From bd0d31acc349a67c01de0595d152b8448b5311d1 Mon Sep 17 00:00:00 2001 From: Andreas Geissler Date: Wed, 20 Mar 2024 09:51:32 +0100 Subject: [COMMON] Make imagePullSecrets configurable Currently in ONAP the imagePullSecrets is hardcoded to 'onap-docker-registry-key' which is created by the repository-wrapper component. With this change the secrets can be configured via setting global.imagePullSecrets and optionally per image if it is configured as map (image.pullSecrets) Issue-ID: OOM-3284 Change-Id: I8644f9b46043b6014219c42928e057b149df43a4 Signed-off-by: Andreas Geissler --- kubernetes/common/common/Chart.yaml | 2 +- kubernetes/common/common/templates/_images.tpl | 121 ++++++++++++++++++++++ kubernetes/common/common/templates/_mariadb.tpl | 3 +- kubernetes/common/common/templates/_postgres.tpl | 3 +- kubernetes/common/common/templates/_tplvalues.tpl | 49 +++++++++ 5 files changed, 173 insertions(+), 5 deletions(-) create mode 100644 kubernetes/common/common/templates/_images.tpl create mode 100644 kubernetes/common/common/templates/_tplvalues.tpl (limited to 'kubernetes/common/common') diff --git a/kubernetes/common/common/Chart.yaml b/kubernetes/common/common/Chart.yaml index 129454681e..bb9e8a24fc 100644 --- a/kubernetes/common/common/Chart.yaml +++ b/kubernetes/common/common/Chart.yaml @@ -16,4 +16,4 @@ apiVersion: v2 description: Common templates for inclusion in other charts name: common -version: 13.0.3 +version: 13.1.0 diff --git a/kubernetes/common/common/templates/_images.tpl b/kubernetes/common/common/templates/_images.tpl new file mode 100644 index 0000000000..3bbaabc006 --- /dev/null +++ b/kubernetes/common/common/templates/_images.tpl @@ -0,0 +1,121 @@ +{{/* +# Copyright © Original (https://github.com/bitnami/charts) VMware, Inc. +# Copyright © 2024 Deutsche Telekom +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{/* vim: set filetype=mustache: */}} + +{{/* +Return the proper Docker Image Registry Secret Names +Original, if common way of image definition: +{{- include "common.images.renderPullSecrets" (dict "images" (list .Values.image .Values.metrics.image .Values.volumePermissions.image .Values.tls.image) "context" $) -}} +*/}} +{{- define "common.imagePullSecrets" -}} +{{- $images := list }} +{{- if .Values.image }} + {{- if kindIs "map" .Values.image -}} + {{- $images = append $images ".Values.image" -}} + {{- end -}} +{{- end -}} +{{- if .Values.metrics }} + {{- if .Values.metrics.image }} + {{- if kindIs "map" .Values.metrics.image -}} + {{- $images = append $images ".Values.metrics.image" -}} + {{- end -}} + {{- end -}} +{{- end -}} +{{- include "common.images._renderPullSecrets" (dict "images" $images "context" $) -}} +{{- end -}} + +{{/* +Return the proper image name +{{ include "common.images.image" ( dict "imageRoot" .Values.path.to.the.image "global" .Values.global ) }} +*/}} +{{- define "common.images.image" -}} +{{- $registryName := .imageRoot.registry -}} +{{- $repositoryName := .imageRoot.repository -}} +{{- $separator := ":" -}} +{{- $termination := .imageRoot.tag | toString -}} +{{- if .global }} + {{- if .global.imageRegistry }} + {{- $registryName = .global.imageRegistry -}} + {{- end -}} +{{- end -}} +{{- if .imageRoot.digest }} + {{- $separator = "@" -}} + {{- $termination = .imageRoot.digest | toString -}} +{{- end -}} +{{- if $registryName }} + {{- printf "%s/%s%s%s" $registryName $repositoryName $separator $termination -}} +{{- else -}} + {{- printf "%s%s%s" $repositoryName $separator $termination -}} +{{- end -}} +{{- end -}} + +{{/* +Return the proper Docker Image Registry Secret Names evaluating values as templates +{{ include "common.images.renderPullSecrets" ( dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "context" $) }} +*/}} +{{- define "common.images._renderPullSecrets" -}} + {{- $pullSecrets := list }} + {{- $context := .context }} + {{- $images := .images }} + + {{- if $context.Values.global }} + {{- range $context.Values.global.imagePullSecrets -}} + {{- if kindIs "map" . -}} + {{- $pullSecrets = append $pullSecrets (include "common.tplvalues._render" (dict "value" .name "context" $context)) -}} + {{- else -}} + {{- $pullSecrets = append $pullSecrets (include "common.tplvalues._render" (dict "value" . "context" $context)) -}} + {{- end -}} + {{- end -}} + {{- end -}} + + {{- range $image := $images -}} + {{- if contains "pullSecret" $image -}} + {{- range $pullSecret := $image.pullSecrets -}} + {{- if kindIs "map" $pullSecret -}} + {{- $pullSecrets = append $pullSecrets $pullSecret.name -}} + {{- else -}} + {{- $pullSecrets = append $pullSecrets $pullSecret -}} + {{- end -}} + {{- end -}} + {{- end -}} + {{- end -}} + + {{- if (not (empty $pullSecrets)) }} +imagePullSecrets: + {{- range $pullSecrets | uniq }} + - name: {{ . }} + {{- end }} + {{- else -}} +imagePullSecrets: [] + {{- end }} +{{- end -}} + +{{/* +Return the proper image version (ingores image revision/prerelease info & fallbacks to chart appVersion) +{{ include "common.images.version" ( dict "imageRoot" .Values.path.to.the.image "chart" .Chart ) }} +*/}} +{{- define "common.images._version" -}} +{{- $imageTag := .imageRoot.tag | toString -}} +{{/* regexp from https://github.com/Masterminds/semver/blob/23f51de38a0866c5ef0bfc42b3f735c73107b700/version.go#L41-L44 */}} +{{- if regexMatch `^([0-9]+)(\.[0-9]+)?(\.[0-9]+)?(-([0-9A-Za-z\-]+(\.[0-9A-Za-z\-]+)*))?(\+([0-9A-Za-z\-]+(\.[0-9A-Za-z\-]+)*))?$` $imageTag -}} + {{- $version := semver $imageTag -}} + {{- printf "%d.%d.%d" $version.Major $version.Minor $version.Patch -}} +{{- else -}} + {{- print .chart.AppVersion -}} +{{- end -}} +{{- end -}} diff --git a/kubernetes/common/common/templates/_mariadb.tpl b/kubernetes/common/common/templates/_mariadb.tpl index e21f0f658d..caf2fd1031 100644 --- a/kubernetes/common/common/templates/_mariadb.tpl +++ b/kubernetes/common/common/templates/_mariadb.tpl @@ -265,8 +265,7 @@ spec: key: password image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.mariadbOperator.image }}:{{ $dot.Values.mariadbOperator.appVersion }} imagePullPolicy: IfNotPresent - imagePullSecrets: - - name: {{ include "common.namespace" . }}-docker-registry-key + {{- include "common.imagePullSecrets" . | nindent 2 }} port: 3306 replicas: {{ $dot.Values.replicaCount }} {{- if $dot.Values.mariadbOperator.galera.enabled }} diff --git a/kubernetes/common/common/templates/_postgres.tpl b/kubernetes/common/common/templates/_postgres.tpl index d21d8c740d..dcd17c0312 100644 --- a/kubernetes/common/common/templates/_postgres.tpl +++ b/kubernetes/common/common/templates/_postgres.tpl @@ -87,8 +87,7 @@ spec: {{- if .Values.postgresOperator.imagePostgres }} image: {{ .Values.postgresOperator.imagePostgres | quote }} {{- end }} - imagePullSecrets: - - name: {{ include "common.namespace" . }}-docker-registry-key + {{- include "common.imagePullSecrets" . | nindent 2 }} postgresVersion: {{ $dot.Values.postgresOperator.postgresVersion }} instances: - name: {{ default "instance1" .Values.postgresOperator.instanceName | quote }} diff --git a/kubernetes/common/common/templates/_tplvalues.tpl b/kubernetes/common/common/templates/_tplvalues.tpl new file mode 100644 index 0000000000..0c6dbec859 --- /dev/null +++ b/kubernetes/common/common/templates/_tplvalues.tpl @@ -0,0 +1,49 @@ +{{/* +# Copyright © Original (https://github.com/bitnami/charts) VMware, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{/* vim: set filetype=mustache: */}} +{{/* +Renders a value that contains template perhaps with scope if the scope is present. +Usage: +{{ include "common.tplvalues._render" ( dict "value" .Values.path.to.the.Value "context" $ ) }} +{{ include "common.tplvalues._render" ( dict "value" .Values.path.to.the.Value "context" $ "scope" $app ) }} +*/}} +{{- define "common.tplvalues._render" -}} +{{- $value := typeIs "string" .value | ternary .value (.value | toYaml) }} +{{- if contains "{{" (toJson .value) }} + {{- if .scope }} + {{- tpl (cat "{{- with $.RelativeScope -}}" $value "{{- end }}") (merge (dict "RelativeScope" .scope) .context) }} + {{- else }} + {{- tpl $value .context }} + {{- end }} +{{- else }} + {{- $value }} +{{- end }} +{{- end -}} + +{{/* +Merge a list of values that contains template after rendering them. +Merge precedence is consistent with http://masterminds.github.io/sprig/dicts.html#merge-mustmerge +Usage: +{{ include "common.tplvalues._merge" ( dict "values" (list .Values.path.to.the.Value1 .Values.path.to.the.Value2) "context" $ ) }} +*/}} +{{- define "common.tplvalues._merge" -}} +{{- $dst := dict -}} +{{- range .values -}} +{{- $dst = include "common.tplvalues._render" (dict "value" . "context" $.context "scope" $.scope) | fromYaml | merge $dst -}} +{{- end -}} +{{ $dst | toYaml }} +{{- end -}} -- cgit 1.2.3-korg