70917e77cf
This commit supports to pull images from alternative authenticated registries that configured at Ansible bootstrap to bring up k8s pods at puppet time. At bootstrap time, barbican secrets are created to store credentials for accessing registry and alternative registries info are stored in service parameter. At puppet time, the barbican sercret is retrieved to get the credentials in order to pre-pull k8s images that required by kubeadm to bring up static pods(ie..kube-controller-manager, kube-apiserver, kube-scheduler..). The images for dynamic pods(kube-multus, kube-sriov-cni, calico..) and tiller are not needed to pre-pull, imagePullSecrets is added in their pod spec to pass credentials to kubelet. This is done in Ansible bootstrap https://review.opendev.org/#/c/679136/ This commit also updates to pull Armada image before creating Armada container if Armada image is not available in docker cache. Tests(AIO-SX, AIO-DX, Standard): - All types of system are installed successfully - Verified all k8s/gcr/docker images are downloaded from authenticated registry on controller-1 and worker nodes - Verified images from authenticated registries are used by k8s static/dynamic pods on controller-1 and worker nodes - Swact to controller-1, lock/unlock controller-0. Verified that tiller image is downloaded from authenticated registry and tiller pod is created on controller-1 - Swact to controller-1, apply application. Verified that Armada image is downloaded from authenticated registry and Armada container is created. Change-Id: Iaabef0f5d8a6a4640dcfde93a8c0449948f4a59f Depends-On: https://review.opendev.org/679335 Story: 2006274 Task: 36379 Signed-off-by: Angie Wang <angie.wang@windriver.com>