From 4b474de3dca8ee5ffb8dddc367b66912bef84990 Mon Sep 17 00:00:00 2001
From: Bryan Brancotte <bryan.brancotte@pasteur.fr>
Date: Fri, 30 Jun 2023 09:45:14 +0200
Subject: [PATCH] Can provide credentials when image registry is private

---
 rshiny/Chart.yaml                       |  2 +-
 rshiny/templates/_secretHelper.tpl      |  7 +++++++
 rshiny/templates/deployment.yaml        |  4 +++-
 rshiny/templates/image-pull-secret.yaml | 15 +++++++++++++++
 rshiny/values.yaml                      |  4 ++++
 5 files changed, 30 insertions(+), 2 deletions(-)
 create mode 100644 rshiny/templates/_secretHelper.tpl
 create mode 100644 rshiny/templates/image-pull-secret.yaml

diff --git a/rshiny/Chart.yaml b/rshiny/Chart.yaml
index 457f604..72b50ae 100644
--- a/rshiny/Chart.yaml
+++ b/rshiny/Chart.yaml
@@ -15,7 +15,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.2.2
+version: 0.3.0
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
diff --git a/rshiny/templates/_secretHelper.tpl b/rshiny/templates/_secretHelper.tpl
new file mode 100644
index 0000000..304adbb
--- /dev/null
+++ b/rshiny/templates/_secretHelper.tpl
@@ -0,0 +1,7 @@
+{{- define "imagePullSecret" }}
+{{- if and .Values.registry .Values.registry.password .Values.registry.username .Values.registry.host }}
+{{- printf "{\"auths\": {\"%s\": {\"auth\": \"%s\"}}}" .Values.registry.host (printf "%s:%s" .Values.registry.username .Values.registry.password | b64enc) | b64enc }}
+{{- else }}
+{{- required "When registry is private, you need to specify .Values.registry.password .Values.registry.username .Values.registry.host, see documetation for more." "" }}
+{{- end }}
+{{- end }}
diff --git a/rshiny/templates/deployment.yaml b/rshiny/templates/deployment.yaml
index 143811e..06dc656 100644
--- a/rshiny/templates/deployment.yaml
+++ b/rshiny/templates/deployment.yaml
@@ -22,8 +22,10 @@ spec:
       labels:
         {{- include "chart.selectorLabels" . | nindent 8 }}
     spec:
+      {{- if .Values.registry.private }}
       imagePullSecrets:
-      - name: registry-gitlab
+      - name: {{ include "chart.fullname" . }}
+      {{- end }}
       containers:
         - name: rshiny-pod
           image: {{ .Values.imageFullNameAndTag }}
diff --git a/rshiny/templates/image-pull-secret.yaml b/rshiny/templates/image-pull-secret.yaml
new file mode 100644
index 0000000..b7b070f
--- /dev/null
+++ b/rshiny/templates/image-pull-secret.yaml
@@ -0,0 +1,15 @@
+{{- if .Values.registry.private }}
+# When creating a pod based on an image that resides in a private Docker registry (a secure registry protected by basic authentication),
+# one must specify an imagePullSecrets as part of the pod's spec.
+# (see https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/#create-a-pod-that-uses-your-secret)
+
+# This resource creates a docker registry pull secret that's based on values provided in values.yaml (it relies on a template defined in _secretHelper.tpl). The secret must be deployed to
+# the same namespace in which the pod will be created.
+apiVersion: v1
+kind: Secret
+metadata:
+  name : {{ include "chart.fullname" . }}
+type: kubernetes.io/dockerconfigjson
+data:
+  .dockerconfigjson: {{ template "imagePullSecret" . }}
+{{- end }}
diff --git a/rshiny/values.yaml b/rshiny/values.yaml
index ad36c52..8a41b68 100644
--- a/rshiny/values.yaml
+++ b/rshiny/values.yaml
@@ -29,3 +29,7 @@ ingress:
     nginx.ingress.kubernetes.io/affinity: cookie
     nginx.ingress.kubernetes.io/proxy-body-size: 256m
   hostname: ""
+
+
+registry:
+  private: false
-- 
GitLab