Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat(deployment): Enhance Docker ImagePull Secrets Configuration #1754

Open
wants to merge 2 commits into
base: main
Choose a base branch
from

Conversation

janavenkat
Copy link

In larger production environments, we may get rate-limited by Docker Hub for a lot of image pulls. So, I've added an option for providing the Docker pull secret name to avoid rate limits.

Purpose of PR?:

Add option for passing docker pull secrets in helm template

Does this PR introduce a breaking change?
No

**If the changes in this PR are manually verified, list down the scenarios covered::
Using helm template

Checklist:

  • Bug fix. Fixes #
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to not work as expected)
  • This change requires a documentation update
  • PR Title follows the convention of <type>(<scope>): <subject>
  • Commit has unit tests
  • Commit has integration tests

@rksharma95
Copy link
Collaborator

@janavenkat thanks for the PR, Lets extend the imagePullSecret configuration to operator deployment model as well. Let me know if anything is needed from my side.

@janavenkat
Copy link
Author

@janavenkat thanks for the PR, Lets extend the imagePullSecret configuration to operator deployment model as well. Let me know if anything is needed from my side.

Sure will add changes for operator as well.

@janavenkat janavenkat force-pushed the jana/add-image-pull-secrets branch 2 times, most recently from 1a6e8ba to 964e27b Compare July 15, 2024 14:37
@janavenkat
Copy link
Author

@janavenkat thanks for the PR, Lets extend the imagePullSecret configuration to operator deployment model as well. Let me know if anything is needed from my side.

Added for Operator as well

@janavenkat janavenkat force-pushed the jana/add-image-pull-secrets branch 7 times, most recently from 692973b to 0f91131 Compare July 15, 2024 14:47
@nyrahul
Copy link
Contributor

nyrahul commented Jul 15, 2024

@rksharma95 @daemon1024 , can you please review this PR? Thanks

rksharma95
rksharma95 previously approved these changes Jul 18, 2024
Copy link
Collaborator

@rksharma95 rksharma95 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@janavenkat changes looks good assuming that kubearmor helm chart is being used to deploy.

operator uses get pkg to generate kubearmor resources and it will require to add this change there to be in effect.

we've a in-progress action item of major refactoring of kubearmor-operator #1779 we can take care of this feature request as part of it. thanks for your suggestion

@janavenkat janavenkat force-pushed the jana/add-image-pull-secrets branch from 0f91131 to 2b8ccc5 Compare October 25, 2024 14:16
@janavenkat
Copy link
Author

@rksharma95 @daemon1024 can we merge this PR?

@daemon1024 daemon1024 force-pushed the jana/add-image-pull-secrets branch from a4415d5 to 8d91905 Compare November 4, 2024 06:37
daemon1024
daemon1024 previously approved these changes Nov 4, 2024
@rksharma95 rksharma95 dismissed stale reviews from daemon1024 and themself via d7df377 December 16, 2024 15:04
@rksharma95 rksharma95 force-pushed the jana/add-image-pull-secrets branch from 8d91905 to d7df377 Compare December 16, 2024 15:04
janavenkat and others added 2 commits December 20, 2024 11:41
In larger production environments, we may get rate-limited by Docker Hub for a lot of image pulls.
So, I've added an option for providing the Docker pull secret name to avoid rate limits.

Signed-off-by: Jana <[email protected]>
Signed-off-by: Jana <[email protected]>
@rksharma95 rksharma95 force-pushed the jana/add-image-pull-secrets branch from d7df377 to e17d69f Compare December 20, 2024 06:29
Copy link
Collaborator

@Prateeknandle Prateeknandle left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

please remove default tolerations present in daemonset, which make kubearmor available in tainted nodes, without explicitly adding toleration for them.

default toleration is:

      tolerations:
      - operator: Exists

Copy link
Collaborator

@Prateeknandle Prateeknandle left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Initially when we define globalTolerations and globalImagePullSecrets through kubearmorconfig it is not reflected in deployments or daemonset, after some update in config when we again apply it, then it is getting reflected.

After reflecting the changes in deployments and daemonset, I've seen expected behaviour.

Kindly look into this as well.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
Status: Merge Today
Status: In Review
Development

Successfully merging this pull request may close these issues.

5 participants