diff --git a/docs/pages/reference/helm-reference/teleport-cluster.mdx b/docs/pages/reference/helm-reference/teleport-cluster.mdx index a9993d65becc0..0370555bc28ac 100644 --- a/docs/pages/reference/helm-reference/teleport-cluster.mdx +++ b/docs/pages/reference/helm-reference/teleport-cluster.mdx @@ -1956,6 +1956,30 @@ Allows the `imagePullPolicy` for any pods created by the chart to be overridden. +## `imagePullSecrets` + +| Type | Default value | +|--------|---------------| +| `list` | `[]` | + +[Kubernetes reference](https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod) + +A list of secrets containing authorization tokens which can be optionally used to access a private Docker registry. + + + + ```yaml + imagePullSecrets: + - name: my-docker-registry-key + ``` + + + ```shell + --set "imagePullSecrets[0].name=my-docker-registry-key" + ``` + + + ## `initContainers` | Type | Default value | diff --git a/examples/chart/teleport-cluster/.lint/imagepullsecrets.yaml b/examples/chart/teleport-cluster/.lint/imagepullsecrets.yaml new file mode 100644 index 0000000000000..f414f8c331302 --- /dev/null +++ b/examples/chart/teleport-cluster/.lint/imagepullsecrets.yaml @@ -0,0 +1,4 @@ +clusterName: test-standalone-cluster +chartMode: standalone +imagePullSecrets: +- name: myRegistryKeySecretName diff --git a/examples/chart/teleport-cluster/templates/auth/deployment.yaml b/examples/chart/teleport-cluster/templates/auth/deployment.yaml index 5b74c87d0647a..4940e7382209c 100644 --- a/examples/chart/teleport-cluster/templates/auth/deployment.yaml +++ b/examples/chart/teleport-cluster/templates/auth/deployment.yaml @@ -87,6 +87,10 @@ spec: {{- if $auth.tolerations }} tolerations: {{- toYaml $auth.tolerations | nindent 6 }} {{- end }} +{{- if $auth.imagePullSecrets }} + imagePullSecrets: + {{- toYaml $auth.imagePullSecrets | nindent 6 }} +{{- end }} {{- if $auth.initContainers }} initContainers: {{- range $initContainer := $auth.initContainers }} diff --git a/examples/chart/teleport-cluster/templates/proxy/deployment.yaml b/examples/chart/teleport-cluster/templates/proxy/deployment.yaml index 7be901f1bbf97..8e502e209db56 100644 --- a/examples/chart/teleport-cluster/templates/proxy/deployment.yaml +++ b/examples/chart/teleport-cluster/templates/proxy/deployment.yaml @@ -93,6 +93,10 @@ spec: {{- end }} {{- if $proxy.tolerations }} tolerations: {{- toYaml $proxy.tolerations | nindent 6 }} +{{- end }} +{{- if $proxy.imagePullSecrets }} + imagePullSecrets: + {{- toYaml $proxy.imagePullSecrets | nindent 6 }} {{- end }} initContainers: # wait-auth-update is responsible for holding off the proxy rollout until all auths are running the diff --git a/examples/chart/teleport-cluster/tests/__snapshot__/auth_deployment_test.yaml.snap b/examples/chart/teleport-cluster/tests/__snapshot__/auth_deployment_test.yaml.snap index e43854a4bc4a7..1e01b4485b29e 100644 --- a/examples/chart/teleport-cluster/tests/__snapshot__/auth_deployment_test.yaml.snap +++ b/examples/chart/teleport-cluster/tests/__snapshot__/auth_deployment_test.yaml.snap @@ -127,6 +127,9 @@ should set affinity when set in values: operator: In values: - teleport +should set imagePullSecrets when set in values: + 1: | + - name: myRegistryKeySecretName should set nodeSelector when set in values: 1: | affinity: diff --git a/examples/chart/teleport-cluster/tests/__snapshot__/proxy_deployment_test.yaml.snap b/examples/chart/teleport-cluster/tests/__snapshot__/proxy_deployment_test.yaml.snap index 46558fc006ebf..5be342d26a0b4 100644 --- a/examples/chart/teleport-cluster/tests/__snapshot__/proxy_deployment_test.yaml.snap +++ b/examples/chart/teleport-cluster/tests/__snapshot__/proxy_deployment_test.yaml.snap @@ -51,6 +51,9 @@ should set affinity when set in values: operator: In values: - teleport +should set imagePullSecrets when set in values: + 1: | + - name: myRegistryKeySecretName should set nodeSelector when set in values: 1: | affinity: diff --git a/examples/chart/teleport-cluster/tests/auth_deployment_test.yaml b/examples/chart/teleport-cluster/tests/auth_deployment_test.yaml index 10ae92b9d6fc8..59e6b03a8533c 100644 --- a/examples/chart/teleport-cluster/tests/auth_deployment_test.yaml +++ b/examples/chart/teleport-cluster/tests/auth_deployment_test.yaml @@ -325,6 +325,17 @@ tests: name: SOME_ENVIRONMENT_VARIABLE value: "some-value" + - it: should set imagePullSecrets when set in values + template: auth/deployment.yaml + values: + - ../.lint/imagepullsecrets.yaml + asserts: + - equal: + path: spec.template.spec.imagePullSecrets[0].name + value: myRegistryKeySecretName + - matchSnapshot: + path: spec.template.spec.imagePullSecrets + - it: should provision initContainer correctly when set in values template: auth/deployment.yaml values: diff --git a/examples/chart/teleport-cluster/tests/proxy_deployment_test.yaml b/examples/chart/teleport-cluster/tests/proxy_deployment_test.yaml index d9647799e3bcf..84eaa7878a77e 100644 --- a/examples/chart/teleport-cluster/tests/proxy_deployment_test.yaml +++ b/examples/chart/teleport-cluster/tests/proxy_deployment_test.yaml @@ -343,6 +343,17 @@ tests: name: SOME_ENVIRONMENT_VARIABLE value: "some-value" + - it: should set imagePullSecrets when set in values + template: proxy/deployment.yaml + values: + - ../.lint/imagepullsecrets.yaml + asserts: + - equal: + path: spec.template.spec.imagePullSecrets[0].name + value: myRegistryKeySecretName + - matchSnapshot: + path: spec.template.spec.imagePullSecrets + - it: should provision initContainer correctly when set in values template: proxy/deployment.yaml values: diff --git a/examples/chart/teleport-cluster/values.schema.json b/examples/chart/teleport-cluster/values.schema.json index fff25ec020870..5c7aa96b8235d 100644 --- a/examples/chart/teleport-cluster/values.schema.json +++ b/examples/chart/teleport-cluster/values.schema.json @@ -614,6 +614,11 @@ "type": "string", "default": "public.ecr.aws/gravitational/teleport-ent" }, + "imagePullSecrets": { + "$id": "#/properties/imagePullSecrets", + "type": "array", + "default": [] + }, "logLevel": { "$id": "#/properties/logLevel", "type": "string", diff --git a/examples/chart/teleport-cluster/values.yaml b/examples/chart/teleport-cluster/values.yaml index e238c7ee4b42c..ae4613ecc503e 100644 --- a/examples/chart/teleport-cluster/values.yaml +++ b/examples/chart/teleport-cluster/values.yaml @@ -434,6 +434,8 @@ tls: image: public.ecr.aws/gravitational/teleport # Enterprise version of the image enterpriseImage: public.ecr.aws/gravitational/teleport-ent +# Optional array of imagePullSecrets, to use when pulling from a private registry +imagePullSecrets: [] # Teleport logging configuration log: # Log level for the Teleport process.