Templatize image pull secrets and provide value from values.yaml instead of permanently hardcoding them#177
Conversation
| sourceImagePullSecrets = []interface{}{} | ||
| } | ||
| specMap["imagePullSecrets"] = "{{ .Values.imagePullSecrets | default list | toJson }}" | ||
| values["imagePullSecrets"] = sourceImagePullSecrets |
There was a problem hiding this comment.
what will happen if there are 2 pods with different imagePullSecrets in the chart?
There was a problem hiding this comment.
Currently it will pickup the last one. Should we merge them into one list? Other option is to keep the list empty if we find more than one secrets. This will result in same behavior as not providing any secrets by default (i.e. current behavior)
There was a problem hiding this comment.
i dont know what would be the best solution. maybe create a separate values for every pod. for example, image name is extracted to values per pod/container.
I just wanted to highligh that the current approch will lead to non-determenistic behaviour and data loss for cases with multiple deploymetns using different imagePullSecrets.
There was a problem hiding this comment.
I've a scenario where I've manifests of multiple workloads all being fetched from private repo. Personally I think it will be annoying to provide same secret for N number of times. But I'll leave final decision to you. As long as we've a way to override this value from values.yml, I'm ok with it.
Other option I thought of was instead of keeping image-pull-secrets parameter boolean we make it an enum.
- Preserve (keep the current behavior that is already implemented)
- Merged (Add one pull secrets field in values.yml with all secrets to be used in all workloads)
- Indvidual (Have separate field for each workload)
2 participants
Implementation for #176
Following is the flow
Benifits
This would add the imagePullSecrets in pod spec by default. If there were any values in the imagePullSecrets field it will add them to values.yaml