openstack/openstack-helm-infra
Code Issues Proposed changes

support image registries with authentication

Browse Source 
Based on spec in openstack-helm repo,
support-OCI-image-registry-with-authentication-turned-on.rst

Each Helm chart can configure an OCI image registry and
credentials to use. A Kubernetes secret is then created with these
info. Service Accounts then specify an imagePullSecret specifying
the Secret with creds for the registry. Then any pod using one
of these ServiceAccounts may pull images from an authenticated
container registry.

Change-Id: Iebda4c7a861aa13db921328776b20c14ba346269
This commit is contained in:
Brian Haley 2022-06-29 10:48:52 -04:00 committed by Dustin Specker
parent 381d066f01
commit f31cfb2ef9
189 changed files with 1856 additions and 47 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
calico/Chart.yaml
View File

@ -15,7 +15,7 @@ apiVersion: v1
appVersion: v3.4.0 appVersion: v3.4.0
description: OpenStack-Helm Calico description: OpenStack-Helm Calico
name: calico name: calico
version: 0.1.4 version: 0.1.5
home: https://github.com/projectcalico/calico home: https://github.com/projectcalico/calico
icon: https://camo.githubusercontent.com/64c8b5ed6ac97553ae367348e8a59a24e2ed5bdc/687474703a2f2f646f63732e70726f6a65637463616c69636f2e6f72672f696d616765732f66656c69782e706e67 icon: https://camo.githubusercontent.com/64c8b5ed6ac97553ae367348e8a59a24e2ed5bdc/687474703a2f2f646f63732e70726f6a65637463616c69636f2e6f72672f696d616765732f66656c69782e706e67
sources: sources:

17
calico/templates/secret-registry.yaml Normal file
View File

@ -0,0 +1,17 @@
{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }}
{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }}
{{- end }}

20
calico/values.yaml
View File

@ -166,6 +166,10 @@ dependencies:
- endpoint: internal - endpoint: internal
service: local_image_registry service: local_image_registry
secrets:
oci_image_registry:
calico: calico-oci-image-registry
endpoints: endpoints:
cluster_domain_suffix: cluster.local cluster_domain_suffix: cluster.local
local_image_registry: local_image_registry:
@ -180,6 +184,21 @@ endpoints:
port: port:
registry: registry:
node: 5000 node: 5000
oci_image_registry:
name: oci-image-registry
namespace: oci-image-registry
auth:
enabled: false
calico:
username: calico
password: password
hosts:
default: localhost
host_fqdn_override:
default: null
port:
registry:
default: null
etcd: etcd:
auth: auth:
client: client:
@ -572,4 +591,5 @@ manifests:
job_calico_settings: true job_calico_settings: true
service_calico_etcd: true service_calico_etcd: true
secret_certificates: true secret_certificates: true
secret_registry: true
... ...

2
ceph-client/Chart.yaml
View File

@ -15,6 +15,6 @@ apiVersion: v1
appVersion: v1.0.0 appVersion: v1.0.0
description: OpenStack-Helm Ceph Client description: OpenStack-Helm Ceph Client
name: ceph-client name: ceph-client
version: 0.1.36 version: 0.1.37
home: https://github.com/ceph/ceph-client home: https://github.com/ceph/ceph-client
... ...

17
ceph-client/templates/secret-registry.yaml Normal file
View File

@ -0,0 +1,17 @@
{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }}
{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }}
{{- end }}

18
ceph-client/values.yaml
View File

@ -188,6 +188,8 @@ secrets:
rgw: ceph-bootstrap-rgw-keyring rgw: ceph-bootstrap-rgw-keyring
mgr: ceph-bootstrap-mgr-keyring mgr: ceph-bootstrap-mgr-keyring
admin: ceph-client-admin-keyring admin: ceph-client-admin-keyring
oci_image_registry:
ceph-client: ceph-client-oci-image-registry
network: network:
public: 192.168.0.0/16 public: 192.168.0.0/16
@ -517,6 +519,21 @@ endpoints:
port: port:
registry: registry:
node: 5000 node: 5000
oci_image_registry:
name: oci-image-registry
namespace: oci-image-registry
auth:
enabled: false
ceph-client:
username: ceph-client
password: password
hosts:
default: localhost
host_fqdn_override:
default: null
port:
registry:
default: null
ceph_mon: ceph_mon:
namespace: null namespace: null
hosts: hosts:
@ -564,4 +581,5 @@ manifests:
helm_tests: true helm_tests: true
cronjob_checkPGs: true cronjob_checkPGs: true
cronjob_defragosds: true cronjob_defragosds: true
secret_registry: true
... ...

2
ceph-mon/Chart.yaml
View File

@ -15,6 +15,6 @@ apiVersion: v1
appVersion: v1.0.0 appVersion: v1.0.0
description: OpenStack-Helm Ceph Mon description: OpenStack-Helm Ceph Mon
name: ceph-mon name: ceph-mon
version: 0.1.25 version: 0.1.26
home: https://github.com/ceph/ceph home: https://github.com/ceph/ceph
... ...

17
ceph-mon/templates/secret-registry.yaml Normal file
View File

@ -0,0 +1,17 @@
{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }}
{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }}
{{- end }}

18
ceph-mon/values.yaml
View File

@ -215,6 +215,8 @@ secrets:
osd: ceph-bootstrap-osd-keyring osd: ceph-bootstrap-osd-keyring
mgr: ceph-bootstrap-mgr-keyring mgr: ceph-bootstrap-mgr-keyring
admin: ceph-client-admin-keyring admin: ceph-client-admin-keyring
oci_image_registry:
ceph-mon: ceph-mon-oci-image-registry-key
network: network:
public: 192.168.0.0/16 public: 192.168.0.0/16
@ -424,6 +426,21 @@ endpoints:
port: port:
registry: registry:
node: 5000 node: 5000
oci_image_registry:
name: oci-image-registry
namespace: oci-image-registry
auth:
enabled: false
ceph-mon:
username: ceph-mon
password: password
hosts:
default: localhost
host_fqdn_override:
default: null
port:
registry:
default: null
ceph_mon: ceph_mon:
namespace: null namespace: null
hosts: hosts:
@ -473,4 +490,5 @@ manifests:
service_mgr: true service_mgr: true
service_mon_discovery: true service_mon_discovery: true
job_storage_admin_keys: true job_storage_admin_keys: true
secret_registry: true
... ...

2
ceph-osd/Chart.yaml
View File

@ -15,6 +15,6 @@ apiVersion: v1
appVersion: v1.0.0 appVersion: v1.0.0
description: OpenStack-Helm Ceph OSD description: OpenStack-Helm Ceph OSD
name: ceph-osd name: ceph-osd
version: 0.1.41 version: 0.1.42
home: https://github.com/ceph/ceph home: https://github.com/ceph/ceph
... ...

17
ceph-osd/templates/secret-registry.yaml Normal file
View File

@ -0,0 +1,17 @@
{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }}
{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }}
{{- end }}

18
ceph-osd/values.yaml
View File

@ -142,6 +142,8 @@ secrets:
keyrings: keyrings:
osd: ceph-bootstrap-osd-keyring osd: ceph-bootstrap-osd-keyring
admin: ceph-client-admin-keyring admin: ceph-client-admin-keyring
oci_image_registry:
ceph-osd: ceph-osh-oci-image-registry-key
network: network:
public: 192.168.0.0/16 public: 192.168.0.0/16
@ -373,6 +375,21 @@ endpoints:
port: port:
registry: registry:
node: 5000 node: 5000
oci_image_registry:
name: oci-image-registry
namespace: oci-image-registry
auth:
enabled: false
ceph-osd:
username: ceph-osd
password: password
hosts:
default: localhost
host_fqdn_override:
default: null
port:
registry:
default: null
ceph_mon: ceph_mon:
namespace: null namespace: null
hosts: hosts:
@ -395,4 +412,5 @@ manifests:
job_post_apply: true job_post_apply: true
job_image_repo_sync: true job_image_repo_sync: true
helm_tests: true helm_tests: true
secret_registry: true
... ...

2
ceph-provisioners/Chart.yaml
View File

@ -15,6 +15,6 @@ apiVersion: v1
appVersion: v1.0.0 appVersion: v1.0.0
description: OpenStack-Helm Ceph Provisioner description: OpenStack-Helm Ceph Provisioner
name: ceph-provisioners name: ceph-provisioners
version: 0.1.20 version: 0.1.21
home: https://github.com/ceph/ceph home: https://github.com/ceph/ceph
... ...

17
ceph-provisioners/templates/secret-registry.yaml Normal file
View File

@ -0,0 +1,17 @@
{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }}
{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }}
{{- end }}

18
ceph-provisioners/values.yaml
View File

@ -277,6 +277,8 @@ secrets:
keyrings: keyrings:
admin: ceph-client-admin-keyring admin: ceph-client-admin-keyring
prov_adminSecretName: pvc-ceph-conf-combined-storageclass prov_adminSecretName: pvc-ceph-conf-combined-storageclass
oci_image_registry:
ceph-provisioners: ceph-provisioners-oci-image-registry-key
network: network:
public: 192.168.0.0/16 public: 192.168.0.0/16
@ -431,6 +433,21 @@ endpoints:
port: port:
registry: registry:
node: 5000 node: 5000
oci_image_registry:
name: oci-image-registry
namespace: oci-image-registry
auth:
enabled: false
ceph-provisioners:
username: ceph-provisioners
password: password
hosts:
default: localhost
host_fqdn_override:
default: null
port:
registry:
default: null
ceph_mon: ceph_mon:
namespace: null namespace: null
hosts: hosts:
@ -462,4 +479,5 @@ manifests:
job_namespace_client_ceph_config: true job_namespace_client_ceph_config: true
storageclass: true storageclass: true
helm_tests: true helm_tests: true
secret_registry: true
... ...

2
ceph-rgw/Chart.yaml
View File

@ -15,6 +15,6 @@ apiVersion: v1
appVersion: v1.0.0 appVersion: v1.0.0
description: OpenStack-Helm Ceph RadosGW description: OpenStack-Helm Ceph RadosGW
name: ceph-rgw name: ceph-rgw
version: 0.1.22 version: 0.1.23
home: https://github.com/ceph/ceph home: https://github.com/ceph/ceph
... ...

17
ceph-rgw/templates/secret-registry.yaml Normal file
View File

@ -0,0 +1,17 @@
{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }}
{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }}
{{- end }}

18
ceph-rgw/values.yaml
View File

@ -259,6 +259,8 @@ secrets:
admin: ceph-keystone-admin admin: ceph-keystone-admin
swift: ceph-keystone-user swift: ceph-keystone-user
user_rgw: ceph-keystone-user-rgw user_rgw: ceph-keystone-user-rgw
oci_image_registry:
ceph-rgw: ceph-rgw-oci-image-registry-key
rgw_s3: rgw_s3:
admin: radosgw-s3-admin-creds admin: radosgw-s3-admin-creds
tls: tls:
@ -548,6 +550,21 @@ endpoints:
port: port:
registry: registry:
node: 5000 node: 5000
oci_image_registry:
name: oci-image-registry
namespace: oci-image-registry
auth:
enabled: false
ceph-rgw:
username: ceph-rgw
password: password
hosts:
default: localhost
host_fqdn_override:
default: null
port:
registry:
default: null
identity: identity:
name: keystone name: keystone
namespace: null namespace: null
@ -682,6 +699,7 @@ manifests:
secret_keystone_rgw: true secret_keystone_rgw: true
secret_ingress_tls: true secret_ingress_tls: true
secret_keystone: true secret_keystone: true
secret_registry: true
service_ingress_rgw: true service_ingress_rgw: true
service_rgw: true service_rgw: true
helm_tests: true helm_tests: true

2
cert-rotation/Chart.yaml
View File

@ -16,5 +16,5 @@ appVersion: "1.0"
description: Rotate the certificates generated by cert-manager description: Rotate the certificates generated by cert-manager
home: https://cert-manager.io/ home: https://cert-manager.io/
name: cert-rotation name: cert-rotation
version: 0.1.5 version: 0.1.6
... ...

17
cert-rotation/templates/secret-registry.yaml Normal file
View File

@ -0,0 +1,17 @@
{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }}
{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }}
{{- end }}

21
cert-rotation/values.yaml
View File

@ -54,8 +54,29 @@ pod:
dependencies: dependencies:
static: static:
cert_rotate: null cert_rotate: null
secrets:
oci_image_registry:
cert-rotation: cert-rotation-oci-image-registry-key
endpoints:
cluster_domain_suffix: cluster.local
oci_image_registry:
name: oci-image-registry
namespace: oci-image-registry
auth:
enabled: false
cert-rotation:
username: cert-rotation
password: password
hosts:
default: localhost
host_fqdn_override:
default: null
port:
registry:
default: null
manifests: manifests:
configmap_bin: true configmap_bin: true
cron_job_cert_rotate: false cron_job_cert_rotate: false
job_cert_rotate: false job_cert_rotate: false
secret_registry: true
... ...

2
daemonjob-controller/Chart.yaml
View File

@ -15,6 +15,6 @@ apiVersion: v1
appVersion: v1.0.0 appVersion: v1.0.0
description: A Helm chart for DaemonjobController description: A Helm chart for DaemonjobController
name: daemonjob-controller name: daemonjob-controller
version: 0.1.5 version: 0.1.6
home: https://opendev.org/openstack home: https://opendev.org/openstack
... ...

17
daemonjob-controller/templates/secret-registry.yaml Normal file
View File

@ -0,0 +1,17 @@
{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }}
{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }}
{{- end }}

19
daemonjob-controller/values.yaml
View File

@ -67,6 +67,9 @@ pod:
controller: controller:
runAsUser: 0 runAsUser: 0
readOnlyRootFilesystem: true readOnlyRootFilesystem: true
secrets:
oci_image_registry:
daemonjob-controller: daemonjob-controller-oci-image-registry-key
endpoints: endpoints:
cluster_domain_suffix: cluster.local cluster_domain_suffix: cluster.local
local_image_registry: local_image_registry:
@ -81,6 +84,21 @@ endpoints:
port: port:
registry: registry:
node: 5000 node: 5000
oci_image_registry:
name: oci-image-registry
namespace: oci-image-registry
auth:
enabled: false
daemonjob-controller:
username: daemonjob-controller
password: password
hosts:
default: localhost
host_fqdn_override:
default: null
port:
registry:
default: null
daemonjob_controller: daemonjob_controller:
hosts: hosts:
default: daemonjob-controller default: daemonjob-controller
@ -112,5 +130,6 @@ manifests:
crds_create: true crds_create: true
job_image_repo_sync: true job_image_repo_sync: true
configmap_bin: true configmap_bin: true
secret_registry: true
service: true service: true
... ...

2
elastic-apm-server/Chart.yaml
View File

@ -15,7 +15,7 @@ apiVersion: v1
appVersion: v6.2.3 appVersion: v6.2.3
description: OpenStack-Helm Elastic APM Server description: OpenStack-Helm Elastic APM Server
name: elastic-apm-server name: elastic-apm-server
version: 0.1.3 version: 0.1.4
home: https://www.elastic.co/guide/en/apm/get-started/current/index.html home: https://www.elastic.co/guide/en/apm/get-started/current/index.html
sources: sources:
- https://github.com/elastic/apm-server - https://github.com/elastic/apm-server

17
elastic-apm-server/templates/secret-registry.yaml Normal file
View File

@ -0,0 +1,17 @@
{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }}
{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }}
{{- end }}

18
elastic-apm-server/values.yaml
View File

@ -40,6 +40,8 @@ images:
secrets: secrets:
elasticsearch: elasticsearch:
user: elastic-apm-server-elasticsearch-user user: elastic-apm-server-elasticsearch-user
oci_image_registry:
elastic-apm-server: elastic-apm-server-oci-image-registry
dependencies: dependencies:
dynamic: dynamic:
@ -84,6 +86,21 @@ endpoints:
port: port:
registry: registry:
node: 5000 node: 5000
oci_image_registry:
name: oci-image-registry
namespace: oci-image-registry
auth:
enabled: false
elastic-apm-server:
username: elastic-apm-server
password: password
hosts:
default: localhost
host_fqdn_override:
default: null
port:
registry:
default: null
elasticsearch: elasticsearch:
namespace: null namespace: null
name: elasticsearch name: elasticsearch
@ -163,4 +180,5 @@ manifests:
service: true service: true
job_image_repo_sync: true job_image_repo_sync: true
secret_elasticsearch: true secret_elasticsearch: true
secret_registry: true
... ...

2
elastic-filebeat/Chart.yaml
View File

@ -15,7 +15,7 @@ apiVersion: v1
appVersion: v7.1.0 appVersion: v7.1.0
description: OpenStack-Helm Elastic Filebeat description: OpenStack-Helm Elastic Filebeat
name: elastic-filebeat name: elastic-filebeat
version: 0.1.3 version: 0.1.4
home: https://www.elastic.co/products/beats/filebeat home: https://www.elastic.co/products/beats/filebeat
sources: sources:
- https://github.com/elastic/beats/tree/master/filebeat - https://github.com/elastic/beats/tree/master/filebeat

17
elastic-filebeat/templates/secret-registry.yaml Normal file
View File

@ -0,0 +1,17 @@
{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }}
{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }}
{{- end }}

18
elastic-filebeat/values.yaml
View File

@ -40,6 +40,8 @@ images:
secrets: secrets:
elasticsearch: elasticsearch:
user: filebeat-elasticsearch-user user: filebeat-elasticsearch-user
oci_image_registry:
elastic-filebeat: elastic-filebeat-oci-image-registry-key
dependencies: dependencies:
dynamic: dynamic:
@ -167,6 +169,21 @@ endpoints:
port: port:
registry: registry:
node: 5000 node: 5000
oci_image_registry:
name: oci-image-registry
namespace: oci-image-registry
auth:
enabled: false
elastic-filebeat:
username: elastic-filebeat
password: password
hosts:
default: localhost
host_fqdn_override:
default: null
port:
registry:
default: null
elasticsearch: elasticsearch:
namespace: null namespace: null
name: elasticsearch name: elasticsearch
@ -264,4 +281,5 @@ manifests:
daemonset: true daemonset: true
job_image_repo_sync: true job_image_repo_sync: true
secret_elasticsearch: true secret_elasticsearch: true
secret_registry: true
... ...

2
elastic-metricbeat/Chart.yaml
View File

@ -15,7 +15,7 @@ apiVersion: v1
appVersion: v7.1.0 appVersion: v7.1.0
description: OpenStack-Helm Elastic Metricbeat description: OpenStack-Helm Elastic Metricbeat
name: elastic-metricbeat name: elastic-metricbeat
version: 0.1.4 version: 0.1.5
home: https://www.elastic.co/products/beats/metricbeat home: https://www.elastic.co/products/beats/metricbeat
sources: sources:
- https://github.com/elastic/beats/tree/master/metricbeat - https://github.com/elastic/beats/tree/master/metricbeat

17
elastic-metricbeat/templates/secret-registry.yaml Normal file
View File

@ -0,0 +1,17 @@
{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }}
{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }}
{{- end }}

18
elastic-metricbeat/values.yaml
View File

@ -40,6 +40,8 @@ images:
secrets: secrets:
elasticsearch: elasticsearch:
user: metricbeat-elasticsearch-user user: metricbeat-elasticsearch-user
oci_image_registry:
elastic-metricbeat: elastic-metricbeat-oci-image-registry-key
dependencies: dependencies:
dynamic: dynamic:
@ -163,6 +165,21 @@ endpoints:
port: port:
registry: registry:
node: 5000 node: 5000
oci_image_registry:
name: oci-image-registry
namespace: oci-image-registry
auth:
enabled: false
elastic-metricbeat:
username: elastic-metricbeat
password: password
hosts:
default: localhost
host_fqdn_override:
default: null
port:
registry:
default: null
kube_state_metrics: kube_state_metrics:
namespace: null namespace: null
hosts: hosts:
@ -263,4 +280,5 @@ manifests:
deployment: true deployment: true
job_image_repo_sync: true job_image_repo_sync: true
secret_elasticsearch: true secret_elasticsearch: true
secret_registry: true
... ...

2
elastic-packetbeat/Chart.yaml
View File

@ -15,7 +15,7 @@ apiVersion: v1
appVersion: v7.1.0 appVersion: v7.1.0
description: OpenStack-Helm Elastic Packetbeat description: OpenStack-Helm Elastic Packetbeat
name: elastic-packetbeat name: elastic-packetbeat
version: 0.1.3 version: 0.1.4
home: https://www.elastic.co/products/beats/packetbeat home: https://www.elastic.co/products/beats/packetbeat
sources: sources:
- https://github.com/elastic/beats/tree/master/packetbeat - https://github.com/elastic/beats/tree/master/packetbeat

17
elastic-packetbeat/templates/secret-registry.yaml Normal file
View File

@ -0,0 +1,17 @@
{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }}
{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }}
{{- end }}

18
elastic-packetbeat/values.yaml
View File

@ -40,6 +40,8 @@ images:
secrets: secrets:
elasticsearch: elasticsearch:
user: packetbeat-elasticsearch-user user: packetbeat-elasticsearch-user
oci_image_registry:
elastic-packetbeat: elastic-packetbeat-oci-image-registry-key
dependencies: dependencies:
dynamic: dynamic:
@ -106,6 +108,21 @@ endpoints:
port: port:
registry: registry:
node: 5000 node: 5000
oci_image_registry:
name: oci-image-registry
namespace: oci-image-registry
auth:
enabled: false
elastic-packetbeat:
username: elastic-packetbeat
password: password
hosts:
default: localhost
host_fqdn_override:
default: null
port:
registry:
default: null
elasticsearch: elasticsearch:
name: elasticsearch name: elasticsearch
namespace: null namespace: null
@ -182,4 +199,5 @@ manifests:
daemonset: true daemonset: true
job_image_repo_sync: true job_image_repo_sync: true
secret_elasticsearch: true secret_elasticsearch: true
secret_registry: true
... ...

2
elasticsearch/Chart.yaml
View File

@ -15,7 +15,7 @@ apiVersion: v1
appVersion: v7.6.2 appVersion: v7.6.2
description: OpenStack-Helm ElasticSearch description: OpenStack-Helm ElasticSearch
name: elasticsearch name: elasticsearch
version: 0.2.20 version: 0.2.21
home: https://www.elastic.co/ home: https://www.elastic.co/
sources: sources:
- https://github.com/elastic/elasticsearch - https://github.com/elastic/elasticsearch

17
elasticsearch/templates/secret-registry.yaml Normal file
View File

@ -0,0 +1,17 @@
{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }}
{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }}
{{- end }}

18
elasticsearch/values.yaml
View File

@ -422,6 +422,8 @@ secrets:
elasticsearch: elasticsearch-s3-user-creds elasticsearch: elasticsearch-s3-user-creds
elasticsearch: elasticsearch:
user: elasticsearch-user-secrets user: elasticsearch-user-secrets
oci_image_registry:
elasticsearch: elasticsearch-oci-image-registry-key
tls: tls:
elasticsearch: elasticsearch:
elasticsearch: elasticsearch:
@ -775,6 +777,21 @@ endpoints:
port: port:
registry: registry:
node: 5000 node: 5000
oci_image_registry:
name: oci-image-registry
namespace: oci-image-registry
auth:
enabled: false
elasticsearch:
username: elasticsearch
password: password
hosts:
default: localhost
host_fqdn_override:
default: null
port:
registry:
default: null
elasticsearch: elasticsearch:
name: elasticsearch name: elasticsearch
namespace: null namespace: null
@ -960,6 +977,7 @@ manifests:
service_exporter: true service_exporter: true
network_policy: false network_policy: false
secret_ingress_tls: true secret_ingress_tls: true
secret_registry: true
service_data: true service_data: true
service_discovery: true service_discovery: true
service_ingress: true service_ingress: true

2
etcd/Chart.yaml
View File

@ -15,7 +15,7 @@ apiVersion: v1
appVersion: v3.4.3 appVersion: v3.4.3
description: OpenStack-Helm etcd description: OpenStack-Helm etcd
name: etcd name: etcd
version: 0.1.4 version: 0.1.5
home: https://coreos.com/etcd/ home: https://coreos.com/etcd/
icon: https://raw.githubusercontent.com/CloudCoreo/etcd-cluster/master/images/icon.png icon: https://raw.githubusercontent.com/CloudCoreo/etcd-cluster/master/images/icon.png
sources: sources:

17
etcd/templates/secret-registry.yaml Normal file
View File

@ -0,0 +1,17 @@
{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }}
{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }}
{{- end }}

20
etcd/values.yaml
View File

@ -92,6 +92,10 @@ pod:
memory: "1024Mi" memory: "1024Mi"
cpu: "2000m" cpu: "2000m"
secrets:
oci_image_registry:
etcd: etcd-oci-image-registry-key
endpoints: endpoints:
cluster_domain_suffix: cluster.local cluster_domain_suffix: cluster.local
local_image_registry: local_image_registry:
@ -106,6 +110,21 @@ endpoints:
port: port:
registry: registry:
node: 5000 node: 5000
oci_image_registry:
name: oci-image-registry
namespace: oci-image-registry
auth:
enabled: false
etcd:
username: etcd
password: password
hosts:
default: localhost
host_fqdn_override:
default: null
port:
registry:
default: null
etcd: etcd:
name: etcd name: etcd
hosts: hosts:
@ -124,5 +143,6 @@ manifests:
configmap_bin: true configmap_bin: true
deployment: true deployment: true
job_image_repo_sync: true job_image_repo_sync: true
secret_registry: true
service: true service: true
... ...

2
falco/Chart.yaml
View File

@ -13,7 +13,7 @@
--- ---
apiVersion: v1 apiVersion: v1
name: falco name: falco
version: 0.1.6 version: 0.1.7
appVersion: 0.11.1 appVersion: 0.11.1
description: Sysdig Falco description: Sysdig Falco
keywords: keywords:

17
falco/templates/secret-registry.yaml Normal file
View File

@ -0,0 +1,17 @@
{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }}
{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }}
{{- end }}

22
falco/values.yaml
View File

@ -23,6 +23,27 @@ images:
- dep_check - dep_check
- image_repo_sync - image_repo_sync
secrets:
oci_image_registry:
falco: falco-oci-image-registry-key
endpoints:
cluster_domain_suffix: cluster.local
oci_image_registry:
name: oci-image-registry
namespace: oci-image-registry
auth:
enabled: false
falco:
username: falco
password: password
hosts:
default: localhost
host_fqdn_override:
default: null
port:
registry:
default: null
pod: pod:
resources: resources:
@ -1361,4 +1382,5 @@ manifests:
configmap_etc: true configmap_etc: true
configmap_custom_rules: false configmap_custom_rules: false
configmap_bin: true configmap_bin: true
secret_registry: true
... ...

2
flannel/Chart.yaml
View File

@ -15,7 +15,7 @@ apiVersion: v1
appVersion: v0.8.0 appVersion: v0.8.0
description: OpenStack-Helm BootStrap Flannel description: OpenStack-Helm BootStrap Flannel
name: flannel name: flannel
version: 0.1.3 version: 0.1.4
home: https://github.com/coreos/flannel home: https://github.com/coreos/flannel
icon: https://raw.githubusercontent.com/coreos/flannel/master/logos/flannel-horizontal-color.png icon: https://raw.githubusercontent.com/coreos/flannel/master/logos/flannel-horizontal-color.png
sources: sources:

17
flannel/templates/secret-registry.yaml Normal file
View File

@ -0,0 +1,17 @@
{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }}
{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }}
{{- end }}

20
flannel/values.yaml
View File

@ -63,6 +63,10 @@ dependencies:
- endpoint: internal - endpoint: internal
service: local_image_registry service: local_image_registry
secrets:
oci_image_registry:
flannel: flannel-oci-image-registry-key
endpoints: endpoints:
cluster_domain_suffix: cluster.local cluster_domain_suffix: cluster.local
local_image_registry: local_image_registry:
@ -77,10 +81,26 @@ endpoints:
port: port:
registry: registry:
node: 5000 node: 5000
oci_image_registry:
name: oci-image-registry
namespace: oci-image-registry
auth:
enabled: false
flannel:
username: flannel
password: password
hosts:
default: localhost
host_fqdn_override:
default: null
port:
registry:
default: null
manifests: manifests:
configmap_bin: true configmap_bin: true
configmap_kube_flannel_cfg: true configmap_kube_flannel_cfg: true
daemonset_kube_flannel_ds: true daemonset_kube_flannel_ds: true
job_image_repo_sync: true job_image_repo_sync: true
secret_registry: true
... ...

2
fluentbit/Chart.yaml
View File

@ -15,7 +15,7 @@ apiVersion: v1
appVersion: v0.14.2 appVersion: v0.14.2
description: OpenStack-Helm Fluentbit description: OpenStack-Helm Fluentbit
name: fluentbit name: fluentbit
version: 0.1.3 version: 0.1.4
home: https://www.fluentbit.io/ home: https://www.fluentbit.io/
sources: sources:
- https://github.com/fluent/fluentbit - https://github.com/fluent/fluentbit

17
fluentbit/templates/secret-registry.yaml Normal file
View File

@ -0,0 +1,17 @@
{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }}
{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }}
{{- end }}

20
fluentbit/values.yaml
View File

@ -173,6 +173,10 @@ conf:
Time_Keep true Time_Keep true
Time_Key time Time_Key time
secrets:
oci_image_registry:
fluentbit: fluentbit-oci-image-registry-key
endpoints: endpoints:
cluster_domain_suffix: cluster.local cluster_domain_suffix: cluster.local
local_image_registry: local_image_registry:
@ -187,6 +191,21 @@ endpoints:
port: port:
registry: registry:
node: 5000 node: 5000
oci_image_registry:
name: oci-image-registry
namespace: oci-image-registry
auth:
enabled: false
fluentbit:
username: fluentbit
password: password
hosts:
default: localhost
host_fqdn_override:
default: null
port:
registry:
default: null
fluentd: fluentd:
namespace: null namespace: null
name: fluentd name: fluentd
@ -254,4 +273,5 @@ manifests:
configmap_etc: true configmap_etc: true
daemonset_fluentbit: true daemonset_fluentbit: true
job_image_repo_sync: true job_image_repo_sync: true
secret_registry: true
... ...

2
fluentd/Chart.yaml
View File

@ -15,7 +15,7 @@ apiVersion: v1
appVersion: v1.10.1 appVersion: v1.10.1
description: OpenStack-Helm Fluentd description: OpenStack-Helm Fluentd
name: fluentd name: fluentd
version: 0.1.7 version: 0.1.8
home: https://www.fluentd.org/ home: https://www.fluentd.org/
sources: sources:
- https://github.com/fluent/fluentd - https://github.com/fluent/fluentd

17
fluentd/templates/secret-registry.yaml Normal file
View File

@ -0,0 +1,17 @@
{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }}
{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }}
{{- end }}

21
fluentd/values.yaml
View File

@ -99,6 +99,11 @@ conf:
user "#{ENV['ELASTICSEARCH_USERNAME']}" user "#{ENV['ELASTICSEARCH_USERNAME']}"
</match> </match>
</label> </label>
secrets:
oci_image_registry:
fluentd: fluentd-oci-image-registry-key
endpoints: endpoints:
cluster_domain_suffix: cluster.local cluster_domain_suffix: cluster.local
local_image_registry: local_image_registry:
@ -113,6 +118,21 @@ endpoints:
port: port:
registry: registry:
node: 5000 node: 5000
oci_image_registry:
name: oci-image-registry
namespace: oci-image-registry
auth:
enabled: false
fluentd:
username: fluentd
password: password
hosts:
default: localhost
host_fqdn_override:
default: null
port:
registry:
default: null
elasticsearch: elasticsearch:
namespace: null namespace: null
name: elasticsearch name: elasticsearch
@ -255,5 +275,6 @@ manifests:
secret_elasticsearch: true secret_elasticsearch: true
secret_fluentd_env: true secret_fluentd_env: true
secret_kafka: false secret_kafka: false
secret_registry: true
service_fluentd: true service_fluentd: true
... ...

2
grafana/Chart.yaml
View File

@ -15,7 +15,7 @@ apiVersion: v1
appVersion: v7.4.5 appVersion: v7.4.5
description: OpenStack-Helm Grafana description: OpenStack-Helm Grafana
name: grafana name: grafana
version: 0.1.14 version: 0.1.15
home: https://grafana.com/ home: https://grafana.com/
sources: sources:
- https://github.com/grafana/grafana - https://github.com/grafana/grafana

17
grafana/templates/secret-registry.yaml Normal file
View File

@ -0,0 +1,17 @@
{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }}
{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }}
{{- end }}

18
grafana/values.yaml
View File

@ -196,6 +196,21 @@ endpoints:
port: port:
registry: registry:
node: 5000 node: 5000
oci_image_registry:
name: oci-image-registry
namespace: oci-image-registry
auth:
enabled: false
grafana:
username: grafana
password: password
hosts:
default: localhost
host_fqdn_override:
default: null
port:
registry:
default: null
oslo_db: oslo_db:
namespace: null namespace: null
auth: auth:
@ -370,6 +385,8 @@ network_policy:
- {} - {}
secrets: secrets:
oci_image_registry:
grafana: grafana-oci-image-registry-key
oslo_db: oslo_db:
admin: grafana-db-admin admin: grafana-db-admin
user: grafana-db-user user: grafana-db-user
@ -403,6 +420,7 @@ manifests:
secret_admin_creds: true secret_admin_creds: true
secret_ingress_tls: true secret_ingress_tls: true
secret_prom_creds: true secret_prom_creds: true
secret_registry: true
service: true service: true
service_ingress: true service_ingress: true

2
helm-toolkit/Chart.yaml
View File

@ -15,7 +15,7 @@ apiVersion: v1
appVersion: v1.0.0 appVersion: v1.0.0
description: OpenStack-Helm Helm-Toolkit description: OpenStack-Helm Helm-Toolkit
name: helm-toolkit name: helm-toolkit
version: 0.2.43 version: 0.2.44
home: https://docs.openstack.org/openstack-helm home: https://docs.openstack.org/openstack-helm
icon: https://www.openstack.org/themes/openstack/images/project-mascots/OpenStack-Helm/OpenStack_Project_OpenStackHelm_vertical.png icon: https://www.openstack.org/themes/openstack/images/project-mascots/OpenStack-Helm/OpenStack_Project_OpenStackHelm_vertical.png
sources: sources:

93
helm-toolkit/templates/manifests/_secret-registry.yaml.tpl Normal file
View File

@ -0,0 +1,93 @@
{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{/*
abstract: |
Creates a manifest for a authenticating a registry with a secret
examples:
- values: |
secrets:
oci_image_registry:
{{ $serviceName }}: {{ $keyName }}
endpoints:
oci_image_registry:
name: oci-image-registry
auth:
enabled: true
{{ $serviceName }}:
name: {{ $userName }}
password: {{ $password }}
usage: |
{{- include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) -}}
return: |
---
apiVersion: v1
kind: Secret
metadata:
name: {{ $secretName }}
type: kubernetes.io/dockerconfigjson
data:
dockerconfigjson: {{ $dockerAuth }}
- values: |
secrets:
oci_image_registry:
{{ $serviceName }}: {{ $keyName }}
endpoints:
oci_image_registry:
name: oci-image-registry
auth:
enabled: true
{{ $serviceName }}:
name: {{ $userName }}
password: {{ $password }}
usage: |
{{- include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) -}}
return: |
---
apiVersion: v1
kind: Secret
metadata:
name: {{ $secretName }}
type: kubernetes.io/dockerconfigjson
data:
dockerconfigjson: {{ $dockerAuth }}
*/}}
{{- define "helm-toolkit.manifests.secret_registry" }}
{{- $envAll := index . "envAll" }}
{{- $registryUser := index . "registryUser" }}
{{- $secretName := index $envAll.Values.secrets.oci_image_registry $registryUser }}
{{- $registryHost := tuple "oci_image_registry" "internal" $envAll | include "helm-toolkit.endpoints.endpoint_host_lookup" }}
{{/*
We only use "host:port" when port is non-null, else just use "host"
*/}}
{{- $registryPort := "" }}
{{- $port := $envAll.Values.endpoints.oci_image_registry.port.registry.default }}
{{- if $port }}
{{- $port = tuple "oci_image_registry" "internal" "registry" $envAll | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
{{- $registryPort = printf ":%s" $port }}
{{- end }}
{{- $imageCredentials := index $envAll.Values.endpoints.oci_image_registry.auth $registryUser }}
{{- $dockerAuthToken := printf "%s:%s" $imageCredentials.username $imageCredentials.password | b64enc }}
{{- $dockerAuth := printf "{\"auths\": {\"%s%s\": {\"auth\": \"%s\"}}}" $registryHost $registryPort $dockerAuthToken | b64enc }}
---
apiVersion: v1
kind: Secret
metadata:
name: {{ $secretName }}
type: kubernetes.io/dockerconfigjson
data:
.dockerconfigjson: {{ $dockerAuth }}
{{- end -}}

6
helm-toolkit/templates/snippets/_kubernetes_pod_rbac_serviceaccount.tpl
View File

@ -42,6 +42,12 @@ kind: ServiceAccount
metadata: metadata:
name: {{ $saName }} name: {{ $saName }}
namespace: {{ $saNamespace }} namespace: {{ $saNamespace }}
{{- if $envAll.Values.manifests.secret_registry }}
{{- if $envAll.Values.endpoints.oci_image_registry.auth.enabled }}
imagePullSecrets:
- name: {{ index $envAll.Values.secrets.oci_image_registry $envAll.Chart.Name }}
{{- end -}}
{{- end -}}
{{- range $k, $v := $deps -}} {{- range $k, $v := $deps -}}
{{- if eq $k "services" }} {{- if eq $k "services" }}
{{- range $serv := $v }} {{- range $serv := $v }}

2
ingress/Chart.yaml
View File

@ -15,7 +15,7 @@ apiVersion: v1
appVersion: v0.42.0 appVersion: v0.42.0
description: OpenStack-Helm Ingress Controller description: OpenStack-Helm Ingress Controller
name: ingress name: ingress
version: 0.2.8 version: 0.2.9
home: https://github.com/kubernetes/ingress home: https://github.com/kubernetes/ingress
sources: sources:
- https://github.com/kubernetes/ingress - https://github.com/kubernetes/ingress

17
ingress/templates/secret-registry.yaml Normal file
View File

@ -0,0 +1,17 @@
{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }}
{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }}
{{- end }}

18
ingress/values.yaml
View File

@ -204,6 +204,21 @@ endpoints:
port: port:
registry: registry:
node: 5000 node: 5000
oci_image_registry:
name: oci-image-registry
namespace: oci-image-registry
auth:
enabled: false
ingress:
username: ingress
password: password
hosts:
default: localhost
host_fqdn_override:
default: null
port:
registry:
default: null
ingress: ingress:
hosts: hosts:
default: ingress default: ingress
@ -270,6 +285,8 @@ network_policy:
- {} - {}
secrets: secrets:
oci_image_registry:
ingress: ingress-oci-image-registry-key
tls: tls:
ingress: ingress:
api: api:
@ -333,4 +350,5 @@ manifests:
prometheus: prometheus:
service_exporter: true service_exporter: true
network_policy: false network_policy: false
secret_registry: true
... ...

2
kibana/Chart.yaml
View File

@ -15,7 +15,7 @@ apiVersion: v1
appVersion: v7.1.0 appVersion: v7.1.0
description: OpenStack-Helm Kibana description: OpenStack-Helm Kibana
name: kibana name: kibana
version: 0.1.10 version: 0.1.11
home: https://www.elastic.co/products/kibana home: https://www.elastic.co/products/kibana
sources: sources:
- https://github.com/elastic/kibana - https://github.com/elastic/kibana

17
kibana/templates/secret-registry.yaml Normal file
View File

@ -0,0 +1,17 @@
{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }}
{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }}
{{- end }}

18
kibana/values.yaml
View File

@ -140,6 +140,8 @@ network_policy:
secrets: secrets:
elasticsearch: elasticsearch:
user: kibana-elasticsearch-user user: kibana-elasticsearch-user
oci_image_registry:
kibana: kibana-oci-image-registry-key
tls: tls:
kibana: kibana:
kibana: kibana:
@ -330,6 +332,21 @@ endpoints:
port: port:
registry: registry:
node: 5000 node: 5000
oci_image_registry:
name: oci-image-registry
namespace: oci-image-registry
auth:
enabled: false
kibana:
username: kibana
password: password
hosts:
default: localhost
host_fqdn_override:
default: null
port:
registry:
default: null
elasticsearch: elasticsearch:
name: elasticsearch name: elasticsearch
namespace: null namespace: null
@ -421,6 +438,7 @@ manifests:
network_policy: false network_policy: false
secret_elasticsearch: true secret_elasticsearch: true
secret_ingress_tls: true secret_ingress_tls: true
secret_registry: true
service: true service: true
service_ingress: true service_ingress: true
job_register_kibana_indexes: true job_register_kibana_indexes: true

2
kube-dns/Chart.yaml
View File

@ -15,7 +15,7 @@ apiVersion: v1
appVersion: v1.14.5 appVersion: v1.14.5
description: OpenStack-Helm Kube-DNS description: OpenStack-Helm Kube-DNS
name: kube-dns name: kube-dns
version: 0.1.4 version: 0.1.5
home: https://github.com/coreos/flannel home: https://github.com/coreos/flannel
icon: https://raw.githubusercontent.com/coreos/flannel/master/logos/flannel-horizontal-color.png icon: https://raw.githubusercontent.com/coreos/flannel/master/logos/flannel-horizontal-color.png
sources: sources:

17
kube-dns/templates/secret-registry.yaml Normal file
View File

@ -0,0 +1,17 @@
{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }}
{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }}
{{- end }}

6
kube-dns/templates/serviceaccount-kube-dns.yaml
View File

@ -22,4 +22,10 @@ metadata:
labels: labels:
kubernetes.io/cluster-service: "true" kubernetes.io/cluster-service: "true"
addonmanager.kubernetes.io/mode: Reconcile addonmanager.kubernetes.io/mode: Reconcile
{{- if $envAll.Values.manifests.secret_registry }}
{{- if $envAll.Values.endpoints.oci_image_registry.auth.enabled }}
imagePullSecrets:
- name: {{ index $envAll.Values.secrets.oci_image_registry $envAll.Chart.Name }}
{{- end -}}
{{- end -}}
{{- end }} {{- end }}

20
kube-dns/values.yaml
View File

@ -66,6 +66,10 @@ dependencies:
kube_dns: kube_dns:
services: null services: null
secrets:
oci_image_registry:
kube-dns: kube-dns-oci-image-registry-key
endpoints: endpoints:
cluster_domain_suffix: cluster.local cluster_domain_suffix: cluster.local
local_image_registry: local_image_registry:
@ -80,12 +84,28 @@ endpoints:
port: port:
registry: registry:
node: 5000 node: 5000
oci_image_registry:
name: oci-image-registry
namespace: oci-image-registry
auth:
enabled: false
kube-dns:
username: kube-dns
password: password
hosts:
default: localhost
host_fqdn_override:
default: null
port:
registry:
default: null
manifests: manifests:
configmap_bin: true configmap_bin: true
configmap_kube_dns: true configmap_kube_dns: true
deployment_kube_dns: true deployment_kube_dns: true
job_image_repo_sync: true job_image_repo_sync: true
secret_registry: true
service_kube_dns: true service_kube_dns: true
serviceaccount_kube_dns: true serviceaccount_kube_dns: true
... ...

2
kubernetes-keystone-webhook/Chart.yaml
View File

@ -15,7 +15,7 @@ apiVersion: v1
appVersion: v0.2.0 appVersion: v0.2.0
description: OpenStack-Helm Kubernetes keystone webhook description: OpenStack-Helm Kubernetes keystone webhook
name: kubernetes-keystone-webhook name: kubernetes-keystone-webhook
version: 0.1.6 version: 0.1.7
home: https://github.com/kubernetes/cloud-provider-openstack home: https://github.com/kubernetes/cloud-provider-openstack
sources: sources:
- https://opendev.org/openstack/openstack-helm-infra - https://opendev.org/openstack/openstack-helm-infra

17
kubernetes-keystone-webhook/templates/secret-registry.yaml Normal file
View File

@ -0,0 +1,17 @@
{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }}
{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }}
{{- end }}

18
kubernetes-keystone-webhook/values.yaml
View File

@ -478,9 +478,26 @@ secrets:
admin: kubernetes-keystone-webhook-admin admin: kubernetes-keystone-webhook-admin
certificates: certificates:
api: kubernetes-keystone-webhook-certs api: kubernetes-keystone-webhook-certs
oci_image_registry:
kubernetes-keystone-webhook: kubernetes-keystone-webhook-oci-image-registry-key
endpoints: endpoints:
cluster_domain_suffix: cluster.local cluster_domain_suffix: cluster.local
oci_image_registry:
name: oci-image-registry
namespace: oci-image-registry
auth:
enabled: false
kubernetes-keystone-webhook:
username: kubernetes-keystone-webhook
password: password
hosts:
default: localhost
host_fqdn_override:
default: null
port:
registry:
default: null
kubernetes: kubernetes:
auth: auth:
api: api:
@ -552,6 +569,7 @@ manifests:
pod_test: true pod_test: true
secret_certificates: true secret_certificates: true
secret_keystone: true secret_keystone: true
secret_registry: true
service_ingress_api: true service_ingress_api: true
service: true service: true
... ...

2
kubernetes-node-problem-detector/Chart.yaml
View File

@ -15,7 +15,7 @@ apiVersion: v1
appVersion: v1.0.0 appVersion: v1.0.0
description: OpenStack-Helm Kubernetes Node Problem Detector description: OpenStack-Helm Kubernetes Node Problem Detector
name: kubernetes-node-problem-detector name: kubernetes-node-problem-detector
version: 0.1.6 version: 0.1.7
home: https://github.com/kubernetes/node-problem-detector home: https://github.com/kubernetes/node-problem-detector
sources: sources:
- https://github.com/kubernetes/node-problem-detector - https://github.com/kubernetes/node-problem-detector

17
kubernetes-node-problem-detector/templates/secret-registry.yaml Normal file
View File

@ -0,0 +1,17 @@
{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }}
{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }}
{{- end }}

20
kubernetes-node-problem-detector/values.yaml
View File

@ -35,6 +35,10 @@ labels:
node_selector_key: openstack-control-plane node_selector_key: openstack-control-plane
node_selector_value: enabled node_selector_value: enabled
secrets:
oci_image_registry:
kubernetes-node-problem-detector: kubernetes-node-problem-detector-oci-image-registry-key
pod: pod:
security_context: security_context:
node_problem_detector: node_problem_detector:
@ -135,6 +139,21 @@ endpoints:
port: port:
registry: registry:
node: 5000 node: 5000
oci_image_registry:
name: oci-image-registry
namespace: oci-image-registry
auth:
enabled: false
kubernetes-node-problem-detector:
username: kubernetes-node-problem-detector
password: password
hosts:
default: localhost
host_fqdn_override:
default: null
port:
registry:
default: null
node_problem_detector: node_problem_detector:
name: node-problem-detector name: node-problem-detector
namespace: null namespace: null
@ -153,6 +172,7 @@ manifests:
configmap_etc: true configmap_etc: true
daemonset: true daemonset: true
job_image_repo_sync: true job_image_repo_sync: true
secret_registry: true
service: false service: false
conf: conf:

2
ldap/Chart.yaml
View File

@ -15,7 +15,7 @@ apiVersion: v1
appVersion: v1.2.0 appVersion: v1.2.0
description: OpenStack-Helm LDAP description: OpenStack-Helm LDAP
name: ldap name: ldap
version: 0.1.3 version: 0.1.4
home: https://www.openldap.org/ home: https://www.openldap.org/
maintainers: maintainers:
- name: OpenStack-Helm Authors - name: OpenStack-Helm Authors

17
ldap/templates/secret-registry.yaml Normal file
View File

@ -0,0 +1,17 @@
{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }}
{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }}
{{- end }}

18
ldap/values.yaml
View File

@ -137,6 +137,21 @@ endpoints:
port: port:
registry: registry:
node: 5000 node: 5000
oci_image_registry:
name: oci-image-registry
namespace: oci-image-registry
auth:
enabled: false
ldap:
username: ldap
password: password
hosts:
default: localhost
host_fqdn_override:
default: null
port:
registry:
default: null
ldap: ldap:
hosts: hosts:
default: ldap default: ldap
@ -230,6 +245,8 @@ secrets:
identity: identity:
admin: admin admin: admin
ldap: ldap ldap: ldap
oci_image_registry:
ldap: ldap-oci-image-registry-key
openldap: openldap:
domain: cluster.local domain: cluster.local
@ -241,6 +258,7 @@ manifests:
job_bootstrap: true job_bootstrap: true
job_image_repo_sync: true job_image_repo_sync: true
network_policy: false network_policy: false
secret_registry: true
statefulset: true statefulset: true
service: true service: true
... ...

2
libvirt/Chart.yaml
View File

@ -15,7 +15,7 @@ apiVersion: v1
appVersion: v1.0.0 appVersion: v1.0.0
description: OpenStack-Helm libvirt description: OpenStack-Helm libvirt
name: libvirt name: libvirt
version: 0.1.12 version: 0.1.13
home: https://libvirt.org home: https://libvirt.org
sources: sources:
- https://libvirt.org/git/?p=libvirt.git;a=summary - https://libvirt.org/git/?p=libvirt.git;a=summary

17
libvirt/templates/secret-registry.yaml Normal file
View File

@ -0,0 +1,17 @@
{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }}
{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }}
{{- end }}

18
libvirt/values.yaml
View File

@ -58,6 +58,21 @@ endpoints:
port: port:
registry: registry:
node: 5000 node: 5000
oci_image_registry:
name: oci-image-registry
namespace: oci-image-registry
auth:
enabled: false
libvirt:
username: libvirt
password: password
hosts:
default: localhost
host_fqdn_override:
default: null
port:
registry:
default: null
libvirt_exporter: libvirt_exporter:
port: port:
metrics: metrics:
@ -237,8 +252,11 @@ manifests:
daemonset_libvirt: true daemonset_libvirt: true
job_image_repo_sync: true job_image_repo_sync: true
network_policy: false network_policy: false
secret_registry: true
secrets: secrets:
oci_image_registry:
libvirt: libvirt-oci-image-registry-key
tls: tls:
server: libvirt-tls-server server: libvirt-tls-server
client: libvirt-tls-client client: libvirt-tls-client

2
mariadb/Chart.yaml
View File

@ -15,7 +15,7 @@ apiVersion: v1
appVersion: v10.2.31 appVersion: v10.2.31
description: OpenStack-Helm MariaDB description: OpenStack-Helm MariaDB
name: mariadb name: mariadb
version: 0.2.25 version: 0.2.26
home: https://mariadb.com/kb/en/ home: https://mariadb.com/kb/en/
icon: http://badges.mariadb.org/mariadb-badge-180x60.png icon: http://badges.mariadb.org/mariadb-badge-180x60.png
sources: sources:

17
mariadb/templates/secret-registry.yaml Normal file
View File

@ -0,0 +1,17 @@
{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }}
{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }}
{{- end }}

18
mariadb/values.yaml
View File

@ -496,6 +496,8 @@ secrets:
mariadb: mariadb-backup-user mariadb: mariadb-backup-user
mariadb: mariadb:
backup_restore: mariadb-backup-restore backup_restore: mariadb-backup-restore
oci_image_registry:
mariadb: mariadb-oci-image-registry-key
tls: tls:
oslo_db: oslo_db:
server: server:
@ -519,6 +521,21 @@ endpoints:
port: port:
registry: registry:
node: 5000 node: 5000
oci_image_registry:
name: oci-image-registry
namespace: oci-image-registry
auth:
enabled: false
mariadb:
username: mariadb
password: password
hosts:
default: localhost
host_fqdn_override:
default: null
port:
registry:
default: null
monitoring: monitoring:
name: prometheus name: prometheus
namespace: null namespace: null
@ -677,6 +694,7 @@ manifests:
secret_dbaudit_password: true secret_dbaudit_password: true
secret_backup_restore: false secret_backup_restore: false
secret_etc: true secret_etc: true
secret_registry: true
service_discovery: true service_discovery: true
service_ingress: true service_ingress: true
service_error: true service_error: true

2
memcached/Chart.yaml
View File

@ -15,6 +15,6 @@ apiVersion: v1
appVersion: v1.5.5 appVersion: v1.5.5
description: OpenStack-Helm Memcached description: OpenStack-Helm Memcached
name: memcached name: memcached
version: 0.1.11 version: 0.1.12
home: https://github.com/memcached/memcached home: https://github.com/memcached/memcached
... ...

17
memcached/templates/secret-registry.yaml Normal file
View File

@ -0,0 +1,17 @@
{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }}
{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }}
{{- end }}

20
memcached/values.yaml
View File

@ -42,6 +42,10 @@ dependencies:
- endpoint: internal - endpoint: internal
service: local_image_registry service: local_image_registry
secrets:
oci_image_registry:
memcached: memcached-oci-image-registry-key
endpoints: endpoints:
cluster_domain_suffix: cluster.local cluster_domain_suffix: cluster.local
local_image_registry: local_image_registry:
@ -56,6 +60,21 @@ endpoints:
port: port:
registry: registry:
node: 5000 node: 5000
oci_image_registry:
name: oci-image-registry
namespace: oci-image-registry
auth:
enabled: false
memcached:
username: memcached
password: password
hosts:
default: localhost
host_fqdn_override:
default: null
port:
registry:
default: null
oslo_cache: oslo_cache:
namespace: null namespace: null
host_fqdn_override: host_fqdn_override:
@ -121,6 +140,7 @@ manifests:
job_image_repo_sync: true job_image_repo_sync: true
network_policy: false network_policy: false
service: true service: true
secret_registry: true
pod: pod:
security_context: security_context:

2
metacontroller/Chart.yaml
View File

@ -15,7 +15,7 @@ apiVersion: v1
appVersion: v0.4.2 appVersion: v0.4.2
description: A Helm chart for Metacontroller description: A Helm chart for Metacontroller
name: metacontroller name: metacontroller
version: 0.1.5 version: 0.1.6
home: https://metacontroller.app/ home: https://metacontroller.app/
keywords: keywords:
- CRDs - CRDs

17
metacontroller/templates/secret-registry.yaml Normal file
View File

@ -0,0 +1,17 @@
{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }}
{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }}
{{- end }}

20
metacontroller/values.yaml
View File

@ -81,6 +81,10 @@ pod:
readOnlyRootFilesystem: true readOnlyRootFilesystem: true
allowPrivilegeEscalation: false allowPrivilegeEscalation: false
secrets:
oci_image_registry:
metacontroller: metacontroller-oci-image-registry-key
endpoints: endpoints:
cluster_domain_suffix: cluster.local cluster_domain_suffix: cluster.local
local_image_registry: local_image_registry:
@ -95,6 +99,21 @@ endpoints:
port: port:
registry: registry:
node: 5000 node: 5000
oci_image_registry:
name: oci-image-registry
namespace: oci-image-registry
auth:
enabled: false
metacontroller:
username: metacontroller
password: password
hosts:
default: localhost
host_fqdn_override:
default: null
port:
registry:
default: null
metacontroller: metacontroller:
hosts: hosts:
default: metacontroller default: metacontroller
@ -105,6 +124,7 @@ endpoints:
default: 8083 default: 8083
manifests: manifests:
secret_registry: true
service: true service: true
statefulset: true statefulset: true
job_image_repo_sync: true job_image_repo_sync: true

2
mongodb/Chart.yaml
View File

@ -15,7 +15,7 @@ apiVersion: v1
appVersion: v3.4.9 appVersion: v3.4.9
description: OpenStack-Helm MongoDB description: OpenStack-Helm MongoDB
name: mongodb name: mongodb
version: 0.1.3 version: 0.1.4
home: https://www.mongodb.com home: https://www.mongodb.com
sources: sources:
- https://github.com/mongodb/mongo - https://github.com/mongodb/mongo

17
mongodb/templates/secret-registry.yaml Normal file
View File

@ -0,0 +1,17 @@
{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }}
{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }}
{{- end }}

20
mongodb/values.yaml
View File

@ -74,6 +74,10 @@ labels:
node_selector_key: openstack-control-plane node_selector_key: openstack-control-plane
node_selector_value: enabled node_selector_value: enabled
secrets:
oci_image_registry:
mongodb: mongodb-oci-image-registry-key
endpoints: endpoints:
cluster_domain_suffix: cluster.local cluster_domain_suffix: cluster.local
local_image_registry: local_image_registry:
@ -88,6 +92,21 @@ endpoints:
port: port:
registry: registry:
node: 5000 node: 5000
oci_image_registry:
name: oci-image-registry
namespace: oci-image-registry
auth:
enabled: false
mongodb:
username: mongodb
password: password
hosts:
default: localhost
host_fqdn_override:
default: null
port:
registry:
default: null
mongodb: mongodb:
auth: auth:
admin: admin:
@ -124,6 +143,7 @@ manifests:
configmap_bin: true configmap_bin: true
job_image_repo_sync: true job_image_repo_sync: true
secret_db_root_creds: true secret_db_root_creds: true
secret_registry: true
service: true service: true
statefulset: true statefulset: true
... ...

2
nagios/Chart.yaml
View File

@ -15,7 +15,7 @@ apiVersion: v1
appVersion: v1.0.0 appVersion: v1.0.0
description: OpenStack-Helm Nagios description: OpenStack-Helm Nagios
name: nagios name: nagios
version: 0.1.5 version: 0.1.6
home: https://www.nagios.org home: https://www.nagios.org
sources: sources:
- https://opendev.org/openstack/openstack-helm-addons - https://opendev.org/openstack/openstack-helm-addons

17
nagios/templates/secret-registry.yaml Normal file
View File

@ -0,0 +1,17 @@
{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }}
{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }}
{{- end }}

18
nagios/values.yaml
View File

@ -63,6 +63,8 @@ dependencies:
secrets: secrets:
nagios: nagios:
admin: nagios-admin-creds admin: nagios-admin-creds
oci_image_registry:
nagios: nagios-oci-image-registry-key
tls: tls:
nagios: nagios:
nagios: nagios:
@ -82,6 +84,21 @@ endpoints:
port: port:
registry: registry:
node: 5000 node: 5000
oci_image_registry:
name: oci-image-registry
namespace: oci-image-registry
auth:
enabled: false
nagios:
username: nagios
password: password
hosts:
default: localhost
host_fqdn_override:
default: null
port:
registry:
default: null
monitoring: monitoring:
name: prometheus name: prometheus
auth: auth:
@ -295,6 +312,7 @@ manifests:
pod_helm_test: true pod_helm_test: true
secret_nagios: true secret_nagios: true
secret_ingress_tls: true secret_ingress_tls: true
secret_registry: true
service: true service: true
service_ingress: true service_ingress: true

2
nfs-provisioner/Chart.yaml
View File

@ -15,7 +15,7 @@ apiVersion: v1
appVersion: v2.2.1 appVersion: v2.2.1
description: OpenStack-Helm NFS description: OpenStack-Helm NFS
name: nfs-provisioner name: nfs-provisioner
version: 0.1.3 version: 0.1.4
home: https://github.com/kubernetes-incubator/external-storage home: https://github.com/kubernetes-incubator/external-storage
sources: sources:
- https://github.com/kubernetes-incubator/external-storage - https://github.com/kubernetes-incubator/external-storage

17
nfs-provisioner/templates/secret-registry.yaml Normal file
View File

@ -0,0 +1,17 @@
{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }}
{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }}
{{- end }}

20
nfs-provisioner/values.yaml
View File

@ -102,6 +102,10 @@ dependencies:
nfs: nfs:
services: null services: null
secrets:
oci_image_registry:
nfs-provisioner: nfs-provisioner-oci-image-registry-key
endpoints: endpoints:
cluster_domain_suffix: cluster.local cluster_domain_suffix: cluster.local
local_image_registry: local_image_registry:
@ -116,6 +120,21 @@ endpoints:
port: port:
registry: registry:
node: 5000 node: 5000
oci_image_registry:
name: oci-image-registry
namespace: oci-image-registry
auth:
enabled: false
nfs-provisioner:
username: nfs-provisioner
password: password
hosts:
default: localhost
host_fqdn_override:
default: null
port:
registry:
default: null
nfs: nfs:
hosts: hosts:
default: nfs-provisioner default: nfs-provisioner
@ -131,6 +150,7 @@ manifests:
configmap_bin: true configmap_bin: true
deployment: true deployment: true
job_image_repo_sync: true job_image_repo_sync: true
secret_registry: true
service: true service: true
storage_class: true storage_class: true
volume_claim: true volume_claim: true

Some files were not shown because too many files have changed in this diff Show More