Add imagePullSecrets in service account template

The functionality of local docker registry authentication will be
enabled in commit https://review.openstack.org/#/c/626355/. However,
the OSH doesn't support a way to pass credentials to kubernetes to
pull images from a registry with authentication turned on.

This commit adds a "imagePullSecrets" field in service account template
resource and references the well-known secret "default-registry-key"
which created in sysinv during application apply. With this change,
kubernetes will pull images from local registry using this secret.

Note:
- This is short-term solution. The long-term solution is to implement
  the BP https://blueprints.launchpad.net/openstack-helm/+spec/support
  -docker-registry-with-authentication-turned-on which creates the
  secret in chart and pass the secret in service account conditionally.
- It works with an unauthed registry and non-existent or existent
  secret "default-registry-key" as well.

Change-Id: Icdff8b385cee7f8b0311086ae892b3b1edacea37
Story: 2002840
Task: 28945
Signed-off-by: Angie Wang <angie.wang@windriver.com>
This commit is contained in:
Angie Wang 2019-02-11 11:34:48 -05:00
parent 65e0ccf50a
commit 4a3b8ff654
3 changed files with 28 additions and 1 deletions

View File

@ -5,4 +5,4 @@ TAR="$TAR_NAME-$SHA.tar.gz"
COPY_LIST="${CGCS_BASE}/downloads/$TAR $PKG_BASE/files/*"
TIS_PATCH_VER=6
TIS_PATCH_VER=7

View File

@ -20,6 +20,7 @@ Patch02: Mariadb-Support-adoption-of-running-single-node-mari.patch
Patch03: Mariadb-Share-container-PID-namespaces-under-docker.patch
Patch04: 0004-Allow-multiple-containers-per-daemonset-pod.patch
Patch05: fix-type-error-to-streamline-single-replica-mariadb-.patch
Patch06: Add-imagePullSecrets-in-service-account.patch
BuildRequires: helm
@ -33,6 +34,7 @@ Openstack Helm Infra charts
%patch03 -p1
%patch04 -p1
%patch05 -p1
%patch06 -p1
%build
# initialize helm and build the toolkit

View File

@ -0,0 +1,25 @@
From c432facb61964b1f5f3a0522083ef9e830697f4c Mon Sep 17 00:00:00 2001
From: Angie Wang <angie.wang@windriver.com>
Date: Mon, 11 Feb 2019 11:29:03 -0500
Subject: [PATCH] Add imagePullSecrets in service account
---
helm-toolkit/templates/snippets/_kubernetes_pod_rbac_serviceaccount.tpl | 2 ++
1 file changed, 2 insertions(+)
diff --git a/helm-toolkit/templates/snippets/_kubernetes_pod_rbac_serviceaccount.tpl b/helm-toolkit/templates/snippets/_kubernetes_pod_rbac_serviceaccount.tpl
index b4cf1a6..2f4113b 100644
--- a/helm-toolkit/templates/snippets/_kubernetes_pod_rbac_serviceaccount.tpl
+++ b/helm-toolkit/templates/snippets/_kubernetes_pod_rbac_serviceaccount.tpl
@@ -44,6 +44,8 @@ kind: ServiceAccount
metadata:
name: {{ $saName }}
namespace: {{ $saNamespace }}
+imagePullSecrets:
+ - name: default-registry-key
{{- range $k, $v := $deps -}}
{{- if eq $k "services" }}
{{- range $serv := $v }}
--
1.8.3.1