Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

helm: add imagePullSecrets for helm charts #3906

Merged
merged 1 commit into from
Jun 16, 2023

Conversation

fungaren
Copy link
Contributor

Describe what this PR does

Currently the Helm chart does not contain a imagePullSecrets option when you are using private container registry, this is very inconvenient. This PR add this option for both CephFS and RBD.

Provide some context for the reviewer

For example, csi-driver-nfs already support this:

https://github.com/kubernetes-csi/csi-driver-nfs/blob/862cb036e3f0d7c3fe28d2b127a6f96335b15309/charts/v4.3.0/csi-driver-nfs/values.yaml#L127-L131

https://github.com/kubernetes-csi/csi-driver-nfs/blob/862cb036e3f0d7c3fe28d2b127a6f96335b15309/charts/v4.3.0/csi-driver-nfs/templates/csi-nfs-controller.yaml#L20-L23

Is there anything that requires special attention

To test this feature, you can use helm template and kubectl apply --dry-run to examine the YAML result and the syntax. For example:

~/ceph-csi/charts$ helm template -n default ceph-csi-rbd ./ceph-csi-cephfs \
--set provisioner.imagePullSecrets[0].name=aaaaa \
--set nodeplugin.imagePullSecrets[0].name=bbbbb | \
kubectl apply -f - --validate='strict' --dry-run=client

serviceaccount/ceph-csi-rbd-ceph-csi-cephfs-nodeplugin created (dry run)
serviceaccount/ceph-csi-rbd-ceph-csi-cephfs-provisioner created (dry run)
configmap/ceph-config created (dry run)
configmap/ceph-csi-config created (dry run)
clusterrole.rbac.authorization.k8s.io/ceph-csi-rbd-ceph-csi-cephfs-provisioner created (dry run)
clusterrolebinding.rbac.authorization.k8s.io/ceph-csi-rbd-ceph-csi-cephfs-provisioner created (dry run)
role.rbac.authorization.k8s.io/ceph-csi-rbd-ceph-csi-cephfs-provisioner created (dry run)
rolebinding.rbac.authorization.k8s.io/ceph-csi-rbd-ceph-csi-cephfs-provisioner created (dry run)
service/ceph-csi-rbd-ceph-csi-cephfs-nodeplugin-http-metrics created (dry run)
service/ceph-csi-rbd-ceph-csi-cephfs-provisioner-http-metrics created (dry run)
daemonset.apps/ceph-csi-rbd-ceph-csi-cephfs-nodeplugin created (dry run)
deployment.apps/ceph-csi-rbd-ceph-csi-cephfs-provisioner created (dry run)
csidriver.storage.k8s.io/cephfs.csi.ceph.com configured (dry run)

Do you have any questions?

Is the change backward compatible?

Are there concerns around backward compatibility?

Provide any external context for the change, if any.

For example:

  • Kubernetes links that explain why the change is required
  • CSI spec related changes/catch-up that necessitates this patch
  • golang related practices that necessitates this change

Related issues

Mention any github issues relevant to this PR. Adding below line
will help to auto close the issue once the PR is merged.

Fixes: #issue_number

Future concerns

List items that are not part of the PR and do not impact it's
functionality, but are work items that can be taken up subsequently.


Show available bot commands

These commands are normally not required, but in case of issues, leave any of
the following bot commands in an otherwise empty comment in this PR:

  • /retest ci/centos/<job-name>: retest the <job-name> after unrelated
    failure (please report the failure too!)
  • /retest all: run this in case the CentOS CI failed to start/report any test
    progress or results

@mergify mergify bot added the component/deployment Helm chart, kubernetes templates and configuration Issues/PRs label Jun 14, 2023
@nixpanic
Copy link
Member

Thanks!

Could you please add support for NFS as well? Also force-push your updated/rebased commit and include your signed-off-by approval. The subject of the commit should also start with deploy: or helm: .

@nixpanic nixpanic added the ci/skip/multi-arch-build skip building on multiple architectures label Jun 14, 2023
@fungaren
Copy link
Contributor Author

@nixpanic Well, but it seems that it does not provide a helm chart for NFS? Theres only ceph-csi-cephfs and ceph-csi-rbd in the charts directory.

@fungaren fungaren changed the title add imagePullSecrets for helm charts helm: add imagePullSecrets for helm charts Jun 14, 2023
@nixpanic
Copy link
Member

@nixpanic Well, but it seems that it does not provide a helm chart for NFS? Theres only ceph-csi-cephfs and ceph-csi-rbd in the charts directory.

Ah, indeed, that seems to be missing 😞

@@ -37,6 +37,10 @@ spec:
# to use e.g. Rook orchestrated cluster, and mons' FQDN is
# resolved through k8s service, set dns policy to cluster first
dnsPolicy: ClusterFirstWithHostNet
{{- if .Values.nodeplugin.imagePullSecrets }}
imagePullSecrets:
{{ toYaml .Values.nodeplugin.imagePullSecrets | indent 8 -}}
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could you show in an example what value you would pass? I would expect something like this instead:

 - name: {{ .Values.nodeplugin.imagePullSecrets }}

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Here you should provide an array like:

imagePullSecrets:
  - name: my-secret-a
  - name: my-secret-b

This part in fact is copied from csi-driver-nfs:

https://github.com/kubernetes-csi/csi-driver-nfs/blob/862cb036e3f0d7c3fe28d2b127a6f96335b15309/charts/v4.3.0/csi-driver-nfs/values.yaml#L127-L131

https://github.com/kubernetes-csi/csi-driver-nfs/blob/862cb036e3f0d7c3fe28d2b127a6f96335b15309/charts/v4.3.0/csi-driver-nfs/templates/csi-nfs-controller.yaml#L20-L23

And It is a recommended way rather than:

imagePullSecrets:
  - name: {{ .Values.nodeplugin.imagePullSecret }}

In this way you can not provide multiple secrets. And maybe there are other fields (no just name only).

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ok, thanks for the clarification!

Madhu-1
Madhu-1 previously approved these changes Jun 15, 2023
@nixpanic
Copy link
Member

@fungaren can you please fix linter errors https://github.com/ceph/ceph-csi/actions/runs/5267388978/jobs/9526493600?pr=3906 and https://github.com/ceph/ceph-csi/pull/3906/checks?check_run_id=14256026729. you can follow https://github.com/ceph/ceph-csi/blob/devel/docs/development-guide.md#code-contribution-workflow to sign the commit.

I think the failure is because there is no empty line between the subject of the commit, and the Signed-off-by line.

@mergify mergify bot dismissed Madhu-1’s stale review June 15, 2023 08:33

Pull request has been modified.

nixpanic
nixpanic previously approved these changes Jun 15, 2023
@nixpanic nixpanic requested a review from Madhu-1 June 15, 2023 08:35
Madhu-1
Madhu-1 previously approved these changes Jun 15, 2023
@nixpanic
Copy link
Member

@megifyio queue

@nixpanic
Copy link
Member

@Mergifyio queue

@mergify
Copy link
Contributor

mergify bot commented Jun 15, 2023

queue

🛑 The pull request has been removed from the queue

Pull request #3906 has been dequeued due to failing checks or checks timeout.

You can take a look at Queue: Embarked in merge train check runs for more details.

In case of a failure due to a flaky test, you should first retrigger the CI.
Then, re-embark the pull request into the merge queue by posting the comment
@mergifyio refresh on the pull request.

@nixpanic
Copy link
Member

Hi @fungaren, could you login (with your GitHub account) on the Mergify Dashboard? It seems that it is required for some reason before Mergify wants to run tests on this PR.

https://dashboard.mergify.com/github/ceph/repo/ceph-csi/queues?branch=devel&pull=3906&queues=default

Once done, leave a comment @mergifyio refresh in this PR. Thanks!

@fungaren
Copy link
Contributor Author

Emm.... It sounds a bit strange... Anyway, I will try.

But I don't have permission to access it.

screenshot-20230615-194802

@Rakshith-R
Copy link
Contributor

@fungaren Can you just rebase on top of devel now git pull --rebase upstream devel and force push the pr?
that should work too AFAIK.

Currently the Helm chart does not contain a
imagePullSecrets option when you are using
private container registry, this is very inconvenient.
This PR add this option for both CephFS and RBD.

Signed-off-by: Garen Fang <fungaren@qq.com>
@mergify mergify bot dismissed stale reviews from nixpanic and Madhu-1 June 15, 2023 11:59

Pull request has been modified.

@Rakshith-R
Copy link
Contributor

@Mergifyio queue

@nixpanic nixpanic added the ok-to-test Label to trigger E2E tests label Jun 15, 2023
@ceph-csi-bot
Copy link
Collaborator

/test ci/centos/k8s-e2e-external-storage/1.24

@ceph-csi-bot
Copy link
Collaborator

/test ci/centos/k8s-e2e-external-storage/1.25

@ceph-csi-bot
Copy link
Collaborator

/test ci/centos/k8s-e2e-external-storage/1.26

@ceph-csi-bot
Copy link
Collaborator

/test ci/centos/k8s-e2e-external-storage/1.27

@ceph-csi-bot
Copy link
Collaborator

/test ci/centos/mini-e2e-helm/k8s-1.24

@ceph-csi-bot
Copy link
Collaborator

/test ci/centos/mini-e2e-helm/k8s-1.25

@ceph-csi-bot
Copy link
Collaborator

/test ci/centos/mini-e2e-helm/k8s-1.26

@ceph-csi-bot
Copy link
Collaborator

/test ci/centos/mini-e2e-helm/k8s-1.27

@ceph-csi-bot
Copy link
Collaborator

/test ci/centos/mini-e2e/k8s-1.24

@ceph-csi-bot
Copy link
Collaborator

/test ci/centos/mini-e2e/k8s-1.25

@ceph-csi-bot
Copy link
Collaborator

/test ci/centos/mini-e2e/k8s-1.26

@ceph-csi-bot
Copy link
Collaborator

/test ci/centos/mini-e2e/k8s-1.27

@ceph-csi-bot
Copy link
Collaborator

/test ci/centos/upgrade-tests-cephfs

@ceph-csi-bot
Copy link
Collaborator

/test ci/centos/upgrade-tests-rbd

@ceph-csi-bot ceph-csi-bot removed the ok-to-test Label to trigger E2E tests label Jun 15, 2023
@nixpanic
Copy link
Member

Thanks @fungaren , I think Mergify is finally also ready to accept+merge this PR.

@Rakshith-R Rakshith-R added the ci/retry/e2e Label to retry e2e retesting on approved PR's label Jun 16, 2023
@ceph-csi-bot
Copy link
Collaborator

/retest ci/centos/mini-e2e-helm/k8s-1.26

@ceph-csi-bot
Copy link
Collaborator

@fungaren "ci/centos/mini-e2e-helm/k8s-1.26" test failed. Logs are available at location for debugging

@ceph-csi-bot
Copy link
Collaborator

/retest ci/centos/upgrade-tests-rbd

@ceph-csi-bot
Copy link
Collaborator

@fungaren "ci/centos/upgrade-tests-rbd" test failed. Logs are available at location for debugging

@ceph-csi-bot
Copy link
Collaborator

/retest ci/centos/mini-e2e/k8s-1.27

@ceph-csi-bot
Copy link
Collaborator

@fungaren "ci/centos/mini-e2e/k8s-1.27" test failed. Logs are available at location for debugging

@ceph-csi-bot
Copy link
Collaborator

/retest ci/centos/upgrade-tests-cephfs

@ceph-csi-bot
Copy link
Collaborator

@fungaren "ci/centos/upgrade-tests-cephfs" test failed. Logs are available at location for debugging

@ceph-csi-bot
Copy link
Collaborator

@Mergifyio requeue

@mergify
Copy link
Contributor

mergify bot commented Jun 16, 2023

requeue

☑️ This pull request is already queued

@mergify mergify bot merged commit 37018a2 into ceph:devel Jun 16, 2023
@fungaren fungaren deleted the support-image-pull-secrets branch June 16, 2023 06:17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
ci/retry/e2e Label to retry e2e retesting on approved PR's ci/skip/multi-arch-build skip building on multiple architectures component/deployment Helm chart, kubernetes templates and configuration Issues/PRs
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants