Skip to content

Commit b2d4f3a

Browse files
committed
chore: add image pull policy and secret handling across components
1 parent 006c343 commit b2d4f3a

20 files changed

+91
-24
lines changed

apis/offloading/v1beta1/vkoptionstemplate_types.go

Lines changed: 17 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -21,21 +21,23 @@ import (
2121

2222
// VkOptionsTemplateSpec defines the desired state of VkOptionsTemplate.
2323
type VkOptionsTemplateSpec struct {
24-
CreateNode bool `json:"createNode"`
25-
DisableNetworkCheck bool `json:"disableNetworkCheck"`
26-
ContainerImage string `json:"containerImage"`
27-
MetricsEnabled bool `json:"metricsEnabled"`
28-
MetricsAddress string `json:"metricsAddress,omitempty"`
29-
LabelsNotReflected []string `json:"labelsNotReflected,omitempty"`
30-
AnnotationsNotReflected []string `json:"annotationsNotReflected,omitempty"`
31-
ReflectorsConfig map[string]ReflectorConfig `json:"reflectorsConfig,omitempty"`
32-
Resources corev1.ResourceRequirements `json:"resources,omitempty"`
33-
ExtraArgs []string `json:"extraArgs,omitempty"`
34-
ExtraAnnotations map[string]string `json:"extraAnnotations,omitempty"`
35-
ExtraLabels map[string]string `json:"extraLabels,omitempty"`
36-
NodeExtraAnnotations map[string]string `json:"nodeExtraAnnotations,omitempty"`
37-
NodeExtraLabels map[string]string `json:"nodeExtraLabels,omitempty"`
38-
Replicas *int32 `json:"replicas,omitempty"`
24+
CreateNode bool `json:"createNode"`
25+
DisableNetworkCheck bool `json:"disableNetworkCheck"`
26+
ContainerImage string `json:"containerImage"`
27+
MetricsEnabled bool `json:"metricsEnabled"`
28+
MetricsAddress string `json:"metricsAddress,omitempty"`
29+
LabelsNotReflected []string `json:"labelsNotReflected,omitempty"`
30+
AnnotationsNotReflected []string `json:"annotationsNotReflected,omitempty"`
31+
ReflectorsConfig map[string]ReflectorConfig `json:"reflectorsConfig,omitempty"`
32+
Resources corev1.ResourceRequirements `json:"resources,omitempty"`
33+
ExtraArgs []string `json:"extraArgs,omitempty"`
34+
ExtraAnnotations map[string]string `json:"extraAnnotations,omitempty"`
35+
ExtraLabels map[string]string `json:"extraLabels,omitempty"`
36+
NodeExtraAnnotations map[string]string `json:"nodeExtraAnnotations,omitempty"`
37+
NodeExtraLabels map[string]string `json:"nodeExtraLabels,omitempty"`
38+
Replicas *int32 `json:"replicas,omitempty"`
39+
ImagePullSecrets []corev1.LocalObjectReference `json:"imagePullSecrets,omitempty"`
40+
PullPolicy corev1.PullPolicy `json:"pullPolicy,omitempty"`
3941
}
4042

4143
// ReflectorConfig contains configuration parameters of the reflector.

apis/offloading/v1beta1/zz_generated.deepcopy.go

Lines changed: 5 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

deployments/liqo/README.md

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -49,6 +49,7 @@
4949
| discovery.config.clusterID | string | `""` | Specify an unique ID for your cluster. This ID is used to identify your cluster in the peering process. |
5050
| discovery.config.clusterLabels | object | `{}` | A set of labels that characterizes the local cluster when exposed remotely as a virtual node. It is suggested to specify the distinguishing characteristics that may be used to decide whether to offload pods on this cluster. |
5151
| fullnameOverride | string | `""` | Override the standard full name used by Helm and associated to Kubernetes/Liqo resources. |
52+
| imagePullSecrets | list | `[]` | Image pull secrets for all Liqo containers |
5253
| ipam.external.enabled | bool | `false` | Use an external IPAM to allocate the IP addresses for the pods. Enabling it will disable the internal IPAM. |
5354
| ipam.external.url | string | `""` | The URL of the external IPAM. |
5455
| ipam.externalCIDR | string | `"10.70.0.0/16"` | The subnet used for the external CIDR. |
@@ -164,7 +165,7 @@
164165
| proxy.replicas | int | `1` | Set the number of replicas for the proxy deployments |
165166
| proxy.service.annotations | object | `{}` | |
166167
| proxy.service.type | string | `"ClusterIP"` | |
167-
| pullPolicy | string | `"IfNotPresent"` | The pullPolicy for liqo pods. |
168+
| pullPolicy | string | `"IfNotPresent"` | Image pull policy for all Liqo containers |
168169
| requirements.kernel.enabled | bool | `true` | Enable/Disable the kernel requirements check. |
169170
| storage.enabled | bool | `true` | Enable/Disable the liqo virtual storage class on the local cluster. You will be able to offload your persistent volumes, while other clusters will be able to schedule their persistent workloads on the current cluster. |
170171
| storage.realStorageClassName | string | `""` | Name of the real storage class to use in the local cluster. |

deployments/liqo/charts/liqo-crds/crds/offloading.liqo.io_vkoptionstemplates.yaml

Lines changed: 22 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -71,6 +71,24 @@ spec:
7171
additionalProperties:
7272
type: string
7373
type: object
74+
imagePullSecrets:
75+
items:
76+
description: |-
77+
LocalObjectReference contains enough information to let you locate the
78+
referenced object inside the same namespace.
79+
properties:
80+
name:
81+
default: ""
82+
description: |-
83+
Name of the referent.
84+
This field is effectively required, but due to backwards compatibility is
85+
allowed to be empty. Instances of this type with an empty value here are
86+
almost certainly wrong.
87+
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
88+
type: string
89+
type: object
90+
x-kubernetes-map-type: atomic
91+
type: array
7492
labelsNotReflected:
7593
items:
7694
type: string
@@ -87,6 +105,10 @@ spec:
87105
additionalProperties:
88106
type: string
89107
type: object
108+
pullPolicy:
109+
description: PullPolicy describes a policy for if/when to pull a container
110+
image
111+
type: string
90112
reflectorsConfig:
91113
additionalProperties:
92114
description: ReflectorConfig contains configuration parameters of

deployments/liqo/templates/_helpers.tpl

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -240,3 +240,13 @@ Get the Container security context
240240
{{- define "liqo.containerSecurityContext" -}}
241241
allowPrivilegeEscalation: false
242242
{{- end -}}
243+
244+
{{/*
245+
Get the image pull secrets
246+
*/}}
247+
{{- define "liqo.imagePullSecrets" -}}
248+
{{- if .Values.imagePullSecrets }}
249+
imagePullSecrets:
250+
{{- toYaml .Values.imagePullSecrets | nindent 0 }}
251+
{{- end -}}
252+
{{- end -}}

deployments/liqo/templates/liqo-controller-manager-deployment.yaml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -39,6 +39,7 @@ spec:
3939
securityContext:
4040
{{- include "liqo.podSecurityContext" . | nindent 8 }}
4141
serviceAccountName: {{ include "liqo.prefixedName" $ctrlManagerConfig }}
42+
{{- include "liqo.imagePullSecrets" . | nindent 6 }}
4243
containers:
4344
- image: {{ .Values.controllerManager.image.name }}{{ include "liqo.suffix" $ctrlManagerConfig }}:{{ include "liqo.version" $ctrlManagerConfig }}
4445
imagePullPolicy: {{ .Values.pullPolicy }}

deployments/liqo/templates/liqo-crd-replicator-deployment.yaml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -26,6 +26,7 @@ spec:
2626
securityContext:
2727
{{- include "liqo.podSecurityContext" . | nindent 8 }}
2828
serviceAccountName: {{ include "liqo.prefixedName" $crdReplicatorConfig }}
29+
{{- include "liqo.imagePullSecrets" . | nindent 6 }}
2930
containers:
3031
- image: {{ .Values.crdReplicator.image.name }}{{ include "liqo.suffix" $crdReplicatorConfig }}:{{ include "liqo.version" $crdReplicatorConfig }}
3132
imagePullPolicy: {{ .Values.pullPolicy }}

deployments/liqo/templates/liqo-fabric-daemonset.yaml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -38,6 +38,7 @@ spec:
3838
{{- toYaml .Values.networking.fabric.tolerations | nindent 8 }}
3939
{{- end }}
4040
serviceAccountName: {{ include "liqo.prefixedName" $fabricConfig }}
41+
{{- include "liqo.imagePullSecrets" . | nindent 6 }}
4142
containers:
4243
- image: {{ .Values.networking.fabric.image.name }}{{ include "liqo.suffix" $fabricConfig }}:{{ include "liqo.version" $fabricConfig }}
4344
imagePullPolicy: {{ .Values.pullPolicy }}

deployments/liqo/templates/liqo-ipam-deployment.yaml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -29,6 +29,7 @@ spec:
2929
securityContext:
3030
{{- include "liqo.podSecurityContext" . | nindent 8 }}
3131
serviceAccountName: {{ include "liqo.prefixedName" $ipamConfig }}
32+
{{- include "liqo.imagePullSecrets" . | nindent 6 }}
3233
containers:
3334
- image: {{ .Values.ipam.internal.image.name }}{{ include "liqo.suffix" $ipamConfig }}:{{ include "liqo.version" $ipamConfig }}
3435
imagePullPolicy: {{ .Values.pullPolicy }}

deployments/liqo/templates/liqo-metric-agent-deployment.yaml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -31,6 +31,7 @@ spec:
3131
securityContext:
3232
{{- include "liqo.podSecurityContext" . | nindent 8 }}
3333
serviceAccountName: {{ include "liqo.prefixedName" $metricConfig }}
34+
{{- include "liqo.imagePullSecrets" . | nindent 6 }}
3435
initContainers:
3536
- name: {{ $certConfig.name }}
3637
imagePullPolicy: {{ .Values.pullPolicy }}

deployments/liqo/templates/liqo-proxy-deployment.yaml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -27,6 +27,7 @@ spec:
2727
spec:
2828
securityContext:
2929
{{- include "liqo.podSecurityContext" . | nindent 8 }}
30+
{{- include "liqo.imagePullSecrets" . | nindent 6 }}
3031
containers:
3132
- image: {{ .Values.proxy.image.name }}{{ include "liqo.suffix" $proxyConfig }}:{{ include "liqo.version" $proxyConfig }}
3233
imagePullPolicy: {{ .Values.pullPolicy }}

deployments/liqo/templates/liqo-telemetry-cronjob.yaml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -34,6 +34,7 @@ spec:
3434
securityContext:
3535
{{- include "liqo.podSecurityContext" . | nindent 12 }}
3636
serviceAccountName: {{ include "liqo.prefixedName" $telemetryCronConfig }}
37+
{{- include "liqo.imagePullSecrets" . | nindent 10 }}
3738
restartPolicy: Never
3839
containers:
3940
- image: {{ .Values.telemetry.image.name }}{{ include "liqo.suffix" $telemetryCronConfig }}:{{ include "liqo.version" $telemetryCronConfig }}

deployments/liqo/templates/liqo-vk-options-template.yaml

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -41,6 +41,10 @@ spec:
4141
annotationsNotReflected:
4242
{{- toYaml .Values.offloading.reflection.skip.annotations | nindent 4 }}
4343
{{- end }}
44+
{{- if .Values.pullPolicy }}
45+
pullPolicy: {{ .Values.pullPolicy }}
46+
{{- end }}
47+
{{- include "liqo.imagePullSecrets" . | nindent 2 }}
4448
reflectorsConfig:
4549
pod:
4650
workers: {{ .Values.offloading.reflection.pod.workers }}

deployments/liqo/templates/liqo-webhook-deployment.yaml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -38,6 +38,7 @@ spec:
3838
securityContext:
3939
{{- include "liqo.podSecurityContext" . | nindent 8 }}
4040
serviceAccountName: {{ include "liqo.prefixedName" $webhookConfig }}
41+
{{- include "liqo.imagePullSecrets" . | nindent 6 }}
4142
containers:
4243
- image: {{ .Values.webhook.image.name }}{{ include "liqo.suffix" $webhookConfig }}:{{ include "liqo.version" $webhookConfig }}
4344
imagePullPolicy: {{ .Values.pullPolicy }}

deployments/liqo/templates/liqo-wireguard-gateway-client-template.yaml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -37,6 +37,7 @@ spec:
3737
spec:
3838
serviceAccount: "{{"{{ .Name }}"}}"
3939
serviceAccountName: "{{"{{ .Name }}"}}"
40+
{{- include "liqo.imagePullSecrets" . | nindent 14 }}
4041
containers:
4142
- name: gateway
4243
image: {{ .Values.networking.gatewayTemplates.container.gateway.image.name }}{{ include "liqo.suffix" $gatewayConfig }}:{{ include "liqo.version" $gatewayConfig }}

deployments/liqo/templates/liqo-wireguard-gateway-server-template-eks.yaml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -64,6 +64,7 @@ spec:
6464
spec:
6565
serviceAccount: "{{"{{ .Name }}"}}"
6666
serviceAccountName: "{{"{{ .Name }}"}}"
67+
{{- include "liqo.imagePullSecrets" . | nindent 14 }}
6768
containers:
6869
- name: gateway
6970
image: {{ .Values.networking.gatewayTemplates.container.gateway.image.name }}{{ include "liqo.suffix" $gatewayConfig }}:{{ include "liqo.version" $gatewayConfig }}

deployments/liqo/templates/liqo-wireguard-gateway-server-template.yaml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -57,6 +57,7 @@ spec:
5757
spec:
5858
serviceAccount: "{{"{{ .Name }}"}}"
5959
serviceAccountName: "{{"{{ .Name }}"}}"
60+
{{- include "liqo.imagePullSecrets" . | nindent 14 }}
6061
containers:
6162
- name: gateway
6263
image: {{ .Values.networking.gatewayTemplates.container.gateway.image.name }}{{ include "liqo.suffix" $gatewayConfig }}:{{ include "liqo.version" $gatewayConfig }}

deployments/liqo/templates/pre-delete-job.yaml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -26,6 +26,7 @@ spec:
2626
{{- include "liqo.podSecurityContext" . | nindent 8 }}
2727
restartPolicy: Never
2828
serviceAccountName: {{ include "liqo.prefixedName" $predelete}}
29+
{{- include "liqo.imagePullSecrets" . | nindent 6 }}
2930
containers:
3031
- name: pre-delete-job
3132
image: {{ .Values.uninstaller.image.name }}{{ include "liqo.suffix" $predelete }}:{{ include "liqo.version" $predelete }}

deployments/liqo/values.yaml

Lines changed: 7 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -10,6 +10,13 @@ nameOverride: ""
1010
# -- Override the standard full name used by Helm and associated to Kubernetes/Liqo resources.
1111
fullnameOverride: ""
1212

13+
# -- Image pull policy for all Liqo containers
14+
pullPolicy: IfNotPresent
15+
16+
# -- Image pull secrets for all Liqo containers
17+
imagePullSecrets: []
18+
# - name: regcred
19+
1320
metrics:
1421
# -- Enable/Disable the metrics server in every liqo component.
1522
enabled: false
@@ -289,9 +296,6 @@ storage:
289296
# -- Namespace where liqo will deploy specific PVCs. Internal parameter, do not change.
290297
storageNamespace: liqo-storage
291298

292-
# -- The pullPolicy for liqo pods.
293-
pullPolicy: "IfNotPresent"
294-
295299
common:
296300
# -- NodeSelector for all liqo pods, excluding virtual kubelet.
297301
nodeSelector: {}

pkg/vkMachinery/forge/forge.go

Lines changed: 12 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -133,13 +133,19 @@ func forgeVKContainers(
133133
})
134134
}
135135

136+
pullPolicy := v1.PullIfNotPresent
137+
if opts.Spec.PullPolicy != "" {
138+
pullPolicy = opts.Spec.PullPolicy
139+
}
140+
136141
return []v1.Container{
137142
{
138-
Name: vk.ContainerName,
139-
Resources: opts.Spec.Resources,
140-
Image: opts.Spec.ContainerImage,
141-
Command: command,
142-
Args: args,
143+
Name: vk.ContainerName,
144+
Resources: opts.Spec.Resources,
145+
Image: opts.Spec.ContainerImage,
146+
ImagePullPolicy: pullPolicy,
147+
Command: command,
148+
Args: args,
143149
Env: []v1.EnvVar{
144150
{
145151
Name: "POD_IP",
@@ -172,6 +178,7 @@ func forgeVKPodSpec(vkNamespace string, homeCluster liqov1beta1.ClusterID, local
172178
virtualNode.Spec.StorageClasses, virtualNode.Spec.IngressClasses, virtualNode.Spec.LoadBalancerClasses,
173179
opts),
174180
ServiceAccountName: virtualNode.Name,
181+
ImagePullSecrets: opts.Spec.ImagePullSecrets,
175182
}
176183
}
177184

0 commit comments

Comments
 (0)