-
Notifications
You must be signed in to change notification settings - Fork 352
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat(deployment): Enhance Docker ImagePull Secrets Configuration #1754
base: main
Are you sure you want to change the base?
Conversation
@janavenkat thanks for the PR, Lets extend the imagePullSecret configuration to operator deployment model as well. Let me know if anything is needed from my side. |
Sure will add changes for operator as well. |
1a6e8ba
to
964e27b
Compare
Added for Operator as well |
692973b
to
0f91131
Compare
@rksharma95 @daemon1024 , can you please review this PR? Thanks |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@janavenkat changes looks good assuming that kubearmor helm chart is being used to deploy.
operator uses get pkg to generate kubearmor resources and it will require to add this change there to be in effect.
we've a in-progress action item of major refactoring of kubearmor-operator #1779 we can take care of this feature request as part of it. thanks for your suggestion
0f91131
to
2b8ccc5
Compare
@rksharma95 @daemon1024 can we merge this PR? |
a4415d5
to
8d91905
Compare
8d91905
to
d7df377
Compare
d7df377
to
e17d69f
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
please remove default tolerations present in daemonset, which make kubearmor available in tainted nodes, without explicitly adding toleration for them.
default toleration is:
tolerations:
- operator: Exists
EDIT: we need kubearmor on every node initially in case no toleration is explicitly defined through
kubearmorconfig
, therefore we are not removing the default toleration present.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Initially when we define globalTolerations
and globalImagePullSecrets
through kubearmorconfig it is not reflected in deployments or daemonset, after some update in config when we again apply it, then it is getting reflected.
After reflecting the changes in deployments and daemonset, I've seen expected behaviour.
Kindly look into this as well.
e17d69f
to
c3f0710
Compare
d21c760
to
653c303
Compare
891eece
to
40e2647
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM, please fix the ci
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please take a look at the ci changes, one test is failing constantly while running kubearmor.
c7ce3bc
to
af983ca
Compare
In larger production environments, we may get rate-limited by Docker Hub for a lot of image pulls. So, I've added an option for providing the Docker pull secret name to avoid rate limits. Signed-off-by: Jana <vjanarthanan6@gmail.com> Signed-off-by: Jana <janarthanan@ticketswap.com>
Signed-off-by: rksharma95 <ramakant@accuknox.com>
Signed-off-by: rksharma95 <ramakant@accuknox.com>
Signed-off-by: rksharma95 <ramakant@accuknox.com>
af983ca
to
771c253
Compare
In larger production environments, we may get rate-limited by Docker Hub for a lot of image pulls. So, I've added an option for providing the Docker pull secret name to avoid rate limits.
Purpose of PR?:
Add option for passing docker pull secrets in helm template
Does this PR introduce a breaking change?
No
**If the changes in this PR are manually verified, list down the scenarios covered::
Using helm template
Checklist:
<type>(<scope>): <subject>