From aa1c0fd1c21d8beff7f2f2845a26c3fa7a417c60 Mon Sep 17 00:00:00 2001 From: unglaublicherdude Date: Wed, 26 Jun 2024 15:50:53 +0200 Subject: [PATCH] fixes the secret handling you either have to configure a dockerjsonconfig or a global.imagepullsecrets but when you configure both, both are added to the imagepullsecrets in the deployments and stateful-sets --- .gitignore | 3 ++- charts/vaas/Chart.yaml | 2 +- charts/vaas/templates/gateway/_helpers.tpl | 11 +++++++---- charts/vaas/templates/gateway/secret.yaml | 16 ++++++++++++++-- charts/vaas/templates/gdscan/_helpers.tpl | 18 +++++++++++------- charts/vaas/templates/gdscan/secret.yaml | 16 ++++++++++++++-- charts/vaas/values.yaml | 1 + 7 files changed, 50 insertions(+), 17 deletions(-) diff --git a/.gitignore b/.gitignore index cfdd1fc..6ee74cd 100644 --- a/.gitignore +++ b/.gitignore @@ -8,4 +8,5 @@ *.tgz .fleet/ .output/ -Chart.lock \ No newline at end of file +Chart.lock +tmp/ \ No newline at end of file diff --git a/charts/vaas/Chart.yaml b/charts/vaas/Chart.yaml index 9376dd2..66eaefc 100644 --- a/charts/vaas/Chart.yaml +++ b/charts/vaas/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: vaas -version: 1.8.0 +version: 1.9.0 description: Deployment of a Verdict-as-a-Service on-premise instance maintainers: - name: G DATA CyberDefense AG diff --git a/charts/vaas/templates/gateway/_helpers.tpl b/charts/vaas/templates/gateway/_helpers.tpl index ed1de22..d226a27 100644 --- a/charts/vaas/templates/gateway/_helpers.tpl +++ b/charts/vaas/templates/gateway/_helpers.tpl @@ -24,14 +24,17 @@ If release name contains chart name it will be used as a full name. {{- end }} {{- define "gateway.imagePullSecrets" -}} +{{- if or (gt (len .Values.global.imagePullSecrets) 0) (.Values.global.secret.dockerconfigjson) -}} imagePullSecrets: {{- range .Values.global.imagePullSecrets }} - name: {{ . }} - {{- end }} - {{- if .Values.imagePullSecret }} - - name: {{ .Release.Name }}-registry-secret - {{- end }} + {{- end -}} + {{- if (.Values.global.secret).dockerconfigjson }} + - name: registry + {{- end -}} {{- end -}} +{{ end -}} + {{/* Create chart name and version as used by the chart label. diff --git a/charts/vaas/templates/gateway/secret.yaml b/charts/vaas/templates/gateway/secret.yaml index 0495eef..edf4b73 100644 --- a/charts/vaas/templates/gateway/secret.yaml +++ b/charts/vaas/templates/gateway/secret.yaml @@ -1,10 +1,22 @@ -{{- if .Values.global.imagePullSecrets }} +{{- if and (not .Values.global.imagePullSecrets) (not .Values.global.imagePullSecret)}} apiVersion: v1 kind: Secret metadata: name: registry namespace: {{ .Release.Namespace }} data: - .dockerconfigjson: {{ required "You need to set the dockerconfigjson for the private registry" .Values.global.secret.dockerconfigjson }} + .dockerconfigjson: {{ required "You need to set the dockerconfigjson for the private registry" (.Values.global.secret).dockerconfigjson }} type: kubernetes.io/dockerconfigjson +{{- end -}} +{{- if or (.Values.global.imagePullSecrets) (.Values.global.imagePullSecret)}} +{{- if (.Values.global.secret).dockerconfigjson }} +apiVersion: v1 +kind: Secret +metadata: + name: registry + namespace: {{ .Release.Namespace }} +data: + .dockerconfigjson: {{ .Values.global.secret.dockerconfigjson }} +type: kubernetes.io/dockerconfigjson +{{- end -}} {{- end -}} \ No newline at end of file diff --git a/charts/vaas/templates/gdscan/_helpers.tpl b/charts/vaas/templates/gdscan/_helpers.tpl index f980da0..196a61b 100644 --- a/charts/vaas/templates/gdscan/_helpers.tpl +++ b/charts/vaas/templates/gdscan/_helpers.tpl @@ -43,15 +43,19 @@ app.kubernetes.io/managed-by: {{ .Release.Service }} {{- end }} {{- define "gdscan.imagePullSecrets" -}} - -{{- $imagePullSecrets := concat (((.Values.global | default dict).imagePullSecrets)| default list) (.Values.gdscan.imagePullSecrets | default list) -}} -{{- if gt (len $imagePullSecrets) 0 -}} +{{- if or (gt (len .Values.global.imagePullSecrets) 0) (gt (len .Values.gdscan.imagePullSecrets) 0) ((.Values.global.secret).dockerconfigjson) -}} imagePullSecrets: - {{- range $imagePullSecrets }} + {{- range .Values.global.imagePullSecrets }} - name: {{ . }} - {{- end }} -{{- end }} -{{- end }} + {{- end -}} + {{- range .Values.gdscan.imagePullSecrets }} + - name: {{ . }} + {{- end -}} + {{- if (.Values.global.secret).dockerconfigjson }} + - name: gdscanregistry + {{- end -}} +{{- end -}} +{{ end -}} {{/* Selector labels diff --git a/charts/vaas/templates/gdscan/secret.yaml b/charts/vaas/templates/gdscan/secret.yaml index 03d7f30..5d6413f 100644 --- a/charts/vaas/templates/gdscan/secret.yaml +++ b/charts/vaas/templates/gdscan/secret.yaml @@ -1,10 +1,22 @@ -{{- if .Values.global.imagePullSecrets }} +{{- if and (not .Values.global.imagePullSecrets) (not .Values.global.imagePullSecret) (not .Values.gdscan.imagePullSecret)}} apiVersion: v1 kind: Secret metadata: name: gdscanregistry namespace: {{ .Release.Namespace }} data: - .dockerconfigjson: {{ required "You need to set the dockerconfigjson for the private registry" .Values.global.secret.dockerconfigjson }} + .dockerconfigjson: {{ required "You need to set the dockerconfigjson for the private registry" (.Values.global.secret).dockerconfigjson }} type: kubernetes.io/dockerconfigjson +{{- end -}} +{{- if or (.Values.global.imagePullSecrets) (.Values.global.imagePullSecret)}} +{{- if (.Values.global.secret).dockerconfigjson }} +apiVersion: v1 +kind: Secret +metadata: + name: gdscanregistry + namespace: {{ .Release.Namespace }} +data: + .dockerconfigjson: {{ .Values.global.secret.dockerconfigjson }} +type: kubernetes.io/dockerconfigjson +{{- end -}} {{- end -}} \ No newline at end of file diff --git a/charts/vaas/values.yaml b/charts/vaas/values.yaml index 64119e6..724f606 100644 --- a/charts/vaas/values.yaml +++ b/charts/vaas/values.yaml @@ -147,6 +147,7 @@ gateway: gdscanUrl: "http://gdscan:8080/scan/body" gdscan: + imagePullSecrets: [] replicaCount: 1 deploymentStrategy: "RollingUpdate" client: