diff --git a/charts/connect/README.md b/charts/connect/README.md index 7255390..f46ea61 100644 --- a/charts/connect/README.md +++ b/charts/connect/README.md @@ -73,6 +73,7 @@ helm install --set connect.applicationName=connect connect ./connect | connect.dataVolume.type | string | `"emptyDir"` | The type of the shared volume used between 1Password Connect Containers | | connect.dataVolume.values | object | `{}` | Desribes the fields and values for configuration of shared volume for 1Password Connect | | connect.imagePullPolicy | string | `"IfNotPresent"` | The 1Password Connect API image pull policy | +| connect.imagePullSecrets | array | `[]` | List of secret names to use as image pull secrets. Secrets must exist in the same namespace. | | connect.ingress.annotations | object | `{}` | The 1Password Connect Ingress Annotations | | connect.ingress.enabled | bool | `false` | The boolean value to enable/disable the 1Password Connect | | connect.ingress.extraPaths | list | `[]` | Additional Ingress Paths | @@ -105,6 +106,7 @@ helm install --set connect.applicationName=connect connect ./connect | operator.autoRestart | boolean | `false` | Denotes whether the 1Password Operator will automatically restart deployments based on associated updated secrets. | | operator.create | boolean | `false` | Denotes whether the 1Password Operator will be deployed | | operator.imagePullPolicy | string | `"IfNotPresent"` | The 1Password Operator image pull policy | +| operator.imagePullSecrets | array | `[]` | List of secret names to use as image pull secrets. Secrets must exist in the same namespace. | | operator.imageRepository | string | `"1password/onepassword-operator"` | The 1Password Operator repository | | operator.nodeSelector | object | `{}` | [Node selector](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector) stanza for the operator pod | | operator.annotations | object | `{}` | Additional annotations to be added to the Operator deployment resource. | diff --git a/charts/connect/templates/connect-deployment.yaml b/charts/connect/templates/connect-deployment.yaml index 584b6c2..b78b172 100644 --- a/charts/connect/templates/connect-deployment.yaml +++ b/charts/connect/templates/connect-deployment.yaml @@ -33,10 +33,10 @@ spec: {{- toYaml . | nindent 8 }} {{- end }} spec: -{{- with .Values.connect.nodeSelector }} + {{- with .Values.connect.nodeSelector }} nodeSelector: -{{ toYaml . | indent 8 }} -{{- end }} + {{ toYaml . | indent 8 }} + {{- end }} {{- if .Values.connect.priorityClassName }} priorityClassName: {{ .Values.connect.priorityClassName }} {{- end }} @@ -52,7 +52,7 @@ spec: secretName: {{ .Values.connect.tls.secret }} {{- end }} tolerations: -{{ toYaml .Values.connect.tolerations | indent 8 }} + {{ toYaml .Values.connect.tolerations | indent 8 }} containers: - name: {{ .Values.connect.api.name }} image: {{ .Values.connect.api.imageRepository }}:{{ tpl .Values.connect.version . }} @@ -87,7 +87,7 @@ spec: - name: OP_LOG_LEVEL value: "{{ .Values.connect.api.logLevel }}" {{- include "onepassword-connect.profilerConfig" . | indent 12 -}} - {{- range .Values.connect.customEnvVars}} + {{- range .Values.connect.customEnvVars }} - name: {{ .name }} value: {{ .value }} {{- end }} @@ -169,4 +169,10 @@ spec: mountPath: /data subPath: profiler {{- end }} + {{- with .Values.connect.imagePullSecrets }} + imagePullSecrets: + {{- range . }} + - name: {{ . | quote }} + {{- end }} + {{- end }} {{- end }} diff --git a/charts/connect/templates/operator-deployment.yaml b/charts/connect/templates/operator-deployment.yaml index b5b4f4d..5584f0c 100644 --- a/charts/connect/templates/operator-deployment.yaml +++ b/charts/connect/templates/operator-deployment.yaml @@ -53,8 +53,8 @@ spec: capabilities: drop: - all - command: ["/manager"] - args: [--zap-log-level={{ .Values.operator.logLevel }}] + command: [ "/manager" ] + args: [ --zap-log-level={{ .Values.operator.logLevel }}] env: - name: WATCH_NAMESPACE value: {{ default "" (tpl (include "helm-toolkit.utils.joinListWithComma" .Values.operator.watchNamespace) .) }} @@ -81,4 +81,10 @@ spec: {{- end }} resources: {{- toYaml .Values.operator.resources | nindent 12 }} + {{- with .Values.operator.imagePullSecrets }} + imagePullSecrets: + {{- range . }} + - name: {{ . | quote }} + {{- end }} + {{- end }} {{- end }} diff --git a/charts/connect/values.yaml b/charts/connect/values.yaml index ca6ba39..5f53a4f 100644 --- a/charts/connect/values.yaml +++ b/charts/connect/values.yaml @@ -91,6 +91,9 @@ connect: # The 1Password Connect API repository imagePullPolicy: IfNotPresent + # List of secret names to use as image pull secrets. Secrets must exist in the same namespace. + imagePullSecrets: [] + # The 1Password Connect version to pull version: "{{ .Chart.AppVersion }}" @@ -212,6 +215,9 @@ operator: # The 1Password Operator image pull policy imagePullPolicy: IfNotPresent + # List of secret names to use as image pull secrets. Secrets must exist in the same namespace. + imagePullSecrets: [] + # The 1Password Operator repository imageRepository: 1password/onepassword-operator diff --git a/charts/secrets-injector/README.md b/charts/secrets-injector/README.md index 0adc18a..1f7ffee 100644 --- a/charts/secrets-injector/README.md +++ b/charts/secrets-injector/README.md @@ -30,15 +30,16 @@ $ helm install --set injector.applicationName=injector injector ./secrets-inject ### Values -| Key | Type | Default | Description | -| ------------------------ | ------- | ----------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------- | -| injector.applicationName | string | `"secrets-injector"` | The name of 1Password Kubernetes Secrets Injector Application | -| injector.imagePullPolicy | string | `"IfNotPresent"` | The 1Password Secrets Injector docker image policy. `"IfNotPresent"` means the image is pulled only if it is not already present locally. | -| injector.imageRepository | string | `"1password/kubernetes-secrets-injector"` | The 1Password Secrets Injector docker image repository | -| injector.port | string | `443` | The port the Secrets Injector exposes | -| injector.targetPort | integer | `8443` | The port the Secrets Injector API sends requests to the pod | -| injector.version | string | `{{.Chart.AppVersion}}` | The 1Password Secrets Injector version to pull. | -| injector.customEnvVars | array | `[]` | Custom Environment Variables for the 1Password Secrets Injector container that are not specified in this helm chart. | +| Key | Type | Default | Description | +|---------------------------|---------|-------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------| +| injector.applicationName | string | `"secrets-injector"` | The name of 1Password Kubernetes Secrets Injector Application | +| injector.imagePullPolicy | string | `"IfNotPresent"` | The 1Password Secrets Injector docker image policy. `"IfNotPresent"` means the image is pulled only if it is not already present locally. | +| injector.imagePullSecrets | array | `[]` | Global list of secret names to use as image pull secrets for all pod specs in the chart. Secrets must exist in the same namespace | +| injector.imageRepository | string | `"1password/kubernetes-secrets-injector"` | The 1Password Secrets Injector docker image repository | +| injector.port | string | `443` | The port the Secrets Injector exposes | +| injector.targetPort | integer | `8443` | The port the Secrets Injector API sends requests to the pod | +| injector.version | string | `{{.Chart.AppVersion}}` | The 1Password Secrets Injector version to pull. | +| injector.customEnvVars | array | `[]` | Custom Environment Variables for the 1Password Secrets Injector container that are not specified in this helm chart. | #### Custom Environment Variables diff --git a/charts/secrets-injector/templates/deployment.yaml b/charts/secrets-injector/templates/deployment.yaml index 0228858..16410be 100644 --- a/charts/secrets-injector/templates/deployment.yaml +++ b/charts/secrets-injector/templates/deployment.yaml @@ -35,8 +35,14 @@ spec: {{- range .Values.injector.customEnvVars}} - name: {{ .name }} value: {{ .value }} - {{- end }} + {{- end }} lifecycle: preStop: exec: command: [ "/bin/sh", "-c", "/prestop.sh" ] + {{- with .Values.injector.imagePullSecrets }} + imagePullSecrets: + {{- range . }} + - name: {{ . | quote }} + {{- end }} + {{- end }} diff --git a/charts/secrets-injector/values.yaml b/charts/secrets-injector/values.yaml index 79465c9..6b5fbae 100644 --- a/charts/secrets-injector/values.yaml +++ b/charts/secrets-injector/values.yaml @@ -1,6 +1,7 @@ injector: applicationName: secrets-injector imagePullPolicy: IfNotPresent + imagePullSecrets: [] imageRepository: 1password/kubernetes-secrets-injector port: 443 targetPort: 8443