add option to set image pull secret to avoid docker hub rate limiting; …

…fixes #18
estafette · Nov 3, 2020 · ff50d26 · ff50d26
1 parent a3852a6
commit ff50d26
Show file tree

Hide file tree

Showing 4 changed files with 32 additions and 4 deletions.
diff --git a/.estafette.yaml b/.estafette.yaml
@@ -88,6 +88,10 @@ stages:
     action: test
     values: |-
       serviceAccountProjectID: my-project-id
+      imagePullSecret:
+        registryURL: https://index.docker.io/v1/
+        username: estafette.secret(ZZS9vKyEdC8m8Qtf.y3LuTU3EAYXUHWCd-ft2gJvJWaAvrspux1TsodBBdQ==.2Gn7U1HeTI_ZBSaU7uplaN1hxLuCGAk2LyW9FTyAZR9sVrkdEgwM23rebFIXAcntkFtFo6t2YbD7iifyyd1POpxQ)
+        password: estafette.secret(NqVcDeYWQkjvHOMY._RpygXd11e_g8UjHYZqZvBI-Q4fQ1018RAq5bikgiTLmyFITyjodEwy5w6JYZ0p-.0Ec1o1hGuP7f3lWadZ7MvUQnUZGlwl1mbz-pUAQknR3QM2mkLY1jrkSFGilQzDGp7GJ9LQhYqEyTeFTKzF-Mebur)
 
   clone-charts-repo:
     image: extensions/git-clone:dev

diff --git a/helm/estafette-gcp-service-account/templates/deployment.yaml b/helm/estafette-gcp-service-account/templates/deployment.yaml
@@ -29,10 +29,10 @@ spec:
         prometheus.io/port: "9101"
         checksum/secrets: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }}
     spec:
-    {{- with .Values.imagePullSecrets }}
+      {{- if .Values.imagePullSecret }}
       imagePullSecrets:
-        {{- toYaml . | nindent 8 }}
-    {{- end }}
+      - name: {{ include "estafette-gcp-service-account.fullname" . }}-image-pull-secret
+      {{- end }}
       serviceAccountName: {{ template "estafette-gcp-service-account.serviceAccountName" . }}
       securityContext:
         {{- toYaml .Values.podSecurityContext | nindent 8 }}

diff --git a/helm/estafette-gcp-service-account/templates/image-pull-secret.yaml b/helm/estafette-gcp-service-account/templates/image-pull-secret.yaml
@@ -0,0 +1,19 @@
+{{- if .Values.imagePullSecret }}
+{{- $registryAuthDocument := dict -}}
+{{- $_ := set $registryAuthDocument "username" .Values.imagePullSecret.username }}
+{{- $_ := set $registryAuthDocument "password" .Values.imagePullSecret.password }}
+{{- $authMessage := printf "%s:%s" $registryAuthDocument.username $registryAuthDocument.password | b64enc }}
+{{- $_ := set $registryAuthDocument "auth" $authMessage }}
+{{- $dockerAuthDocument := dict .Values.imagePullSecret.registryURL $registryAuthDocument }}
+{{- $dockerConfigJSONDocument := dict "auths" $dockerAuthDocument -}}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ include "estafette-gcp-service-account.fullname" . }}-image-pull-secret
+  namespace: {{ .Release.Namespace }}
+  labels:
+{{ include "estafette-gcp-service-account.labels" . | indent 4 }}
+type: kubernetes.io/dockerconfigjson
+data:
+  .dockerconfigjson: {{ $dockerConfigJSONDocument | toJson | b64enc | quote }}
+{{- end -}}
diff --git a/helm/estafette-gcp-service-account/values.yaml b/helm/estafette-gcp-service-account/values.yaml
@@ -34,6 +34,12 @@ secret:
   # sets a json keyfile for a gcp service account
   googleServiceAccountKeyfileJson: '{"type": "service_account"}'
 
+# set an image pull secret to avoid Docker Hub rate limiting issues
+imagePullSecret: {}
+#  registryURL: https://index.docker.io/v1/
+#  username: testUser
+#  password: testPassword
+
 # the following log formats are available: plaintext, console, json, stackdriver, v3 (see https://github.com/estafette/estafette-foundation for more info)
 logFormat: plaintext
 
@@ -49,7 +55,6 @@ image:
   tag:
   pullPolicy: IfNotPresent
 
-imagePullSecrets: []
 nameOverride: ""
 fullnameOverride: ""