Add a config option to be able to use a docker image from a private repository in helm charts #5041

Eijebong · 2022-01-08T14:54:47Z

I have a patch that works when you specify a sercret but needs to be tested without one.

Untested patch

diff --git a/infrastructure/k8s/templates/taskcluster-auth-cron-purgeExpiredClients.yaml b/infrastructure/k8s/templates/taskcluster-auth-cron-purgeExpiredClients.yaml
index 26f47781c..0296d93ed 100644
--- a/infrastructure/k8s/templates/taskcluster-auth-cron-purgeExpiredClients.yaml
+++ b/infrastructure/k8s/templates/taskcluster-auth-cron-purgeExpiredClients.yaml
@@ -19,6 +19,10 @@ spec:
         metadata:
           labels: *ref_0
         spec:
+        {{- with.Values.imagePullSecrets }}
+          imagePullSecrets:
+            {{- toYaml . | nindent 12 }}
+        {{- end }}
           restartPolicy: OnFailure
           containers:
             - name: taskcluster-auth-purgeexpiredclients
diff --git a/infrastructure/k8s/templates/taskcluster-auth-deployment-web.yaml b/infrastructure/k8s/templates/taskcluster-auth-deployment-web.yaml
index a0d88a16c..044dba9a0 100644
--- a/infrastructure/k8s/templates/taskcluster-auth-deployment-web.yaml
+++ b/infrastructure/k8s/templates/taskcluster-auth-deployment-web.yaml
@@ -17,6 +17,10 @@ spec:
         checksum/secret: '{{ include (print $.Template.BasePath "/taskcluster-auth-secret.yaml") . | sha256sum }}'
       labels: *ref_0
     spec:
+    {{- with.Values.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+    {{- end }}
       serviceAccountName: taskcluster-auth
       containers:
         - name: taskcluster-auth-web
diff --git a/infrastructure/k8s/templates/taskcluster-built-in-workers-deployment-server.yaml b/infrastructure/k8s/templates/taskcluster-built-in-workers-deployment-server.yaml
index 302fadac2..55bbb1e55 100644
--- a/infrastructure/k8s/templates/taskcluster-built-in-workers-deployment-server.yaml
+++ b/infrastructure/k8s/templates/taskcluster-built-in-workers-deployment-server.yaml
@@ -17,6 +17,10 @@ spec:
         checksum/secret: '{{ include (print $.Template.BasePath "/taskcluster-built-in-workers-secret.yaml") . | sha256sum }}'
       labels: *ref_0
     spec:
+    {{- with.Values.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+    {{- end }}
       serviceAccountName: taskcluster-built-in-workers
       containers:
         - name: taskcluster-built-in-workers-server
diff --git a/infrastructure/k8s/templates/taskcluster-github-cron-sync.yaml b/infrastructure/k8s/templates/taskcluster-github-cron-sync.yaml
index 92693891d..8566e9af4 100644
--- a/infrastructure/k8s/templates/taskcluster-github-cron-sync.yaml
+++ b/infrastructure/k8s/templates/taskcluster-github-cron-sync.yaml
@@ -19,6 +19,10 @@ spec:
         metadata:
           labels: *ref_0
         spec:
+        {{- with.Values.imagePullSecrets }}
+          imagePullSecrets:
+            {{- toYaml . | nindent 12 }}
+        {{- end }}
           restartPolicy: OnFailure
           containers:
             - name: taskcluster-github-sync
diff --git a/infrastructure/k8s/templates/taskcluster-github-deployment-web.yaml b/infrastructure/k8s/templates/taskcluster-github-deployment-web.yaml
index 845f313f4..d69b243cf 100644
--- a/infrastructure/k8s/templates/taskcluster-github-deployment-web.yaml
+++ b/infrastructure/k8s/templates/taskcluster-github-deployment-web.yaml
@@ -17,6 +17,10 @@ spec:
         checksum/secret: '{{ include (print $.Template.BasePath "/taskcluster-github-secret.yaml") . | sha256sum }}'
       labels: *ref_0
     spec:
+    {{- with.Values.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+    {{- end }}
       serviceAccountName: taskcluster-github
       containers:
         - name: taskcluster-github-web
diff --git a/infrastructure/k8s/templates/taskcluster-github-deployment-worker.yaml b/infrastructure/k8s/templates/taskcluster-github-deployment-worker.yaml
index 7e6b2a07b..78f27d4f4 100644
--- a/infrastructure/k8s/templates/taskcluster-github-deployment-worker.yaml
+++ b/infrastructure/k8s/templates/taskcluster-github-deployment-worker.yaml
@@ -17,6 +17,10 @@ spec:
         checksum/secret: '{{ include (print $.Template.BasePath "/taskcluster-github-secret.yaml") . | sha256sum }}'
       labels: *ref_0
     spec:
+    {{- with.Values.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+    {{- end }}
       serviceAccountName: taskcluster-github
       containers:
         - name: taskcluster-github-worker
diff --git a/infrastructure/k8s/templates/taskcluster-hooks-cron-expires.yaml b/infrastructure/k8s/templates/taskcluster-hooks-cron-expires.yaml
index 2ffe67909..20ac0abcb 100644
--- a/infrastructure/k8s/templates/taskcluster-hooks-cron-expires.yaml
+++ b/infrastructure/k8s/templates/taskcluster-hooks-cron-expires.yaml
@@ -19,6 +19,10 @@ spec:
         metadata:
           labels: *ref_0
         spec:
+        {{- with.Values.imagePullSecrets }}
+          imagePullSecrets:
+            {{- toYaml . | nindent 12 }}
+        {{- end }}
           restartPolicy: OnFailure
           containers:
             - name: taskcluster-hooks-expires
diff --git a/infrastructure/k8s/templates/taskcluster-hooks-deployment-listeners.yaml b/infrastructure/k8s/templates/taskcluster-hooks-deployment-listeners.yaml
index 79ea5b16e..9bf218dd8 100644
--- a/infrastructure/k8s/templates/taskcluster-hooks-deployment-listeners.yaml
+++ b/infrastructure/k8s/templates/taskcluster-hooks-deployment-listeners.yaml
@@ -17,6 +17,10 @@ spec:
         checksum/secret: '{{ include (print $.Template.BasePath "/taskcluster-hooks-secret.yaml") . | sha256sum }}'
       labels: *ref_0
     spec:
+    {{- with.Values.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+    {{- end }}
       serviceAccountName: taskcluster-hooks
       containers:
         - name: taskcluster-hooks-listeners
diff --git a/infrastructure/k8s/templates/taskcluster-hooks-deployment-scheduler.yaml b/infrastructure/k8s/templates/taskcluster-hooks-deployment-scheduler.yaml
index 39a1dd991..a7baf7852 100644
--- a/infrastructure/k8s/templates/taskcluster-hooks-deployment-scheduler.yaml
+++ b/infrastructure/k8s/templates/taskcluster-hooks-deployment-scheduler.yaml
@@ -17,6 +17,10 @@ spec:
         checksum/secret: '{{ include (print $.Template.BasePath "/taskcluster-hooks-secret.yaml") . | sha256sum }}'
       labels: *ref_0
     spec:
+    {{- with.Values.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+    {{- end }}
       serviceAccountName: taskcluster-hooks
       containers:
         - name: taskcluster-hooks-scheduler
diff --git a/infrastructure/k8s/templates/taskcluster-hooks-deployment-web.yaml b/infrastructure/k8s/templates/taskcluster-hooks-deployment-web.yaml
index 08eadd1ac..88ac33f38 100644
--- a/infrastructure/k8s/templates/taskcluster-hooks-deployment-web.yaml
+++ b/infrastructure/k8s/templates/taskcluster-hooks-deployment-web.yaml
@@ -17,6 +17,10 @@ spec:
         checksum/secret: '{{ include (print $.Template.BasePath "/taskcluster-hooks-secret.yaml") . | sha256sum }}'
       labels: *ref_0
     spec:
+      {{- with.Values.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
       serviceAccountName: taskcluster-hooks
       containers:
         - name: taskcluster-hooks-web
diff --git a/infrastructure/k8s/templates/taskcluster-index-cron-expire.yaml b/infrastructure/k8s/templates/taskcluster-index-cron-expire.yaml
index 686653377..c2b43aa4a 100644
--- a/infrastructure/k8s/templates/taskcluster-index-cron-expire.yaml
+++ b/infrastructure/k8s/templates/taskcluster-index-cron-expire.yaml
@@ -19,6 +19,10 @@ spec:
         metadata:
           labels: *ref_0
         spec:
+        {{- with.Values.imagePullSecrets }}
+          imagePullSecrets:
+            {{- toYaml . | nindent 12 }}
+        {{- end }}
           restartPolicy: OnFailure
           containers:
             - name: taskcluster-index-expire
diff --git a/infrastructure/k8s/templates/taskcluster-index-deployment-handlers.yaml b/infrastructure/k8s/templates/taskcluster-index-deployment-handlers.yaml
index 3e4e56bb4..a1c5ac2a5 100644
--- a/infrastructure/k8s/templates/taskcluster-index-deployment-handlers.yaml
+++ b/infrastructure/k8s/templates/taskcluster-index-deployment-handlers.yaml
@@ -17,6 +17,10 @@ spec:
         checksum/secret: '{{ include (print $.Template.BasePath "/taskcluster-index-secret.yaml") . | sha256sum }}'
       labels: *ref_0
     spec:
+    {{- with.Values.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+    {{- end }}
       serviceAccountName: taskcluster-index
       containers:
         - name: taskcluster-index-handlers
diff --git a/infrastructure/k8s/templates/taskcluster-index-deployment-web.yaml b/infrastructure/k8s/templates/taskcluster-index-deployment-web.yaml
index 3ab7c2dd5..bfefd0369 100644
--- a/infrastructure/k8s/templates/taskcluster-index-deployment-web.yaml
+++ b/infrastructure/k8s/templates/taskcluster-index-deployment-web.yaml
@@ -17,6 +17,10 @@ spec:
         checksum/secret: '{{ include (print $.Template.BasePath "/taskcluster-index-secret.yaml") . | sha256sum }}'
       labels: *ref_0
     spec:
+    {{- with.Values.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+    {{- end }}
       serviceAccountName: taskcluster-index
       containers:
         - name: taskcluster-index-web
diff --git a/infrastructure/k8s/templates/taskcluster-notify-deployment-handler.yaml b/infrastructure/k8s/templates/taskcluster-notify-deployment-handler.yaml
index 68e9bc474..5345c518c 100644
--- a/infrastructure/k8s/templates/taskcluster-notify-deployment-handler.yaml
+++ b/infrastructure/k8s/templates/taskcluster-notify-deployment-handler.yaml
@@ -17,6 +17,10 @@ spec:
         checksum/secret: '{{ include (print $.Template.BasePath "/taskcluster-notify-secret.yaml") . | sha256sum }}'
       labels: *ref_0
     spec:
+    {{- with.Values.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+    {{- end }}
       serviceAccountName: taskcluster-notify
       containers:
         - name: taskcluster-notify-handler
diff --git a/infrastructure/k8s/templates/taskcluster-notify-deployment-web.yaml b/infrastructure/k8s/templates/taskcluster-notify-deployment-web.yaml
index 47d6a8cc9..e13707428 100644
--- a/infrastructure/k8s/templates/taskcluster-notify-deployment-web.yaml
+++ b/infrastructure/k8s/templates/taskcluster-notify-deployment-web.yaml
@@ -17,6 +17,10 @@ spec:
         checksum/secret: '{{ include (print $.Template.BasePath "/taskcluster-notify-secret.yaml") . | sha256sum }}'
       labels: *ref_0
     spec:
+    {{- with.Values.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+    {{- end }}
       serviceAccountName: taskcluster-notify
       containers:
         - name: taskcluster-notify-web
diff --git a/infrastructure/k8s/templates/taskcluster-object-cron-expire.yaml b/infrastructure/k8s/templates/taskcluster-object-cron-expire.yaml
index 7bdb17d6a..d5fb55cb8 100644
--- a/infrastructure/k8s/templates/taskcluster-object-cron-expire.yaml
+++ b/infrastructure/k8s/templates/taskcluster-object-cron-expire.yaml
@@ -19,6 +19,10 @@ spec:
         metadata:
           labels: *ref_0
         spec:
+        {{- with.Values.imagePullSecrets }}
+          imagePullSecrets:
+            {{- toYaml . | nindent 12 }}
+        {{- end }}
           restartPolicy: OnFailure
           containers:
             - name: taskcluster-object-expire
diff --git a/infrastructure/k8s/templates/taskcluster-object-deployment-web.yaml b/infrastructure/k8s/templates/taskcluster-object-deployment-web.yaml
index 7cd317964..df26dd266 100644
--- a/infrastructure/k8s/templates/taskcluster-object-deployment-web.yaml
+++ b/infrastructure/k8s/templates/taskcluster-object-deployment-web.yaml
@@ -17,6 +17,10 @@ spec:
         checksum/secret: '{{ include (print $.Template.BasePath "/taskcluster-object-secret.yaml") . | sha256sum }}'
       labels: *ref_0
     spec:
+    {{- with.Values.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+    {{- end }}
       serviceAccountName: taskcluster-object
       containers:
         - name: taskcluster-object-web
diff --git a/infrastructure/k8s/templates/taskcluster-purge-cache-cron-expireCachePurges.yaml b/infrastructure/k8s/templates/taskcluster-purge-cache-cron-expireCachePurges.yaml
index a27986519..1fa9adf8a 100644
--- a/infrastructure/k8s/templates/taskcluster-purge-cache-cron-expireCachePurges.yaml
+++ b/infrastructure/k8s/templates/taskcluster-purge-cache-cron-expireCachePurges.yaml
@@ -19,6 +19,10 @@ spec:
         metadata:
           labels: *ref_0
         spec:
+        {{- with.Values.imagePullSecrets }}
+          imagePullSecrets:
+            {{- toYaml . | nindent 12 }}
+        {{- end }}
           restartPolicy: OnFailure
           containers:
             - name: taskcluster-purge-cache-expirecachepurges
diff --git a/infrastructure/k8s/templates/taskcluster-purge-cache-deployment-web.yaml b/infrastructure/k8s/templates/taskcluster-purge-cache-deployment-web.yaml
index 3b5b16b2d..06964e879 100644
--- a/infrastructure/k8s/templates/taskcluster-purge-cache-deployment-web.yaml
+++ b/infrastructure/k8s/templates/taskcluster-purge-cache-deployment-web.yaml
@@ -17,6 +17,10 @@ spec:
         checksum/secret: '{{ include (print $.Template.BasePath "/taskcluster-purge-cache-secret.yaml") . | sha256sum }}'
       labels: *ref_0
     spec:
+    {{- with.Values.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+    {{- end }}
       serviceAccountName: taskcluster-purge-cache
       containers:
         - name: taskcluster-purge-cache-web
diff --git a/infrastructure/k8s/templates/taskcluster-queue-cron-expireArtifacts.yaml b/infrastructure/k8s/templates/taskcluster-queue-cron-expireArtifacts.yaml
index 95aa884ec..36fc20ea7 100644
--- a/infrastructure/k8s/templates/taskcluster-queue-cron-expireArtifacts.yaml
+++ b/infrastructure/k8s/templates/taskcluster-queue-cron-expireArtifacts.yaml
@@ -19,6 +19,10 @@ spec:
         metadata:
           labels: *ref_0
         spec:
+        {{- with.Values.imagePullSecrets }}
+          imagePullSecrets:
+            {{- toYaml . | nindent 12 }}
+        {{- end }}
           restartPolicy: OnFailure
           containers:
             - name: taskcluster-queue-expireartifacts
diff --git a/infrastructure/k8s/templates/taskcluster-queue-cron-expireQueueMessages.yaml b/infrastructure/k8s/templates/taskcluster-queue-cron-expireQueueMessages.yaml
index f6e2268ba..32a6cfecc 100644
--- a/infrastructure/k8s/templates/taskcluster-queue-cron-expireQueueMessages.yaml
+++ b/infrastructure/k8s/templates/taskcluster-queue-cron-expireQueueMessages.yaml
@@ -19,6 +19,10 @@ spec:
         metadata:
           labels: *ref_0
         spec:
+        {{- with.Values.imagePullSecrets }}
+          imagePullSecrets:
+            {{- toYaml . | nindent 12 }}
+        {{- end }}
           restartPolicy: OnFailure
           containers:
             - name: taskcluster-queue-expirequeuemessages
diff --git a/infrastructure/k8s/templates/taskcluster-queue-cron-expireTask.yaml b/infrastructure/k8s/templates/taskcluster-queue-cron-expireTask.yaml
index d87834762..0b087d63f 100644
--- a/infrastructure/k8s/templates/taskcluster-queue-cron-expireTask.yaml
+++ b/infrastructure/k8s/templates/taskcluster-queue-cron-expireTask.yaml
@@ -19,6 +19,10 @@ spec:
         metadata:
           labels: *ref_0
         spec:
+        {{- with.Values.imagePullSecrets }}
+          imagePullSecrets:
+            {{- toYaml . | nindent 12 }}
+        {{- end }}
           restartPolicy: OnFailure
           containers:
             - name: taskcluster-queue-expiretask
diff --git a/infrastructure/k8s/templates/taskcluster-queue-cron-expireTaskDependency.yaml b/infrastructure/k8s/templates/taskcluster-queue-cron-expireTaskDependency.yaml
index 18ef97f6a..d0de1aaf6 100644
--- a/infrastructure/k8s/templates/taskcluster-queue-cron-expireTaskDependency.yaml
+++ b/infrastructure/k8s/templates/taskcluster-queue-cron-expireTaskDependency.yaml
@@ -19,6 +19,10 @@ spec:
         metadata:
           labels: *ref_0
         spec:
+        {{- with.Values.imagePullSecrets }}
+          imagePullSecrets:
+            {{- toYaml . | nindent 12 }}
+        {{- end }}
           restartPolicy: OnFailure
           containers:
             - name: taskcluster-queue-expiretaskdependency
diff --git a/infrastructure/k8s/templates/taskcluster-queue-cron-expireTaskGroups.yaml b/infrastructure/k8s/templates/taskcluster-queue-cron-expireTaskGroups.yaml
index e09320f24..54a8a8d6b 100644
--- a/infrastructure/k8s/templates/taskcluster-queue-cron-expireTaskGroups.yaml
+++ b/infrastructure/k8s/templates/taskcluster-queue-cron-expireTaskGroups.yaml
@@ -19,6 +19,10 @@ spec:
         metadata:
           labels: *ref_0
         spec:
+        {{- with.Values.imagePullSecrets }}
+          imagePullSecrets:
+            {{- toYaml . | nindent 12 }}
+        {{- end }}
           restartPolicy: OnFailure
           containers:
             - name: taskcluster-queue-expiretaskgroups
diff --git a/infrastructure/k8s/templates/taskcluster-queue-cron-expireWorkerInfo.yaml b/infrastructure/k8s/templates/taskcluster-queue-cron-expireWorkerInfo.yaml
index fa603d896..36534a365 100644
--- a/infrastructure/k8s/templates/taskcluster-queue-cron-expireWorkerInfo.yaml
+++ b/infrastructure/k8s/templates/taskcluster-queue-cron-expireWorkerInfo.yaml
@@ -19,6 +19,10 @@ spec:
         metadata:
           labels: *ref_0
         spec:
+        {{- with.Values.imagePullSecrets }}
+          imagePullSecrets:
+            {{- toYaml . | nindent 12 }}
+        {{- end }}
           restartPolicy: OnFailure
           containers:
             - name: taskcluster-queue-expireworkerinfo
diff --git a/infrastructure/k8s/templates/taskcluster-queue-deployment-claimResolver.yaml b/infrastructure/k8s/templates/taskcluster-queue-deployment-claimResolver.yaml
index 12922c571..33df9252c 100644
--- a/infrastructure/k8s/templates/taskcluster-queue-deployment-claimResolver.yaml
+++ b/infrastructure/k8s/templates/taskcluster-queue-deployment-claimResolver.yaml
@@ -17,6 +17,10 @@ spec:
         checksum/secret: '{{ include (print $.Template.BasePath "/taskcluster-queue-secret.yaml") . | sha256sum }}'
       labels: *ref_0
     spec:
+    {{- with.Values.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+    {{- end }}
       serviceAccountName: taskcluster-queue
       containers:
         - name: taskcluster-queue-claimresolver
diff --git a/infrastructure/k8s/templates/taskcluster-queue-deployment-deadlineResolver.yaml b/infrastructure/k8s/templates/taskcluster-queue-deployment-deadlineResolver.yaml
index 572691464..8dd3702ce 100644
--- a/infrastructure/k8s/templates/taskcluster-queue-deployment-deadlineResolver.yaml
+++ b/infrastructure/k8s/templates/taskcluster-queue-deployment-deadlineResolver.yaml
@@ -17,6 +17,10 @@ spec:
         checksum/secret: '{{ include (print $.Template.BasePath "/taskcluster-queue-secret.yaml") . | sha256sum }}'
       labels: *ref_0
     spec:
+    {{- with.Values.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+    {{- end }}
       serviceAccountName: taskcluster-queue
       containers:
         - name: taskcluster-queue-deadlineresolver
diff --git a/infrastructure/k8s/templates/taskcluster-queue-deployment-dependencyResolver.yaml b/infrastructure/k8s/templates/taskcluster-queue-deployment-dependencyResolver.yaml
index a47287cc1..265e29e18 100644
--- a/infrastructure/k8s/templates/taskcluster-queue-deployment-dependencyResolver.yaml
+++ b/infrastructure/k8s/templates/taskcluster-queue-deployment-dependencyResolver.yaml
@@ -17,6 +17,10 @@ spec:
         checksum/secret: '{{ include (print $.Template.BasePath "/taskcluster-queue-secret.yaml") . | sha256sum }}'
       labels: *ref_0
     spec:
+    {{- with.Values.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+    {{- end }}
       serviceAccountName: taskcluster-queue
       containers:
         - name: taskcluster-queue-dependencyresolver
diff --git a/infrastructure/k8s/templates/taskcluster-queue-deployment-web.yaml b/infrastructure/k8s/templates/taskcluster-queue-deployment-web.yaml
index 40124aa9d..7051f12f1 100644
--- a/infrastructure/k8s/templates/taskcluster-queue-deployment-web.yaml
+++ b/infrastructure/k8s/templates/taskcluster-queue-deployment-web.yaml
@@ -17,6 +17,10 @@ spec:
         checksum/secret: '{{ include (print $.Template.BasePath "/taskcluster-queue-secret.yaml") . | sha256sum }}'
       labels: *ref_0
     spec:
+    {{- with.Values.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+    {{- end }}
       serviceAccountName: taskcluster-queue
       containers:
         - name: taskcluster-queue-web
diff --git a/infrastructure/k8s/templates/taskcluster-references-deployment-web.yaml b/infrastructure/k8s/templates/taskcluster-references-deployment-web.yaml
index f179894e9..46aa8be79 100644
--- a/infrastructure/k8s/templates/taskcluster-references-deployment-web.yaml
+++ b/infrastructure/k8s/templates/taskcluster-references-deployment-web.yaml
@@ -17,6 +17,10 @@ spec:
         checksum/secret: '{{ include (print $.Template.BasePath "/taskcluster-references-secret.yaml") . | sha256sum }}'
       labels: *ref_0
     spec:
+    {{- with.Values.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+    {{- end }}
       serviceAccountName: taskcluster-references
       containers:
         - name: taskcluster-references-web
diff --git a/infrastructure/k8s/templates/taskcluster-secrets-cron-expire.yaml b/infrastructure/k8s/templates/taskcluster-secrets-cron-expire.yaml
index f2c43ae3a..86c857929 100644
--- a/infrastructure/k8s/templates/taskcluster-secrets-cron-expire.yaml
+++ b/infrastructure/k8s/templates/taskcluster-secrets-cron-expire.yaml
@@ -19,6 +19,10 @@ spec:
         metadata:
           labels: *ref_0
         spec:
+        {{- with.Values.imagePullSecrets }}
+          imagePullSecrets:
+            {{- toYaml . | nindent 12 }}
+        {{- end }}
           restartPolicy: OnFailure
           containers:
             - name: taskcluster-secrets-expire
diff --git a/infrastructure/k8s/templates/taskcluster-secrets-deployment-web.yaml b/infrastructure/k8s/templates/taskcluster-secrets-deployment-web.yaml
index c893c856a..7213ea8fe 100644
--- a/infrastructure/k8s/templates/taskcluster-secrets-deployment-web.yaml
+++ b/infrastructure/k8s/templates/taskcluster-secrets-deployment-web.yaml
@@ -17,6 +17,10 @@ spec:
         checksum/secret: '{{ include (print $.Template.BasePath "/taskcluster-secrets-secret.yaml") . | sha256sum }}'
       labels: *ref_0
     spec:
+    {{- with.Values.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+    {{- end }}
       serviceAccountName: taskcluster-secrets
       containers:
         - name: taskcluster-secrets-web
diff --git a/infrastructure/k8s/templates/taskcluster-ui-deployment-web.yaml b/infrastructure/k8s/templates/taskcluster-ui-deployment-web.yaml
index f682477b4..328a511d3 100644
--- a/infrastructure/k8s/templates/taskcluster-ui-deployment-web.yaml
+++ b/infrastructure/k8s/templates/taskcluster-ui-deployment-web.yaml
@@ -17,6 +17,10 @@ spec:
         checksum/secret: '{{ include (print $.Template.BasePath "/taskcluster-ui-secret.yaml") . | sha256sum }}'
       labels: *ref_0
     spec:
+    {{- with.Values.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+    {{- end }}
       serviceAccountName: taskcluster-ui
       containers:
         - name: taskcluster-ui-web
diff --git a/infrastructure/k8s/templates/taskcluster-web-server-cron-cleanup-expire-access-tokens.yaml b/infrastructure/k8s/templates/taskcluster-web-server-cron-cleanup-expire-access-tokens.yaml
index 4503f5db5..bf9aed786 100644
--- a/infrastructure/k8s/templates/taskcluster-web-server-cron-cleanup-expire-access-tokens.yaml
+++ b/infrastructure/k8s/templates/taskcluster-web-server-cron-cleanup-expire-access-tokens.yaml
@@ -19,6 +19,10 @@ spec:
         metadata:
           labels: *ref_0
         spec:
+        {{- with.Values.imagePullSecrets }}
+          imagePullSecrets:
+            {{- toYaml . | nindent 12 }}
+        {{- end }}
           restartPolicy: OnFailure
           containers:
             - name: taskcluster-web-server-cleanup-expire-access-tokens
diff --git a/infrastructure/k8s/templates/taskcluster-web-server-cron-cleanup-expire-auth-codes.yaml b/infrastructure/k8s/templates/taskcluster-web-server-cron-cleanup-expire-auth-codes.yaml
index 201e9817b..7355f4785 100644
--- a/infrastructure/k8s/templates/taskcluster-web-server-cron-cleanup-expire-auth-codes.yaml
+++ b/infrastructure/k8s/templates/taskcluster-web-server-cron-cleanup-expire-auth-codes.yaml
@@ -19,6 +19,10 @@ spec:
         metadata:
           labels: *ref_0
         spec:
+        {{- with.Values.imagePullSecrets }}
+          imagePullSecrets:
+            {{- toYaml . | nindent 12 }}
+        {{- end }}
           restartPolicy: OnFailure
           containers:
             - name: taskcluster-web-server-cleanup-expire-auth-codes
diff --git a/infrastructure/k8s/templates/taskcluster-web-server-cron-scanner.yaml b/infrastructure/k8s/templates/taskcluster-web-server-cron-scanner.yaml
index 15ca0193e..aefb3c81b 100644
--- a/infrastructure/k8s/templates/taskcluster-web-server-cron-scanner.yaml
+++ b/infrastructure/k8s/templates/taskcluster-web-server-cron-scanner.yaml
@@ -19,6 +19,10 @@ spec:
         metadata:
           labels: *ref_0
         spec:
+        {{- with.Values.imagePullSecrets }}
+          imagePullSecrets:
+            {{- toYaml . | nindent 12 }}
+        {{- end }}
           restartPolicy: OnFailure
           containers:
             - name: taskcluster-web-server-scanner
diff --git a/infrastructure/k8s/templates/taskcluster-web-server-deployment-web.yaml b/infrastructure/k8s/templates/taskcluster-web-server-deployment-web.yaml
index 2502cecdd..517bb9a72 100644
--- a/infrastructure/k8s/templates/taskcluster-web-server-deployment-web.yaml
+++ b/infrastructure/k8s/templates/taskcluster-web-server-deployment-web.yaml
@@ -17,6 +17,10 @@ spec:
         checksum/secret: '{{ include (print $.Template.BasePath "/taskcluster-web-server-secret.yaml") . | sha256sum }}'
       labels: *ref_0
     spec:
+    {{- with.Values.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+    {{- end }}
       serviceAccountName: taskcluster-web-server
       containers:
         - name: taskcluster-web-server-web
diff --git a/infrastructure/k8s/templates/taskcluster-worker-manager-cron-expire-errors.yaml b/infrastructure/k8s/templates/taskcluster-worker-manager-cron-expire-errors.yaml
index 5b820917c..c373e00f2 100644
--- a/infrastructure/k8s/templates/taskcluster-worker-manager-cron-expire-errors.yaml
+++ b/infrastructure/k8s/templates/taskcluster-worker-manager-cron-expire-errors.yaml
@@ -19,6 +19,10 @@ spec:
         metadata:
           labels: *ref_0
         spec:
+        {{- with.Values.imagePullSecrets }}
+          imagePullSecrets:
+            {{- toYaml . | nindent 12 }}
+        {{- end }}
           restartPolicy: OnFailure
           containers:
             - name: taskcluster-worker-manager-expire-errors
diff --git a/infrastructure/k8s/templates/taskcluster-worker-manager-cron-expire-worker-pools.yaml b/infrastructure/k8s/templates/taskcluster-worker-manager-cron-expire-worker-pools.yaml
index 0b2a29a9b..89ff44662 100644
--- a/infrastructure/k8s/templates/taskcluster-worker-manager-cron-expire-worker-pools.yaml
+++ b/infrastructure/k8s/templates/taskcluster-worker-manager-cron-expire-worker-pools.yaml
@@ -19,6 +19,10 @@ spec:
         metadata:
           labels: *ref_0
         spec:
+        {{- with.Values.imagePullSecrets }}
+          imagePullSecrets:
+            {{- toYaml . | nindent 12 }}
+        {{- end }}
           restartPolicy: OnFailure
           containers:
             - name: taskcluster-worker-manager-expire-worker-pools
diff --git a/infrastructure/k8s/templates/taskcluster-worker-manager-cron-expire-workers.yaml b/infrastructure/k8s/templates/taskcluster-worker-manager-cron-expire-workers.yaml
index e10f20b87..f35db1e84 100644
--- a/infrastructure/k8s/templates/taskcluster-worker-manager-cron-expire-workers.yaml
+++ b/infrastructure/k8s/templates/taskcluster-worker-manager-cron-expire-workers.yaml
@@ -19,6 +19,10 @@ spec:
         metadata:
           labels: *ref_0
         spec:
+        {{- with.Values.imagePullSecrets }}
+          imagePullSecrets:
+            {{- toYaml . | nindent 12 }}
+        {{- end }}
           restartPolicy: OnFailure
           containers:
             - name: taskcluster-worker-manager-expire-workers
diff --git a/infrastructure/k8s/templates/taskcluster-worker-manager-deployment-provisioner.yaml b/infrastructure/k8s/templates/taskcluster-worker-manager-deployment-provisioner.yaml
index fd7e18cb2..3dcca79a4 100644
--- a/infrastructure/k8s/templates/taskcluster-worker-manager-deployment-provisioner.yaml
+++ b/infrastructure/k8s/templates/taskcluster-worker-manager-deployment-provisioner.yaml
@@ -17,6 +17,10 @@ spec:
         checksum/secret: '{{ include (print $.Template.BasePath "/taskcluster-worker-manager-secret.yaml") . | sha256sum }}'
       labels: *ref_0
     spec:
+    {{- with.Values.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+    {{- end }}
       serviceAccountName: taskcluster-worker-manager
       containers:
         - name: taskcluster-worker-manager-provisioner
diff --git a/infrastructure/k8s/templates/taskcluster-worker-manager-deployment-web.yaml b/infrastructure/k8s/templates/taskcluster-worker-manager-deployment-web.yaml
index c9f82c9e0..244699a7c 100644
--- a/infrastructure/k8s/templates/taskcluster-worker-manager-deployment-web.yaml
+++ b/infrastructure/k8s/templates/taskcluster-worker-manager-deployment-web.yaml
@@ -17,6 +17,10 @@ spec:
         checksum/secret: '{{ include (print $.Template.BasePath "/taskcluster-worker-manager-secret.yaml") . | sha256sum }}'
       labels: *ref_0
     spec:
+    {{- with.Values.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+    {{- end }}
       serviceAccountName: taskcluster-worker-manager
       containers:
         - name: taskcluster-worker-manager-web
diff --git a/infrastructure/k8s/templates/taskcluster-worker-manager-deployment-workerscanner.yaml b/infrastructure/k8s/templates/taskcluster-worker-manager-deployment-workerscanner.yaml
index 17557f35e..aae32d06a 100644
--- a/infrastructure/k8s/templates/taskcluster-worker-manager-deployment-workerscanner.yaml
+++ b/infrastructure/k8s/templates/taskcluster-worker-manager-deployment-workerscanner.yaml
@@ -17,6 +17,10 @@ spec:
         checksum/secret: '{{ include (print $.Template.BasePath "/taskcluster-worker-manager-secret.yaml") . | sha256sum }}'
       labels: *ref_0
     spec:
+    {{- with.Values.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+    {{- end }}
       serviceAccountName: taskcluster-worker-manager
       containers:
         - name: taskcluster-worker-manager-workerscanner
diff --git a/infrastructure/k8s/values.schema.json b/infrastructure/k8s/values.schema.json
index 35c535eda..1a5064516 100644
--- a/infrastructure/k8s/values.schema.json
+++ b/infrastructure/k8s/values.schema.json
@@ -7,6 +7,10 @@
       "description": "The name of this deployment of Taskcluster.",
       "type": "string"
     },
+    "imagePullSecrets": {
+      "description": "Secret to get the docker image",
+      "type": "array"
+    },
     "auth": {
       "additionalProperties": false,
       "properties": {
@@ -1913,4 +1917,4 @@
   ],
   "title": "Taskcluster Configuration Values",
   "type": "object"
-}
\ No newline at end of file
+}
diff --git a/infrastructure/k8s/values.yaml b/infrastructure/k8s/values.yaml
index 9f4dc9d93..a1521a580 100644
--- a/infrastructure/k8s/values.yaml
+++ b/infrastructure/k8s/values.yaml
@@ -1,4 +1,5 @@
 dockerImage: taskcluster/taskcluster:v44.1.0
+imagePullSecrets: []
 trustProxy: true
 forceSSL: false
 nodeEnv: production

…rameters alive

petemoore mentioned this issue Jan 21, 2022

Add imagePullSecrets to all helm charts that pull a docker containers #5060

Closed

petemoore added a commit that referenced this issue Feb 1, 2022

Issue #5041: Lock OS threads for all syscalls and keep all syscall pa…

684a62c

…rameters alive

petemoore added contributor-request For issues which originate outside of mozilla and removed contributor-request For issues which originate outside of mozilla labels Feb 10, 2022

lotas mentioned this issue Aug 26, 2022

feat(k8s): Support private docker registry #5642

Merged

lotas closed this as completed in #5642 Aug 28, 2022

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Add a config option to be able to use a docker image from a private repository in helm charts #5041

Add a config option to be able to use a docker image from a private repository in helm charts #5041

Eijebong commented Jan 8, 2022

Add a config option to be able to use a docker image from a private repository in helm charts #5041

Add a config option to be able to use a docker image from a private repository in helm charts #5041

Comments

Eijebong commented Jan 8, 2022