Skip to content

Commit 1e67fea

Browse files
author
Kubernetes Submit Queue
authored
Merge pull request kubernetes#50740 from dixudx/kubefed_add_imagepull
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>. support imagePullSecrets and imagePullPolicy in kubefed init **What this PR does / why we need it**: **Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes kubernetes#50718 **Special notes for your reviewer**: /assign @gyliu513 **Release note**: ```release-note support imagePullSecrets and imagePullPolicy in kubefed init ```
2 parents be606bc + 5b7f2b3 commit 1e67fea

File tree

2 files changed

+62
-18
lines changed

2 files changed

+62
-18
lines changed

federation/pkg/kubefed/init/init.go

Lines changed: 26 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -136,6 +136,8 @@ type initFederation struct {
136136
type initFederationOptions struct {
137137
dnsZoneName string
138138
serverImage string
139+
imagePullPolicy string
140+
imagePullSecrets string
139141
dnsProvider string
140142
dnsProviderConfig string
141143
etcdImage string
@@ -161,6 +163,8 @@ type initFederationOptions struct {
161163
func (o *initFederationOptions) Bind(flags *pflag.FlagSet, defaultServerImage, defaultEtcdImage string) {
162164
flags.StringVar(&o.dnsZoneName, "dns-zone-name", "", "DNS suffix for this federation. Federated Service DNS names are published with this suffix.")
163165
flags.StringVar(&o.serverImage, "image", defaultServerImage, "Image to use for federation API server and controller manager binaries.")
166+
flags.StringVar(&o.imagePullPolicy, "image-pull-policy", string(api.PullIfNotPresent), "PullPolicy describes a policy for if/when to pull a container image. The default pull policy is IfNotPresent which will not pull an image if it already exists.")
167+
flags.StringVar(&o.imagePullSecrets, "image-pull-secrets", "", "Provide secrets that can access the private registry.")
164168
flags.StringVar(&o.dnsProvider, "dns-provider", "", "Dns provider to be used for this deployment.")
165169
flags.StringVar(&o.dnsProviderConfig, "dns-provider-config", "", "Config file path on local file system for configuring DNS provider.")
166170
flags.StringVar(&o.etcdImage, "etcd-image", defaultEtcdImage, "Image to use for etcd server.")
@@ -368,7 +372,7 @@ func (i *initFederation) Run(cmdOut io.Writer, config util.AdminConfig) error {
368372

369373
fmt.Fprint(cmdOut, "Creating federation component deployments...")
370374
glog.V(4).Info("Creating federation control plane components")
371-
_, err = createAPIServer(hostClientset, i.commonOptions.FederationSystemNamespace, serverName, i.commonOptions.Name, i.options.serverImage, i.options.etcdImage, advertiseAddress, serverCredName, i.options.apiServerEnableHTTPBasicAuth, i.options.apiServerEnableTokenAuth, i.options.apiServerOverrides, pvc, i.options.dryRun, i.options.nodeSelector)
375+
_, err = createAPIServer(hostClientset, i.commonOptions.FederationSystemNamespace, serverName, i.commonOptions.Name, i.options.serverImage, i.options.etcdImage, advertiseAddress, serverCredName, i.options.apiServerEnableHTTPBasicAuth, i.options.apiServerEnableTokenAuth, i.options.apiServerOverrides, pvc, i.options.dryRun, i.options.nodeSelector, i.options.imagePullPolicy, i.options.imagePullSecrets)
372376
if err != nil {
373377
return err
374378
}
@@ -403,7 +407,7 @@ func (i *initFederation) Run(cmdOut io.Writer, config util.AdminConfig) error {
403407

404408
glog.V(4).Info("Creating federation controller manager deployment")
405409

406-
_, err = createControllerManager(hostClientset, i.commonOptions.FederationSystemNamespace, i.commonOptions.Name, svc.Name, cmName, i.options.serverImage, cmKubeconfigName, i.options.dnsZoneName, i.options.dnsProvider, i.options.dnsProviderConfig, sa.Name, dnsProviderSecret, i.options.controllerManagerOverrides, i.options.dryRun, i.options.nodeSelector)
410+
_, err = createControllerManager(hostClientset, i.commonOptions.FederationSystemNamespace, i.commonOptions.Name, svc.Name, cmName, i.options.serverImage, cmKubeconfigName, i.options.dnsZoneName, i.options.dnsProvider, i.options.dnsProviderConfig, sa.Name, dnsProviderSecret, i.options.controllerManagerOverrides, i.options.dryRun, i.options.nodeSelector, i.options.imagePullPolicy, i.options.imagePullSecrets)
407411
if err != nil {
408412
return err
409413
}
@@ -709,7 +713,7 @@ func createPVC(clientset client.Interface, namespace, svcName, federationName, e
709713
return clientset.Core().PersistentVolumeClaims(namespace).Create(pvc)
710714
}
711715

712-
func createAPIServer(clientset client.Interface, namespace, name, federationName, serverImage, etcdImage, advertiseAddress, credentialsName string, hasHTTPBasicAuthFile, hasTokenAuthFile bool, argOverrides map[string]string, pvc *api.PersistentVolumeClaim, dryRun bool, nodeSelector map[string]string) (*extensions.Deployment, error) {
716+
func createAPIServer(clientset client.Interface, namespace, name, federationName, serverImage, etcdImage, advertiseAddress, credentialsName string, hasHTTPBasicAuthFile, hasTokenAuthFile bool, argOverrides map[string]string, pvc *api.PersistentVolumeClaim, dryRun bool, nodeSelector map[string]string, imagePullPolicy, imagePullSecrets string) (*extensions.Deployment, error) {
713717
command := []string{
714718
"/hyperkube",
715719
"federation-apiserver",
@@ -755,9 +759,10 @@ func createAPIServer(clientset client.Interface, namespace, name, federationName
755759
Spec: api.PodSpec{
756760
Containers: []api.Container{
757761
{
758-
Name: "apiserver",
759-
Image: serverImage,
760-
Command: command,
762+
Name: "apiserver",
763+
Image: serverImage,
764+
ImagePullPolicy: api.PullPolicy(imagePullPolicy),
765+
Command: command,
761766
Ports: []api.ContainerPort{
762767
{
763768
Name: apiServerSecurePortName,
@@ -787,6 +792,11 @@ func createAPIServer(clientset client.Interface, namespace, name, federationName
787792
},
788793
},
789794
NodeSelector: nodeSelector,
795+
ImagePullSecrets: []api.LocalObjectReference{
796+
{
797+
Name: imagePullSecrets,
798+
},
799+
},
790800
Volumes: []api.Volume{
791801
{
792802
Name: credentialsName,
@@ -884,7 +894,7 @@ func createRoleBindings(clientset client.Interface, namespace, saName, federatio
884894
return newRole, newRolebinding, err
885895
}
886896

887-
func createControllerManager(clientset client.Interface, namespace, name, svcName, cmName, image, kubeconfigName, dnsZoneName, dnsProvider, dnsProviderConfig, saName string, dnsProviderSecret *api.Secret, argOverrides map[string]string, dryRun bool, nodeSelector map[string]string) (*extensions.Deployment, error) {
897+
func createControllerManager(clientset client.Interface, namespace, name, svcName, cmName, image, kubeconfigName, dnsZoneName, dnsProvider, dnsProviderConfig, saName string, dnsProviderSecret *api.Secret, argOverrides map[string]string, dryRun bool, nodeSelector map[string]string, imagePullPolicy, imagePullSecrets string) (*extensions.Deployment, error) {
888898
command := []string{
889899
"/hyperkube",
890900
"federation-controller-manager",
@@ -931,9 +941,10 @@ func createControllerManager(clientset client.Interface, namespace, name, svcNam
931941
Spec: api.PodSpec{
932942
Containers: []api.Container{
933943
{
934-
Name: "controller-manager",
935-
Image: image,
936-
Command: command,
944+
Name: "controller-manager",
945+
Image: image,
946+
ImagePullPolicy: api.PullPolicy(imagePullPolicy),
947+
Command: command,
937948
VolumeMounts: []api.VolumeMount{
938949
{
939950
Name: kubeconfigName,
@@ -954,6 +965,11 @@ func createControllerManager(clientset client.Interface, namespace, name, svcNam
954965
},
955966
},
956967
NodeSelector: nodeSelector,
968+
ImagePullSecrets: []api.LocalObjectReference{
969+
{
970+
Name: imagePullSecrets,
971+
},
972+
},
957973
Volumes: []api.Volume{
958974
{
959975
Name: kubeconfigName,

federation/pkg/kubefed/init/init_test.go

Lines changed: 36 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -97,6 +97,8 @@ func TestInitFederation(t *testing.T) {
9797
apiserverServiceType v1.ServiceType
9898
advertiseAddress string
9999
serverImage string
100+
imagePullPolicy string
101+
imagePullSecrets string
100102
etcdImage string
101103
etcdPVCapacity string
102104
etcdPVStorageClass string
@@ -120,6 +122,7 @@ func TestInitFederation(t *testing.T) {
120122
lbIP: lbIP,
121123
apiserverServiceType: v1.ServiceTypeLoadBalancer,
122124
serverImage: "example.test/foo:bar",
125+
imagePullPolicy: "IfNotPresent",
123126
etcdPVCapacity: "5Gi",
124127
etcdPersistence: "true",
125128
expectedErr: "",
@@ -138,6 +141,7 @@ func TestInitFederation(t *testing.T) {
138141
lbIP: lbIP,
139142
apiserverServiceType: v1.ServiceTypeLoadBalancer,
140143
serverImage: "example.test/foo:bar",
144+
imagePullPolicy: "IfNotPresent",
141145
etcdPVCapacity: "", //test for default value of pvc-size
142146
etcdPersistence: "true",
143147
expectedErr: "",
@@ -151,6 +155,7 @@ func TestInitFederation(t *testing.T) {
151155
lbIP: lbIP,
152156
apiserverServiceType: v1.ServiceTypeLoadBalancer,
153157
serverImage: "example.test/foo:bar",
158+
imagePullPolicy: "IfNotPresent",
154159
etcdPVCapacity: "",
155160
etcdPersistence: "true",
156161
expectedErr: "",
@@ -164,6 +169,7 @@ func TestInitFederation(t *testing.T) {
164169
lbIP: lbIP,
165170
apiserverServiceType: v1.ServiceTypeLoadBalancer,
166171
serverImage: "example.test/foo:bar",
172+
imagePullPolicy: "IfNotPresent",
167173
etcdPVCapacity: "5Gi",
168174
etcdPersistence: "false",
169175
expectedErr: "",
@@ -176,6 +182,7 @@ func TestInitFederation(t *testing.T) {
176182
dnsZoneName: "example.test.",
177183
apiserverServiceType: v1.ServiceTypeNodePort,
178184
serverImage: "example.test/foo:bar",
185+
imagePullPolicy: "IfNotPresent",
179186
etcdPVCapacity: "5Gi",
180187
etcdPersistence: "true",
181188
expectedErr: "",
@@ -189,6 +196,7 @@ func TestInitFederation(t *testing.T) {
189196
apiserverServiceType: v1.ServiceTypeNodePort,
190197
advertiseAddress: nodeIP,
191198
serverImage: "example.test/foo:bar",
199+
imagePullPolicy: "IfNotPresent",
192200
etcdPVCapacity: "5Gi",
193201
etcdPersistence: "true",
194202
expectedErr: "",
@@ -202,6 +210,7 @@ func TestInitFederation(t *testing.T) {
202210
apiserverServiceType: v1.ServiceTypeNodePort,
203211
advertiseAddress: nodeIP,
204212
serverImage: "example.test/foo:bar",
213+
imagePullPolicy: "IfNotPresent",
205214
etcdImage: "gcr.io/google_containers/etcd:latest",
206215
etcdPVCapacity: "5Gi",
207216
etcdPVStorageClass: "fast",
@@ -248,8 +257,11 @@ func TestInitFederation(t *testing.T) {
248257
if tc.etcdImage == "" {
249258
tc.etcdImage = defaultEtcdImage
250259
}
260+
if tc.imagePullPolicy == "" {
261+
tc.imagePullPolicy = "IfNotPresent"
262+
}
251263

252-
hostFactory, err := fakeInitHostFactory(tc.apiserverServiceType, tc.federation, util.DefaultFederationSystemNamespace, tc.advertiseAddress, tc.lbIP, tc.dnsZoneName, tc.serverImage, tc.etcdImage, tc.dnsProvider, tc.dnsProviderConfig, tc.etcdPersistence, tc.etcdPVCapacity, tc.etcdPVStorageClass, tc.apiserverArgOverrides, tc.cmArgOverrides, tmpDirPath, tc.apiserverEnableHTTPBasicAuth, tc.apiserverEnableTokenAuth, tc.isRBACAPIAvailable, tc.nodeSelector)
264+
hostFactory, err := fakeInitHostFactory(tc.apiserverServiceType, tc.federation, util.DefaultFederationSystemNamespace, tc.advertiseAddress, tc.lbIP, tc.dnsZoneName, tc.serverImage, tc.etcdImage, tc.dnsProvider, tc.dnsProviderConfig, tc.etcdPersistence, tc.etcdPVCapacity, tc.etcdPVStorageClass, tc.apiserverArgOverrides, tc.cmArgOverrides, tmpDirPath, tc.apiserverEnableHTTPBasicAuth, tc.apiserverEnableTokenAuth, tc.isRBACAPIAvailable, tc.nodeSelector, tc.imagePullPolicy, tc.imagePullSecrets)
253265
if err != nil {
254266
t.Fatalf("[%d] unexpected error: %v", i, err)
255267
}
@@ -266,6 +278,7 @@ func TestInitFederation(t *testing.T) {
266278
cmd.Flags().Set("dns-zone-name", tc.dnsZoneName)
267279
cmd.Flags().Set("image", tc.serverImage)
268280
cmd.Flags().Set("etcd-image", tc.etcdImage)
281+
cmd.Flags().Set("image-pull-policy", tc.imagePullPolicy)
269282
cmd.Flags().Set("dns-provider", tc.dnsProvider)
270283
cmd.Flags().Set("apiserver-arg-overrides", tc.apiserverArgOverrides)
271284
cmd.Flags().Set("controllermanager-arg-overrides", tc.cmArgOverrides)
@@ -282,6 +295,9 @@ func TestInitFederation(t *testing.T) {
282295
if tc.etcdPersistence != "true" {
283296
cmd.Flags().Set("etcd-persistent-storage", tc.etcdPersistence)
284297
}
298+
if tc.imagePullSecrets != "" {
299+
cmd.Flags().Set("image-pull-secrets", tc.imagePullSecrets)
300+
}
285301
if tc.apiserverServiceType != v1.ServiceTypeLoadBalancer {
286302
cmd.Flags().Set(apiserverServiceTypeFlag, string(tc.apiserverServiceType))
287303
cmd.Flags().Set(apiserverAdvertiseAddressFlag, tc.advertiseAddress)
@@ -627,7 +643,7 @@ func TestCertsHTTPS(t *testing.T) {
627643
}
628644
}
629645

630-
func fakeInitHostFactory(apiserverServiceType v1.ServiceType, federationName, namespaceName, advertiseAddress, lbIp, dnsZoneName, serverImage, etcdImage, dnsProvider, dnsProviderConfig, etcdPersistence, etcdPVCapacity, etcdPVStorageClass, apiserverOverrideArg, cmOverrideArg, tmpDirPath string, apiserverEnableHTTPBasicAuth, apiserverEnableTokenAuth, isRBACAPIAvailable bool, nodeSelectorString string) (cmdutil.Factory, error) {
646+
func fakeInitHostFactory(apiserverServiceType v1.ServiceType, federationName, namespaceName, advertiseAddress, lbIp, dnsZoneName, serverImage, etcdImage, dnsProvider, dnsProviderConfig, etcdPersistence, etcdPVCapacity, etcdPVStorageClass, apiserverOverrideArg, cmOverrideArg, tmpDirPath string, apiserverEnableHTTPBasicAuth, apiserverEnableTokenAuth, isRBACAPIAvailable bool, nodeSelectorString string, imagePullPolicy, imagePullSecrets string) (cmdutil.Factory, error) {
631647
svcName := federationName + "-apiserver"
632648
svcUrlPrefix := "/api/v1/namespaces/federation-system/services"
633649
credSecretName := svcName + "-credentials"
@@ -923,9 +939,10 @@ func fakeInitHostFactory(apiserverServiceType v1.ServiceType, federationName, na
923939
Spec: v1.PodSpec{
924940
Containers: []v1.Container{
925941
{
926-
Name: "apiserver",
927-
Image: serverImage,
928-
Command: apiserverCommand,
942+
Name: "apiserver",
943+
Image: serverImage,
944+
ImagePullPolicy: v1.PullPolicy(imagePullPolicy),
945+
Command: apiserverCommand,
929946
Ports: []v1.ContainerPort{
930947
{
931948
Name: apiServerSecurePortName,
@@ -955,6 +972,11 @@ func fakeInitHostFactory(apiserverServiceType v1.ServiceType, federationName, na
955972
},
956973
},
957974
NodeSelector: nodeSelector,
975+
ImagePullSecrets: []v1.LocalObjectReference{
976+
{
977+
Name: imagePullSecrets,
978+
},
979+
},
958980
Volumes: []v1.Volume{
959981
{
960982
Name: credSecretName,
@@ -1041,9 +1063,10 @@ func fakeInitHostFactory(apiserverServiceType v1.ServiceType, federationName, na
10411063
Spec: v1.PodSpec{
10421064
Containers: []v1.Container{
10431065
{
1044-
Name: "controller-manager",
1045-
Image: serverImage,
1046-
Command: cmCommand,
1066+
Name: "controller-manager",
1067+
Image: serverImage,
1068+
ImagePullPolicy: v1.PullPolicy(imagePullPolicy),
1069+
Command: cmCommand,
10471070
VolumeMounts: []v1.VolumeMount{
10481071
{
10491072
Name: cmKubeconfigSecretName,
@@ -1064,6 +1087,11 @@ func fakeInitHostFactory(apiserverServiceType v1.ServiceType, federationName, na
10641087
},
10651088
},
10661089
NodeSelector: nodeSelector,
1090+
ImagePullSecrets: []v1.LocalObjectReference{
1091+
{
1092+
Name: imagePullSecrets,
1093+
},
1094+
},
10671095
Volumes: []v1.Volume{
10681096
{
10691097
Name: cmKubeconfigSecretName,

0 commit comments

Comments
 (0)