From b28ebc9d7e39d6dd3a5be7cf3092b7f92d36eaf2 Mon Sep 17 00:00:00 2001 From: antoinetran Date: Thu, 24 Jul 2025 17:49:06 +0200 Subject: [PATCH 1/6] Fix #15 added private registry support: break image to 3 fields + added pullSecrets and pullPolicy => break image override compatibility test-connection with namespace Signed-off-by: antoinetran --- .../templates/tests/test-connection.yaml | 14 +++++-- interlink/templates/virtual-kubelet.yaml | 22 +++++----- interlink/values.yaml | 41 ++++++++++++++++--- 3 files changed, 57 insertions(+), 20 deletions(-) diff --git a/interlink/templates/tests/test-connection.yaml b/interlink/templates/tests/test-connection.yaml index 37f34e0..cd14877 100644 --- a/interlink/templates/tests/test-connection.yaml +++ b/interlink/templates/tests/test-connection.yaml @@ -2,15 +2,19 @@ apiVersion: v1 kind: Pod metadata: name: "{{ include "interlink.fullname" . }}-test-connection" + namespace: {{ .Release.Namespace}} labels: {{- include "interlink.labels" . | nindent 4 }} annotations: "helm.sh/hook": test spec: serviceAccountName: {{ .Release.Name }}-test + imagePullSecrets: +{{ toYaml .Values.global.images.pullSecrets | indent 4 }} containers: - name: kubectl - image: bitnami/kubectl + image: "{{ .Values.interlinkTestConnection.image.registry }}/{{ .Values.interlinkTestConnection.image.repository}}:{{ .Values.interlinkTestConnection.image.tag }}" + imagePullPolicy: "{{ .Values.global.images.pullPolicy }}" command: ['sh', '-c'] args: - > @@ -25,13 +29,15 @@ spec: apiVersion: v1 kind: ServiceAccount metadata: - name: {{ .Release.Name }}-test + name: {{ .Release.Name }}-test + namespace: {{ .Release.Namespace}} --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: {{ .Release.Name }}-node-reader + namespace: {{ .Release.Namespace}} rules: - apiGroups: [""] resources: ["nodes"] @@ -42,10 +48,10 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: {{ .Release.Name }}-read-nodes + namespace: {{ .Release.Namespace}} subjects: - kind: ServiceAccount - name: {{ .Release.Name }}-test - namespace: {{ .Release.Namespace }} + name: {{ .Release.Name }}-test roleRef: kind: Role name: {{ .Release.Name }}-node-reader diff --git a/interlink/templates/virtual-kubelet.yaml b/interlink/templates/virtual-kubelet.yaml index 312f4db..c7cd2e0 100644 --- a/interlink/templates/virtual-kubelet.yaml +++ b/interlink/templates/virtual-kubelet.yaml @@ -26,11 +26,13 @@ spec: tolerations: {{- toYaml . | nindent 8 }} {{- end }} + imagePullSecrets: +{{ toYaml .Values.global.images.pullSecrets | indent 8 }} containers: {{- if .Values.plugin.enabled }} - name: plugin - image: "{{.Values.plugin.image}}" - imagePullPolicy: Always + image: "{{ .Values.plugin.image.registry }}/{{ .Values.plugin.image.repository}}:{{ .Values.plugin.image.tag }}" + imagePullPolicy: "{{ .Values.global.images.pullPolicy }}" {{- if .Values.plugin.privileged }} securityContext: privileged: true @@ -61,8 +63,8 @@ spec: {{- end }} {{- if .Values.interlink.enabled }} - name: interlink - image: "{{.Values.interlink.image}}" - imagePullPolicy: Always + image: "{{ .Values.interlink.image.registry }}/{{ .Values.interlink.image.repository }}:{{ .Values.interlink.image.tag }}" + imagePullPolicy: "{{ .Values.global.images.pullPolicy }}" env: - name: INTERLINKCONFIGPATH value: "/etc/interlink/InterLinkConfig.yaml" @@ -83,8 +85,8 @@ spec: {{- end }} {{- end }} - name: vk - image: {{.Values.virtualNode.image}} - imagePullPolicy: Always + image: "{{ .Values.virtualNode.image.registry }}/{{ .Values.virtualNode.image.repository }}:{{ .Values.virtualNode.image.tag }}" + imagePullPolicy: "{{ .Values.global.images.pullPolicy }}" env: - name: NODENAME value: {{.Values.nodeName}} @@ -140,8 +142,8 @@ spec: {{- end }} {{- if .Values.OAUTH.enabled }} - name: refresh-token - image: "{{.Values.OAUTH.image}}" - imagePullPolicy: Always + image: "{{ .Values.OAUTH.image.registry }}/{{ .Values.OAUTH.image.repository }}:{{ .Values.OAUTH.image.tag }}" + imagePullPolicy: "{{ .Values.global.images.pullPolicy }}" env: - name: IAM_TOKEN_ENDPOINT value: {{.Values.OAUTH.TokenURL}} @@ -177,8 +179,8 @@ spec: {{- end }} {{- if .Values.sshBastion.enabled }} - name: ssh-bastion - image: "{{.Values.sshBastion.image}}" - imagePullPolicy: Always + image: "{{ .Values.sshBastion.image.registry }}/{{ .Values.sshBastion.image.repository }}:{{ .Values.sshBastion.image.tag }}" + imagePullPolicy: "{{ .Values.global.images.pullPolicy }}" ports: - containerPort: 2222 - containerPort: 22 diff --git a/interlink/values.yaml b/interlink/values.yaml index a69d102..d9f4479 100644 --- a/interlink/values.yaml +++ b/interlink/values.yaml @@ -4,8 +4,19 @@ nodeName: virtual-node +global: + images: + # -- imagePullPolicy to apply to all containers + pullPolicy: Always + # -- Secrets with credentials to pull images from a private registry + # Eg: pullSecrets: [ name: pull-secret1, name: pull-secret2 ] + pullSecrets: [] + interlink: - image: ghcr.io/interlink-hq/interlink/interlink:latest + image: + registry: "ghcr.io" + repository: "interlink-hq/interlink/interlink" + tag: "latest" enabled: false exportPodData: false dataRootVolume: "" @@ -48,8 +59,17 @@ interlink: # apptainer_options: {} # volume_options: {} +interlinkTestConnection: + image: + registry: "docker.io" + repository: "bitnami/kubectl" + tag: "latest" + virtualNode: - image: ghcr.io/interlink-hq/interlink/virtual-kubelet-inttw:latest + image: + registry: "ghcr.io" + repository: "interlink-hq/interlink/virtual-kubelet-inttw" + tag: "latest" resources: CPUs: 8 memGiB: 49 @@ -110,8 +130,11 @@ virtualNode: plugin: enabled: false - image: "" - command: [] + image: + registry: "" + repository: "" + tag: "" + commands: [] args: [] # content of the "config" will be mounted as /etc/interlink/plugin.yaml config: "" @@ -132,7 +155,10 @@ plugin: sshBastion: enabled: false - image: lscr.io/linuxserver/openssh-server:latest + image: + registry: "lscr.io" + repository: "linuxserver/openssh-server" + tag: "latest" clientKeys: authorizedKeys: "" keysURL: "" @@ -148,7 +174,10 @@ sshBastion: # disable OAUTH when using sockets for communication in the in-cluster mode OAUTH: enabled: false - image: ghcr.io/interlink-hq/interlink/virtual-kubelet-inttw-refresh:latest + image: + registry: "ghcr.io" + repository: "interlink-hq/interlink/virtual-kubelet-inttw-refresh" + tag: "latest" TokenURL: DUMMY ClientID: DUMMY ClientSecret: DUMMY From f9571e9e84fc8a959ec55454781a3f544ec20526 Mon Sep 17 00:00:00 2001 From: antoinetran Date: Fri, 25 Jul 2025 16:58:22 +0200 Subject: [PATCH 2/6] Fix #15 added private registry support: added wstunnel image + improv template Signed-off-by: antoinetran --- interlink/templates/virtual-kubelet-config.yaml | 2 +- interlink/templates/virtual-kubelet.yaml | 10 +++++----- interlink/values.yaml | 15 +++++++++------ 3 files changed, 15 insertions(+), 12 deletions(-) diff --git a/interlink/templates/virtual-kubelet-config.yaml b/interlink/templates/virtual-kubelet-config.yaml index 67c49d8..cb99b0f 100644 --- a/interlink/templates/virtual-kubelet-config.yaml +++ b/interlink/templates/virtual-kubelet-config.yaml @@ -69,7 +69,7 @@ data: {{- end }} Network: EnableTunnel: {{.Values.virtualNode.network.enableTunnel | default false}} - TunnelImage: {{.Values.virtualNode.network.tunnelImage | default "ghcr.io/erebe/wstunnel:latest" | quote}} + TunnelImage: {{ with .Values.virtualNode.network.tunnelImage }}{{ .registry }}{{ .repository }}:{{ .tag }}{{ end }} WildcardDNS: {{.Values.virtualNode.network.wildcardDNS | default "" | quote}} WstunnelTemplatePath: {{.Values.virtualNode.network.wstunnelTemplatePath | default "/etc/templates/wstunnel.yaml" | quote}} WstunnelCommand: {{ .Values.virtualNode.network.wstunnelCommand | quote }} diff --git a/interlink/templates/virtual-kubelet.yaml b/interlink/templates/virtual-kubelet.yaml index c7cd2e0..8f3064d 100644 --- a/interlink/templates/virtual-kubelet.yaml +++ b/interlink/templates/virtual-kubelet.yaml @@ -31,7 +31,7 @@ spec: containers: {{- if .Values.plugin.enabled }} - name: plugin - image: "{{ .Values.plugin.image.registry }}/{{ .Values.plugin.image.repository}}:{{ .Values.plugin.image.tag }}" + image: "{{ with .Values.plugin.image }}{{ .registry }}{{ .repository }}:{{ .tag }}{{ end }}" imagePullPolicy: "{{ .Values.global.images.pullPolicy }}" {{- if .Values.plugin.privileged }} securityContext: @@ -63,7 +63,7 @@ spec: {{- end }} {{- if .Values.interlink.enabled }} - name: interlink - image: "{{ .Values.interlink.image.registry }}/{{ .Values.interlink.image.repository }}:{{ .Values.interlink.image.tag }}" + image: "{{ with .Values.interlink.image }}{{ .registry }}{{ .repository }}:{{ .tag }}{{ end }}" imagePullPolicy: "{{ .Values.global.images.pullPolicy }}" env: - name: INTERLINKCONFIGPATH @@ -85,7 +85,7 @@ spec: {{- end }} {{- end }} - name: vk - image: "{{ .Values.virtualNode.image.registry }}/{{ .Values.virtualNode.image.repository }}:{{ .Values.virtualNode.image.tag }}" + image: "{{ with .Values.virtualNode.image }}{{ .registry }}{{ .repository }}:{{ .tag }}{{ end }}" imagePullPolicy: "{{ .Values.global.images.pullPolicy }}" env: - name: NODENAME @@ -142,7 +142,7 @@ spec: {{- end }} {{- if .Values.OAUTH.enabled }} - name: refresh-token - image: "{{ .Values.OAUTH.image.registry }}/{{ .Values.OAUTH.image.repository }}:{{ .Values.OAUTH.image.tag }}" + image: "{{ with .Values.OAUTH.image }}{{ .registry }}{{ .repository }}:{{ .tag }}{{ end }}" imagePullPolicy: "{{ .Values.global.images.pullPolicy }}" env: - name: IAM_TOKEN_ENDPOINT @@ -179,7 +179,7 @@ spec: {{- end }} {{- if .Values.sshBastion.enabled }} - name: ssh-bastion - image: "{{ .Values.sshBastion.image.registry }}/{{ .Values.sshBastion.image.repository }}:{{ .Values.sshBastion.image.tag }}" + image: "{{ with .Values.sshBastion.image }}{{ .registry }}{{ .repository }}:{{ .tag }}{{ end }}" imagePullPolicy: "{{ .Values.global.images.pullPolicy }}" ports: - containerPort: 2222 diff --git a/interlink/values.yaml b/interlink/values.yaml index d9f4479..032007e 100644 --- a/interlink/values.yaml +++ b/interlink/values.yaml @@ -14,7 +14,7 @@ global: interlink: image: - registry: "ghcr.io" + registry: "ghcr.io/" repository: "interlink-hq/interlink/interlink" tag: "latest" enabled: false @@ -61,13 +61,13 @@ interlink: interlinkTestConnection: image: - registry: "docker.io" + registry: "docker.io/" repository: "bitnami/kubectl" tag: "latest" virtualNode: image: - registry: "ghcr.io" + registry: "ghcr.io/" repository: "interlink-hq/interlink/virtual-kubelet-inttw" tag: "latest" resources: @@ -116,7 +116,10 @@ virtualNode: # Enable tunnel feature (creates wstunnel template ConfigMap) enableTunnel: false # Container image for wstunnel - tunnelImage: "ghcr.io/erebe/wstunnel:latest" + tunnelImage: + registry: "ghcr.io/" + repository: "erebe/wstunnel" + tag: "latest" # DNS domain for ingress (e.g., "example.com") wildcardDNS: "" # Path where wstunnel template will be mounted in VK container @@ -156,7 +159,7 @@ plugin: sshBastion: enabled: false image: - registry: "lscr.io" + registry: "lscr.io/" repository: "linuxserver/openssh-server" tag: "latest" clientKeys: @@ -175,7 +178,7 @@ sshBastion: OAUTH: enabled: false image: - registry: "ghcr.io" + registry: "ghcr.io/" repository: "interlink-hq/interlink/virtual-kubelet-inttw-refresh" tag: "latest" TokenURL: DUMMY From 38da22909c3bb461bf16236226423402e8111b52 Mon Sep 17 00:00:00 2001 From: antoinetran Date: Fri, 25 Jul 2025 18:57:17 +0200 Subject: [PATCH 3/6] Fix #15 added private registry support: added plugin pullPolicy Signed-off-by: antoinetran --- interlink/templates/virtual-kubelet.yaml | 2 +- interlink/values.yaml | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/interlink/templates/virtual-kubelet.yaml b/interlink/templates/virtual-kubelet.yaml index 8f3064d..71ebbad 100644 --- a/interlink/templates/virtual-kubelet.yaml +++ b/interlink/templates/virtual-kubelet.yaml @@ -32,7 +32,7 @@ spec: {{- if .Values.plugin.enabled }} - name: plugin image: "{{ with .Values.plugin.image }}{{ .registry }}{{ .repository }}:{{ .tag }}{{ end }}" - imagePullPolicy: "{{ .Values.global.images.pullPolicy }}" + imagePullPolicy: "{{ if .Values.plugin.image.pullPolicy }}{{ .Values.plugin.image.pullPolicy }}{{ else }}{{ .Values.global.images.pullPolicy }}{{ end }}" {{- if .Values.plugin.privileged }} securityContext: privileged: true diff --git a/interlink/values.yaml b/interlink/values.yaml index 032007e..088e0f6 100644 --- a/interlink/values.yaml +++ b/interlink/values.yaml @@ -137,6 +137,8 @@ plugin: registry: "" repository: "" tag: "" + # if defined, overrides global.images.pullPolicy + pullPolicy: null commands: [] args: [] # content of the "config" will be mounted as /etc/interlink/plugin.yaml From ee02c94ce374396008d5b7c3ef28f00ec2f7c729 Mon Sep 17 00:00:00 2001 From: antoinetran Date: Mon, 28 Jul 2025 15:23:05 +0200 Subject: [PATCH 4/6] Fix regression from lint Signed-off-by: antoinetran --- interlink/templates/virtual-kubelet-config.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/interlink/templates/virtual-kubelet-config.yaml b/interlink/templates/virtual-kubelet-config.yaml index cb99b0f..be306b1 100644 --- a/interlink/templates/virtual-kubelet-config.yaml +++ b/interlink/templates/virtual-kubelet-config.yaml @@ -21,7 +21,7 @@ data: {{- end }} {{- if .Values.interlink.kubernetesApiCaCrt }} KubernetesApiCaCrt: | - {{.Values.interlink.kubernetesApiCaCrt | indent 6}} +{{.Values.interlink.kubernetesApiCaCrt | indent 6}} {{- end }} {{- if .Values.interlink.disableProjectedVolumes }} DisableProjectedVolumes: {{.Values.interlink.disableProjectedVolumes }} From 2055c07861ed69f15d350ab2be37fd5e6f4c23ee Mon Sep 17 00:00:00 2001 From: antoinetran Date: Mon, 28 Jul 2025 19:07:59 +0200 Subject: [PATCH 5/6] Fix command in singular typo in values.yaml Signed-off-by: antoinetran --- interlink/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/interlink/values.yaml b/interlink/values.yaml index 088e0f6..8db4e1b 100644 --- a/interlink/values.yaml +++ b/interlink/values.yaml @@ -139,7 +139,7 @@ plugin: tag: "" # if defined, overrides global.images.pullPolicy pullPolicy: null - commands: [] + command: [] args: [] # content of the "config" will be mounted as /etc/interlink/plugin.yaml config: "" From bd4b745f3fcb7821802ebb82563a7d9b9381f565 Mon Sep 17 00:00:00 2001 From: antoinetran Date: Tue, 29 Jul 2025 12:28:52 +0200 Subject: [PATCH 6/6] Improvement plugin config can be a dict in values.yaml + improved chomp Signed-off-by: antoinetran --- interlink/templates/virtual-kubelet-config.yaml | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/interlink/templates/virtual-kubelet-config.yaml b/interlink/templates/virtual-kubelet-config.yaml index be306b1..06b488e 100644 --- a/interlink/templates/virtual-kubelet-config.yaml +++ b/interlink/templates/virtual-kubelet-config.yaml @@ -20,8 +20,8 @@ data: KubernetesApiPort: {{.Values.interlink.kubernetesApiPort | quote }} {{- end }} {{- if .Values.interlink.kubernetesApiCaCrt }} - KubernetesApiCaCrt: | -{{.Values.interlink.kubernetesApiCaCrt | indent 6}} + KubernetesApiCaCrt: |{{ printf "\n" }} + {{- .Values.interlink.kubernetesApiCaCrt | indent 6}} {{- end }} {{- if .Values.interlink.disableProjectedVolumes }} DisableProjectedVolumes: {{.Values.interlink.disableProjectedVolumes }} @@ -145,6 +145,10 @@ metadata: name: "{{ .Values.nodeName }}-plugin-config" namespace: {{ .Release.Namespace }} data: - plugin.yaml: | -{{ .Values.plugin.config | indent 4 }} + plugin.yaml: |{{ printf "\n" }} + {{- if kindIs "string" .Values.plugin.config }} + {{- .Values.plugin.config | indent 4 }} + {{- else }} + {{- .Values.plugin.config | toYaml | indent 4 }} + {{- end }} {{- end }}