From e9553be28e909c847242cf56620e7fe4aeea60a4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Louis=20Hau=C3=9Fknecht?= Date: Thu, 24 Aug 2023 14:50:49 +0000 Subject: [PATCH 1/4] Add imagePullSecrets to the multicluster chart. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Fixes #11285 Signed-off-by: Louis Haußknecht --- .../templates/namespace-metadata-rbac.yaml | 1 + .../templates/remote-access-service-mirror-rbac.yaml | 1 + multicluster/charts/linkerd-multicluster/values.yaml | 4 ++++ 3 files changed, 6 insertions(+) diff --git a/multicluster/charts/linkerd-multicluster/templates/namespace-metadata-rbac.yaml b/multicluster/charts/linkerd-multicluster/templates/namespace-metadata-rbac.yaml index 00b55ee0b0cca..ff2a9718d2892 100644 --- a/multicluster/charts/linkerd-multicluster/templates/namespace-metadata-rbac.yaml +++ b/multicluster/charts/linkerd-multicluster/templates/namespace-metadata-rbac.yaml @@ -11,6 +11,7 @@ metadata: "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded name: namespace-metadata namespace: {{.Release.Namespace}} +{{- include "partials.image-pull-secrets" .Values.imagePullSecrets }} --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role diff --git a/multicluster/charts/linkerd-multicluster/templates/remote-access-service-mirror-rbac.yaml b/multicluster/charts/linkerd-multicluster/templates/remote-access-service-mirror-rbac.yaml index 4fb6311c500db..3ed9def69a243 100644 --- a/multicluster/charts/linkerd-multicluster/templates/remote-access-service-mirror-rbac.yaml +++ b/multicluster/charts/linkerd-multicluster/templates/remote-access-service-mirror-rbac.yaml @@ -48,6 +48,7 @@ metadata: {{- with $.Values.commonLabels }}{{ toYaml . | trim | nindent 4 }}{{- end }} annotations: {{ include "partials.annotations.created-by" $ }} +{{- include "partials.image-pull-secrets" $.Values.imagePullSecrets }} --- apiVersion: v1 kind: Secret diff --git a/multicluster/charts/linkerd-multicluster/values.yaml b/multicluster/charts/linkerd-multicluster/values.yaml index fcd7ce9dd51be..3de8edc4b1884 100644 --- a/multicluster/charts/linkerd-multicluster/values.yaml +++ b/multicluster/charts/linkerd-multicluster/values.yaml @@ -50,6 +50,10 @@ podLabels: {} commonLabels: {} # -- Docker imagePullPolicy for all multicluster components imagePullPolicy: IfNotPresent +# -- For Private docker registries, authentication is needed. +# Registry secrets are applied to the respective service accounts +imagePullSecrets: [] +# - name: my-private-docker-registry-login-secret # -- The port on which the proxy accepts outbound traffic proxyOutboundPort: 4140 # -- If the remote mirror service account should be installed From 850f5775360a6b822b0d864105b08b795623c65a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Louis=20Hau=C3=9Fknecht?= Date: Thu, 7 Sep 2023 09:06:10 +0000 Subject: [PATCH 2/4] Add readme for imagePullSecrets MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Louis Haußknecht --- multicluster/charts/linkerd-multicluster/README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/multicluster/charts/linkerd-multicluster/README.md b/multicluster/charts/linkerd-multicluster/README.md index 479c1cfe16160..453e77be32209 100644 --- a/multicluster/charts/linkerd-multicluster/README.md +++ b/multicluster/charts/linkerd-multicluster/README.md @@ -92,6 +92,7 @@ Kubernetes: `>=1.21.0-0` | gateway.tolerations | list | `[]` | Tolerations for the gateway pod | | identityTrustDomain | string | `"cluster.local"` | Identity Trust Domain of the certificate authority | | imagePullPolicy | string | `"IfNotPresent"` | Docker imagePullPolicy for all multicluster components | +| imagePullSecrets | list | `[]` | For Private docker registries, authentication is needed. Registry secrets are applied to the respective service accounts | | linkerdNamespace | string | `"linkerd"` | Namespace of linkerd installation | | linkerdVersion | string | `"linkerdVersionValue"` | Control plane version | | namespaceMetadata.image.name | string | `"extension-init"` | Docker image name for the namespace-metadata instance | From d704dde217d10fc4c03842f223cb6aea06a23520 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Louis=20Hau=C3=9Fknecht?= Date: Tue, 26 Sep 2023 10:37:14 +0000 Subject: [PATCH 3/4] Add image-pull-secrets to gateway service account MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Louis Haußknecht --- multicluster/charts/linkerd-multicluster/templates/gateway.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/multicluster/charts/linkerd-multicluster/templates/gateway.yaml b/multicluster/charts/linkerd-multicluster/templates/gateway.yaml index a543c5b57e4e6..039196bdfcdbe 100644 --- a/multicluster/charts/linkerd-multicluster/templates/gateway.yaml +++ b/multicluster/charts/linkerd-multicluster/templates/gateway.yaml @@ -142,4 +142,5 @@ metadata: labels: linkerd.io/extension: multicluster {{- with .Values.commonLabels }}{{ toYaml . | trim | nindent 4 }}{{- end }} +{{- include "partials.image-pull-secrets" .Values.imagePullSecrets }} {{end -}} From d70fb1d06a29af9b512b8fbf381c5b89e36c3d7f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Louis=20Hau=C3=9Fknecht?= Date: Fri, 29 Sep 2023 05:51:45 +0000 Subject: [PATCH 4/4] Add image-pull-secrets to linkerd-service-mirror account MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Louis Haußknecht --- multicluster/charts/linkerd-multicluster-link/README.md | 1 + .../linkerd-multicluster-link/templates/service-mirror.yaml | 1 + multicluster/charts/linkerd-multicluster-link/values.yaml | 3 +++ 3 files changed, 5 insertions(+) diff --git a/multicluster/charts/linkerd-multicluster-link/README.md b/multicluster/charts/linkerd-multicluster-link/README.md index 897cb481a8630..be06b8cfebbe9 100644 --- a/multicluster/charts/linkerd-multicluster-link/README.md +++ b/multicluster/charts/linkerd-multicluster-link/README.md @@ -33,6 +33,7 @@ Kubernetes: `>=1.21.0-0` | enablePodAntiAffinity | bool | `false` | Enables Pod Anti Affinity logic to balance the placement of replicas across hosts and zones for High Availability. Enable this only when you have multiple replicas of components. | | gateway.enabled | bool | `true` | Controls whether link will create a probe service for the gateway | | gateway.probe.port | int | `4191` | The port used for liveliness probing | +| imagePullSecrets | list | `[]` | For Private docker registries, authentication is needed. Registry secrets are applied to the respective service accounts | | logFormat | string | `"plain"` | Log format (`plain` or `json`) | | logLevel | string | `"info"` | Log level for the Multicluster components | | nodeSelector | object | `{}` | Node selectors for the Service mirror pod | diff --git a/multicluster/charts/linkerd-multicluster-link/templates/service-mirror.yaml b/multicluster/charts/linkerd-multicluster-link/templates/service-mirror.yaml index c0204626292a1..76b6241758c80 100644 --- a/multicluster/charts/linkerd-multicluster-link/templates/service-mirror.yaml +++ b/multicluster/charts/linkerd-multicluster-link/templates/service-mirror.yaml @@ -84,6 +84,7 @@ metadata: component: service-mirror mirror.linkerd.io/cluster-name: {{.Values.targetClusterName}} {{- with .Values.commonLabels }}{{ toYaml . | trim | nindent 4 }}{{- end }} +{{- include "partials.image-pull-secrets" .Values.imagePullSecrets }} --- apiVersion: apps/v1 kind: Deployment diff --git a/multicluster/charts/linkerd-multicluster-link/values.yaml b/multicluster/charts/linkerd-multicluster-link/values.yaml index 0ea0a8efa07a5..cfe83043c2c32 100644 --- a/multicluster/charts/linkerd-multicluster-link/values.yaml +++ b/multicluster/charts/linkerd-multicluster-link/values.yaml @@ -3,6 +3,9 @@ controllerImage: cr.l5d.io/linkerd/controller # -- Tag for the Service Mirror container Docker image controllerImageVersion: linkerdVersionValue +# -- For Private docker registries, authentication is needed. +# Registry secrets are applied to the respective service accounts +imagePullSecrets: [] # -- Additional annotations to add to all pods podAnnotations: {} # -- Additional labels to add to all pods