kube-prometheus
kube-prometheus copied to clipboard
prometheus-operator
How to add imagePullSecrets when using a private registry to all images
I'm having trouble figuring out how to set the imagePullSecrets field when using a private registry. I was able to set the private registry since there was an example provided here, but I couldn't find an example on setting the image pull secrets. Any help would be appreciated. Thanks.
Are you asking for everything that makes up the kube-prometheus stack or specifically for the Prometheus/Alertmanager custom resources? If just the latter, you can find how to specify the imagePullSecret in the API definitions: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md
Actually both. I think I figured it out. This is what I did.
local imagepullsecret = k.apps.v1beta2.deployment.mixin.spec.template.spec;
local registry = import 'registry.libsonnet';
local kp = (import 'kube-prometheus/kube-prometheus.libsonnet') + registry {
_config+:: {
namespace: 'monitoring',
alertmanager+:: {
config: importstr 'alertmanager-config.yml',
},
registry+:: {
name: "registryname",
secret_name: "secretname",
username: "username",
password: "password",
},
},
alertmanager+: {
alertmanager+: {
spec+: {
imagePullSecrets: [{name: $.cluster_config.registry.secret_name}],
}
},
},
grafana+: {
deployment+:
imagepullsecret.withImagePullSecrets( {name: $.cluster_config.registry.secret_name} ),
},
kubeStateMetrics+: {
deployment+:
imagepullsecret.withImagePullSecrets( {name: $.cluster_config.registry.secret_name} ),
},
nodeExporter+: {
daemonset+:
imagepullsecret.withImagePullSecrets( {name: $.cluster_config.registry.secret_name} ),
},
prometheusAdapter+: {
deployment+:
imagepullsecret.withImagePullSecrets( {name: $.cluster_config.registry.secret_name} ),
},
prometheusOperator+: {
deployment+:
imagepullsecret.withImagePullSecrets( {name: $.cluster_config.registry.secret_name} ),
},
};
kp
Also wasn't sure if there was a library for creating the secret for a private registry. I did this:
local k = import 'ksonnet/ksonnet.beta.3/k.libsonnet';
local secret = k.core.v1.secret;
{
_config+:: {
namespace: 'default',
registry+:: {
name: $._config.registry.name,
secret_name: $._config.registry.secret_name,
username: $._config.registry.username,
password: $._config.registry.password,
},
},
registry+:: {
secret:
local data = {
auths: {
[$._config.registry.name]: {
auth: std.base64($._config.registry.username + ":" + $._config.registry.password),
},
},
};
local base = {'.dockerconfigjson': std.base64(std.toString(data))};
local name = $._config.registry.secret_name;
secret.mixin.metadata.withNamespace($._config.namespace) +
secret.new(name=name, data=base, type='kubernetes.io/dockerconfigjson'),
},
}
That looks pretty good! Could you create some docs for this? I imagine there are other users that could very much benefit from this! :slightly_smiling_face:
@diegombeltran I don't think that happened, do you want to give it a shot? :)
I can write here what I did in case it would be useful to anyone, but I'm not sure is right. I'm no jsonnet guru! :D
@brancz can you please consider adding this upcoming release. This is must have. You guys are supporting pulling images through private repositories but not with authentication.
We would love to add this ourselves, but sadly our time is limited and we cannot implement this right now. If you require this feature feel free to open a PR with implementation and we will be happy to review it.
