diff --git a/interlink/templates/tests/test-connection.yaml b/interlink/templates/tests/test-connection.yaml index 37f34e0..cd14877 100644 --- a/interlink/templates/tests/test-connection.yaml +++ b/interlink/templates/tests/test-connection.yaml @@ -2,15 +2,19 @@ apiVersion: v1 kind: Pod metadata: name: "{{ include "interlink.fullname" . }}-test-connection" + namespace: {{ .Release.Namespace}} labels: {{- include "interlink.labels" . | nindent 4 }} annotations: "helm.sh/hook": test spec: serviceAccountName: {{ .Release.Name }}-test + imagePullSecrets: +{{ toYaml .Values.global.images.pullSecrets | indent 4 }} containers: - name: kubectl - image: bitnami/kubectl + image: "{{ .Values.interlinkTestConnection.image.registry }}/{{ .Values.interlinkTestConnection.image.repository}}:{{ .Values.interlinkTestConnection.image.tag }}" + imagePullPolicy: "{{ .Values.global.images.pullPolicy }}" command: ['sh', '-c'] args: - > @@ -25,13 +29,15 @@ spec: apiVersion: v1 kind: ServiceAccount metadata: - name: {{ .Release.Name }}-test + name: {{ .Release.Name }}-test + namespace: {{ .Release.Namespace}} --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: {{ .Release.Name }}-node-reader + namespace: {{ .Release.Namespace}} rules: - apiGroups: [""] resources: ["nodes"] @@ -42,10 +48,10 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: {{ .Release.Name }}-read-nodes + namespace: {{ .Release.Namespace}} subjects: - kind: ServiceAccount - name: {{ .Release.Name }}-test - namespace: {{ .Release.Namespace }} + name: {{ .Release.Name }}-test roleRef: kind: Role name: {{ .Release.Name }}-node-reader diff --git a/interlink/templates/virtual-kubelet-config.yaml b/interlink/templates/virtual-kubelet-config.yaml index 67c49d8..06b488e 100644 --- a/interlink/templates/virtual-kubelet-config.yaml +++ b/interlink/templates/virtual-kubelet-config.yaml @@ -20,8 +20,8 @@ data: KubernetesApiPort: {{.Values.interlink.kubernetesApiPort | quote }} {{- end }} {{- if .Values.interlink.kubernetesApiCaCrt }} - KubernetesApiCaCrt: | - {{.Values.interlink.kubernetesApiCaCrt | indent 6}} + KubernetesApiCaCrt: |{{ printf "\n" }} + {{- .Values.interlink.kubernetesApiCaCrt | indent 6}} {{- end }} {{- if .Values.interlink.disableProjectedVolumes }} DisableProjectedVolumes: {{.Values.interlink.disableProjectedVolumes }} @@ -69,7 +69,7 @@ data: {{- end }} Network: EnableTunnel: {{.Values.virtualNode.network.enableTunnel | default false}} - TunnelImage: {{.Values.virtualNode.network.tunnelImage | default "ghcr.io/erebe/wstunnel:latest" | quote}} + TunnelImage: {{ with .Values.virtualNode.network.tunnelImage }}{{ .registry }}{{ .repository }}:{{ .tag }}{{ end }} WildcardDNS: {{.Values.virtualNode.network.wildcardDNS | default "" | quote}} WstunnelTemplatePath: {{.Values.virtualNode.network.wstunnelTemplatePath | default "/etc/templates/wstunnel.yaml" | quote}} WstunnelCommand: {{ .Values.virtualNode.network.wstunnelCommand | quote }} @@ -145,6 +145,10 @@ metadata: name: "{{ .Values.nodeName }}-plugin-config" namespace: {{ .Release.Namespace }} data: - plugin.yaml: | -{{ .Values.plugin.config | indent 4 }} + plugin.yaml: |{{ printf "\n" }} + {{- if kindIs "string" .Values.plugin.config }} + {{- .Values.plugin.config | indent 4 }} + {{- else }} + {{- .Values.plugin.config | toYaml | indent 4 }} + {{- end }} {{- end }} diff --git a/interlink/templates/virtual-kubelet.yaml b/interlink/templates/virtual-kubelet.yaml index 312f4db..71ebbad 100644 --- a/interlink/templates/virtual-kubelet.yaml +++ b/interlink/templates/virtual-kubelet.yaml @@ -26,11 +26,13 @@ spec: tolerations: {{- toYaml . | nindent 8 }} {{- end }} + imagePullSecrets: +{{ toYaml .Values.global.images.pullSecrets | indent 8 }} containers: {{- if .Values.plugin.enabled }} - name: plugin - image: "{{.Values.plugin.image}}" - imagePullPolicy: Always + image: "{{ with .Values.plugin.image }}{{ .registry }}{{ .repository }}:{{ .tag }}{{ end }}" + imagePullPolicy: "{{ if .Values.plugin.image.pullPolicy }}{{ .Values.plugin.image.pullPolicy }}{{ else }}{{ .Values.global.images.pullPolicy }}{{ end }}" {{- if .Values.plugin.privileged }} securityContext: privileged: true @@ -61,8 +63,8 @@ spec: {{- end }} {{- if .Values.interlink.enabled }} - name: interlink - image: "{{.Values.interlink.image}}" - imagePullPolicy: Always + image: "{{ with .Values.interlink.image }}{{ .registry }}{{ .repository }}:{{ .tag }}{{ end }}" + imagePullPolicy: "{{ .Values.global.images.pullPolicy }}" env: - name: INTERLINKCONFIGPATH value: "/etc/interlink/InterLinkConfig.yaml" @@ -83,8 +85,8 @@ spec: {{- end }} {{- end }} - name: vk - image: {{.Values.virtualNode.image}} - imagePullPolicy: Always + image: "{{ with .Values.virtualNode.image }}{{ .registry }}{{ .repository }}:{{ .tag }}{{ end }}" + imagePullPolicy: "{{ .Values.global.images.pullPolicy }}" env: - name: NODENAME value: {{.Values.nodeName}} @@ -140,8 +142,8 @@ spec: {{- end }} {{- if .Values.OAUTH.enabled }} - name: refresh-token - image: "{{.Values.OAUTH.image}}" - imagePullPolicy: Always + image: "{{ with .Values.OAUTH.image }}{{ .registry }}{{ .repository }}:{{ .tag }}{{ end }}" + imagePullPolicy: "{{ .Values.global.images.pullPolicy }}" env: - name: IAM_TOKEN_ENDPOINT value: {{.Values.OAUTH.TokenURL}} @@ -177,8 +179,8 @@ spec: {{- end }} {{- if .Values.sshBastion.enabled }} - name: ssh-bastion - image: "{{.Values.sshBastion.image}}" - imagePullPolicy: Always + image: "{{ with .Values.sshBastion.image }}{{ .registry }}{{ .repository }}:{{ .tag }}{{ end }}" + imagePullPolicy: "{{ .Values.global.images.pullPolicy }}" ports: - containerPort: 2222 - containerPort: 22 diff --git a/interlink/values.yaml b/interlink/values.yaml index a69d102..8db4e1b 100644 --- a/interlink/values.yaml +++ b/interlink/values.yaml @@ -4,8 +4,19 @@ nodeName: virtual-node +global: + images: + # -- imagePullPolicy to apply to all containers + pullPolicy: Always + # -- Secrets with credentials to pull images from a private registry + # Eg: pullSecrets: [ name: pull-secret1, name: pull-secret2 ] + pullSecrets: [] + interlink: - image: ghcr.io/interlink-hq/interlink/interlink:latest + image: + registry: "ghcr.io/" + repository: "interlink-hq/interlink/interlink" + tag: "latest" enabled: false exportPodData: false dataRootVolume: "" @@ -48,8 +59,17 @@ interlink: # apptainer_options: {} # volume_options: {} +interlinkTestConnection: + image: + registry: "docker.io/" + repository: "bitnami/kubectl" + tag: "latest" + virtualNode: - image: ghcr.io/interlink-hq/interlink/virtual-kubelet-inttw:latest + image: + registry: "ghcr.io/" + repository: "interlink-hq/interlink/virtual-kubelet-inttw" + tag: "latest" resources: CPUs: 8 memGiB: 49 @@ -96,7 +116,10 @@ virtualNode: # Enable tunnel feature (creates wstunnel template ConfigMap) enableTunnel: false # Container image for wstunnel - tunnelImage: "ghcr.io/erebe/wstunnel:latest" + tunnelImage: + registry: "ghcr.io/" + repository: "erebe/wstunnel" + tag: "latest" # DNS domain for ingress (e.g., "example.com") wildcardDNS: "" # Path where wstunnel template will be mounted in VK container @@ -110,7 +133,12 @@ virtualNode: plugin: enabled: false - image: "" + image: + registry: "" + repository: "" + tag: "" + # if defined, overrides global.images.pullPolicy + pullPolicy: null command: [] args: [] # content of the "config" will be mounted as /etc/interlink/plugin.yaml @@ -132,7 +160,10 @@ plugin: sshBastion: enabled: false - image: lscr.io/linuxserver/openssh-server:latest + image: + registry: "lscr.io/" + repository: "linuxserver/openssh-server" + tag: "latest" clientKeys: authorizedKeys: "" keysURL: "" @@ -148,7 +179,10 @@ sshBastion: # disable OAUTH when using sockets for communication in the in-cluster mode OAUTH: enabled: false - image: ghcr.io/interlink-hq/interlink/virtual-kubelet-inttw-refresh:latest + image: + registry: "ghcr.io/" + repository: "interlink-hq/interlink/virtual-kubelet-inttw-refresh" + tag: "latest" TokenURL: DUMMY ClientID: DUMMY ClientSecret: DUMMY