From 37018a2eefa45edc4be6feee992d0a90c5ebdffd Mon Sep 17 00:00:00 2001 From: Garen Fang Date: Thu, 15 Jun 2023 16:32:06 +0800 Subject: [PATCH] helm: add imagePullSecrets option Currently the Helm chart does not contain a imagePullSecrets option when you are using private container registry, this is very inconvenient. This PR add this option for both CephFS and RBD. Signed-off-by: Garen Fang --- charts/ceph-csi-cephfs/README.md | 2 ++ .../templates/nodeplugin-daemonset.yaml | 4 ++++ .../templates/provisioner-deployment.yaml | 4 ++++ charts/ceph-csi-cephfs/values.yaml | 10 ++++++++++ charts/ceph-csi-rbd/README.md | 2 ++ .../ceph-csi-rbd/templates/nodeplugin-daemonset.yaml | 4 ++++ .../ceph-csi-rbd/templates/provisioner-deployment.yaml | 4 ++++ charts/ceph-csi-rbd/values.yaml | 10 ++++++++++ 8 files changed, 40 insertions(+) diff --git a/charts/ceph-csi-cephfs/README.md b/charts/ceph-csi-cephfs/README.md index fe6a2b953..9d6fcfc17 100644 --- a/charts/ceph-csi-cephfs/README.md +++ b/charts/ceph-csi-cephfs/README.md @@ -121,6 +121,7 @@ charts and their default values. | `nodeplugin.name` | Specifies the nodeplugin name | `nodeplugin` | | `nodeplugin.updateStrategy` | Specifies the update Strategy. If you are using ceph-fuse client set this value to OnDelete | `RollingUpdate` | | `nodeplugin.priorityClassName` | Set user created priorityclassName for csi plugin pods. default is system-node-critical which is highest priority | `system-node-critical` | +| `nodeplugin.imagePullSecrets` | Specifies imagePullSecrets for containers | `[]` | | `nodeplugin.profiling.enabled` | Specifies whether profiling should be enabled | `false` | | `nodeplugin.registrar.image.repository` | Node-Registrar image repository URL | `registry.k8s.io/sig-storage/csi-node-driver-registrar` | | `nodeplugin.registrar.image.tag` | Image tag | `v2.8.0` | @@ -141,6 +142,7 @@ charts and their default values. | `provisioner.setmetadata` | Set metadata on volume | `true` | | `provisioner.priorityClassName` | Set user created priorityclassName for csi provisioner pods. Default is `system-cluster-critical` which is less priority than `system-node-critical` | `system-cluster-critical` | | `provisioner.enableHostNetwork` | Specifies whether hostNetwork is enabled for provisioner pod. | `false` | +| `provisioner.imagePullSecrets` | Specifies imagePullSecrets for containers | `[]` | | `provisioner.profiling.enabled` | Specifies whether profiling should be enabled | `false` | | `provisioner.provisioner.image.repository` | Specifies the csi-provisioner image repository URL | `registry.k8s.io/sig-storage/csi-provisioner` | | `provisioner.provisioner.image.tag` | Specifies image tag | `v3.5.0` | diff --git a/charts/ceph-csi-cephfs/templates/nodeplugin-daemonset.yaml b/charts/ceph-csi-cephfs/templates/nodeplugin-daemonset.yaml index f022ed57a..d3a5b9df8 100644 --- a/charts/ceph-csi-cephfs/templates/nodeplugin-daemonset.yaml +++ b/charts/ceph-csi-cephfs/templates/nodeplugin-daemonset.yaml @@ -37,6 +37,10 @@ spec: # to use e.g. Rook orchestrated cluster, and mons' FQDN is # resolved through k8s service, set dns policy to cluster first dnsPolicy: ClusterFirstWithHostNet +{{- if .Values.nodeplugin.imagePullSecrets }} + imagePullSecrets: +{{ toYaml .Values.nodeplugin.imagePullSecrets | indent 8 -}} +{{- end }} containers: - name: driver-registrar # This is necessary only for systems with SELinux, where diff --git a/charts/ceph-csi-cephfs/templates/provisioner-deployment.yaml b/charts/ceph-csi-cephfs/templates/provisioner-deployment.yaml index 30f375824..dcc15eef1 100644 --- a/charts/ceph-csi-cephfs/templates/provisioner-deployment.yaml +++ b/charts/ceph-csi-cephfs/templates/provisioner-deployment.yaml @@ -61,6 +61,10 @@ spec: hostNetwork: {{ .Values.provisioner.enableHostNetwork }} {{- if .Values.provisioner.priorityClassName }} priorityClassName: {{ .Values.provisioner.priorityClassName }} +{{- end }} +{{- if .Values.provisioner.imagePullSecrets }} + imagePullSecrets: +{{ toYaml .Values.provisioner.imagePullSecrets | indent 8 -}} {{- end }} containers: - name: csi-provisioner diff --git a/charts/ceph-csi-cephfs/values.yaml b/charts/ceph-csi-cephfs/values.yaml index bb8ec721d..b803bb50a 100644 --- a/charts/ceph-csi-cephfs/values.yaml +++ b/charts/ceph-csi-cephfs/values.yaml @@ -81,6 +81,11 @@ nodeplugin: loadBalancerIP: "" loadBalancerSourceRanges: [] + ## Reference to one or more secrets to be used when pulling images + ## + imagePullSecrets: [] + # - name: "image-pull-secret" + profiling: enabled: false @@ -168,6 +173,11 @@ provisioner: loadBalancerIP: "" loadBalancerSourceRanges: [] + ## Reference to one or more secrets to be used when pulling images + ## + imagePullSecrets: [] + # - name: "image-pull-secret" + profiling: enabled: false diff --git a/charts/ceph-csi-rbd/README.md b/charts/ceph-csi-rbd/README.md index 77d72f60f..5ba057f6c 100644 --- a/charts/ceph-csi-rbd/README.md +++ b/charts/ceph-csi-rbd/README.md @@ -123,6 +123,7 @@ charts and their default values. | `nodeplugin.name` | Specifies the nodeplugins name | `nodeplugin` | | `nodeplugin.updateStrategy` | Specifies the update Strategy. If you are using ceph-fuse client set this value to OnDelete | `RollingUpdate` | | `nodeplugin.priorityClassName` | Set user created priorityclassName for csi plugin pods. default is system-node-critical which is highest priority | `system-node-critical` | +| `nodeplugin.imagePullSecrets` | Specifies imagePullSecrets for containers | `[]` | | `nodeplugin.profiling.enabled` | Specifies whether profiling should be enabled | `false` | | `nodeplugin.registrar.image.repository` | Node Registrar image repository URL | `registry.k8s.io/sig-storage/csi-node-driver-registrar` | | `nodeplugin.registrar.image.tag` | Image tag | `v2.8.0` | @@ -147,6 +148,7 @@ charts and their default values. | `provisioner.setmetadata` | Set metadata on volume | `true` | | `provisioner.priorityClassName` | Set user created priorityclassName for csi provisioner pods. Default is `system-cluster-critical` which is less priority than `system-node-critical` | `system-cluster-critical` | | `provisioner.enableHostNetwork` | Specifies whether hostNetwork is enabled for provisioner pod. | `false` | +| `provisioner.imagePullSecrets` | Specifies imagePullSecrets for containers | `[]` | | `provisioner.profiling.enabled` | Specifies whether profiling should be enabled | `false` | | `provisioner.provisioner.image.repository` | Specifies the csi-provisioner image repository URL | `registry.k8s.io/sig-storage/csi-provisioner` | | `provisioner.provisioner.image.tag` | Specifies image tag | `v3.5.0` | diff --git a/charts/ceph-csi-rbd/templates/nodeplugin-daemonset.yaml b/charts/ceph-csi-rbd/templates/nodeplugin-daemonset.yaml index fdf85c56f..a1744a895 100644 --- a/charts/ceph-csi-rbd/templates/nodeplugin-daemonset.yaml +++ b/charts/ceph-csi-rbd/templates/nodeplugin-daemonset.yaml @@ -37,6 +37,10 @@ spec: # to use e.g. Rook orchestrated cluster, and mons' FQDN is # resolved through k8s service, set dns policy to cluster first dnsPolicy: ClusterFirstWithHostNet +{{- if .Values.nodeplugin.imagePullSecrets }} + imagePullSecrets: +{{ toYaml .Values.nodeplugin.imagePullSecrets | indent 8 -}} +{{- end }} containers: - name: driver-registrar # This is necessary only for systems with SELinux, where diff --git a/charts/ceph-csi-rbd/templates/provisioner-deployment.yaml b/charts/ceph-csi-rbd/templates/provisioner-deployment.yaml index 76db4e452..824377afb 100644 --- a/charts/ceph-csi-rbd/templates/provisioner-deployment.yaml +++ b/charts/ceph-csi-rbd/templates/provisioner-deployment.yaml @@ -61,6 +61,10 @@ spec: hostNetwork: {{ .Values.provisioner.enableHostNetwork }} {{- if .Values.provisioner.priorityClassName }} priorityClassName: {{ .Values.provisioner.priorityClassName }} +{{- end }} +{{- if .Values.provisioner.imagePullSecrets }} + imagePullSecrets: +{{ toYaml .Values.provisioner.imagePullSecrets | indent 8 -}} {{- end }} containers: - name: csi-provisioner diff --git a/charts/ceph-csi-rbd/values.yaml b/charts/ceph-csi-rbd/values.yaml index 4643b7e7c..d221dc823 100644 --- a/charts/ceph-csi-rbd/values.yaml +++ b/charts/ceph-csi-rbd/values.yaml @@ -103,6 +103,11 @@ nodeplugin: loadBalancerIP: "" loadBalancerSourceRanges: [] + ## Reference to one or more secrets to be used when pulling images + ## + imagePullSecrets: [] + # - name: "image-pull-secret" + profiling: # enable profiling to check for memory leaks enabled: false @@ -200,6 +205,11 @@ provisioner: loadBalancerIP: "" loadBalancerSourceRanges: [] + ## Reference to one or more secrets to be used when pulling images + ## + imagePullSecrets: [] + # - name: "image-pull-secret" + profiling: # enable profiling to check for memory leaks enabled: false