diff --git a/docs/pages/kubernetes-access/helm/reference.mdx b/docs/pages/kubernetes-access/helm/reference.mdx index 09a91060117c0..187e4911b92c9 100644 --- a/docs/pages/kubernetes-access/helm/reference.mdx +++ b/docs/pages/kubernetes-access/helm/reference.mdx @@ -1536,6 +1536,30 @@ You can override this to use your own Teleport image rather than a Teleport-publ +## `imagePullSecrets` + +| Type | Default value | Can be used in `custom` mode? | +| - | - | - | +| `list` | `[]` | ✅ | + +[Kubernetes reference](https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod) + +A list of secrets containing authorization tokens which can be optionally used to access a private Docker registry. + + + + ```yaml + imagePullSecrets: + - name: my-docker-registry-key + ``` + + + ```shell + --set "imagePullSecrets[0].name=my-docker-registry-key" + ``` + + + ## `replicaCount` | Type | Default value | diff --git a/examples/chart/teleport-kube-agent/.lint/imagepullsecrets.yaml b/examples/chart/teleport-kube-agent/.lint/imagepullsecrets.yaml new file mode 100755 index 0000000000000..36f2bba8fe878 --- /dev/null +++ b/examples/chart/teleport-kube-agent/.lint/imagepullsecrets.yaml @@ -0,0 +1,7 @@ +authToken: auth-token +proxyAddr: proxy.example.com:3080 +roles: kube +kubeClusterName: test-kube-cluster +image: quay.io/gravitational/teleport +imagePullSecrets: +- name: myRegistryKeySecretName diff --git a/examples/chart/teleport-kube-agent/templates/deployment.yaml b/examples/chart/teleport-kube-agent/templates/deployment.yaml index fa5e9775a6381..b3880a7a22071 100644 --- a/examples/chart/teleport-kube-agent/templates/deployment.yaml +++ b/examples/chart/teleport-kube-agent/templates/deployment.yaml @@ -43,6 +43,10 @@ spec: tolerations: {{- toYaml .Values.tolerations | nindent 6 }} {{- end }} +{{- if .Values.imagePullSecrets }} + imagePullSecrets: +{{ toYaml .Values.imagePullSecrets | indent 6 }} +{{- end }} {{- if .Values.initContainers }} initContainers: {{- toYaml .Values.initContainers | nindent 6 }} {{- if .Values.resources }} diff --git a/examples/chart/teleport-kube-agent/values.schema.json b/examples/chart/teleport-kube-agent/values.schema.json index 06fca3e3a8234..19095187047c2 100644 --- a/examples/chart/teleport-kube-agent/values.schema.json +++ b/examples/chart/teleport-kube-agent/values.schema.json @@ -116,6 +116,11 @@ "type": "string", "default": "quay.io/gravitational/teleport" }, + "imagePullSecrets": { + "$id": "#/properties/imagePullSecrets", + "type": "array", + "default": [] + }, "replicaCount": { "$id": "#/properties/replicaCount", "type": "integer", diff --git a/examples/chart/teleport-kube-agent/values.yaml b/examples/chart/teleport-kube-agent/values.yaml index 881d36e92100f..7b2524801a970 100644 --- a/examples/chart/teleport-kube-agent/values.yaml +++ b/examples/chart/teleport-kube-agent/values.yaml @@ -88,6 +88,9 @@ storage: # Container image for the agent. Since this runs without the auth_service, we # don't need the enterprise version. image: quay.io/gravitational/teleport +# Optional array of imagePullSecrets, to use when pulling from a private registry +imagePullSecrets: [] +# - name: myRegistryKeySecretName # Number of replicas for the agent deployment. replicaCount: 1 # (optional) Override the name of the ClusterRole used by the agent's service account.