Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Need ability to provide imagePullSecrets for jobs generated by Plans for private registries #204

Open
zack-is-cool opened this issue May 5, 2022 · 2 comments
Open

Need ability to provide imagePullSecrets for jobs generated by Plans for private registries #204

zack-is-cool opened this issue May 5, 2022 · 2 comments
Labels
enhancement New feature or request

Comments

@zack-is-cool
Copy link

zack-is-cool commented May 5, 2022
edited
Loading

Is your feature request related to a problem? Please describe.
I am currently trying to deploy this system-upgrade-controller and all related pods in an airgap. We utilize a private registry to pull containers from and I do not have the ability to insert imagePullSecrets into the apply-*-plan-on-* pods that are spun up by jobs - this affects both the rancher/rke2-upgrade and the rancher/kubectl containers

Describe the solution you'd like
I want to be able to add imagePullSecrets on the plan and have that flow through into the jobs' pod spec.

Describe alternatives you've considered
The only alternative right now is to enter credentials in the registries.yaml file when booting rke2. This is problematic as my deployment process usually has the rke2 cluster running before my private registry is available and the registry credentials are randomly generated
@rancher-max rancher-max added the enhancement New feature or request label May 5, 2022
@rancher-max
Copy link

We found that configuring the serviceaccount to use imagepullsecrets also works as an alternative: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#add-imagepullsecrets-to-a-service-account but going to keep this open as the issue itself is still valid as an enhancement.

@zack-is-cool
Copy link
Author

We found that configuring the serviceaccount to use imagepullsecrets also works as an alternative: kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#add-imagepullsecrets-to-a-service-account but going to keep this open as the issue itself is still valid as an enhancement.

incase anyone needs an example of this using fluxcd's kustomize controller:

apiVersion: kustomize.toolkit.fluxcd.io/v1beta1
kind: Kustomization
metadata:
  name: rke2-system-upgrade-controller
  namespace: bigbang
spec:
  interval: 1m
  sourceRef:
    kind: GitRepository
    name: rke2-system-upgrade-controller-repo
  path: .
  prune: true
  images:
  - name: rancher/system-upgrade-controller
    newName: private.registry/rancher/system-upgrade-controller
    newTag: v0.9.1
  patches:
    - patch: |-
        apiVersion: v1
        kind: ConfigMap
        metadata:
          name: default-controller-env
        data:
          SYSTEM_UPGRADE_JOB_KUBECTL_IMAGE: private.registry/rancher/kubectl:v1.22.6
      target:
        kind: ConfigMap
    - patch: |-
        apiVersion: apps/v1
        kind: Deployment
        metadata:
          name: system-upgrade-controller
          namespace: system-upgrade
        spec:
          template:
            spec:
              imagePullSecrets:
                - name: private-registry 
      target:
        kind: Deployment
    - patch: |-
        apiVersion: v1
        kind: ServiceAccount
        metadata:
          name: system-upgrade
          namespace: system-upgrade
        imagePullSecrets:
        - name: private-registry
      target:
        kind: ServiceAccount

@sudheermygapula sudheermygapula mentioned this issue Apr 18, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@zack-is-cool @rancher-max