From e4c5a36e74c4f35c9950cb50776f6fe8ab2a967a Mon Sep 17 00:00:00 2001 From: Kurt Madel Date: Wed, 30 Oct 2024 08:12:02 -0400 Subject: [PATCH 1/6] Update generic-sync.mdx --- .../configure/vcluster-yaml/experimental/generic-sync.mdx | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/vcluster/configure/vcluster-yaml/experimental/generic-sync.mdx b/vcluster/configure/vcluster-yaml/experimental/generic-sync.mdx index e24106773..eacb9a615 100644 --- a/vcluster/configure/vcluster-yaml/experimental/generic-sync.mdx +++ b/vcluster/configure/vcluster-yaml/experimental/generic-sync.mdx @@ -90,10 +90,10 @@ Use Hooks to: - Patch any Kubernetes resource during synchronization and before resources are applied to the Kubernetes API server. - Remove sensitive information before being written to the host or virtual cluster. -You can also add additional information to a resource, such as labels and annotations on all resources belonging to a tenant. +You can also add additional information to a resource, such as labels and annotations on all resources belonging to a tenant or add `imagePullSecrets` to virtual cluster `pods` as they are synced to the host cluster. Hooks configuration specifies Kubernetes resources to patch. You can specify the resource group, API version, and resource kind and then the verbs for -which API calls to patch. Configure patches using operations like `add`, `remove`, `replace`, and `copyFromObject`. See [Node info remover](#node-info-remover-hooks-pro) for an example. +which API calls to patch. Configure patches using operations like `add`, `remove`, `replace`, and `copyFromObject`. See [Node info remover](#node-info-remover-hooks-pro) and [add `imagePullSecrets` to Pods](#add-pod-image-pull-secrets-hooks-pro) for an examples. ## Examples From b90d356af5f7e689acc2634a064b257d7704ab36 Mon Sep 17 00:00:00 2001 From: Kurt Madel Date: Wed, 30 Oct 2024 08:13:54 -0400 Subject: [PATCH 2/6] Create pods-add-image-pull-secrets.yaml --- .../_code/pods-add-image-pull-secrets.yaml | 11 +++++++++++ 1 file changed, 11 insertions(+) create mode 100644 vcluster/configure/vcluster-yaml/experimental/_code/pods-add-image-pull-secrets.yaml diff --git a/vcluster/configure/vcluster-yaml/experimental/_code/pods-add-image-pull-secrets.yaml b/vcluster/configure/vcluster-yaml/experimental/_code/pods-add-image-pull-secrets.yaml new file mode 100644 index 000000000..9868b0dd8 --- /dev/null +++ b/vcluster/configure/vcluster-yaml/experimental/_code/pods-add-image-pull-secrets.yaml @@ -0,0 +1,11 @@ +experimental: + genericSync: + hooks: + virtualToHost: + - apiVersion: v1 + kind: Pod + patches: + - op: add + path: spec.imagePullSecrets[0] + value: + name: hook-secret From 91381979f10c0d3bb90ee8772c733239ec4b36f9 Mon Sep 17 00:00:00 2001 From: Kurt Madel Date: Wed, 30 Oct 2024 08:24:22 -0400 Subject: [PATCH 3/6] Update generic-sync.mdx Added Hooks example for adding `imagePullSecrets` to all vCluster workload pods. --- .../experimental/generic-sync.mdx | 21 +++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/vcluster/configure/vcluster-yaml/experimental/generic-sync.mdx b/vcluster/configure/vcluster-yaml/experimental/generic-sync.mdx index eacb9a615..31c520878 100644 --- a/vcluster/configure/vcluster-yaml/experimental/generic-sync.mdx +++ b/vcluster/configure/vcluster-yaml/experimental/generic-sync.mdx @@ -9,6 +9,7 @@ import CertManagerConfig from '!!raw-loader!@site/vcluster/configure/vcluster-ya import IstioBasicConfig from '!!raw-loader!@site/vcluster/configure/vcluster-yaml/experimental/_code/istio-config-basic.yaml' import IstioHostOnlyGatewayConfig from '!!raw-loader!@site/vcluster/configure/vcluster-yaml/experimental/_code/istio-config-host-only-gateways.yaml' import NodeInfoRemoverConfig from '!!raw-loader!@site/vcluster/configure/vcluster-yaml/experimental/_code/node-info-remover-config.yaml' +import PodsAddImagePullSecretsConfig from '!!raw-loader!@site/vcluster/configure/vcluster-yaml/experimental/_code/pods-add-image-pull-secrets.yaml' import ProAdmonition from '../../../_partials/admonitions/pro-admonition.mdx' import ExperimentalGenericSync from '../../../_partials/config/experimental/genericSync.mdx' import PatchesRef from '@site/vcluster/configure/vcluster-yaml/experimental/_fragments/hooks-patch-ref.mdx' @@ -181,6 +182,26 @@ Configure `hooks` to hide Node images from virtual cluster users. After applying {NodeInfoRemoverConfig} +### Pods add `imagePullSecrets` hooks (Pro) + + + +Configure `hooks` to add `imagePullSecrets` to all `pods` in all `namespaces` created in the virtual cluster. The `secrets` specified must be available in the host cluster `namespace` that the `pod` is synced. + +{/* +- Use case: Add image pull secrets to all vCluster pods +- Configuring Hooks: + - use the [example](https://www.vcluster.com/pro/docs/features/generic_resource_patches#example---node-info-remover) from the existing docs +- Usage: + - `kubectl get pod` from the vCluster and see that the image pull secrets have been added +*/} + + +
+ Pods add `imagePullSecrets` configuration +{PodsAddImagePullSecretsConfig} +
+ ## `patches` reference From b0202728b35dbe9e334fe8f882e97f790fd402b2 Mon Sep 17 00:00:00 2001 From: Kurt Madel Date: Wed, 30 Oct 2024 08:27:22 -0400 Subject: [PATCH 4/6] Update generic-sync.mdx --- .../configure/vcluster-yaml/experimental/generic-sync.mdx | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/vcluster/configure/vcluster-yaml/experimental/generic-sync.mdx b/vcluster/configure/vcluster-yaml/experimental/generic-sync.mdx index 31c520878..f43c46b01 100644 --- a/vcluster/configure/vcluster-yaml/experimental/generic-sync.mdx +++ b/vcluster/configure/vcluster-yaml/experimental/generic-sync.mdx @@ -182,11 +182,11 @@ Configure `hooks` to hide Node images from virtual cluster users. After applying {NodeInfoRemoverConfig} -### Pods add `imagePullSecrets` hooks (Pro) +### Pods add `imagePullSecrets` hook (Pro) -Configure `hooks` to add `imagePullSecrets` to all `pods` in all `namespaces` created in the virtual cluster. The `secrets` specified must be available in the host cluster `namespace` that the `pod` is synced. +Configure `hooks` to add `imagePullSecrets` to all `pods` in all `namespaces` created in the virtual cluster. The `secrets` specified must be available in the host cluster `namespace` that the `pod` is synced. After applying the configuration, you can test by getting the spec of any synced `pod` and ensuring that the `spec.imagePullSecrets` has been added. {/* - Use case: Add image pull secrets to all vCluster pods From 9425a8c6761ffbb0cf2095893b848b5b731f75af Mon Sep 17 00:00:00 2001 From: Kurt Madel Date: Tue, 5 Nov 2024 08:50:12 -0500 Subject: [PATCH 5/6] Update generic-sync.mdx Removed all 'we' --- .../configure/vcluster-yaml/experimental/generic-sync.mdx | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/vcluster/configure/vcluster-yaml/experimental/generic-sync.mdx b/vcluster/configure/vcluster-yaml/experimental/generic-sync.mdx index f43c46b01..cb8c9a95e 100644 --- a/vcluster/configure/vcluster-yaml/experimental/generic-sync.mdx +++ b/vcluster/configure/vcluster-yaml/experimental/generic-sync.mdx @@ -15,8 +15,7 @@ import ExperimentalGenericSync from '../../../_partials/config/experimental/gene import PatchesRef from '@site/vcluster/configure/vcluster-yaml/experimental/_fragments/hooks-patch-ref.mdx' :::warning Deprecated -This experimental feature has been deprecated. While we don’t have plans to remove this feature, we don’t intend to add additional -functionality to it. For more advanced capabilities, please consider using the custom resource sync ([fromHost](../sync/from-host/custom-resources), [toHost](../sync/to-host/advanced/custom-resources)) +This experimental feature is now deprecated. There are currently no plans to remove it, but further functionality is not expected to be added. For more advanced capabilities, please consider using the custom resource sync ([fromHost](../sync/from-host/custom-resources), [toHost](../sync/to-host/advanced/custom-resources)) and any available integrations, or consider writing a [custom plugin](https://www.vcluster.com/docs/v0.19/advanced-topics/plugins-overview). ::: @@ -121,7 +120,7 @@ Follow these steps to use cert-manager: {/* - Use case: Allow users from [here](https://github.com/loft-sh/vcluster/blob/main/generic-sync-examples/cert-manager)) - Configuring generic sync: - - Mention that we need to enable multi-namespace mode to utilize cert-manager's `Issuer` resource + - Mention that multi-namespace mode must be enabled to utilize cert-manager's `Issuer` resource - Also need multi-namespace mode to sync the namespace scoped `Secret` (created by cert-manager) back to the virtual cluster's namespace so that it can be used by the ingress - Usage steps: - create an Issuer in the virtual cluster From fea64fe90d5bac0c4bb0badf3f40dc3a3407d61f Mon Sep 17 00:00:00 2001 From: Kurt Madel Date: Tue, 5 Nov 2024 08:52:13 -0500 Subject: [PATCH 6/6] Update generic-sync.mdx Removed the word 'functionality' --- vcluster/configure/vcluster-yaml/experimental/generic-sync.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vcluster/configure/vcluster-yaml/experimental/generic-sync.mdx b/vcluster/configure/vcluster-yaml/experimental/generic-sync.mdx index cb8c9a95e..354934136 100644 --- a/vcluster/configure/vcluster-yaml/experimental/generic-sync.mdx +++ b/vcluster/configure/vcluster-yaml/experimental/generic-sync.mdx @@ -15,7 +15,7 @@ import ExperimentalGenericSync from '../../../_partials/config/experimental/gene import PatchesRef from '@site/vcluster/configure/vcluster-yaml/experimental/_fragments/hooks-patch-ref.mdx' :::warning Deprecated -This experimental feature is now deprecated. There are currently no plans to remove it, but further functionality is not expected to be added. For more advanced capabilities, please consider using the custom resource sync ([fromHost](../sync/from-host/custom-resources), [toHost](../sync/to-host/advanced/custom-resources)) +This experimental feature is now deprecated. There are currently no plans to remove it, but further enhancements are not expected to be added. For more advanced capabilities, please consider using the custom resource sync ([fromHost](../sync/from-host/custom-resources), [toHost](../sync/to-host/advanced/custom-resources)) and any available integrations, or consider writing a [custom plugin](https://www.vcluster.com/docs/v0.19/advanced-topics/plugins-overview). :::