imagePullSecrets: relocate under . from .global

jupyterhub/files/hub/jupyterhub_config.py

@@ -163,13 +163,13 @@ def camelCaseify(s):
 
     c.KubeSpawner.image = image
 
-# Combine global.imagePullSecret.create (single), global.imagePullSecrets
-# (list), and singleuser.image.pullSecrets (list).
+# Combine imagePullSecret.create (single), imagePullSecrets (list), and
+# singleuser.image.pullSecrets (list).
 image_pull_secrets = []
-if get_config('global.imagePullSecret.create') or get_config('global.imagePullSecret.enabled'):
+if get_config('imagePullSecret.create') or get_config('imagePullSecret.enabled'):
     image_pull_secrets.append('image-registry-credentials')
-if get_config('global.imagePullSecrets'):
-    image_pull_secrets.extend(get_config('global.imagePullSecrets'))
+if get_config('imagePullSecrets'):
+    image_pull_secrets.extend(get_config('imagePullSecrets'))
 if get_config('singleuser.image.pullSecrets'):
     image_pull_secrets.extend(get_config('singleuser.image.pullSecrets'))
 if image_pull_secrets:

jupyterhub/schema.yaml

@@ -1,103 +1,100 @@
 title: Config
 type: object
 properties:
-  global:
+  imagePullSecret:
     type: object
-    properties:
-      imagePullSecret:
-        type: object
-        description: |
-          Creates an image pull secret for you and makes the user pods utilize
-          it, allowing them to pull images from private image registries.
-          
-          Using this configuration option automates the following steps that
-          normally is required to pull from private image registries.
-          
-          ```sh
-          # you won't need to run this manually...
-          kubectl create secret docker-registry singleuser-image-credentials \
-            --docker-server=<REGISTRY> \
-            --docker-username=<USERNAME> \
-            --docker-email=<EMAIL> \
-            --docker-password=<PASSWORD>
-          ```
+    description: |
+      Creates an image pull secret for you and makes the user pods utilize
+      it, allowing them to pull images from private image registries.
+
+      Using this configuration option automates the following steps that
+      normally is required to pull from private image registries.
+
+      ```sh
+      # you won't need to run this manually...
+      kubectl create secret docker-registry singleuser-image-credentials \
+        --docker-server=<REGISTRY> \
+        --docker-username=<USERNAME> \
+        --docker-email=<EMAIL> \
+        --docker-password=<PASSWORD>
+      ```
 
-          ```yaml
-          # you won't need to specify this manually...
-          spec:
-            imagePullSecrets:
-              - name: singleuser-image-credentials
-          ```
+      ```yaml
+      # you won't need to specify this manually...
+      spec:
+        imagePullSecrets:
+          - name: singleuser-image-credentials
+      ```
 
-          To learn the username and password fields to access a gcr.io registry
-          from a Kubernetes cluster not associated with the same google cloud
-          credentials, look into [this
-          guide](http://docs.heptio.com/content/private-registries/pr-gcr.html)
-          and read the notes about the password.
-        properties:
-          create:
-            type: boolean
-            description: |
-              Toggle the creation of a Kubernetes Secret with provided
-              credentials to access an image registry that will allow all of
-              this Helm chart's pod to make use of when they pull their
-              container images as the pods spec.imagePullSecrets will get
-              augmented with a reference to this Kubernetes Secret.
-          registry:
-            type: string
-            description: |
-              Name of the private registry you want to create a credential set
-              for. It will default to Docker Hub's image registry.
-
-              Examples:
-                - https://index.docker.io/v1/
-                - quay.io
-                - eu.gcr.io
-                - alexmorreale.privatereg.net
-          username:
-            type: string
-            description: |
-              Name of the user you want to use to connect to your private
-              registry. For external gcr.io, you will use the `_json_key`.
+      To learn the username and password fields to access a gcr.io registry
+      from a Kubernetes cluster not associated with the same google cloud
+      credentials, look into [this
+      guide](http://docs.heptio.com/content/private-registries/pr-gcr.html)
+      and read the notes about the password.
+    properties:
+      create:
+        type: boolean
+        description: |
+          Toggle the creation of a Kubernetes Secret with provided
+          credentials to access an image registry that will allow all of
+          this Helm chart's pod to make use of when they pull their
+          container images as the pods spec.imagePullSecrets will get
+          augmented with a reference to this Kubernetes Secret.
+      registry:
+        type: string
+        description: |
+          Name of the private registry you want to create a credential set
+          for. It will default to Docker Hub's image registry.
+
+          Examples:
+            - https://index.docker.io/v1/
+            - quay.io
+            - eu.gcr.io
+            - alexmorreale.privatereg.net
+      username:
+        type: string
+        description: |
+          Name of the user you want to use to connect to your private
+          registry. For external gcr.io, you will use the `_json_key`.
+
+          Examples:
+            - alexmorreale
+            - alex@pfc.com
+            - _json_key
+      password:
+        type: string
+        description: |
+          Password of the user you want to use to connect to your private
+          registry.
 
-              Examples:
-                - alexmorreale
-                - alex@pfc.com
-                - _json_key
-          password:
-            type: string
-            description: |
-              Password of the user you want to use to connect to your private
-              registry.
+          Examples:
+            - plaintextpassword
+            - abc123SECRETzyx098
 
-              Examples:
-                - plaintextpassword
-                - abc123SECRETzyx098
+          For gcr.io registries the password will be a big JSON blob for a
+          Google cloud service account, it should look something like below.
 
-              For gcr.io registries the password will be a big JSON blob for a
-              Google cloud service account, it should look something like below.
-                            
-              ```yaml
-              password: |-
-                {
-                  "type": "service_account",
-                  "project_id": "jupyter-se",
-                  "private_key_id": "f2ba09118a8d3123b3321bd9a7d6d0d9dc6fdb85",
-                  ...
-                }
-              ```
+          ```yaml
+          password: |-
+            {
+              "type": "service_account",
+              "project_id": "jupyter-se",
+              "private_key_id": "f2ba09118a8d3123b3321bd9a7d6d0d9dc6fdb85",
+              ...
+            }
+          ```
 
-              Learn more in [this
-              guide](http://docs.heptio.com/content/private-registries/pr-gcr.html).
-      imagePullSecrets:
-        type: list
-        description: |
-          Like a Kubernetes Pod's `spec.imagePullSecrets` configuration, but for
-          all the Helm chart's pods. List the Kubernetes Secrets by name that
-          contain credentials to access container image registries.
+          Learn more in [this
+          guide](http://docs.heptio.com/content/private-registries/pr-gcr.html).
+  imagePullSecrets:
+    type: list
+    description: |
+      Like a Kubernetes Pod's `spec.imagePullSecrets` configuration, but for
+      all the Helm chart's pods. List the Kubernetes Secrets by name that
+      contain credentials to access container image registries.
 
-          This will not override or get overridden by pod specific
-          configuration, but instead augment the pod specific configuration.
+      This will not override or get overridden by pod specific
+      configuration, but instead augment the pod specific configuration.
   hub:
     type: object
     properties:

jupyterhub/templates/NOTES.txt

@@ -64,13 +64,13 @@ directly instead.
 
 {{- if hasKey .Values.hub "imagePullSecret" }}
 {{- if .Values.hub.imagePullSecret.enabled }}
-{{ "HARD DEPRECATION: hub.imagePullSecret has renamed to global.imagePullSecret" | fail }}
+{{ "HARD DEPRECATION: hub.imagePullSecret has renamed to imagePullSecret" | fail }}
 {{- end }}
 {{- end }}
 
 
 {{- if hasKey .Values.singleuser "imagePullSecret" }}
 {{- if .Values.singleuser.imagePullSecret.enabled }}
-{{ "HARD DEPRECATION: singleuser.imagePullSecret has renamed to global.imagePullSecret" | fail }}
+{{ "HARD DEPRECATION: singleuser.imagePullSecret has renamed to imagePullSecret" | fail }}
 {{- end }}
 {{- end }}

jupyterhub/templates/_helpers.tpl

@@ -177,7 +177,7 @@ component: {{ include "jupyterhub.componentLabel" . }}
 {{- end }}
 
 {{- define "jupyterhub.dockerconfigjson.yaml" -}}
-{{- with .Values.global.imagePullSecret -}}
+{{- with .Values.imagePullSecret -}}
 {
   "auths": {
     {{ .registry | default "https://index.docker.io/v1/" | quote }}: {
@@ -195,12 +195,12 @@ component: {{ include "jupyterhub.componentLabel" . }}
 
 {{- /*
   jupyterhub.imagePullSecrets
-    Augments passed .pullSecrets with $.Values.global.imagePullSecrets
+    Augments passed .pullSecrets with $.Values.imagePullSecrets
 */}}
 {{- define "jupyterhub.imagePullSecrets" -}}
 {{- /* Populate $_.list with all relevant entries */}}
-{{- $_ := dict "list" (concat .image.pullSecrets .root.Values.global.imagePullSecrets | uniq) }}
-{{- if .root.Values.global.imagePullSecret.create }}
+{{- $_ := dict "list" (concat .image.pullSecrets .root.Values.imagePullSecrets | uniq) }}
+{{- if .root.Values.imagePullSecret.create }}
 {{- $__ := set $_ "list" (append $_.list "image-registry-credentials" | uniq) }}
 {{- end }}
 

jupyterhub/templates/image-registry-credentials.yaml

@@ -1,4 +1,4 @@
-{{- if or .Values.global.imagePullSecret.create .Values.global.imagePullSecret.enabled }}
+{{- if or .Values.imagePullSecret.create .Values.imagePullSecret.enabled }}
 kind: Secret
 apiVersion: v1
 metadata:

jupyterhub/values.yaml

@@ -2,18 +2,17 @@
 # Helm template values will be made available there.
 custom: {}
 
-global:
-  # imagePullSecret is configuration to create a k8s Secret that Helm chart's pods
-  # can get credentials from to pull their images.
-  imagePullSecret:
-    create: false
-    registry: ''
-    username: ''
-    email: ''
-    password: ''
-  # imagePullSecrets is configuration to reference the k8s Secret resources the
-  # Helm chart's pods can get credentials from to pull their images.
-  imagePullSecrets: []
+# imagePullSecret is configuration to create a k8s Secret that Helm chart's pods
+# can get credentials from to pull their images.
+imagePullSecret:
+  create: false
+  registry: ''
+  username: ''
+  email: ''
+  password: ''
+# imagePullSecrets is configuration to reference the k8s Secret resources the
+# Helm chart's pods can get credentials from to pull their images.
+imagePullSecrets: []
 
 
 # hub relates to the hub pod, responsible for running JupyterHub, its configured

tools/templates/lint-and-validate-values.yaml

@@ -1,11 +1,10 @@
-global:
-  imagePullSecret:
-    create: true
-    registry: R
-    username: U
-    email: e@domain.com
-    password: P
-  imagePullSecrets: [a,b]
+imagePullSecret:
+  create: true
+  registry: R
+  username: U
+  email: e@domain.com
+  password: P
+imagePullSecrets: [a,b]
 
 hub:
   service: