5b94294002
The functionality of local docker registry authentication will be enabled in commit https://review.openstack.org/#/c/626355/. However, local docker registry is currently used to pull/push images during application apply without authentication and no credentials passed to the kubernetes when pulling images on other nodes except for active controller. In order to install stx-openstack app with local docker registry that has authentication turned on, this commit updates the following: 1. Pass the user credentials when pulling/pushing images from local registry during application apply. 2. Create a well-known registry secret "default-registry-key" which holds the authorization token during stx-openstack app apply and delete the secret during removal. The helm-toolkit is updated to refer to this secret in k8s openstack service account template for pulling images from local by kubelet. This secret is also added to rbd-provisioner service account as well since it is not using helm-toolkit to create service account. Note: #2 is short-term solution. The long-term solution is to implement the BP https://blueprints.launchpad.net/openstack-helm/+spec/support -docker-registry-with-authentication-turned-on. Story: 2002840 Task: 28945 Depends-On: https://review.openstack.org/636181 Change-Id: I015dccd12c5c7fa7a4bea74eef8d172f03b5d60e Signed-off-by: Angie Wang <angie.wang@windriver.com> |
||
---|---|---|
.. | ||
garbd | ||
rbd-provisioner |