Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: set workload image pull secrets #7891

Merged
merged 3 commits into from
Aug 1, 2024
Merged

feat: set workload image pull secrets #7891

merged 3 commits into from
Aug 1, 2024

Conversation

ldming
Copy link
Collaborator

@ldming ldming commented Jul 29, 2024
edited
Loading

Support to set image pull secrets for data plane workload:

  • for cluster, set the image pull secrets for the serviceAccount
  • for jobs, set the image pull secrets for the podSpec
  • for backup workload, set the image pull secrets for the specified SA

For user, if they use a private image registry and need a secret to pull, they should create the image pull secret first in the namespace.

Now, the secret name is same with the control plane image pull secrets that specified when install KubeBlocks.

@github-actions github-actions bot added the size/L Denotes a PR that changes 100-499 lines. label Jul 29, 2024
@ldming ldming self-assigned this Jul 29, 2024
weicao
weicao reviewed Aug 1, 2024
View reviewed changes
pkg/controllerutil/pod_utils.go

func BuildImagePullSecrets() []corev1.LocalObjectReference {
secrets := make([]corev1.LocalObjectReference, 0)
secretsVal := viper.GetString(constant.KBImagePullSecrets)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@leon-inf , should we add imagePullSecrets field in ComponentVersion?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It is a runtime resource about specific k8s cluster, and is not suitable to define in ComponentVersion.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah, then should it be defined in Cluster?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's more reasonable as a global config for KB or k8s cluster.

@ldming ldming marked this pull request as ready for review August 1, 2024 07:31
@codecov Codecov
Copy link

codecov bot commented Aug 1, 2024
edited
Loading

Codecov Report

Attention: Patch coverage is 70.00000% with 6 lines in your changes missing coverage. Please review.

Project coverage is 64.81%. Comparing base (5c4f341) to head (7230e60).
Report is 2 commits behind head on main.

Files Patch % Lines
pkg/controller/builder/builder_pod.go 0.00% 3 Missing ⚠️
pkg/controller/builder/builder_service_account.go 0.00% 3 Missing ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #7891      +/-   ##
==========================================
- Coverage   64.84%   64.81%   -0.04%     
==========================================
  Files         345      345              
  Lines       43100    43119      +19     
==========================================
- Hits        27947    27946       -1     
- Misses      12693    12718      +25     
+ Partials     2460     2455       -5
Flag Coverage Δ
unittests 64.81% <70.00%> (-0.04%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@ldming
Copy link
Collaborator Author

ldming commented Aug 1, 2024

/approve to trigger test

@apecloud-bot apecloud-bot added the approved PR Approved Test label Aug 1, 2024
@ldming ldming merged commit 0bbc36b into main Aug 1, 2024
57 checks passed
@ldming ldming deleted the feature/support-set-data-plan-image-pull-secrets branch August 1, 2024 09:23
@github-actions github-actions bot added this to the 0.9.2 milestone Aug 1, 2024
@ldming
Copy link
Collaborator Author

ldming commented Aug 1, 2024

/cherry-pick release-0.9

@github-actions GitHub Actions
Copy link

github-actions bot commented Aug 1, 2024

🤖 says: cherry pick action finished successfully 🎉!
See: https://github.com/apecloud/kubeblocks/actions/runs/10195642498

github-actions bot pushed a commit that referenced this pull request Aug 1, 2024
@ldming
feat: set workload image pull secrets (#7891)
718ff84 
(cherry picked from commit 0bbc36b)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@weicao weicao weicao approved these changes

@leon-inf leon-inf leon-inf left review comments

@wangyelei wangyelei wangyelei approved these changes

@apecloud-bot apecloud-bot apecloud-bot approved these changes

@nayutah nayutah Awaiting requested review from nayutah nayutah is a code owner

@heng4fun heng4fun Awaiting requested review from heng4fun

@free6om free6om Awaiting requested review from free6om free6om is a code owner

@Y-Rookie Y-Rookie Awaiting requested review from Y-Rookie Y-Rookie is a code owner

Assignees

@ldming ldming

Labels
approved PR Approved Test size/L Denotes a PR that changes 100-499 lines.
Projects
None yet
Milestone
Release 0.9.2
Development

Successfully merging this pull request may close these issues.

[Improvement] support specify the private image registry pull secret
5 participants
@ldming @weicao @wangyelei @leon-inf @apecloud-bot