feat(helm): add image pull secret for private registries

2023-07-03 21:30:33 +02:00 · 2023-07-03 21:30:33 +02:00 · 4187512f88
commit 4187512f88
parent 38c28dc73f
6 changed files with 26 additions and 4 deletions
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@ -30,6 +30,7 @@ deploy:staging:dry-run:
        --namespace backoffice-staging \
        --values ./charts/backoffice/values.staging.yaml \
        --set image.tag=$CI_COMMIT_BRANCH-$CI_COMMIT_SHORT_SHA \
        --set dockerconfigjsonBase64=dummy \
        --set backoffice.secrets.databaseURL=dummy \
        --set backoffice.secrets.nextauthSecret=dummy \
        --set backoffice.secrets.googleClientID=dummy \
@ -54,6 +55,7 @@ deploy:staging:
        --namespace backoffice-staging \
        --values ./charts/backoffice/values.staging.yaml \
        --set image.tag=$CI_COMMIT_BRANCH-$CI_COMMIT_SHORT_SHA \
        --set dockerconfigjsonBase64=$DOCKERCONFIG_BASE64 \
        --set backoffice.secrets.databaseURL=$DATABASE_URL \
        --set backoffice.secrets.nextauthSecret=$NEXTAUTH_SECRET \
        --set backoffice.secrets.googleClientID=$GOOGLE_CLIENT_ID \
--- a/charts/backoffice/templates/deployment.yaml
+++ b/charts/backoffice/templates/deployment.yaml
@ -11,9 +11,9 @@ spec:
      app.kubernetes.io/instance: {{ .Release.Name }}
  template:
    spec:
-      {{- with .Values.imagePullSecrets }}
+      {{- if .Values.dockerconfigjsonBase64 }}
      imagePullSecrets:
-        {{- toYaml . | nindent 8 }}
+        - name: {{ .Release.Name }}-container-registry
      {{- end }}
      containers:
        - name: {{ .Chart.Name }}
--- a/charts/backoffice/templates/job-db-migration.yaml
+++ b/charts/backoffice/templates/job-db-migration.yaml
@ -12,6 +12,10 @@ spec:
  activeDeadlineSeconds: 120 # 2 minutes
  template:
    spec:
      {{- if .Values.dockerconfigjsonBase64 }}
      imagePullSecrets:
        - name: {{ .Release.Name }}-container-registry
      {{- end }}
      containers:
      - name: {{ .Chart.Name }}-migration
        image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
--- a/charts/backoffice/templates/job-db-seed.yaml
+++ b/charts/backoffice/templates/job-db-seed.yaml
@ -12,6 +12,10 @@ spec:
  activeDeadlineSeconds: 120 # 2 minutes
  template:
    spec:
      {{- if .Values.dockerconfigjsonBase64 }}
      imagePullSecrets:
        - name: {{ .Release.Name }}-container-registry
      {{- end }}
      containers:
      - name: {{ .Chart.Name }}-seed
        image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
--- a/charts/backoffice/templates/secret-container-registry.yaml
+++ b/charts/backoffice/templates/secret-container-registry.yaml
@ -0,0 +1,12 @@
 {{ if .Values.dockerconfigjsonBase64 }}
 apiVersion: v1
 kind: Secret
 metadata:
  name: {{ .Release.Name }}-container-registry
  annotations:
    "helm.sh/hook": pre-install,pre-upgrade
    "helm.sh/hook-weight": "-15"
 type: kubernetes.io/dockerconfigjson
 data:
  .dockerconfigjson: {{ .Values.dockerconfigjsonBase64 }}
 {{ end }}
--- a/charts/backoffice/values.yaml
+++ b/charts/backoffice/values.yaml
@ -4,8 +4,6 @@ image:
  repository: ghcr.io/vojtechmares/backoffice
  tag:
 imagePullSecrets: {}
 ingress:
  enabled: false
  host: example.com
@ -37,3 +35,5 @@ backoffice:
    nextauthSecret: null
    googleClientID: null
    googleClientSecret: null
 dockerconfigjsonBase64: null