Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[charts/occm] Implement imagePullSecret support for master branch #2446

Merged
merged 1 commit into from
Nov 8, 2023

Conversation

carlotardl
Copy link
Contributor

What this PR does / why we need it:
This PR implements imagePullSecrets for the openstack-cloud-controller-manager helm chart on master branch.

Which issue this PR fixes(if applicable):
None applicable

Special notes for reviewers:

Release note:

NONE

@k8s-ci-robot k8s-ci-robot added release-note-none Denotes a PR that doesn't merit a release note. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. labels Oct 20, 2023
@k8s-ci-robot
Copy link
Contributor

Hi @carlotardl. Thanks for your PR.

I'm waiting for a kubernetes member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@k8s-ci-robot k8s-ci-robot added the size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. label Oct 20, 2023
@wwentland
Copy link
Contributor

Thank you!

Please note that the linter is currently failing because you did not bump the chart version in Chart.yaml. It would be fantastic if you could incorporate that here and squash/fixup your commits into a single one.

charts/manila-csi-plugin/Chart.yaml Outdated Show resolved Hide resolved
@carlotardl carlotardl requested a review from dulek October 26, 2023 07:52
@jichenjc
Copy link
Contributor

/ok-to-test

@k8s-ci-robot k8s-ci-robot added ok-to-test Indicates a non-member PR verified by an org member that is safe to test. and removed needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. labels Oct 26, 2023
@jichenjc
Copy link
Contributor

/lgtm

please squash the commits before merge ..

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Oct 26, 2023
@jichenjc
Copy link
Contributor

seems you need a bump after rebase your code

Linting chart "openstack-cloud-controller-manager => (version: \"2.29.0-alpha.4\", path: \"charts/openstack-cloud-controller-manager\")"
Checking chart "openstack-cloud-controller-manager => (version: \"2.29.0-alpha.4\", path: \"charts/openstack-cloud-controller-manager\")" for a version bump...
Old chart version: 2.29.0-alpha.4
Error: failed linting charts: failed processing charts
New chart version: 2.29.0-alpha.4

@carlotardl carlotardl force-pushed the imagepullsecret-master branch from 5900313 to a0cf66d Compare October 26, 2023 10:53
@k8s-ci-robot k8s-ci-robot added size/XL Denotes a PR that changes 500-999 lines, ignoring generated files. and removed lgtm "Looks good to me", indicates that a PR is ready to be merged. size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. labels Oct 26, 2023
@carlotardl carlotardl force-pushed the imagepullsecret-master branch from a0cf66d to 958f415 Compare October 30, 2023 12:01
@k8s-ci-robot k8s-ci-robot added size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. and removed size/XL Denotes a PR that changes 500-999 lines, ignoring generated files. labels Oct 30, 2023
@carlotardl
Copy link
Contributor Author

It's been rebased, I had different sources and there was a mixup but I updated it on the last commit

Copy link
Contributor

@wwentland wwentland left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks much better, thanks. I was wondering if we'd like to treat this setting similar to others in that template.

@carlotardl carlotardl force-pushed the imagepullsecret-master branch from 958f415 to 5f5309c Compare October 31, 2023 08:15
Copy link
Contributor

@wwentland wwentland left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks, I am sure that the functionality to reference imagePullSecrets will come in handy in a variety of contexts.

I've added a couple of inline comments and just want to make sure that this works as desired in the variety of use-cases users would want to implement.

Furthermore, I am curious if we want to consider adding this to the ServiceAccount instead or let users choose one approach over the other.

The former ties closer in how access through workload identity is typically implemented and might rather be what users expect.

See https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ for details.

@@ -10,6 +10,7 @@ commonAnnotations: {}
# "helm.sh/hook-delete-policy": before-hook-creation

# Image repository name and tag
imagePullSecrets: []
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This should probably be on the line above, to ensure that the comment # Image repository name and tag remains in the right place.

Furthermore, it would be great to add a similar comment that details how to use imagePullSecrets with an example.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This was fixed, please re-check.

Comment on lines +28 to +31
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I am not entirely sure this works with the default of imagePullSecrets: [] that is currently being set in the values file.

We have to make sure that this works in the following cases:

  1. Default case (user does not set imagePullSecrets and they are imagePullSecrets: []
  2. Single element in imagePullSecrets
  3. Multiple elements in imagePullSecrets

This might require a combination of if, range and/or with to achive the desired outcome.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

With the values file, the output should be empty, but once we overwrite the values.yml with

imagePullSecrets:
- one

The output will be:

imagePullSecrets:
        - one

It also works with more values, it can be tested with
helm template --values values.yaml .

I updated the last commit with a few comments.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm, tested with helm template and all possibilities render correctly.

@carlotardl carlotardl force-pushed the imagepullsecret-master branch from 5f5309c to addcab3 Compare October 31, 2023 12:26
@k8s-ci-robot k8s-ci-robot added size/S Denotes a PR that changes 10-29 lines, ignoring generated files. and removed size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. labels Oct 31, 2023
@carlotardl
Copy link
Contributor Author

/test openstack-cloud-csi-manila-sanity-test

@wwentland
Copy link
Contributor

/lgtm

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Nov 7, 2023
@jichenjc
Copy link
Contributor

jichenjc commented Nov 8, 2023

/approve

@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: jichenjc

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Nov 8, 2023
@k8s-ci-robot k8s-ci-robot merged commit 95a3823 into kubernetes:master Nov 8, 2023
1 check passed
@wwentland
Copy link
Contributor

/cherry-pick release-1.28

@k8s-infra-cherrypick-robot

@wwentland: #2446 failed to apply on top of branch "release-1.28":

Applying: Implement imagePullSecret support for master branch
Using index info to reconstruct a base tree...
M	charts/openstack-cloud-controller-manager/Chart.yaml
M	charts/openstack-cloud-controller-manager/templates/daemonset.yaml
M	charts/openstack-cloud-controller-manager/values.yaml
Falling back to patching base and 3-way merge...
Auto-merging charts/openstack-cloud-controller-manager/values.yaml
Auto-merging charts/openstack-cloud-controller-manager/templates/daemonset.yaml
Auto-merging charts/openstack-cloud-controller-manager/Chart.yaml
CONFLICT (content): Merge conflict in charts/openstack-cloud-controller-manager/Chart.yaml
error: Failed to merge in the changes.
hint: Use 'git am --show-current-patch=diff' to see the failed patch
Patch failed at 0001 Implement imagePullSecret support for master branch
When you have resolved this problem, run "git am --continue".
If you prefer to skip this patch, run "git am --skip" instead.
To restore the original branch and stop patching, run "git am --abort".

In response to this:

/cherry-pick release-1.28

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

carlotardl added a commit to carlotardl/cloud-provider-openstack that referenced this pull request Nov 9, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. lgtm "Looks good to me", indicates that a PR is ready to be merged. ok-to-test Indicates a non-member PR verified by an org member that is safe to test. release-note-none Denotes a PR that doesn't merit a release note. size/S Denotes a PR that changes 10-29 lines, ignoring generated files.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

7 participants