diff --git a/examples/capi-quick-start/nutanix-cluster-calico-crs.yaml b/examples/capi-quick-start/nutanix-cluster-calico-crs.yaml index 19356a534..d4d079fa4 100644 --- a/examples/capi-quick-start/nutanix-cluster-calico-crs.yaml +++ b/examples/capi-quick-start/nutanix-cluster-calico-crs.yaml @@ -1,5 +1,16 @@ apiVersion: v1 kind: Secret +metadata: + labels: + cluster.x-k8s.io/provider: nutanix + name: ${CLUSTER_NAME}-dockerhub-credentials +stringData: + password: ${DOCKER_HUB_PASSWORD} + username: ${DOCKER_HUB_USERNAME} +type: Opaque +--- +apiVersion: v1 +kind: Secret metadata: labels: cluster.x-k8s.io/provider: nutanix @@ -92,6 +103,11 @@ spec: systemDiskSize: 40Gi vcpuSockets: 2 vcpusPerSocket: 1 + imageRegistries: + - credentials: + secretRef: + name: ${CLUSTER_NAME}-dockerhub-credentials + url: https://docker.io nutanix: controlPlaneEndpoint: host: ${CONTROL_PLANE_ENDPOINT_IP} diff --git a/examples/capi-quick-start/nutanix-cluster-calico-helm-addon.yaml b/examples/capi-quick-start/nutanix-cluster-calico-helm-addon.yaml index 73c60a3c6..df6a394af 100644 --- a/examples/capi-quick-start/nutanix-cluster-calico-helm-addon.yaml +++ b/examples/capi-quick-start/nutanix-cluster-calico-helm-addon.yaml @@ -1,5 +1,16 @@ apiVersion: v1 kind: Secret +metadata: + labels: + cluster.x-k8s.io/provider: nutanix + name: ${CLUSTER_NAME}-dockerhub-credentials +stringData: + password: ${DOCKER_HUB_PASSWORD} + username: ${DOCKER_HUB_USERNAME} +type: Opaque +--- +apiVersion: v1 +kind: Secret metadata: labels: cluster.x-k8s.io/provider: nutanix @@ -92,6 +103,11 @@ spec: systemDiskSize: 40Gi vcpuSockets: 2 vcpusPerSocket: 1 + imageRegistries: + - credentials: + secretRef: + name: ${CLUSTER_NAME}-dockerhub-credentials + url: https://docker.io nutanix: controlPlaneEndpoint: host: ${CONTROL_PLANE_ENDPOINT_IP} diff --git a/examples/capi-quick-start/nutanix-cluster-cilium-crs.yaml b/examples/capi-quick-start/nutanix-cluster-cilium-crs.yaml index ebb5825cc..3786a5537 100644 --- a/examples/capi-quick-start/nutanix-cluster-cilium-crs.yaml +++ b/examples/capi-quick-start/nutanix-cluster-cilium-crs.yaml @@ -1,5 +1,16 @@ apiVersion: v1 kind: Secret +metadata: + labels: + cluster.x-k8s.io/provider: nutanix + name: ${CLUSTER_NAME}-dockerhub-credentials +stringData: + password: ${DOCKER_HUB_PASSWORD} + username: ${DOCKER_HUB_USERNAME} +type: Opaque +--- +apiVersion: v1 +kind: Secret metadata: labels: cluster.x-k8s.io/provider: nutanix @@ -92,6 +103,11 @@ spec: systemDiskSize: 40Gi vcpuSockets: 2 vcpusPerSocket: 1 + imageRegistries: + - credentials: + secretRef: + name: ${CLUSTER_NAME}-dockerhub-credentials + url: https://docker.io nutanix: controlPlaneEndpoint: host: ${CONTROL_PLANE_ENDPOINT_IP} diff --git a/examples/capi-quick-start/nutanix-cluster-cilium-helm-addon.yaml b/examples/capi-quick-start/nutanix-cluster-cilium-helm-addon.yaml index cedeee8ea..335a1760f 100644 --- a/examples/capi-quick-start/nutanix-cluster-cilium-helm-addon.yaml +++ b/examples/capi-quick-start/nutanix-cluster-cilium-helm-addon.yaml @@ -1,5 +1,16 @@ apiVersion: v1 kind: Secret +metadata: + labels: + cluster.x-k8s.io/provider: nutanix + name: ${CLUSTER_NAME}-dockerhub-credentials +stringData: + password: ${DOCKER_HUB_PASSWORD} + username: ${DOCKER_HUB_USERNAME} +type: Opaque +--- +apiVersion: v1 +kind: Secret metadata: labels: cluster.x-k8s.io/provider: nutanix @@ -92,6 +103,11 @@ spec: systemDiskSize: 40Gi vcpuSockets: 2 vcpusPerSocket: 1 + imageRegistries: + - credentials: + secretRef: + name: ${CLUSTER_NAME}-dockerhub-credentials + url: https://docker.io nutanix: controlPlaneEndpoint: host: ${CONTROL_PLANE_ENDPOINT_IP} diff --git a/hack/examples/additional-resources/dockerhub-secret.yaml b/hack/examples/additional-resources/dockerhub-secret.yaml new file mode 100644 index 000000000..56e87c4e1 --- /dev/null +++ b/hack/examples/additional-resources/dockerhub-secret.yaml @@ -0,0 +1,12 @@ +# Copyright 2023 D2iQ, Inc. All rights reserved. +# SPDX-License-Identifier: Apache-2.0 + +--- +apiVersion: v1 +kind: Secret +metadata: + name: ${CLUSTER_NAME}-dockerhub-credentials +stringData: + username: ${DOCKER_HUB_USERNAME} + password: ${DOCKER_HUB_PASSWORD} +type: Opaque diff --git a/hack/examples/bases/nutanix/cluster/kustomization.yaml.tmpl b/hack/examples/bases/nutanix/cluster/kustomization.yaml.tmpl index 4db679840..5d62581b9 100644 --- a/hack/examples/bases/nutanix/cluster/kustomization.yaml.tmpl +++ b/hack/examples/bases/nutanix/cluster/kustomization.yaml.tmpl @@ -5,6 +5,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: +- ../../../additional-resources/dockerhub-secret.yaml - ../../../additional-resources/nutanix/csi-secret.yaml - https://raw.githubusercontent.com/nutanix-cloud-native/cluster-api-provider-nutanix/1a7cd69ba35de01e56dcf2dda7f31973111d2317/templates/cluster-template-topology.yaml @@ -58,3 +59,10 @@ patches: - target: kind: Cluster path: ../../../patches/nutanix/remove-ccm/cluster-label.yaml + +# A Nutanix cluster uses SNAT for outbound traffic by default. +# Because Dockerhub only sees a single request IP the rate limit gets hit for almost every cluster. +# Add a patch to set imageRegistry with docker.io credentials. +- target: + kind: Cluster + path: ../../../patches/dockerhub-image-registry.yaml diff --git a/hack/examples/patches/dockerhub-image-registry.yaml b/hack/examples/patches/dockerhub-image-registry.yaml new file mode 100644 index 000000000..ea30af40e --- /dev/null +++ b/hack/examples/patches/dockerhub-image-registry.yaml @@ -0,0 +1,10 @@ +# Copyright 2024 D2iQ, Inc. All rights reserved. +# SPDX-License-Identifier: Apache-2.0 + +- op: "add" + path: "/spec/topology/variables/0/value/imageRegistries" + value: + - url: https://docker.io + credentials: + secretRef: + name: ${CLUSTER_NAME}-dockerhub-credentials