec.setdefault('imagePrefix', 'docker.io/zuul') self.spec.setdefault('imagePrefix', 'docker.io/zuul')
self.spec.setdefault('imagePullSecrets', [])
self.spec.setdefault('zuulImageVersion', 'latest') self.spec.setdefault('zuulImageVersion', 'latest')
self.spec.setdefault('zuulPreviewImageVersion', 'latest') self.spec.setdefault('zuulPreviewImageVersion', 'latest')
self.spec.setdefault('zuulRegistryImageVersion', 'latest') self.spec.setdefault('zuulRegistryImageVersion', 'latest')