Skip to content

Commit

Permalink
support imagePullSecrets and imagePullPolicy in kubefed init
Browse files Browse the repository at this point in the history
  • Loading branch information
@dixudx
dixudx committed Aug 16, 2017
1 parent 1d633b7 commit a9d6a52
Show file tree
Hide file tree
Showing 2 changed files with 62 additions and 18 deletions.
36 changes: 26 additions & 10 deletions federation/pkg/kubefed/init/init.go
View file
Expand Up @@ -136,6 +136,8 @@ type initFederation struct {
type initFederationOptions struct {
dnsZoneName string
serverImage string
imagePullPolicy string
imagePullSecrets string
dnsProvider string
dnsProviderConfig string
etcdImage string
Expand All @@ -159,6 +161,8 @@ type initFederationOptions struct {
func (o *initFederationOptions) Bind(flags *pflag.FlagSet, defaultServerImage, defaultEtcdImage string) {
flags.StringVar(&o.dnsZoneName, "dns-zone-name", "", "DNS suffix for this federation. Federated Service DNS names are published with this suffix.")
flags.StringVar(&o.serverImage, "image", defaultServerImage, "Image to use for federation API server and controller manager binaries.")
flags.StringVar(&o.imagePullPolicy, "image-pull-policy", string(api.PullIfNotPresent), "PullPolicy describes a policy for if/when to pull a container image. The default pull policy is IfNotPresent which will not pull an image if it already exists.")
flags.StringVar(&o.imagePullSecrets, "image-pull-secrets", "", "Provide secrets that can access the private registry.")
flags.StringVar(&o.dnsProvider, "dns-provider", "", "Dns provider to be used for this deployment.")
flags.StringVar(&o.dnsProviderConfig, "dns-provider-config", "", "Config file path on local file system for configuring DNS provider.")
flags.StringVar(&o.etcdImage, "etcd-image", defaultEtcdImage, "Image to use for etcd server.")
Expand Down Expand Up @@ -361,7 +365,7 @@ func (i *initFederation) Run(cmdOut io.Writer, config util.AdminConfig) error {

fmt.Fprint(cmdOut, "Creating federation component deployments...")
glog.V(4).Info("Creating federation control plane components")
_, err = createAPIServer(hostClientset, i.commonOptions.FederationSystemNamespace, serverName, i.commonOptions.Name, i.options.serverImage, i.options.etcdImage, advertiseAddress, serverCredName, i.options.apiServerEnableHTTPBasicAuth, i.options.apiServerEnableTokenAuth, i.options.apiServerOverrides, pvc, i.options.dryRun)
_, err = createAPIServer(hostClientset, i.commonOptions.FederationSystemNamespace, serverName, i.commonOptions.Name, i.options.serverImage, i.options.etcdImage, advertiseAddress, serverCredName, i.options.apiServerEnableHTTPBasicAuth, i.options.apiServerEnableTokenAuth, i.options.apiServerOverrides, pvc, i.options.dryRun, i.options.imagePullPolicy, i.options.imagePullSecrets)
if err != nil {
return err
}
Expand Down Expand Up @@ -396,7 +400,7 @@ func (i *initFederation) Run(cmdOut io.Writer, config util.AdminConfig) error {

glog.V(4).Info("Creating federation controller manager deployment")

_, err = createControllerManager(hostClientset, i.commonOptions.FederationSystemNamespace, i.commonOptions.Name, svc.Name, cmName, i.options.serverImage, cmKubeconfigName, i.options.dnsZoneName, i.options.dnsProvider, i.options.dnsProviderConfig, sa.Name, dnsProviderSecret, i.options.controllerManagerOverrides, i.options.dryRun)
_, err = createControllerManager(hostClientset, i.commonOptions.FederationSystemNamespace, i.commonOptions.Name, svc.Name, cmName, i.options.serverImage, cmKubeconfigName, i.options.dnsZoneName, i.options.dnsProvider, i.options.dnsProviderConfig, sa.Name, dnsProviderSecret, i.options.controllerManagerOverrides, i.options.dryRun, i.options.imagePullPolicy, i.options.imagePullSecrets)
if err != nil {
return err
}
Expand Down Expand Up @@ -702,7 +706,7 @@ func createPVC(clientset client.Interface, namespace, svcName, federationName, e
return clientset.Core().PersistentVolumeClaims(namespace).Create(pvc)
}

func createAPIServer(clientset client.Interface, namespace, name, federationName, serverImage, etcdImage, advertiseAddress, credentialsName string, hasHTTPBasicAuthFile, hasTokenAuthFile bool, argOverrides map[string]string, pvc *api.PersistentVolumeClaim, dryRun bool) (*extensions.Deployment, error) {
func createAPIServer(clientset client.Interface, namespace, name, federationName, serverImage, etcdImage, advertiseAddress, credentialsName string, hasHTTPBasicAuthFile, hasTokenAuthFile bool, argOverrides map[string]string, pvc *api.PersistentVolumeClaim, dryRun bool, imagePullPolicy, imagePullSecrets string) (*extensions.Deployment, error) {
command := []string{
"/hyperkube",
"federation-apiserver",
Expand Down Expand Up @@ -748,9 +752,10 @@ func createAPIServer(clientset client.Interface, namespace, name, federationName
Spec: api.PodSpec{
Containers: []api.Container{
{
Name: "apiserver",
Image: serverImage,
Command: command,
Name: "apiserver",
Image: serverImage,
ImagePullPolicy: api.PullPolicy(imagePullPolicy),
Command: command,
Ports: []api.ContainerPort{
{
Name: apiServerSecurePortName,
Expand Down Expand Up @@ -779,6 +784,11 @@ func createAPIServer(clientset client.Interface, namespace, name, federationName
},
},
},
ImagePullSecrets: []api.LocalObjectReference{
{
Name: imagePullSecrets,
},
},
Volumes: []api.Volume{
{
Name: credentialsName,
Expand Down Expand Up @@ -876,7 +886,7 @@ func createRoleBindings(clientset client.Interface, namespace, saName, federatio
return newRole, newRolebinding, err
}

func createControllerManager(clientset client.Interface, namespace, name, svcName, cmName, image, kubeconfigName, dnsZoneName, dnsProvider, dnsProviderConfig, saName string, dnsProviderSecret *api.Secret, argOverrides map[string]string, dryRun bool) (*extensions.Deployment, error) {
func createControllerManager(clientset client.Interface, namespace, name, svcName, cmName, image, kubeconfigName, dnsZoneName, dnsProvider, dnsProviderConfig, saName string, dnsProviderSecret *api.Secret, argOverrides map[string]string, dryRun bool, imagePullPolicy, imagePullSecrets string) (*extensions.Deployment, error) {
command := []string{
"/hyperkube",
"federation-controller-manager",
Expand Down Expand Up @@ -923,9 +933,10 @@ func createControllerManager(clientset client.Interface, namespace, name, svcNam
Spec: api.PodSpec{
Containers: []api.Container{
{
Name: "controller-manager",
Image: image,
Command: command,
Name: "controller-manager",
Image: image,
ImagePullPolicy: api.PullPolicy(imagePullPolicy),
Command: command,
VolumeMounts: []api.VolumeMount{
{
Name: kubeconfigName,
Expand All @@ -945,6 +956,11 @@ func createControllerManager(clientset client.Interface, namespace, name, svcNam
},
},
},
ImagePullSecrets: []api.LocalObjectReference{
{
Name: imagePullSecrets,
},
},
Volumes: []api.Volume{
{
Name: kubeconfigName,
Expand Down
44 changes: 36 additions & 8 deletions federation/pkg/kubefed/init/init_test.go
View file
Expand Up @@ -96,6 +96,8 @@ func TestInitFederation(t *testing.T) {
apiserverServiceType v1.ServiceType
advertiseAddress string
serverImage string
imagePullPolicy string
imagePullSecrets string
etcdImage string
etcdPVCapacity string
etcdPVStorageClass string
Expand All @@ -118,6 +120,7 @@ func TestInitFederation(t *testing.T) {
lbIP: lbIP,
apiserverServiceType: v1.ServiceTypeLoadBalancer,
serverImage: "example.test/foo:bar",
imagePullPolicy: "IfNotPresent",
etcdPVCapacity: "5Gi",
etcdPersistence: "true",
expectedErr: "",
Expand All @@ -135,6 +138,7 @@ func TestInitFederation(t *testing.T) {
lbIP: lbIP,
apiserverServiceType: v1.ServiceTypeLoadBalancer,
serverImage: "example.test/foo:bar",
imagePullPolicy: "IfNotPresent",
etcdPVCapacity: "", //test for default value of pvc-size
etcdPersistence: "true",
expectedErr: "",
Expand All @@ -148,6 +152,7 @@ func TestInitFederation(t *testing.T) {
lbIP: lbIP,
apiserverServiceType: v1.ServiceTypeLoadBalancer,
serverImage: "example.test/foo:bar",
imagePullPolicy: "IfNotPresent",
etcdPVCapacity: "",
etcdPersistence: "true",
expectedErr: "",
Expand All @@ -161,6 +166,7 @@ func TestInitFederation(t *testing.T) {
lbIP: lbIP,
apiserverServiceType: v1.ServiceTypeLoadBalancer,
serverImage: "example.test/foo:bar",
imagePullPolicy: "IfNotPresent",
etcdPVCapacity: "5Gi",
etcdPersistence: "false",
expectedErr: "",
Expand All @@ -173,6 +179,7 @@ func TestInitFederation(t *testing.T) {
dnsZoneName: "example.test.",
apiserverServiceType: v1.ServiceTypeNodePort,
serverImage: "example.test/foo:bar",
imagePullPolicy: "IfNotPresent",
etcdPVCapacity: "5Gi",
etcdPersistence: "true",
expectedErr: "",
Expand All @@ -186,6 +193,7 @@ func TestInitFederation(t *testing.T) {
apiserverServiceType: v1.ServiceTypeNodePort,
advertiseAddress: nodeIP,
serverImage: "example.test/foo:bar",
imagePullPolicy: "IfNotPresent",
etcdPVCapacity: "5Gi",
etcdPersistence: "true",
expectedErr: "",
Expand All @@ -199,6 +207,7 @@ func TestInitFederation(t *testing.T) {
apiserverServiceType: v1.ServiceTypeNodePort,
advertiseAddress: nodeIP,
serverImage: "example.test/foo:bar",
imagePullPolicy: "IfNotPresent",
etcdImage: "gcr.io/google_containers/etcd:latest",
etcdPVCapacity: "5Gi",
etcdPVStorageClass: "fast",
Expand Down Expand Up @@ -245,8 +254,11 @@ func TestInitFederation(t *testing.T) {
if tc.etcdImage == "" {
tc.etcdImage = defaultEtcdImage
}
if tc.imagePullPolicy == "" {
tc.imagePullPolicy = "IfNotPresent"
}

hostFactory, err := fakeInitHostFactory(tc.apiserverServiceType, tc.federation, util.DefaultFederationSystemNamespace, tc.advertiseAddress, tc.lbIP, tc.dnsZoneName, tc.serverImage, tc.etcdImage, tc.dnsProvider, tc.dnsProviderConfig, tc.etcdPersistence, tc.etcdPVCapacity, tc.etcdPVStorageClass, tc.apiserverArgOverrides, tc.cmArgOverrides, tmpDirPath, tc.apiserverEnableHTTPBasicAuth, tc.apiserverEnableTokenAuth, tc.isRBACAPIAvailable)
hostFactory, err := fakeInitHostFactory(tc.apiserverServiceType, tc.federation, util.DefaultFederationSystemNamespace, tc.advertiseAddress, tc.lbIP, tc.dnsZoneName, tc.serverImage, tc.imagePullPolicy, tc.imagePullSecrets, tc.etcdImage, tc.dnsProvider, tc.dnsProviderConfig, tc.etcdPersistence, tc.etcdPVCapacity, tc.etcdPVStorageClass, tc.apiserverArgOverrides, tc.cmArgOverrides, tmpDirPath, tc.apiserverEnableHTTPBasicAuth, tc.apiserverEnableTokenAuth, tc.isRBACAPIAvailable)
if err != nil {
t.Fatalf("[%d] unexpected error: %v", i, err)
}
Expand All @@ -263,6 +275,7 @@ func TestInitFederation(t *testing.T) {
cmd.Flags().Set("dns-zone-name", tc.dnsZoneName)
cmd.Flags().Set("image", tc.serverImage)
cmd.Flags().Set("etcd-image", tc.etcdImage)
cmd.Flags().Set("image-pull-policy", tc.imagePullPolicy)
cmd.Flags().Set("dns-provider", tc.dnsProvider)
cmd.Flags().Set("apiserver-arg-overrides", tc.apiserverArgOverrides)
cmd.Flags().Set("controllermanager-arg-overrides", tc.cmArgOverrides)
Expand All @@ -279,6 +292,9 @@ func TestInitFederation(t *testing.T) {
if tc.etcdPersistence != "true" {
cmd.Flags().Set("etcd-persistent-storage", tc.etcdPersistence)
}
if tc.imagePullSecrets != "" {
cmd.Flags().Set("image-pull-secrets", tc.imagePullSecrets)
}
if tc.apiserverServiceType != v1.ServiceTypeLoadBalancer {
cmd.Flags().Set(apiserverServiceTypeFlag, string(tc.apiserverServiceType))
cmd.Flags().Set(apiserverAdvertiseAddressFlag, tc.advertiseAddress)
Expand Down Expand Up @@ -621,7 +637,7 @@ func TestCertsHTTPS(t *testing.T) {
}
}

func fakeInitHostFactory(apiserverServiceType v1.ServiceType, federationName, namespaceName, advertiseAddress, lbIp, dnsZoneName, serverImage, etcdImage, dnsProvider, dnsProviderConfig, etcdPersistence, etcdPVCapacity, etcdPVStorageClass, apiserverOverrideArg, cmOverrideArg, tmpDirPath string, apiserverEnableHTTPBasicAuth, apiserverEnableTokenAuth, isRBACAPIAvailable bool) (cmdutil.Factory, error) {
func fakeInitHostFactory(apiserverServiceType v1.ServiceType, federationName, namespaceName, advertiseAddress, lbIp, dnsZoneName, serverImage, imagePullPolicy, imagePullSecrets, etcdImage, dnsProvider, dnsProviderConfig, etcdPersistence, etcdPVCapacity, etcdPVStorageClass, apiserverOverrideArg, cmOverrideArg, tmpDirPath string, apiserverEnableHTTPBasicAuth, apiserverEnableTokenAuth, isRBACAPIAvailable bool) (cmdutil.Factory, error) {
svcName := federationName + "-apiserver"
svcUrlPrefix := "/api/v1/namespaces/federation-system/services"
credSecretName := svcName + "-credentials"
Expand Down Expand Up @@ -912,9 +928,10 @@ func fakeInitHostFactory(apiserverServiceType v1.ServiceType, federationName, na
Spec: v1.PodSpec{
Containers: []v1.Container{
{
Name: "apiserver",
Image: serverImage,
Command: apiserverCommand,
Name: "apiserver",
Image: serverImage,
ImagePullPolicy: v1.PullPolicy(imagePullPolicy),
Command: apiserverCommand,
Ports: []v1.ContainerPort{
{
Name: apiServerSecurePortName,
Expand Down Expand Up @@ -943,6 +960,11 @@ func fakeInitHostFactory(apiserverServiceType v1.ServiceType, federationName, na
},
},
},
ImagePullSecrets: []v1.LocalObjectReference{
{
Name: imagePullSecrets,
},
},
Volumes: []v1.Volume{
{
Name: credSecretName,
Expand Down Expand Up @@ -1029,9 +1051,10 @@ func fakeInitHostFactory(apiserverServiceType v1.ServiceType, federationName, na
Spec: v1.PodSpec{
Containers: []v1.Container{
{
Name: "controller-manager",
Image: serverImage,
Command: cmCommand,
Name: "controller-manager",
Image: serverImage,
ImagePullPolicy: v1.PullPolicy(imagePullPolicy),
Command: cmCommand,
VolumeMounts: []v1.VolumeMount{
{
Name: cmKubeconfigSecretName,
Expand All @@ -1051,6 +1074,11 @@ func fakeInitHostFactory(apiserverServiceType v1.ServiceType, federationName, na
},
},
},
ImagePullSecrets: []v1.LocalObjectReference{
{
Name: imagePullSecrets,
},
},
Volumes: []v1.Volume{
{
Name: cmKubeconfigSecretName,
Expand Down

0 comments on commit a9d6a52

Please sign in to comment.