Add support for imagePullSecrets

Since we support custom image prefixes, we should also support
imagePullSecrets since they are likely to be in a private registry.

This also updates some nearby documentation which was out of date.

Change-Id: Id43382284a9adde877e2383644a31bda24030b2b
This commit is contained in:
James E. Blair 2021-10-01 15:26:35 -07:00
parent d65ebc6bff
commit fe827fbeb0
6 changed files with 36 additions and 4 deletions

@ -232,6 +232,13 @@ verbatim):
apiVersion: zuul-ci.org/v1alpha2
kind: Zuul
spec:
imagePrefix: docker.io/zuul
imagePullSecrets:
- name: my-docker-secret
zuulImageVersion: latest
zuulPreviewImageVersion: latest
zuulRegistryImageVersion: latest
nodepoolImageVersion: latest
database:
secretName: mariadbSecret
zookeeper:
@ -288,6 +295,17 @@ verbatim):
(``zuul-executor``, etc). However, changing the prefix will
allow you to use custom images or private registries.
.. attr:: imagePullSecrets
:type: list
:default: []
If supplied, this value is passed through to Kubernetes. It
should be a list of secrets.
.. attr:: name
The name of the image pull secret.
.. attr:: zuulImageVersion
:default: latest
@ -298,6 +316,11 @@ verbatim):
The image tag to append to the Zuul Preview images.
.. attr:: zuulRegistryImageVersion
:default: latest
The image tag to append to the Zuul Registry images.
.. attr:: nodepoolImageVersion
:default: latest

@ -146,11 +146,11 @@ def update_fn(name, namespace, logger, old, new, memo, **kwargs):
if new.get('connections') != old.get('connections'):
logger.info("Connections changed")
conf_changed = True
if new.get('imagePrefix') != old.get('imagePrefix'):
logger.info("Image prefix changed")
spec_changed = True
for key in ['executor', 'merger', 'scheduler', 'registry',
'launcher', 'connections', 'externalConfig']:
'launcher', 'connections', 'externalConfig',
'imagePrefix', 'imagePullSecrets', 'zuulImageVersion',
'zuulPreviewImageVersion', 'zuulRegistryImageVersion',
'nodepoolImageVersion']:
if new.get(key) != old.get(key):
logger.info(f"{key} changed")
spec_changed = True

@ -27,6 +27,7 @@ spec:
app.kubernetes.io/component: nodepool-launcher
operator.zuul-ci.org/nodepool-provider: {{ provider_name }}
spec:
imagePullSecrets: {{ spec.imagePullSecrets }}
containers:
- name: launcher
image: {{ spec.imagePrefix }}/nodepool-launcher:{{ spec.nodepoolImageVersion }}

@ -71,6 +71,7 @@ spec:
app.kubernetes.io/part-of: zuul
app.kubernetes.io/component: zuul-registry
spec:
imagePullSecrets: {{ spec.imagePullSecrets }}
containers:
- name: registry
image: {{ spec.imagePrefix }}/zuul-registry:{{ spec.zuulImageVersion }}

@ -140,6 +140,7 @@ spec:
annotations:
zuulConfSha: "{{ zuul_conf_sha }}"
spec:
imagePullSecrets: {{ spec.imagePullSecrets }}
containers:
- name: scheduler
image: {{ spec.imagePrefix }}/zuul-scheduler:{{ spec.zuulImageVersion }}
@ -221,6 +222,7 @@ spec:
annotations:
zuulConfSha: "{{ zuul_conf_sha }}"
spec:
imagePullSecrets: {{ spec.imagePullSecrets }}
containers:
- name: web
image: {{ spec.imagePrefix }}/zuul-web:{{ spec.zuulImageVersion }}
@ -269,6 +271,7 @@ spec:
annotations:
zuulConfSha: "{{ zuul_conf_sha }}"
spec:
imagePullSecrets: {{ spec.imagePullSecrets }}
containers:
- name: fingergw
image: {{ spec.imagePrefix }}/zuul-fingergw:{{ spec.zuulImageVersion }}
@ -318,6 +321,7 @@ spec:
annotations:
zuulConfSha: "{{ zuul_conf_sha }}"
spec:
imagePullSecrets: {{ spec.imagePullSecrets }}
securityContext:
runAsUser: 10001
runAsGroup: 10001
@ -415,6 +419,7 @@ spec:
annotations:
zuulConfSha: "{{ zuul_conf_sha }}"
spec:
imagePullSecrets: {{ spec.imagePullSecrets }}
securityContext:
runAsUser: 10001
runAsGroup: 10001
@ -502,6 +507,7 @@ spec:
app.kubernetes.io/part-of: zuul
app.kubernetes.io/component: zuul-preview
spec:
imagePullSecrets: {{ spec.imagePullSecrets }}
containers:
- name: preview
image: {{ spec.imagePrefix }}/zuul-preview:{{ spec.zuulPreviewImageVersion }}

@ -83,6 +83,7 @@ class Zuul:
registry_tls.setdefault('secretName', 'zuul-registry-tls')
self.spec.setdefault('imagePrefix', 'docker.io/zuul')
self.spec.setdefault('imagePullSecrets', [])
self.spec.setdefault('zuulImageVersion', 'latest')
self.spec.setdefault('zuulPreviewImageVersion', 'latest')
self.spec.setdefault('zuulRegistryImageVersion', 'latest')