support image registries with authentication

Based on spec in openstack-helm repo,
support-OCI-image-registry-with-authentication-turned-on.rst

Each Helm chart can configure an OCI image registry and
credentials to use. A Kubernetes secret is then created with these
info. Service Accounts then specify an imagePullSecret specifying
the Secret with creds for the registry. Then any pod using one
of these ServiceAccounts may pull images from an authenticated
container registry.

Change-Id: Iebda4c7a861aa13db921328776b20c14ba346269
changes/42/848142/17
Brian Haley 5 months ago committed by Dustin Specker
parent 381d066f01
commit f31cfb2ef9
  1. 2
      calico/Chart.yaml
  2. 17
      calico/templates/secret-registry.yaml
  3. 20
      calico/values.yaml
  4. 2
      ceph-client/Chart.yaml
  5. 17
      ceph-client/templates/secret-registry.yaml
  6. 18
      ceph-client/values.yaml
  7. 2
      ceph-mon/Chart.yaml
  8. 17
      ceph-mon/templates/secret-registry.yaml
  9. 18
      ceph-mon/values.yaml
  10. 2
      ceph-osd/Chart.yaml
  11. 17
      ceph-osd/templates/secret-registry.yaml
  12. 18
      ceph-osd/values.yaml
  13. 2
      ceph-provisioners/Chart.yaml
  14. 17
      ceph-provisioners/templates/secret-registry.yaml
  15. 18
      ceph-provisioners/values.yaml
  16. 2
      ceph-rgw/Chart.yaml
  17. 17
      ceph-rgw/templates/secret-registry.yaml
  18. 18
      ceph-rgw/values.yaml
  19. 2
      cert-rotation/Chart.yaml
  20. 17
      cert-rotation/templates/secret-registry.yaml
  21. 21
      cert-rotation/values.yaml
  22. 2
      daemonjob-controller/Chart.yaml
  23. 17
      daemonjob-controller/templates/secret-registry.yaml
  24. 19
      daemonjob-controller/values.yaml
  25. 2
      elastic-apm-server/Chart.yaml
  26. 17
      elastic-apm-server/templates/secret-registry.yaml
  27. 18
      elastic-apm-server/values.yaml
  28. 2
      elastic-filebeat/Chart.yaml
  29. 17
      elastic-filebeat/templates/secret-registry.yaml
  30. 18
      elastic-filebeat/values.yaml
  31. 2
      elastic-metricbeat/Chart.yaml
  32. 17
      elastic-metricbeat/templates/secret-registry.yaml
  33. 18
      elastic-metricbeat/values.yaml
  34. 2
      elastic-packetbeat/Chart.yaml
  35. 17
      elastic-packetbeat/templates/secret-registry.yaml
  36. 18
      elastic-packetbeat/values.yaml
  37. 2
      elasticsearch/Chart.yaml
  38. 17
      elasticsearch/templates/secret-registry.yaml
  39. 18
      elasticsearch/values.yaml
  40. 2
      etcd/Chart.yaml
  41. 17
      etcd/templates/secret-registry.yaml
  42. 20
      etcd/values.yaml
  43. 2
      falco/Chart.yaml
  44. 17
      falco/templates/secret-registry.yaml
  45. 22
      falco/values.yaml
  46. 2
      flannel/Chart.yaml
  47. 17
      flannel/templates/secret-registry.yaml
  48. 20
      flannel/values.yaml
  49. 2
      fluentbit/Chart.yaml
  50. 17
      fluentbit/templates/secret-registry.yaml
  51. 20
      fluentbit/values.yaml
  52. 2
      fluentd/Chart.yaml
  53. 17
      fluentd/templates/secret-registry.yaml
  54. 21
      fluentd/values.yaml
  55. 2
      grafana/Chart.yaml
  56. 17
      grafana/templates/secret-registry.yaml
  57. 18
      grafana/values.yaml
  58. 2
      helm-toolkit/Chart.yaml
  59. 93
      helm-toolkit/templates/manifests/_secret-registry.yaml.tpl
  60. 6
      helm-toolkit/templates/snippets/_kubernetes_pod_rbac_serviceaccount.tpl
  61. 2
      ingress/Chart.yaml
  62. 17
      ingress/templates/secret-registry.yaml
  63. 18
      ingress/values.yaml
  64. 2
      kibana/Chart.yaml
  65. 17
      kibana/templates/secret-registry.yaml
  66. 18
      kibana/values.yaml
  67. 2
      kube-dns/Chart.yaml
  68. 17
      kube-dns/templates/secret-registry.yaml
  69. 6
      kube-dns/templates/serviceaccount-kube-dns.yaml
  70. 20
      kube-dns/values.yaml
  71. 2
      kubernetes-keystone-webhook/Chart.yaml
  72. 17
      kubernetes-keystone-webhook/templates/secret-registry.yaml
  73. 18
      kubernetes-keystone-webhook/values.yaml
  74. 2
      kubernetes-node-problem-detector/Chart.yaml
  75. 17
      kubernetes-node-problem-detector/templates/secret-registry.yaml
  76. 20
      kubernetes-node-problem-detector/values.yaml
  77. 2
      ldap/Chart.yaml
  78. 17
      ldap/templates/secret-registry.yaml
  79. 18
      ldap/values.yaml
  80. 2
      libvirt/Chart.yaml
  81. 17
      libvirt/templates/secret-registry.yaml
  82. 18
      libvirt/values.yaml
  83. 2
      mariadb/Chart.yaml
  84. 17
      mariadb/templates/secret-registry.yaml
  85. 18
      mariadb/values.yaml
  86. 2
      memcached/Chart.yaml
  87. 17
      memcached/templates/secret-registry.yaml
  88. 20
      memcached/values.yaml
  89. 2
      metacontroller/Chart.yaml
  90. 17
      metacontroller/templates/secret-registry.yaml
  91. 20
      metacontroller/values.yaml
  92. 2
      mongodb/Chart.yaml
  93. 17
      mongodb/templates/secret-registry.yaml
  94. 20
      mongodb/values.yaml
  95. 2
      nagios/Chart.yaml
  96. 17
      nagios/templates/secret-registry.yaml
  97. 18
      nagios/values.yaml
  98. 2
      nfs-provisioner/Chart.yaml
  99. 17
      nfs-provisioner/templates/secret-registry.yaml
  100. 20
      nfs-provisioner/values.yaml
  101. Some files were not shown because too many files have changed in this diff Show More

@ -15,7 +15,7 @@ apiVersion: v1
appVersion: v3.4.0
description: OpenStack-Helm Calico
name: calico
version: 0.1.4
version: 0.1.5
home: https://github.com/projectcalico/calico
icon: https://camo.githubusercontent.com/64c8b5ed6ac97553ae367348e8a59a24e2ed5bdc/687474703a2f2f646f63732e70726f6a65637463616c69636f2e6f72672f696d616765732f66656c69782e706e67
sources:

@ -0,0 +1,17 @@
{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }}
{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }}
{{- end }}

@ -166,6 +166,10 @@ dependencies:
- endpoint: internal
service: local_image_registry
secrets:
oci_image_registry:
calico: calico-oci-image-registry
endpoints:
cluster_domain_suffix: cluster.local
local_image_registry:
@ -180,6 +184,21 @@ endpoints:
port:
registry:
node: 5000
oci_image_registry:
name: oci-image-registry
namespace: oci-image-registry
auth:
enabled: false
calico:
username: calico
password: password
hosts:
default: localhost
host_fqdn_override:
default: null
port:
registry:
default: null
etcd:
auth:
client:
@ -572,4 +591,5 @@ manifests:
job_calico_settings: true
service_calico_etcd: true
secret_certificates: true
secret_registry: true
...

@ -15,6 +15,6 @@ apiVersion: v1
appVersion: v1.0.0
description: OpenStack-Helm Ceph Client
name: ceph-client
version: 0.1.36
version: 0.1.37
home: https://github.com/ceph/ceph-client
...

@ -0,0 +1,17 @@
{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }}
{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }}
{{- end }}

@ -188,6 +188,8 @@ secrets:
rgw: ceph-bootstrap-rgw-keyring
mgr: ceph-bootstrap-mgr-keyring
admin: ceph-client-admin-keyring
oci_image_registry:
ceph-client: ceph-client-oci-image-registry
network:
public: 192.168.0.0/16
@ -517,6 +519,21 @@ endpoints:
port:
registry:
node: 5000
oci_image_registry:
name: oci-image-registry
namespace: oci-image-registry
auth:
enabled: false
ceph-client:
username: ceph-client
password: password
hosts:
default: localhost
host_fqdn_override:
default: null
port:
registry:
default: null
ceph_mon:
namespace: null
hosts:
@ -564,4 +581,5 @@ manifests:
helm_tests: true
cronjob_checkPGs: true
cronjob_defragosds: true
secret_registry: true
...

@ -15,6 +15,6 @@ apiVersion: v1
appVersion: v1.0.0
description: OpenStack-Helm Ceph Mon
name: ceph-mon
version: 0.1.25
version: 0.1.26
home: https://github.com/ceph/ceph
...

@ -0,0 +1,17 @@
{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }}
{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }}
{{- end }}

@ -215,6 +215,8 @@ secrets:
osd: ceph-bootstrap-osd-keyring
mgr: ceph-bootstrap-mgr-keyring
admin: ceph-client-admin-keyring
oci_image_registry:
ceph-mon: ceph-mon-oci-image-registry-key
network:
public: 192.168.0.0/16
@ -424,6 +426,21 @@ endpoints:
port:
registry:
node: 5000
oci_image_registry:
name: oci-image-registry
namespace: oci-image-registry
auth:
enabled: false
ceph-mon:
username: ceph-mon
password: password
hosts:
default: localhost
host_fqdn_override:
default: null
port:
registry:
default: null
ceph_mon:
namespace: null
hosts:
@ -473,4 +490,5 @@ manifests:
service_mgr: true
service_mon_discovery: true
job_storage_admin_keys: true
secret_registry: true
...

@ -15,6 +15,6 @@ apiVersion: v1
appVersion: v1.0.0
description: OpenStack-Helm Ceph OSD
name: ceph-osd
version: 0.1.41
version: 0.1.42
home: https://github.com/ceph/ceph
...

@ -0,0 +1,17 @@
{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }}
{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }}
{{- end }}

@ -142,6 +142,8 @@ secrets:
keyrings:
osd: ceph-bootstrap-osd-keyring
admin: ceph-client-admin-keyring
oci_image_registry:
ceph-osd: ceph-osh-oci-image-registry-key
network:
public: 192.168.0.0/16
@ -373,6 +375,21 @@ endpoints:
port:
registry:
node: 5000
oci_image_registry:
name: oci-image-registry
namespace: oci-image-registry
auth:
enabled: false
ceph-osd:
username: ceph-osd
password: password
hosts:
default: localhost
host_fqdn_override:
default: null
port:
registry:
default: null
ceph_mon:
namespace: null
hosts:
@ -395,4 +412,5 @@ manifests:
job_post_apply: true
job_image_repo_sync: true
helm_tests: true
secret_registry: true
...

@ -15,6 +15,6 @@ apiVersion: v1
appVersion: v1.0.0
description: OpenStack-Helm Ceph Provisioner
name: ceph-provisioners
version: 0.1.20
version: 0.1.21
home: https://github.com/ceph/ceph
...

@ -0,0 +1,17 @@
{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }}
{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }}
{{- end }}

@ -277,6 +277,8 @@ secrets:
keyrings:
admin: ceph-client-admin-keyring
prov_adminSecretName: pvc-ceph-conf-combined-storageclass
oci_image_registry:
ceph-provisioners: ceph-provisioners-oci-image-registry-key
network:
public: 192.168.0.0/16
@ -431,6 +433,21 @@ endpoints:
port:
registry:
node: 5000
oci_image_registry:
name: oci-image-registry
namespace: oci-image-registry
auth:
enabled: false
ceph-provisioners:
username: ceph-provisioners
password: password
hosts:
default: localhost
host_fqdn_override:
default: null
port:
registry:
default: null
ceph_mon:
namespace: null
hosts:
@ -462,4 +479,5 @@ manifests:
job_namespace_client_ceph_config: true
storageclass: true
helm_tests: true
secret_registry: true
...

@ -15,6 +15,6 @@ apiVersion: v1
appVersion: v1.0.0
description: OpenStack-Helm Ceph RadosGW
name: ceph-rgw
version: 0.1.22
version: 0.1.23
home: https://github.com/ceph/ceph
...

@ -0,0 +1,17 @@
{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }}
{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }}
{{- end }}

@ -259,6 +259,8 @@ secrets:
admin: ceph-keystone-admin
swift: ceph-keystone-user
user_rgw: ceph-keystone-user-rgw
oci_image_registry:
ceph-rgw: ceph-rgw-oci-image-registry-key
rgw_s3:
admin: radosgw-s3-admin-creds
tls:
@ -548,6 +550,21 @@ endpoints:
port:
registry:
node: 5000
oci_image_registry:
name: oci-image-registry
namespace: oci-image-registry
auth:
enabled: false
ceph-rgw:
username: ceph-rgw
password: password
hosts:
default: localhost
host_fqdn_override:
default: null
port:
registry:
default: null
identity:
name: keystone
namespace: null
@ -682,6 +699,7 @@ manifests:
secret_keystone_rgw: true
secret_ingress_tls: true
secret_keystone: true
secret_registry: true
service_ingress_rgw: true
service_rgw: true
helm_tests: true

@ -16,5 +16,5 @@ appVersion: "1.0"
description: Rotate the certificates generated by cert-manager
home: https://cert-manager.io/
name: cert-rotation
version: 0.1.5
version: 0.1.6
...

@ -0,0 +1,17 @@
{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }}
{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }}
{{- end }}

@ -54,8 +54,29 @@ pod:
dependencies:
static:
cert_rotate: null
secrets:
oci_image_registry:
cert-rotation: cert-rotation-oci-image-registry-key
endpoints:
cluster_domain_suffix: cluster.local
oci_image_registry:
name: oci-image-registry
namespace: oci-image-registry
auth:
enabled: false
cert-rotation:
username: cert-rotation
password: password
hosts:
default: localhost
host_fqdn_override:
default: null
port:
registry:
default: null
manifests:
configmap_bin: true
cron_job_cert_rotate: false
job_cert_rotate: false
secret_registry: true
...

@ -15,6 +15,6 @@ apiVersion: v1
appVersion: v1.0.0
description: A Helm chart for DaemonjobController
name: daemonjob-controller
version: 0.1.5
version: 0.1.6
home: https://opendev.org/openstack
...

@ -0,0 +1,17 @@
{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }}
{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }}
{{- end }}

@ -67,6 +67,9 @@ pod:
controller:
runAsUser: 0
readOnlyRootFilesystem: true
secrets:
oci_image_registry:
daemonjob-controller: daemonjob-controller-oci-image-registry-key
endpoints:
cluster_domain_suffix: cluster.local
local_image_registry:
@ -81,6 +84,21 @@ endpoints:
port:
registry:
node: 5000
oci_image_registry:
name: oci-image-registry
namespace: oci-image-registry
auth:
enabled: false
daemonjob-controller:
username: daemonjob-controller
password: password
hosts:
default: localhost
host_fqdn_override:
default: null
port:
registry:
default: null
daemonjob_controller:
hosts:
default: daemonjob-controller
@ -112,5 +130,6 @@ manifests:
crds_create: true
job_image_repo_sync: true
configmap_bin: true
secret_registry: true
service: true
...

@ -15,7 +15,7 @@ apiVersion: v1
appVersion: v6.2.3
description: OpenStack-Helm Elastic APM Server
name: elastic-apm-server
version: 0.1.3
version: 0.1.4
home: https://www.elastic.co/guide/en/apm/get-started/current/index.html
sources:
- https://github.com/elastic/apm-server

@ -0,0 +1,17 @@
{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }}
{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }}
{{- end }}

@ -40,6 +40,8 @@ images:
secrets:
elasticsearch:
user: elastic-apm-server-elasticsearch-user
oci_image_registry:
elastic-apm-server: elastic-apm-server-oci-image-registry
dependencies:
dynamic:
@ -84,6 +86,21 @@ endpoints:
port:
registry:
node: 5000
oci_image_registry:
name: oci-image-registry
namespace: oci-image-registry
auth:
enabled: false
elastic-apm-server:
username: elastic-apm-server
password: password
hosts:
default: localhost
host_fqdn_override:
default: null
port:
registry:
default: null
elasticsearch:
namespace: null
name: elasticsearch
@ -163,4 +180,5 @@ manifests:
service: true
job_image_repo_sync: true
secret_elasticsearch: true
secret_registry: true
...

@ -15,7 +15,7 @@ apiVersion: v1
appVersion: v7.1.0
description: OpenStack-Helm Elastic Filebeat
name: elastic-filebeat
version: 0.1.3
version: 0.1.4
home: https://www.elastic.co/products/beats/filebeat
sources:
- https://github.com/elastic/beats/tree/master/filebeat

@ -0,0 +1,17 @@
{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }}
{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }}
{{- end }}

@ -40,6 +40,8 @@ images:
secrets:
elasticsearch:
user: filebeat-elasticsearch-user
oci_image_registry:
elastic-filebeat: elastic-filebeat-oci-image-registry-key
dependencies:
dynamic:
@ -167,6 +169,21 @@ endpoints:
port:
registry:
node: 5000
oci_image_registry:
name: oci-image-registry
namespace: oci-image-registry
auth:
enabled: false
elastic-filebeat:
username: elastic-filebeat
password: password
hosts:
default: localhost
host_fqdn_override:
default: null
port:
registry:
default: null
elasticsearch:
namespace: null
name: elasticsearch
@ -264,4 +281,5 @@ manifests:
daemonset: true
job_image_repo_sync: true
secret_elasticsearch: true
secret_registry: true
...

@ -15,7 +15,7 @@ apiVersion: v1
appVersion: v7.1.0
description: OpenStack-Helm Elastic Metricbeat
name: elastic-metricbeat
version: 0.1.4
version: 0.1.5
home: https://www.elastic.co/products/beats/metricbeat
sources:
- https://github.com/elastic/beats/tree/master/metricbeat

@ -0,0 +1,17 @@
{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }}
{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }}
{{- end }}

@ -40,6 +40,8 @@ images:
secrets:
elasticsearch:
user: metricbeat-elasticsearch-user
oci_image_registry:
elastic-metricbeat: elastic-metricbeat-oci-image-registry-key
dependencies:
dynamic:
@ -163,6 +165,21 @@ endpoints:
port:
registry:
node: 5000
oci_image_registry:
name: oci-image-registry
namespace: oci-image-registry
auth:
enabled: false
elastic-metricbeat:
username: elastic-metricbeat
password: password
hosts:
default: localhost
host_fqdn_override:
default: null
port:
registry:
default: null
kube_state_metrics:
namespace: null
hosts:
@ -263,4 +280,5 @@ manifests:
deployment: true
job_image_repo_sync: true
secret_elasticsearch: true
secret_registry: true
...

@ -15,7 +15,7 @@ apiVersion: v1
appVersion: v7.1.0
description: OpenStack-Helm Elastic Packetbeat
name: elastic-packetbeat
version: 0.1.3
version: 0.1.4
home: https://www.elastic.co/products/beats/packetbeat
sources:
- https://github.com/elastic/beats/tree/master/packetbeat

@ -0,0 +1,17 @@
{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }}
{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }}
{{- end }}

@ -40,6 +40,8 @@ images:
secrets:
elasticsearch:
user: packetbeat-elasticsearch-user
oci_image_registry:
elastic-packetbeat: elastic-packetbeat-oci-image-registry-key
dependencies:
dynamic:
@ -106,6 +108,21 @@ endpoints:
port:
registry:
node: 5000
oci_image_registry:
name: oci-image-registry
namespace: oci-image-registry
auth:
enabled: false
elastic-packetbeat:
username: elastic-packetbeat
password: password
hosts:
default: localhost
host_fqdn_override:
default: null
port:
registry:
default: null
elasticsearch:
name: elasticsearch
namespace: null
@ -182,4 +199,5 @@ manifests:
daemonset: true
job_image_repo_sync: true
secret_elasticsearch: true
secret_registry: true
...

@ -15,7 +15,7 @@ apiVersion: v1
appVersion: v7.6.2
description: OpenStack-Helm ElasticSearch
name: elasticsearch
version: 0.2.20
version: 0.2.21
home: https://www.elastic.co/
sources:
- https://github.com/elastic/elasticsearch

@ -0,0 +1,17 @@
{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }}
{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }}
{{- end }}

@ -422,6 +422,8 @@ secrets:
elasticsearch: elasticsearch-s3-user-creds
elasticsearch:
user: elasticsearch-user-secrets
oci_image_registry:
elasticsearch: elasticsearch-oci-image-registry-key
tls:
elasticsearch:
elasticsearch:
@ -775,6 +777,21 @@ endpoints:
port:
registry:
node: 5000
oci_image_registry:
name: oci-image-registry
namespace: oci-image-registry
auth:
enabled: false
elasticsearch:
username: elasticsearch
password: password
hosts:
default: localhost
host_fqdn_override:
default: null
port:
registry:
default: null
elasticsearch:
name: elasticsearch
namespace: null
@ -960,6 +977,7 @@ manifests:
service_exporter: true
network_policy: false
secret_ingress_tls: true
secret_registry: true
service_data: true
service_discovery: true
service_ingress: true

@ -15,7 +15,7 @@ apiVersion: v1
appVersion: v3.4.3
description: OpenStack-Helm etcd
name: etcd
version: 0.1.4
version: 0.1.5
home: https://coreos.com/etcd/
icon: https://raw.githubusercontent.com/CloudCoreo/etcd-cluster/master/images/icon.png
sources:

@ -0,0 +1,17 @@
{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }}
{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }}
{{- end }}

@ -92,6 +92,10 @@ pod:
memory: "1024Mi"
cpu: "2000m"
secrets:
oci_image_registry:
etcd: etcd-oci-image-registry-key
endpoints:
cluster_domain_suffix: cluster.local
local_image_registry:
@ -106,6 +110,21 @@ endpoints:
port:
registry:
node: 5000
oci_image_registry:
name: oci-image-registry
namespace: oci-image-registry
auth:
enabled: false
etcd:
username: etcd
password: password
hosts:
default: localhost
host_fqdn_override:
default: null
port:
registry:
default: null
etcd:
name: etcd
hosts:
@ -124,5 +143,6 @@ manifests:
configmap_bin: true
deployment: true
job_image_repo_sync: true
secret_registry: true
service: true
...

@ -13,7 +13,7 @@
---
apiVersion: v1
name: falco
version: 0.1.6
version: 0.1.7
appVersion: 0.11.1
description: Sysdig Falco
keywords:

@ -0,0 +1,17 @@
{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }}
{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }}
{{- end }}

@ -23,6 +23,27 @@ images:
- dep_check
- image_repo_sync
secrets:
oci_image_registry:
falco: falco-oci-image-registry-key
endpoints:
cluster_domain_suffix: cluster.local
oci_image_registry:
name: oci-image-registry
namespace: oci-image-registry
auth:
enabled: false
falco:
username: falco
password: password
hosts:
default: localhost
host_fqdn_override:
default: null
port:
registry:
default: null
pod:
resources:
@ -1361,4 +1382,5 @@ manifests:
configmap_etc: true
configmap_custom_rules: false
configmap_bin: true
secret_registry: true
...

@ -15,7 +15,7 @@ apiVersion: v1
appVersion: v0.8.0
description: OpenStack-Helm BootStrap Flannel
name: flannel
version: 0.1.3
version: 0.1.4
home: https://github.com/coreos/flannel
icon: https://raw.githubusercontent.com/coreos/flannel/master/logos/flannel-horizontal-color.png
sources:

@ -0,0 +1,17 @@
{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }}
{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }}
{{- end }}

@ -63,6 +63,10 @@ dependencies:
- endpoint: internal
service: local_image_registry
secrets:
oci_image_registry:
flannel: flannel-oci-image-registry-key
endpoints:
cluster_domain_suffix: cluster.local
local_image_registry:
@ -77,10 +81,26 @@ endpoints:
port:
registry:
node: 5000
oci_image_registry:
name: oci-image-registry
namespace: oci-image-registry
auth:
enabled: false
flannel:
username: flannel
password: password
hosts:
default: localhost
host_fqdn_override:
default: null
port:
registry:
default: null
manifests:
configmap_bin: true
configmap_kube_flannel_cfg: true
daemonset_kube_flannel_ds: true
job_image_repo_sync: true
secret_registry: true
...

@ -15,7 +15,7 @@ apiVersion: v1
appVersion: v0.14.2
description: OpenStack-Helm Fluentbit
name: fluentbit
version: 0.1.3
version: 0.1.4
home: https://www.fluentbit.io/
sources:
- https://github.com/fluent/fluentbit

@ -0,0 +1,17 @@
{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }}
{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }}
{{- end }}

@ -173,6 +173,10 @@ conf:
Time_Keep true
Time_Key time
secrets:
oci_image_registry:
fluentbit: fluentbit-oci-image-registry-key
endpoints:
cluster_domain_suffix: cluster.local
local_image_registry:
@ -187,6 +191,21 @@ endpoints:
port:
registry:
node: 5000
oci_image_registry:
name: oci-image-registry
namespace: oci-image-registry
auth:
enabled: false
fluentbit:
username: fluentbit
password: password
hosts:
default: localhost
host_fqdn_override:
default: null
port:
registry:
default: null
fluentd:
namespace: null
name: fluentd
@ -254,4 +273,5 @@ manifests:
configmap_etc: true
daemonset_fluentbit: true
job_image_repo_sync: true
secret_registry: true
...

@ -15,7 +15,7 @@ apiVersion: v1
appVersion: v1.10.1
description: OpenStack-Helm Fluentd
name: fluentd
version: 0.1.7
version: 0.1.8
home: https://www.fluentd.org/
sources:
- https://github.com/fluent/fluentd

@ -0,0 +1,17 @@
{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if and .Values.manifests.secret_registry .Values.endpoints.oci_image_registry.auth.enabled }}
{{ include "helm-toolkit.manifests.secret_registry" ( dict "envAll" . "registryUser" .Chart.Name ) }}
{{- end }}

@ -99,6 +99,11 @@ conf:
user "#{ENV['ELASTICSEARCH_USERNAME']}"
</match>
</label>
secrets:
oci_image_registry:
fluentd: fluentd-oci-image-registry-key
endpoints:
cluster_domain_suffix: cluster.local
local_image_registry:
@ -113,6 +118,21 @@ endpoints:
port:
registry:
node: 5000
oci_image_registry:
name: oci-image-registry
namespace: oci-image-registry
auth:
enabled: false
fluentd:
username: fluentd
password: password
hosts:
default: localhost
host_fqdn_override:
default: null
port:
registry:
default: null
elasticsearch:
namespace: null
name: elasticsearch
@ -255,5 +275,6 @@ manifests:
secret_elasticsearch: true
secret_fluentd_env: true
secret_kafka: false