From 2d4a0d795ef95af5144a4fe50608cc6c9a9ae0a5 Mon Sep 17 00:00:00 2001 From: Robert Waffen Date: Tue, 4 Jul 2023 16:20:58 +0200 Subject: [PATCH 1/2] add possibillity to use imagePullSecrets --- REFERENCE.md | 36 ++++++++++++++++++++++++ manifests/server/resources.pp | 3 ++ manifests/server/resources/coredns.pp | 4 +++ manifests/server/resources/flannel.pp | 4 +++ manifests/server/resources/kube_proxy.pp | 4 +++ 5 files changed, 51 insertions(+) diff --git a/REFERENCE.md b/REFERENCE.md index e3243b0..8fcca5e 100644 --- a/REFERENCE.md +++ b/REFERENCE.md @@ -2348,6 +2348,7 @@ Generates and deploys standard Kubernetes in-cluster services The following parameters are available in the `k8s::server::resources` class: +* [`image_pull_secrets`](#-k8s--server--resources--image_pull_secrets) * [`kubeconfig`](#-k8s--server--resources--kubeconfig) * [`cluster_cidr`](#-k8s--server--resources--cluster_cidr) * [`dns_service_address`](#-k8s--server--resources--dns_service_address) @@ -2371,6 +2372,14 @@ The following parameters are available in the `k8s::server::resources` class: * [`flannel_tag`](#-k8s--server--resources--flannel_tag) * [`flannel_daemonset_config`](#-k8s--server--resources--flannel_daemonset_config) +##### `image_pull_secrets` + +Data type: `Optional[Array]` + +the secrets to pull from private registries + +Default value: `undef` + ##### `kubeconfig` Data type: `Stdlib::Unixpath` @@ -2606,6 +2615,7 @@ The following parameters are available in the `k8s::server::resources::coredns` * [`image_tag`](#-k8s--server--resources--coredns--image_tag) * [`deployment_config`](#-k8s--server--resources--coredns--deployment_config) * [`hosts`](#-k8s--server--resources--coredns--hosts) +* [`image_pull_secrets`](#-k8s--server--resources--coredns--image_pull_secrets) * [`ensure`](#-k8s--server--resources--coredns--ensure) * [`kubeconfig`](#-k8s--server--resources--coredns--kubeconfig) * [`cluster_domain`](#-k8s--server--resources--coredns--cluster_domain) @@ -2650,6 +2660,14 @@ Additional host-style entries for the CoreDNS deployment to serve Default value: `[]` +##### `image_pull_secrets` + +Data type: `Optional[Array]` + +the secrets to pull from private registries + +Default value: `$k8s::server::resources::image_pull_secrets` + ##### `ensure` Data type: `K8s::Ensure` @@ -2689,6 +2707,7 @@ The following parameters are available in the `k8s::server::resources::flannel` * [`image_tag`](#-k8s--server--resources--flannel--image_tag) * [`daemonset_config`](#-k8s--server--resources--flannel--daemonset_config) * [`net_config`](#-k8s--server--resources--flannel--net_config) +* [`image_pull_secrets`](#-k8s--server--resources--flannel--image_pull_secrets) * [`ensure`](#-k8s--server--resources--flannel--ensure) * [`kubeconfig`](#-k8s--server--resources--flannel--kubeconfig) @@ -2748,6 +2767,14 @@ Additional configuration to merge into net-conf.json for Flannel Default value: `{}` +##### `image_pull_secrets` + +Data type: `Optional[Array]` + +the secrets to pull from private registries + +Default value: `$k8s::server::resources::image_pull_secrets` + ##### `ensure` Data type: `K8s::Ensure` @@ -2778,6 +2805,7 @@ The following parameters are available in the `k8s::server::resources::kube_prox * [`daemonset_config`](#-k8s--server--resources--kube_proxy--daemonset_config) * [`extra_args`](#-k8s--server--resources--kube_proxy--extra_args) * [`extra_config`](#-k8s--server--resources--kube_proxy--extra_config) +* [`image_pull_secrets`](#-k8s--server--resources--kube_proxy--image_pull_secrets) * [`ensure`](#-k8s--server--resources--kube_proxy--ensure) * [`kubeconfig`](#-k8s--server--resources--kube_proxy--kubeconfig) @@ -2829,6 +2857,14 @@ Additional configuration data to apply to the kube-proxy configuration file Default value: `{}` +##### `image_pull_secrets` + +Data type: `Optional[Array]` + +the secrets to pull from private registries + +Default value: `$k8s::server::resources::image_pull_secrets` + ##### `ensure` Data type: `K8s::Ensure` diff --git a/manifests/server/resources.pp b/manifests/server/resources.pp index 60baaed..41f5b93 100644 --- a/manifests/server/resources.pp +++ b/manifests/server/resources.pp @@ -1,4 +1,6 @@ # @summary Generates and deploys standard Kubernetes in-cluster services +# @param image_pull_secrets the secrets to pull from private registries +# class k8s::server::resources ( Stdlib::Unixpath $kubeconfig = '/root/.kube/config', @@ -25,6 +27,7 @@ String[1] $flannel_image = 'rancher/mirrored-flannelcni-flannel', String[1] $flannel_tag = 'v0.16.1', Hash[String,Data] $flannel_daemonset_config = {}, + Optional[Array] $image_pull_secrets = undef, ) { assert_private() diff --git a/manifests/server/resources/coredns.pp b/manifests/server/resources/coredns.pp index 4470c23..40d32f3 100644 --- a/manifests/server/resources/coredns.pp +++ b/manifests/server/resources/coredns.pp @@ -5,6 +5,8 @@ # @param image_tag The CoreDNS image tag to use # @param deployment_config Additional configuration to merge into the Kubernetes Deployment object # @param hosts Additional host-style entries for the CoreDNS deployment to serve +# @param image_pull_secrets the secrets to pull from private registries +# class k8s::server::resources::coredns ( K8s::Ensure $ensure = $k8s::ensure, Stdlib::Unixpath $kubeconfig = $k8s::server::resources::kubeconfig, @@ -12,6 +14,7 @@ String[1] $cluster_domain = $k8s::server::resources::cluster_domain, String[1] $image = $k8s::server::resources::coredns_image, String[1] $image_tag = $k8s::server::resources::coredns_tag, + Optional[Array] $image_pull_secrets = $k8s::server::resources::image_pull_secrets, Hash[String,Data] $deployment_config = $k8s::server::resources::coredns_deployment_config, Array[String[1]] $hosts = [], ) { @@ -274,6 +277,7 @@ }, }, ], + imagePullSecrets => $image_pull_secrets, dnsPolicy => 'Default', volumes => [ { diff --git a/manifests/server/resources/flannel.pp b/manifests/server/resources/flannel.pp index 15e5c76..894ec76 100644 --- a/manifests/server/resources/flannel.pp +++ b/manifests/server/resources/flannel.pp @@ -7,6 +7,8 @@ # @param image_tag The Flannel image tag to use # @param daemonset_config Additional configuration to merge into the DaemonSet object # @param net_config Additional configuration to merge into net-conf.json for Flannel +# @param image_pull_secrets the secrets to pull from private registries +# class k8s::server::resources::flannel ( K8s::Ensure $ensure = $k8s::ensure, Stdlib::Unixpath $kubeconfig = $k8s::server::resources::kubeconfig, @@ -16,6 +18,7 @@ String[1] $image = $k8s::server::resources::flannel_image, String[1] $image_tag = $k8s::server::resources::flannel_tag, Hash[String,Data] $daemonset_config = $k8s::server::resources::flannel_daemonset_config, + Optional[Array] $image_pull_secrets = $k8s::server::resources::image_pull_secrets, Hash[String,Data] $net_config = {}, ) { assert_private() @@ -243,6 +246,7 @@ ], }, ], + imagePullSecrets => $image_pull_secrets, initContainers => [ { name => 'install-cni-plugin', diff --git a/manifests/server/resources/kube_proxy.pp b/manifests/server/resources/kube_proxy.pp index 87a1a5c..b6de70e 100644 --- a/manifests/server/resources/kube_proxy.pp +++ b/manifests/server/resources/kube_proxy.pp @@ -6,12 +6,15 @@ # @param daemonset_config Additional configuration to merge into the DaemonSet object # @param extra_args Additional arguments to specify to the kube-proxy application # @param extra_config Additional configuration data to apply to the kube-proxy configuration file +# @param image_pull_secrets the secrets to pull from private registries +# class k8s::server::resources::kube_proxy ( K8s::Ensure $ensure = $k8s::ensure, Stdlib::Unixpath $kubeconfig = $k8s::server::resources::kubeconfig, K8s::CIDR $cluster_cidr = $k8s::server::resources::cluster_cidr, String[1] $image = $k8s::server::resources::kube_proxy_image, String[1] $image_tag = $k8s::server::resources::kube_proxy_tag, + Optional[Array] $image_pull_secrets = $k8s::server::resources::image_pull_secrets, Hash[String,Data] $daemonset_config = {}, Hash[String,Data] $extra_args = {}, Hash[String,Data] $extra_config = {}, @@ -239,6 +242,7 @@ ], } ], + imagePullSecrets => $image_pull_secrets, hostNetwork => true, priorityClassName => 'system-node-critical', serviceAccountName => 'kube-proxy', From 69b3e469d6ec7bda788d8b5f27f819abb052a5a2 Mon Sep 17 00:00:00 2001 From: Robert Waffen Date: Wed, 5 Jul 2023 10:00:20 +0200 Subject: [PATCH 2/2] fix specs --- spec/fixtures/files/resources/kube-proxy-older.yaml | 1 + spec/fixtures/files/resources/kube-proxy.yaml | 1 + 2 files changed, 2 insertions(+) diff --git a/spec/fixtures/files/resources/kube-proxy-older.yaml b/spec/fixtures/files/resources/kube-proxy-older.yaml index db4ca4f..87dc153 100644 --- a/spec/fixtures/files/resources/kube-proxy-older.yaml +++ b/spec/fixtures/files/resources/kube-proxy-older.yaml @@ -52,6 +52,7 @@ spec: readOnly: true - mountPath: "/run/xtables.lock" name: iptables-lock + imagePullSecrets: null hostNetwork: true priorityClassName: system-node-critical serviceAccountName: kube-proxy diff --git a/spec/fixtures/files/resources/kube-proxy.yaml b/spec/fixtures/files/resources/kube-proxy.yaml index 6e4352e..aaa15a0 100644 --- a/spec/fixtures/files/resources/kube-proxy.yaml +++ b/spec/fixtures/files/resources/kube-proxy.yaml @@ -54,6 +54,7 @@ spec: readOnly: true - mountPath: "/run/xtables.lock" name: iptables-lock + imagePullSecrets: null hostNetwork: true priorityClassName: system-node-critical serviceAccountName: kube-proxy