From 5f16f0571689f6e86fdf5609d885c414890f8e88 Mon Sep 17 00:00:00 2001 From: Matt Schallert Date: Mon, 1 Jul 2019 23:42:57 -0400 Subject: [PATCH 1/2] [cluster] support image pull secrets --- pkg/apis/m3dboperator/v1alpha1/cluster.go | 3 +++ .../m3dboperator/v1alpha1/openapi_generated.go | 15 ++++++++++++++- .../v1alpha1/zz_generated.deepcopy.go | 5 +++++ pkg/k8sops/fixtures/testM3DBCluster.yaml | 2 ++ pkg/k8sops/generators_test.go | 3 +++ pkg/k8sops/statefulset.go | 1 + 6 files changed, 28 insertions(+), 1 deletion(-) diff --git a/pkg/apis/m3dboperator/v1alpha1/cluster.go b/pkg/apis/m3dboperator/v1alpha1/cluster.go index 42d809f0..db06acb1 100644 --- a/pkg/apis/m3dboperator/v1alpha1/cluster.go +++ b/pkg/apis/m3dboperator/v1alpha1/cluster.go @@ -234,6 +234,9 @@ type ClusterSpec struct { // context. SecurityContext *corev1.SecurityContext `json:"securityContext,omitempty"` + // ImagePullSecrets will be added to every pod. + ImagePullSecrets []corev1.LocalObjectReference `json:"imagePullSecrets,omitempty"` + // Labels sets the base labels that will be applied to resources created by // the cluster. // TODO(schallert): design doc on labeling scheme. Labels map[string]string `json:"labels,omitempty"` diff --git a/pkg/apis/m3dboperator/v1alpha1/openapi_generated.go b/pkg/apis/m3dboperator/v1alpha1/openapi_generated.go index 333be39e..1bc26836 100644 --- a/pkg/apis/m3dboperator/v1alpha1/openapi_generated.go +++ b/pkg/apis/m3dboperator/v1alpha1/openapi_generated.go @@ -451,6 +451,19 @@ func schema_pkg_apis_m3dboperator_v1alpha1_ClusterSpec(ref common.ReferenceCallb Ref: ref("k8s.io/api/core/v1.SecurityContext"), }, }, + "imagePullSecrets": { + SchemaProps: spec.SchemaProps{ + Description: "ImagePullSecrets will be added to every pod.", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Ref: ref("k8s.io/api/core/v1.LocalObjectReference"), + }, + }, + }, + }, + }, "labels": { SchemaProps: spec.SchemaProps{ Description: "Labels sets the base labels that will be applied to resources created by the cluster. // TODO(schallert): design doc on labeling scheme.", @@ -505,7 +518,7 @@ func schema_pkg_apis_m3dboperator_v1alpha1_ClusterSpec(ref common.ReferenceCallb }, }, Dependencies: []string{ - "github.com/m3db/m3db-operator/pkg/apis/m3dboperator/v1alpha1.IsolationGroup", "github.com/m3db/m3db-operator/pkg/apis/m3dboperator/v1alpha1.Namespace", "github.com/m3db/m3db-operator/pkg/apis/m3dboperator/v1alpha1.PodIdentityConfig", "k8s.io/api/core/v1.PersistentVolumeClaim", "k8s.io/api/core/v1.PodSecurityContext", "k8s.io/api/core/v1.ResourceRequirements", "k8s.io/api/core/v1.SecurityContext", "k8s.io/api/core/v1.Toleration"}, + "github.com/m3db/m3db-operator/pkg/apis/m3dboperator/v1alpha1.IsolationGroup", "github.com/m3db/m3db-operator/pkg/apis/m3dboperator/v1alpha1.Namespace", "github.com/m3db/m3db-operator/pkg/apis/m3dboperator/v1alpha1.PodIdentityConfig", "k8s.io/api/core/v1.LocalObjectReference", "k8s.io/api/core/v1.PersistentVolumeClaim", "k8s.io/api/core/v1.PodSecurityContext", "k8s.io/api/core/v1.ResourceRequirements", "k8s.io/api/core/v1.SecurityContext", "k8s.io/api/core/v1.Toleration"}, } } diff --git a/pkg/apis/m3dboperator/v1alpha1/zz_generated.deepcopy.go b/pkg/apis/m3dboperator/v1alpha1/zz_generated.deepcopy.go index da42fa4c..499bca65 100644 --- a/pkg/apis/m3dboperator/v1alpha1/zz_generated.deepcopy.go +++ b/pkg/apis/m3dboperator/v1alpha1/zz_generated.deepcopy.go @@ -93,6 +93,11 @@ func (in *ClusterSpec) DeepCopyInto(out *ClusterSpec) { *out = new(v1.SecurityContext) (*in).DeepCopyInto(*out) } + if in.ImagePullSecrets != nil { + in, out := &in.ImagePullSecrets, &out.ImagePullSecrets + *out = make([]v1.LocalObjectReference, len(*in)) + copy(*out, *in) + } if in.Labels != nil { in, out := &in.Labels, &out.Labels *out = make(map[string]string, len(*in)) diff --git a/pkg/k8sops/fixtures/testM3DBCluster.yaml b/pkg/k8sops/fixtures/testM3DBCluster.yaml index 16fd7b6b..a44a0659 100644 --- a/pkg/k8sops/fixtures/testM3DBCluster.yaml +++ b/pkg/k8sops/fixtures/testM3DBCluster.yaml @@ -9,6 +9,8 @@ spec: replicationFactor: 3 numberOfShards: 8 enableCarbonIngester: true + imagePullSecrets: + - name: secret1 isolationGroups: - name: us-fake1-a numInstances: 1 diff --git a/pkg/k8sops/generators_test.go b/pkg/k8sops/generators_test.go index 42b110b8..3f3e21de 100644 --- a/pkg/k8sops/generators_test.go +++ b/pkg/k8sops/generators_test.go @@ -146,6 +146,9 @@ func TestGenerateStatefulSet(t *testing.T) { SecurityContext: &v1.PodSecurityContext{ FSGroup: pointer.Int64Ptr(10), }, + ImagePullSecrets: []v1.LocalObjectReference{ + {Name: "secret1"}, + }, Affinity: &v1.Affinity{ NodeAffinity: &v1.NodeAffinity{ RequiredDuringSchedulingIgnoredDuringExecution: &v1.NodeSelector{ diff --git a/pkg/k8sops/statefulset.go b/pkg/k8sops/statefulset.go index e3d8679f..757fe697 100644 --- a/pkg/k8sops/statefulset.go +++ b/pkg/k8sops/statefulset.go @@ -113,6 +113,7 @@ func NewBaseStatefulSet(ssName, isolationGroup string, cluster *myspec.M3DBClust Spec: v1.PodSpec{ PriorityClassName: cluster.Spec.PriorityClassName, SecurityContext: cluster.Spec.PodSecurityContext, + ImagePullSecrets: cluster.Spec.ImagePullSecrets, Containers: []v1.Container{ { Name: ssName, From 31711c5561a899222b2c1e08272b51aa12fc6cc2 Mon Sep 17 00:00:00 2001 From: Matt Schallert Date: Mon, 1 Jul 2019 23:50:29 -0400 Subject: [PATCH 2/2] api docs --- docs/api.md | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/api.md b/docs/api.md index 99fc6e6a..50fe3af6 100644 --- a/docs/api.md +++ b/docs/api.md @@ -53,6 +53,7 @@ ClusterSpec defines the desired state for a M3 cluster to be converge to. | dataDirVolumeClaimTemplate | DataDirVolumeClaimTemplate is the volume claim template for an M3DB instance's data. It claims PersistentVolumes for cluster storage, volumes are dynamically provisioned by when the StorageClass is defined. | *[corev1.PersistentVolumeClaim](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.10/#persistentvolumeclaim-v1-core) | false | | podSecurityContext | PodSecurityContext allows the user to specify an optional security context for pods. | *corev1.PodSecurityContext | false | | securityContext | SecurityContext allows the user to specify a container-level security context. | *corev1.SecurityContext | false | +| imagePullSecrets | ImagePullSecrets will be added to every pod. | [][corev1.LocalObjectReference](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.10/#localobjectreference-v1-core) | false | | labels | Labels sets the base labels that will be applied to resources created by the cluster. // TODO(schallert): design doc on labeling scheme. | map[string]string | false | | annotations | Annotations sets the base annotations that will be applied to resources created by the cluster. | map[string]string | false | | tolerations | Tolerations sets the tolerations that will be applied to all M3DB pods. | []corev1.Toleration | false |