add private registry support for rke2-charts (#13)

* allow private registry * add pull image from private registry * delete old assets * add newline at the end of _helpers.tpl files * standardize image fields * add system default registry to ingress-nginx
2020-08-21 20:56:13 +02:00 · 2020-08-21 20:56:13 +02:00 · 38b0316832
parent 5e085621c5
commit 38b0316832
14 changed files with 176 additions and 18 deletions
--- a/assets/rke2-canal/rke2-canal-v3.13.3.tgz
+++ b/assets/rke2-canal/rke2-canal-v3.13.3.tgz
--- a/assets/rke2-coredns/rke2-coredns-1.10.101.tgz
+++ b/assets/rke2-coredns/rke2-coredns-1.10.101.tgz
--- a/assets/rke2-ingress-nginx/rke2-ingress-nginx-1.36.300.tgz
+++ b/assets/rke2-ingress-nginx/rke2-ingress-nginx-1.36.300.tgz
--- a/assets/rke2-kube-proxy/rke2-kube-proxy-v1.18.4.tgz
+++ b/assets/rke2-kube-proxy/rke2-kube-proxy-v1.18.4.tgz
--- a/assets/rke2-metrics-server/rke2-metrics-server-2.11.100.tgz
+++ b/assets/rke2-metrics-server/rke2-metrics-server-2.11.100.tgz
--- a/packages/rke2-canal/charts/templates/_helpers.tpl
+++ b/packages/rke2-canal/charts/templates/_helpers.tpl
@ -0,0 +1,7 @@
+{{- define "system_default_registry" -}}
+{{- if .Values.global.systemDefaultRegistry -}}
+{{- printf "%s/" .Values.global.systemDefaultRegistry -}}
+{{- else -}}
+{{- "" -}}
+{{- end -}}
+{{- end -}}
--- a/packages/rke2-canal/charts/templates/daemonset.yaml
+++ b/packages/rke2-canal/charts/templates/daemonset.yaml
@ -50,7 +50,7 @@ spec:
        # This container installs the CNI binaries
        # and CNI network config file on each node.
        - name: install-cni
-          image: {{ .Values.calico.cniImage }}:{{ .Values.calico.imageTag }}
+          image: {{ template "system_default_registry" . }}{{ .Values.calico.cniImage.repository }}:{{ .Values.calico.cniImage.tag }}
          command: ["/install-cni.sh"]
          env:
            # Name of the CNI config file to create.
@ -86,7 +86,7 @@ spec:
        # Adds a Flex Volume Driver that creates a per-pod Unix Domain Socket to allow Dikastes
        # to communicate with Felix over the Policy Sync API.
        - name: flexvol-driver
-          image: {{ .Values.calico.flexvolImage }}:{{ .Values.calico.imageTag }}
+          image: {{ template "system_default_registry" . }}{{ .Values.calico.flexvolImage.repository }}:{{ .Values.calico.flexvolImage.tag }}
          volumeMounts:
          - name: flexvol-driver-host
            mountPath: /host/driver
@ -99,7 +99,7 @@ spec:
        - name: calico-node
          command:
          - "start_runit"
-          image: {{ .Values.calico.nodeImage }}:{{ .Values.calico.imageTag }}
+          image: {{ template "system_default_registry" . }}{{ .Values.calico.nodeImage.repository }}:{{ .Values.calico.nodeImage.tag }}
          env:
            # Use Kubernetes API as the backing datastore.
            - name: DATASTORE_TYPE
@ -186,7 +186,7 @@ spec:
        # This container runs flannel using the kube-subnet-mgr backend
        # for allocating subnets.
        - name: kube-flannel
-          image: {{ .Values.flannel.image }}:{{ .Values.flannel.imageTag }}
+          image: {{ template "system_default_registry" . }}{{ .Values.flannel.image.repository }}:{{ .Values.flannel.image.tag }}
          command:
          - "/opt/bin/flanneld"
          {{- range .Values.flannel.args }}
--- a/packages/rke2-canal/charts/values.yaml
+++ b/packages/rke2-canal/charts/values.yaml
@ -6,9 +6,9 @@ podCidr: "10.42.0.0/16"

 flannel:
  # kube-flannel image
-  image: rancher/flannel
-  # kube-flannel tag
-  imageTag: v0.11.0
+  image:
+    repository: rancher/flannel
+    tag: v0.11.0
  # The interface used by canal for host <-> host communication.
  # If left blank, then the interface is chosen using the node's
  # default route.
@ -23,13 +23,17 @@ flannel:
          
 calico:
  # CNI installation image.
-  cniImage: rancher/calico
+  cniImage:
+    repository: rancher/calico
+    tag: v3.13.3
  # Canal node image.
-  nodeImage: rancher/calico
+  nodeImage:
+    repository: rancher/calico
+    tag: v3.13.3
  # Flexvol Image.
-  flexvolImage: rancher/calico
-  # Image tag used for all related canal images.
-  imageTag: v3.13.3
+  flexvolImage:
+    repository: rancher/calico
+    tag: v3.13.3
  # Datastore type for canal. It can be either kuberentes or etcd.
  datastoreType: kubernetes
  # Wait for datastore to initialize.
@ -61,3 +65,6 @@ calico:
  vethuMTU: 1450
  # Typha is disabled.
  typhaServiceName: none
+
+global:
+  systemDefaultRegistry: ""
--- a/packages/rke2-coredns/rke2-coredns.patch
+++ b/packages/rke2-coredns/rke2-coredns.patch
@ -120,6 +120,15 @@ diff -x '*.tgz' -x '*.lock' -uNr packages/rke2-coredns/charts-original/templates
         {{- end }}
         app.kubernetes.io/name: {{ template "coredns.name" . }}-autoscaler
         app.kubernetes.io/instance: {{ .Release.Name | quote }}
+@@ -63,7 +63,7 @@
+       {{- end }}
+       containers:
+       - name: autoscaler
+-        image: "{{ .Values.autoscaler.image.repository }}:{{ .Values.autoscaler.image.tag }}"
+        image:  {{ template "system_default_registry" . }}{{ .Values.autoscaler.image.repository }}:{{ .Values.autoscaler.image.tag }}
+         imagePullPolicy: {{ .Values.autoscaler.image.pullPolicy }}
+         resources:
+ {{ toYaml .Values.autoscaler.resources | indent 10 }}
 diff -x '*.tgz' -x '*.lock' -uNr packages/rke2-coredns/charts-original/templates/deployment.yaml packages/rke2-coredns/charts/templates/deployment.yaml
 --- packages/rke2-coredns/charts-original/templates/deployment.yaml
 +++ packages/rke2-coredns/charts/templates/deployment.yaml
@ -149,6 +158,15 @@ diff -x '*.tgz' -x '*.lock' -uNr packages/rke2-coredns/charts-original/templates
         {{- end }}
         app.kubernetes.io/name: {{ template "coredns.name" . }}
         app.kubernetes.io/instance: {{ .Release.Name | quote }}
+@@ -70,7 +70,7 @@
+       {{- end }}
+       containers:
+       - name: "coredns"
+-        image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
+        image: {{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }}
+         imagePullPolicy: {{ .Values.image.pullPolicy }}
+         args: [ "-conf", "/etc/coredns/Corefile" ]
+         volumeMounts:
 diff -x '*.tgz' -x '*.lock' -uNr packages/rke2-coredns/charts-original/templates/_helpers.tpl packages/rke2-coredns/charts/templates/_helpers.tpl
 --- packages/rke2-coredns/charts-original/templates/_helpers.tpl
 +++ packages/rke2-coredns/charts/templates/_helpers.tpl
@ -160,6 +178,18 @@ diff -x '*.tgz' -x '*.lock' -uNr packages/rke2-coredns/charts-original/templates
 {{/*
 Create the name of the service account to use
 */}}
+@@ -147,3 +148,11 @@
+     {{ default "default" .Values.serviceAccount.name }}
+ {{- end -}}
+ {{- end -}}
+
+{{- define "system_default_registry" -}}
+{{- if .Values.global.systemDefaultRegistry -}}
+{{- printf "%s/" .Values.global.systemDefaultRegistry -}}
+{{- else -}}
+{{- "" -}}
+{{- end -}}
+{{- end -}}
 diff -x '*.tgz' -x '*.lock' -uNr packages/rke2-coredns/charts-original/templates/poddisruptionbudget.yaml packages/rke2-coredns/charts/templates/poddisruptionbudget.yaml
 --- packages/rke2-coredns/charts-original/templates/poddisruptionbudget.yaml
 +++ packages/rke2-coredns/charts/templates/poddisruptionbudget.yaml
@ -300,9 +330,12 @@ diff -x '*.tgz' -x '*.lock' -uNr packages/rke2-coredns/charts-original/values.ya
   pullPolicy: IfNotPresent
 
 replicaCount: 1
-@@ -196,3 +196,4 @@
+@@ -196,3 +196,7 @@
     ## Annotations for the coredns-autoscaler configmap
     # i.e. strategy.spinnaker.io/versioned: "false" to ensure configmap isn't renamed
     annotations: {}
 +k8sApp : "kube-dns"
+
+global:
+  systemDefaultRegistry: ""
 \ No newline at end of file
--- a/packages/rke2-ingress-nginx/rke2-ingress-nginx.patch
+++ b/packages/rke2-ingress-nginx/rke2-ingress-nginx.patch
@ -10,6 +10,68 @@ diff -x '*.tgz' -x '*.lock' -uNr packages/rke2-ingress-nginx/charts-original/Cha
 sources:
 - https://github.com/kubernetes/ingress-nginx
 version: 1.36.3
+diff -x '*.tgz' -x '*.lock' -uNr packages/rke2-ingress-nginx/charts-original/templates/admission-webhooks/job-patch/job-createSecret.yaml packages/rke2-ingress-nginx/charts/templates/admission-webhooks/job-patch/job-createSecret.yaml
+--- packages/rke2-ingress-nginx/charts-original/templates/admission-webhooks/job-patch/job-createSecret.yaml
+++ packages/rke2-ingress-nginx/charts/templates/admission-webhooks/job-patch/job-createSecret.yaml
+@@ -36,7 +36,7 @@
+       {{- end }}
+       containers:
+         - name: create
+-          image: {{ .Values.controller.admissionWebhooks.patch.image.repository }}:{{ .Values.controller.admissionWebhooks.patch.image.tag }}
+          image: {{ template "system_default_registry" . }}{{ .Values.controller.admissionWebhooks.patch.image.repository }}:{{ .Values.controller.admissionWebhooks.patch.image.tag }}
+           imagePullPolicy: {{ .Values.controller.admissionWebhooks.patch.image.pullPolicy }}
+           args:
+             - create
+diff -x '*.tgz' -x '*.lock' -uNr packages/rke2-ingress-nginx/charts-original/templates/controller-daemonset.yaml packages/rke2-ingress-nginx/charts/templates/controller-daemonset.yaml
+--- packages/rke2-ingress-nginx/charts-original/templates/controller-daemonset.yaml
+++ packages/rke2-ingress-nginx/charts/templates/controller-daemonset.yaml
+@@ -60,7 +60,7 @@
+       {{- end }}
+       containers:
+         - name: {{ template "nginx-ingress.name" . }}-{{ .Values.controller.name }}
+-          image: "{{ .Values.controller.image.repository }}:{{ .Values.controller.image.tag }}"
+          image: {{ template "system_default_registry" . }}{{ .Values.controller.image.repository }}:{{ .Values.controller.image.tag }}
+           imagePullPolicy: "{{ .Values.controller.image.pullPolicy }}"
+           {{- if .Values.controller.lifecycle }}
+           lifecycle:
+diff -x '*.tgz' -x '*.lock' -uNr packages/rke2-ingress-nginx/charts-original/templates/default-backend-deployment.yaml packages/rke2-ingress-nginx/charts/templates/default-backend-deployment.yaml
+--- packages/rke2-ingress-nginx/charts-original/templates/default-backend-deployment.yaml
+++ packages/rke2-ingress-nginx/charts/templates/default-backend-deployment.yaml
+@@ -51,7 +51,7 @@
+       {{- end }}
+       containers:
+         - name: {{ template "nginx-ingress.name" . }}-{{ .Values.defaultBackend.name }}
+-          image: "{{ .Values.defaultBackend.image.repository }}:{{ .Values.defaultBackend.image.tag }}"
+          image:  {{ template "system_default_registry" . }}{{ .Values.defaultBackend.image.repository }}:{{ .Values.defaultBackend.image.tag }}
+           imagePullPolicy: "{{ .Values.defaultBackend.image.pullPolicy }}"
+           args:
+           {{- range $key, $value := .Values.defaultBackend.extraArgs }}
+diff -x '*.tgz' -x '*.lock' -uNr packages/rke2-ingress-nginx/charts-original/templates/_helpers.tpl packages/rke2-ingress-nginx/charts/templates/_helpers.tpl
+--- packages/rke2-ingress-nginx/charts-original/templates/_helpers.tpl
+++ packages/rke2-ingress-nginx/charts/templates/_helpers.tpl
+@@ -55,6 +55,7 @@
+ Users can provide an override for an explicit service they want bound via `.Values.controller.publishService.pathOverride`
+ 
+ */}}
+
+ {{- define "nginx-ingress.controller.publishServicePath" -}}
+ {{- $defServiceName := printf "%s/%s" .Release.Namespace (include "nginx-ingress.controller.fullname" .) -}}
+ {{- $servicePath := default $defServiceName .Values.controller.publishService.pathOverride }}
+@@ -122,4 +123,12 @@
+ {{- else -}}
+ {{- print "extensions/v1beta1" -}}
+ {{- end -}}
+-{{- end -}}
+\ No newline at end of file
+{{- end -}}
+
+{{- define "system_default_registry" -}}
+{{- if .Values.global.systemDefaultRegistry -}}
+{{- printf "%s/" .Values.global.systemDefaultRegistry -}}
+{{- else -}}
+{{- "" -}}
+{{- end -}}
+{{- end -}}
 diff -x '*.tgz' -x '*.lock' -uNr packages/rke2-ingress-nginx/charts-original/values.yaml packages/rke2-ingress-nginx/charts/values.yaml
 --- packages/rke2-ingress-nginx/charts-original/values.yaml
 +++ packages/rke2-ingress-nginx/charts/values.yaml
@ -40,3 +102,10 @@ diff -x '*.tgz' -x '*.lock' -uNr packages/rke2-ingress-nginx/charts-original/val
 
     annotations: {}
     labels: {}
+@@ -573,3 +573,6 @@
+ ##
+ udp: {}
+ #  53: "kube-system/kube-dns:53"
+
+global:
+  systemDefaultRegistry: ""
--- a/packages/rke2-kube-proxy/charts/templates/_helpers.tpl
+++ b/packages/rke2-kube-proxy/charts/templates/_helpers.tpl
@ -0,0 +1,7 @@
+{{- define "system_default_registry" -}}
+{{- if .Values.global.systemDefaultRegistry -}}
+{{- printf "%s/" .Values.global.systemDefaultRegistry -}}
+{{- else -}}
+{{- "" -}}
+{{- end -}}
+{{- end -}}
--- a/packages/rke2-kube-proxy/charts/templates/daemonset.yaml
+++ b/packages/rke2-kube-proxy/charts/templates/daemonset.yaml
@ -25,7 +25,7 @@ spec:
            fieldRef:
              apiVersion: v1
              fieldPath: spec.nodeName
-        image: {{ .Values.image }}:{{ .Values.imageTag }}
+        image: {{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }}
        imagePullPolicy: IfNotPresent
        name: kube-proxy
        securityContext:
--- a/packages/rke2-kube-proxy/charts/values.yaml
+++ b/packages/rke2-kube-proxy/charts/values.yaml
@ -1,10 +1,9 @@
 ---

 # image for kubeproxy
-image: rancher/kube-proxy
-
-# image tag for kubeproxy
-imageTag: v1.18.4
+image:
+  repository: rancher/kube-proxy
+  tag: v1.18.4

 # The IP address for the proxy server to serve on 
 # (set to '0.0.0.0' for all IPv4 interfaces and '::' for all IPv6 interfaces)
@ -220,3 +219,5 @@ version:

 # If set, write the default configuration values to this file and exit.
 writeConfigTo:
+global:
+  systemDefaultRegistry: ""
--- a/packages/rke2-metrics-server/rke2-metrics-server.patch
+++ b/packages/rke2-metrics-server/rke2-metrics-server.patch
@ -10,6 +10,33 @@ diff -x '*.tgz' -x '*.lock' -uNr packages/rke2-metrics-server/charts-original/Ch
 sources:
 - https://github.com/kubernetes-incubator/metrics-server
 version: 2.11.1
+diff -x '*.tgz' -x '*.lock' -uNr packages/rke2-metrics-server/charts-original/templates/_helpers.tpl packages/rke2-metrics-server/charts/templates/_helpers.tpl
+--- packages/rke2-metrics-server/charts-original/templates/_helpers.tpl
+++ packages/rke2-metrics-server/charts/templates/_helpers.tpl
+@@ -49,3 +49,11 @@
+     {{ default "default" .Values.serviceAccount.name }}
+ {{- end -}}
+ {{- end -}}
+
+{{- define "system_default_registry" -}}
+{{- if .Values.global.systemDefaultRegistry -}}
+{{- printf "%s/" .Values.global.systemDefaultRegistry -}}
+{{- else -}}
+{{- "" -}}
+{{- end -}}
+{{- end -}}
+diff -x '*.tgz' -x '*.lock' -uNr packages/rke2-metrics-server/charts-original/templates/metrics-server-deployment.yaml packages/rke2-metrics-server/charts/templates/metrics-server-deployment.yaml
+--- packages/rke2-metrics-server/charts-original/templates/metrics-server-deployment.yaml
+++ packages/rke2-metrics-server/charts/templates/metrics-server-deployment.yaml
+@@ -47,7 +47,7 @@
+         {{- ( tpl (toYaml .Values.extraContainers) . ) | nindent 8 }}
+         {{- end }}
+         - name: metrics-server
+-          image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
+          image: {{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }}
+           imagePullPolicy: {{ .Values.image.pullPolicy }}
+           command:
+             - /metrics-server
 diff -x '*.tgz' -x '*.lock' -uNr packages/rke2-metrics-server/charts-original/values.yaml packages/rke2-metrics-server/charts/values.yaml
 --- packages/rke2-metrics-server/charts-original/values.yaml
 +++ packages/rke2-metrics-server/charts/values.yaml
@ -22,3 +49,10 @@ diff -x '*.tgz' -x '*.lock' -uNr packages/rke2-metrics-server/charts-original/va
   tag: v0.3.6
   pullPolicy: IfNotPresent
 
+@@ -107,3 +107,6 @@
+   enabled: false
+   minAvailable:
+   maxUnavailable:
+
+global:
+  systemDefaultRegistry: ""