diff --git a/class/defaults.yml b/class/defaults.yml index b0b15c2..ed29587 100644 --- a/class/defaults.yml +++ b/class/defaults.yml @@ -1,4 +1,4 @@ parameters: openshift4_config: =_metadata: {} - namespace: syn-openshift4-config + globalPullSecret: null diff --git a/component/main.jsonnet b/component/main.jsonnet index ce38053..7b13b65 100644 --- a/component/main.jsonnet +++ b/component/main.jsonnet @@ -5,6 +5,16 @@ local inv = kap.inventory(); // The hiera parameters for the component local params = inv.parameters.openshift4_config; +local dockercfg = kube.Secret('pull-secret') { + metadata+: { + namespace: 'openshift-config', + }, + stringData+: { + '.dockerconfigjson': params.globalPullSecret, + }, +}; + // Define outputs below { + [if params.globalPullSecret != null then '01_dockercfg']: dockercfg, } diff --git a/docs/modules/ROOT/pages/index.adoc b/docs/modules/ROOT/pages/index.adoc index 9dfbdf0..ac8a41d 100644 --- a/docs/modules/ROOT/pages/index.adoc +++ b/docs/modules/ROOT/pages/index.adoc @@ -2,4 +2,6 @@ openshift4-config is a Commodore component to manage openshift4-config. +Currently, this component can manage the global cluster pull secret as described in the https://docs.openshift.com/container-platform/latest/openshift_images/managing_images/using-image-pull-secrets.html#images-update-global-pull-secret_using-image-pull-secret[OpenShift documentation]. + See the xref:references/parameters.adoc[parameters] reference for further details. diff --git a/docs/modules/ROOT/pages/references/parameters.adoc b/docs/modules/ROOT/pages/references/parameters.adoc index 14284ef..04c99d6 100644 --- a/docs/modules/ROOT/pages/references/parameters.adoc +++ b/docs/modules/ROOT/pages/references/parameters.adoc @@ -1,19 +1,22 @@ = Parameters -The parent key for all of the following parameters is `openshift4_config`. +The parent key for all the following parameters is `openshift4_config`. -== `namespace` +== `globalPullSecret` [horizontal] type:: string -default:: `syn-openshift4-config` +default:: null -The namespace in which to deploy this component. +A Vault reference pointing to the Vault secret containing the docker configuration file in JSON format. +If the parameter is null, the component doesn't manage the cluster's global pull secret. +The component writes the value of this parameter into the field `.dockerconfigjson` of the secret `pull-secret` in namespace `openshift-config`. -== Example +See the OpenShift documentation for more details on https://docs.openshift.com/container-platform/latest/openshift_images/managing_images/using-image-pull-secrets.html#images-update-global-pull-secret_using-image-pull-secret[managing the cluster's global pull secret]. -[source,yaml] ----- -namespace: example-namespace ----- +[IMPORTANT] +==== +You need to make sure that the existing pull secrets present on a cluster (deployed by the OpenShift installer) are included in the configuration deployed by this component. +Otherwise, OpenShift cluster services may stop working because their respective container images can't be downloaded anymore. +==== diff --git a/tests/defaults.yml b/tests/defaults.yml index a4da5b7..4390f59 100644 --- a/tests/defaults.yml +++ b/tests/defaults.yml @@ -1,3 +1,3 @@ -# Overwrite parameters here - -# parameters: {...} +parameters: + openshift4_config: + globalPullSecret: ?{vaultkv:${customer:name}/${cluster:name}/openshift4-config/dockercfg} diff --git a/tests/golden/defaults/openshift4-config/openshift4-config/01_dockercfg.yaml b/tests/golden/defaults/openshift4-config/openshift4-config/01_dockercfg.yaml new file mode 100644 index 0000000..14cb440 --- /dev/null +++ b/tests/golden/defaults/openshift4-config/openshift4-config/01_dockercfg.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +data: {} +kind: Secret +metadata: + annotations: {} + labels: + name: pull-secret + name: pull-secret + namespace: openshift-config +stringData: + .dockerconfigjson: t-silent-test-1234/c-green-test-1234/openshift4-config/dockercfg +type: Opaque