installer: update volume mount when Secret updates

According to Kubernetes doc, a container using a Secret as a subPath volume mount will not receive Secret updates. Signed-off-by: JenTing Hsiao <hsiaoairplane@gmail.com>

install/installer/pkg/components/blobserve/configmap.go

@@ -101,7 +101,7 @@ func configmap(ctx *common.RenderContext) ([]runtime.Object, error) {
 MaxSize: MaxSizeBytes,
 },
 },
-AuthCfg: "/mnt/pull-secret.json",
+AuthCfg: "/mnt/pull-secret/pull-secret.json",
 PProfAddr: common.LocalhostAddressFromPort(baseserver.BuiltinDebugPort),
 PrometheusAddr: common.LocalhostPrometheusAddr(),
 ReadinessProbeAddr: fmt.Sprintf(":%v", ReadinessPort),

install/installer/pkg/components/blobserve/deployment.go

@@ -92,6 +92,7 @@ func deployment(ctx *common.RenderContext) ([]runtime.Object, error) {
 Name: volumeName,
 VolumeSource: corev1.VolumeSource{Secret: &corev1.SecretVolumeSource{
 SecretName: secretName,
+Items: []corev1.KeyToPath{{Key: ".dockerconfigjson", Path: "pull-secret.json"}},
 }},
 }},
 Containers: []corev1.Container{{
@@ -126,8 +127,7 @@ func deployment(ctx *common.RenderContext) ([]runtime.Object, error) {
 MountPath: "/mnt/cache",
 }, {
 Name: volumeName,
-MountPath: "/mnt/pull-secret.json",
-SubPath: ".dockerconfigjson",
+MountPath: "/mnt/pull-secret",
 }},
 
 ReadinessProbe: &corev1.Probe{

install/installer/pkg/components/image-builder-mk3/configmap.go

@@ -48,7 +48,7 @@ func configmap(ctx *common.RenderContext) ([]runtime.Object, error) {
 },
 },
 PullSecret: secretName,
-PullSecretFile: PullSecretFile,
+PullSecretFile: "/config/pull-secret/pull-secret.json",
 BaseImageRepository: fmt.Sprintf("%s/base-images", registryName),
 BuilderImage: ctx.ImageName(ctx.Config.Repository, BuilderImage, ctx.VersionManifest.Components.ImageBuilderMk3.BuilderImage.Version),
 WorkspaceImageRepository: fmt.Sprintf("%s/workspace-images", registryName),

install/installer/pkg/components/image-builder-mk3/constants.go

@@ -7,9 +7,8 @@ package image_builder_mk3
 import "github.com/gitpod-io/gitpod/installer/pkg/common"
 
 const (
-PullSecretFile = "/config/pull-secret.json"
-BuilderImage = "image-builder-mk3/bob"
-Component = common.ImageBuilderComponent
-RPCPort = common.ImageBuilderRPCPort
-RPCPortName = "service"
+BuilderImage = "image-builder-mk3/bob"
+Component = common.ImageBuilderComponent
+RPCPort = common.ImageBuilderRPCPort
+RPCPortName = "service"
 )

install/installer/pkg/components/image-builder-mk3/deployment.go

@@ -81,6 +81,7 @@ func deployment(ctx *common.RenderContext) ([]runtime.Object, error) {
 VolumeSource: corev1.VolumeSource{
 Secret: &corev1.SecretVolumeSource{
 SecretName: secretName,
+Items: []corev1.KeyToPath{{Key: ".dockerconfigjson", Path: "pull-secret.json"}},
 },
 },
 },
@@ -100,8 +101,7 @@ func deployment(ctx *common.RenderContext) ([]runtime.Object, error) {
 },
 {
 Name: "pull-secret",
-MountPath: PullSecretFile,
-SubPath: ".dockerconfigjson",
+MountPath: "/config/pull-secret",
 },
 }
 if vol, mnt, _, ok := common.CustomCACertVolume(ctx); ok {

install/installer/pkg/components/registry-facade/configmap.go

@@ -88,7 +88,7 @@ func configmap(ctx *common.RenderContext) ([]runtime.Object, error) {
 IPFSCache: ipfsCache,
 RedisCache: redisCache,
 },
-AuthCfg: "/mnt/pull-secret.json",
+AuthCfg: "/mnt/pull-secret/pull-secret.json",
 PProfAddr: common.LocalhostAddressFromPort(baseserver.BuiltinDebugPort),
 PrometheusAddr: common.LocalhostPrometheusAddr(),
 ReadinessProbeAddr: fmt.Sprintf(":%v", ReadinessPort),

install/installer/pkg/components/registry-facade/daemonset.go

@@ -264,8 +264,7 @@ func daemonset(ctx *common.RenderContext) ([]runtime.Object, error) {
 },
 {
 Name: name,
-MountPath: "/mnt/pull-secret.json",
-SubPath: ".dockerconfigjson",
+MountPath: "/mnt/pull-secret",
 },
 },
 volumeMounts...,
@@ -357,6 +356,7 @@ func daemonset(ctx *common.RenderContext) ([]runtime.Object, error) {
 VolumeSource: corev1.VolumeSource{
 Secret: &corev1.SecretVolumeSource{
 SecretName: secretName,
+Items: []corev1.KeyToPath{{Key: ".dockerconfigjson", Path: "pull-secret.json"}},
 },
 },
 }, {