Skip to content

Add global image pullSecrets

Hossein Pursultani requested to merge 1617-global-image-pull-secrets into master

What does this MR do?

This MR is a follow-up to !2126 (merged) and must be merged after it.

This MR adds global image pullSecrets, i.e. global.image.pullSecrets. The global value will be merged with any local *.image.pullSecrets value, for example, for the following values:

global:
  image:
    pullSecrets:
    - name: foo
gitlab:
  gitaly:
    image:
      pullSecrets:
      - name: bar

Gitaly StatefulSet uses the following imagePullSecrets:

      imagePullSecrets:
      - name: foo
      - name: bar

This behavior (merging Secrets) is motivated by how Kubelet treats the Secrets:

... Kubelet will merge any imagePullSecrets into a single virtual .docker/config.json

Related to #1617 (closed)

Test

helm template . -f build/test-ips.yaml --debug | grep -A 2 imagePullSecrets

Use the following values:

certmanager-issuer:
  email: me@example.com

global:
  image:
    pullSecrets:
    - name: ps-global
  kubectl:
    image:
      pullSecrets:
      - name: ps-kubectl
gitlab:
  gitaly:
    image:
      pullSecrets:
      - name: ps-gitaly
  gitlab-exporter:
    image:
      pullSecrets:
      - name: ps-gitlab-exporter
  gitlab-pages:
    image:
      pullSecrets:
      - name: ps-gitlab-pages
  gitlab-shell:
    image:
      pullSecrets:
      - name: ps-gitlab-shell
  mailroom:
    image:
      pullSecrets:
      - name: ps-mailroom
  migrations:
    image:
      pullSecrets:
      - name: ps-migrations
  sidekiq:
    image:
      pullSecrets:
      - name: ps-sidekiq
  task-runner:
    image:
      pullSecrets:
      - name: ps-task-runner
  webservice:
    image:
      pullSecrets:
      - name: ps-webservice
upgradeCheck:
  image:
    pullSecrets:
    - name: ps-upgrade-check
registry:
  image:
    pullSecrets:
    - name: ps-registry
minio:
  pullSecrets:
  - name: ps-minio

Related issues

Related to #1617 (closed)

Checklist

See Definition of done.

For anything in this list which will not be completed, please provide a reason in the MR discussion.

Required

  • Merge Request Title and Description are up to date, accurate, and descriptive
  • MR targeting the appropriate branch
  • MR has a green pipeline on GitLab.com

Expected (please provide an explanation if not completing)

  • Test plan indicating conditions for success has been posted and passes
  • Documentation created/updated
  • Tests added
  • Integration tests added to GitLab QA
  • Equivalent MR/issue for omnibus-gitlab opened
Edited by Hossein Pursultani

Merge request reports