diff --git a/README.md b/README.md index 2851e9b..537b20c 100644 --- a/README.md +++ b/README.md @@ -91,6 +91,10 @@ spec: value: 42crunch/scand-agent:latest - name: EXPIRATION_TIME value: "86400" + imagePullSecrets: + # Pull secret for scand-manager container, if required + # NOT for scand-agent jobs, that should be in podconfig.yaml + - name: privatepullsecret --- # service apiVersion: v1 @@ -134,9 +138,28 @@ We can also specify a pull secret array for the pod imagePullSecrets: name: ... ``` - See the docs for [`imagePullSecrets` key here](https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod) +An example podconfig.yaml would be: + +```yaml +apiVersion: v1 +kind: PodSpec +affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: scandallowed + operator: In + values: + - "true" +imagePullSecrets: + - name: secret1 + - name: privatepullsecret +``` +This would have an affinity for any cluster node tagged with `scandallowed: true` and would attempt to use the k8s secrets `secret1` or `privatepullsecret` to pull `SCAND_IMAGE` from your private container registry. + Typically the podconfig yaml file should be supplied via a config map and mounted inside Scan Jobs Manager container and path to it supplied through `args`: ```yaml @@ -150,16 +173,36 @@ containers: volumeMounts: - name: config mountPath: /config + readOnly: true volumes: - name: config configMap: - name: podconfig + name: scandpodconfig + ``` +In this example, we would create the configmap (assuming we deployed in the scand-manager namespace): + + + ### Deployment To deploy Scan Jobs Manager, run the following commands to create a separate namespace and apply the configuration you defined: -`kubectl create namespace scan` +Create the namespace: + +`kubectl create namespace scand-manager` + +Create the configmap: + +`kubectl create configmap scandpodconfig --from-file=podconfig.yaml -n scand-manager` + +Create a secret, if required: + +* For example, this would be for a private Docker Hub repo + + `kubectl create secret docker-registry privatepullsecret --docker-username={Your Username} --docker-password={Access Token} --docker-email={Your Email} -n scand-manager` + +Deploy: -`kubectl apply -n scan -f job-manager-config.yaml` +`kubectl apply -n scand-manager -f job-manager-config.yaml`