diff --git a/apis/offloading/v1beta1/vkoptionstemplate_types.go b/apis/offloading/v1beta1/vkoptionstemplate_types.go index 1e8c3b5fc2..7a92b583ce 100644 --- a/apis/offloading/v1beta1/vkoptionstemplate_types.go +++ b/apis/offloading/v1beta1/vkoptionstemplate_types.go @@ -21,21 +21,23 @@ import ( // VkOptionsTemplateSpec defines the desired state of VkOptionsTemplate. type VkOptionsTemplateSpec struct { - CreateNode bool `json:"createNode"` - DisableNetworkCheck bool `json:"disableNetworkCheck"` - ContainerImage string `json:"containerImage"` - MetricsEnabled bool `json:"metricsEnabled"` - MetricsAddress string `json:"metricsAddress,omitempty"` - LabelsNotReflected []string `json:"labelsNotReflected,omitempty"` - AnnotationsNotReflected []string `json:"annotationsNotReflected,omitempty"` - ReflectorsConfig map[string]ReflectorConfig `json:"reflectorsConfig,omitempty"` - Resources corev1.ResourceRequirements `json:"resources,omitempty"` - ExtraArgs []string `json:"extraArgs,omitempty"` - ExtraAnnotations map[string]string `json:"extraAnnotations,omitempty"` - ExtraLabels map[string]string `json:"extraLabels,omitempty"` - NodeExtraAnnotations map[string]string `json:"nodeExtraAnnotations,omitempty"` - NodeExtraLabels map[string]string `json:"nodeExtraLabels,omitempty"` - Replicas *int32 `json:"replicas,omitempty"` + CreateNode bool `json:"createNode"` + DisableNetworkCheck bool `json:"disableNetworkCheck"` + ContainerImage string `json:"containerImage"` + MetricsEnabled bool `json:"metricsEnabled"` + MetricsAddress string `json:"metricsAddress,omitempty"` + LabelsNotReflected []string `json:"labelsNotReflected,omitempty"` + AnnotationsNotReflected []string `json:"annotationsNotReflected,omitempty"` + ReflectorsConfig map[string]ReflectorConfig `json:"reflectorsConfig,omitempty"` + Resources corev1.ResourceRequirements `json:"resources,omitempty"` + ExtraArgs []string `json:"extraArgs,omitempty"` + ExtraAnnotations map[string]string `json:"extraAnnotations,omitempty"` + ExtraLabels map[string]string `json:"extraLabels,omitempty"` + NodeExtraAnnotations map[string]string `json:"nodeExtraAnnotations,omitempty"` + NodeExtraLabels map[string]string `json:"nodeExtraLabels,omitempty"` + Replicas *int32 `json:"replicas,omitempty"` + ImagePullSecrets []corev1.LocalObjectReference `json:"imagePullSecrets,omitempty"` + PullPolicy corev1.PullPolicy `json:"pullPolicy,omitempty"` } // ReflectorConfig contains configuration parameters of the reflector. diff --git a/apis/offloading/v1beta1/zz_generated.deepcopy.go b/apis/offloading/v1beta1/zz_generated.deepcopy.go index 90c88928f0..2ea46fbdd8 100644 --- a/apis/offloading/v1beta1/zz_generated.deepcopy.go +++ b/apis/offloading/v1beta1/zz_generated.deepcopy.go @@ -970,6 +970,11 @@ func (in *VkOptionsTemplateSpec) DeepCopyInto(out *VkOptionsTemplateSpec) { *out = new(int32) **out = **in } + if in.ImagePullSecrets != nil { + in, out := &in.ImagePullSecrets, &out.ImagePullSecrets + *out = make([]v1.LocalObjectReference, len(*in)) + copy(*out, *in) + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VkOptionsTemplateSpec. diff --git a/deployments/liqo/README.md b/deployments/liqo/README.md index 66c1cfe745..96c64d0012 100644 --- a/deployments/liqo/README.md +++ b/deployments/liqo/README.md @@ -49,6 +49,7 @@ | discovery.config.clusterID | string | `""` | Specify an unique ID for your cluster. This ID is used to identify your cluster in the peering process. | | discovery.config.clusterLabels | object | `{}` | A set of labels that characterizes the local cluster when exposed remotely as a virtual node. It is suggested to specify the distinguishing characteristics that may be used to decide whether to offload pods on this cluster. | | fullnameOverride | string | `""` | Override the standard full name used by Helm and associated to Kubernetes/Liqo resources. | +| imagePullSecrets | list | `[]` | Image pull secrets for all Liqo containers | | ipam.external.enabled | bool | `false` | Use an external IPAM to allocate the IP addresses for the pods. Enabling it will disable the internal IPAM. | | ipam.external.url | string | `""` | The URL of the external IPAM. | | ipam.externalCIDR | string | `"10.70.0.0/16"` | The subnet used for the external CIDR. | @@ -164,7 +165,7 @@ | proxy.replicas | int | `1` | Set the number of replicas for the proxy deployments | | proxy.service.annotations | object | `{}` | | | proxy.service.type | string | `"ClusterIP"` | | -| pullPolicy | string | `"IfNotPresent"` | The pullPolicy for liqo pods. | +| pullPolicy | string | `"IfNotPresent"` | Image pull policy for all Liqo containers | | requirements.kernel.enabled | bool | `true` | Enable/Disable the kernel requirements check. | | storage.enabled | bool | `true` | Enable/Disable the liqo virtual storage class on the local cluster. You will be able to offload your persistent volumes, while other clusters will be able to schedule their persistent workloads on the current cluster. | | storage.realStorageClassName | string | `""` | Name of the real storage class to use in the local cluster. | diff --git a/deployments/liqo/charts/liqo-crds/crds/offloading.liqo.io_vkoptionstemplates.yaml b/deployments/liqo/charts/liqo-crds/crds/offloading.liqo.io_vkoptionstemplates.yaml index 4bab0c0a9a..b8adee33dc 100644 --- a/deployments/liqo/charts/liqo-crds/crds/offloading.liqo.io_vkoptionstemplates.yaml +++ b/deployments/liqo/charts/liqo-crds/crds/offloading.liqo.io_vkoptionstemplates.yaml @@ -71,6 +71,24 @@ spec: additionalProperties: type: string type: object + imagePullSecrets: + items: + description: |- + LocalObjectReference contains enough information to let you locate the + referenced object inside the same namespace. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + type: array labelsNotReflected: items: type: string @@ -87,6 +105,10 @@ spec: additionalProperties: type: string type: object + pullPolicy: + description: PullPolicy describes a policy for if/when to pull a container + image + type: string reflectorsConfig: additionalProperties: description: ReflectorConfig contains configuration parameters of diff --git a/deployments/liqo/templates/_helpers.tpl b/deployments/liqo/templates/_helpers.tpl index af4ad81018..f4e2caf465 100644 --- a/deployments/liqo/templates/_helpers.tpl +++ b/deployments/liqo/templates/_helpers.tpl @@ -240,3 +240,13 @@ Get the Container security context {{- define "liqo.containerSecurityContext" -}} allowPrivilegeEscalation: false {{- end -}} + +{{/* +Get the image pull secrets +*/}} +{{- define "liqo.imagePullSecrets" -}} +{{- if .Values.imagePullSecrets }} +imagePullSecrets: +{{- toYaml .Values.imagePullSecrets | nindent 0 }} +{{- end -}} +{{- end -}} diff --git a/deployments/liqo/templates/liqo-controller-manager-deployment.yaml b/deployments/liqo/templates/liqo-controller-manager-deployment.yaml index 67235469a2..c0c34c9dac 100644 --- a/deployments/liqo/templates/liqo-controller-manager-deployment.yaml +++ b/deployments/liqo/templates/liqo-controller-manager-deployment.yaml @@ -39,6 +39,7 @@ spec: securityContext: {{- include "liqo.podSecurityContext" . | nindent 8 }} serviceAccountName: {{ include "liqo.prefixedName" $ctrlManagerConfig }} + {{- include "liqo.imagePullSecrets" . | nindent 6 }} containers: - image: {{ .Values.controllerManager.image.name }}{{ include "liqo.suffix" $ctrlManagerConfig }}:{{ include "liqo.version" $ctrlManagerConfig }} imagePullPolicy: {{ .Values.pullPolicy }} diff --git a/deployments/liqo/templates/liqo-crd-replicator-deployment.yaml b/deployments/liqo/templates/liqo-crd-replicator-deployment.yaml index fd76e83456..068f0d9d3b 100644 --- a/deployments/liqo/templates/liqo-crd-replicator-deployment.yaml +++ b/deployments/liqo/templates/liqo-crd-replicator-deployment.yaml @@ -26,6 +26,7 @@ spec: securityContext: {{- include "liqo.podSecurityContext" . | nindent 8 }} serviceAccountName: {{ include "liqo.prefixedName" $crdReplicatorConfig }} + {{- include "liqo.imagePullSecrets" . | nindent 6 }} containers: - image: {{ .Values.crdReplicator.image.name }}{{ include "liqo.suffix" $crdReplicatorConfig }}:{{ include "liqo.version" $crdReplicatorConfig }} imagePullPolicy: {{ .Values.pullPolicy }} diff --git a/deployments/liqo/templates/liqo-fabric-daemonset.yaml b/deployments/liqo/templates/liqo-fabric-daemonset.yaml index 24f70591dc..af0c22e39c 100644 --- a/deployments/liqo/templates/liqo-fabric-daemonset.yaml +++ b/deployments/liqo/templates/liqo-fabric-daemonset.yaml @@ -38,6 +38,7 @@ spec: {{- toYaml .Values.networking.fabric.tolerations | nindent 8 }} {{- end }} serviceAccountName: {{ include "liqo.prefixedName" $fabricConfig }} + {{- include "liqo.imagePullSecrets" . | nindent 6 }} containers: - image: {{ .Values.networking.fabric.image.name }}{{ include "liqo.suffix" $fabricConfig }}:{{ include "liqo.version" $fabricConfig }} imagePullPolicy: {{ .Values.pullPolicy }} diff --git a/deployments/liqo/templates/liqo-ipam-deployment.yaml b/deployments/liqo/templates/liqo-ipam-deployment.yaml index 5cd8a80145..85df48b02a 100644 --- a/deployments/liqo/templates/liqo-ipam-deployment.yaml +++ b/deployments/liqo/templates/liqo-ipam-deployment.yaml @@ -29,6 +29,7 @@ spec: securityContext: {{- include "liqo.podSecurityContext" . | nindent 8 }} serviceAccountName: {{ include "liqo.prefixedName" $ipamConfig }} + {{- include "liqo.imagePullSecrets" . | nindent 6 }} containers: - image: {{ .Values.ipam.internal.image.name }}{{ include "liqo.suffix" $ipamConfig }}:{{ include "liqo.version" $ipamConfig }} imagePullPolicy: {{ .Values.pullPolicy }} diff --git a/deployments/liqo/templates/liqo-metric-agent-deployment.yaml b/deployments/liqo/templates/liqo-metric-agent-deployment.yaml index 48ff591988..8bc0fad30b 100644 --- a/deployments/liqo/templates/liqo-metric-agent-deployment.yaml +++ b/deployments/liqo/templates/liqo-metric-agent-deployment.yaml @@ -31,6 +31,7 @@ spec: securityContext: {{- include "liqo.podSecurityContext" . | nindent 8 }} serviceAccountName: {{ include "liqo.prefixedName" $metricConfig }} + {{- include "liqo.imagePullSecrets" . | nindent 6 }} initContainers: - name: {{ $certConfig.name }} imagePullPolicy: {{ .Values.pullPolicy }} diff --git a/deployments/liqo/templates/liqo-proxy-deployment.yaml b/deployments/liqo/templates/liqo-proxy-deployment.yaml index 6e9e06f69f..95b695e3b1 100644 --- a/deployments/liqo/templates/liqo-proxy-deployment.yaml +++ b/deployments/liqo/templates/liqo-proxy-deployment.yaml @@ -27,6 +27,7 @@ spec: spec: securityContext: {{- include "liqo.podSecurityContext" . | nindent 8 }} + {{- include "liqo.imagePullSecrets" . | nindent 6 }} containers: - image: {{ .Values.proxy.image.name }}{{ include "liqo.suffix" $proxyConfig }}:{{ include "liqo.version" $proxyConfig }} imagePullPolicy: {{ .Values.pullPolicy }} diff --git a/deployments/liqo/templates/liqo-telemetry-cronjob.yaml b/deployments/liqo/templates/liqo-telemetry-cronjob.yaml index 62264d4663..4293794c78 100644 --- a/deployments/liqo/templates/liqo-telemetry-cronjob.yaml +++ b/deployments/liqo/templates/liqo-telemetry-cronjob.yaml @@ -34,6 +34,7 @@ spec: securityContext: {{- include "liqo.podSecurityContext" . | nindent 12 }} serviceAccountName: {{ include "liqo.prefixedName" $telemetryCronConfig }} + {{- include "liqo.imagePullSecrets" . | nindent 10 }} restartPolicy: Never containers: - image: {{ .Values.telemetry.image.name }}{{ include "liqo.suffix" $telemetryCronConfig }}:{{ include "liqo.version" $telemetryCronConfig }} diff --git a/deployments/liqo/templates/liqo-vk-options-template.yaml b/deployments/liqo/templates/liqo-vk-options-template.yaml index 6d42a50835..3664dcfec0 100644 --- a/deployments/liqo/templates/liqo-vk-options-template.yaml +++ b/deployments/liqo/templates/liqo-vk-options-template.yaml @@ -41,6 +41,10 @@ spec: annotationsNotReflected: {{- toYaml .Values.offloading.reflection.skip.annotations | nindent 4 }} {{- end }} + {{- if .Values.pullPolicy }} + pullPolicy: {{ .Values.pullPolicy }} + {{- end }} + {{- include "liqo.imagePullSecrets" . | nindent 2 }} reflectorsConfig: pod: workers: {{ .Values.offloading.reflection.pod.workers }} diff --git a/deployments/liqo/templates/liqo-webhook-deployment.yaml b/deployments/liqo/templates/liqo-webhook-deployment.yaml index 43eecc026f..e83d02c23a 100644 --- a/deployments/liqo/templates/liqo-webhook-deployment.yaml +++ b/deployments/liqo/templates/liqo-webhook-deployment.yaml @@ -38,6 +38,7 @@ spec: securityContext: {{- include "liqo.podSecurityContext" . | nindent 8 }} serviceAccountName: {{ include "liqo.prefixedName" $webhookConfig }} + {{- include "liqo.imagePullSecrets" . | nindent 6 }} containers: - image: {{ .Values.webhook.image.name }}{{ include "liqo.suffix" $webhookConfig }}:{{ include "liqo.version" $webhookConfig }} imagePullPolicy: {{ .Values.pullPolicy }} diff --git a/deployments/liqo/templates/liqo-wireguard-gateway-client-template.yaml b/deployments/liqo/templates/liqo-wireguard-gateway-client-template.yaml index 0da2bf820a..e0326b3a1e 100644 --- a/deployments/liqo/templates/liqo-wireguard-gateway-client-template.yaml +++ b/deployments/liqo/templates/liqo-wireguard-gateway-client-template.yaml @@ -37,6 +37,7 @@ spec: spec: serviceAccount: "{{"{{ .Name }}"}}" serviceAccountName: "{{"{{ .Name }}"}}" + {{- include "liqo.imagePullSecrets" . | nindent 14 }} containers: - name: gateway image: {{ .Values.networking.gatewayTemplates.container.gateway.image.name }}{{ include "liqo.suffix" $gatewayConfig }}:{{ include "liqo.version" $gatewayConfig }} diff --git a/deployments/liqo/templates/liqo-wireguard-gateway-server-template-eks.yaml b/deployments/liqo/templates/liqo-wireguard-gateway-server-template-eks.yaml index fca518e47b..4d15644357 100644 --- a/deployments/liqo/templates/liqo-wireguard-gateway-server-template-eks.yaml +++ b/deployments/liqo/templates/liqo-wireguard-gateway-server-template-eks.yaml @@ -64,6 +64,7 @@ spec: spec: serviceAccount: "{{"{{ .Name }}"}}" serviceAccountName: "{{"{{ .Name }}"}}" + {{- include "liqo.imagePullSecrets" . | nindent 14 }} containers: - name: gateway image: {{ .Values.networking.gatewayTemplates.container.gateway.image.name }}{{ include "liqo.suffix" $gatewayConfig }}:{{ include "liqo.version" $gatewayConfig }} diff --git a/deployments/liqo/templates/liqo-wireguard-gateway-server-template.yaml b/deployments/liqo/templates/liqo-wireguard-gateway-server-template.yaml index 11fa856e1e..2184585613 100644 --- a/deployments/liqo/templates/liqo-wireguard-gateway-server-template.yaml +++ b/deployments/liqo/templates/liqo-wireguard-gateway-server-template.yaml @@ -57,6 +57,7 @@ spec: spec: serviceAccount: "{{"{{ .Name }}"}}" serviceAccountName: "{{"{{ .Name }}"}}" + {{- include "liqo.imagePullSecrets" . | nindent 14 }} containers: - name: gateway image: {{ .Values.networking.gatewayTemplates.container.gateway.image.name }}{{ include "liqo.suffix" $gatewayConfig }}:{{ include "liqo.version" $gatewayConfig }} diff --git a/deployments/liqo/templates/pre-delete-job.yaml b/deployments/liqo/templates/pre-delete-job.yaml index 7b64f35a7c..ff3a83f045 100644 --- a/deployments/liqo/templates/pre-delete-job.yaml +++ b/deployments/liqo/templates/pre-delete-job.yaml @@ -26,6 +26,7 @@ spec: {{- include "liqo.podSecurityContext" . | nindent 8 }} restartPolicy: Never serviceAccountName: {{ include "liqo.prefixedName" $predelete}} + {{- include "liqo.imagePullSecrets" . | nindent 6 }} containers: - name: pre-delete-job image: {{ .Values.uninstaller.image.name }}{{ include "liqo.suffix" $predelete }}:{{ include "liqo.version" $predelete }} diff --git a/deployments/liqo/values.yaml b/deployments/liqo/values.yaml index 1e9aaffc7a..ab72610934 100644 --- a/deployments/liqo/values.yaml +++ b/deployments/liqo/values.yaml @@ -10,6 +10,13 @@ nameOverride: "" # -- Override the standard full name used by Helm and associated to Kubernetes/Liqo resources. fullnameOverride: "" +# -- Image pull policy for all Liqo containers +pullPolicy: IfNotPresent + +# -- Image pull secrets for all Liqo containers +imagePullSecrets: [] +# - name: regcred + metrics: # -- Enable/Disable the metrics server in every liqo component. enabled: false @@ -289,9 +296,6 @@ storage: # -- Namespace where liqo will deploy specific PVCs. Internal parameter, do not change. storageNamespace: liqo-storage -# -- The pullPolicy for liqo pods. -pullPolicy: "IfNotPresent" - common: # -- NodeSelector for all liqo pods, excluding virtual kubelet. nodeSelector: {} diff --git a/pkg/vkMachinery/forge/forge.go b/pkg/vkMachinery/forge/forge.go index 0e31266aac..aed9b4f79b 100644 --- a/pkg/vkMachinery/forge/forge.go +++ b/pkg/vkMachinery/forge/forge.go @@ -133,13 +133,19 @@ func forgeVKContainers( }) } + pullPolicy := v1.PullIfNotPresent + if opts.Spec.PullPolicy != "" { + pullPolicy = opts.Spec.PullPolicy + } + return []v1.Container{ { - Name: vk.ContainerName, - Resources: opts.Spec.Resources, - Image: opts.Spec.ContainerImage, - Command: command, - Args: args, + Name: vk.ContainerName, + Resources: opts.Spec.Resources, + Image: opts.Spec.ContainerImage, + ImagePullPolicy: pullPolicy, + Command: command, + Args: args, Env: []v1.EnvVar{ { Name: "POD_IP", @@ -172,6 +178,7 @@ func forgeVKPodSpec(vkNamespace string, homeCluster liqov1beta1.ClusterID, local virtualNode.Spec.StorageClasses, virtualNode.Spec.IngressClasses, virtualNode.Spec.LoadBalancerClasses, opts), ServiceAccountName: virtualNode.Name, + ImagePullSecrets: opts.Spec.ImagePullSecrets, } }