Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Allow specifying image pull secret #801

Merged
merged 14 commits into from
Aug 2, 2018
Merged

Allow specifying image pull secret #801

Show file tree
Hide file tree
Changes from 9 commits
Commits
Show all changes
14 commits
Select commit Hold shift + click to select a range
27d243f
allow specifying a image pull secret for the kubespawner
AlexMorreale Jul 30, 2018
f3e0da1
allow adding an image pull secret name via helm
AlexMorreale Jul 30, 2018
bb6612a
allow generating secret
AlexMorreale Jul 30, 2018
0088fd6
remove useless conditional
AlexMorreale Jul 31, 2018
241e78c
use name field
AlexMorreale Jul 31, 2018
b0da471
move regsecret to image-credential-secret and add labels to secret
AlexMorreale Jul 31, 2018
1412641
simplify using a pull secret
AlexMorreale Jul 31, 2018
72d201f
base64 encode in template for dockerconfigjson secret
AlexMorreale Jul 31, 2018
a94dd0d
use singleuser.image.pullSecret helper to create pullSecret
AlexMorreale Jul 31, 2018
cbc53aa
include > template
AlexMorreale Jul 31, 2018
fead3a8
add name prefix so that it will one day match kube-spawner code
AlexMorreale Aug 1, 2018
ffe59fa
move image pull secret up a level in chart.yml
AlexMorreale Aug 1, 2018
84d295d
add documentation for imagePullSecret for singleuser container
AlexMorreale Aug 2, 2018
1724563
add documentation about singluser imagePullPolicy
AlexMorreale Aug 2, 2018
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions images/hub/jupyterhub_config.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -48,6 +48,8 @@

c.KubeSpawner.image_pull_policy = get_config('singleuser.image-pull-policy')

c.KubeSpawner.image_pull_secrets = get_config('singleuser.image-pull-secret', None)

c.KubeSpawner.events_enabled = get_config('singleuser.events', False)

c.KubeSpawner.extra_labels = get_config('singleuser.extra-labels', {})
Expand Down
14 changes: 11 additions & 3 deletions jupyterhub/templates/_helpers.tpl
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@
generate some output based on one single dictionary of input that we call the
helpers scope. When you are in helm, you access your current scope with a
single a single punctuation (.).

When you ask a helper to render its content, one often forward the current
scope to the helper in order to allow it to access .Release.Name,
.Values.rbac.enabled and similar values.
Expand All @@ -27,7 +27,7 @@
To let a helper access the current scope along with additional values we have
opted to create dictionary containing additional values that is then populated
with additional values from the current scope through a the merge function.

#### Example - Passing a new scope augmented with the old
{{- $_ := merge (dict "appLabel" "kube-lego") . }}
{{- include "jupyterhub.matchLabels" $_ | nindent 6 }}
Expand Down Expand Up @@ -97,7 +97,7 @@
Used by "jupyterhub.labels" and "jupyterhub.nameField".

NOTE: The component label is determined by either...
- 1: The provided scope's .componentLabel
- 1: The provided scope's .componentLabel
- 2: The template's filename if living in the root folder
- 3: The template parent folder's name
- : ...and is combined with .componentPrefix and .componentSuffix
Expand Down Expand Up @@ -172,3 +172,11 @@ component: {{ include "jupyterhub.componentLabel" . }}
{{- $_ := merge (dict "componentLabel" "singleuser-server") . -}}
{{ include "jupyterhub.matchLabels" $_ | replace ": " "=" | replace "\n" "," | quote }}
{{- end }}

{{- /*
singleuser.image.pullSecret:
allows creating a base64 encoded docker registry json blob
*/}}
{{- define "singleuser.image.pullSecret" }}
{{- printf "{\"auths\": {\"%s\": {\"auth\": \"%s\"}}}" .Values.singleuser.image.pullSecret.registry (printf "%s:%s" .Values.singleuser.image.pullSecret.username .Values.singleuser.image.pullSecret.password | b64enc) | b64enc }}
{{- end }}
13 changes: 8 additions & 5 deletions jupyterhub/templates/hub/configmap.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -67,7 +67,7 @@ data:
auth.gitlab.client-secret: {{ .Values.auth.gitlab.clientSecret | quote }}
auth.gitlab.callback-url: {{ .Values.auth.gitlab.callbackUrl | quote }}
{{- end }}

{{- if eq .Values.auth.type "mediawiki" }}
auth.mediawiki.client-id: {{ .Values.auth.mediawiki.clientId | quote }}
auth.mediawiki.client-secret: {{ .Values.auth.mediawiki.clientSecret | quote }}
Expand All @@ -80,7 +80,7 @@ data:
auth.globus.callback-url: {{ .Values.auth.globus.callbackUrl | quote }}
auth.globus.identity-provider: {{ .Values.auth.globus.identityProvider | quote }}
{{- end }}

{{- if eq .Values.auth.type "lti" }}
auth.lti.consumers: |
{{- .Values.auth.lti.consumers | toYaml | trimSuffix "\n" | nindent 4 }}
Expand Down Expand Up @@ -108,7 +108,7 @@ data:
auth.ldap.dn.user.search-base: {{ .Values.auth.ldap.dn.user.searchBase | quote }}
auth.ldap.dn.user.attribute: {{ .Values.auth.ldap.dn.user.attribute | quote }}
{{- end }}

{{- if eq .Values.auth.type "dummy" }}
{{- if .Values.auth.dummy.password }}
auth.dummy.password: {{ .Values.auth.dummy.password | quote }}
Expand All @@ -133,6 +133,9 @@ data:
{{- .Values.singleuser.cloudMetadata | toYaml | trimSuffix "\n" | nindent 4 }}
singleuser.start-timeout: {{ .Values.singleuser.startTimeout | quote }}
singleuser.image-pull-policy: {{ .Values.singleuser.image.pullPolicy | quote }}
{{- if .Values.singleuser.image.pullSecret }}
singleuser.image-pull-secret: singleuser-image-credentials
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Oh thinking about it, let us not propagate this mistake in KubeSpawner but instead try to alleviate it by calling this image-pull-secret-name instead.

{{- end }}
{{- if .Values.singleuser.cmd }}
singleuser.cmd: {{ .Values.singleuser.cmd | quote }}
{{- end }}
Expand Down Expand Up @@ -190,8 +193,8 @@ data:
{{ $key | quote }}: {{ $value | quote }}
{{- end }}
{{- end }}


{{- /* KubeSpawner */}}
kubespawner.common-labels: |
{{- $_ := merge (dict "heritageLabel" "jupyterhub") . }}
Expand Down
12 changes: 12 additions & 0 deletions jupyterhub/templates/singleuser/image-credentials-secret.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
{{- if .Values.singleuser.image.pullSecret }}
kind: Secret
apiVersion: v1
metadata:
name: singleuser-image-credentials
labels:
{{- $_ := merge (dict "componentSuffix" "-image-credentials") . }}
{{- include "jupyterhub.labels" $_ | nindent 4 }}
type: kubernetes.io/dockerconfigjson
data:
.dockerconfigjson: {{ template "singleuser.image.pullSecret" . }}
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looking great! Helm is silly, they have two functions doing the same thing: template and include, but include is superior to template so we use it all over instead. In this case both will work fine though but Helms own best practices is to use include even though we actually copied this template from their tips and tricks haha :D

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

hehe ill update!

{{- end }}