From 053b3200fc8efeb0f23ad58ee1fd7b0e7d23755f Mon Sep 17 00:00:00 2001 From: Panos Koutsovasilis Date: Wed, 30 Oct 2024 12:38:58 +0200 Subject: [PATCH] [helm]: implement support for defining image pull secrets (#5854) * feat: implement support for defining image pull secrets * doc: add imagePullSecrets in kubernetes default example --- deploy/helm/elastic-agent/README.md | 1 + .../examples/kubernetes-default/README.md | 17 +++++++++++++++++ .../templates/agent/eck/_pod_template.tpl | 4 ++++ .../templates/agent/k8s/_pod_template.tpl | 4 ++++ deploy/helm/elastic-agent/values.schema.json | 6 ++++++ deploy/helm/elastic-agent/values.yaml | 3 +++ 6 files changed, 35 insertions(+) diff --git a/deploy/helm/elastic-agent/README.md b/deploy/helm/elastic-agent/README.md index 876d432ea4f..3cde27d9ccc 100644 --- a/deploy/helm/elastic-agent/README.md +++ b/deploy/helm/elastic-agent/README.md @@ -133,6 +133,7 @@ The chart built-in [kubernetes integration](https://docs.elastic.co/integrations |-----|------|---------|-------------| | agent.version | string | `"9.0.0"` | elastic-agent version | | agent.image | object | `{"pullPolicy":"IfNotPresent","repository":"docker.elastic.co/beats/elastic-agent","tag":"9.0.0-SNAPSHOT"}` | image configuration | +| agent.imagePullSecrets | list | `[]` | image pull secrets | | agent.engine | string | `"k8s"` | generate kubernetes manifests or [ECK](https://github.com/elastic/cloud-on-k8s) CRDs | | agent.unprivileged | bool | `false` | enable unprivileged mode | | agent.presets | map[string]{} | `{ "perNode" : {...}, "clusterWide": {...}, "ksmSharded": {...} }` | Map of deployment presets for the Elastic Agent. The key of the map is the name of the preset. See more for the presets required by the built-in Kubernetes integration [here](./values.yaml) | diff --git a/deploy/helm/elastic-agent/examples/kubernetes-default/README.md b/deploy/helm/elastic-agent/examples/kubernetes-default/README.md index dfb3adea8b8..d0263291b54 100644 --- a/deploy/helm/elastic-agent/examples/kubernetes-default/README.md +++ b/deploy/helm/elastic-agent/examples/kubernetes-default/README.md @@ -13,6 +13,8 @@ In this example we install the built-in `kubernetes` integration with the defaul 2. `kubernetes` integration assets installed through Kibana ([Kibana - Install and uninstall Elastic Agent integration assets](https://www.elastic.co/guide/en/fleet/current/install-uninstall-integration-assets.html)) ## Run: + +#### Public image registry: ```console helm install elastic-agent ../../ \ -f ./agent-kubernetes-values.yaml \ @@ -20,6 +22,21 @@ helm install elastic-agent ../../ \ --set outputs.default.secretName=es-api-secret ``` + +#### Private image registry: +Create secret with the contents of docker auth config +``` +kubectl create secret generic regcred --from-file=.dockerconfigjson=/.docker/config.json --type=kubernetes.io/dockerconfigjson +``` + +Install elastic-agent +```console +helm install elastic-agent ../../ \ + -f ./agent-kubernetes-values.yaml \ + --set 'agent.imagePullSecrets[0].name=regcred' \ + --set outputs.default.type=ESSecretAuthAPI \ + --set outputs.default.secretName=es-api-secret + ## Validate: 1. The Kibana `kubernetes`-related dashboards should start showing up the respective info. diff --git a/deploy/helm/elastic-agent/templates/agent/eck/_pod_template.tpl b/deploy/helm/elastic-agent/templates/agent/eck/_pod_template.tpl index 6843e458ad6..a1bb5e946d1 100644 --- a/deploy/helm/elastic-agent/templates/agent/eck/_pod_template.tpl +++ b/deploy/helm/elastic-agent/templates/agent/eck/_pod_template.tpl @@ -36,6 +36,10 @@ initContainers: {{- . | toYaml | nindent 10 }} {{- end }} + {{- with $.Values.agent.imagePullSecrets }} + imagePullSecrets: + {{- . | toYaml | nindent 10 }} + {{- end }} containers: {{- with ($presetVal).extraContainers }} {{- . | toYaml | nindent 10 }} diff --git a/deploy/helm/elastic-agent/templates/agent/k8s/_pod_template.tpl b/deploy/helm/elastic-agent/templates/agent/k8s/_pod_template.tpl index 5462430a29a..1c8688736b2 100644 --- a/deploy/helm/elastic-agent/templates/agent/k8s/_pod_template.tpl +++ b/deploy/helm/elastic-agent/templates/agent/k8s/_pod_template.tpl @@ -63,6 +63,10 @@ initContainers: {{- . | toYaml | nindent 8 }} {{- end }} + {{- with $.Values.agent.imagePullSecrets }} + imagePullSecrets: + {{- . | toYaml | nindent 8 }} + {{- end }} containers: {{- with ($presetVal).extraContainers }} {{- . | toYaml | nindent 8 }} diff --git a/deploy/helm/elastic-agent/values.schema.json b/deploy/helm/elastic-agent/values.schema.json index 443c5fc8653..35be51f73dd 100644 --- a/deploy/helm/elastic-agent/values.schema.json +++ b/deploy/helm/elastic-agent/values.schema.json @@ -268,6 +268,12 @@ "image": { "$ref": "#/definitions/AgentImageConfig" }, + "imagePullSecrets": { + "type": "array", + "items": { + "type": "object" + } + }, "engine": { "type": "string", "enum": [ diff --git a/deploy/helm/elastic-agent/values.yaml b/deploy/helm/elastic-agent/values.yaml index f72e78cf949..800935acb34 100644 --- a/deploy/helm/elastic-agent/values.yaml +++ b/deploy/helm/elastic-agent/values.yaml @@ -301,6 +301,9 @@ agent: repository: docker.elastic.co/beats/elastic-agent pullPolicy: IfNotPresent tag: "9.0.0-SNAPSHOT" + # -- image pull secrets + # @section -- 3 - Elastic-Agent Configuration + imagePullSecrets: [] # -- generate kubernetes manifests or [ECK](https://github.com/elastic/cloud-on-k8s) CRDs # @section -- 3 - Elastic-Agent Configuration engine: k8s # k8s or eck