From 4b474de3dca8ee5ffb8dddc367b66912bef84990 Mon Sep 17 00:00:00 2001 From: Bryan Brancotte <bryan.brancotte@pasteur.fr> Date: Fri, 30 Jun 2023 09:45:14 +0200 Subject: [PATCH] Can provide credentials when image registry is private --- rshiny/Chart.yaml | 2 +- rshiny/templates/_secretHelper.tpl | 7 +++++++ rshiny/templates/deployment.yaml | 4 +++- rshiny/templates/image-pull-secret.yaml | 15 +++++++++++++++ rshiny/values.yaml | 4 ++++ 5 files changed, 30 insertions(+), 2 deletions(-) create mode 100644 rshiny/templates/_secretHelper.tpl create mode 100644 rshiny/templates/image-pull-secret.yaml diff --git a/rshiny/Chart.yaml b/rshiny/Chart.yaml index 457f604..72b50ae 100644 --- a/rshiny/Chart.yaml +++ b/rshiny/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.2.2 +version: 0.3.0 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/rshiny/templates/_secretHelper.tpl b/rshiny/templates/_secretHelper.tpl new file mode 100644 index 0000000..304adbb --- /dev/null +++ b/rshiny/templates/_secretHelper.tpl @@ -0,0 +1,7 @@ +{{- define "imagePullSecret" }} +{{- if and .Values.registry .Values.registry.password .Values.registry.username .Values.registry.host }} +{{- printf "{\"auths\": {\"%s\": {\"auth\": \"%s\"}}}" .Values.registry.host (printf "%s:%s" .Values.registry.username .Values.registry.password | b64enc) | b64enc }} +{{- else }} +{{- required "When registry is private, you need to specify .Values.registry.password .Values.registry.username .Values.registry.host, see documetation for more." "" }} +{{- end }} +{{- end }} diff --git a/rshiny/templates/deployment.yaml b/rshiny/templates/deployment.yaml index 143811e..06dc656 100644 --- a/rshiny/templates/deployment.yaml +++ b/rshiny/templates/deployment.yaml @@ -22,8 +22,10 @@ spec: labels: {{- include "chart.selectorLabels" . | nindent 8 }} spec: + {{- if .Values.registry.private }} imagePullSecrets: - - name: registry-gitlab + - name: {{ include "chart.fullname" . }} + {{- end }} containers: - name: rshiny-pod image: {{ .Values.imageFullNameAndTag }} diff --git a/rshiny/templates/image-pull-secret.yaml b/rshiny/templates/image-pull-secret.yaml new file mode 100644 index 0000000..b7b070f --- /dev/null +++ b/rshiny/templates/image-pull-secret.yaml @@ -0,0 +1,15 @@ +{{- if .Values.registry.private }} +# When creating a pod based on an image that resides in a private Docker registry (a secure registry protected by basic authentication), +# one must specify an imagePullSecrets as part of the pod's spec. +# (see https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/#create-a-pod-that-uses-your-secret) + +# This resource creates a docker registry pull secret that's based on values provided in values.yaml (it relies on a template defined in _secretHelper.tpl). The secret must be deployed to +# the same namespace in which the pod will be created. +apiVersion: v1 +kind: Secret +metadata: + name : {{ include "chart.fullname" . }} +type: kubernetes.io/dockerconfigjson +data: + .dockerconfigjson: {{ template "imagePullSecret" . }} +{{- end }} diff --git a/rshiny/values.yaml b/rshiny/values.yaml index ad36c52..8a41b68 100644 --- a/rshiny/values.yaml +++ b/rshiny/values.yaml @@ -29,3 +29,7 @@ ingress: nginx.ingress.kubernetes.io/affinity: cookie nginx.ingress.kubernetes.io/proxy-body-size: 256m hostname: "" + + +registry: + private: false -- GitLab