Skip to content

Commit

Permalink
Merge pull request #1 from appuio/feature/cluster-pull-secret
Browse files Browse the repository at this point in the history
Add global cluster pull secret support
  • Loading branch information
zugao authored Feb 14, 2022
2 parents 65a2fbd + 6dcc83e commit 1161101
Show file tree
Hide file tree
Showing 6 changed files with 40 additions and 13 deletions.
2 changes: 1 addition & 1 deletion class/defaults.yml
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
parameters:
openshift4_config:
=_metadata: {}
namespace: syn-openshift4-config
globalPullSecret: null
10 changes: 10 additions & 0 deletions component/main.jsonnet
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,16 @@ local inv = kap.inventory();
// The hiera parameters for the component
local params = inv.parameters.openshift4_config;

local dockercfg = kube.Secret('pull-secret') {
metadata+: {
namespace: 'openshift-config',
},
stringData+: {
'.dockerconfigjson': params.globalPullSecret,
},
};

// Define outputs below
{
[if params.globalPullSecret != null then '01_dockercfg']: dockercfg,
}
2 changes: 2 additions & 0 deletions docs/modules/ROOT/pages/index.adoc
Original file line number Diff line number Diff line change
Expand Up @@ -2,4 +2,6 @@

openshift4-config is a Commodore component to manage openshift4-config.

Currently, this component can manage the global cluster pull secret as described in the https://docs.openshift.com/container-platform/latest/openshift_images/managing_images/using-image-pull-secrets.html#images-update-global-pull-secret_using-image-pull-secret[OpenShift documentation].

See the xref:references/parameters.adoc[parameters] reference for further details.
21 changes: 12 additions & 9 deletions docs/modules/ROOT/pages/references/parameters.adoc
Original file line number Diff line number Diff line change
@@ -1,19 +1,22 @@
= Parameters

The parent key for all of the following parameters is `openshift4_config`.
The parent key for all the following parameters is `openshift4_config`.

== `namespace`
== `globalPullSecret`

[horizontal]
type:: string
default:: `syn-openshift4-config`
default:: null

The namespace in which to deploy this component.
A Vault reference pointing to the Vault secret containing the docker configuration file in JSON format.
If the parameter is null, the component doesn't manage the cluster's global pull secret.

The component writes the value of this parameter into the field `.dockerconfigjson` of the secret `pull-secret` in namespace `openshift-config`.

== Example
See the OpenShift documentation for more details on https://docs.openshift.com/container-platform/latest/openshift_images/managing_images/using-image-pull-secrets.html#images-update-global-pull-secret_using-image-pull-secret[managing the cluster's global pull secret].

[source,yaml]
----
namespace: example-namespace
----
[IMPORTANT]
====
You need to make sure that the existing pull secrets present on a cluster (deployed by the OpenShift installer) are included in the configuration deployed by this component.
Otherwise, OpenShift cluster services may stop working because their respective container images can't be downloaded anymore.
====
6 changes: 3 additions & 3 deletions tests/defaults.yml
Original file line number Diff line number Diff line change
@@ -1,3 +1,3 @@
# Overwrite parameters here

# parameters: {...}
parameters:
openshift4_config:
globalPullSecret: ?{vaultkv:${customer:name}/${cluster:name}/openshift4-config/dockercfg}
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
apiVersion: v1
data: {}
kind: Secret
metadata:
annotations: {}
labels:
name: pull-secret
name: pull-secret
namespace: openshift-config
stringData:
.dockerconfigjson: t-silent-test-1234/c-green-test-1234/openshift4-config/dockercfg
type: Opaque

0 comments on commit 1161101

Please sign in to comment.