diff --git a/multicluster/charts/linkerd-multicluster-link/README.md b/multicluster/charts/linkerd-multicluster-link/README.md index 897cb481a8630..be06b8cfebbe9 100644 --- a/multicluster/charts/linkerd-multicluster-link/README.md +++ b/multicluster/charts/linkerd-multicluster-link/README.md @@ -33,6 +33,7 @@ Kubernetes: `>=1.21.0-0` | enablePodAntiAffinity | bool | `false` | Enables Pod Anti Affinity logic to balance the placement of replicas across hosts and zones for High Availability. Enable this only when you have multiple replicas of components. | | gateway.enabled | bool | `true` | Controls whether link will create a probe service for the gateway | | gateway.probe.port | int | `4191` | The port used for liveliness probing | +| imagePullSecrets | list | `[]` | For Private docker registries, authentication is needed. Registry secrets are applied to the respective service accounts | | logFormat | string | `"plain"` | Log format (`plain` or `json`) | | logLevel | string | `"info"` | Log level for the Multicluster components | | nodeSelector | object | `{}` | Node selectors for the Service mirror pod | diff --git a/multicluster/charts/linkerd-multicluster-link/templates/service-mirror.yaml b/multicluster/charts/linkerd-multicluster-link/templates/service-mirror.yaml index c0204626292a1..76b6241758c80 100644 --- a/multicluster/charts/linkerd-multicluster-link/templates/service-mirror.yaml +++ b/multicluster/charts/linkerd-multicluster-link/templates/service-mirror.yaml @@ -84,6 +84,7 @@ metadata: component: service-mirror mirror.linkerd.io/cluster-name: {{.Values.targetClusterName}} {{- with .Values.commonLabels }}{{ toYaml . | trim | nindent 4 }}{{- end }} +{{- include "partials.image-pull-secrets" .Values.imagePullSecrets }} --- apiVersion: apps/v1 kind: Deployment diff --git a/multicluster/charts/linkerd-multicluster-link/values.yaml b/multicluster/charts/linkerd-multicluster-link/values.yaml index 0ea0a8efa07a5..cfe83043c2c32 100644 --- a/multicluster/charts/linkerd-multicluster-link/values.yaml +++ b/multicluster/charts/linkerd-multicluster-link/values.yaml @@ -3,6 +3,9 @@ controllerImage: cr.l5d.io/linkerd/controller # -- Tag for the Service Mirror container Docker image controllerImageVersion: linkerdVersionValue +# -- For Private docker registries, authentication is needed. +# Registry secrets are applied to the respective service accounts +imagePullSecrets: [] # -- Additional annotations to add to all pods podAnnotations: {} # -- Additional labels to add to all pods diff --git a/multicluster/charts/linkerd-multicluster/README.md b/multicluster/charts/linkerd-multicluster/README.md index 479c1cfe16160..453e77be32209 100644 --- a/multicluster/charts/linkerd-multicluster/README.md +++ b/multicluster/charts/linkerd-multicluster/README.md @@ -92,6 +92,7 @@ Kubernetes: `>=1.21.0-0` | gateway.tolerations | list | `[]` | Tolerations for the gateway pod | | identityTrustDomain | string | `"cluster.local"` | Identity Trust Domain of the certificate authority | | imagePullPolicy | string | `"IfNotPresent"` | Docker imagePullPolicy for all multicluster components | +| imagePullSecrets | list | `[]` | For Private docker registries, authentication is needed. Registry secrets are applied to the respective service accounts | | linkerdNamespace | string | `"linkerd"` | Namespace of linkerd installation | | linkerdVersion | string | `"linkerdVersionValue"` | Control plane version | | namespaceMetadata.image.name | string | `"extension-init"` | Docker image name for the namespace-metadata instance | diff --git a/multicluster/charts/linkerd-multicluster/templates/gateway.yaml b/multicluster/charts/linkerd-multicluster/templates/gateway.yaml index a543c5b57e4e6..039196bdfcdbe 100644 --- a/multicluster/charts/linkerd-multicluster/templates/gateway.yaml +++ b/multicluster/charts/linkerd-multicluster/templates/gateway.yaml @@ -142,4 +142,5 @@ metadata: labels: linkerd.io/extension: multicluster {{- with .Values.commonLabels }}{{ toYaml . | trim | nindent 4 }}{{- end }} +{{- include "partials.image-pull-secrets" .Values.imagePullSecrets }} {{end -}} diff --git a/multicluster/charts/linkerd-multicluster/templates/namespace-metadata-rbac.yaml b/multicluster/charts/linkerd-multicluster/templates/namespace-metadata-rbac.yaml index 00b55ee0b0cca..ff2a9718d2892 100644 --- a/multicluster/charts/linkerd-multicluster/templates/namespace-metadata-rbac.yaml +++ b/multicluster/charts/linkerd-multicluster/templates/namespace-metadata-rbac.yaml @@ -11,6 +11,7 @@ metadata: "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded name: namespace-metadata namespace: {{.Release.Namespace}} +{{- include "partials.image-pull-secrets" .Values.imagePullSecrets }} --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role diff --git a/multicluster/charts/linkerd-multicluster/templates/remote-access-service-mirror-rbac.yaml b/multicluster/charts/linkerd-multicluster/templates/remote-access-service-mirror-rbac.yaml index 4fb6311c500db..3ed9def69a243 100644 --- a/multicluster/charts/linkerd-multicluster/templates/remote-access-service-mirror-rbac.yaml +++ b/multicluster/charts/linkerd-multicluster/templates/remote-access-service-mirror-rbac.yaml @@ -48,6 +48,7 @@ metadata: {{- with $.Values.commonLabels }}{{ toYaml . | trim | nindent 4 }}{{- end }} annotations: {{ include "partials.annotations.created-by" $ }} +{{- include "partials.image-pull-secrets" $.Values.imagePullSecrets }} --- apiVersion: v1 kind: Secret diff --git a/multicluster/charts/linkerd-multicluster/values.yaml b/multicluster/charts/linkerd-multicluster/values.yaml index fcd7ce9dd51be..3de8edc4b1884 100644 --- a/multicluster/charts/linkerd-multicluster/values.yaml +++ b/multicluster/charts/linkerd-multicluster/values.yaml @@ -50,6 +50,10 @@ podLabels: {} commonLabels: {} # -- Docker imagePullPolicy for all multicluster components imagePullPolicy: IfNotPresent +# -- For Private docker registries, authentication is needed. +# Registry secrets are applied to the respective service accounts +imagePullSecrets: [] +# - name: my-private-docker-registry-login-secret # -- The port on which the proxy accepts outbound traffic proxyOutboundPort: 4140 # -- If the remote mirror service account should be installed