Skip to content

Commit

Permalink
feat: Adds possibility to set image pull secrets in all charts
Browse files Browse the repository at this point in the history
  • Loading branch information
@luflow
luflow committed Aug 21, 2024
1 parent f4505e6 commit 1da8285
Show file tree
Hide file tree
Showing 7 changed files with 45 additions and 17 deletions.
2 changes: 2 additions & 0 deletions charts/connect/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -73,6 +73,7 @@ helm install --set connect.applicationName=connect connect ./connect
| connect.dataVolume.type | string | `"emptyDir"` | The type of the shared volume used between 1Password Connect Containers |
| connect.dataVolume.values | object | `{}` | Desribes the fields and values for configuration of shared volume for 1Password Connect |
| connect.imagePullPolicy | string | `"IfNotPresent"` | The 1Password Connect API image pull policy |
| connect.imagePullSecrets | array | `[]` | List of secret names to use as image pull secrets. Secrets must exist in the same namespace. |
| connect.ingress.annotations | object | `{}` | The 1Password Connect Ingress Annotations |
| connect.ingress.enabled | bool | `false` | The boolean value to enable/disable the 1Password Connect |
| connect.ingress.extraPaths | list | `[]` | Additional Ingress Paths |
Expand Down Expand Up @@ -105,6 +106,7 @@ helm install --set connect.applicationName=connect connect ./connect
| operator.autoRestart | boolean | `false` | Denotes whether the 1Password Operator will automatically restart deployments based on associated updated secrets. |
| operator.create | boolean | `false` | Denotes whether the 1Password Operator will be deployed |
| operator.imagePullPolicy | string | `"IfNotPresent"` | The 1Password Operator image pull policy |
| operator.imagePullSecrets | array | `[]` | List of secret names to use as image pull secrets. Secrets must exist in the same namespace. |
| operator.imageRepository | string | `"1password/onepassword-operator"` | The 1Password Operator repository |
| operator.nodeSelector | object | `{}` | [Node selector](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector) stanza for the operator pod |
| operator.annotations | object | `{}` | Additional annotations to be added to the Operator deployment resource. |
Expand Down
16 changes: 11 additions & 5 deletions charts/connect/templates/connect-deployment.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,10 +33,10 @@ spec:
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
{{- with .Values.connect.nodeSelector }}
{{- with .Values.connect.nodeSelector }}
nodeSelector:
{{ toYaml . | indent 8 }}
{{- end }}
{{ toYaml . | indent 8 }}
{{- end }}
{{- if .Values.connect.priorityClassName }}
priorityClassName: {{ .Values.connect.priorityClassName }}
{{- end }}
Expand All @@ -52,7 +52,7 @@ spec:
secretName: {{ .Values.connect.tls.secret }}
{{- end }}
tolerations:
{{ toYaml .Values.connect.tolerations | indent 8 }}
{{ toYaml .Values.connect.tolerations | indent 8 }}
containers:
- name: {{ .Values.connect.api.name }}
image: {{ .Values.connect.api.imageRepository }}:{{ tpl .Values.connect.version . }}
Expand Down Expand Up @@ -87,7 +87,7 @@ spec:
- name: OP_LOG_LEVEL
value: "{{ .Values.connect.api.logLevel }}"
{{- include "onepassword-connect.profilerConfig" . | indent 12 -}}
{{- range .Values.connect.customEnvVars}}
{{- range .Values.connect.customEnvVars }}
- name: {{ .name }}
value: {{ .value }}
{{- end }}
Expand Down Expand Up @@ -169,4 +169,10 @@ spec:
mountPath: /data
subPath: profiler
{{- end }}
{{- with .Values.connect.imagePullSecrets }}
imagePullSecrets:
{{- range . }}
- name: {{ . | quote }}
{{- end }}
{{- end }}
{{- end }}
10 changes: 8 additions & 2 deletions charts/connect/templates/operator-deployment.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -53,8 +53,8 @@ spec:
capabilities:
drop:
- all
command: ["/manager"]
args: [--zap-log-level={{ .Values.operator.logLevel }}]
command: [ "/manager" ]
args: [ --zap-log-level={{ .Values.operator.logLevel }}]
env:
- name: WATCH_NAMESPACE
value: {{ default "" (tpl (include "helm-toolkit.utils.joinListWithComma" .Values.operator.watchNamespace) .) }}
Expand All @@ -81,4 +81,10 @@ spec:
{{- end }}
resources:
{{- toYaml .Values.operator.resources | nindent 12 }}
{{- with .Values.operator.imagePullSecrets }}
imagePullSecrets:
{{- range . }}
- name: {{ . | quote }}
{{- end }}
{{- end }}
{{- end }}
6 changes: 6 additions & 0 deletions charts/connect/values.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -91,6 +91,9 @@ connect:
# The 1Password Connect API repository
imagePullPolicy: IfNotPresent

# List of secret names to use as image pull secrets. Secrets must exist in the same namespace.
imagePullSecrets: []

# The 1Password Connect version to pull
version: "{{ .Chart.AppVersion }}"

Expand Down Expand Up @@ -212,6 +215,9 @@ operator:
# The 1Password Operator image pull policy
imagePullPolicy: IfNotPresent

# List of secret names to use as image pull secrets. Secrets must exist in the same namespace.
imagePullSecrets: []

# The 1Password Operator repository
imageRepository: 1password/onepassword-operator

Expand Down
19 changes: 10 additions & 9 deletions charts/secrets-injector/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,15 +30,16 @@ $ helm install --set injector.applicationName=injector injector ./secrets-inject

### Values

| Key | Type | Default | Description |
| ------------------------ | ------- | ----------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------- |
| injector.applicationName | string | `"secrets-injector"` | The name of 1Password Kubernetes Secrets Injector Application |
| injector.imagePullPolicy | string | `"IfNotPresent"` | The 1Password Secrets Injector docker image policy. `"IfNotPresent"` means the image is pulled only if it is not already present locally. |
| injector.imageRepository | string | `"1password/kubernetes-secrets-injector"` | The 1Password Secrets Injector docker image repository |
| injector.port | string | `443` | The port the Secrets Injector exposes |
| injector.targetPort | integer | `8443` | The port the Secrets Injector API sends requests to the pod |
| injector.version | string | `{{.Chart.AppVersion}}` | The 1Password Secrets Injector version to pull. |
| injector.customEnvVars | array | `[]` | Custom Environment Variables for the 1Password Secrets Injector container that are not specified in this helm chart. |
| Key | Type | Default | Description |
|---------------------------|---------|-------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------|
| injector.applicationName | string | `"secrets-injector"` | The name of 1Password Kubernetes Secrets Injector Application |
| injector.imagePullPolicy | string | `"IfNotPresent"` | The 1Password Secrets Injector docker image policy. `"IfNotPresent"` means the image is pulled only if it is not already present locally. |
| injector.imagePullSecrets | array | `[]` | Global list of secret names to use as image pull secrets for all pod specs in the chart. Secrets must exist in the same namespace |
| injector.imageRepository | string | `"1password/kubernetes-secrets-injector"` | The 1Password Secrets Injector docker image repository |
| injector.port | string | `443` | The port the Secrets Injector exposes |
| injector.targetPort | integer | `8443` | The port the Secrets Injector API sends requests to the pod |
| injector.version | string | `{{.Chart.AppVersion}}` | The 1Password Secrets Injector version to pull. |
| injector.customEnvVars | array | `[]` | Custom Environment Variables for the 1Password Secrets Injector container that are not specified in this helm chart. |

#### Custom Environment Variables

Expand Down
8 changes: 7 additions & 1 deletion charts/secrets-injector/templates/deployment.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,8 +35,14 @@ spec:
{{- range .Values.injector.customEnvVars}}
- name: {{ .name }}
value: {{ .value }}
{{- end }}
{{- end }}
lifecycle:
preStop:
exec:
command: [ "/bin/sh", "-c", "/prestop.sh" ]
{{- with .Values.injector.imagePullSecrets }}
imagePullSecrets:
{{- range . }}
- name: {{ . | quote }}
{{- end }}
{{- end }}
1 change: 1 addition & 0 deletions charts/secrets-injector/values.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
injector:
applicationName: secrets-injector
imagePullPolicy: IfNotPresent
imagePullSecrets: []
imageRepository: 1password/kubernetes-secrets-injector
port: 443
targetPort: 8443
Expand Down

0 comments on commit 1da8285

Please sign in to comment.