add private registry support for rke2-charts (#13)

* allow private registry * add pull image from private registry * delete old assets * add newline at the end of _helpers.tpl files * standardize image fields * add system default registry to ingress-nginx
2020-08-21 20:56:13 +02:00 · 2020-08-21 20:56:13 +02:00 · 38b0316832
parent 5e085621c5
commit 38b0316832
14 changed files with 176 additions and 18 deletions
--- a/assets/rke2-canal/rke2-canal-v3.13.3.tgz
+++ b/assets/rke2-canal/rke2-canal-v3.13.3.tgz
--- a/assets/rke2-coredns/rke2-coredns-1.10.101.tgz
+++ b/assets/rke2-coredns/rke2-coredns-1.10.101.tgz
--- a/assets/rke2-ingress-nginx/rke2-ingress-nginx-1.36.300.tgz
+++ b/assets/rke2-ingress-nginx/rke2-ingress-nginx-1.36.300.tgz
--- a/assets/rke2-kube-proxy/rke2-kube-proxy-v1.18.4.tgz
+++ b/assets/rke2-kube-proxy/rke2-kube-proxy-v1.18.4.tgz
--- a/assets/rke2-metrics-server/rke2-metrics-server-2.11.100.tgz
+++ b/assets/rke2-metrics-server/rke2-metrics-server-2.11.100.tgz
--- a/packages/rke2-canal/charts/templates/_helpers.tpl
+++ b/packages/rke2-canal/charts/templates/_helpers.tpl
@ -0,0 +1,7 @@
 {{- define "system_default_registry" -}}
 {{- if .Values.global.systemDefaultRegistry -}}
 {{- printf "%s/" .Values.global.systemDefaultRegistry -}}
 {{- else -}}
 {{- "" -}}
 {{- end -}}
 {{- end -}}
--- a/packages/rke2-canal/charts/templates/daemonset.yaml
+++ b/packages/rke2-canal/charts/templates/daemonset.yaml
@ -50,7 +50,7 @@ spec:
        # This container installs the CNI binaries
        # and CNI network config file on each node.
        - name: install-cni
-          image: {{ .Values.calico.cniImage }}:{{ .Values.calico.imageTag }}
+          image: {{ template "system_default_registry" . }}{{ .Values.calico.cniImage.repository }}:{{ .Values.calico.cniImage.tag }}
          command: ["/install-cni.sh"]
          env:
            # Name of the CNI config file to create.
@ -86,7 +86,7 @@ spec:
        # Adds a Flex Volume Driver that creates a per-pod Unix Domain Socket to allow Dikastes
        # to communicate with Felix over the Policy Sync API.
        - name: flexvol-driver
-          image: {{ .Values.calico.flexvolImage }}:{{ .Values.calico.imageTag }}
+          image: {{ template "system_default_registry" . }}{{ .Values.calico.flexvolImage.repository }}:{{ .Values.calico.flexvolImage.tag }}
          volumeMounts:
          - name: flexvol-driver-host
            mountPath: /host/driver
@ -99,7 +99,7 @@ spec:
        - name: calico-node
          command:
          - "start_runit"
-          image: {{ .Values.calico.nodeImage }}:{{ .Values.calico.imageTag }}
+          image: {{ template "system_default_registry" . }}{{ .Values.calico.nodeImage.repository }}:{{ .Values.calico.nodeImage.tag }}
          env:
            # Use Kubernetes API as the backing datastore.
            - name: DATASTORE_TYPE
@ -186,7 +186,7 @@ spec:
        # This container runs flannel using the kube-subnet-mgr backend
        # for allocating subnets.
        - name: kube-flannel
-          image: {{ .Values.flannel.image }}:{{ .Values.flannel.imageTag }}
+          image: {{ template "system_default_registry" . }}{{ .Values.flannel.image.repository }}:{{ .Values.flannel.image.tag }}
          command:
          - "/opt/bin/flanneld"
          {{- range .Values.flannel.args }}
--- a/packages/rke2-canal/charts/values.yaml
+++ b/packages/rke2-canal/charts/values.yaml
@ -6,9 +6,9 @@ podCidr: "10.42.0.0/16"
 flannel:
  # kube-flannel image
-  image: rancher/flannel
+  image:
-  # kube-flannel tag
+    repository: rancher/flannel
-  imageTag: v0.11.0
+    tag: v0.11.0
  # The interface used by canal for host <-> host communication.
  # If left blank, then the interface is chosen using the node's
  # default route.
@ -23,13 +23,17 @@ flannel:
 calico:
  # CNI installation image.
-  cniImage: rancher/calico
+  cniImage:
    repository: rancher/calico
    tag: v3.13.3
  # Canal node image.
-  nodeImage: rancher/calico
+  nodeImage:
    repository: rancher/calico
    tag: v3.13.3
  # Flexvol Image.
-  flexvolImage: rancher/calico
+  flexvolImage:
-  # Image tag used for all related canal images.
+    repository: rancher/calico
-  imageTag: v3.13.3
+    tag: v3.13.3
  # Datastore type for canal. It can be either kuberentes or etcd.
  datastoreType: kubernetes
  # Wait for datastore to initialize.
@ -61,3 +65,6 @@ calico:
  vethuMTU: 1450
  # Typha is disabled.
  typhaServiceName: none
 global:
  systemDefaultRegistry: ""
--- a/packages/rke2-coredns/rke2-coredns.patch
+++ b/packages/rke2-coredns/rke2-coredns.patch
@ -120,6 +120,15 @@ diff -x '*.tgz' -x '*.lock' -uNr packages/rke2-coredns/charts-original/templates
         {{- end }}
         app.kubernetes.io/name: {{ template "coredns.name" . }}-autoscaler
         app.kubernetes.io/instance: {{ .Release.Name | quote }}
@@ -63,7 +63,7 @@
       {{- end }}
       containers:
       - name: autoscaler
 -        image: "{{ .Values.autoscaler.image.repository }}:{{ .Values.autoscaler.image.tag }}"
 +        image:  {{ template "system_default_registry" . }}{{ .Values.autoscaler.image.repository }}:{{ .Values.autoscaler.image.tag }}
         imagePullPolicy: {{ .Values.autoscaler.image.pullPolicy }}
         resources:
 {{ toYaml .Values.autoscaler.resources | indent 10 }}
 diff -x '*.tgz' -x '*.lock' -uNr packages/rke2-coredns/charts-original/templates/deployment.yaml packages/rke2-coredns/charts/templates/deployment.yaml
 --- packages/rke2-coredns/charts-original/templates/deployment.yaml
 +++ packages/rke2-coredns/charts/templates/deployment.yaml
@ -149,6 +158,15 @@ diff -x '*.tgz' -x '*.lock' -uNr packages/rke2-coredns/charts-original/templates
         {{- end }}
         app.kubernetes.io/name: {{ template "coredns.name" . }}
         app.kubernetes.io/instance: {{ .Release.Name | quote }}
@@ -70,7 +70,7 @@
       {{- end }}
       containers:
       - name: "coredns"
 -        image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
 +        image: {{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }}
         imagePullPolicy: {{ .Values.image.pullPolicy }}
         args: [ "-conf", "/etc/coredns/Corefile" ]
         volumeMounts:
 diff -x '*.tgz' -x '*.lock' -uNr packages/rke2-coredns/charts-original/templates/_helpers.tpl packages/rke2-coredns/charts/templates/_helpers.tpl
 --- packages/rke2-coredns/charts-original/templates/_helpers.tpl
 +++ packages/rke2-coredns/charts/templates/_helpers.tpl
@ -160,6 +178,18 @@ diff -x '*.tgz' -x '*.lock' -uNr packages/rke2-coredns/charts-original/templates
 {{/*
 Create the name of the service account to use
 */}}
@@ -147,3 +148,11 @@
     {{ default "default" .Values.serviceAccount.name }}
 {{- end -}}
 {{- end -}}
 +
 +{{- define "system_default_registry" -}}
 +{{- if .Values.global.systemDefaultRegistry -}}
 +{{- printf "%s/" .Values.global.systemDefaultRegistry -}}
 +{{- else -}}
 +{{- "" -}}
 +{{- end -}}
 +{{- end -}}
 diff -x '*.tgz' -x '*.lock' -uNr packages/rke2-coredns/charts-original/templates/poddisruptionbudget.yaml packages/rke2-coredns/charts/templates/poddisruptionbudget.yaml
 --- packages/rke2-coredns/charts-original/templates/poddisruptionbudget.yaml
 +++ packages/rke2-coredns/charts/templates/poddisruptionbudget.yaml
@ -300,9 +330,12 @@ diff -x '*.tgz' -x '*.lock' -uNr packages/rke2-coredns/charts-original/values.ya
   pullPolicy: IfNotPresent
 replicaCount: 1
-@@ -196,3 +196,4 @@
+@@ -196,3 +196,7 @@
     ## Annotations for the coredns-autoscaler configmap
     # i.e. strategy.spinnaker.io/versioned: "false" to ensure configmap isn't renamed
     annotations: {}
 +k8sApp : "kube-dns"
 +
 +global:
 +  systemDefaultRegistry: ""
 \ No newline at end of file
--- a/packages/rke2-ingress-nginx/rke2-ingress-nginx.patch
+++ b/packages/rke2-ingress-nginx/rke2-ingress-nginx.patch
@ -10,6 +10,68 @@ diff -x '*.tgz' -x '*.lock' -uNr packages/rke2-ingress-nginx/charts-original/Cha
 sources:
 - https://github.com/kubernetes/ingress-nginx
 version: 1.36.3
 diff -x '*.tgz' -x '*.lock' -uNr packages/rke2-ingress-nginx/charts-original/templates/admission-webhooks/job-patch/job-createSecret.yaml packages/rke2-ingress-nginx/charts/templates/admission-webhooks/job-patch/job-createSecret.yaml
 --- packages/rke2-ingress-nginx/charts-original/templates/admission-webhooks/job-patch/job-createSecret.yaml
 +++ packages/rke2-ingress-nginx/charts/templates/admission-webhooks/job-patch/job-createSecret.yaml
@@ -36,7 +36,7 @@
       {{- end }}
       containers:
         - name: create
 -          image: {{ .Values.controller.admissionWebhooks.patch.image.repository }}:{{ .Values.controller.admissionWebhooks.patch.image.tag }}
 +          image: {{ template "system_default_registry" . }}{{ .Values.controller.admissionWebhooks.patch.image.repository }}:{{ .Values.controller.admissionWebhooks.patch.image.tag }}
           imagePullPolicy: {{ .Values.controller.admissionWebhooks.patch.image.pullPolicy }}
           args:
             - create
 diff -x '*.tgz' -x '*.lock' -uNr packages/rke2-ingress-nginx/charts-original/templates/controller-daemonset.yaml packages/rke2-ingress-nginx/charts/templates/controller-daemonset.yaml
 --- packages/rke2-ingress-nginx/charts-original/templates/controller-daemonset.yaml
 +++ packages/rke2-ingress-nginx/charts/templates/controller-daemonset.yaml
@@ -60,7 +60,7 @@
       {{- end }}
       containers:
         - name: {{ template "nginx-ingress.name" . }}-{{ .Values.controller.name }}
 -          image: "{{ .Values.controller.image.repository }}:{{ .Values.controller.image.tag }}"
 +          image: {{ template "system_default_registry" . }}{{ .Values.controller.image.repository }}:{{ .Values.controller.image.tag }}
           imagePullPolicy: "{{ .Values.controller.image.pullPolicy }}"
           {{- if .Values.controller.lifecycle }}
           lifecycle:
 diff -x '*.tgz' -x '*.lock' -uNr packages/rke2-ingress-nginx/charts-original/templates/default-backend-deployment.yaml packages/rke2-ingress-nginx/charts/templates/default-backend-deployment.yaml
 --- packages/rke2-ingress-nginx/charts-original/templates/default-backend-deployment.yaml
 +++ packages/rke2-ingress-nginx/charts/templates/default-backend-deployment.yaml
@@ -51,7 +51,7 @@
       {{- end }}
       containers:
         - name: {{ template "nginx-ingress.name" . }}-{{ .Values.defaultBackend.name }}
 -          image: "{{ .Values.defaultBackend.image.repository }}:{{ .Values.defaultBackend.image.tag }}"
 +          image:  {{ template "system_default_registry" . }}{{ .Values.defaultBackend.image.repository }}:{{ .Values.defaultBackend.image.tag }}
           imagePullPolicy: "{{ .Values.defaultBackend.image.pullPolicy }}"
           args:
           {{- range $key, $value := .Values.defaultBackend.extraArgs }}
 diff -x '*.tgz' -x '*.lock' -uNr packages/rke2-ingress-nginx/charts-original/templates/_helpers.tpl packages/rke2-ingress-nginx/charts/templates/_helpers.tpl
 --- packages/rke2-ingress-nginx/charts-original/templates/_helpers.tpl
 +++ packages/rke2-ingress-nginx/charts/templates/_helpers.tpl
@@ -55,6 +55,7 @@
 Users can provide an override for an explicit service they want bound via `.Values.controller.publishService.pathOverride`
 */}}
 +
 {{- define "nginx-ingress.controller.publishServicePath" -}}
 {{- $defServiceName := printf "%s/%s" .Release.Namespace (include "nginx-ingress.controller.fullname" .) -}}
 {{- $servicePath := default $defServiceName .Values.controller.publishService.pathOverride }}
@@ -122,4 +123,12 @@
 {{- else -}}
 {{- print "extensions/v1beta1" -}}
 {{- end -}}
 -{{- end -}}
 \ No newline at end of file
 +{{- end -}}
 +
 +{{- define "system_default_registry" -}}
 +{{- if .Values.global.systemDefaultRegistry -}}
 +{{- printf "%s/" .Values.global.systemDefaultRegistry -}}
 +{{- else -}}
 +{{- "" -}}
 +{{- end -}}
 +{{- end -}}
 diff -x '*.tgz' -x '*.lock' -uNr packages/rke2-ingress-nginx/charts-original/values.yaml packages/rke2-ingress-nginx/charts/values.yaml
 --- packages/rke2-ingress-nginx/charts-original/values.yaml
 +++ packages/rke2-ingress-nginx/charts/values.yaml
@ -40,3 +102,10 @@ diff -x '*.tgz' -x '*.lock' -uNr packages/rke2-ingress-nginx/charts-original/val
     annotations: {}
     labels: {}
@@ -573,3 +573,6 @@
 ##
 udp: {}
 #  53: "kube-system/kube-dns:53"
 +
 +global:
 +  systemDefaultRegistry: ""
--- a/packages/rke2-kube-proxy/charts/templates/_helpers.tpl
+++ b/packages/rke2-kube-proxy/charts/templates/_helpers.tpl
@ -0,0 +1,7 @@
 {{- define "system_default_registry" -}}
 {{- if .Values.global.systemDefaultRegistry -}}
 {{- printf "%s/" .Values.global.systemDefaultRegistry -}}
 {{- else -}}
 {{- "" -}}
 {{- end -}}
 {{- end -}}
--- a/packages/rke2-kube-proxy/charts/templates/daemonset.yaml
+++ b/packages/rke2-kube-proxy/charts/templates/daemonset.yaml
@ -25,7 +25,7 @@ spec:
            fieldRef:
              apiVersion: v1
              fieldPath: spec.nodeName
-        image: {{ .Values.image }}:{{ .Values.imageTag }}
+        image: {{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }}
        imagePullPolicy: IfNotPresent
        name: kube-proxy
        securityContext:
--- a/packages/rke2-kube-proxy/charts/values.yaml
+++ b/packages/rke2-kube-proxy/charts/values.yaml
@ -1,10 +1,9 @@
 ---
 # image for kubeproxy
-image: rancher/kube-proxy
+image:
-
+  repository: rancher/kube-proxy
-# image tag for kubeproxy
+  tag: v1.18.4
 imageTag: v1.18.4
 # The IP address for the proxy server to serve on 
 # (set to '0.0.0.0' for all IPv4 interfaces and '::' for all IPv6 interfaces)
@ -220,3 +219,5 @@ version:
 # If set, write the default configuration values to this file and exit.
 writeConfigTo:
 global:
  systemDefaultRegistry: ""
--- a/packages/rke2-metrics-server/rke2-metrics-server.patch
+++ b/packages/rke2-metrics-server/rke2-metrics-server.patch
@ -10,6 +10,33 @@ diff -x '*.tgz' -x '*.lock' -uNr packages/rke2-metrics-server/charts-original/Ch
 sources:
 - https://github.com/kubernetes-incubator/metrics-server
 version: 2.11.1
 diff -x '*.tgz' -x '*.lock' -uNr packages/rke2-metrics-server/charts-original/templates/_helpers.tpl packages/rke2-metrics-server/charts/templates/_helpers.tpl
 --- packages/rke2-metrics-server/charts-original/templates/_helpers.tpl
 +++ packages/rke2-metrics-server/charts/templates/_helpers.tpl
@@ -49,3 +49,11 @@
     {{ default "default" .Values.serviceAccount.name }}
 {{- end -}}
 {{- end -}}
 +
 +{{- define "system_default_registry" -}}
 +{{- if .Values.global.systemDefaultRegistry -}}
 +{{- printf "%s/" .Values.global.systemDefaultRegistry -}}
 +{{- else -}}
 +{{- "" -}}
 +{{- end -}}
 +{{- end -}}
 diff -x '*.tgz' -x '*.lock' -uNr packages/rke2-metrics-server/charts-original/templates/metrics-server-deployment.yaml packages/rke2-metrics-server/charts/templates/metrics-server-deployment.yaml
 --- packages/rke2-metrics-server/charts-original/templates/metrics-server-deployment.yaml
 +++ packages/rke2-metrics-server/charts/templates/metrics-server-deployment.yaml
@@ -47,7 +47,7 @@
         {{- ( tpl (toYaml .Values.extraContainers) . ) | nindent 8 }}
         {{- end }}
         - name: metrics-server
 -          image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
 +          image: {{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }}
           imagePullPolicy: {{ .Values.image.pullPolicy }}
           command:
             - /metrics-server
 diff -x '*.tgz' -x '*.lock' -uNr packages/rke2-metrics-server/charts-original/values.yaml packages/rke2-metrics-server/charts/values.yaml
 --- packages/rke2-metrics-server/charts-original/values.yaml
 +++ packages/rke2-metrics-server/charts/values.yaml
@ -22,3 +49,10 @@ diff -x '*.tgz' -x '*.lock' -uNr packages/rke2-metrics-server/charts-original/va
   tag: v0.3.6
   pullPolicy: IfNotPresent
@@ -107,3 +107,6 @@
   enabled: false
   minAvailable:
   maxUnavailable:
 +
 +global:
 +  systemDefaultRegistry: ""