From 4187512f88fdd0855e26029106815fdb49f5af75 Mon Sep 17 00:00:00 2001 From: Vojtech Mares Date: Mon, 3 Jul 2023 21:30:33 +0200 Subject: [PATCH] feat(helm): add image pull secret for private registries --- .gitlab-ci.yml | 2 ++ charts/backoffice/templates/deployment.yaml | 4 ++-- charts/backoffice/templates/job-db-migration.yaml | 4 ++++ charts/backoffice/templates/job-db-seed.yaml | 4 ++++ .../templates/secret-container-registry.yaml | 12 ++++++++++++ charts/backoffice/values.yaml | 4 ++-- 6 files changed, 26 insertions(+), 4 deletions(-) create mode 100644 charts/backoffice/templates/secret-container-registry.yaml diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 4506bf8..72f7a2b 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -30,6 +30,7 @@ deploy:staging:dry-run: --namespace backoffice-staging \ --values ./charts/backoffice/values.staging.yaml \ --set image.tag=$CI_COMMIT_BRANCH-$CI_COMMIT_SHORT_SHA \ + --set dockerconfigjsonBase64=dummy \ --set backoffice.secrets.databaseURL=dummy \ --set backoffice.secrets.nextauthSecret=dummy \ --set backoffice.secrets.googleClientID=dummy \ @@ -54,6 +55,7 @@ deploy:staging: --namespace backoffice-staging \ --values ./charts/backoffice/values.staging.yaml \ --set image.tag=$CI_COMMIT_BRANCH-$CI_COMMIT_SHORT_SHA \ + --set dockerconfigjsonBase64=$DOCKERCONFIG_BASE64 \ --set backoffice.secrets.databaseURL=$DATABASE_URL \ --set backoffice.secrets.nextauthSecret=$NEXTAUTH_SECRET \ --set backoffice.secrets.googleClientID=$GOOGLE_CLIENT_ID \ diff --git a/charts/backoffice/templates/deployment.yaml b/charts/backoffice/templates/deployment.yaml index 7007aff..66de6ed 100644 --- a/charts/backoffice/templates/deployment.yaml +++ b/charts/backoffice/templates/deployment.yaml @@ -11,9 +11,9 @@ spec: app.kubernetes.io/instance: {{ .Release.Name }} template: spec: - {{- with .Values.imagePullSecrets }} + {{- if .Values.dockerconfigjsonBase64 }} imagePullSecrets: - {{- toYaml . | nindent 8 }} + - name: {{ .Release.Name }}-container-registry {{- end }} containers: - name: {{ .Chart.Name }} diff --git a/charts/backoffice/templates/job-db-migration.yaml b/charts/backoffice/templates/job-db-migration.yaml index 623b4aa..a0b2359 100644 --- a/charts/backoffice/templates/job-db-migration.yaml +++ b/charts/backoffice/templates/job-db-migration.yaml @@ -12,6 +12,10 @@ spec: activeDeadlineSeconds: 120 # 2 minutes template: spec: + {{- if .Values.dockerconfigjsonBase64 }} + imagePullSecrets: + - name: {{ .Release.Name }}-container-registry + {{- end }} containers: - name: {{ .Chart.Name }}-migration image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" diff --git a/charts/backoffice/templates/job-db-seed.yaml b/charts/backoffice/templates/job-db-seed.yaml index ca83dc7..694640b 100644 --- a/charts/backoffice/templates/job-db-seed.yaml +++ b/charts/backoffice/templates/job-db-seed.yaml @@ -12,6 +12,10 @@ spec: activeDeadlineSeconds: 120 # 2 minutes template: spec: + {{- if .Values.dockerconfigjsonBase64 }} + imagePullSecrets: + - name: {{ .Release.Name }}-container-registry + {{- end }} containers: - name: {{ .Chart.Name }}-seed image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" diff --git a/charts/backoffice/templates/secret-container-registry.yaml b/charts/backoffice/templates/secret-container-registry.yaml new file mode 100644 index 0000000..7726349 --- /dev/null +++ b/charts/backoffice/templates/secret-container-registry.yaml @@ -0,0 +1,12 @@ +{{ if .Values.dockerconfigjsonBase64 }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Release.Name }}-container-registry + annotations: + "helm.sh/hook": pre-install,pre-upgrade + "helm.sh/hook-weight": "-15" +type: kubernetes.io/dockerconfigjson +data: + .dockerconfigjson: {{ .Values.dockerconfigjsonBase64 }} +{{ end }} diff --git a/charts/backoffice/values.yaml b/charts/backoffice/values.yaml index 1a29284..47a48e2 100644 --- a/charts/backoffice/values.yaml +++ b/charts/backoffice/values.yaml @@ -4,8 +4,6 @@ image: repository: ghcr.io/vojtechmares/backoffice tag: -imagePullSecrets: {} - ingress: enabled: false host: example.com @@ -37,3 +35,5 @@ backoffice: nextauthSecret: null googleClientID: null googleClientSecret: null + +dockerconfigjsonBase64: null