Flyte-core add missing imagePullSecrets support

- The console doesn't have / need a ServiceAccount, but it still needs credentials to be able to pull image from security registries Add a new imagePullSecrets value for that - The webhook ServiceAccount didn't have the correct imagePullSecrets set, so similarly could not pull images from security registries. Use the propeller settings Signed-off-by: ddl-ebrown <[email protected]>
flyteorg · Feb 1, 2024 · f22e627 · f22e627
1 parent 2794894
commit f22e627
Show file tree

Hide file tree

Showing 4 changed files with 10 additions and 0 deletions.
diff --git a/charts/flyte-core/README.md b/charts/flyte-core/README.md
@@ -195,6 +195,7 @@ helm install gateway bitnami/contour -n flyte
 | flyteconsole.image.pullPolicy | string | `"IfNotPresent"` |  |
 | flyteconsole.image.repository | string | `"cr.flyte.org/flyteorg/flyteconsole"` | Docker image for Flyteconsole deployment |
 | flyteconsole.image.tag | string | `"v1.10.2"` |  |
+| flyteconsole.imagePullSecrets | list | `[]` | ImagePullSecrets to assign to the Flyteconsole deployment |
 | flyteconsole.nodeSelector | object | `{}` | nodeSelector for Flyteconsole deployment |
 | flyteconsole.podAnnotations | object | `{}` | Annotations for Flyteconsole pods |
 | flyteconsole.podEnv | object | `{}` | Additional Flyteconsole container environment variables |

diff --git a/charts/flyte-core/templates/console/deployment.yaml b/charts/flyte-core/templates/console/deployment.yaml
@@ -18,6 +18,10 @@ spec:
         {{- end }}
       labels: {{ include "flyteconsole.podLabels" . | nindent 8 }}
     spec:
+    {{- with .Values.flyteconsole.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+    {{- end }}
       securityContext:
         runAsUser: 1000
         fsGroupChangePolicy: "OnRootMismatch"

diff --git a/charts/flyte-core/templates/propeller/webhook.yaml b/charts/flyte-core/templates/propeller/webhook.yaml
@@ -154,6 +154,9 @@ metadata:
   annotations: {{ tpl (toYaml .) $ | nindent 4 }}
   {{- end}}
 {{- end }}
+  {{- with .Values.webhook.serviceAccount.imagePullSecrets }}
+imagePullSecrets: {{ tpl (toYaml .) $ | nindent 2 }}
+  {{- end }}
 ---
 # Create a binding from Role -> ServiceAccount
 kind: ClusterRoleBinding

diff --git a/charts/flyte-core/values.yaml b/charts/flyte-core/values.yaml
@@ -374,6 +374,8 @@ flyteconsole:
     tracking_id: "G-0QW4DJWJ20"
   # -- Sets priorityClassName for flyte console pod(s).
   priorityClassName: ""
+   # -- ImagePullSecrets to assign to the Flyteconsole deployment
+  imagePullSecrets: []
 
 # It will enable the redoc route in ingress
 deployRedoc: false