Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Hooks pro pods add image pull secrets #338

Open
wants to merge 8 commits into
base: main
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
experimental:
genericSync:
hooks:
virtualToHost:
- apiVersion: v1
kind: Pod
patches:
- op: add
path: spec.imagePullSecrets[0]
value:
name: hook-secret
30 changes: 25 additions & 5 deletions vcluster/configure/vcluster-yaml/experimental/generic-sync.mdx
Piotr1215 marked this conversation as resolved.
Show resolved Hide resolved
Original file line number Diff line number Diff line change
Expand Up @@ -9,13 +9,13 @@
import IstioBasicConfig from '!!raw-loader!@site/vcluster/configure/vcluster-yaml/experimental/_code/istio-config-basic.yaml'
import IstioHostOnlyGatewayConfig from '!!raw-loader!@site/vcluster/configure/vcluster-yaml/experimental/_code/istio-config-host-only-gateways.yaml'
import NodeInfoRemoverConfig from '!!raw-loader!@site/vcluster/configure/vcluster-yaml/experimental/_code/node-info-remover-config.yaml'
import PodsAddImagePullSecretsConfig from '!!raw-loader!@site/vcluster/configure/vcluster-yaml/experimental/_code/pods-add-image-pull-secrets.yaml'
import ProAdmonition from '../../../_partials/admonitions/pro-admonition.mdx'
import ExperimentalGenericSync from '../../../_partials/config/experimental/genericSync.mdx'
import PatchesRef from '@site/vcluster/configure/vcluster-yaml/experimental/_fragments/hooks-patch-ref.mdx'

:::warning Deprecated
This experimental feature has been deprecated. While we don’t have plans to remove this feature, we don’t intend to add additional
functionality to it. For more advanced capabilities, please consider using the custom resource sync ([fromHost](../sync/from-host/custom-resources), [toHost](../sync/to-host/advanced/custom-resources))
This experimental feature is now deprecated. There are currently no plans to remove it, but further enhancements are not expected to be added. For more advanced capabilities, please consider using the custom resource sync ([fromHost](../sync/from-host/custom-resources), [toHost](../sync/to-host/advanced/custom-resources))
and any available integrations, or consider writing a [custom plugin](https://www.vcluster.com/docs/v0.19/advanced-topics/plugins-overview).
:::

Expand Down Expand Up @@ -81,7 +81,7 @@

Use `selector` to limit which resources to sync from the host cluster. The host resource is synced when it matches, or when the `selector` is empty.

## Hooks (Pro)

Check warning on line 84 in vcluster/configure/vcluster-yaml/experimental/generic-sync.mdx

View workflow job for this annotation

GitHub Actions / runner / vale

[vale] reported by reviewdog 🐶 [Google.Headings] 'Hooks (Pro)' should use sentence-style capitalization. Raw Output: {"message": "[Google.Headings] 'Hooks (Pro)' should use sentence-style capitalization.", "location": {"path": "vcluster/configure/vcluster-yaml/experimental/generic-sync.mdx", "range": {"start": {"line": 84, "column": 4}}}, "severity": "WARNING"}

<ProAdmonition/>

Expand All @@ -90,10 +90,10 @@
- Patch any Kubernetes resource during synchronization and before resources are applied to the Kubernetes API server.
- Remove sensitive information before being written to the host or virtual cluster.

You can also add additional information to a resource, such as labels and annotations on all resources belonging to a tenant.
You can also add additional information to a resource, such as labels and annotations on all resources belonging to a tenant or add `imagePullSecrets` to virtual cluster `pods` as they are synced to the host cluster.

Hooks configuration specifies Kubernetes resources to patch. You can specify the resource group, API version, and resource kind and then the verbs for
which API calls to patch. Configure patches using operations like `add`, `remove`, `replace`, and `copyFromObject`. See [Node info remover](#node-info-remover-hooks-pro) for an example.
which API calls to patch. Configure patches using operations like `add`, `remove`, `replace`, and `copyFromObject`. See [Node info remover](#node-info-remover-hooks-pro) and [add `imagePullSecrets` to Pods](#add-pod-image-pull-secrets-hooks-pro) for examples.

## Examples

Expand All @@ -120,7 +120,7 @@
{/*
- Use case: Allow users from [here](https://github.com/loft-sh/vcluster/blob/main/generic-sync-examples/cert-manager))
- Configuring generic sync:
- Mention that we need to enable multi-namespace mode to utilize cert-manager's `Issuer` resource
- Mention that multi-namespace mode must be enabled to utilize cert-manager's `Issuer` resource
- Also need multi-namespace mode to sync the namespace scoped `Secret` (created by cert-manager) back to the virtual cluster's namespace so that it can be used by the ingress
- Usage steps:
- create an Issuer in the virtual cluster
Expand Down Expand Up @@ -181,6 +181,26 @@
<CodeBlock language="yaml">{NodeInfoRemoverConfig}</CodeBlock>
</details>

### Pods add `imagePullSecrets` hook (Pro)

<ProAdmonition/>

Configure `hooks` to add `imagePullSecrets` to all `pods` in all `namespaces` created in the virtual cluster. The `secrets` specified must be available in the host cluster `namespace` that the `pod` is synced. After applying the configuration, you can test by getting the spec of any synced `pod` and ensuring that the `spec.imagePullSecrets` has been added.

{/*
- Use case: Add image pull secrets to all vCluster pods
- Configuring Hooks:
- use the [example](https://www.vcluster.com/pro/docs/features/generic_resource_patches#example---node-info-remover) from the existing docs
- Usage:
- `kubectl get pod` from the vCluster and see that the image pull secrets have been added
*/}


<details>
<summary>Pods add `imagePullSecrets` configuration</summary>
<CodeBlock language="yaml">{PodsAddImagePullSecretsConfig}</CodeBlock>
</details>

## `patches` reference

<PatchesRef/>
Expand Down
Loading