Skip to content

Commit

Permalink
add support for imagePullSecrets
Browse files Browse the repository at this point in the history
pulling images from private registries can be achieved via defining
imagePullSecrets directly in Pods or implicitly using a serviceAccount
with predefined imagePullSecrets.

More info:
https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod
https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#add-imagepullsecrets-to-a-service-account

fixes #10

Signed-off-by: Nick Revin <[email protected]>
  • Loading branch information
nrvnrvn committed Aug 30, 2019
1 parent 182a237 commit 3724fb7
Show file tree
Hide file tree
Showing 8 changed files with 65 additions and 17 deletions.
6 changes: 3 additions & 3 deletions .drone.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -4,15 +4,15 @@ name: redis-operator
steps:

- name: test
image: l.gcr.io/google/bazel:0.28.1
image: l.gcr.io/google/bazel:0.29.0
commands:
- ./hack/build/test.sh
volumes:
- name: cache
path: /root/.cache

- name: build and push docker image
image: l.gcr.io/google/bazel:0.28.1
image: l.gcr.io/google/bazel:0.29.0
environment:
DOCKER_AUTH:
from_secret: docker-config-json
Expand All @@ -32,6 +32,6 @@ volumes:

---
kind: signature
hmac: a187e70cb43642463df713cfaae94b11d080d65721d4c1a19768dacc8d8c900f
hmac: 5185b235f68240a5ba70c95fea94c3d76fc07d7ce0ed95bed1ccd01e954c42fd

...
6 changes: 3 additions & 3 deletions WORKSPACE
Original file line number Diff line number Diff line change
Expand Up @@ -19,10 +19,10 @@ go_register_toolchains()
# fetch and load gazelle
http_archive(
name = "bazel_gazelle",
sha256 = "be9296bfd64882e3c08e3283c58fcb461fa6dd3c171764fcc4cf322f60615a9b",
sha256 = "7fc87f4170011201b1690326e8c16c5d802836e3a0d617d8f75c3af2b23180c4",
urls = [
"https://storage.googleapis.com/bazel-mirror/github.com/bazelbuild/bazel-gazelle/releases/download/0.18.1/bazel-gazelle-0.18.1.tar.gz",
"https://github.com/bazelbuild/bazel-gazelle/releases/download/0.18.1/bazel-gazelle-0.18.1.tar.gz",
"https://storage.googleapis.com/bazel-mirror/github.com/bazelbuild/bazel-gazelle/releases/download/0.18.2/bazel-gazelle-0.18.2.tar.gz",
"https://github.com/bazelbuild/bazel-gazelle/releases/download/0.18.2/bazel-gazelle-0.18.2.tar.gz",
],
)

Expand Down
9 changes: 9 additions & 0 deletions deploy/crds/k8s_v1alpha1_redis_crd.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -81,6 +81,11 @@ spec:
required:
- image
type: object
imagePullSecrets:
description: 'Pod ImagePullSecrets More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod'
items:
type: object
type: array
password:
properties:
secretKeyRef:
Expand Down Expand Up @@ -117,6 +122,10 @@ spec:
securityContext:
description: Pod securityContext
type: object
serviceAccountName:
description: 'Pod ServiceAccountName is the name of the ServiceAccount
to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/'
type: string
tolerations:
description: Pod tolerations
items:
Expand Down
5 changes: 3 additions & 2 deletions go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -5,15 +5,16 @@ go 1.12
require (
github.com/NYTimes/gziphandler v1.0.1 // indirect
github.com/cenkalti/backoff v2.1.1+incompatible
github.com/go-redis/redis v0.0.0-20190813142431-c5c4ad6a4cae
github.com/go-openapi/spec v0.19.0
github.com/go-redis/redis v0.0.0-20190813142431-c5c4ad6a4cae // v6.15.4
github.com/operator-framework/operator-sdk v0.10.0
github.com/spf13/cast v1.3.0
github.com/spf13/pflag v1.0.3
golang.org/x/crypto v0.0.0-20190404164418-38d8ce5564a5
k8s.io/api v0.0.0-20190612125737-db0771252981
k8s.io/apimachinery v0.0.0-20190612125636-6a5db36e93ad
k8s.io/client-go v11.0.0+incompatible
k8s.io/kube-openapi v0.0.0-20190603182131-db7b694dc208 // indirect
k8s.io/kube-openapi v0.0.0-20190603182131-db7b694dc208
sigs.k8s.io/controller-runtime v0.1.12
sigs.k8s.io/controller-tools v0.1.10
)
Expand Down
6 changes: 6 additions & 0 deletions pkg/apis/k8s/v1alpha1/redis_types.go
Original file line number Diff line number Diff line change
Expand Up @@ -59,6 +59,12 @@ type RedisSpec struct {
Affinity *corev1.Affinity `json:"affinity,omitempty"`
// Pod tolerations
Tolerations []corev1.Toleration `json:"tolerations,omitempty"`
// Pod ServiceAccountName is the name of the ServiceAccount to use to run this pod.
// More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
ServiceAccountName string `json:"serviceAccountName,omitempty"`
// Pod ImagePullSecrets
// More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod
ImagePullSecrets []corev1.LocalObjectReference `json:"imagePullSecrets,omitempty"`
// Pod priorityClassName
PriorityClassName string `json:"priorityClassName,omitempty"`
// DataVolumeClaimTemplate for StatefulSet
Expand Down
5 changes: 5 additions & 0 deletions pkg/apis/k8s/v1alpha1/zz_generated.deepcopy.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

24 changes: 22 additions & 2 deletions pkg/apis/k8s/v1alpha1/zz_generated.openapi.go
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
// +build !
// +build !ignore_autogenerated

// Copyright 2019 The redis-operator Authors
//
Expand Down Expand Up @@ -247,6 +247,26 @@ func schema_pkg_apis_k8s_v1alpha1_RedisSpec(ref common.ReferenceCallback) common
},
},
},
"serviceAccountName": {
SchemaProps: spec.SchemaProps{
Description: "Pod ServiceAccountName is the name of the ServiceAccount to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/",
Type: []string{"string"},
Format: "",
},
},
"imagePullSecrets": {
SchemaProps: spec.SchemaProps{
Description: "Pod ImagePullSecrets More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod",
Type: []string{"array"},
Items: &spec.SchemaOrArray{
Schema: &spec.Schema{
SchemaProps: spec.SchemaProps{
Ref: ref("k8s.io/api/core/v1.LocalObjectReference"),
},
},
},
},
},
"priorityClassName": {
SchemaProps: spec.SchemaProps{
Description: "Pod priorityClassName",
Expand Down Expand Up @@ -277,7 +297,7 @@ func schema_pkg_apis_k8s_v1alpha1_RedisSpec(ref common.ReferenceCallback) common
},
},
Dependencies: []string{
"./pkg/apis/k8s/v1alpha1.ContainerSpec", "./pkg/apis/k8s/v1alpha1.Password", "k8s.io/api/core/v1.Affinity", "k8s.io/api/core/v1.PersistentVolumeClaim", "k8s.io/api/core/v1.PodSecurityContext", "k8s.io/api/core/v1.Toleration"},
"./pkg/apis/k8s/v1alpha1.ContainerSpec", "./pkg/apis/k8s/v1alpha1.Password", "k8s.io/api/core/v1.Affinity", "k8s.io/api/core/v1.LocalObjectReference", "k8s.io/api/core/v1.PersistentVolumeClaim", "k8s.io/api/core/v1.PodSecurityContext", "k8s.io/api/core/v1.Toleration"},
}
}

Expand Down
21 changes: 14 additions & 7 deletions pkg/controller/redis/object_generator.go
Original file line number Diff line number Diff line change
Expand Up @@ -365,7 +365,12 @@ func generateStatefulSet(r *k8sv1alpha1.Redis, password string) *appsv1.Stateful
}

s := &appsv1.StatefulSet{
ObjectMeta: metav1.ObjectMeta{Name: generateName(r), Namespace: r.GetNamespace(), Labels: r.GetLabels(), Annotations: make(map[string]string)},
ObjectMeta: metav1.ObjectMeta{
Name: generateName(r),
Namespace: r.GetNamespace(),
Labels: r.GetLabels(),
Annotations: make(map[string]string),
},
Spec: appsv1.StatefulSetSpec{
Replicas: r.Spec.Replicas,
Selector: &metav1.LabelSelector{MatchLabels: r.GetLabels()},
Expand All @@ -375,12 +380,14 @@ func generateStatefulSet(r *k8sv1alpha1.Redis, password string) *appsv1.Stateful
Annotations: r.Spec.Annotations,
},
Spec: corev1.PodSpec{
Volumes: volumes,
Containers: containers,
SecurityContext: r.Spec.SecurityContext,
Affinity: r.Spec.Affinity,
Tolerations: r.Spec.Tolerations,
PriorityClassName: r.Spec.PriorityClassName,
Volumes: volumes,
Containers: containers,
ServiceAccountName: r.Spec.ServiceAccountName,
SecurityContext: r.Spec.SecurityContext,
ImagePullSecrets: r.Spec.ImagePullSecrets,
Affinity: r.Spec.Affinity,
Tolerations: r.Spec.Tolerations,
PriorityClassName: r.Spec.PriorityClassName,
},
},
VolumeClaimTemplates: volumeClaimTemplates,
Expand Down

0 comments on commit 3724fb7

Please sign in to comment.