5b94294002
The functionality of local docker registry authentication will be enabled in commit https://review.openstack.org/#/c/626355/. However, local docker registry is currently used to pull/push images during application apply without authentication and no credentials passed to the kubernetes when pulling images on other nodes except for active controller. In order to install stx-openstack app with local docker registry that has authentication turned on, this commit updates the following: 1. Pass the user credentials when pulling/pushing images from local registry during application apply. 2. Create a well-known registry secret "default-registry-key" which holds the authorization token during stx-openstack app apply and delete the secret during removal. The helm-toolkit is updated to refer to this secret in k8s openstack service account template for pulling images from local by kubelet. This secret is also added to rbd-provisioner service account as well since it is not using helm-toolkit to create service account. Note: #2 is short-term solution. The long-term solution is to implement the BP https://blueprints.launchpad.net/openstack-helm/+spec/support -docker-registry-with-authentication-turned-on. Story: 2002840 Task: 28945 Depends-On: https://review.openstack.org/636181 Change-Id: I015dccd12c5c7fa7a4bea74eef8d172f03b5d60e Signed-off-by: Angie Wang <angie.wang@windriver.com> |
||
|---|---|---|
| .. | ||
| applications/stx-openstack/stx-openstack-helm | ||
| helm-charts | ||
| README | ||
README
The expected layout for this subdirectory is as follows: kubernetes |-- applications | `-- <application> | `-- <application>-helm RPM | `-- centos | `-- build_srpm.data | `-- <application>-helm.spec | `-- <application>-helm | `-- manifests | `-- main-manifest.yaml | `-- alt-manifest-1.yaml | `-- ... | `-- alt-manifest-N.yaml | `-- custom chart 1 | `-- Chart.yaml | `-- ... | `-- ... | `-- custom chart N | `-- Chart.yaml | `-- ... |-- helm-charts | `-- chart | `-- chart `-- README The idea is that all our custom helm charts that are common across applications would go under "helm-charts". Each chart would get a subdirectory. Custom applications would generally consist of one or more armada manifest referencing multiple helm charts (both ours and upstream ones). The application is packaged as an RPM. These application RPM are used to produce the build artifacts (helm tarballs + armada manifests) but are not installed on the system. These artifacts are extracted later for proper application packaging with additional required metadata (TBD). These applications would each get their own subdirectory under "applications".