Skip to content

Commit

Permalink
ROX-27209: Change image pull secret for operator deployments
Browse files Browse the repository at this point in the history
  • Loading branch information
kovayur committed Dec 3, 2024
1 parent a886194 commit c5834d2
Show file tree
Hide file tree
Showing 9 changed files with 8 additions and 33 deletions.
2 changes: 0 additions & 2 deletions dev/env/manifests/fleetshard-operator/07-serviceaccount.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -3,5 +3,3 @@ kind: ServiceAccount
metadata:
name: acs-fleetshard-operator
namespace: "$ACSCS_NAMESPACE"
imagePullSecrets:
- name: acs-fleetshard-operator
3 changes: 1 addition & 2 deletions dev/env/manifests/fleetshard-operator/51-fleetshard-cr.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -29,8 +29,7 @@ spec:
secretEncryption:
type: "local"
tenantImagePullSecret:
name: "fleetshard-sync"
key: "tenant-image-pull-secret"
create: false # created by create-imagepullsecrets script
nodeSelector: null
tolerations: null
addonAutoUpgradeEnabled: false
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -8,8 +8,6 @@ stringData:
aws-access-key-id: "${AWS_ACCESS_KEY_ID}"
aws-secret-access-key: "${AWS_SECRET_ACCESS_KEY}"
telemetry-storage-key: "${TELEMETRY_STORAGE_KEY}"
tenant-image-pull-secret: |
${TENANT_IMAGE_PULL_SECRET}
---
apiVersion: v1
kind: Secret
Expand Down
1 change: 0 additions & 1 deletion dev/env/scripts/bootstrap.sh
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,6 @@ wait_for_default_service_account "$ACSCS_NAMESPACE"
if [[ "$INHERIT_IMAGEPULLSECRETS" == "true" ]]; then
create-imagepullsecrets
inject_ips "$ACSCS_NAMESPACE" "default" "quay-ips"
inject_ips "$STACKROX_OPERATOR_NAMESPACE" "default" "quay-ips"
else
log "Skipping creation of ImagePullSecrets because INHERIT_IMAGEPULLSECRETS is not true"
fi
Expand Down
18 changes: 2 additions & 16 deletions dev/env/scripts/create-imagepullsecrets
Original file line number Diff line number Diff line change
Expand Up @@ -69,15 +69,15 @@ function print_auth() {

registry_auth="$(print_auth "$(mkauth "${username}" "${password}")")"

log "Creating quay-ips image pull secret in namespace ${STACKROX_OPERATOR_NAMESPACE}"
log "Creating rhacs-registry image pull secret in namespace ${STACKROX_OPERATOR_NAMESPACE}"
resOperatorImage=$(
cat <<EOF
apiVersion: v1
data:
.dockerconfigjson: ${registry_auth}
kind: Secret
metadata:
name: quay-ips
name: rhacs-registry
namespace: ${STACKROX_OPERATOR_NAMESPACE}
type: kubernetes.io/dockerconfigjson
EOF
Expand All @@ -98,17 +98,3 @@ type: kubernetes.io/dockerconfigjson
EOF
)
echo "$res" | $KUBECTL -n "$ACSCS_NAMESPACE" apply -f -
log "Creating acs-fleetshard-operator pull secret in namespace ${ACSCS_NAMESPACE}"
res=$(
cat <<EOF
apiVersion: v1
data:
.dockerconfigjson: ${registry_auth}
kind: Secret
metadata:
name: acs-fleetshard-operator
namespace: $ACSCS_NAMESPACE
type: kubernetes.io/dockerconfigjson
EOF
)
echo "$res" | $KUBECTL -n "$ACSCS_NAMESPACE" apply -f -
6 changes: 0 additions & 6 deletions dev/env/scripts/up.sh
Original file line number Diff line number Diff line change
Expand Up @@ -67,12 +67,6 @@ if [[ "$SPAWN_LOGGER" == "true" && -n "${LOG_DIR:-}" ]]; then
fi

log "Deploying fleetshard-sync"
TENANT_IMAGE_PULL_SECRET=""
if [[ "$INHERIT_IMAGEPULLSECRETS" == "true" ]]; then # pragma: allowlist secret
TENANT_IMAGE_PULL_SECRET=$($KUBECTL -n "$ACSCS_NAMESPACE" get secret quay-ips -o jsonpath="{.data['\.dockerconfigjson']}" | base64 -d)
fi
export TENANT_IMAGE_PULL_SECRET

exec_fleetshard_sync.sh apply "${MANIFESTS_DIR}/fleetshard-sync"
apply "${MANIFESTS_DIR}/fleetshard-operator"

Expand Down
4 changes: 2 additions & 2 deletions dp-terraform/helm/rhacs-terraform/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -62,9 +62,9 @@ fleetshardSync:
addonAutoUpgradeEnabled: true
addonName: acs-fleetshard
tenantImagePullSecret:
name: ""
name: rhacs-registry
key: .dockerconfigjson
create: false
create: true
printCentralUpdateDiff: false
argoCdNamespace: openshift-gitops

Expand Down
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
apiVersion: v1
kind: ServiceAccount
imagePullSecrets:
- name: acs-fleetshard-operator
- name: rhacs-registry
metadata:
name: rhacs-operator-controller-manager
namespace: {{ .Release.Namespace }}
3 changes: 2 additions & 1 deletion fleetshard/pkg/central/operator/upgrade.go
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,8 @@ package operator
import (
"context"
"fmt"
"strings"

"github.com/golang/glog"
"github.com/stackrox/acs-fleet-manager/fleetshard/pkg/central/charts"
"helm.sh/helm/v3/pkg/chartutil"
Expand All @@ -12,7 +14,6 @@ import (
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
ctrlClient "sigs.k8s.io/controller-runtime/pkg/client"
"strings"
)

const (
Expand Down

0 comments on commit c5834d2

Please sign in to comment.