Skip to content

Commit

Permalink
feat: Adds possibility to set image pull secrets in all charts
Browse files Browse the repository at this point in the history
fix: linting errors
  • Loading branch information
luflow committed Aug 21, 2024
1 parent 282df93 commit bd87082
Show file tree
Hide file tree
Showing 7 changed files with 46 additions and 20 deletions.
1 change: 1 addition & 0 deletions charts/connect/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -55,6 +55,7 @@ helm install --set connect.applicationName=connect connect ./connect

| Key | Type | Default | Description |
|-------------------------------------|------------|------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| global.imagePullSecrets | array | `[]` | Global list of secret names to use as image pull secrets for all pod specs in the chart. Secrets must exist in the same namespace |
| connect.create | boolean | `true` | Denotes whether the 1Password Connect server will be deployed |
| connect.replicas | integer | `1` | The number of replicas to run the 1Password Connect deployment |
| connect.applicationName | string | `"onepassword-connect"` | The name of 1Password Connect Application |
Expand Down
20 changes: 13 additions & 7 deletions charts/connect/templates/connect-deployment.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -33,10 +33,10 @@ spec:
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
{{- with .Values.connect.nodeSelector }}
{{- with .Values.connect.nodeSelector }}
nodeSelector:
{{ toYaml . | indent 8 }}
{{- end }}
{{ toYaml . | indent 8 }}
{{- end }}
volumes:
- name: {{ .Values.connect.dataVolume.name }}
{{ .Values.connect.dataVolume.type }}: {{- toYaml .Values.connect.dataVolume.values | nindent 12 }}
Expand All @@ -49,7 +49,7 @@ spec:
secretName: {{ .Values.connect.tls.secret }}
{{- end }}
tolerations:
{{ toYaml .Values.connect.tolerations | indent 8 }}
{{ toYaml .Values.connect.tolerations | indent 8 }}
containers:
- name: {{ .Values.connect.api.name }}
image: {{ .Values.connect.api.imageRepository }}:{{ tpl .Values.connect.version . }}
Expand Down Expand Up @@ -84,10 +84,10 @@ spec:
- name: OP_LOG_LEVEL
value: "{{ .Values.connect.api.logLevel }}"
{{- include "onepassword-connect.profilerConfig" . | indent 12 -}}
{{- range .Values.connect.customEnvVars}}
{{- range .Values.connect.customEnvVars }}
- name: {{ .name }}
value: {{ .value }}
{{- end }}
{{- end }}
{{- if .Values.connect.probes.readiness }}
readinessProbe:
httpGet:
Expand Down Expand Up @@ -166,4 +166,10 @@ spec:
mountPath: /data
subPath: profiler
{{- end }}
{{- end }}
{{- with .Values.global.imagePullSecrets }}
imagePullSecrets:
{{- range . }}
- name: {{ . | quote }}
{{- end }}
{{- end }}
{{- end }}
12 changes: 9 additions & 3 deletions charts/connect/templates/operator-deployment.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -50,8 +50,8 @@ spec:
capabilities:
drop:
- all
command: ["/manager"]
args: [--zap-log-level={{ .Values.operator.logLevel }}]
command: [ "/manager" ]
args: [ --zap-log-level={{ .Values.operator.logLevel }}]
env:
- name: WATCH_NAMESPACE
value: {{ default "" (tpl (include "helm-toolkit.utils.joinListWithComma" .Values.operator.watchNamespace) .) }}
Expand All @@ -75,7 +75,13 @@ spec:
{{- range .Values.operator.customEnvVars}}
- name: {{ .name }}
value: {{ .value }}
{{- end }}
{{- end }}
resources:
{{- toYaml .Values.operator.resources | nindent 12 }}
{{- with .Values.global.imagePullSecrets }}
imagePullSecrets:
{{- range . }}
- name: {{ . | quote }}
{{- end }}
{{- end }}
{{- end }}
5 changes: 5 additions & 0 deletions charts/connect/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,11 @@
# global common labels, applied to all ressources
commonLabels: {}

global:
# global list of secret names to use as image pull secrets for all pod specs in the chart
# secrets must exist in the same namespace
imagePullSecrets: []

# This section of values is for 1Password Connect API and Sync Configuration
connect:
# Denotes whether the 1Password Connect server will be deployed
Expand Down
19 changes: 10 additions & 9 deletions charts/secrets-injector/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -30,15 +30,16 @@ $ helm install --set injector.applicationName=injector injector ./secrets-inject

### Values

| Key | Type | Default | Description |
| ------------------------ | ------- | ----------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------- |
| injector.applicationName | string | `"secrets-injector"` | The name of 1Password Kubernetes Secrets Injector Application |
| injector.imagePullPolicy | string | `"IfNotPresent"` | The 1Password Secrets Injector docker image policy. `"IfNotPresent"` means the image is pulled only if it is not already present locally. |
| injector.imageRepository | string | `"1password/kubernetes-secrets-injector"` | The 1Password Secrets Injector docker image repository |
| injector.port | string | `443` | The port the Secrets Injector exposes |
| injector.targetPort | integer | `8443` | The port the Secrets Injector API sends requests to the pod |
| injector.version | string | `{{.Chart.AppVersion}}` | The 1Password Secrets Injector version to pull. |
| injector.customEnvVars | array | `[]` | Custom Environment Variables for the 1Password Secrets Injector container that are not specified in this helm chart. |
| Key | Type | Default | Description |
|---------------------------|---------|-------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------|
| injector.applicationName | string | `"secrets-injector"` | The name of 1Password Kubernetes Secrets Injector Application |
| injector.imagePullPolicy | string | `"IfNotPresent"` | The 1Password Secrets Injector docker image policy. `"IfNotPresent"` means the image is pulled only if it is not already present locally. |
| injector.imagePullSecrets | array | `[]` | Global list of secret names to use as image pull secrets for all pod specs in the chart. Secrets must exist in the same namespace |
| injector.imageRepository | string | `"1password/kubernetes-secrets-injector"` | The 1Password Secrets Injector docker image repository |
| injector.port | string | `443` | The port the Secrets Injector exposes |
| injector.targetPort | integer | `8443` | The port the Secrets Injector API sends requests to the pod |
| injector.version | string | `{{.Chart.AppVersion}}` | The 1Password Secrets Injector version to pull. |
| injector.customEnvVars | array | `[]` | Custom Environment Variables for the 1Password Secrets Injector container that are not specified in this helm chart. |

#### Custom Environment Variables

Expand Down
8 changes: 7 additions & 1 deletion charts/secrets-injector/templates/deployment.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -35,8 +35,14 @@ spec:
{{- range .Values.injector.customEnvVars}}
- name: {{ .name }}
value: {{ .value }}
{{- end }}
{{- end }}
lifecycle:
preStop:
exec:
command: [ "/bin/sh", "-c", "/prestop.sh" ]
{{- with .Values.injector.imagePullSecrets }}
imagePullSecrets:
{{- range . }}
- name: {{ . | quote }}
{{- end }}
{{- end }}
1 change: 1 addition & 0 deletions charts/secrets-injector/values.yaml
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
injector:
applicationName: secrets-injector
imagePullPolicy: IfNotPresent
imagePullSecrets: []
imageRepository: 1password/kubernetes-secrets-injector
port: 443
targetPort: 8443
Expand Down

0 comments on commit bd87082

Please sign in to comment.